Longhorn PHP Conference 2023
2 - 4 Nov 2023 at Holiday Inn Austin Midtown

4

Why should I add another layer to make testing even more complicated? Behavior Driven Development (BDD) is a popular software development methodology. BDD is an extension of Test Driven Development (TDD) inspired by Agile practices. But is the added layer really worth it? The primary reason to choose BDD as your development process is to break down communication barriers between business and technical teams. BDD encourages automated testing to verify all documented features of a project from the beginning. Narrow the idea of story BDD: * describe features in a scenario with a formal text * use examples to make abstract things concrete * implement each step of a scenario for testing * write actual code implementing the feature By writing every feature in User Story format that is automatically executable as a test, we ensure that: businesses, developers, QAs, and managers are all on the same page. BDD encourages exploration and debate to formalize the requirements and features by writing the User Stories so everyone can understand. By making tests part of the User Story, BDD allows non-technical personnel to write (or edit) Acceptance tests. This procedure also ensures that everyone in a team knows what was developed, what was not, what was tested, and what was not. If you write your tests in a reusable way, it can often make your tests LESS complicated. Codeception collects and shares best practices and solutions for testing PHP web applications. With a flexible set of included modules, tests are easy to write, use, and maintain. Get started today writing your first BDD test.

9

More and more applications are built using JSON HTTP APIs for data and functionality. This workshop will walk you why you'd want to protect APIs and enumerate the options you have to protect them. After a brief introduction to JSON HTTP APIs, you'll build a PHP based API project which allows users to retrieve Chuck Norris quotes. You'll then progressively protect the API using a variety of methods. You'll also understand why and when to use each choice, as well as the tradeoffs they provide. At the end of this workshop, you'll have built: * an unprotected API * an API protected with an API key * an API protected using a JWT generated elsewhere

8

You've downloaded and installed open source libraries, required them as Composer dependencies, and perused the source code of countless GitHub repositories. Now, you're ready to help others by creating your own Composer package. So, what does it take to build and publish an open source library? In this session, we'll take a look at some of the common patterns open source PHP libraries follow. Along the way, we'll cover: evaluating libraries for quality, common directory structures, the importance of tests and how to run them on GitHub Actions, publishing to Packagist, choosing a license, interacting with a community, and more. By the end of this workshop, you will have all the tools you need to publish and distribute your own Composer package.

5

By the end of the workshop, participants will have a comprehensive understanding of how to set up a robust pre-commit workflow using Make, PHPStan, PHPCS, and PHPMD. This will help them catch potential issues before they are committed, ensuring a higher code quality and reducing the number of bugs and issues in the later stages of development.

It’s one thing to read about common security vulnerabilities and the different ways to secure a webapp (OWASP checklist anyone?), but it’s quite another to actually perform the attacks and compromise a site yourself, and in this workshop we’re going to do exactly that! We’ll walk through the process of hacking an intentionally vulnerable webapp, learning different hacking techniques used to exploit the different vulnerabilities we find, and how we can mitigate the vulnerabilities that we find. The goal is to teach you how to spot vulnerabilities in your own apps before a hacker does, so you can make your apps more secure.

Human behavior can be fine-tuned to get the best results in your career path. Understanding how our emotions and nervous system effect our behavior makes us more effective in negotiations and communications. Train your brain to respond to get the best possible outcomes in work situations. Practice actionable communication strategies throughout this workshop with improv, role playing in actual scenarios from the software development industry, and creative discussions.

We may adopt a perspective of ownership around the code we write and maintain, the career path we find ourselves on, and our position in the community around us. Intentionally shifting that perspective away from the ownership model to an alternative model can lead to finding opportunity where before there was frustration and finality. And it can impact more that just our code. It can bring a powerful new perspective to our career, our community, and even this very conference.

You’ve started a new job. As you dig deeper into the codebase, the WTFs per minute rate rapidly increases, and you’re left wondering… “Where do I start?!”. In this talk, I’ll draw on my own experiences of joining several different teams to help maintain their legacy codebase. You’ll come out of this talk with a better understanding of when you should or should not refactor existing code, the importance of communication, documentation, testing, and ideas for automated tests and checks.

1

Aspects of development work like accessibility are often treated by product teams as legal obligations, boxes to be checked off the list. As we widen the scope to the broader organization, we can see this mindset being applied to other areas, like Diversity, Equity and Inclusion, or dealing with remote workers. At best, it’s seen as one person’s job to take care of, and everyone else can wash their hands of it. Even AI is seen as disruptive to “some” people, or useful to only a select few. But people is a collective noun for a group of persons, and each person is different. We’ll explore the concept of universal design, how it applies to all of these fields, and how it will actually increase your potential audience and can have a (positive) material impact on your bottom line. These are concepts and concrete ideas that absolutely all persons can employ, from the CEO to their executive assistant, to the comptroller to the most senior dev, and everyone else in between.

For many years now, a common pattern, at least in PHP, is to organize your classes and files by archetype. But as a project grows (and grows, and grows) you may find that you’re jumping all over the place to work on a single feature. In fact, you may even find it hard to locate or figure out where all the related pieces of your feature are at. In this presentation, I’ll show you the way forward with a pattern called co-location. And we find that as we apply these principles, we actually learn to think differently about our software and how it’s put together. And that can tend to make us better software engineers, which is a goal we all share!

8

Ever dreamt of becoming a PHP core contributor but felt overwhelmed by the prospect of creating RFCs, maintaining extensions, or writing C code? Worry no more! In this talk, you'll discover how to make a meaningful impact on the PHP core by writing tests without the need to write C code. Join me for an interactive session where I'll live code a test on stage, demystifying the process and equipping you with essential testing techniques. Develop the confidence to contribute to the PHP core, one test at a time, and become an invaluable member of the PHP community.

6

Have you ever started on an engineering task with the thought, "Oh, this will be easy - I know exactly what to do,"; ... and then, several days and as many rewrites later, realized maybe not? Have you ever worked with an engineer that submitted incomplete work, letting code review and QA do most of the heavy lifting? Ever been that engineer yourself? There is a better way! Learn the systematic steps to follow within a Unit of Work to level up your engineering from see-what-sticks to a deterministic approach that results in beautifully crafted and robust code.

8

It takes a special kind of person to enjoy writing documentation; not only do I have to write [ideally] working code, but now I have to write words that a human being can understand? What is this madness?! Luckily, good documentation isn't limited to the confines of your codebase. By following common documentation standards, we can generate comprehensive manuals that instruct others how to integrate with our software. After all, to code is human, but to document is divine.

GitHub Copilot based on GPT is truly a game changer when it comes to automating the code generation, thus boosting developer productivity by more than 100%. Just like there is an idea of Test Driven Development, we are now in time of Copilot Driven Development, or COD. But to best utilize this new process, every developer needs to learn its benefits and how to use them properly. In this session, you will have a chance to learn best practices, gotchas, and tips from GitHub Expert Service’s Solution Engineer who has been working with multiple enterprise customers to enable Copilot for their businesses.

13

Far too often, developers get stuck building features and never have the opportunity to optimize production settings. Things like php-fpm configs, framework/server settings, and security considerations can often go overlooked. Let's face it, most product owners want features and give developers no time to research the ways you can speed up and secure your production setup. Don't burn yourself out reading articles and join this talk to learn about common performance enhancements that you can implement if you are using Symfony or Laravel. We will also dive under the hood and talk about PHP settings, caching, web servers (apache/nginx/caddy), and the many other optimizations that you may not have even considered. Rev up your engines and join this talk! Let's drop a supercharger in that bad boy!

8

In 2021, I was tasked with building a new serialization system for TYPO3. The result was a trio of new, general-purpose libraries that demonstrate the power and flexibility of the modern PHP language: FP, AttributeUtils, and Serde. In this session, we'll start with an overview of the plethora of potential PHP processes for handling serialized data, and show their pros and cons. We'll then transition into talking about Serde and what goes into a modern PHP 8-centric serialization framework. Along the way, we'll see the power of PHP attributes, and how AttributeUtils makes them even more powerful.

11

Why did the choreographer refuse to use orchestration in their distributed system? Because they wanted their components to dance to their own beat, without a central conductor! This talk explores the differences between choreography and orchestration in software development for distributed systems. Choreography involves the independent coordination of software components through message passing, while orchestration involves a central orchestrator managing the interactions between components. Through examples such as e-commerce and travel booking systems, the strengths and weaknesses of each approach are highlighted. By understanding the pros and cons of each approach, software developers can make informed decisions about which approach to use for their specific use case, ultimately finding harmony in their distributed systems.

14

Discover the art of debugging PHP applications with finesse in this dynamic session. Debugging is a vital skill for developers, enabling efficient issue identification and resolution. Join us as we explore proven techniques and powerful tools that will empower you to become a master troubleshooter. During this session, we will start by discussing the fundamental principles of problem-solving. We will explore strategies for dissecting complex issues and narrowing down the problem space effectively. Discover how to ask the right questions, analyze symptoms, and perform systematic investigations that lead you closer to the root cause. Next, we will explore the indispensable role of tools in the debugging process. Explore how to leverage the capabilities of integrated development environments (IDEs) to streamline your debugging workflow. Learn how to set breakpoints, inspect variables, and step through code execution for precise analysis. One of the most powerful tools at your disposal is xDebug. Dive into its advanced features and gain practical insights on utilizing it effectively. Discover how to set up xDebug, capture stack traces, and leverage its remote debugging capabilities to solve even the trickiest bugs. # Key Takeaways: * Fundamental techniques for efficient debugging and problem-solving * Strategies for narrowing down the problem space and identifying root causes * Harnessing the power of integrated development environments (IDEs) for effective debugging * Deep dive into xDebug: setup, advanced features, and remote debugging * Practical tips and best practices for troubleshooting PHP applications Join me for an enlightening session where we will unravel the secrets of debugging PHP applications. Equip yourself with the skills, techniques, and tools necessary to become an adept troubleshooter confidently untangling even the most intricate bugs. Elevate your debugging prowess and master the art of efficient troubleshooting in PHP!

7

Doctrine DBAL is the most popular relational database abstraction library for PHP. Many developers prefer using a database abstraction since they usually provide a better developer experience than working directly with database drivers. However, despite the best effort of their designers, abstractions often make developers unhappy when it comes to using non-trivial database features. Per Joel Spolsky, "all non-trivial abstractions, to some degree, are leaky". As a quite complex one, Doctrine DBAL leaks in a variety of aspects: drivers, SQL dialects, and schema management specifics. In this talk, I will highlight the most notable inconsistencies of Doctrine DBAL APIs and provide recommendations on dealing with them.

We've all been at a company that did Agile completely wrong. From stakeholders who don't understand the development process leading to unreasonable deadlines, to scrum masters who fold under the pressure of these stakeholders. If you've been a developer for a while, you've definitely experienced this. In this session, we'll go over some practical steps to help advocate for yourself as an engineer and prevent burnout from a toxic Agile environment.

This talk is about communicating with visuals to make complex ideas simple to understand. Over the years I have produced diagrams, charts, illustrations and other graphics to help people understand sophisticated project concepts. This includes project architecture, standard operating procedures, coding concepts, sprints and roadmaps. You will be guided through ways of how to make stylized examples of your project code and workflows in easy to follow examples. By using common software for illustrations along with some simple guidelines you too can make easy to follow visual content for your next project. Understand how to make your technical documentation into visual graphics with diagram design style guides See examples of how to take technical documentation and create an intuitive diagram of it to share Come away with an ability to execute a simple (or sophisticated) graphic with essential steps and key requirements

The future on development is in dev containers: reproducible, versioned development environments that run on any machine with a Docker installation (Win/Mac/Linux). If you want all users of your project to have a consistent, customized environment, dev containers can be added to your repositories. Dev Containers make onboarding new developers easy while reducing the time to get started. After this session, you will be able to: - Understand what dev containers are - Know how to add and configure dev containers for a project - Tool Installation - Extensions - Port Forwarding - Installing software Dev Containers currently require: VS Code VS Code Remote Containers extension Docker Desktop

4

New accessibility guidelines just dropped - are you ready for them? Consistency is the name of the game in the Web Content Accessibility Guidelines’ latest release, so learn how you can avoid rocking the boat. We’ll take a minute to refresh what the WCAG guidelines are and who has to follow them, and then we’ll dive deep into the latest changes.

The VP of Sales just announced the company closed a major deal that is 100x larger than any other previous contract. The excitement pours over you, you can finally expense that Herman-Miller chair! However, you quickly realize you’ve never tested the production application at that 100x scale before. What do you do? Scaling a web application is an exciting, and sometimes nerve-wracking problem. PHP buys us a lot of affordances, but we still need to think like engineers to make things scale in a maintainable, and affordable, manner. We’ll walk through this hypothetical scenario together, taking time to explore options and tradeoffs for major decisions. These topics will include: * Effective caching * Keeping your database performing efficiently * Tradeoffs of moving to microservices * Security and safety measures Most importantly, we’ll explore how to know when, and if, it is time for any of these things. Even how we can defer some decisions to keep our team working efficiently. For that, we’ll need to learn: * How to add and review telemetry for our application * How to determine key metrics we can know when we’re in trouble * How to collaborate with the business for best success Buckle up, because we’re going from zero to web scale in one talk!

12

What’s today’s date? Is it 07/20/2023 or 20/07/2023? Or maybe it’s 2023/07/20? How many elePHPants do you want to buy? Is it 1,500 or 1.500? Will that be $30,000.00 or 30.000,00 $? We represent dates, times, numbers, and currency in a variety of ways, depending on where we are in the world, and writing software to accommodate these different formats can be scary. It’s worse when you find out you need to put these formatted values inside a translated string like, “Sign up before July 20th, and you’ll get 20% off the regular price of $30,000.” String concatenation and standard placeholders won’t work because different languages and regions follow different rules. Fortunately, we have tools to make our jobs easier, and in this talk, we’ll take a look at FormatPHP and FormatJS, libraries designed to help with internationalization and localization of web applications. We’ll see how these libraries aid in formatting dates, times, numbers, and currency, as well as messages with plural conditions. We’ll learn how to format messages for translation, and by the end of this talk, you’ll know what a translation management system (TMS) is and how to extract strings from your application to send to your translators.

22

This talk by Ed Finkler is a must-attend for tech workers who want to learn more about mental health and personal well-being. With over 25 years of experience in the field and as the founder of Open Sourcing Mental Illness (OSMI), Finkler shares his personal struggles with ADHD, anxiety, and executive function problems. He also highlights the lack of research and data on mental health issues in the tech industry, and provides practical solutions such as mental health first aid training for managers and guidelines for organizations to prioritize employee well-being. An informative and insightful perspective on the importance of mental health in the tech industry.

9

In today's fast-paced digital world, no one likes to wait. Yet, PHP scripts often find themselves waiting on databases, email servers, HTTP servers, file systems, and even RAM. The result? Your customers are left waiting too. Discover how to break free from the waiting game by embracing asynchronous PHP architecture. In this talk, we'll dive into the power of RabbitMQ and ReactPHP to significantly reduce waiting times and optimise performance. Get ready for live coding, real-world examples, and expert insights that will empower you to create efficient, high-performing PHP applications that keep your customers coming back for more.

4

JSON Web tokens (JWTs) are used to authenticate APIs in a secure, stateless way. But they are sometimes misused. If you attend this talk, you'll know when to use JWTs, which signing algorithm to use, and why JWTs exist. You'll also learn about how to validate a JWT, and why you need to do so before you ever accept the payload of a JWT.

You are not a full stack developer until you can write your own CI/CD code. I had to come to terms with this, and I'm here to help you come to terms with it as well. In today's fast-paced software development landscape, DevOps has emerged as a critical discipline to enable teams to deliver high-quality applications at an accelerated pace. As a full-stack developer, understanding the principles and practices of DevOps is essential for streamlining development workflows, ensuring code quality, and fostering collaboration among team members. In this talk, we will explore the world of DevOps from a full-stack developer's perspective, providing a comprehensive guide to integrating DevOps practices into your development process. We will dive into the key concepts and methodologies that empower full-stack developers to optimize the end-to-end software delivery lifecycle. The talk will include an in-depth discussion of Continuous Integration and Continuous Deployment (CI/CD) pipelines and how they can be effectively implemented using GitHub Actions. We will explore the benefits of automating build, test, and deployment processes, as well as the challenges and best practices associated with creating a robust CI/CD pipeline. During the live demo, we will walk through the process of setting up a CI/CD pipeline using GitHub Actions, showcasing how developers can leverage this powerful tool to automate the building, testing, and deployment of their applications. Attendees will gain practical insights into writing workflows, configuring triggers, and integrating various testing and deployment tools within the GitHub Actions ecosystem. By the end of this tech talk, full-stack developers will have a solid understanding of the fundamental principles of DevOps and be equipped with the knowledge to implement efficient CI/CD pipelines using GitHub Actions. Whether you are a seasoned developer or just starting your journey, this talk will provide valuable insights and practical tips to enhance your development workflow and accelerate your application delivery. Join us to unlock the full potential of DevOps as a full-stack developer!

Authentication is hard! Passwords are guessable, while SMS and app-based multi-factor authentication can be compromised. Even the promise of hardware tokens comes at a cost, being easy to lose and/or forget. Unfortunately, as developers, we're stuck trying to solve this difficult problem: how to make authentication work without putting our users at risk. Every option appears to have downsides... but there is hope! Passkeys are a new authentication technology that uses cryptography within the web browser to securely identify and authenticate users, automatically syncing across devices, to entirely eliminate the need for passwords. It's like magic! We'll learn what they are, how they work, and why they are (virtually) unhackable. Your users will love a simplified login flow, and you'll stop worrying about account takeovers.

7

In this rapidly changing world, what does it mean to achieve success? Is that even possible? How do you stay relevant with the constant barrage of new technology? Debunking myths. Finding Truth. Getting Personal.

4

Test Driven Development (TDD) is the process of using very short development cycles to test and then implement your code. In this session, we'll explain the process of TDD, why you should be using TDD every time you write code, discuss tools you can use to develop PHP applications using TDD, and work through several examples to get you started.

10

Just what is a Zero day attack? When does the clock start ticking? What happens next? In this talk we’ll cover how the CVE process works, explore the timelines of a few famous CVEs and uncover the truth about ethical reporting. As Cyber Attacks become an existential threat it’s critical that all software developers understand the role the CVE process plays in helping us keep our defenses strong - and where it can go wrong or be subverted. From bug bounties and bad actors to unsung developer heroes and incredible researchers it’s time to buckle up for a wild ride as we show you what CVEs are really all about.

7

In this talk, I will give an overview of using the RubixML PHP library to build machine learning models and run predictions. I will build an MVP using a dataset, model, and predictions with Rubix and the Laravel framework. 1. Quick Introduction to Machine Learning 2. Examples of Where Machine Learning Is Beneficial. 3. Types of Machine Learning 4. Types of Estimators 5. Exploratory Data Analysis (EDA) 6. Choosing an Estimator for Your Model 7. Example: Building a Housing Price Predictor with a Gradient Boosted Machine (GBM) 8. Questions/Discussion

7

With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.

9

You cannot tell at a glance whether code is “clean” or not, yet most developers seem to attribute more value to code that’s pleasing to look at rather than code that is consistent, readable and understandable. We’ll discuss some of the shortcomings with some commonly accepted indicators of “clean” code, as well as some principles to follow for truly cleaner (and maintainable!) codebases, regardless of language. Learn that comments are not a crime, a_rose() by any other name might not smell as sweet, and HungarianNotationStr might not be as outdated as you might think (though we can pretty it up a bit). We’re not re-etching the laws in stone, but we’ll discover some pretty good best practices.

5

Together we'll build a reddit clone in PHP. The app will have horrible performance and instead of improving by adding DB indexes etc... we'll see how we can add caching to it in a very regular manner to bring it from 20s to 20ms of response time. We'll also demonstrate: - how it can work with user based data (session data that is different on each page) - how it can apply to APIs - how that cache can be extended to a CDN - how we can promote cache re-usability - strategies to operate such a cache at scale For those that know about it, this is similar to (but not entirely equivalent) Russian Doll Caching.

4

Thanks to the ubiquity of Composer, a PHP application may depend on dozens of third-party packages, each of which will define their own dependencies. When an application is deployed and working as expected, it can be difficult to prioritize the development time for package updates with breaking changes, and you might find some dependencies have slipped a few major versions behind their current release. Nevertheless, even if all root dependencies are up to date, some packages inevitably become abandoned, drop version constraints, or add an incompatible dependency. The end result: upgrading to the latest PHP version (or other package) is blocked by a tangled web of interdependent version conflicts and incompatible vendor code. Luckily for us, Composer is more than just `install`, `require`, and `update`, and we can use some of the lesser known functionality and behavior to untangle the web of conflicts and create forward-friendly migration path. We'll cover: - Using the `depends`, and `prohibits` commands to understand package relationships - Using forked repositories and branch aliases to provide a compatible version of a package - Preventing unnecessary transitive dependencies from being installed and causing conflicts - Upgrading to the latest version of a package, by using Rector to downgrading it to your PHP version

AR is evolving. Quickly. I’ll help you understand what it means to be a web developer in an augmented reality world. We see augmented reality all around us already. We’re using it to ensure our new couch will fit in our living room or learn how to assemble something quickly. We understand it’s a cutting-edge technology in our field, but we’re unsure how it impacts us now or in the future. I’ll cover the Augmented Reality industry, who’s doing what, and how it affects the tech ecosystem. We’ll also dive into some cool AR web experiences and the tech stack used to make it all happen. You’ll walk away with a strong introduction to Augmented Reality and how to build experiences with your current tech chops.

Stop me if you've heard this before: "Can you put in a button...?"; You put in the button, but they're not happy. Few things can make delivery or a sprint review more painful. I'll share some war stories of how I was blindsided by this, and how I learned to ask the questions that told me how to solve their problem. I'll tell you what's going on, show you some red flags to look out for, and give you some strategies to get to what they really want. You'll take home new tools to delight your end user and new skills to advance your career.

In this soft-skills talk, I'm going to share the experience and knowledge gained in my journey from newbie to leader of a worldwide distributed team. I'll talk about ways to setup your schedule, keep tabs on projects, keep developers engaged, and most of all; your boss or clients happy. We will talk about strategies and tactics for handling issues within your team and identifying them before they even become a problem. Most importantly, I'll cover ways to scale and structure your team(s) and processes for all of them to work together in a productive manner. I've been running a freelance software development shop for over a decade. I've also assembled both local and remote teams many times over in companies of all sizes in my 20 years of software development as CTO and Lead Dev. I want to share my experience with you all in this tell-all talk. I was remote before the pandemic so I've been doing this before it was cool. ? We will cover industry treads, resources, and other things you can do to improve your remote teams processes. I invite both developers and managers to join this one as I'm sure you'll have some take-aways to bring back to your company.

As a child I saw that my obsessive interest in computing could possibly result in great wealth one day. My child self saw how money could corrupt so I put out a prayer to the universe: That if I ever made a lot of money in computing, that I wouldn't let it go to my head. Fast forward nearly three decades and that echo from the past landed right in my lap. This is the story of what happened on that fateful day when I turned down a million dollar promotion, the whirlwind that followed, and the true richness in life that I have found.