php|tek 11
24 - 27 May 2011 at Sheraton Gateway Suites O’Hare

good presentation. Lets me know that I need to get back to studying computer science!

Great talk. Good overview of the dispatch loop and action hook points. Really helped to enforce the best practices of good ZF app development.

Great pacing. Each section seemed to flow naturally into the next. The demos worked great and Ivo was very well prepared. The content covered a broad range of what mobile development is.

I disagree slightly with johnkary with regards to shortening the "Signed URLs" portion. Having listened to Ivo talk for an hour just about security, I think he stayed fairly high level on this. Also, clock skew is a tough issue, but I think preventing replay attacks is crucial for an API that's not using https. Perhaps there's a better implementation?

Great intro to streams and sockets, and I really enjoyed learning more about filters.

This presentation was a great extension of Elizabeth Marie Smith's "Streams, Sockets and Filters – Oh My" session given last year at Tek.

a well orginized discusson on what is, what is not a design pattern and how to implement a catalog of design patterns for PHP.

Zend Framework is a lot less scary - and makes a lot more sense - now.

Rob, great talk! It was very informative even with the feedback loop :)

I missed the link for the slides can you pass that along?

Very good presentation, and a great primer for dealing with mobile applications as a PHP developer (and web developer in general). Ivo was very well prepared and you could tell he put a lot of thought and work into it. His examples were great, and had a lot of them.

I'll agree with johnkary, probably less time can be spent more on signed urls, and perhaps more on demoing some of the different testing methods. But overall, very worth while, and Ivo definitely knew his stuff.

Great overview of a lot of resources a developer should be concerned with when targeting mobile. 75% of this talk could have been given to a developer that doesn't know PHP and it would have still been worthwhile.

I did feel you spent too much time on the "Signed URLs" portion. A shared secret is a pretty basic security concept that many people have probably seen before if they know how to prevent CSRF. I would suggest removing the advocating for adding a timestamp to the secret because it is very common for server/client to have out of sync clocks. Not to mention added latency for unreliable cell networks. Yes, like you said, you could compensate for drifting clocks, but I don't think the logic to compare them adds equal benefit.