Longhorn PHP Conference 2021
14 - 16 Oct 2021 at Holiday Inn Austin Midtown

2

In this tutorial, we will be using AWS, GitHub, Docker, a Mock PHP app, and Terraform to build a seamless test & deployment pipeline. Both GitHub Actions and Terraform are very powerful tools but become extraordinary when combined to build CI/CD pipelines for your PHP App. We will go step by step on how to signup and provision your AWS account, explanation of the example repositories used, how the GitHub Actions test & package your app in a Docker container, how it pushes that image up to AWS, and how the Elastic Container service works to host your PHP app in a highly-scalable way. Be prepared for this talk by signing up for paid AWS, signing up for GitHub, reading a bit about Docker/Terraform, and getting a cup of coffee right before you build the best stack of your life. Install the following locally: * Terraform V1+ https://www.terraform.io/downloads.html * AWS CLI V2+ https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html * Docker (optional, only if you want to run the example symfony app locally) https://www.docker.com/products/docker-desktop * jq (Needed to destroy files in s3 buckets) https://stedolan.github.io/jq/download/

If you're fighting with Git on a regular basis, you might not be using it optimally. This workshop will give you hands-on exercises to tweak your daily Git habits and become a more productive developer. From best practices like atomic commits, to advanced mythical beasts like finding bugs with bisect. Next time you're pulling your hair out from rebase hell, remember this workshop. Tutorial reqs: you won't need anything but Git and PHP > 7.3.

In this workshop we'll cover the main aspects of handling the large tech company interview process. The core of this being the System Design interview and the Coding interview. First we'll cover how to prep for interviews, resources, and time allocation. Along with what you should expect throughout the process. Next we'll cover the solutions to a few common coding interview questions, with a little theory along the way. We'll walk through PHP code examples that solve FizzBuzz, 8 Queens, and a Quicksort implementation. Then we'll work through different system designs and architecture decisions for building a large scale PHP application. We'll start with small systems and iteratively build upon them until they are truly web scale. We'll finish up by discussing what to do once you receive an offer and how to negotiate. Slides: https://speakerdeck.com/benedmunds/longhorn-php-2021-passing-the-technical-interview-workshop

Food provided on-site

5

While OOP dates back to the likes of Simula and Smalltalk, it's present in some form in most programming languages used for web development today. Among these is PHP, which saw an overhaul to its object system in version 5 and further additions in versions 7 and 8. This presentation covers general OOP concepts and principles using PHP's object model as an example.

Slow query? Add an index or two! But things are suddenly even slower! Indexes are great tools to speed data lookup but have overhead issues. Histograms don’t have that overhead but may not be suited. And how you lock rows also effects performance. So what do you do to speed up queries smartly? This is a clear, detailed look at what you can do to really speed up your queries in a logical, orthogonal process.

OpenAPI is more than just a documentation tool - even though it's great for that! As the tooling for OpenAPI version 3 has matured, there are now more opportunities to use OpenAPI to make your API development faster, easier, and more resilient. In this talk you'll learn how to use the OpenAPI spec and tools in the Open API ecosystem to power: - Mock servers to test your API before it exists - Integration tests to ensure that your API responses meet your specification - Validation logic - Documentation In this workshop we'll work together to build a simple API with documentation, testing, validation, and a simple front-end all powered by the spec. Prerequisites: - You need to have PHP installed with the [ability to run Laravel](https://laravel.com/docs/8.x/deployment#server-requirements) - We will be using the built-in PHP server that is triggered from the command line - You need to have Git and Composer installed - You should install [Stoplight Studio](https://stoplight.io/studio/)

Welcome to Longhorn PHP 2021!

Improving our skills requires tremendous amounts of learning. A brief loss of focus as technology advances can require massive effort to catch up. To accelerate learning, we evangelize about tools and technologies we're passionate about, leading to a walled garden. The result, counter to our efforts, is discovering the world has forgotten you. Or have you forgotten the world? Adam recently broadened his horizons outside of PHP and made some enlightening discoveries. As he transitioned from advanced mentor to apprentice beginner, he got crushed. He appeared to be very far behind, and maybe not even a programmer at all. Meanwhile, PHP had become the butt of every joke. However, his persistence paid off, and there's much more to the story. The speaker will share his winding career path through various communities and technology stacks. Then, share how you can avoid learning the wrong things, prevent your chosen tech stack from being dismissed by the world, and some steps toward being more open-minded about your craft.

Manual testing is expensive and tedious, but automating QA typically requires a very different skillset. I'll describe how we introduced automation to our existing QA testers' workflow using JIRA, Gherkin, and a PHP application featuring Behat. The talk will focus on successes, challenges, and lessons learned as we built a system that describes features in human-readable language, feeds results back to JIRA tickets, and helps our QA folks not have to walk through /that one long form everyone hates, over and over again/.

2

Have you struggled setting up XDebug or finding out what's wrong on Production? If the answer is yes then this talk is for you! We will cover how XDebug works, Debugging in PHPStorm or VS Code, advanced features of XDebug, what has changed from XDebug version 2 to 3, debugging javascript, framework debug toolbars, common pitfalls using XDebug & Docker, war stories from my experience with production issues, SASS products to help you get more insight into your application, monitoring, logging, and much more. By the end, you will know all the secrets of how to become a Bug Exterminator.

9

Refactoring is often a murky subject for development teams. It might seem too daunting or not allowed by the pace of development. It can be misunderstood by stakeholders as something of low business value. But how valuable is a product suffering from unaddressed code rot? How fast can we go if our product loses its ability to add or change features over time? Switching to the next shiny new software development methodology won’t matter much for productivity if refactoring is not an adored habit. I'd like to show you how to apply a broad catalog of refactoring patterns alongside automated tooling (IDE's, Rector, PhpUnit etc.) to help keep your codebase flexible and enjoyable. We’ll learn how to identify high-value refactoring targets, what we can do about them, and how to help everyone see refactoring as one of the most effective ways to care about each other and our customers.

5

Releasing open-source libraries is more than sharing your GitHub URL with the world. There are many considerations and steps involved especially for successful and long-lived projects. In this talk, we’ll cover the principles behind creating, releasing, and maintaining high-quality libraries. Topics will include structuring the repository, implementing modern PHP standards, maintaining changelogs, using CI tests, releasing new versions, and more.

PHP has had first-class function support since 2009. Even so, functional programming can still seem mysterious. Functional programming can help your code become less repetitive and more testable! In this talk, we'll talk about what functional programming is. We'll compare it with object-oriented programming. By the end, you should be able to bring these ideas to your work and improve your code.

You’re a software development consultant called into DevCorp with a mission. What started as a hip, informal startup now has investor demands to meet. And they’re counting on you to help them become a scale-up. How do you grow the existing team and maintain the codebase? This interactive talk, intended for any developer of any level, will give you some valuable technical and soft skills to take with you on your real-life professional journey. Using a voting system, the audience decides… and has to live with the consequences. Based on a mix of personal experience, agile methodology, and software design principles, this story has several possible endings. Will you help lift your team’s performance or run DevCorp into the ground?

It's lunch time!

2

Regardless of our technical specialization, seniority level, or present job, we want to be the best developers we can be. On our individual journeys, we meet others we hold in high regard and consider to be exemplary of our vocation and our craft. What makes these developers great? How can we best follow their example? We'll explore these and related questions about what crucial knowledge, values, skills, goals, and challenges you must pursue on your own path to being a great developer.

Legacy code can be riddled with bugs — both ordinary and extraordinary. Quickly finding and conquering them is crucial for upgrades and for less painful maintenance. Join me as I demonstrate fixes and avoidance strategies for some of the most prevalent bugs found in legacy code.

Explore effective methods to identify & avoid the most common and devastating security pitfalls in Web Applications. When it comes to an enterprise’s exposure to security vulnerabilities, one could easily argue that its web presence is by far its greatest threat. There are many ways to build vulnerable applications and a few effective ways to "build them right". We’ll instrument you to stay on right side of this equation.

PHP and MySQL are both 25 years old and have a happy codependency. There are three connectors out there to connect them. But do you know the differences between them? This session covers the difference between these as far as options, performance, and functionality. yes, there are differences (sometimes subtle, sometimes drastic) that can causes differences in query execution. There will be lots of coding examples and bad jokes.

The latest statistics from Composer and Packagist say you're all eagerly adopting the (almost) latest releases of PHP. In fact, about half of you are probably on 7.4, and that's good enough, right? Wrong. Come dig through the basket full of new features in 8.0, what's about to be released with 8.1, and if you part of the unlucky 40% on something older than 7.4 you're in for a treat because we'll cover that too! See what you're missing in the latest that PHP has to offer.

Like many folks, testing was always an afterthought, rarely given any focus, and happened well after code was pushed in to production. End users often doubled as testers, and things often went awry in production. Unit tests, TDD, test-first, koans... these all felt very esoteric, and at best felt like getting in the way of "getting real work done". To be fair, I was often able to 'see' bugs in code while writing, and was good at defensive programming, which prevented many bugs up front, but over the years, that increasingly was not enough. Over the last 3 years, I've done close to a 180 on testing, and it's now a relatively core part of my development. I've become "that person" on a project that focuses on tests, possibly to the annoyance of some colleagues. This talk with cover some of my own mistakes in testing, previous and current tools used, experiences that helped change my thinking on testsing, what steps I took to make testing easier for myself, and describe how much more there is to improve on.

APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.

OpenTelemetry is gaining traction fast. Really fast. In the last year it has risen to become the second most active Cloud Native Computing Foundation (CNCF) project behind only the undisputed queen that is Kubernetes. In this talk, we will dive into the observability paradigm shift from traditional monitoring and how the open-source OpenTelemetry project is going to quickly become the lingua franca for understanding modern applications in the wild.

So your company has finally decided to move to the Cloud Native ecosystem. You’ve landed on containerization as your first step. You heard that all you needed to do was containerize your first app and then push it to Kubernetes/OpenShift/Nomad, and the cost savings just come. You’ve done this, and well, things have gone not as planned. Some of the tech didn’t do what you expected, and wait, what do you mean our OpEx has gone up? Simply said: the promise of containerization or migrating to the Cloud Native ecosystem can be a lie if you don’t do your homework. Sadly most companies don’t. In this talk, I’ll explain a few gotchas that a “few” enterprises, in the guise of AsgharLabs, hit moving towards the Cloud Native world, and hopefully, you’ll learn from their mistakes, so you’re trip down this path will be more comfortable and closer to the promise.

2

In this talk, we’ll go over how to leverage Docker secrets and DI (dependency injection) to keep your API keys and other credentials out of your repos and easily exposed environment variables. Examples are in the Yii framework, but the concepts can be used with anything. We’ll go over how to establish and use secrets and how to update them, as well as how to reference them from within an application or package. General knowledge of Docker basics is a plus, but you should be able to follow along even if you’re a Docker novice.

Sponsored by Laravel

TBD

The web is accessible by default; it is our design decisions that stop it being accessible. We need to develop accessible pages from the bottom up, starting with semantic HTML. Many designers and developers have a poor grasp of what native elements to use and what functionality they provide. Every semantic mistake introduces accessibility issues into your code. In this session, you will learn • When to use a link or a button • Why to use headings • How to create form fields • When to use tables • How to create accessible images, font icons and emojis

Most people understand the basics of git. Creating a repository, branching, merging... those are all pretty simple tasks. Part of the power of git resides in its ability to actually manipulate the history of a repository and clean things up, remove things that should not have been there, and do detective work. Let's spin up our time machine and mess around with the past.

1

ASCII is so 1963. Nowadays, computers must support a broad range of different characters beyond the 128 we had in the early days of computing - not just accents and emojis but also completely different writing systems used around the globe. The Unicode standard packs a whopping 143,859 characters into an elegant system used by over 95% of the Internet, but PHP's string functions don't play nicely with Unicode by default, making it difficult for developers to properly handle such a wide array of possible user inputs. In this talk, we'll explore why Unicode is important, how the various encodings like UTF-8 work under-the-hood, how to handle them within PHP, and some nifty tricks and shortcuts to preserve performance.

1

Whether you’re a solo developer working on a long standing project, or a developer working as part of a large (or small) team, you may be surprised at just how much variety can sneak into your codebase, even when everything is running properly. Exakat is an incredibly powerful static analyzer engine and will help you to identify issues before they become problems. In this presentation I will show you how to quickly set up and run Exakat via Docker to analyze your codebase and start incorporating this valuable tool into your toolbox.

2

Redis is a popular key-value store, commonly used as a cache or message broker service. However, it can do so much more than just hold string values in memory! -- Redis is a full featured “data structure server”. As PHP developers, we typically don’t think about data structures other than our jack-of-all-trades array, but Redis can store hashes, lists, sets, and sorted sets, in addition to operating on string values. In this talk, we’ll explore these basic data structures in Redis and look at how we can apply them to solve problems like rate limiting, creating distributed locks, or efficiently checking membership in a massive set of data.

3

It's dangerous to go alone! Just as Link was warned and equipped before setting off on his first quest, there are tools that can assist a PHP developer to level up and write better quality code. Join me as I demonstrate a few of these tools and show how easy it is to set them up to work well in a PHP project, regardless of what framework you use.

Lunch time!

Today, our systems are made up of a patchwork of tools and services from different providers. Thanks to cloud computing, we no longer need to be experts outside of our core business model. Companies now make it relatively accessible and affordable to use everything as a service rather than creating or operating everything from scratch. The days of running your own SMTP server are gone; there's an API for that. But how did we get here, and where do we go from here? Most importantly, how do we connect this patchwork of tools and services without wanting to pull our hair out while also dealing with a whole new set of challenges with external services? This talk will explore the answers to these questions and the concept of vendor engineering, elevating and utilizing glue work, and how it relates to the developer and operator experience gap.

Whether you're new to testing or practice TDD, you've probably encountered code which made you ask, "How do I test this?" Then you're stuck. Maybe you write a brittle test. Maybe you don't write a test at all. It happens. In this talk, we'll take a look at 3 common code snippets and strategies for making the code "more testable". This won't be theory. No. We're going to take real-world code and write real tests which bring these strategies to life. That's right, we're doing it live! Join me to learn strategies for making code more testable in this interactive, live coding talk.

They say that decisions are made by the people who show up. The same is true of creating the language runtime that powers a large portion of web traffic from Goliaths like Wikipedia, Yahoo, and Facebook* to the estimated 64 million wordpress sites around the world. Let's take a look at the work that goes into building and packaging the engine, writing and translating the documentation, and even running the website for the number 1 website building language.

OpenAPI has starting gaining traction and the concept of design first APIs has started to emerge. This talk will cover the concept of Design First APIs, tooling around how to design your API before we build it, as well as looking at other tooling like linting and SDK generation to show the real power of Design First APIs.

If your framework version was no longer supported, how much effort would it take to upgrade to the most recent version, or swap for another framework? Does it look like you might need to rewrite your entire application? You can write your code in a way that will make the inevitable framework upgrade a piece of cake, instead of a 12-month sustained effort. Learn from the experience of dozens of framework upgrades, some easier than others.

Grokability makes Snipe-IT, a web-based, open source, asset management product written in PHP. Users can install it themselves, of course - but they can also pay us to host it for them. We try to make it a rule to never mess up the open-source app just to help our business. The version we host is the exact same as the one you can download from Github. The license (AGPL) even requires that! That app is single tenant - so every new customer is another full installation of the software. We've figured out, over years, how to do this extremely efficiently, across 8 different regions in AWS. We've been able to do this without complex container systems like Kubernetes. Our ARR (Annual Run Rate) is nearly 1.25 Million dollars, and our AWS bill is only around $3400/month. We've never taken money and have always been profitable. This talk will go over how our systems worked when we started out, how our systems changed and the problems we ran into, and how we operate now.

If you have team members who consistently struggle with social interactions but excel at detail-oriented technical tasks then you may be working with someone who is neurodiverse. Neurodiversity manifests itself in how we relate to other people, how we communicate, our need for predictability, and so much more. This session will explain why nobody has Asperger's Syndrome any more and what it means to be neurodiverse or on the autism spectrum. Then we'll explore some of the benefits, challenges, and practical accommodations for leading a neurodiverse team.

2

In the context of information security, social engineering is a practice that can help hackers to acquire personal information, insights, and access. Social engineering techniques can also be used by hackers and non-hackers alike to become more skilled at observing the people around them and making informed decisions that are based on these observations. In this session, you will learn how to take a social engineering approach towards improving your team dynamics, including: - Strategies for assessing your team’s current strengths and areas of improvement. - Recommendations for developing an action plan to initiate change. - Strategies for using ongoing observation techniques to effectively manage change.

Stick around to get raffle items from both the conference and sponsors!

Sponsored by Covie