php[tek] 2017
22 - 26 May 2017 at Sheraton Atlanta Airport

This training covers the deployment of PHP applications, be it on a staging server, a production server, or a farm of production servers. You will learn how to set up a modern stack for operating PHP applications using NGINX, PHP-FPM, and FastCGI. The benefits of this setup include the ability to use different configurations for and versions of PHP for different parts of your application. PLEASE NOTE: This full-day training class takes place on Monday, May 22nd before the conference, our Training Day. A specific ticket to this class must be purchased separately from your conference registration in order to attend it. A lunch is included in the ticket price.

A full day crash course in web and PHP security practices that teaches you everything you need to know to begin protecting yourself from malicious users. This class covers the top web security attacks, how to detect them, how to protect yourself from them, and how to recover if you are breached. It also covers PHP specific security topics such as best practices for protecting user sessions and handling user logins and passwords. PLEASE NOTE: This full-day training class takes place on Monday, May 22nd before the conference, our Training Day. A specific ticket to this class must be purchased separately from your conference registration in order to attend it. A lunch is included in the ticket price.

Curious about what all this Laravel hype is about? Want to see rapid application development first hand? Tired of your old and busted PHP 5.2 framework? Join us for a full day of Laravel training. We cover everything from the ecosystem to getting local development to major features and even how to deploy to production. This class covers Laravel 5.3, application architecture, application testing, best practices, real-world implementations, and exercises to put what you learn into action. PLEASE NOTE: This full-day training class takes place on Monday, May 22nd before the conference, our Training Day. A specific ticket to this class must be purchased separately from your conference registration in order to attend it. A lunch is included in the ticket price.

4

Docker is quickly becoming an invaluable development and deployment tool for many organizations. Come and spend the day learning about what Docker is and how to use it. Discover how to integrate it into your workflow and build an environment that works for you and your team. This hands-on training will give you the kick-start needed to begin using Docker effectively. All attendees of this training will also receive a print copy of Chris Tankersley’s book: Docker for Developers to go along with their conference registration. This book will be delivered during the class. PLEASE NOTE: This full-day training class takes place on Monday, May 22nd before the conference, our Training Day. A specific ticket to this class must be purchased separately from your conference registration in order to attend it. A lunch is included in the ticket price.

Minority Report was a 2002 American science fiction film based in 2054 where police officers apprehended criminals based on foreknowledge. Machine Learning is foreknowledge; fantasy has become a reality. Attend this workshop to learn how to generate predictions you can use in your applications. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

2

Abstraction, encapsulation, polymorphism, and interfaces: whether you’ve been programming in PHP for years or are just starting your journey, these terms can be overwhelming. Not only that, people who already understand it act like it’s so easy and they talk right over the simple questions and never explain the basic concepts in a way that actually makes sense. Real life examples of object-oriented terminology in a way that makes sense and allows you to utilize OOP immediately. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

5

Test-driven Development (TDD) is still a subject all developers agree is a great thing, but never get around to actually doing it for many reasons. In this workshop, I use real-world business requirements on legacy code for which we need to fix bugs and add features, but we’re doing it in a TDD way. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

5

As PHP developers, most of what we write ends up in a Linux environment —whether a staging box, AWS or traditional hosting, most servers we work with run Linux. While we all know security is important, most of the time we focus on app security—data validation, XSS attacks, etc., and we don’t always consider the underlying infrastructure. This tutorial gives a hands-on intro to Linux security, allowing any dev to check and secure their stack, and protect their app at a much deeper level. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

This break allows everyone time to process, check email, step outside for some air, or continue an interesting conversation with a fellow attendee.

Join us in the Ballroom for some delicious lunch to keep you powered up for the afternoon!

5

Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands-on instruction in building an asynchronous application in PHP. We will build a Twitter bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you will learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

5

In this workshop, we will practice the technique of User Story Mapping to diagram the process. After we have fully fleshed out the details of the project, we will divide into small groups to match the stories to the objectives they solve. These groups will identify what work should be implemented first and complete the design of the user story map. As a larger group, we will talk about the ways our teams planned the work to be done and how they may have helped or hindered the project. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

4

The IT security landscape is littered with events where cryptography was not properly used, leading to leaked sensitive data and major problems for organizations. Learn how to encrypt and hash data using cryptography features in PHP, including password hashing, mcrypt, OpenSSL, CrackLib, and CSPRNG. Come ready to implement password salts, experiment with algorithm costs, and crack weak encryption using attacks from timing, brute force, and rainbow tables. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

MySQL replication is fairly easy to set up and run, but there are many facets you may not be using that could make your life much easier. With containers, you will see how to set up basic replication, learn how to use GTIDs, discover multi-source replication, and then see how to use active-active multi-master Group Replication. You will understand what the various settings really do and what should be in your config files. Bring a Linux box with Docker installed and follow along. PLEASE NOTE: This half-day workshop takes place on Tuesday, May 23rd before the conference on our dedicated Workshop Day. A combination ticket including Workshop Day must be purchased in order to attend this class. Once you have purchased a Workshop Day ticket you may attend any workshops of your choice that day.

Given that Open Source has “won”…now what? Thanks to the proven success of open source, we’re seeing a record influx of new people wanting to play in the open source space. But they come to our world without much knowledge of the battles we fought and won to arrive where we are today, and that fact could be dangerous.

11

PHP 7.0 was released one-and-a-half years ago, PHP 7.1 was released half-a-year ago, and PHP 7.2 will be released later this year. It is high time to have a critical look at the PHP 7 ecosystem. How stable is PHP 7? How widespread is its usage in the wild? Have standard solutions, frameworks, libraries, and tools caught up with the new generation? In this session, you will learn everything you need to know about the state of PHP 7.

PCI is a staple of conversation regarding payments security, yet the confusion on compliance remains. Does PCI compliance apply to you? If you accept credit or debit cards as a form of payment (even if you don’t store that data), it does. Stop in as we demystify this topic by addressing these key components: PA-DSS vs. PCI-DSS, Risks & Requirements, EMV, In and Out of Scope, and what’s on the horizon for payments security.

8

Come and meet CouchDB, the NoSQL store with magical powers. This session will discuss good use-cases for CouchDB and when to use it in your own applications, including new features in the 2.0 release. If you’re curious about alternative databases, fault-tolerant setup, brilliant replication, and a Javascript version called PouchDB then this session is for you.

5

Being flexible to change in business process makes our jobs easier, and it helps our applications adapt with minimal code changes. One of the biggest adaptions in our applications has been the addition of Events to note changes in the system. With these Events, we can affect change immediately or later. This is helpful in our reporting interfaces. We can build, change, and throw away our reports very easily. This is much easier than our older reports being generated by large SQL queries.

It happens even to tech giants: they get hacked, and client databases get leaked. Let’s look at what data is the most sensitive and what steps we can take to protect it, while still keeping all of the user experience intact. Come see why most web applications do passwords and credit card information wrong.

6

Your new database query ran quickly when you tested it, but seconds after deploying it, alarms are blaring, and you’re scrambling to rollback before the site goes down. What happened? I can “EXPLAIN.” Queries that perform well under development load with limited datasets can easily bring a database to its knees under production load. In this talk, you will learn to decipher query execution plans, recognize portions that can be improved, and take the necessary steps to optimize your queries!

If you want to add automated testing to your development process, but don’t know where to start, I want to show you how we used GitHub, Travis CI, Sauce Labs, and Selenium Builder to create an automated continuous integration system that can put our PHP web application through its paces after every single GitHub commit! And it’s all free. Too good to be true? No, it’s for real, and I can even prove it with screencasts of our tests running on Sauce.

8

Don’t worry, this is not about the goto keyword. In this presentation, I am showing you some of the inner workings of PHP. We are going to look at how different language keywords and constructs are handled internally. Everything is converted to goto, but the how and why is not as simple as it seems! This in-depth talk will be of most interest to people who want to know how PHP works internally. Expect lots of wonkiness, a form of assembly, and trees.

Join us in the Ballroom for some delicious food to keep you sustained throughout the afternoon.

Hack extends the PHP language with a gradual typing system. It allows large PHP codebases to introduce powerful, flexible type assurances incrementally, one file or even one function declaration at a time. Unlike PHP 5 and 7’s long-standing typehint mechanisms, Hack checks type invariants soundly ahead of time, before running the code. Slack has recently begun migrating its large PHP codebase to Hacklang, with a goal of reducing defect density, and increasing the confidence and velocity of changes. I’ll introduce the Hack language, narrate Slack’s experience in migrating to it, and offer some lessons learned for others contemplating the switch.

Complexity theory. Big-O. Constant, linear, logarithmic, and quadratic time versus space trade-offs. What does it actually mean when we say a function or an algorithm is efficient? How can we tell if we can do better? Join me, on this tour through a corner of computer science few developers actively think about, and you’ll walk away with a new way of looking at code and thinking about problems.

Accessible Rich Internet Applications (ARIA) adds numerous attributes to our elements to make them even more accessible to the end user. This becomes very helpful to your applications and websites heavy in AJAX and JavaScript. In this talk, we will be learning more about what ARIA is and how to use ARIA to enhance user experience for your cooler and nifty sites and applications. https://lkopacz.github.io/aria-presentation/

4

As engineers, our first and most important obligation is to serve the public good. Out code, impenetrable to most outside our industry, is finding its way deeper and deeper into peoples’ everyday lives. We must create software that safeguards the public’s trust, to the best of our abilities, yet for most us, security is an afterthought. In this session, we’ll learn to think like hackers while we learn how to mitigate harm and build applications that are safer and more resilient to attack.

7

If you’re anything like me, you probably still use MySQL the same way as you did in the 3.x days. Let’s be honest, when was the last time we read the docs? However, things have moved on, and these days there are some pretty awesome features in MySQL—document store, spatial support, and more—that would make your life easier, and your app faster. Things you could and should be using. Join Liam and discover what modern MySQL looks like, and how you can use it to improve your applications.

This break allows everyone time to step outside for some fresh air, check email, process new information, or continue an interesting talk with a fellow attendee.

6

Having one application to support is easy enough, but what if you have a CMS, an API, a design tool, and a core library that each other tool also needs to consume? Where do you even begin juggling the release management and cycle of so many interconnected and interdependent packages? Learn how a small team manages a large CMS project and utilizes real-world best practices of Git, CI/CD, and old fashion planning to bring a solid platform to thousands of editors and millions of viewers.

7

Many developers struggle with how to properly secure REST APIs. If you are like me, you followed a process from a trusted provider like Amazon, Google, etc. What if I told you there was a better way? It’s JOSE, a collection of open standards from the IETF that has strong library support. It’s also the basis of OAuth 2.0 and OpenID Connect. Let me show you how to make a highly secure API for today and well into the future built on the framework of JOSE.

Granted, back in the days setting up SSL/TLS on your web server was an annoying and cumbersome task. Remembering all those command line options for OpenSSL, choosing a widely accepted certificate authority (CA), and even after finally getting the certificate you’re still not done as the latest security problem requires tweaking your webserver’s configuration. Luckily, things changed. In 2017, setting up a secure web server doesn’t have to be hard, and certificates are free. So let’s get started!

Chrome is not just a great browser for viewing websites, but also an invaluable tool for building websites. Out of the box, Chrome ships with “developers tools.” Many web developers are aware of this and make use of some of the tools it provides. However, most developers only scratch the surface of what the browser can do. Learn how to test styling fixes, emulate handheld devices, navigate and debug JavaScript, use the console, view form submissions, replay AJAX requests and so much more!

Join us Wednesday evening for a reception in the sponsor area to relax and unwind after a long day of learning. Grab a drink and visit all of our wonderful sponsors who support and make php[tek] possible. Make sure to save some energy to join us later for the Conference Party and dinner immediately following the reception.

Immediately following the Sponsor Reception join us in the Ballroom for our huge Conference Party and dinner. In the past, we have had everything from Lego building parties to Casino Night. This year we plan to make it even bigger and better. We will be providing additional details as we get closer but there will be music, crafts, games, and more.

“You don’t need unit tests. Just write correct code.” “Closing this PEBKAC.” “Looks like another ID-10-T error.” We builders of systems spend a lot of time blaming failures in the systems we build on users of the systems we build. Maybe that’s fine; maybe it’s their fault. If the end users of your web app would just read the ‘Help’ pages, they wouldn’t have to call you with questions so often. If the passengers boarding an airplane would just wait for their zone to be called, the line wouldn’t back up and the plane would leave on time. If the developers you manage would just write code that works, they wouldn’t have to waste all that time on code reviews and unit tests. On the other hand, maybe the systems are inherently flawed, but we don’t notice until users get involved. Maybe we’re not very good at building systems that embrace real people, so instead we build systems that barely tolerate them. How would our system designs change if we started viewing “user errors” as “normative behavior”? How would a system that expected reality from its users be different from one that expects perfection?

6

There’s a lot to consider when it comes to the authentication and authorization methods your site uses. Let me guide you through some of the major (and minor) decisions you’ll need to make and how to find the right fit for your needs. Topics covered will include both traditional and advanced authentication methods, access control systems, credential storage and effective logging practices to help identify threats as they happen.

PHP 7.0 is old news; PHP 7.1 is the new hotness. As the first point release in the 7.x series, 7.1 sets the tone for future releases of the highly successful PHP 7. PHP 7.1 is an even more feature-filled release than 7.0. Join me and walk through what’s new in the most exciting release yet.

6

WebSockets give you real-time access to your application, facilitating communication between the browser and the server. WebSockets may seem they’re only for Javascript, but you can use them in PHP as well. We will discuss use cases and strategies for implementing WebSockets. We will look at the most popular protocols; specifically the WAMP, as well as the Ratchet, and Thruway libraries. At the end of this talk, you’ll understand what WebSockets are, and how to use them in your application.

TBA

This break allows everyone to take some time to process information, get some fresh air, check email, or continue that interesting conversation with your fellow attendee.

5

We use webhooks to have our applications exchange data as soon as it happens, rather than polling using APIs. This session covers creating, consuming, and deploying webhooks in a modern, microservices world. This session is recommended for anyone interested in teaching their applications to play nicely with others.

Use Angular to build truly native mobile apps. Any developer with JavaScript experience should be able to pickup Angular JS and roll their own native apps with a very low learning curve. We will walk through routing and using the HTTP service to connect to the BreweryDB.com public API. This will show you how to connect to any standard REST API and use your existing data and services to power your IOS/Android app. The code will be available on GitHub.

Designing, when you are a programmer, can be super intimidating. This talk will highlight the best ways to improve your design and UX skills so you can create interfaces that are usable and at least semi-attractive without hiring a designer—guaranteed no designer-y jargon.

Starting to write an API is an easy task, but you quickly stumble upon many obstacles and hard decisions. How to manage result pagination and input errors? How to handle write operations and file uploads? Join me as I share my tricks that allowed me to ship high-profile projects in record time while keeping the code clean and maintainable.

Join us in the Ballroom for a bite to keep you fueled for the afternoon of learning.

PucaTrade is the world’s first quantitatively managed gift economy and trading platform for Magic the Gathering cards, built on the back of a digital points exchange. We have facilitated over 6 million trades through the mail, and in 2016 we expanded into the wild world of Magic Online bots. PucaTrade is built with love and LAMP, runs on AWS, and features a hybrid approach to ReactJS on the front-end. Learn more about our successes and challenges, our scaling story, and our arc starting up a niche SaaS business. Also: There Will Be Magical Prizes

5

In December 2015, PHP 7.0 was released marking a new milestone for PHP and web application developers. We thought all was going to be easy to migrate to PHP 7.0. Unfortunately, many extensions and tools we use weren’t ready yet. In December 2016 PHP 7.1 was released, and the urgency to update became real as PHP 5.6 was nearing end-of-life. In this talk, I describe the analysis and the challenges we faced migrating towards PHP 7.1 so you can learn how to defeat those challenges if you plan to migrate too.

The next evolution of the JavaScript language is just around the corner, but you can start using it today. Learn about the new language features that ES6 brings and how to use those features to simplify maintaining your JavaScript. Start using ES6 on production sites today using Babel, a JavaScript compiler. Combined with Webpack, which allows you to use node modules in the browser, you can modularize your JavaScript, easily manage your dependencies and start sharing your code across projects.

3

This isn’t a talk about adding tests to your PHP codebase, but adding tests to the PHP language itself. And the best part is, all the tests are written in PHP, so you don’t even have to dust off your old C book from college. In this talk, I will show you how to find untested parts of the PHP source code, how to write a test, and how to submit your tests to PHP internals. Just think, even without any C programming, you’ll be able to call yourself an internals contributor.

The practice of spamming has grown at an alarming rate. The mechanics of creating and managing a blacklist of spammers hasn’t changed all that much, but the tooling around them has changed drastically. In this talk, we’ll discuss how to create a DNS-based blacklist (DNSBL), what tools are available to do so, and how to manage the DNSBL once it’s set up. Additionally, we’ll discuss how to easily migrate and scale a legacy DNSBL system using Docker and PHP.

This break gives everyone time to process new information, get a breath of fresh air, check email, or continue an interesting conversation.

Lots of systems are modular and flexible on the surface, but under the hood, their code is very different, as are the communities surrounding them. Does the structure of the code influence the nature of the development community surrounding that code? I’ll do a case study through code review of four different PHP CMSs: WordPress, Drupal, Tikiwiki, and XOOPS. Then, we’ll look for patterns in their communities. Are there connections, or just coincidences? https://prezi.com/qzwbjsulrx6j/phptek-how-cms-architecture-affects-dev-communities/

3

Mel Kaye was the archetypical Real Programmer. During the 1950s-60s he was renowned for his ability to understand underlying systems and write code to take advantage of their quirks. His loop with no exit, exits right on schedule via an awesomely subtle hardware overflow. Mel’s story demonstrates why knowledge of the full stack benefits you as a programmer. In this talk, we’ll hear about his zany exploits, focusing on the lessons we can learn to make ourselves stronger and better developers.

Have you ever used a web-based API that was poorly designed and inconsistent? Have you found gaps between the documentation and implementation? At Patientco, we have successfully implemented a Contract Driven Design methodology for APIs. Swagger is used to design RESTful endpoints before a line of code is written and the specification, documentation, and code are kept in sync through automated testing and deployment.

2

You’ve got that need—the need for speed! Using step-by-step examples, we’ll take functions written in PHP and convert them into loadable extensions using C. We’ll then test both versions and compare the results. After seeing the size and scope of the benefits that can be realized with only a few minor changes, you’ll be ready to take the plunge. You’ll also understand why we start with simple things, and not try to rewrite all of Symfony in C.

Programming as a profession doesn’t have a very long history– only 70 years– but the history we do have is very rich! Let’s dig into the murky origins of symbolic languages and discover how objects and functions were born. We’ll learn how a revolutionary changed the way we manage data and why JavaScript and XML are more closely related than you ever imagined! Let’s meet some of the brilliant, sometimes ornery, and always fascinating characters that have gotten us where we are now.

Thursday evening we will be all about the community! The php[tek] conference started as the first community conference in the US, and we’ve always kept our community roots. This year we pay tribute to our roots by having an evening that’s all about everything that the community loves! Join us for an evening of dinner, drinks, good company, board games, team trivia and a podcast or two.

7

Using `var_dump()` to debug your app has its benefits, but there are more comprehensive and efficient ways to debug those particularly elusive bugs. Enter step debugging. We’ll be using the PhpStorm IDE to step through our PHP apps line by line and see how much more power step debugging gives us over the conventional `var_dump()` technique. We’ll also touch on debugging from the command line. Learn to dance in PHP with step debugging.

1

In this presentation is about scaling MongoDB. Besides its schema free functionality, a modern database is also a lot easier to scale up than traditional relational databases. I will cover replication, for failover capabilities and increased read performance and “sharding” for dealing with larger sets of data and increased write performance. Each section will consist of theory, followed by instructions on how to set it up and deploy.

From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn the basics of machine learning through various basic examples, without the need for a Ph.D. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis, and basic genetic algorithms are and how they work. You will also see how to create your own implementations in PHP.

“If you build it, they will come,” they say. Not so! Marketing is crucial for anything you build that you want people to find and use. How should you market your app, your open source project, your mobile app, or anything else you build—especially as a time-strapped developer? This talk will go over marketing tips and recommendations to make sure what you build is seen and used.

You’ve built an API, launched it, and people aren’t excited about it. Why might that be? Many people release APIs for public consumption without any regard for developer experience. This creates a developer ecosystem that invites failure or worse—it can encourage people to seek alternatives. This talk will cover common API pitfalls (spoiler, not all of them are code-related!) and how to create an environment around your API that will make developers happy.

While hiking the 2,200-mile long Appalachian Trail, I realized that planning and executing a long-distance hike involves many of the same skills and challenges as developing software. In this talk, I’ll join these two disparate worlds you wouldn’t have thought have everything in common.

However you use PHP, application performance and page load times are important. Learn how to use, interpret, and apply the XHProf profiler to speed up your code and reduce load on your infrastructure. We’ll cover real-world examples of how Pardot tunes our application code to handle over a thousand requests per second and simple tips on how to squeeze the most performance out of your own code. Slides: https://www.slideshare.net/salesforceeng/performance-tuning-with-xhprof Demo app: https://github.com/dvankley/xhprof-demo

4

Constructing and maintaining a fault-tolerant, high-performance cloud-based web application environment doesn’t magically happen; you must take deliberate steps to ensure that your environment is maintainable and available 24/7, even in the event of failures. This talk will explore some of the best practices to apply when hosting your PHP-based applications on Amazon Web Services. Topics include operating web servers, relational databases, load balancers, file storage, CDNs, and monitoring.

In this rapidly changing world, what does it mean to achieve success? Is that even possible? How do you stay relevant with the constant barrage of new technology? Debunking myths. Finding Truth. Getting Personal.

Join us for a few closing remarks and most importantly...the prizes! Gotta be present to win so might as well hang around and join us for a chance to win awesome stuff.

Not leaving till Saturday or live locally? Join us for the after party Friday evening to keep the fun and friends going a little longer. While we aren’t exactly sure what we will be doing, there are so many awesome places to choose from in Atlanta. Stay tuned for more details as we get closer to the event.