Bulgaria PHP Conference 2019
8 - 10 Nov 2019 at National Palace of Culture (NDK)

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You’ll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites. All the sites will be run locally inside docker containers so don’t worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

Idea behind commands is to encapsulate all of the information needed for an action: making our domain less fragile and simple. Event pattern help us decouple code and make it easily extendable: without modifying user registration process we can easily add more features like send ‘welcome SMS’ or ‘notify support to check new user’. Goal of this workshop will be to build a small app using commands and events and show you how nice and cool it is!

No matter how experienced you are as a developer: you can always improve. This workshop teaches advanced coding techniques through live coding. We will touch on domain-driven design, test-driven development, clean code and SOLID principles, and might even throw in a few design patterns. Every question will be answered!

1

This prototype works, but it’s not pretty, and now it’s in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it’s imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this tutorial, we’ll take a deep dive into each of these areas, looking at how we can make positive, actionable change in our workflow. This workshop intends to improve your skills in planning, documenting, some aspects of development, testing and delivery of software for both legacy and greenfield projects. The workshop is made up of multiple exercises, allowing dynamic exploration into the various aspects of the software development life cycle. In each practical exercise, we’ll brainstorm and investigate solutions, ensuring they are future-proofed, well tested and lead to the ultimate goal of confidence in delivering stable software.

Opening Keynote

4

What if we could evolve our web of individual documents and data to a web of interlinked knowledge, a web where machines can automatically combine data from multiple sources and draw conclusions from it? The Semantic Web technologies from W3C enable us to make sense of the data wilderness on the web and unlock the full potential of the data treasures hidden in it. In this talk, we will see how RDF enables us to formally describe the meaning of data and how such data can be queried with SPARQL. We will look at how OWL lets us make more expressive statements about the world, so that a computer can logically reason about it and infer new information. We will demonstrate these technologies by showing how they can be used to query seemingly incompatible data sets as if they were one and letting a computer draw logical (and perhaps surprising) conclusions for us. Contains: ‘retro’ technology, linked data, fundamental properties of the web, and Donald Trump’s opinion on PHP frameworks.

Much in the same way that to secure a house it helps to know how to break in, knowing how to attack our systems will help us secure them. You have a lot of data in your organisations. Whether you think it’s sensitive or not, it has value. Whether an attacker wants data for profit, a grudge, or just for fun we need to ensure that we don’t just leave the door open for them to take what they want. In this session we’ll start to think like a hacker. The what, why, who, where and how of an attacking mindset will leave you with practical steps you can take away and use to start protecting your systems a little better.

Command/Query Responsibility Segregation (CQRS) and Event Sourcing might become new buzzwords in the PHP community. But what exactly is all the fuzz about, and should you care? This talk provides a comprehensive introduction, and will enable you to decide whether CQRS and Event Sourcing might be the right choice for you.

2

Imagine a world where the mobile development team is not constantly surprised by changing endpoints, where frontend developers don’t abuse your carefully crafted APIs and we don’t have to go back again and again to fix or change stuff. In this imaginary land we are able to leave the guesswork out by using API definitions to produce even better designs and automate parts of the process. Together we will explore OpenAPI as a standard way to describe APIs and see how it can help us get there.

11

Hexagonal Architecture, Clean Architecture, Domain-Driven Design… You may have heard about that. Let’s start from scratch in this session and go beyond the buzzwords! I’ll guide you through these concepts, cut the crap and tell you everything you need to understand about it. After this talk, you will know how you can improve the maintainability of your projects, either greenfield or legacy.

5

PHP as a language can’t rapidly follow the needs of the developers: we should look at other languages that decided to build custom DSLs over existing platforms/languages like TypeScript or Elixir. Both languages were born for different reasons, solving different problems and having unique takeaways on developer communities at large. After a rather short introduction to them, I will cover benefits and pitfalls of these concepts with some examples from our community on how and what would be solved easily with preprocessing to PHP like generics, immutable structures and so on. There are already some initiatives building upon this idea but they are not being widely recognized and I would love to introduce you to them and some of my work as well (which I have done as proof of concepts).

Sponsor Event

Lunch Break

TBD

We all know slow sites suck. According to research by Amazon, customers buy more when a site is responsive. Google ranks fast sites better. Using a WordPress case study, I’ll take you on a journey through the jungle of web page performance. You’ll learn to discern the many factors that are important in performance. I’ll show you the techniques, tricks and tools used to overcome slowness. You’ll learn about image, script and stylesheet optimization, roundtrip minimization and why it’s important. In addition, you’ll discover a unique tool that allows you to do all that automatically. After this talk you will be able to confidently measure a website’s performance, and diagnose the reasons for it being slow. You’ll know what to fix and how, and make your customers happy. From a technical perspective, there are a lot of highly entertaining surprises regarding what can be done with PHP features, such as output buffering and HTML parsing, as well as in the browser: reordering DOM events and changing the way scripts and stylesheets are loaded.

The PHP-FIG has produced four PSRs relating to HTTP: PSR-7 HTTP message interfaces, PSR-15 HTTP Server Request Handlers, PSR-17 HTTP Factories and PSR-18 HTTP Client. Learn the differences between these PSRs and how they work together to enable a rich set of tools making it easier for applications and libraries to work with HTTP in PHP.

4

WebAssembly is a new language, allowing us to compile static-typed languages and run them in the browser with performance close to Native. Although it was created to support mainly C/C++/Rust, other programming languages are getting compilation support too – Go, Kotlin, PHP to name a few. In this talk we will discuss the specifics of compiling to WebAssembly and we will see how code written in different languages can be reused on top of WebAssembly. We will experiment with interpreting PHP in the browser, completely client-side, and use it to communicate with JavaScript.

4

Most of developers are constantly teaching and discussing modern patterns, frameworks and libraries. But what if you think that you know almost everything about traditional OOP in PHP? I can bet that at some level of mastery you could notice that traditional object-oriented patterns do not solve all problems but introduce new questions instead. This is because OOP-way is not suited well for complex tasks. Are you looking for the new food for thoughts about how such complex issues could be solved in PHP? For example how to make your existing method asynchronous just with one single word? Or how to reduce boilerplate code for feature toggles? Join me and I will show you how to apply the most powerful aspect-oriented framework to escape from your existing OOP boundaries and teach you new patterns that can help you to keep your code clean.

Back when I was learning about how to test PHP code, I struggled to teach myself what I needed to know in order to succeed. Over the past 16 years (has it really been that long?!?) I’ve learned a lot about not just testing but about code and people. In this talk I want to share what I wished I knew back then so you don’t have to suffer like I did.

3

Remember the famous “5 minutes installation” process for installing WordPress? Let’s see how much time will installation from terminal take. Even better, let’s see what WP CLI can do in 5 minutes. And all that can happen in terminal in 40 minutes. This is not your usual presentation talk. This is a live terminal commanding where fatal errors are expected; planned even. Building a WordPress website, or few, without doing anything in code editor nor dashboard. Join me in this dangerous overview of WordPress command line tool, also known as WP CLI.

1

SOLID principles are there to help us writing classes in the way they break less. But classes are combined into packages and there the same problem arises: how to structure packages so they could be reused, maintained and break less. The talk covers additional principles and metrics that help solving that.

7

As PHP programmers we are used to waiting for network I/O, in general we may not even consider any other option. But why wait? Why not jump on board the Async bullet-train and experience life in the fast lane and give Go and NodeJS a run for the money. This talk will aim to make the audience aware of the benefits, opportunities, and pitfalls of asynchronous programming in PHP, and guide them through the native functionality, frameworks and PHP extensions though which it can be facilitated.

“Great News–The Relational Model is Dead” was a prominent comment on the release of the new SQL standard in 1999. The message behind the provoking statement was that SQL has evolved beyond the relational model. As much as this move was discussed at that time, it took decades until database vendors caught up with this idiomatic change. Many developers haven’t heard of it until today. This talk provides the big picture on the evolution of SQL and introduces some selected modern SQL features by example. You will see that SQL has changed as much as our requirements have changed over the past decades.

Q&A with members of the PHP Framework Interop Group, moderated by Mihail Irintchev

by the organizing team

Cocktail Party

16

Opening Keynote for Day 2

The announcement of HTTP/3 at the start of November 2018 may have come as a surprise for a lot of us. Indeed, compared to the 18 years that separated HTTP/1.1 et HTTP/2, this announcement came only 4 years after the release of HTTP/2. But the biggest surprise is under the hood, with a replacement of the transport layer. In this talk, we will explain why this version 3 of the HTTP protocol has been designed, especially around the latency topic. We will cover as well how technically this version works, and what it will bring to our applications, and what are the challenges that will need to be addressed, in order to fully benefit from this new version of the protocol that runs the Web.

The browsers can actually take control of physical devices in the real world like lightbulbs, robots, printers, NFC tags, toys, and even drones by providing new web standard hardware connectivity APIs such as WebBluetooth, WebUSB, WebNFC and etc. On the other hand, Progressive web apps open a new era to build a web application that works offline and resemble a native application. Hence, every day we are getting closer to run web apps only on browsers that don’t need to be installed from any app store and it will take control of hardware around us. In this session, I am going through some of the web capabilities to connect devices into a progressive web app and show how the web could go beyond the browsers and take control of our devices around us.

Much of the software we write is built to support a business process, this generally means validating and storing user data into a database. Often this is a mismatch with the actual business process, which is more reactive and task oriented. In this talk we’ll look at using business events to drive the evolution of our software design and see how we can build a model which better reflects the businesses processes.

Working with companies from early-stage startups to Fortune 500, I’ve experienced both the struggle of continuing someone else’s work and the joy of it. The difference is only in their approach towards the design of their code. It’s a minor effort if done on time, with a huge impact on the overall development of the software. In this presentation, we’ll focus on what distinguishes a good developer from a strong one and learn how to stand out from the crowd. After this presentation, you’d understand how to incorporate the SOLID principles in your daily work and design your code for extendibility. You’d learn how to write code in a way that will make it easy to go back to a feature you developed a year ago and extend it with additional functionality in minutes, not hours.

WordPress has several APIs available to programmer but none more important than the REST API. The REST API opens up WordPress to be controlled by - and interact with - other applications. Like pouring gasoline on an open fire, the possible uses and the usefulness of WordPress as an application foundation just explode. Using the WordPress REST API is not difficult once you understand the basics. In this whirlwind tour, we will touch on those basics. You will learn what you need to know to setup secure access to your API and use it to both retrieve and store information in WordPress.

3

If you use Laravel, you’re taking advantage of a feature-filled, somewhat complex depedency injection container. In this presentation we’ll pull back the curtain on the magic behind the container’s auto-wiring, contextual binding, and other such features, stopping along the way to highlight upgrades that the package has gotten over succesive versions of Laravel since 5.5. If you aren’t a Laravel dev and need to dependency-inject your application, you might even come out of this presentation deciding that the Illuminate container is the best solution for your particular use case!

Lunch Break

12

Each developer is, was or (most probably) will be a senior developer. Many seniors wonder about choosing the right career path – one can become a manager, an architect or an engineering expert – just to name a few options. There is a bunch of non-technical skills which are very helpful or even essential if one thinks about progressing their career in any of those paths. For almost 3 years I have been helping senior developers shape their career plans and work on gaining knowledge, skills and experience they need to grow professionally. In my talk, I recommend skills which every ambitious senior engineer should gain and I give advice on how to learn them efficiently.

5

Leading multiple development teams over the years, I found releases to be the most stressful part of the software development lifecycle. Many teams find it difficult to fix the release process, increase the quality of the software they develop and get their weekends free. I will prove them wrong.

10

You’ve got strange characters like “�” or “ö” display in your application? Yes, handling non-English characters in application code, files and databases can be a challenge, to say the least. Whether that’s German Umlauts, Cyrillic letters, Asian Glyphs or Emojis: It’s always a mess in an international application. In this session you will see why that is and how handling characters evolved in computing. You will also see how handling characters in applications and databases can be done less painfully. And don’t worry when EBCDIC, BOM or ISO-8859-7 are Greek to you and your Unicode is a bit rusty: we’ll have a look at them too!

Have you ever wondered how biometric data transfer works? You want to check whether do you have a match in a database but without revealing your identity to the database? It is possible if you know what to use. Guess what, it is not as hard you think! Even better now it is available in PHP. Choosing one of two options without letting the other party to know you what you choose, pretty easy and secure. Also possible to implement all of this with PHP without having to know in depth the protocol itself. This could be used in plenty of cases, the idea of the talk is to introduce the audience to a cryptographic primitive that could be used in different scenarious by making a custom PHP extension and then a library that could be used by other people.

18

Software development can be an eternal struggle, or it can be code that pretty much writes itself. In this talk, we’ll look at how simple acceptance tests and a few diagrams help us dive right into the code, which we in turn outline using DDD, This allows us to have a clean and testable design without worrying about implementation details. Code can be then implemented without developers worrying about stepping on each others’ toes, while still be confident that everything will work once put together. Discover how my team can build features faster than the client can sign them off.

8

Being fast, lightweight and embeddable, Lua got its reputation through game engines and desktop applications. With rise of microservice architecture popularity in building web applications, Lua is also becoming an important player in web development. After quick introduction to microservices, we’ll show how Lua fits in backend development and how it can be used in Redis and Nginx.

A long time ago, in a land far away, lived a software wizard that was capable of grand magic. They built gardens, libraries, temples, castles. They created life where there wasn’t, and cleared the path where it was unsafe. And then they disappeared, and even though they left behind books and notes, none of their apprentices were able to learn the craft. Since then, nobody was able to use any of the tools of the great mage, and the creations kept working for only a few years, when finally even the last stone that was placed crumbled into sand. Sounds familiar? Software often feels the same: we’re all magicians that force a piece of sand into semi-rational thought, but what will happen when everyone moves on, and nothing works as expected anymore? This talk explores the problems that arise from breaking compatibility with existing tools, how to prevent those breakages from happening, and what to look for as a software maintainer. While I cannot guarantee that you will build indestructible magical fortresses with my tips, I can at least help you make sure that your work will live on with other people picking it up, and hopefully appreciating the stability that you worked towards.

In our work we tend to believe in Messiah. A messiah can be the new magic tool which will solve all our problems, or a shiny framework, so much better than everything we have used before, or even a person in our team. We all know the messiah in software testing. It’s the Unit Testing. But is the unit test the one and the only way to test a software? The answer is no. This talk will show you a new approach to software testing using a Recording HTTP Proxy and how it can help you achieve better quality of your software. Without proclaiming it as “The Great New Messiah”.

9

Programmers naturally give more attention to a “happy path” - default scenario in application execution in which everything works as expected, often neglecting the opposite way things can go. Topics such as the use of exceptions and error handling seem insufficiently explored, so it is difficult to find useful resources online. Things usually end up with reckless throwing of built-in exceptions and leaving up error handling to the framework. In this highly practical talk full of applicable code examples, you will learn how to deal with exceptional conditions in an elegant way, you will master some essential techniques for structuring and modeling custom Exceptions, and learn how to establish reusable Central Error Handling system. Special attention is given to a set of best practices and techniques around exceptions, such as formatting exception messages, component-level exception type, exception wrapping. Combined with the universal central error handler that also defines behavioural interfaces to allow exceptions to affect the error handling workflow, these concepts together make up an efficient error handling architecture that scales very well and is easy to maintain.

Closing Keynote

Prizes and Closing