SunshinePHP 2014
6 - 8 Feb 2014 at Embassy Suites Miami International

One of the best talks of the conference. Larry has some interesting opinions and is involved in a project (Drupal) that is currently in need of help and that is implementing the ideas that Larry is spreading.

I also like Larry's presentation style: it's very dynamic, entertaining and engaging which I like.

I've just become a Larry Garfield fan and I'll definitely check out some of his future talks.

Finally I got to see an XHProf talk. I was really looking forward to it and in the end I got what I wanted.

Although this talk wasn't really in-depth (which I hoped it would be), I'm actually quite satisfied with the things I learned.

Very nice to see XHGUI being featured and the fact that it has a MongoDB backend.

Another trick I really appreciated was the "disable CPU & memory" trick to improve performance. Unfortunately I cannot find the right syntax for it in the slides. Maybe this should be emphasized more in the slides?

@Jonathan: can you explain me how I should arrange the constants in xhprof_enable() to make sure CPU & memory aren't mesured?

Good stuff! I work at a hosting company and deal with this stuff on an almost daily basis. I still managed to learn a couple of neat tricks.

I really liked the first part of the talk: it clearly illustrates the direction of the language and the upcoming 5.6 release. That was pretty awesome and definitely a job well done.

But the second part seemed a bit random and incoherent. This is not the first time I see Rasmus speak and I've seen it happen a bunch of times: the talk has a really good start, but then becomes a bit more chaotic.

So to summarize the 2nd part: it diverts from the central theme which is a pitty.

Rasmus is a good speaker and an icon in the PHP community, he knows what he's doing and has some really interesting stuff to say. I only wished that the level of the talk remained consistent which wasn't case to me.

Maybe it's just me ... everyone else is giving the talk a 5-star rating.

I'm going to give this the 4-star rating it deserves although I didn't get to see what I wanted. That's mainly my own fault. I was expecting to see a Symphony 101 talks, but got a RAD talk.

Ryan is a very good speaker, the content was interesting and well deliverd, but again: I expected to see something completely different. And again: that's my own fault, not Ryan's

Although enterprise seems to be a boring subject, I was happy to see this keynote. Mark has enough experience to talk about enterprise and he also works at a company that actually serves enterprises.

So for the first time ever, someone was able to explain me what the so called enterprise actually is and now I have the tools to quantify if a company is actually an enterprise.

Although some aspects of the talk weren't surprising, there were still some basic aspects of enterprise I didn't know of.

I'd say it's a job well done! It didn't blow me away (hence the 4-star rating), but it was still a very good talk.

One shouldn't complain about free drinks, but I agree with the others: the staff wasn't that friendly. Still: free drinks are nice.

I really liked this workshop: I always wanted to implemente Jenkins and now I had the opportunity. I also like Keith as a speaker because he is knowledeable and entertaining.

In the beginning I didn't really know what to expect and I got bored looking at slides about PHP metrics. But it was all part of a larger plan that unfolded the last hour of the workshop. The last hour of the workshop was used to show us that installing and configuring Jenkins can be painful and it was.

But in the end everything worked out and we had a bunch of nice plugins all working together, producing the output we expected.

Although I was somewhat anxious to get into the actual process of configuring Jenkins, Keith made sure the necessary theoretical information was provided before we dove into the nitty gritty.

Next time around I would hope to see a bit less about metrics and I'd hope that Keith focusses more on packaging and deploying.

I didn't see the talk and I'm commenting just based on the slides. They are quite good overall but I see some things differently:

1. They often sacrifice UX for the sense of security:

1a. Strong passwords aren't really necessary if we use slow enough hashing function.

1b. Lockout future attempts for 10-15 minutes after 3-5 unsuccessful attempts is pretty harsh for users not remembering the password.

1c. Session expiry at 24-30 minutes is too aggressive, it wouldn't allow me to finish writing this comment. The same can be said about logout after 10 minutes of inactivity, users often do other stuff while being logged in.

1d. Preventing duplicate logins sounds crazy in the current world. I often start something on my phone and finish it on the computer and I would hate having to log in every time.

2. The Session Fixation protection is plain wrong. Attacker can generate a validated session id and then fixate the user with that. session_regenerate_id() must be called after escalating the privileges (usually after logging in). Please correct this slide if you can to not give programmers wrong advices.

3. The idea behind the __save() method is clear but the code doesn't make much sense to me. DataModel looks like a base class yet it's calling parent::save(). Also __save() is private - where is it called from?

Except the Session Fixation fail, these comments are just details or a matter of opinion. Thanks for sharing the slides.

Cal, this was one of the best keynotes I've listened to. Definitely the best you've given that I've heard. Your jokes were hilarious and you made some strong points but you made them fun. Thank you for being such a great representative for this community.