Longhorn PHP Conference 2018
19 - 21 Apr 2018 at Commons Learning Center

While secure development practices are an important part of keeping your application and its data protected, you also have to prove your defenses are working. Developers are used to things like unit testing and even functional testing but some feel out of their depth when it comes to security testing. Effective security testing, or pentesting, is easier than you might think. We’ll start by introducing some of the techniques and tools you can use to test your own applications and finish with a contest to see how much you’ve learned.

In this workshop we’ll cover different ways to test your PHP code. Our focus will be the tools and writing tests – we won’t get caught up in all the testing dogma. Instead, we’ll create a foundation in tools like PHPUnit, Mockery, and Codeception so you can make the decisions about what testing tools and strategies work best for you and your code. So if you’re looking to start testing your PHP code, or learn other PHP testing tools, this workshop is for you.

To get ready to follow-along the tutorial, please complete the "Initial Setup": https://github.com/elchris/kata_tdd_php_symfony/blob/master/README.md Imagine building an application without having to mess with a Web Browser, a REST client or a MySQL client. What if you could build full-blown functionality with realistic data operations within the comfort of a Unit Test Harness? What if this meant shipping code earlier and more frequently than you ever have before? Building upon concepts outlined in this talk: http://bit.ly/tdd-talk-2 , and leveraging an evolving “Kata” for building a “Ride-Hailing Application”, this exercise will walk thru a rapid-development example from a “clean-slate” Symfony3 project, with just enough bootstrapping to enable Test-Driven Development with PHPUnit & Doctrine.

3

Building your next mobile app, SaaS product, or web app using an API first philosophy? Already maintain an API and want to step back and think about API design? In this tutorial we’ll build and iterate over a simple API, exploring concepts that give your API a solid foundation: authentication, REST-based design and workflows, practical hypermedia, versioning, API request/response formats. Because your API may start out serving the needs of internal mobile clients, or single page web apps, but one day (sooner than you think) you’ll be turning it into a public API. Get ready to attend here: https://gist.github.com/tjlytle/ff24a86829670fae7a0e63391703509b

Testing for web accessibility can feel daunting when you aren’t used to it. But with the growing requirements for sites to meet accessibility guidelines, it has become an unescapable part of a developer’s life. Accessibility should be seen as a challenge, rather than a chore. This workshop will demonstrate an accessibility testing workflow that can be integrated in coding workflow, and will include a review of automated testing, and hands-on manual testing using a variety of tools, from using the keyboard to using a screen reader application. We will work on real life sites, as well as some code snippets. Participants will leave the workshop with a solid understanding of common accessibility barriers and methods to test for, and remediate, these barriers.

Codeception is a powerful framework for testing. It allows you to test your application on all levels: unit, functional, acceptance; it can also handle API tests as well, and be used as part of the BDD process. Codeception testing is neither hard nor time-consuming, but it has so many features that it is easier to see them all at once than to learn everything from the documentation. Spend a few hours learning it and start writing tests effectively! In this tutorial, we will cover all the most interesting gems of Codeception. * Functional testing with framework (Laravel), working with Database * REST API tests inside a framework * Acceptance tests with Selenium WebDriver * Using PageObjects to refactor tests * And using BDD practices to make meaningful tests. * Extending Codeception

9

You don’t have an Agile Engineer, so why do you have DevOps Engineers? Are they supposed to engineer the DevOp? Why is it that your DevOps engineers look like a less angry systems administrator? Is Jenkins really that awesome? Has Docker sprinkled Unicorn droppings on the infrastructure? You’ve had DevOps Engineers for a couple years now, but the number and complexity of problems is still increasing. Is DevOps just a scam? Start with a simple comparison: Developers solve problems by writing many lines of code. Ops solve problems by reading about settings for hours and making a single change. What are the other personalities required to make successful systems? These personalities belong on the same project at the same time, not in some sequence that absolves previous steps from downstream responsibility. What does DevOps really look like in a successful software organization?

Docker is often lauded as a tool for deploying and running applications – but it’s also extremely useful for your local development process. Whether you’ve never used Docker, or you’ve been using it for a while but aren’t quite sure how it all actually works, this talk will give you an in-depth understanding of Docker and how to use it locally. We’ll cover creating your own Dockerfiles, building, tagging and pushing images, running containers, networking multiple containers with Docker Compose and debugging your setup.

7

Have you ever thought “I’d like to use AWS for my PHP application, but it’s so complicated!”? With over 70 distinct services available, how can you possibly learn them all or even decide which ones you need in the first place? Join me in this session as we grow a simple LAMP server into a scalable, fault-tolerant, highly-available, secure application stack on AWS. Whether you’ve already got some experience with AWS, or all you know so far is how to spell it, you’ll walk away from this talk armed with the essentials for running PHP workloads on AWS!

Aimeos (Laravel). Drupal Commerce. Magento. OSCommerce. PrestaShop. Shopware. Sylius. WooCommerce. Bespoke. SaaS. It’s no doubt that when a website needs a commerce component, open source provides the most control – but how do you know which one is the best choice? While it’s easy to go with a system built on your favorite framework, it may not be the best choice based on business needs. This talk takes an objective look at the open source commerce ecosystem and provides a set of questions and guidelines to use to find the right system for your application.

6

API tools, services, and techniques abound, but in this 99% Yak-Shaving™ Free session, we’ll focus on the ones that require little (or no) setup, and that you can be using before I stop talking. Whether you’re building or consuming APIs, there will be something for you. If you’re new to APIs, you’ll leave with a bunch of things you can use right now. If you’ve been doing this for a while, you’ll probably see a new way to simplify something that’s bugged you in the past.

2

In this presentation, we take a first look at writing PHP extensions. Using step-by-step examples, we’ll take a function written in PHP and convert them into a loadable extension using C. We’ll then test both versions and compare the results. After seeing the size and scope of the benefits that can be realized with only a few minor changes, you’ll want to try it out for yourself. You’ll also understand why we start with simple things, and not try to rewrite all of Symfony in C.

Containers are all the rage these days. They’re fast, they make deployment easy, they handle dependencies, they slice, they dice, they make julienne fries! But… what are they? What exactly is a container and how does it work? Just how does a container differ from the “old” silver bullet, virtual machines? Here’s a hint: It has nothing to do with boats, or whales, or shipping. That’s all marketing fluff. Containers are simply a shorthand name for leveraging newer features of operating system kernels that let the OS lie to programs about how they’re running. In fact, all of modern software is built on lies. That’s what’s useful about it! To understand how that works, why it’s so useful, and where it’s not, let’s dive into how software actually works on a modern Linux system to see how those kernel features fit into the big picture, building up to “containers” along the way. Pull back the veil of lies and see how your computer really works.

Afternoon keynote

This session will dive into Composer’s guts to see which choices we made worked and which ones did not. After seven years and a few hundred thousand users, the Composer code has been through many iterations, problems and successes. Let’s have a retrospective to see what we can learn from it.

3

With high-volume data wrangling, it pays to remember the fundamentals with PHP prepared statements. We walk through my benchmark showing techniques leading to 10X performance improvements. Meanwhile, when MySQL tables quickly grow by millions of rows, table storage space becomes an issue. Our table design must focus on keeping these tables compact and efficient. Here, too, prepared statements simplify both coding and table design. This talk uses CakePHP 3’s excellent support for PHP prepared statements, but all concepts are native to PHP and apply to any project striking this use case.

MySQL can now be used as a NoSQL, schema-less document store. The MySQL Document Store was introduced with MySQL 5.7 along with a new shell and API to make life for developers easier. This means no more embedding ugly SQL code in your beautiful code, having to normalize data, or setting up tables before you can start using the most popular database on the web. You no longer need DBA-level skills to set up your database – just open a document collection and start coding. This session will cover what you need to start today!

“Clean Code” is code that communicates. But how do we write clean code? In this talk we’ll look 9 simple practices that will help you write clean code. We’ll see how each one reduces complexity and improves readability. Don’t worry though, we’re not just going to “talk”. All of these practices will be shown with live coding demos to reveal all of the little steps involved so you can go and start cleaning up your own code.

3

How to get paid? Should I charge per project or hourly? How much to charge? Where to find clients? How to get the project done? Which programming field to choose? I started freelancing since I was 18 and I grew into creating a company with a steady revenue stream. Starting out can be a daunting task and many give it up because they can’t find clients or get paid too little, or worst – get stifled! I will talk about the most serious problems I stumbled upon and how to overcome or better yet, avoid them!

2

It’s common to hear people preach “plan in security from the start” and in an ideal world, you can. Here in the real world, though, we have legacy code that’s gathered over time and comes with a host of problems – (in)security included. What do you do when you’ve been commissioned with securing an application that’s showing its age? Follow along with me as I step you through a list of tips and tricks you can use to discover security issues in your application and effectively fix them and secure your application. Topics will include some of the most common vulnerability types, key places to look for potential issues and arm you with the tools and knowledge you’ll need to refactor that legacy application into something secure.

3

This is a tool that has improved quite a bit in the 5 or so years that I've used it. We'll talk about some very useful composer commands for building, updating, and maintaining the health of your composer-based application. If there's time, we'll also look at similar tools, one of which was inspired by Composer.

This presentation will demonstrate what the top five accessibility barriers are for screenreader users. Working with VoiceOver, a screen reader for the Mac, we will interact with problematic code to get a good idea of what the issues are. We will then discuss simple rewrites to improve accessibility. We will compare the behaviour of the improved code to the old one. Using a combination of real-world examples and code snippets, we will go through problematic alternate text, poorly labelled forms, lack of headings, badly formed data tables, and keyboard navigation. You will gain a greater understanding of web accessibility barriers, and acquire some specific ideas on how to resolve them.

We all agree that metrics are important, and that Graphite’s a great tool for capturing them. However, in the last few years the metrics space has released lots of great tools that blow Graphite out of the water – one of which is Prometheus from Soundcloud. Prometheus allows you to query any dimension of your data whilst still storing it in a highly efficient format. Together, we’ll take a look at how to get started with Prometheus, including how to create dashboards with Grafana and alerts using AlertManager. By the time you leave, you’ll understand how Prometheus works and will be itching to add it to your own projects!

Want to build software that is more testable, easier to modify, and has fewer lines of code? Architecting with more immutable objects that are always in a valid state is the most important lesson I have learned in building better software applications. Using immutable value objects will lead to less checking, fewer bugs, more DRY code, and help avoid the “spooky action at a distance” problem in PHP. We will also learn how to use immutable objects and immutable collections to improve design of our mutable entities. Lastly, we’ll see how immutable objects and functional programming can reduce complexity.

Uncon talk

3

At any given time, 1 in 5 Americans are living with a mental illness, such as depression, bipolar disorder, generalized anxiety disorder, substance use disorder, burnout, or ADHD. Statistically, all of us working for an organization with 5 or more employees have at least one colleague who is affected. At the same time, the tech industry is often characterized by high stress, long hours, workplace pressure to be available by phone and e-mail after-hours or sometimes even while on vacation, social pressure to constantly network and attend conferences and make a name for yourself, and the precarious balance between trying to do good by contributing to open-source and maintaining some semblance of free time that doesn’t involve coding. Given how this demanding environment increasingly blurs the line between our professional and personal lives, how can we ensure that the most vulnerable among us aren’t being left behind? As a community, the single most damaging thing we can do is continue to treat mental health as a personal shortcoming that can’t be talked about openly. We shouldn’t think of it as “somebody else’s problem”; the 4 in 5 of us who don’t currently have mental health disorders must do our part to help end the stigma. This talk will begin with an overview of key statistics about mental illness, followed by the efforts of the non-profit organization Open Sourcing Mental Illness (https://osmihelp.org/) to gather more data about mental health in the tech industry, the ALGEE action plan taught by the Mental Health First Aid (https://www.mentalhealthfirstaid.org/) training course, and finally conclude with ideas and strategies for making our tech workplaces more accommodating and inclusive.

5

If you develop APIs, you’ll more than likely need a way to test that they work as expected. In this talk, we’ll briefly go over some common tools that are used for API development. Then we’ll focus on Postman, and see how we can use it to check basic API functionality, as well as write automated tests that will run with a single click.

9

If you’re into to Laravel, you’ve probably already tried out the basic MVC features. What you probably haven’t gotten to yet is all of the amazing features that make Laravel truly a “full stack” framework. In this talk, we’ll cover queueing jobs, send emails, search, browser tests, event broadcasting and more. This will be a great crash course on letting Laravel do the heavy lifting for you, and making sure you know what it’s capable of so you don’t accidentally reinvent the wheel.

13

Teamwork is easy to dismiss as a groan-worthy buzzword, but when you’re racing across the brutal North Pacific, thousands of miles from land, teamwork is all you’ve got. Dysfunctional team dynamics will strangle communication, putting your goals and your team in jeopardy. In this session, you’ll discover the most important lessons learned on a punishing, 6000-mile race across the ocean: how to put the team before the individual, how to trust and be trusted by your teammates, and how maneuvering through a 100mph squall is a lot like maneuvering through a project meeting.

Over the last decade, APIs have opened up new worlds and allowed us to accomplish wildly complex tasks with just a few lines of code. They’ve made the extraordinary almost mundane. Unfortunately, poorly designed and implemented APIs have opened us up to vulnerabilities and attacks we never considered before. While Equifax is the biggest and one of the most well known, odds are there are APIs within your systems which are just as bad but you don’t even know. In this session, we’ll walk through a number of (now resolved!) vulnerabilities from production APIs, how they were found, and what you should watch for in your own APIs.

We have a ton of options for provisioning machines once we have an SSH connection available, but how do we get those machines in the first place? Meet Terraform from Hashicorp, your infrastructure automation engine. Providing a declarative interface for your infrastructure, you can define what you need and let Terraform take care of the rest. In this talk, we’ll take a look at what Terraform can do for you, walking through your first Terraform configuration all the way to writing your own modules to encapsulate your infrastructure across multiple deployments.

7

Working in shorter development cycles has a tendency to result in faster, less-risky delivery of changes to our production applications. Extensive automation is a key part of achieving this, but where do you begin? If you’re currently hosting on AWS, you’ll be happy to know that there’s a full suite of developer tools available to accomplish just that. In this session, we’ll explore using AWS CodePipeline, CodeBuild, and CodeDeploy to set up continuous integration, continuous delivery, and zero-downtime deployment of our PHP applications!

2

Time Zones and Calendars are a PITA. Although they govern how we live and when we do what, handling them programmatically is not an easy feat. In this presentation we will look at how to deal with time zones, and two calendars: natural year, and ISO8601. We will see how it is hard to make assumptions on how they work, and explain how they came into existence. We’ll focus mostly on how to handle them from within PHP, as well as how we (should) store them in databases. We’ll also have a quick look at date manipulation when querying data.

5

OAuth is one of the most important but most misunderstood frameworks out there. What you think it is, it probably isn’t. What it actually is, you probably hadn’t considered. Regardless, when you consider the standards, specifications, and common practices interact and fit together, it’s impressive what you can accomplish with minimal effort. In this session, we’ll explore through the most common RFCs that are combined to make powerful, robust, and secure solutions that drive modern software development.

3

We rarely need the basic skills of shifting, masking, or two’s complement arithmetic. Yet these remain important fundamentals. We’ll use a problem of applied cryptography (cache-timing attacks) to walk through the skills of one’s complement and two’s complement arithmetic, bit masks, shifting, and bitwise operations. We’re hitting the fundamentals of binary manipulation with zero prior knowledge expected. If you were never taught binary arithmetic, this talk is for you. After this talk, we’ll be far more comfortable with bitwise operators and what happens “under the covers.”

We usually think of technology as a tool, something as indifferent as a hammer or a ruler. But technology has become an intermediary in nearly every part of our lives, from electronic medical records to apps that remember which craft beers you’ve tasted. And in a world where algorithms decide when you should turn left or which version of the news you read, pretending our software is detached is naive—or even dangerous. So, when so few technologists (that’s us) are creating software for use by so many (that’s nearly everyone else in the world), how can we do right by them? What responsibility do we have to use our skills for good? And how can we get this right when humans beings insist on being so varied and complicated and, well… human?

3

Every PHP application needs its policy about tests: what is important to test, what is not, at which levels should a feature be tested. As we think of application architecture before writing a single line of code, we should think of a test architecture before implementing tests. From this talk you will learn: * How to transform business expectations to tests using ATDD and BDD approaches * How (and why) to incorporate all testing levels (acceptance, functional, integration, unit) * How to prioritize tests * How to write stable tests that won’t be the stick in the wheel * How to deal with test data * How to decide, should it be unit or integration test * How to choose the type of a test

9

Maybe you’re the only coder on a project. Maybe you’re on a small team and carrying the majority of the server knowledge. For one reason or another, there are times when if we don’t setup our own deploy process, there simply isn’t one. No one wants the headaches that come from a my-machine[s] to production direct deploy process, so let’s go a step better with Jenkins and Github or Gitlab. This talk will walk you through setting up a Jenkins server to deploy your staging changes and master merges with all the tests and checks you need to avoid those “oops” moments ever going live.

Different jobs require different tools. There are times where PHP isn’t the right tool for the job. When those times arise, Go can be a great alternative tool to use. Go is a compiled programming language created by Google and used in emerging tools like Docker, and Kubernetes. This session will take you through the basics of Go, compare and contrast it with PHP, and give you some pointers as to what problem areas can you best use Go to compliment your PHP applications.

Whether you want to keep track of a tiny library or your friends borrowing from your bookshelf, event sourcing can help you collect where your books are going. When you are ready, the simple check in and check out events can build reports of what books need to be returned, or where a book may have traveled. We will use this simple project to navigate the data structures in event sourcing and show how you may use event sourcing in your next project.

Kubernetes is exploding in popularity right now. I will break down various k8s concepts and present them with comparison to existing ops/devops practices and tools specific to the development and operations of PHP workloads. Paul will talk about Kubernetes and its core concepts and how they map back to existing practices and tools that you may be familiar with. Paul will talk to the additional challenges PHP developers face when using kubernetes and help show how you can successfully deploy your PHP applications whether they’re more traditional apps or fully cloud native. At the end of this presentation you should feel more comfortable with the idea of using Kubernetes as a deployment target for your applications and have a good idea on how to get started with it.

1

How secure is your API? As the prevalence of REST/SOAP API’s has grown, so has the need to secure your data. In the past implementing something like OAuth 1.0 or OAuth 2.0 would be up to you entirely. Join me as we walk through how exactly Laravel has made API authentication easy and seamless to integrate.

As a trained linguist and former university language instructor, people often assume that my natural language (spoken, signed, or written) learning analysis background made learning to code easier for me. They might say something like “That makes sense, they’re languages, right? They have syntax.” These casual comments seem true on the surface when talking about parts of speech and variable types. But once you dig deeper, it becomes clear that there are far more differences than similarities between these types of languages despite the shared name. However, many skills and methods I have utilized in learning languages as an adult and teaching languages to adults have served me well as a developer. This talk first addresses key points of divergence between learning a natural language and a programming language. Perhaps most importantly, natural languages are meant for communicating with people and programming languages are meant for giving a computer directions. However, many areas of overlap exist in learning and perfecting these skills; these shared aspects of learning are the primary focus of this talk.

Have you heard of Docker and Kubernetes and know the basic concepts, but want a deeper dive on how to use them for day to day developer work? In this talk you will learn how to deploy and manage applications using the open source OpenShift project to truly simplify your development flow. Diving a bit deeper, we will learn how to use the Source 2 Image project to automatically build and deploy docker images straight from source code. After that, we will take it up a notch by learning how to add databases and scale the application to achieve fast response times for your users. And just for giggles, we will also learn how to do A/B and Blue / Green deployments. This is a hands on talk where the presenter will be live coding with very little slideware. For this session, it is highly recommended that you also attend the "Kubernetes for PHP Practitioners" session that covers the basics of Kubernetes that will be used for the hands on portion of this lab.

How a three-man team moved a profitable company’s primary (but legacy) application from on-premises to the cloud, jumping PHP versions and hurtling through seven Laravel versions all in 9 months. What we did right, what we did wrong, and what we learned along the way.

Kids, Uncle Cal has been around the career block a few times. Depending on how you define the term “job” I have held more than 15 jobs in my adult career. This doesn’t include side-hustles, moonlighting, or wild ideas. I’ve worked for the good, the bad, and the ugly; and trust me, there is a lot of ugly out there. In this talk we’ll examine a few of the life-lessons I’ve learned the hard way. Some of them will be interesting, some of them insightful, some of them silly. Regardless, these lessons were generally learned by making big enough mistakes. Spend a little time with me, learn the lessons I’ve learned so that you don’t repeat my mistakes. You are then free to go make your own new mistakes. ????