SunshinePHP 2014
6 - 8 Feb 2014 at Embassy Suites Miami International

This was a very interesting and well presented talk. His honesty and vision for PIE in PHP, using Drupal 8 as an example was great and I look forward to implementing this at work and my own projects as well as encouraging others to do so.

I'd have enjoyed a little less of, "Here, see what you can find in this code" and a little more on how things work and best practices to avoid the pitfalls.

For example, the discussion on timing attacks was very interesting. Mr. Ferrara did a fair job explaining how it worked, but glossed over the solution a little too quickly.

The repos were too deep for a cursory look to identify issues quickly for an audience who isn't habituated to doing so.

Even something like a walkthrough of creating a secure login page and process for tracking valid authentication would have been wonderful. Could have stepped through how and why each pitfall was mitigated. I've often been told how 'not to do something' without the information on how it 'should' be done.

We were told that when using the mcrypt library, using ECB mode with rijndael was bad, and CBC was good. Information on why would have been nice, and how bad is 'bad'? If you used CBC, you have to be able to recover your IV for decryption, right? What if you don't want to use the same IV for all your data, or store that in your DB to protect the encryption in case of theft of the DB? ECB might need to be an option. Perhaps a separate talk on how to properly implement the mcrypt (or other crypt) library would be nice. (NOT how to roll your own encryption, which we all know is bad.)

Clearly Mr. Ferrara knows what he is talking about. Would just like a little different format in the tutorial.

This was definitely an inspirational talk. It was great to cover what's new in PHP 5.6 etc. and the second half was very motivational. Time to go beyond the keyboard when looking for problems to solve!

I enjoyed this talk a lot. I'd covered sorting in my CS classes, but the dry theory approach never really stuck with me. The visual models were excellent and really helped to communicate the concepts well.

Really awesome talk and I'm glad to have caught it before its demise. It was great to cover topics I'd struggled with before in phpunit testing like mocking. I'm looking forward to putting this into practice in my projects and getting the rest of my team on board too.

I really got a lot out of this talk. I loved how Alvaro related Unix piping to a more functional style of programming in PHP and how it helps make testing easier. His little history lessons along the way were great also.

This was such a great (and important) talk for me also, and I'm so glad I picked to attend it. I'm the "CI guy" at work, and always have trouble explaining to the rest of the team what the heck those graphs and metrics all mean in Jenkins. Now I feel better equipped to understand it myself and share the knowledge.

Well organized talk with great info!

Great introduction to the basic concepts. Thank you.