Dutch PHP Conference 2025
18 - 21 Mar 2025 at Pathé Noord

Even with AI doing the (some) coding for us, specifying *exactly* what is needed and how to implement it is *hard*. How do you know you’ve got it down? When do you know you’re done? In this session we will model the process, specify the needs, design the solution and test the outcomes for a full spectrum approach to tackling complexity at the heart of software. Whether DDD, BDD or TDD - this workshop is inspired by any and all software development angles After this session you will: - Use event storming and other techniques to capture the business - Specify acceptance criteria with feature tests - Employ double loop TDD to steadily implement working software - Create types to make the incorrect inexpressible - Protect system, context and object consistency - Make your stakeholders, team and yourself confident, productive and happy

Software development serves as a tool for automating solutions to problems. However, it's common for us to select frameworks, make architectural decisions, and begin writing code long before fully grasping the problem at hand. Perhaps this tendency arises from the inherent difficulty in comprehending the true nature of the problem and asking the appropriate questions. Furthermore, adequately documenting these discoveries poses its own challenges. In this highly interactive workshop, we will delve deeply into utilizing Event Storming for Process Design to gain a comprehensive understanding of the problem. Together, we'll model the business process we aim to translate into software, and even explore what such software might resemble.

In this workshop, you’ll learn how to implement user authentication using Passkeys in your web and mobile applications, enhancing both security and user experience. Through hands-on coding, you’ll build a project that leverages the latest authentication APIs, enabling technologies like FaceID, TouchID, Windows Hello, Sign-in with Keys, and other secure methods available across modern browsers for websites, Progressive Web Apps, and native iOS and Android applications. By replacing traditional login forms with passwordless, biometric-based, and secure login methods, your apps will offer users a faster and more secure authentication experience. Using standard APIs for a web app, a native iOS and Android app, and a server-side protocol specification, we’ll explore how to support this cutting-edge approach to user authentication. You’ll learn how to: * Integrate Passkeys as a complement to traditional logins (e.g., as a two-factor authentication method). * Use Passkeys as the primary authentication mechanism, aligning with modern web standards. * Adapt your database schema to support this new authentication paradigm. This workshop equips you to modernize your login systems and deliver seamless, secure, and user-friendly experiences.

"OpenAPI is a technical specification for defining your APIs with. It is often promoted as a good way to document your APIs so that others can use them: useful but unnecessary for many APIs which are intended for internal use only, so you may have overlooked it in the past. OpenAPI can bring far more to your project than simple documentation, simplifying integration between frontend and backend teams; enabling automatic generation of client code in a whole host of languages and automatic validation of inputs against the specification. This workshop will bring you up to speed with everything that OpenAPI has to offer and help you unlock the benefits of a formal definition for your APIs. "

"Automated tests are the guardians of your code. They guarantee that your application code works as it should be. They also enable to reveal bugs or edge cases that were not taken into account during the initial development phase. Writing efficient and clean automated tests is one of the keys to make software more robust, maintainable and long lasting! In the first half of this workshop, you will lean how to craft different types of automated tests in order to test all layers of a PHP application. We’ll first focus on testing low level PHP classes of a PHP application thanks to unit and integration tests within PHPUnit. Attendees will learn how to validate their base domain layer in isolation, so that they can safely refactor and extending them later. As our knowledge of unit testing grows, we’ll learn some techniques to cover pieces of software that are time sensitive or third party system dependent (database, HTTP network calls, etc.). The second half of the workshop will teach you how to setup more high level types of tests : acceptance & end-to-end tests. Using Behat & the Gerkin DSL, you’ll learn how to write expressive test scenario that can be writtend & understood by anyone in the team, including non developers. Finally, we’ll dig into end-to-end testing with Panther, a PHP library that enables scripting and a running a complete Web browsing scenario within a real Chrome/Firefox browser. This is the ultimate goal to ensure your Web application acts as expected from the HTTP request to the HTTP response and JavaScript interaction with the end user. Be prepared to jump on an extensive testing PHP application journey!"

What if you cannot trust your tests? With more and more developers working on our monolith, we have a strong CI to deliver code into production: our goal is to deliver meaningful features to our customers with quality code and a stable platform. But some tests started failing randomly and this spread quickly through our codebase. Test failures block our CI and this leads to a huge waste of time and frustration when the application isn’t actually broken. We’ll explore the importance of tests, common errors that can lead to test flakiness, and strategies we have put in place to mitigate it.

"In this high-speed session, I will unveil the secrets behind a massive enterprise Micro Frontend app I developed for the Dutch Railway Company. This project aimed to revolutionise the user experience, which previously suffered from slow loading times and slow development cycles. By adopting Micro Frontends, we achieved a dramatic improvement in 70% faster load times and users receive new features 40% faster. I'll showcase live coding, real-world challenges , and the magic of 'Native Model Federation' - A powerful approach for building Micro Frontends with efficient dependency sharing and modular component composition!"

"The AI world is surely dominated by python, but things are moving in our loved PHP ecosystem too. LLPhant is building on the experience of LangChain and LLamaIndex in order to build a comprehensive framework for generative AI in PHP. Multimodel, multiplatform, local or SASS based, with LLPhant you can build a script to query an LLM or create a complex RAG using embeddings and function calling."

"Value Objects can be one of the most powerful tools in your modelling toolbox. They make code expressive, maintainable, deterministic and cohesive. Yet they are sometimes misunderstood and it's often difficult for developers to realise where and how they can use them. In this talk you will lean how to identify value objects in the wild, what their properties are and how to create your own!"

Four years after its first version, PHP 8 has already started the work of feature deprecations, targeting PHP 9. This session offers a complete overview of these changes: from the planned disappearance of certain features to the modernization of basic behaviors. We will detail each major deprecation, explaining the reasons behind these changes, the potential impacts on existing code, and best practices for adopting them today. You will leave with a clear roadmap to gradually adapt your code, minimize the risk of breakage, and take advantage of the new features and optimizations offered by PHP 8.

1

"This talk goes into the details of being an open source maintainer and the things that go along with it. It goes into the problems do they run into, which tools does GitHub and others offer and how can maintainers do their part in the relation with users and contributors. Things people could learn for this talk are - How to create a self explaining repository/repositories which allows others to easily contribute. - How to setup your GitHub repository to guide users when creating issues reports or pull requests. - How to setup additional items such as sponsoring, documentation"

"""I can't reproduce it,"" ""we'll need to add logs,"" ""we can't test that in staging,"" ""it seems to have been broken for a while,"" ""it works locally,"" ... If you hear these phrases regularly, this talk is for you. During this talk, I introduce the concept of observability and how it can help developers always stay ahead of issues. I then present the concrete approaches we have implemented, used on over 4 million websites, and our services, with daily production deployments and thousands of requests per second; all managed by only a dozen developers. This includes: - Error & Performance tracking, Tracing, and technical alerts with Sentry - Functional alerts and data observability with Metabase - Canary & shadow releases If these techniques are unfamiliar to you, if you have difficulty implementing them, or if you simply want a refresher, this talk is a great opportunity to hear about practical experiences and tips on observability!"

In recent years, the ways that we can deliver HTTP has improved in occasional leaps, from 1.0, 1.1, a big step to 2.0, and now 3.0. One of the biggest obstacles has been TCP, which isn't a great fit for HTTP, but we are stuck with it – or are we? QUIC is a reimagining of TCP that runs over "the other protocol", UDP, and integrates TLS 1.3, giving us a step up in performance and security. Discover how it works, how you can configure your servers and applications, and deploy and test it today.

"As PHP developers, our ecosystem has a very low barrier to entry compared to other languages. Pretty much any shared hosting provider allows you to start building your dreams. On the other hand, there are companies running multi-million businesses on PHP, often running in the cloud. This talk helps you bridge that gap. Imagine your little pet project becomes an overnight success, and you find yourself in a situation where simply throwing more money at the problem will lead to very concerned questions from your spouse or business partners, how can you start leveraging the capabilities of The Cloud quickly and effectively? We'll start out with the simplest option, staying as close to your typical VPS setup as possible. From there, the audience will be taken on an incremental journey, where each step takes us closer to a full Cloud-Native solution. We'll cover AWS services like Lightsail, Elastic Beanstalk, EC2, ALB (load balancing), AWS' containerization offerings (ECS, EKS, Fargate) and of course Lambda using Bref. I also won't hesitate to point out the downsides of each step, since life in the cloud isn't all roses and moonshine. Along the way we'll introduce best practices when operating in the cloud, like implementing security best practices, applying autoscaling and using managed services for databases, a CDN, file storage, etc. We won't just make the site ""run in the cloud"", but also leverage unique properties of cloud-hosting to make your site faster, more resilient to outages and possibly more cost-effective. Of course each of these services could warrant its own full-length talk... The goal is not to bring you fully up to speed on all the nuances of each. Instead, I aim to show that ""moving to the cloud"" is not as scary as some people make it out to be, and that it's a journey you can start out in small steps even if you come from a relatively humble starting point."

4

Ever faced a heavy computational task and thought, "Maybe PHP isn't the right tool for this"? Think again! With `ext-parallel`, multithreading is a reality in PHP. In this session, I'll show you how to use it to tackle demanding tasks, scale your applications, and unlock performance you didn’t think was possible — all without leaving PHP behind.

"I tell you the story about why and how I wrote a package called tempest/highlight (https://github.com/tempestphp/highlight). A fast and extensible code highlighter for the web and terminal, written in PHP. When I was running into problems with existing highlighters, I figured: how hard can it be to format some text? This is an inspirational talk to highlight what can be accomplished with PHP, when you dare to think outside the box."

"Modern PHP applications often rely on multiple external services via HTTP, especially with the rise of AI tools like OpenAI. However, PHP’s single-threaded nature forces your application to wait for each response, creating inefficiencies and consuming valuable resources. Even if each request takes just milliseconds, handling thousands of requests in parallel can quickly exhaust memory and database connections. But what if you could simulate parallelism in PHP without multiple threads or processes? In this session, I’ll demonstrate how to achieve asynchronous-like behavior using proven tools like cURL and Guzzle, even in a single-threaded environment. I’ll introduce a practical technique where HTTP requests are prepared and serialized, along with your program’s state, before being dispatched to PHP workers. These workers handle the requests in parallel, and then return the responses to your main program, which resumes execution seamlessly. However, this method comes with challenges, such as ensuring the program state is serializable and deserializable, and I’ll walk you through best practices to overcome these hurdles. Join me to learn how you can unlock new levels of performance in your PHP applications, achieving parallelism without the complexity or overhead of multi-threading. "

A deep dive into the trenches of software engineering, revealing how teams can diagnose, strategically refactor, and resurrect legacy codebases plagued by technical debt. Learn from real-world case studies that showcase diagnostic techniques, pragmatic improvement strategies, and the art of transforming complex, inherited systems into maintainable, efficient software architectures.

"Writing software is just one part of the delivery. In this talk Berry Langerak will take you through the years and the various deployment strategies that have existed over time, highlighting their benefits and drawbacks. By the end of this talk, you will: - Understand the key shifts in deployment strategies over time and why they happened. - Learn from past mistakes and best practices to improve reliability and efficiency. - Gain insights into emerging trends in deployment and how they might improve your workdays. - Walk away with practical takeaways to optimize and improve your deployment workflows today."

"In this talk I explain how to use Xdebug to get more productive writing PHP code, focussing on the improvements in Xdebug 3.2 and 3.3, and the upcoming 3.4, to make the debugging experience better and easier to set up. Beyond that, this session also goes through a few complicated scenarios that are harder to debug, and shows solutions to these conundrums. I will also focus on the new features, such as native path mapping. "

Everyone! You will always remember this day as the day that changed your perspective on security and UI/UX. Today, we set sail to discover the hidden treasures of these two islands. How many times don’t you hear that they are as different as day and night? But what if I told you they need each other, like a pirate ship and its sails! Remember, every great voyage begins with a single step. So, hoist the sails and set forth on an adventure of discovery. Together, we’ll uncover the secrets that will make your designs not just functional, but extraordinary. Join Mike in this deep dive into the intersection of security and user interaction/experience, where we’ll unearth strategies that ensure your applications are both safe and user-friendly. This is a golden treasure trove filled with knowledge! Not all treasure is silver and gold, my companions! But this session is a treasure you don’t want to miss!

"There are revolutions afoot that you may not even be aware of. When many like to shout that PHP is dead, many of us know that it comes from a reputation of yesteryear. That the language has evolved with such velocity in recent years that it is more than ever an extremely competitive choice, not only for the web, but also for CLI applications for example. And yet, some features were still rather archaic until recently. PHP extensions in particular. Although an extremely powerful tool for adding functionality to the language, taking advantage of the execution speed of the C language, extensions are all too often under-utilized, or even frowned upon, due to a tedious installation process. Although Docker containers have greatly helped to “solve“ this problem, it's still more complicated than installing a package with Composer. Unless... it becomes that easy? It's time to shine the spotlight on PIE, a tool initiated by The PHP Foundation, which promises to do just that. It's time to breathe new life into PHP extensions!"

"Started in 2017, Bref is an open-source project that helps run PHP serverless on AWS. Today, Bref is used by thousands of companies and handles over 10 billion requests and jobs each month. But how does it really work? Not just the 'hello world' demo where we take a basic Symfony or Laravel app and deploy it with a few commands. I invite you to lift the hood and understand how Bref runs PHP, how AWS Lambda scales, how it runs on servers and their data centers down to the bare metal. A compilation of public information, as well as experiences and surprises encountered while maintaining Bref over the past 7 years. If serverless has always been vague or confusing to you, it will no longer be magical after this."

"Passwords are a thing of the past. Meet Passkeys, a new passwordless authentication standard that enhances security and user experience across platforms. This session explores WebAuthn integration for websites and apps, guiding you through backend and frontend upgrades and live demos. You'll see how Passkeys leverage biometric methods like FaceID, TouchID, Android biometrics, and Windows Hello to create seamless, secure logins for your websites and apps. Transform your apps with modern, fast, and secure passwordless authentication. "

"In the world of software development, programming languages and frameworks are more than just tools—they can become badges of identity and sources of near-religious devotion. In this talk, we explore how developers often form ""dev tribes"" around their favorite languages, complete with rituals, jargon, and fierce loyalty. Drawing from themes in anthropology and tech culture, this session will examine both the positive and negative consequences of these tribal affiliations. On one hand, they foster community and innovation, but on the other, they can lead to exclusion, gatekeeping, and rigid dogma. Through humor and ethnographic analysis, this talk will shed light on how the lines between culture and code blur, offering an amusing and thought-provoking look at the world of programming fanatics. Expect to laugh, reflect, and maybe even recognize yourself in these ""dev tribes"" by the end! "

Learn how we created a serverless, fault-tolerant, event-driven ticketing platform on AWS. We will cover the reasons behind the decision of building this platform from scratch ourselves, the architecture of the different components, the concepts of event logging and how we deal with security & privacy. The platform launched halfway 2024 and has already been battle tested by selling tickets for the biggest festival of The Netherlands, Zwarte Cross.

Having to manage “legacy” applications is an inevitable step in the life of developers, especially when they are critical to the business. Over the years and the many changes made to the code, technical debt accumulates to the point that it can even become a brake on the provision of value for the business. It can therefore be tempting for developers to completely rewrite an application with the latest trendy tools. Spoiler, this is rarely the most economically rational solution! Therefore, how can we reconcile the production of value for the business while maintaining technical debt at an acceptable level? The solution lies in an approach of progressive modernization of the code thanks to the many professional tools offered by the PHP community. This conference will give you an overview of best practices, techniques and tools to help you modernize your code base.

"The idea of isolating services into containers revolutionized the IT world. And while containers are here to stay, most container images in use today are gigantic in size, contain unnecessary even dangerous components or generally are shipping a lot of bloat. And with that killing the very idea of containerization. Shall we put our containers on a diet, avoid security problems, and, while doing so, even reduce build times? This talk shows how!"

"PHP 8.4 brings powerful new capabilities for HTML parsing and DOM manipulation that make working with web content significantly easier. This session demonstrates how to use these new features in PHP to build better web scrapers, content extractors, and HTML transformation tools. Through practical examples and live coding, we'll explore common challenges in HTML parsing and show how PHP 8.4's new DOM classes and CSS selector support provide elegant solutions. Key Takeaways: * Get hands-on experience with PHP 8.4's new DOM classes and understand how they make working with HTML more intuitive * Master practical applications of modern CSS selectors for common web scraping and content extraction tasks * Learn the limits of CSS selectors, and when XPath selectors should be used instead."

"When users click ""Submit"" twice, what happens next could make or break your application. Idempotency ensures repeated API calls produce consistent results, saving systems from duplicate charges, mismanaged resources, and confused customers. This talk explains idempotency’s role in building reliable APIs, with practical Laravel-based examples to show you how to implement it effectively. We’ll share real-world stories of what happens when idempotency goes wrong (or doesn’t exist), and go through how some of the largest companies in the world choose to implement this technique. Whether you’re a seasoned API developer or new to the concept, you’ll leave with actionable insights and techniques to make your APIs smarter and more user-friendly."

"Most of us are familiar with HTTP, but when it actually comes to creating cacheable web applications, there is still a lot to be learned. In this presentation I will show you how to leverage specific HTTP caching mechanisms to achieve a good hit rate without losing touch with some of the challenges of real-world PHP projects. Keywords: cache control, cache invalidation, cache revalidation, cache variations, conditional requests, stateful content, HTTP fragments, content negotiation, and edge compute. The goal is to empower developers to control the behavior of reverse caching proxies (like Varnish or Content Delivery Networks), or even browser cache, using the power of HTTP."

I will present a case study on how we optimized our application to be both fast and resilient, even with queries involving multiple terabytes of data. There's nothing new or magical here—just "boring architecture" and well-established strategies for enhancing performance, managing massive data volumes effectively, and ensuring application stability. Do we really need more?

0

Writing secure code is important to prevent your users' data from being stolen. But vulnerabilities in your code can be difficult to spot and will not always be picked up during manual code reviews. In this talk, we'll look at how various static analysis tools (some of which you might already be using) can be used to detect common security vulnerabilities in your PHP applications in an automated way.

"If an autopilot fails, or a weapon system malfunctions, lives can and will be lost. As a result, significant checks, practices and concepts go into designing the software for such systems. But the code we, as developers in a wide range of jobs and fields, write can be just as critical - a delayed submission of a bank form because of a server error causes somebody to become homeless; a mistake on an immigration system causes a family to be deported; a misrouting of a delivery driver causes a car crash. In this closing keynote we'll ask the question - how can we take what we've learned at the conference, and make a difference to our work. We'll examine lessons from how real mission critical systems work, and use these as inspiration for how we can do better, empowering our teams to use their skills & knowledge to make a difference. We can recognise that if all of our software is mission critical, we should make it our goal to build better things, and positively impact peoples' lives."