PHP Developer Days 2018
21 - 22 Sep 2018 at Maritim Hotel & International Congres Center Dresden

Enjoy some coffee before it get started.

The PHP USERGROUP DRESDEN e.V. introduces the conference workshop day.

2

Developers still hesitate to include writing tests in their everyday routine. There are numerous excuses, myths and misconceptions around: “they slow us down”, “we’ll never achieve 100% code coverage, so why bother”, “takes too much time to learn testing, we’re better of writing business logic instead”. When we get to the topic of writing tests first, the debate becomes even more heated. In real world, where you get paid by code that ships, developer strive to write the most efficient tests possible. To cover mission critical code. To quickly decide whether writing a functional test or series of unit tests is the best approach. Let us learn together how to use phpunit and TDD in most efficient way possible, for extraordinary results. This workshop is for developers who start their projects by drawing model of the database first, developers who are overwhelmed by number of testing tools or don’t know where to start and developers who simply want to level up their game.

Domain-Driven Design, CQRS and Event Sourcing. Big words that obviously require an equally big tech stack to be applied - with bleeding edge frameworks, lots of tools, and a complex infrastructure to run it all. Or not? In this workshop, we will create a solid, event-sourced web application from scratch. We will not rely on any framework or libraries to really get to the bottom of things. Make sure to bring your laptop!

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You'll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites. All the sites will be run locally inside docker containers so don't worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

One of the challenges we face on a day-to-day basis is getting the right and correct information from our product owners or clients. This can be both frustrating and decremental to the velocity of your team. No one likes to work on features that when delivered someone says "well... that wasn't exactly what I had in mind" But now we have Stickies! So many stickies! It's a whirlpool of stickies, what is this madness? In this interactive workshop, we will explore all the facets of Event Storming as a modelling technique to get a clear and precise mental model of how a feature is supposed to work, all using the power of stickies! As we go through the user story, we'll explain the different types of stickies, why they matter, and show why EventStorming is such an effective format.

It's time for a coffee, isn't it?

Enjoy the meal.

This workshop is a necessarily short introduction to the work of a pentester. We will consider ethical issues, legal requirements, learning environments, tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.

As PHP developers, our job is to build web applications. But how can we build applications that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work? In this tutorial, we walk through the basics of networking, before diving into all the essentials every PHP developer should know, from TCP/UDP over IP addressing (IPv4/6), source/destination ports, sockets, DNS, switching, firewalling and even more advanced protocols such as OSPF, VRRP and BGP. Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.

It's time for a coffee, isn't it?

It's socializing time.

Enjoy the meal.

Enjoy some coffee before it get started.

The PHP USERGROUP DRESDEN e.V. introduces the conference day.

Over the years, the PHP community has enjoyed an increase in events. This has given us more choice than ever over what we attend. At the same time, some of our favourite events have come to a close. As the community recalibrates, needs have changed and events are repeatedly being challenged. Organisers are burdened with finding the solutions, but is there a way for us all to help? With change comes an opportunity for growth. This is our chance to grow richer and stronger as a community.

It's time for a coffee, isn't it?

4

We all know not to poke at alien life forms in another planet, right? But what about metrics, do you know how to pick, measure and draw conclusions from them? In this talk we will cover various Site Reliability Engineering topics, such as SLIs and SLOs while we explore real life examples of defining and implementing metrics in a system with examples using Prometheus, an open-source system monitoring and alert platform, to demonstrate implementation. Let's get back to some real science.

5

Help my client is complaining some parts of the application are slow. Now what? Profiling! What is profiling and how can we measure the performance of our application? There are several tools we can use. Once we have the tools, how do we approach profiling. What to look for. And caveats to avoid when profiling. To finish up, we should avoid that our client is complaining about performance, how can we pro actively use profiling to improve our application. When finished we will end up with a nice toolbox of profiling tools and good ideas how to do profiling and avoid some common mistakes that might distract you from the real opimisation.

5

The new Abstract Syntax Tree (AST) in PHP 7 means the way our PHP code is being executed has changed. Understanding this new fundamental compilation step is key to understanding how our code is being run. To demonstrate, James will show how a basic compiler works and how introducing an AST simplifies this process. We’ll look into how these magical time-warp techniques* can also be used in your code to introspect, analyse and modify code in a way that was never possible before. After seeing this talk, you'll have a great insight as to the wonders of an AST, and how it can be applied to both compilers and userland code. (*actual magic or time-warp not guaranteed)

4

Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this talk I will introduce you to Kubernetes, why you would want to use it and all the tooling around Kubernetes with the help of practical examples.

Enjoy the meal.

3

You've got strange characters like "�" or "ö" display in your application? Yes, handling non-English characters in application code, files and databases can be a challenge, to say the least. Whether that's German Umlauts, Cyrillic letters, Asian Glyphs or Emojis: It's always a mess in an international application. In this session you will see why that is and how handling characters evolved in computing. You will also see how handling characters in applications and databases can be done less painfully. And don't worry when EBCDIC, BOM or ISO-8859-7 are Greek to you and your Unicode is a bit rusty: we'll have a look at them too!

To survive in a competitive market, a software team must be able to deploy new versions of their application as frequently as possible, delivering new features, improvements and bugfixes for their users and stakeholders. Deployments should not be limited to a certain time or to a certain number, otherwise they become a bottleneck for the development process. To avoid disruptions when frequently deploying new versions, developers must adopt a set of practices and workflows that allow changing the database schema in production without users even noticing. As a result, the development process becomes much more safe and smooth. I will also talk about zero downtime deployments. They are less about development practices and more about deployment automation and webserver configuration. Some tips might even make your application perform faster!

3

Largely ignored under PHP5, the SPL (Standard PHP Library) offered a powerful toolbox for developers, ranging from it's horrendously named collection of Iterators, and a series of Interfaces allowing us to build our own, to DataStructures, and Object Oriented file handling classes. Fast and powerful, the SPL provided a stable and well-tested library of classes and functions. But with all the performance and memory improvements of PHP7, SPL has remained unchanged, and feels like it has been left behind. Now, Generators provide a simpler replacement for writing our own Iterators without all the boilerplate code that SPL's core Iterators require, especially with the introduction of "yield from" in PHP7 for recursive Iterators. And PHP7's performance improvements allow us to write our own Datastructures (based around standard PHP arrays, or custom objects) that are as efficient as SPL's basic Datastructures. So does SPL still have any purpose or value in this new world of PHP7? Let's find out!

3

Modern web applications or apis often handle heavy load tasks, requiring intense disk i/o or complex database queries. I will demonstrate how and - more importantly - why such operations should be processed asynchronously. We will be comparing a few messaging/queuing libraries and cover some of the most common pitfalls and obstacles developers face when implementing asynchronous processing and face long running php processes for the first time.

It's time for a coffee, isn't it?

2

GitLab turned into a DevOps lifecycle platform instead of being "just" a web-based Git repository manager. In this session I'll guide you through the process of setting up GitLab and GitLab CI. You will learn some insights on how to configure a GitLab build via the .gitlab-ci.yml file. Together we will take a deep dive into the GitLab CI build pipelines to build and deploy docker containers to your dev, stage and production environments.

Practical lessons learned while revamping a US airline website to resist huge Black Friday and Cyber Monday traffic values. Using HTTP status codes and PHP cleverly, we have made parallel requests possible, so that the user experience is greatly enhanced, and we pre-cache resource-consuming user searches. All on a solid PHP foundation.

Lightning talk track - chosen by attendees

Unconference talk selected by attendees

7

Mutation testing: better code by making bugs Do you test your code? What about your tests? Your tests are code, you need to write, refactor and maintain them. This is not cheap so how do you make sure you are testing enough but not too much? Discover Mutation Testing, a fun tool to make your code better by introducing bugs.

Lightning talk - chosen by attendees for the unconference

Lightning Talk chosen by attendees for the unconference

Some closing words to an awesome event.

You never sausage a conference. Sir Mampfelot will serve awesome creations of Hot-Dog after the conference. So grab yourself a bib and post-install your require-dev package!