PHP Serbia Conference 2019
24 - 26 May 2019 at Belgrade

Version 7 radically changed PHP’s position in the context of performance and sparked considerable renewed enthusiasm around the language. With the ever-changing technology landscape, we’re not sitting idle in the development team – and are already hard at work on new technologies and capabilities that will keep PHP as the technology of choice for years to come. In this session, we will tell the story of how PHP 7 was conceived and the impact it has on the PHP space, as well as provide a glimpse into some of the research projects that will likely make it into the next major version of PHP, designed to ensure PHP stays relevant with emerging technology paradigms.

5

Where are your credentials and secrets stored? In .env files or in environment variables, or even worse in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers? If your answer is "Yes" to one or more of these questions you probably haven't heard the term "secrets management" In this talk we will look into managing secrets in development and operations, and expose the problems related to them. I will give you an overview of the current state of techniques to mitigate these problems and we'll take a brief look at how an open source tool like Hashicorp Vault can provide a solution to managing secrets in the years to come.

More and more web applications add real-time functionality like chats or collaborative editing. This is being done by making use of WebSockets. In this session, I will show you how the technology works, how to make use of WebSockets in your web applications and how to create your own WebSocket server written in PHP.

The Big Ball of Mud is the most serious problem I see in the majority of the code bases I look at. But why do we keep falling into that trap? What are the root problems behind it? How can we avoid, escape, and stay out of it? In this talk, you will learn about the architecture mental map I use to answer these questions. We will briefly revisit a few established software development and architecture ideas and see how you can put them in your service to help keep the mud out of your application. The main topics of the talk are: The Big Ball of Mud problem Overview of DDD, Hexagonal, Onion, Screaming, Clean, CQRS How to organise the code base to reflect architecture boundaries How to maintain the architecture boundaries

The web is changing every day and it's so hard to follow and implement all the new and fancy stuff that is being built. Cool new frameworks, libraries, methodologies and new approaches to solving problems. Usually is not that easy to deprecate some old technology and migrate to the new one. There are not many developers that still want to work with Angular 1 or Backbone and moving to something new is becoming necessary. If this sounds familiar to you, then this talk is for you! There is an innovative way to migrate from the old technology, to change the applications step by step and to implement all new things that the cool kids are using. This is the story of Micro Frontends, a microservice approach to the modern web, the story that will change the way you look and develop your apps!

3

We all know not to poke at alien life forms in another planet, right? But what about metrics, do you know how to pick, measure and draw conclusions from them? In this talk we will cover various Site Reliability Engineering topics, such as SLIs and SLOs while we explore real life examples of defining and implementing metrics in a system with examples using Prometheus, an open-source system monitoring and alert platform, to demonstrate implementation. Let's get back to some real science.

Many Git users tend to use Git as a save point, like in a video game; chronologically making checkpoint commits as they go. This spreads out changes to the same areas in the code over several commits, necessitates merging and resolving conflicts, and generally just making an incomprehensible jumble of your history. This talk makes a case for atomic commits and how to use them while only minimally affecting your workflow. Using pre-recorded demos, you'll learn how to properly interactively rebase, fix up, reset, bisect, and more. By the end of the talk, you'll have seen how this Git flow will make your life easier and how it will affect your ability to cherry pick, drop unwanted commits, and most importantly: not spend hours resolving conflicts in rebase hell. A little change in habits can go a very long way!

What if I told you that you don't need a 100% code coverage? Compiled languages need to know about the type of every variable, return type of every method etc. before the program runs. This is why the compiler needs to make sure that the program is 'correct' and will happily point out to you these kinds of mistakes in the source code, like calling an undefined method or passing a wrong number of arguments to a function. The compiler acts as a first line of defense before you are able to deploy the application into production. On the other hand, PHP is nothing like that. If you make a mistake, the program will crash when the line of code with the mistake is executed. When testing a PHP application, whether manually or automatically, developers spend a lot of their time discovering mistakes that wouldn't even compile in other languages, leaving less time for testing actual business logic. There are several static analyzers available for PHP that substitute the role of the compiler from other languages. By finding bugs without even having to execute the code, they can save a lot of effort that'd be spent on tedious writing of boring unit tests. In this talk, I will share tips and tricks on how to structure your code to maximize benefits from using a static analyzer. You won't stop writing unit tests, but you will focus your efforts on areas where they count the most.

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users. You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!

3

Want to find out which pieces of your site break down under load first, so you know how you'll need to scale before your systems catch fire? Load testing answers this question, and these days you can simulate full user behavior in a load test, rather than merely hammering a single endpoint. In this talk, we'll go through a number of conceptual points that you won't want to miss in order for your load tests to perform their intended purpose. Then we'll jump into implementation details, using the K6 load test tool to build a load test that exercises an application in a way that's similar to what we'd see in real life. Thanks to mCloud.rs for the VMs I used in this presentation!

5

Me and my little brothers 'else', 'elseif' and my bigger sister 'switch' are most likely all over your codebase. Often we make your code harder to read or even difficult to understand. And don't get me started on testing, we cause this thing called Cyclomatic Complexity, and I've been told that's bad. Sebastian will show you that me and my siblings are similar but not equally bad even on a op-code level. He will show you some elegant and effective ways to get rid of us and make your code more comprehensible and easier to test. You want to understand the complexity metric, how it affects you and supports you to write more readable and maintainable code? Don't miss this talk.

PHP has evolved massively since its first days, and it's on the road to a full-featured language. However, at the same time, there is a lot of outdated information and libraries with poorly written code. This talk is about writing PHP Code that is: safe, robust, maintainable, and optimized for the reader. We are going to cover a set of rules, that if you follow them; they will get you on the habit of writing code well. Get ready for a 20 to 35 min live-coding session, where I go through practical examples. You will learn how to design classes, how to think about your API to prevent breaking changes, and discover concepts around method design, naming, error handling, and much more.

Serverless and its "functions as a service" promise us cheap and scalable applications. What is it like in reality? And how to merge the mature PHP ecosystem with these new architectures and tools? Where do HTTP and CLI applications fit in all this? How about Laravel and Symfony? Let's explore those questions and illustrate the answers with case studies and "Bref", an open source solution for deploying PHP applications on AWS Lambda.

We are all aware that 'senior' has different value and meaning from company to company, lets try to lay some foundation: ideas, concepts, terms & expectations that are generally expected. Idea behind this panel is to have a whole harted discussion and ask from panelists to share their lessons, stories, experiences & opinions. We are open to questions and comments, all you have to do is raise your hand and wait for microphone! Panel will be moderated by Miro Svrtan, and panelists are: Juliette Reinders Folmer, Rafael Dohms and Milan Popovic.

10

So you think you know PHP? But do you really? We all compare and test data on nearly every other line in our code, be it input validation, an if-statement, a switch or determining what to display and how. So of course we are all experts on how to do these tests and comparisons. Or are we? No matter whether you are a beginner or an expert, come and join in the fun for the Big 'Why equal doesn't equal' Quiz, test your knowledge and learn about defensive programming and the quirks of a loose type programming language along the way.

The talk goal is to try to understand the direction frameworks and PHP are heading to and how that's connected with the business needs, developer needs, web trends and more. Hope there will be less questions like "what should I learn" or "what framework should I use".

PHP has its own treasure chest of classic mistakes that surprises even the most seasoned expert: code that dies just by changing its namespace, strpos() that fails to find strings or arrays that changes without touching them. Do that get on your nerves too? Let's make a list of them, so we can always teach them to the new guys, spot them during code reviews and kick them out of our code once and for all. Come on, you're not frightening us!

4

Today it's crystal clear why we need unit tests. Even integration and acceptance tests are quite common. However, none of these tests is generally run in a production environment. Well, are you sure that your web pages are working in production after your newest feature was deployed? Discover SmokeTests (as well called sanity or availability tests) and why every web development team should have them set up. You'll learn how easy it is to set them up and how to run them. During the presentation, there will be code examples based on the open source library DjThossi/smoke-testing-php available on GitHub. The library got build for making it easy to run SmokeTests and start testing old and new projects within a couple of minutes.

Symfony4 is here and it is better than ever. With Flex it can be a micro framework and an amazing beast with any feature you want. What changed from version 3, what are new best practices, what are new components and why Symfony is moving PHP world forward once again you can find in this talk.

While many people describe themselves as framework X or Y developer, trends that has been driven by job adverts as well, being a good developer is mostly accepting your tool does not create your value. Speaking of framework agnostic development, showing similarities and interoperability between the major frameworks, Thomas is aiming to demonstrate how software architecture and a good understanding of programming paradigms are more important that knowing the syntax of the tool you are using, unless you want to do some Rapid Application Development.

Still think browsers are only capable of parsing HTML, CSS and JavaScript? Think again! Browsers have become much more powerful and contain numerous APIs that can enrich the user experience or are just plain fun. This talk will introduce you to some of them (like Bluetooth, battery, speech, audio, location, ...) and show you how easy it is to unleash their power with JavaScript.

5

So you did a great job with your website and now your customers want to get into contact with you. They actually want give you their holy grail and apply for a login. And that's where it usually starts to go south. So many things can go wrong with a registration form that your customer doesn't really feel welcome or safe. In this session we will debug a few real-life examples from a user-experience Point of View. By analysing that we will find ways to make the first contact of a user with our application a better experience. And you don't need to be a coder to see why and how to improve your next registration form.

Being a Lead Developer is a fun, interesting and responsible adventure. Becoming one is not something that happens from one day to the next. It is something that you grow into by raising your voice, taking action and responsibility. I've learned many things working as a Lead Developer, but I'd like to share 6 things, which were the most important for me.

3

This talk is for developers who want to know how to debug their code in a better way, through single step debugging, profiling, and simpler debugging tools. Xdebug is a PHP extension that implements many debugging aids and features. In this presentation we are going to look at this new version of Xdebug 3. The new version is a near total rewrite, and brings many improvements over its older releases. You will learn how to optimally use the new features and settings to make your development life easier. Besides introducing the redone functionality, we will also have a cursory look at how these features are implemented, just to provide a better understanding of what a debugging extension, can, and cannot do.

2

Kubernetes is a very powerful container orchestration platform that is quickly gaining traction and gives you lots of benefits in deploying, running and scaling your microservice web application. But it has also a steep learning curve. In this talk I will introduce you to Kubernetes, and show you, based on a practical example, how to continuously deploy a web application into it.