PHPBenelux Conference 2019
25 - 26 Jan 2019 at Ter Elst

An interesting little technique that deserves some explanation, a bit of training, and lots of fiddling: Value Object design. In this workshop I’ll introduce you to the concept, and provide you with plenty of exercise material, so you can learn to model domain concepts in a meaningful and useful way with Value Objects.

Everything starts to be an API today. Unlike web interfaces APIs can’t be tested manually, by hand. So there is no other option than writing automated tests. Codeception provides the best set of tools to test REST effectively: data checks, structure checks, deep integration with frameworks. Come to this tutorial to learn how to make stable APIs with tests. In this session we will cover: Using REST module with PhpBrowser or a framework of choice Testing data structures with JSONPath and JSONType Authentication in tests Managing test data Extending Codeception to validate responses with JSONSchema or Swagger

3

Web development is not just about delivering a response. It is also about writing good code. The state pattern will help you move complexity from being all over your code to one or more state machines. This talk will introduce state machines, show how to identify uses of them and implement them in your Symfony application in an object oriented manner using the Symfony Workflow component. Important: This is not a workshop where you’ll be just listening in. You will actually have to do some work and have to do some thinking.

Kubernetes, the flagship project from the Cloud Native Foundation, has become the de facto standard for running our container workloads. Unfortunately, Kubernetes is a fast moving, ever evolving, sea of complexity. From Pods to Deployments, ConfigMaps to Secrets, and PersistantVolumeClaims to StatefulSets; this workshop will get you on-course. In this workshop, David will walk you through a series of labs that will teach you everything you need to know to take your container based application and deploy it as a self-healing, redundant and resilient application on top of Kubernetes. Let’s set sail.

Automated testing is an incredibly useful tool for any developer. From emerging design with unit tests to preventing regression bugs with acceptance tests, getting a computer to run tests instead of testing manually is a huge step forward and saves vast amounts of time. Where do you start with automated testing? It’s an intimidating topic and can be confusing to understand what all the techy speak means, let alone how you get going. But writing automated tests shouldn’t be difficult, and can and should be part of your daily workflow once you understand exactly what to test, and how to test it. In this workshop, we’ll introduce WHY and HOW you can get started with unit and acceptance tests, and touch on integration testing. By the end of the workshop, you’ll understand how you can leverage automated testing in new and existing projects, and be ready to save time and energy when developing.

One of the challenges we face on a day-to-day basis is getting the right and correct information from our product owners or clients. This can be both frustrating and decremental to the velocity of your team. No one likes to work on features that when delivered someone says “well… that wasn’t exactly what I had in mind” But now we have Stickies! So many stickies! It’s a whirlpool of stickies, what is this madness? In this interactive workshop, we will explore all the facets of Event Storming as a modelling technique to get a clear and precise mental model of how a feature is supposed to work, all using the power of stickies! As we go through the user story, we’ll explain the different types of stickies, why they matter, and show why EventStorming is such an effective format.

1

Idea behind commands is to encapsulate all of the information needed for an action: making our domain less fragile and simple. Event pattern help us decouple code and make it easily extendable: without modifying user registration process we can easily add more features like send ‘welcome SMS’ or ‘notify support to check new user’. You will be building a small app using commands and events and you’ll see how nice and cool it is!

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You’ll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites. All the sites will be run locally inside docker containers so don’t worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

Tutorial lunch (tutorial tickets only)

Welcome & Introduction

25 years of PHP

7

The PHP community is rich with self taught developers from a wide variety of backgrounds because, thanks to efforts from that same community, it is one of the most accessible languages ever created for developing on the web. As a result, many of us are well into our professional lives before we integrate computer science concepts, like algorithms, into our knowledge base. This talk will look at several such algorithms, what they are useful for, but also their limitations and how we can use a clear understanding of the real world context in which we’re using them to create code that performs and serves our users better than the algorithms alone could manage.

7

Are you searching unstructured data or text fields? Do you need to aggregate and summarize your geo, financial, or other numeric data? Do you want to query your structured data in new and exciting ways? If so, Elasticsearch may be right for you. Let’s explore the many ways you can ask questions about your data and have it make sense to you and your users. We’ll sort through millions of rows in milliseconds and give you tools to take your data analysis to the next level. You will learn how to use PHP libraries and basic RESTful API calls to store, search, and aggregate your data.

3

Webpack is the fundamental building block of all modern Javascript application frameworks. While being flexible and powerful its plain configuration can be quite hard to understand if you just want things to “work like expected”. Symfony’s opinionated webpack wrapper “Encore” allows you to setup a flexible asset pipeline with 20 lines of code. This talk and its supporting git repo shows some of the concepts and ends up with a fully working Symfony 4 application utilizing a ReactJS frontend.

Fun with Timezones

1

Once upon a time, in a land not so far away, Adsdaq, a Brussels based company, was born in all its youthful glory. In the years since that fateful day, Adsdaq has grown from a modest three, to a more mature, international team of 13 developers. Although ours may not be a story of princesses, witches or dragons, the last 10 years have nevertheless been full of triumphs and battles, successes and failures, and most importantly, well-learned lessons that have helped us to grow and mature in our working process. The differences between working with or without Agile have notably marked some of our most important learning experiences, the most salient of which we would like to share with you. As such, this session is designed to illustrate how we have integrated Agile at Adsdaq in a way that has worked for us. It will cover the different steps we have taken (with their own metaphorical evil demons and brave knights, of course), the different tools and techniques (swords and magic wands) we have used along the way, and the ways we have successfully found to motivate our full team of developers (battle cry). At the end, we ideally hope that from our story-telling, you will be able to bring some of our lessons back to your own company in order to improve the results along your own Agile adventure! https://medium.com/@gerbrand.colombier/our-agile-transition-at-adsdaq-f823b2a7f55a

Friday afternoon break

Ever been to a conference, get inspired, try to bring what you learned back to the office, only to be stymied by co-workers who aren’t interested in rocking the status quo? It turns out that people tend to resist change in patterns, and like any pattern they can be overcome by using other people’s experiences with those skeptics. This session will teach you how to identify the skeptics, how to counter them, and give you a strategic framework to convince your whole office.

4

How does Doctrine talk to your database? What are Unit Of Work, Identity Map and Proxy? These are the questions I want to answer in this talk. We will look at how Doctrine ORM implements these patterns, why and most importantly why you should care about this. Have you ever wondered why Doctrine makes queries when you didn’t expect it? Did you encounter a “A new entity was found through the relationship”-error and just randomly tried things until it works? You are not alone! Let’s look behind the curtains of Doctrine and figure these things out.

5

Data privacy is a hot topic due to the high value of data making it a target. HaveIBeenPwned is getting data at least weekly. What would happen if your data appeared on there ? How can you protect yourself from a serious breach ? With GDPR in effect fines are now very serious! PHP 7.2 has encryption built in, learn how to use that to ensure your data stays safe while maintaining database performance.

Uncon

Unconf talk

12

Message queues are the perfect way to decentralize your application. You may use them for communication, scheduling and decentralization of your application. With help from a message queue you may decouple your application from the framework and the infrastructure. Which means that your app is written in pure PHP and not Symfony/Laravel/Yii etc. With some smart configuration on your message bus you may put the message queue outside of your application and you may leverage from a decentralized and asynchronous system. This talk will quickly go throw the basics of queues, hexagonal design and show proof of concept with Symfony’s new messenger component.

MySQL can now be used as a NoSQL JSON Document Store without the need for embedding ugly strings of Structured Query Language in your beautiful PHP code. The CRUD functions follow modern programming designs and are the same across all the supported languages (Node.JS, Java, C++,Python, JS, and PHP) and the protocol greatly reduces the threat of SQL injection. Oh and all this also works with good old SQL tables so you get the best of both worlds. Slides at https://slideshare.net/davidmstokes

3

We always start with the best intentions when we create a new project. But over time we might end up with parts of our code that are hard to read or/and understand. Here we will take you through a series of exercises you can apply to your day to day coding. These should help you to end up with more readable code. Also in the second part we will talk about some best practices, when incorporated will give you improved code and readability. And to end there are other factors to take into account, people will use or abuse your application and there are external tools to help you with that. When done we should have some idea how to incorporate the tricks in our day to day programming tasks.

Uncon

Uncon

10

Microservices are the latest architectural trend to take the PHP community by storm. Is it a good pattern? How can you use it effectively? In this talk, we’ll explore real world experience building out a large scale application based around microservices: what worked really well, what didn’t work at all, and what we learned along the way. Spoiler alert: we got a lot wrong.

6

Generators, which have been around since PHP 5.5 and got a lot better with PHP 7, take a lot of the angst out of asynchronous programming in PHP. In this talk I’ll explain the basic concepts that you’ll need to grok generators, then apply our new-found knowledge to turn an I/O-bottlenecked web app into a concurrent, performant one via the AMPHP family of libraries.

0

No matter the size of your team most of us developers work with users or stakeholders to develop project requirements. Making your way through competing requests to get to a good design takes a lot of time and skill. In this talk Derek will use what he has learned as a parent and humorously apply it to product design and requirement gathering. You will learn about effective methods for getting agreement on product features and interface design. You will learn about ways of discovering what stakeholders really need to ensure delivery of a great product. These are valuable skills that can help you create better applications, become more valuable to your team, and advance your career. You might even pick up a parenting tip or two.

Unconf Talk

Friday night social

Unconference

7

PSR-18 defines how to send PSR-7 requests without binding your code to a specific client implementation. This is particularly interesting for reusable libraries that need to send HTTP requests but don’t care about specific client implementations.

9

Event sourcing is often explained in theory. Starting out with event sourcing is hard, initial investments are difficult and unclear. Let’s take a different approach and look at the code. In this talk we’ll see how small and simple event sourcing can be. This way we can start out writing event sourced code responsibly. By combining high-level concepts with concise implementation examples we’ll gain a solid understanding about what it takes to make use of this exciting technique.

2

When you want to guarantee code quality, do continuous deployments or any other automation you will need a good continuous integration server. While there are many great (hosted) solutions like TravisCi, CircleCi, etc … when it comes to **full control** or the need for private hosting, **Jenkins** is the right candidate. However, Jenkins could be known to be hard to learn and to configure. But what if you could automate all that complexity via some **easy scripting**? We are developers after all ;). This talk will give you an introduction on how to automate the setup and the configuration of your CI whether you are still using the old fashion way (freestyle jobs) or the newer recommended way (Pipelines). Some examples that will be covered: – Auto setup jenkins with plugins, credentials, … – Generate jobs per branch fetched directly for your VCS (Bitbucket, Github, …) (the old fashion way) – Arrange your jobs in folders – Make reusable DSL functions – Using conditionals (e.g. master => should deploy if build successful) – generate (multi branch) pipeline jobs with, optionally, fully integration with Bitbucket or Github

11

Working effectively with legacy code isn’t all about creating test harnesses before refactoring algorithms. The “safety first” strategy doesn’t always apply. Not if the code you’re looking at is LYING IN YOUR FACE anyway. In this talk I’ll show you what brutal refactoring is. I’ll show you the red glowy eyes of the Churn. And I’ll hold up some big warning signs that should prevent you from producing legacy code today. Table flips allowed.

1

As people carry out more of their daily interactions online, giving them the best experience possible is our key focus as web software engineers. One way we can do that is providing views which can update dynamically as information changes – train times that adapt to delays without a page refresh, new comments on social media items engaging users by appearing in real time, bids on ecommerce websites updating as the market changes. It’s not just chat apps that can benefit from real time components. Websockets allows a persistent 2-way connection between client and server that you can use to adapt faster to changing data. WebRTC provides a universal API for two browsers to establish a direct link, no servers involved (sort of ) to stream audio, video or files direct. In the talk we’ll walk through where these real time services come from, and what you can use them for. We’ll look at client and server side APIs, including the popular PHP event library React and PHP Websocket client Ratchet. We’ll drill into the difference between 2-way interactions and existing so-called dynamic web technologies like AJAX, and explore how real-time event based protocols could take on a lot of what we presume only HTTP can do. Finally we’ll see some common pitfalls when integrating both Websockets and WebRTC into your own applications, including monitoring, logging and 3rd party tools.

Docker is a tool that allows you to package your application up into a single-runnable, distributable, binary; which is great for deploying your applications to production … but what about local development? Allow me to introduce you to Docker and it’s fundamentals, before quickly moving on to crafting great development environments, with Docker Compose, that encapsulate your non-PHP dependencies: such as MySQL, PostgreSQL, Elasticsearch, and more. You’ll walk away from this session with the knowledge to write your own container based workflows, for development and production; so be prepared to throw away your Vagrantfile’s when you get back to the office.

Saturday morning break

3

Go Deep into the Rabbit Hole and Enter a Wonderland of Possibilities with Aspect Oriented Programming Aspect Oriented Programming (or AOP) is a programming paradigm that allows objects to be built containing just the business logic of an application, with cross-cutting concerns such as logging, caching or transaction management maintained independently. Sometimes referred to as the Interceptor Pattern, these cross-cutting aspects are applied to the application code automagically only at run time. It sounds like a wonderful concept, but there are drawbacks and dangers as well. For those willing to accept those risks in their code, AOP can open up a whole new wonderland of possibilities, but for many it’s a form of magic. There are developers that dislike any form of “magic” in their code, for whom even PHP’s built-in magic methods like __get and __set() are anathema, and for whom closure binding is a forbidden alchemy: the dark voodoo of AOP is certainly not something for them. But for those who are prepared to embrace its sorcery, AOP is the route to a wonderland of new possibilities. So shall we enter the rabbit hole and see what lies within?

Kubernetes is very powerful in orchestrating where your services are running, but building docker images, writing and updating all the necessary YAML files and applying them to your cluster can still become an annoying maintenance overhead. In this talk you will learn how to create a fast, low friction development workflow with Kubernetes and tools like Telepresence and Forge which enables you to quickly and safely build, test and deploy your services.

Some languages (C, C++, Go, Java, C#, …) requires compiling your whole code base before being executed. This could be seen as a counter-productive required step, taking time and that must be performed for any single code change. It has, however, the benefit of analyzing the whole code and may not complete because of many different kind of errors: insufficient number of arguments, wrong types, unknown methods/classes/constants/…, undefined variables, … In PHP, you may have the bad surprise of discovering those at runtime. Phan is a static analyzer for PHP that can bridge that gap by analyzing the complete abstract syntax tree (AST) generated from your code, without having to execute any parts of it. In this session, we will see the kind of errors that Phan can detect, and how Phan could be extended with plugins.

Unconference Talk

3

Unconference

Saturday lunch break

4

What’s the difference between service location and dependency injection? Why is this dependency injection thing such a big deal anyway, and how do you use that tool correctly? I’ll answer these questions and more, including real-world examples of refactoring an application toward the more explicit, testable, closer-to-SOLID applications.

1

Integrating multiple API endpoints into a single application can be challenging. In this talk I will go over a lot of problems and how the can be solved. Going from easy authentication to locally caching calls via middlewares and using webhooks (or callbacks) for notification, this talk covers it all (or at least tries to).

When we are asked to identify ourselves in the real world, we show our ID cards. We trust it because it is issued by the government. Can we build a digital ID card based on the same principes, that we can use to authenticate users in our applications instead of relying on cookies and sessions? Spoiler alert; we’ll talk about micro services, cryptography, JSON Web Tokens and OAuth2.

Unconference Talk

Unconference

It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right. A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers. In this talk I’m going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

This session will explore various setups and case studies from my attempts at hosting sites used by global audiences, from Packagist to Teamup, a calendar web app used around the world. There are many ways this can be achieved with different levels of success, budgets and global-ness. The talk will touch on Terraform, AWS, global DNS resolution and CDNs amongst other things.

REST API modeling may be hard, using and supporting large collection of APIs is even harder. GraphQL is a answer for some of these problems. It’s a query language for APIs which provides complete description of your data and gives clients the power to ask for exactly what the need in a single request. In this talk you will learn about GraphQL concepts, differences between GraphQL and WSDL/SOAP/REST/etc and how to add it to your existing stack.

Unconference

Unconference

Saturday afternoon break

5

How do I know if my program will perform well in production? What does it mean to “perform well”? How much memory will it need? How much traffic can it serve? Are there any memory leaks or race conditions? What part of processing takes up most of the time? Can I optimise it? Every developer should be able to answer those questions about their code. But most of us don’t bother. Why? Because analysing performance is hard and as a result it is often skipped in the development process or ignored until things get really slow. Or we may simply not know where to start. Writing efficient code is a valuable skill that takes time to learn. Being able to analyse performance can not only prove that our code is efficient and safe to run in production, but also teaches us what to avoid next time. It may seem daunting at first, but with the right tools at hand it is a highly rewarding process. In this talk, we will analyse and optimise the performance of a simple PHP application. By demonstrating how to use some of the excellent open source projects such as xdebug, xhprof or php-meminfo, I hope to give you a good idea of where to start with analysing and optimising your PHP code.

5

“The Mythical Man-Month” is one of the seminal books in the field of software project management. It was written in 1975, based on experience from the 1960s. Is it even still relevant? Turns out, it is. Technology may have changed dramatically but people have not. Managing software projects is about managing people, not bits, and creative people engaged in intellectual endeavors are notoriously hard to predict and manage. (Just ask my project manager.) Fortunately, many of the lessons-learned Brooks’ presents are still relevant today. Some are directly applicable (“adding people to a late project makes it later”) while others are valid with a little interpretation. Still others fly in the face of conventional wisdom. What can we learn from that? This session will present a modern overview of the ideas presented by Brooks and a look at what we can still learn from them even today.

6

Every PHP application needs its policy about tests. What is important to test, what is not, at which levels should a feature be tested. As we think of application architecture before writing a single line of code, we should think of a test architecture before implementing tests. From this talk you will learn: how to transform business expectations to tests using ATDD and BDD approaches how (and why) to incorporate all testing levels (acceptance, functional, integration, unit) how to prioritize tests how to write stable tests that won’t be the stick in the wheel how to deal with test data how to decide, should it be unit or integration test how to choose the type of a test

Unconference

Unconference

Raffles and closing

Post conference social