php[world] 2017
13 - 16 Nov 2017 at Sheraton Tyson's Premiere

While we have all read about, watched, and even worked with Drupal and WordPress to create themes, the introduction of Twig has changed the traditional way of working with HTML, CSS, and JS. There is a movement away from traditional theme-centric design and towards component-based design. Learn how to identify patterns, define components, and utilize command line tools such as Composer, npm, and Grunt to quickly create a Pattern Lab managed theme. Work smarter, not harder as we create components that can be placed into any project.

Spend the day with an in-person instructor to learn the ins and outs of the Laravel framework. All skill levels welcomed. Has it been a few years since you've looked at full stack framework? Has your team recently adopted Laravel? Join us for a jumpstart training day of everything you need to get up and running and contribute meaningful code to your projects. Instructor-led exercises and real world examples will guide you on the path to learning. Move past "hello world" and build apps that do real things!

PHPUnit Master Class is designed to help you master the art of writing unit tests in a Test-Driven Development way. You will learn how to convert functional requirements into units, write the tests, and finally write the concrete code implementation.

(Our Training)

Building your next mobile app, SaaS product, or web app using an API first philosophy? Already maintain an API and want to step back and think about API design? Join us for a day of hands-on training! We'll build and iterate over a simple API, exploring concepts that give your API a solid foundation: authentication, REST based design and workflows, practical hypermedia, versioning, API request/response formats. Because your API may start out serving the needs of internal mobile clients, or single page web apps, but one day (sooner than you think) you'll be turning it into a public API.

0

Docker is quickly becoming an invaluable development and deployment tool for many organizations. Come and spend the day learning about what Docker is and how to use it. Discover how to integrate it into your workflow and build an environment that works for you and your team. This hands-on training will give you the kick-start needed to begin using Docker effectively.

(Our Training)

After leading the world’s largest Meetup group, and now leading the growing community at Civic Hall – a collaborative workspace focused on building tech for the public good – Jessica Quinn has first-hand experience with the power of community. In this talk, she’ll share her experiences with how networks are stronger than any one individual or organization and will discuss how community is essential our future.

The Zend Framework has evolved over the years from a full stack magical behemoth into an elegant set of interlocking libraries. But where do you start? Which framework should you use, Expressive or the MVC? What on earth is Diactoros? Join us as we take a look at exactly what exists in the Zend Framework eco-system with a brief introduction on how you can get started with the more interesting libraries.

6

Yes, you read it correctly, we are jumping from 5.7 to 8.0 (that sounds familiar, doesn't it?). The new version doesn't only change the number but also changes how you write SQL. Recursive queries will allow you to generate series and work with hierarchical data. New JSON functions and performance improvements were also added to 8.0 to help you work on non-relational data. Expect to see what is new and improved in this talk to power up your application even more.

6

In this workshop, we will start by learning how to build a strong ubiquitous language with stakeholders. Then, we will learn the benefits of encapsulating business logic in value objects using test-driven development. Next, we will move on to using bounded contexts, entities, and aggregate roots to manage state and protect invariants. We will also cover more advanced topics in the DDD world, such as event sourcing and command query responsibility segregation. No prior knowledge of domain-driven design required.

1

Think you can do better than Google Assistant, Alexa, or Siri? Want to build your own intelligent Facebook Messenger bot? Dipping your toe in the water is easier than you think, thanks to tools like API.ai and Google's Cloud Speech API. We'll start by building a chatbot that can keep track of context from message to message. Then, we'll mix in speech input and output to get something a little closer to your favorite assistant app.

6

PHP owes its appeal and popularity to its low barriers to entry. Anyone with access to a basic LAMP stack can get started in just a few hours, but if you want to write a production-level application, you need the right tools. The PHP community today relies heavily on Composer and PHPUnit as tools and PSRs as the common dialect. npm is the unavoidable front-end counterpart to Composer. Git, though not specific to PHP, is critical to developing a maintainable project. This talk will guide you through these topics so you have a basic understanding of the modern PHP developer's toolbox.

2

Various studies have shown there is a link between performance and conversion rates. This is just one of many reasons to make performance optimization a mandatory step in your development process. However, advice that was relevant a few years ago is often made obsolete by new browser versions or new technologies like HTTP/2. We will cover several aspects of optimizing a site from a performance perspective, debunk some myths, and also present tools which help analyze a web site's performance.

Time to grab a snack, check your email, step outside for some sunshine or start up a hallway conversation.

10

We have all heard about the major outages of Amazon and Azure in the past and the many online services that were impacted by those outages. So how can you protect yourself against being "offline" for hours or days and what tools you can use to protect yourself against it? Learn how we protect our customers with distributed systems (cloud and on-prem) to mitigate outages and stay online even when the lights go out.

Regular expressions exist in a mystical, magical wonderland many developers avoid like the plague. This talk aims to demystify this extremely useful and powerful tool. We'll talk about what regular expressions are, why we want to learn them, and the basic ins and outs of matching text and seeing those results. There are many concepts in this tool, but this talk will hit the basics: character classes, grouping, escaped characters, flags, modifiers, and more. While not every language implements regex the same, this talk will give attendees the foundations they need to work in any language.

Tor is an invention of the US NRL, designed to route web traffic anonymously. Intended for communications between secret agents, Tor is infamous for its role in the less savory parts of the internet. In a post-Arab Spring world, Tor has come full circle with ProPublica and Facebook using the service to provide their users with secure access. This session will provide a background on Tor, demonstrate a production ready setup for secure access to an existing site, and explore some of the newest Tor project developments that will soon make all of this even better!

1

User Story Mapping is a strategy where a team of customers, developers, and users examine the details of a project. Your team diagrams the process and events. Once you've discovered these stories, your team views features with the problems they solve. This powerful approach allows your team to prioritize features based on everyone’s needs and motivations. Instead of planning your project as a building that must have a strong foundation, we plan as if it were a vehicle. This focus delivers the Most Valuable Features to the customer by answering the question, “What’s Your Skateboard?”

Join us in the Ballroom for a tasty lunch to refuel for the afternoon.

You work in a large codebase and (surprise!) it has performance issues. Realistically, you can’t halt feature development to overhaul your core infrastructure. You also can’t expect a single person to tackle the growing heap of tech debt while everyone else plows ahead. So what can you do? Embrace premature optimizations! As it turns out, they might not be as premature as everyone thinks. Here are a few tricks to thinking like a performance engineer and some tips on convincing even the most stubborn of naysayers that a little forward thinking is the answer to their problems.

3

There are things you don't want to, or can't do, inside a web request. It could be a task that needs to be retired if it fails, maybe one that takes a significantly long time to process, or multiple jobs that need to be processed over time. Whether you're sending an email, processing a video, or consuming Twitter's streaming API, you should be using a separate process, and probably a daemon. In this hands-on workshop, you'll learn how to stop abusing cron, and easily daemonize a PHP script that responds responsibly to process signals.

2

Inheritance in PHP can be achieved in multiple ways. We'll cover both vertical and horizontal inheritance, including abstracts, interfaces, and traits, and when each should and shouldn't be used. Pros, cons, and common things to watch out for will be discussed so you can take your application to the next level.

2

Too often, the security of our applications is an afterthought rather than a pillar of design. This leads to embarrassing leaks of information, unintended violations of security best practices, or even critical vulnerabilities. This tutorial will walk through securing an app from first principles through smooth UX. We’ll navigate password hashing, two-factor authentication, and login by way of magic links. We’ll then go even further with auth by way of mobile push notifications!

2

Many articles and talks document how to use Elasticsearch as a search engine, but few go into detail about the powerful aggregation and analytical tools Elasticsearch provides. This talk will walk you through practical examples written in PHP using nested aggregations to quickly segment and provide data for charting among millions of records within a web request.

3

Maybe you’re the only coder on a project. Maybe you’re on a small team and carrying the majority of the server knowledge. For one reason or another, there are times when, if we don’t set up our own deploy process, there simply isn’t one. No one wants the headaches that come from a my-machine[s] to production direct deploy process, so let’s go a step better with Jenkins and GitHub or GitLab. This talk will walk you through setting up a Jenkins server to deploy your staging changes, and master merges with all the tests and checks you need to avoid those “oops” moments ever going live. Tutorials mentioned in the talk: https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04 https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart https://www.digitalocean.com/community/tutorials/how-to-install-jenkins-on-ubuntu-16-04 https://docs.gitlab.com/ee/integration/jenkins.html

Once an API ships it doesn't matter how it should behave—how it actually behaves is the important part. Users depend on the existing behavior, and we need a way to ensure it doesn't change. Behat is a tool that was built to help design software, but it’s actually a great tool for capturing existing behavior too. We’ve used these tools to gain confidence to refactor 5+-year-old apps by capturing the existing behavior before making changes. I want to share the secrets we learned with you.

Time to grab a snack, check your email, step outside for some sunshine or start up a hallway conversation.

5

Do you work on a legacy application and yearn for the green fields and bountiful structure of an application built on a modern framework? Do you feel like the only path to modernizing your old workhorse app is to spend months or years rewriting it from the ground up? What if you could integrate modern packages from a full stack framework at your own pace instead of having to start over from scratch? Join us as we explore using Laravel components in your Legacy App™. Modernize how your application handles configuration, routing, container, database, and much more!

Have you ever put a value into a JavaScript variable, and then been unable to use it where you needed it? Or created it and unintentionally overridden something you thought wouldn't be affected? JavaScript has an unusual way of handling where variables are available; we call this "where" a scope. In this talk, we'll go over how JavaScript variables 'bubble' up into higher scopes, how to restrict them to just where you want them, and how this affects variables in your functions.

Mentoring and onboarding new engineers is one of the most important things you can do to grow your team. Effective and intentional mentoring decreases the number of bugs shipped to production, improves your application quality, and helps keep code standards high as your team changes. Yet, there is hardly any information about how to mentor effectively. In this talk, I'll discuss how to think about mentoring engineers from the ground-up. We'll discuss a framework you can use to mentor engineers on your team so they go from new-hire to productive contributor faster than you can say Laravel.

2

Most developers using modern PHP frameworks know what an ORM is. What's less frequently understood is the underlying concepts that vary between different ORM implementations. In this talk, we'll study the differences and come away with a richer understanding of what the two major ORM patterns—Active Record and DataMapper—do differently and what effect that has on the software projects we build with them. Example code will use Laravel's Eloquent ORM and Doctrine, which is usually used with Symfony, but apply to many other PHP frameworks as well.

Join us for some drinks and connect with our wonderful sponsors.

Time to unwind, relax, play some games, and catch up with everyone after a busy day.

There’s more to being a successful developer than simply being great at programming. The gotchas that slow us down or trip us up are often outside of the code we write, manifesting instead in our process or how we work with our peers. Whether you’re new to programming or a veteran of many projects, these 5 things can improve your code, your career, and your team, and is a refresher course on what goes into the day-to-day, reminding us to have some empathy for individuals new to our community.

6

Have you found yourself wondering how to take advantage of what you have developed in the past for current or future projects? Are you tired of copying/pasting then adapting from your previous projects to the new ones? Start developing for the future and contribute to others by developing libraries and sharing them for use. Where do you start? You'll be guided through this tutorial step by step to include security, tests and all the factors you need to consider when building a library.

So you know how to add indexes to speed queries and maybe can use EXPLAIN. But why do your queries still stink? This session covers how the MySQL Optimizer looks at your SQL statements, where it has to throw up its hands in frustration, and how to tame it. Plus, there are some minor data architecture tweaks you need to know. Slides at https://www.slideshare.net/davidmstokes/advanced-mysql-query-optimizations but the demos are only in the presentation.

As an experienced developer, I am way too busy not to use an IDE with code completion, refactoring tools, and step-debugging (and so much more). PhpStorm* is a fantastic IDE to help the skilled developer get stuff done quickly and correctly. Prepare yourself for a fast-paced look at 43 tips and tricks for PhpStorm, some that you may never even know existed. How many do you already know? Note taking equipment is strongly advised. *Disclaimer - I work for JetBrains, makers of PhpStorm

If you have spent any significant amount of time developing applications, you have had to either consume or deliver data across multiple systems. When designing systems that need to communicate with each other, there are many formats to choose from. Your first thought might be to use JSON or XML. But are they the best choice for long-term scalability and system performance? In this workshop, we’ll introduce protocol buffers, review its benefits compared to alternatives, as well as learn how to use it within a PHP application.

0

What's the difference between service location and dependency injection? Why is this dependency injection thing such a big deal anyway, and how do you use it correctly? I'll answer these questions and more, including real-world examples of refactoring an application toward the more explicit, testable, closer-to-SOLID applications.

1

Since developers seem to have a hard time writing secure apps—according to one study, nine out of ten web apps have security vulnerabilities—browsers have come to their aid with new techniques and protocols like built-in XSS filters, special HTTP headers, and more that can help prevent many attacks. This session offers an overview of these new safeguards, including HSTS, CSP, secure cookies, and much more, helping you make your browser an additional defense against attacks.

Time to grab a snack, check your email, step outside for some sunshine or start up a hallway conversation.

2

Functional programming is one of the most mind-bending and counter-intuitive topics for most PHP developers. While almost every developer knows what a PHP function is, that's just the first part of the power that is functional programming. By harnessing the power of higher-order functions, we can write clearer, more accessible, and maintainable code. Applicable in PHP, JavaScript, and beyond, fewer loops will make you love programming more than ever before.

3

With the rise of the cloud and the abundance of automation and container tools that simplify scalability aspects of your system, performance considerations are often pushed to the back row. Building systems for high performance is not easy. It requires a lot of considerations—from technology selection to design decisions. In this talk, I’ll discuss common performance pitfalls across the stack and talk about useful techniques and examples that every application could benefit from.

1

Multitenant architectures provide great opportunities for scaling, but most solutions do not provide a way to share data between accounts. In this talk, we will introduce core concepts of multitenancy and explore a data model that allows two clients to share subsets of data instantly using a Laravel application and MySQL database.

Virus? There’s an app for that. Malware? There’s an app for that. Social engineering? It's a little more complicated. These techniques, used by hackers to gather information on their target, are hard to combat without education—so why don’t we talk about them more often? Aimed at the average user who could be targeted by such an attack, this talk discusses the tools of social engineering, how to combat it, and why so many companies fail in preparing their employees for such an attack.

Join us in the Ballroom for a tasty lunch to refuel for the afternoon.

Elm. Rust. Spark. TensorFlow. R. Haskell. Mesos. AR. Diggory. Got you. ‘Diggory’ is a character from Harry Potter, not a technology. Or at least it wasn’t one at the time of writing. By the time you read this abstract, Diggory will probably be a JS build system. If you read Hacker News on a regular basis, you might suffer from a combined sense of despair and impostor syndrome. How is it that everyone else’s stack sounds so much cooler than yours? How are you supposed to keep track of everything? How do you know when it’s time to adopt one of these things that sound like a lesser-known Muppet? How will you ever get another job without all of these things on your resume? There’s a lot to be said for using tried technology, but that brings a different set of problems. Engineers get frustrated when they never get to play on the bleeding edge. Sometimes you miss a trend and then you find yourself with a million lines of code that you can’t hire anyone to work on, with no tests, because that was another trend you missed. When should you adopt a new technology? How do you know when to steer clear? When should you throw away the old? And just how many different platforms should you support at one time? All these questions could be lost in time, like tears in rain. Or we could try to answer them in the course of this talk.

The original CRAY-1 supercomputer was a 5-ton monster with just 8 MB of main memory, yet programming it can be a fun way to explore subtleties of PHP coding. In this talk, we indulge in programming “big iron” on “bare metal.” We’ll look at CRAY-1 hardware instructions with the aim of understanding logic operations, Boolean algebra, and octal arithmetic. As a Cray Research veteran, I’ve carried CRAY-1 logic design to both MySQL table design and PHP coding. After this talk, you will as well.

This talk will explore the re-development of the National Library Service for the Blind and Physically Handicapped website from flat files into WordPress. The primary purpose was to redesign the site to be fully accessible for those with disabilities, allowing them to perform administrative tasks. Artemis developed enhancements to make WordPress plugins accessible. We will discuss how we approached developing this website whose primary content administrators and primary users are blind.

Trying to tame a modern, fully-featured web application like Drupal can be an exercise in frustration. In this session, we will be going over useful debugging tools and techniques that can help you see into the inner workings of all versions of Drupal. You will be better prepared to start building truly custom features into your projects, and you'll be able to remain calm when you get the inevitable email that your site is showing the dreaded White Screen Of Death at 4:45 pm on a Friday afternoon.

2

In 2016, NIST announced it was deprecating SMS-based 2FA (second-factor authentication) from its Digital Authentication Guidance. As the internet works to harden application and online security, what are the proper options available for truly secure authentication? What are those OOB (out-of-band) transactions anyway? Why is identity security so hard? Come learn about the tools that define the identity security landscape and how to easily integrate strong identity verification methods with your existing services. BYOA (bring your own acronyms).

We have a ton of options for provisioning machines once we have an SSH connection available, but how do we get those machines in the first place? Meet Terraform from Hashicorp, your infrastructure automation engine. Providing a declarative interface for your infrastructure, you can define what you need and let Terraform take care of the rest. In this talk, we'll take a look at what Terraform can do for you, walking through your first Terraform configuration all the way to writing your own modules to encapsulate your infrastructure across multiple deployments.

0

Eloquent, Laravel's ORM, is a powerful tool for interacting with relational databases. It models entity relationships such as one-to-many and many-to-many, but production applications often need to produce very specific data structures that cannot be directly generated from Eloquent built-in methods. Instead of looping through collections to wrangle your query results, it is possible to extend Laravel's basic relation classes and implement custom relations that you can easily reuse within and among Laravel projects. You will dive into the guts of Eloquent and emerge an effective power user.

Time to grab a snack, check your email, step outside for some sunshine or start up a hallway conversation.

0

The cybersecurity landscape is continuously changing as new threats appear and attackers adapt. We will discuss recent notable attacks and breaches, identify growing threats, and analyze current trends in attacks. Learn about effective strategies to increase security and reduce the risk of a successful attack. Delve into PHP security-related features for cryptography, data sanitation, session management, and configuration.

JavaScript is growing up, and browser vendors are on board! But many developers are stuck in the year 2000. This session will show attendees some of the more compelling—and practical—changes in ES6/2015. We'll talk about new variable declaration types and scopes, default function args, object deconstruction, template strings, "classes," and more. This will be a quick tour, but with practical examples and info every developer should have. This is not an introductory session, so attendees should come armed with a basic understanding of JavaScript functions, scope, and async programming!

Minority Report was a 2002 American science fiction film based in 2054 where police officers apprehended criminals based on predictions and foreknowledge. We are not in 2054 but fast-forward to 2017; we are now closer than ever before to the world imagined in Minority Report because of Machine Learning (ML). ML is a type of Artificial Intelligence (AI) that provides computers with the ability to learn without being explicitly programmed. During this talk, the secrets behind ML are uncovered, and attendees walk away with the knowledge to incorporate ML into their own applications.

Cloud typically offers the promise of innovation without actually delivering much new. This is especially true in terms of the way solutions are architected. Service Oriented Architectures have the potential to change this but also come with their own set of issues. In this talk, Chris will discuss how Nexcess is approaching cloud, SOA, and the difficulties these create for developers. Especially in terms of the future of DevOps.

The world of ones and zeroes made much more sense five years ago. There were clear winners, and there were runners-up who were pivoting towards a “let’s cut apart the heating system and look for copper pipes” sort of business model. We relied on old but reliable technologies and standards as we fashioned shaky but exciting new ones. Communications had the instinctive and irrefutable clarity of a right-parenthesis preceded by a colon. We were totally ignorant of our wristwatches’ battery level. But today it’s hard to imagine a single sector of technology that can’t potentially be reinvented in just eight fiscal quarters or even a corporate powerhouse that couldn’t get itself into trouble in the same span of time. It’s not a time of chaos; it’s a time of change when anything is possible and anybody can reinvent themselves.

Don't miss your chance to take home an awesome prize!