php[tek] 2016
23 - 27 May 2016 at Sheraton Westport Chalet

Excellent coverage of the basic security concerns, I especially liked the process of thinking like the attacker.

I've had trouble dealing with OAuth, especially for non-web apps (in my case for PHPMailer), and while Joseph's presentation was clear and entertaining, I found it mostly confirmed my experience that OAuth is pretty hard! There is a great deal of complex terminology that there really isn't any way to avoid, so it's difficult subject to simplify - but Joseph made a very good effort to do so.

Great overview of thinking about the user during design. I would be happy to see this talk expanded to an hour with some detailed examples.

The talk was very much what it said on the box: a comparison of Angular and Backbone. The content felt rather dry, focusing on comparison charts rather than compelling reasons to adopt either framework. The Cordova component – one of the main draws for the talk – felt rushed by the end.

Splitting this into two talks might be more appropriate: one to determine which framework is right for different use cases, while the other would be something like "let's build a simple S.P.A. using X framework, then wrap it up in a Cordova application."

This talk should be required learning for any PHP developer dipping their toes into JavaScript-heavy applications. Eric was able to re-frame JavaScript from "it makes the icon bounce" by putting it in terms a PHP developer would understand, while showing off the power of this ubiquitous language.

Joe hit a great balance of the (platform-agnostic) responsive image problem and solutions, then proceeded to explain *how* he and others addressed this within WordPress core. This ensured the talk was accessible to both WordPress and non-WordPress developers alike, and Joe's narrative style invited those who *haven't* spent the last few years trying to solve responsive media problems to understand the challenges and solutions available.

Overall I thought this was a great talk explaining what OAuth2 is and how to implement it. The diagrams and code examples were great - very simple and to the point. Showing both the manual and library-based approaches were a nice touch.

The candy bar example was a nifty idea, but I don't know it was that effective. If you re-use this in the future, I'd suggest a few small adjustments:

1. Use other objects to represent the different tokens/codes being passed around. This helps enforce that they're different things with different purposes.
2. For data which is only passed directly between the app and provider, instruct those two demonstrators to make that exchange instead of doing it for them.
3. Ensure the escrow person is the only one with candy bars until the final step.

Changes like that will make it much clearer what is going on and how all the pieces fit together.

Otherwise I found this talk to be very informative. OAuth2 doesn't seem so scary and complicated any more!

This is the kind of talk that makes you and your personal technical accomplishments seem like mere drops in the ocean of progress that the world has made since 1969. Masterfully presented, poignant, and super inspirational.

Any talk where you get concrete examples and learn something real are sometimes hard to find. This talk was focused and demonstrated the value of a specific tool. Michael was clear and obviously well prepared. I just wish he would've talked more about PHP bench! Like how to run in production.

Good talk about OAuth 2 and how it works and how to make it work. Well done.