Dutch PHP Conference 2018
7 - 9 Jun 2018 at RAI amsterdam

5

ReactJS has fundamentally changed how we think about building interfaces. Using the same tools, we can bring this thinking to SVG, WebGL, and beyond. Makes you wonder – could we build games using ReactJS? In this talk, we'll build a platform game, using ReactJS. Some of the topics we'll cover include: * Master the game loop * Handle player input * Implement collision detection, gravity, ladders, and stairs * Work with camera locking, mobs, and health * Manage game inventory * Make game levels

2

This prototype works, but it’s not pretty, and now it’s in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it’s imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this tutorial, we’ll take a deep dive into each of these areas, looking at how we can make positive, actionable change in our workflow.

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You'll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites. All the sites will be run locally inside docker containers so don't worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

In this workshop we'll dive into the topic of Autonomous Service development, with a sandbox project containing several interdependent services. These projects send messages to each other, and they call each other to retrieve data. In other words, they're not autonomous at all. We'll figure out some ways in which we can invert dependencies and leverage a messaging solution to achieve autonomy after all. In a relatively short period you’ll get acquainted with the basics of asynchronous integration, CQRS, event sourcing and integrating bounded contexts.

With the release of Symfony4, both the architecture and the developer workflow got a major overhaul, mostly by the introduction of Flex as a way to bootstrap your application. The new changes focus on enabling easier cloud deployments & less manual configuration, while supporting both lean microservice setups as well as monolithic applications. During this workshop, we will create microservice-style apps using Flex to get a feel for how the new bootstrapping mechanism works touching all major new features: - Project setup - Use of the recipes and contrib recipes repositories - Bundle-less application architecture - Dependency Injection improvements since 3.3 To get the most out of this workshop you should already be familiar with Symfony 2 or 3.

As PHP developers, our job is to build web applications. But how can we build applications that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work ? We'll walk through the basics of networking, before diving into all the essentials every PHP developer should know, from TCP/UDP over IP addressing (IPv4/6), source/destination ports, sockets, DNS, switching, firewalling and even more advanced protocols such as OSPF, VRRP and BGP. Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.

Whether you are curious about how BDD can be used a discipline for building software or have tried to use BDD before but instead got bogged down in a tiresome and painful exercise in browser automation - this workshop will help you grasp the real value of this methodology and give you the conceptual tools necessary to be able to start practicing this at your own company. Splitting up into groups of three, we will build a Delivery Booking System from a list of amorphous requirements. In the first part of the workshop, we will gradually flesh out examples of how the system works using a technique known as Example Mapping. From these we’ll collaboratively write executable specifications (scenarios) in Gherkin. Writing scenarios and developing a “ubiquitous” language can be the most time consuming part of the process albeit the one in which most of the hard work is done. The second part of the workshop will focus on driving the actual application code from the scenarios and automating them. We will use some parts of the Symfony framework for the app itself and a PHP tool called Behat for executing the scenarios. This part of the workshop will also introduce some aspects of strategic domain modelling. Most of the application will be automated at the “domain level”, and given enough time, we will also automate at the UI and/or browser level.

To improve your code base, you run an audit. Now, with so many diagnostics, the situations appears to be overwelhming. If you have a mere million lines of code, it may display thousands of errors, in various orders. And with that, the market leavs no time to reduce technical debt before the next feature : we'll do it when we have time, right? WRONG! Code quality starts with a daily code review. Learn how to navigate in the results of code audits that actually find more issues than you want. During this workshop, we'll check PHP classic traps, architecture errors, security vulnerabilities and logical bugs. We'll see how to detect those bugs, how they happen, and how to prepare a fix (or not). By the end, you'll be able to set up your own coding reference, the one that reflect your style of coding in your projects.

4

"GraphQL represents a massive leap forward for API development." says GitHub. What can we do with it in PHP? This workshop will show you from the basic setup of your GraphQL Server with Symfony, possibly teach you some tricks on Symfony Flex and then start exploring a lot of the powers of GraphQL, handling a more complex schema, treating performance, security and versioning (Schema deprecation), if in time we'll also check some cool tech using promises to fetch data and get a grasp on how to avoid the n+1 issue on APIs. If you're an API developer this workshop might change your way of thinking about it!

Symfony has a wide userbase today. Most developers working with Symfony on a daily basis have configured their own services, are fluent in configuring routing and validators. But what is actually going on under the hood? What happens when the configuration is parsed? What is a cache warmup? What happens to a request before hitting your controller? How does the HttpKernel work? In this workshop, we'll use some features of Symfony that may be less well known to users of the Framework, but that can be a great benefit - we'll build compiler passes, cache warmers, add custom authorization features, and more.

2

Developers are unit testing, QA staff is integration testing, Users are acceptance testing. Do you really need to add browser automated tests too? Have you ever experienced side effects of upgrading third party components or server configuration changes? Do you have trouble testing your entire site to ensure bugs weren't introduced? If so, you may need browser automation testing. In this tutorial we will combine Puppeteer, Mocha, and Chai to automate your browser and test all your site's components. This will lead you to deliver your updates reliably and catch bugs before they get deployed.

Soft skills are getting more and more important on the workfloor. Developers however forget to practice these a lot and often do not even know how to practice these. With this workshop we will go over some exercises and drills each of us can do to improve our soft skills. Not only theoretically but also in practice. Active participation required!

In 1969, researchers at Stanford and UCLA collaborated to transmit the first message over what would become the Internet. In just five decades, the repercussions of that moment have echoed through every atom of society. The world is evolving at a pace unprecedented in human history as we use technology to change how we think, learn, communicate, and even how we understand ourselves. Let’s take an inside look at how the fusion of media and technology is reinventing human interaction and the role that we, as engineers and technologists, must play in this important process.

Once an API ships it doesn't matter how it should behave - how it actually behaves is the important part. Users depend on the existing behaviour and we need a way to ensure that it doesn't change Behat is a tool that was built to help design software, but it’s actually a great tool for capturing existing behaviour too. We’ve used these tools to gain confidence to refactor 5+ year old apps by capturing the existing behaviour before making changes. I want to share the secrets we learned with you

There is a lot of talk about Progressive Web Apps at the moment. It is a hot topic in the JavaScript community. In this talk, we will briefly explore what a PWA is and how to build one. We will look at the benefits of PWA's and more importantly their limitations. We then look a bit deeper at the technologies behind PWA's such as Service Workers, in particular we will look at the mechanics behind Service Workers, and how they will affect your back-end builds. Finally, we will look at offline development, the offline first life-cycle and the tools and technologies needed to start building offline applications. Comparing offline storage mechanisms, and their limitations. This talk is great for anyone building web-based applications, in any language, or anyone wanting to learn more about PWA's and offline development

14

We all know not to poke at alien life forms in another planet, right? But what about metrics, do you know how to pick, measure and draw conclusions from them? In this talk we will cover Service Level Indicators (SLI), Objectives (SLO), and how to use Prometheus, an open-source system monitoring and alert platform, to measure and make sense of them. Let's get back to some real science.

6

Imagine you have to do a simple REST API including 3 endpoints, but in one day, is it ok? Such a small question but with many things into it, it's a cognitive trap, you are evaluating how much you can achieve in a day, your experience with APIs, the tools, the risks and much more things. Your brain has to work a lot to give certain answers, many times without considering all factors. This talk introduces you to the cognitive biases world, exemplified by a developer's life, creating awareness you could be able to avoid many issues in your career!

8

Do you have something to confess? Or are you still in denial — knowing that you're doing something wrong, but you cannot say for sure what it is? In this talk, we'll go through our deployment sins and how to avoid them: * Gluttony: Adding all the dependencies — both in size and number. * Greed: Yes, I want to use the biggest and slowest application server possible. * Sloth: Continuous Deployment or Delivery — who would need that?! * Lust: Of course I'm using containers, microservices, and every latest trend for every project! * Pride: Once something is in production it's purely an ops problem. * Envy: Why should I rely on an external library, when I can lovingly handcraft it all myself? * Wrath: Logging and monitoring are for the faint of heart!

Uncon talk

When faced with a challenging legacy code base, tightly coupled and void of discernible structure: a big ball of mud, it is common to decide to refactor this monolith to a microservice architecture to separate concerns and split the codebase up, however without any clear boundaries you are in danger of creating a distributed big ball of mud. You may recognise the symptoms of a distributed ball of mud: a large unfocused 'common' library shared between multiple services; performance issues as your front end makes calls to multiple back end API's to serve a single request; dependency hell on deployments as you have to release multiple code bases simultaneously and uptime issues as a single microservice going down brings down your entire application. In this talk I'm going to cover some of the common pitfalls you might encounter when building a microservice architecture and show you how to use an event driven architecture to build truly scalable microservices

11

Still think browsers are only capable of parsing HTML, CSS and JavaScript? Think again! Browsers have become much more powerful and contain numerous APIs that can enrich the user experience or are just plain fun. This talk will introduce you to some of them (like battery, speech, audio, bluetooth, ...) and show you how easy it is to unleash their power with JavaScript

13

Web development is not just about delivering a response. It is also about writing good code. The state pattern will help you move complexity from being all over your code to one or more state machines. This talk will introduce state machines, show how to identify uses of them and implement them in your Symfony application in an object oriented manner using the Symfony Workflow component.

10

It’s about building a development team that can rely on each other. Which phases does a team go through when it’s growing? How do you work with each other, what are the unwritten rules. How can you build routines, get better at estimating. Why is the principal developer as important as the newly joined junior developer? How do you work with a mixed team of frontenders and backenders. All these topics are compared to how professional sport teams work.

3

Silex, the micro-framework side-project of Symfony, will reach its end of life soon. However, there are still many applications out there that have been built against Silex and that need to be maintained beyond that point. A migration to Symfony appears to be the best option, so lets have a look at how the migration path could look like.

Uncon talk

Uncon talk

9

Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.

The traditional approach to data modeling is to create a single unified model. We use one User model to represent users in each and every feature. As this relationship graph grows, the data model becomes increasingly difficult to change. In this session we’ll explore ways to create useful Eloquent data models that are smaller, more focused, and are much easier to change. This session is for beginning or expert developers of applications large or small.

11

"Every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor PHP applications from all possible sides. We dive into: * System metrics: Keep track of network traffic and system load. * Application metrics: Gather metrics of nginx or Apache, php-fpm, and MySQL. * Application logs: Collect logs in a structured format or parse them to extract all the relevant information. * Uptime monitoring: Ping services and actively monitor their availability and response time. * Tracing: Follow calls through your application and visualize them. And we will do all of that live since it is so easy and much more interactive that way.

6

Nowadays developers, and others, have the habit to use Git or other version control systems when writing software. While the benefits of this are mostly seen by means of pull/merge requests, easy “undo” functionality, team collaboration and others, the real benefit is history. When did we change this piece of code, and more importantly: why? By using clever commit message and branch strategies, you can reconstruct the way your or your colleagues’ brain was thinking a year ago! It will help you pinpoint the exact ticket where a client requested a specific change and by who it was sanctioned. Start keeping a diary today, and write history!

Almost everyone uses docker, but without really knowing what it is or does under the hood. To be fair, it just works and the whole thing with namespaces and images is a dry topic. This talk will show you how Docker works, the fun way! The most important thing to know is, docker is just a product name for a program that uses several already long-existing technologies to create its containers. Well, it's a little bit more, since it provides the docker hub infrastructure, a vital part of docker's success. Since understanding docker means understanding the underlying principles, you will see how to create your own container without using anything docker. To do this a small program is written in golang (you don't need to know the language) that creates a real container. During this process, you will get to know and, most importantly, understand how docker works. Why would you want to know how Docker works internally? If you know the concept by heart, working with docker and especially debugging weird stuff it does from time to time becomes a breeze. ​Additionally to the things above you will get deeper knowledge about images, the second most important thing apart from containers. The talk is aimed at programmers who struggle to understand docker or just want to know more about a technology they use every day. Be aware: How to use Docker in daily business is not part of this talk.

10

Sick and tired of “X technology is only good for starting out; after you do, move to Y”? Good news: you don’t need to move away, you just need to get in further! In this talk, you’ll learn about improvements in the newest version of the most used database in the world. What are Window Functions? How do you use CTEs? How can the new default encoding help me? We’ll also talk about new JSON features and extended UUID support! Be prepared to drink from the firehose of what’s new and awesome about MySQL 8.0.

12

We deal with complicated and complex applications on a daily basis, codebases that are filled with classes that do too many things. One design pattern that can help us with this is CQRS, Command Query Responsibility Seggregation. The idea behind CQRS is to split our models in two - the Command for writing, and the Query for reading. Applying CQRS can lead us to a more maintainable code, code that follows the SOLID principles more closely. At the heart of CQRS lies the Service Bus - a transport mechanism responsible for dispatching our command, event, and query messages to their destinations. This talk will give an overview of the CQRS pattern and take a closer look at the different types of service buses - command, event, and query ones. Main takeaway will be practical information on why, when, and how to use them, with emphasis on their differences. We'll also take a look at some of the PHP libraries out there that help us work with service buses like Prooph Service Bus, Simple Bus, Tactician, to name a few.

8

We are all SOLID developers who like to keep DRY, these are rules we stick to to try keep our code clean. Despite this, we often end up writing procedural code wrapped up inside objects. This code can be hard for our colleagues and collaborators to get to grips with and understand. Join me for this object reorientation as we take a look at how we can leverage the power of object oriented design to write code which is not just SOLID, but easy to reason about and easy for others to understand.

13

We all make mistakes, as much as we try to write flawless code, every now and then an error slips through. In order to reduce this number we do code reviews to ensure the code meets certain standards and to see if the feature was properly implemented. But how do you do a good code review? How do you handle technical discussions? How do you keep your reviews focused and your discussions relevant? In this talk I would like to show you how you can do proper code reviews, what to look out for when doing them, how to give feedback to the developer and a bunch of other tips to improve this process.

Developers of applications under continuous high load often struggle with delivering new features and improvements without taking the app offline, performing the required migrations and taking it back online. I will show battle-tested procedures how to perform migrations without any disruptions. To survive in a competitive market, a software team must be able to deploy new versions of their application as frequently as possible, delivering new features, improvements and bugfixes for their users and stakeholders. Deployments should not be limited to a certain time or to a certain number, otherwise they become a bottleneck for the development process. To avoid disruptions when frequently deploying new versions, developers must adopt a set of practices that allow changing the database schema in production without users even noticing. As a result, the development process becomes much more safe and smooth. I will also talk about zero downtime deployments. They are less about development practices and more about deployment automation and webserver configuration. Some tips might even make your application perform faster!

Uncon talk

5

If you ask of any company these days whether or not they consider themselves to be "agile", the vast majority will answer in the affirmative, and proudly point you to the many "agile processes" they follow, and "agile tools" they use. And yet ... in spite of all this "agility", as our meticulously-planned "sprints" take longer to execute, as our backlogs fill-up with overhead having nothing to do with core business value, as it gets exponentially difficult to predict just *what* is going to be delivered and _*when*_, it feels like just about every software project we end-up working on, doesn't quite deliver on this feeling of overabundant "agility". We will explore various challenges that we software engineers face, and offer practical approaches to overcome them, while making software engineering fun again, as we evolve toward True Agility.

One of the most challenging problems of developing business-oriented software is mis-communication. A disconnect between the business itself and the actual developers. Misunderstandings can be costly. Delivering the wrong thing following months of development can be devastating. How do we make sure we are building precisely what the business requires? How can we avoid wasting time building more than is needed (a.k.a gold plating). And finally, How can working from real examples of how a system should work can drive code that fulfils the real needs of the client. We need a more "business-aware" form of coding. Following BDD principles, starting from high-level scenarios, that broadly drive the application, down to specifications that drive the code, I will show how we can write software guided by examples; Examples which are derived from the very requirements of the business.

One of the biggest problems when dealing with legacy is any change to the software might break the old system. Refactoring is usually slow and dangerous. In this talk I will discuss how we successful migrated an ancient legacy project to an event-driven architecture using just the power of events and Kafka.

7

Minecraft, for many, is just a fun game. It's an open world where you break build and combine resources to survive. But there's a deeper level to Minecraft... It's possible to construct basic circuitry, using some of those resources. Logic gates, timers and clocks are the building blocks of modern technology, and they're possible in Minecraft! I want to show you how to build them, and the relationship they have to programming. I want you to see how easy it is to teach electronics and programming to children and non-technical folks. I want you to be able to identify similar parallels in systems you use every day.

11

You might have heard of Domain Driven Design. You may have heard DDD is a tool to write readable and change-ready code. You may have even heard DDD comes with a lot of talking, and modelling, and customers... Starting with DDD sounds big, and scary, doesn't it? But getting started is not scary! Come find out what DDD can do for your code, tomorrow. We'll use value objects, entities and services to bring order to our mind and code. We'll see how naming things can guide us, but also trick us. We'll rework a piece of code together and improve what it means. And tomorrow you can tell your peers that, technically, you're doing DDD.

Uncon talk

8

You've got strange characters like "�" or "ö" display in your application? Yes, handling non-English characters in application code, files and databases can be a challenge, to say the least. Whether that's German Umlauts, Cyrillic letters, Asian Glyphs or Emojis: It's always a mess in an international application. In this session you will see why that is and how handling characters evolved in computing. You will also see how handling characters in applications and databases can be done less painfully. And don't worry when EBCDIC, BOM or ISO-8859-7 are Greek to you and your Unicode is a bit rusty: we'll have a look at them too!

15

Message queues are the perfect way to decentralize your application. You may use them for communication, scheduling and decentralization of your application. With help from a message queue you may decouple your application from the framework and the infrastructure. Which means that your app is written in pure PHP and not Symfony/Laravel/Yii etc. With some smart configuration on your message bus you may put the message queue outside of your application and you may leverage from a decentralized and asynchronous system. This talk will quickly go throw the basics of queues, hexagonal design and show proof of concept with Symfony’s proposed message component.

8

Containers are all the rage these days. They’re fast, they make deployment easy, they handle dependencies, they slice, they dice, they make julienne fries! But... what are they? What exactly is a container and how does it work? Just how does a container differ from the “old” silver bullet, virtual machines? Here’s a hint: It has nothing to do with boats, or whales, or shipping. That’s all marketing fluff. Containers are simply a shorthand name for leveraging newer features of operating system kernels that let the OS lie to programs about how they’re running. In fact, all of modern software is built on lies. That’s what’s useful about it! To understand how that works, why it’s so useful, and where it’s not, let’s dive into how software actually works on a modern Linux system to see how those kernel features fit into the big picture, building up to “containers” along the way. Pull back the veil of lies and see how your computer really works

6

If you look at the stage of any conference in the PHP world, people are preaching testing,testing,testing ... If you on the other hand look at the community, the percentage of people writing tests is really low. As a person who went from 'How can I ask for more time/money/resources for testing?' through 'ask for forgiveness instead of permission', to person who writes tests a lot, I still believe testing doesn't make sense. No, it doesnt make sense for all and everyone, often enough it makes no sense for me too. This talk will explore that fuzzy line when you have to shift your mind from one side to the other: in both directions.

4

While PHP’s open source community is thriving, only a relatively small number of PHP developers contribute to the number one tool they use on a daily basis: PHP itself. Although it may seem daunting to help out on a project written in C, requiring compilation and linking, getting started is actually pretty easy. In this talk I would like to share my own recent experiences of beginning to contribute to PHP itself. We will see different ways to contribute and cover some practical tips, workflows and resources, so you can start giving back to your programming language straight away!

Uncon talk

We warmly invite you to join us at the DPC Conference Social on Friday evening June 8th between 17:30 and 23:00.

Going to a PHP conference in an inspiring activity. During the sessions you get overwhelmed with information on development- and computer related topics. By the end of the day, your mind is tired of absorbing all this information. What better way to unwind than by playing games! No computer games, but by sitting down with your fellow developers and play board games and card games. Expect games like Robo Rally, Santorini, Firefly The Game, Plague Inc, King of New York and Pandemic. Want to bring your own games?

Come join a night of fun, coding and interacting: this is not just a hackathon, its a space to contribute to open source projects, debate and create new projects, but also interact, learn and get to know the developers all around you

The world we live in is one where data is one of the most valuable assets. There are many different pieces of data we can analyse on all kind of data from analytics of user behaviour of your platform, user generated content, monitoring of exception rates, or when your core business model is to provide some kind of analytics platform. This talk will talk about how you can, in your PHP applications, perform utilise machine learning techniques to build models, analyse data to get useful information and spot anomalies.

10

“Houston we have a problem! This change you want… Well it’s one small change for the codebase but one giant change to the test suite!” We all know why tests are great. But every once in a while we just wish they’d never been written. One case when test regret occurs is when we want to alter our functionality slightly but in doing so half the test suite goes from green to red. This talk will investigate why this happens. In particular it looks at the coupling between tests and the code under test. We’ll investigate ways we can reduce this coupling and make out test suites more resilient to change. This talk is aimed at those who already write tests and have a good understanding of SOLID principles.

5

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users. You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!

Starting your journey as a programmer can be daunting and overwhelming. There is so much to learn, so many contradicting sources of information, and so many different opinions about everything. Most of the time we don't get the answers we need or want, but we get vague options that don't really help us all that much. In this talk I discuss the problems we face when teaching others, the problems we face as an industry in a disparity between juniors and seniors and how we can vastly improve the way in which we teach our peers and educate our juniors.

2

Email is the de-facto standard for communication with your customers or website visitors. Be it for transactional messaging, marketing, mailing lists, sending out an email from a contact form or just plain sending an email form your favorite client. In the olden day’s it used to be just the good old SMTP(RFC5321) or Simple Mail Transport Protocol. But today we need to make sure that all the newer acronyms are being used correctly, in order to get our message across, but also to prevent others from hijacking our email system and sending out email on our behalf. In this talk I will explain the inner workings of SPF (RFC7208), DKIM (RFC6376), and DMARC (RFC7489). Not only how they work together to prevent unwanted email abuse, but also how they can help make sure that your valid email reaches it’s intended audience. From this talk you will take away a deeper understanding of how modern email systems determine if the message you are sending is indeed a valid email and if it should in fact be delivered to its recipient. You will learn how these services need to be configured and how to debug the email delivery process when an email does not reach it’s intended destination when any of them aren’t correctly configured.

3

Over the last couple of years, I have heard of Event sourcing but didn't really know where to start until I did a tutorial at DPC '17. After having some basic information it was time to start a Hackathon and after that something production worthy. In this talk I will try to give the best information to get started and to know some of the problems you can face if you begin event-sourcing.

8

Most of us are probably aware of code smells, code that doesn't apply SOLID principles, code that should be refactored to make the system easier to maintain. But there are other coding horrors that should trigger alarm bells whenever we see them. Like a good horror movie, coding horrors should scare us when we find them, because they're often symptomatic of deeper problems. So let's take a short tour of some of the greatest horror movies ever made; and some of the most worrying code horrors that I've seen.

Digital identity is hard. To prove that someone is who they claim to be, remotely, via digital services, is opened with opportunities for attackers to impersonate someone’s digital identity. Insecure implementation often result in compromised user accounts and unauthorized access to your data. How to protect the digital identity of your customers and ensure their transactions are secure? Which security features are an absolute must-have and which additional security measures should you take into account? Attend this session to learn what to consider when implementing digital identity for your customers. We will explore different types of applications and for each, we will discuss the appropriate levels of digital identity to implement. After this session you will understand which level of digital identity is required for your applications, which are the must-have security features, and which additional security measures should you take into account for each level. Recommended to all developers interested to incorporate a secure digital identity in their software applications.

20

Developers naturally gravitate towards the "happy path" - default scenario in application execution in which everything works as expected, consequently neglecting exceptional behavior aspect of a software development. This talk provides a comprehensive insight into widely adopted practices and patterns for dealing with exceptional conditions. Emphasis is on exceptions and applicable techniques that improve quality of the overall architecture, such as: - structuring and organizing custom exception classes - formatting exception messages using named constructors technique - component-level exception - exception wrapping To make the story complete, second part of the talk focuses on a PHP-based solution for establishing a robust and extensible error handling system.

7

By becoming a remote developer you can broaden your horizons, work on something more interesting to you. You as company, by going remote can find better developers, ppl more interested in what you are doing. But remote is hard. I will speak from my past experience and show you how I'we solved some of the issues. I'we been a remote developer (part of a team, not freelancer/contractor) for almost 2 years now and I'm loving it but the road was bumpy. Missing office gossip and relevant information, working from home or office, less direct contact with fellow team mates, not able to grab a lunch or drinks together team spirit is something that needs to be nurtured in other ways.

5

Are you scared of JavaScript? Have you used jQuery but struggle with integrating JavaScript with your PHP application? This talk will help you understand how to use JavaScript effectively in your existing web pages and PHP applications. We will explore different ways to write and structure your JavaScript code and how this code can interact with your back end code via JSON. You will also learn about the model-view-view model pattern as a complement to the model view controller pattern often used in PHP to create more reusable, understandable, and testable code.

Uncon talk

What if I told you that you don’t need 100% code coverage? Latest advancements in the PHP language and modern coding practices allow static analyzers to find a lot of bugs in our code. You won’t stop writing unit tests, but you will focus your efforts where they count the most, like business logic. Compiled languages need to know about the type of every variable, return type of every method etc. before the program runs. This is why the compiler needs to make sure that the program is “correct” and will happily point out to you these kinds of mistakes in the source code, like calling an undefined method or passing a wrong number of arguments to a function. The compiler acts as a first line of defense before you are able to deploy the application into production. On the other hand, PHP is nothing like that. If you make a mistake, the program will crash when the line of code with the mistake is executed. When testing a PHP application, whether manually or automatically, developers spend a lot of their time discovering mistakes that wouldn’t even compile in other languages, leaving less time for testing actual business logic. There are several static analyzers available for PHP that substitute the role of the compiler from other languages. By finding bugs without even having to execute the code, they can save a lot of effort that’d be spent on tedious writing of boring unit tests. In this talk, I will share tips and tricks on how to structure your code to maximize benefits from using a static analyzer. You won’t stop writing unit tests, but you will focus your efforts on areas where they count the most.

5

We always try to avoid the famous Big Mall of Mud™ due to many reasons but what happens when we're already facing it - and making profit with it? Should we just accept our fate and keep fixing bugs for the rest of our lives or should we actually do something different? In this presentation we'll share the challenges we're facing at Usabilla and how we're using DDD and Kafka to understand and decompose our software into services without having downtime or any impact on our users' experience.

10

GitLab turned into a DevOps lifecycle platform instead of being "just" a web-based Git repository manager. In this session I'll guide you through the process of setting up GitLab and GitLab CI. You will learn some insights on how to configure a GitLab build via the .gitlab-ci.yml file. Together we will take a deep dive into the GitLab CI build pipelines to build and deploy docker containers to your dev, stage and production environments.

8

Software Engineering can be extremely difficult and maddening. But it doesn’t have to be. We will explore leveraging various principles to make Software Engineering fun again. We’ll make a case for “Better Code” fueling “Faster Development”. Toward building our case, we will explore 5 areas: * Bad Code vs Agility – What it means to be “Agile” and the impact of Bad Code on Agility. * Better Code: Enablers – Enabling Concepts for Better Code such as TDD, Clean Code and Patterns, with an eye toward adapting them to various programming paradigms such as Functional and OOP. While the rest of the presentation will focus on OOP, this section will contain links to great talks covering similar concepts in Functional Programming. * Empowering OOP – If OOP is to be chosen as a paradigm, we’ll explore what it means to play to the strengths of this paradigm. * Web Application Architectures: When building Web Applications, we’ll explore various architectures that may hinder or promote a sustainable business fueled by better code. We’ll look at leveraging a framework without coupling our business logic to it, to promote greater testability and extensibility. For example, by leveraging some simple patterns such as the Repository Pattern, we will look at not having to permanently commit ourselves to an RDBMS or a NoSQL solution, that it should be easy to change our minds later as business needs evolve, and even adopting “Polyglot Persistence” whereby parts of an application might leverage an RDBMS while others a NoSQL solution. * TDD: Better Fuels Faster – Leveraging preceding topics, we’ll put it all together in describing a workflow leveraging test-driven development for shipping better products ... faster, and having fun doing it. The end of this talk will showcase code examples of a real-world Kata for building the service layer of a “Ride Hailing Application”. It will also link to recorded Kata videos, as well as a “clean slate” branch in my git repository to follow along. If you wish to take an early look at these videos, they are all available here: http://bit.ly/tdd-vids Having made this case, we’ll conclude with the positive impact this workflow will have on a team’s ability to ship new products and new features at a sustained pace, with high levels of predictability. While PHP, Symfony and Doctrine are used for code examples, concepts in this talk are applicable to all PHP frameworks and environments, as well as other programming languages such as Java, PHP and C#.

8

Did you know you can use your knowledge of HTML, CSS and JavaScript to build truly native apps for iOS and Android with NativeScript? I’ll explain what NativeScript is, how it compares to other frameworks and demo how easy and fun it is to get started and how to make use of native capabilities. Do you want to build your own personal assistant like Siri? I'll show you how!

Uncon talk

One of the hardest question to ask on a linux platform: how much memory does my application use. This is mostly because Linux is amazingly efficient when it comes to memory usage and management. But it comes with a price - readability on how much memory your application really uses. During this advanced presentation, we will talk about virtual spaces, MMUs, mmap(), shared, resident and virtual memory and how it all fits together on your servers. Afterwards, you will be one of few who can read tools like "top" and "free" and really understand what's going on.

No no, not country flags, feature flags! Feature flags are a powerful technique that allows teams to modify a system's behaviour without changing code. They can be used several reasons - canary releases and A/B testing to name a few. This talk will show you how you're already using feature flags in your application without realising it. Next, we'll take a look at some of the best tooling out there to help you take feature flags to the next level. Finally, we'll cover strategies for removing feature flags before they become technical debt that you have to manage.

12

The much hyped "Microservice Architecture" tells us to design our services to be autonomous. Let's find out what this means and how we can achieve it. In this talk I will guide you through the fascinating world of asynchronous communication, event-driven systems and distributed data.

13

Almost every day we talk to team-members, colleagues, managers, product owners, stake holders and more. It's an essential part of our work. It's also very hard. We need to know the details, they need to know when it's done. Talking can take up a lot of time and energy. Wouldn't it be great to be really efficient at it? Understanding our spheres of influence is key. When, where and how can we make the most impact and get the best results? What do we need from others, and what do they need from us? How can we be of service, without placating or just giving in? When is it best to say nothing at all? This talk will cover the various spheres of influence we experience and which roles we play. We'll discuss building trust for long term results and how we never ever say "no". We'll see how being mindful leaves us with more time and energy. Stop being a victim and start taking control.

5

Have you ever read a "Good morning" in an international IRC-Channel shortly before you leave the office for lunch? In international business time is an illusion as everywhere is a different time. In this talk we'll dive into he depths of Timezones and how to handle them. We'll see why timezones are important and why and how they started to exist. And of course we'll examine how to handle those little buggers efficiently in code and database.

Uncon talk

There are a number of standards for describing APIs, one of them being Swagger. I am developing an approach to API development with PHP that will allow for automatically generate Swagger definition of the API, together with the underlying schemata. With this approach, it is possible to generate Swagger definition automatically from a deployment pipeline, failing in case of certain inconsistencies. Combined with the Swagger client code generator, you can also update your API client for free and also fully automatically.

11

MySQL 5.7 is two years old and adoption is growing. The new JSON Data Type shines away as the most talked feature in this version. But they are by no means the only awesome things this it has to offer. Learn how to manipulate JSON fields and how Generated Columns can help you index data and much more with real life examples.

2

Artificial intelligence products are all the rage these days. AI is not scary, and there are a lot of awesome things you can do with it right from PHP. How do we, as LAMP stack professionals, ensure we embark this wonderful journey? I’ll show you how we built, with PHP, a devops chatbot that enables the release manager skip the confusing discussions with the tekkies and master the release process. It’s not just a simple bot, because we added from day 1 natural language processing smartness to it, so that our user base is extended to the project managers, business analysts, and customer engagement teammates. Johnny started as a devops friend for one of our customers, being extremely helpful in our day-to-day tasks. It later evolved to a tech lead/scrum master role, and even reminds us to do our timesheets. Here are some discussions you might have with Johnny: “What tickets are ready for QA?” “What version of the API is installed in production?” “Are there unused branches for the website?” "Has test coverage decrease in the last week for the API?" "What is the development team on the ETL project?" "Add Mary as a developer to the API project".

2

No matter the size of your team most of us developers work with users or stakeholders to develop project requirements. Making your way through competing requests to get to a good design takes a lot of time and skill. In this talk Derek will use what he has learned as a parent and humorously apply it to product design and requirement gathering. You will learn about effective methods for getting agreement on product features and interface design. You will learn about ways of discovering what stakeholders really need to ensure delivery of a great product. These are valuable skills that can help you create better applications, become more valuable to your team, and advance your career. You might even pick up a parenting tip or two.

7

Did you know your IoC container can do a whole lot more than just constructor injection? Besides that it is actually packed with features. Inflectors, resolving callbacks, aliasing, method invocation to name a few. In this talk you will learn how to leverage the power of a great container and service providers to write better, loosely coupled code. Well designed code put together by your IoC container will make your applications SOLID, modular, lean and decoupled from the framework!

Uncon talk

Uncon talk Slides: https://www.slideshare.net/dominikzogg/chubbyphp-deserialization Libraries: https://github.com/chubbyphp/chubbyphp-deserialization https://github.com/chubbyphp/chubbyphp-serialization Demo / Sample usage: https://github.com/dominikzogg/deserialization-serialization-sample

As a kid you have ambitions for the future? "When I grow up I want to become a …". Maybe you wanted to become a fireman, an astronaut, a nurse, a teacher, a police officer? As you grow up these ideas evolve and get replaced with actual ambitions, actual hopes and dreams. These might be entirely different than your childhood dreams. But how do you reach these goals? How do you accomplish these dreams? By listening to your parents, friends, or teachers? By doing it yourself? Or maybe you have given up and settled for a watered down version of the career and life you envisioned? People often attribute success to luck, and lack of success to incompetence. But what if I told you it's all about controlling the variables? Luck is something that you can control in a way. The more you figure out the context, the key players, the relationships, the values, and the rules of the ecosystem in which you want to succeed, the easier it is to gain from it. The more variables you control, the easier it is to find potential opportunities and to bank on them. Maybe you didn't get lucky, maybe you just saw it coming, and prepared yourself for it. In this keynote talk, Thijs is going to share his experiences, his hopes, his dreams, and how he applies a positive mental attitude to level up in his career, and in life in general. This is not a growth hacking talk, but a simple set of tips and tricks to succeed, even if it seems like the odds are stacked against you.