SunshinePHP 2020
6 - 8 Feb 2020 at Embassy Suites Miami International

7

Regardless of reports to the contrary, PHP is a modern, scalable, secure programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely. This training class will walk through best practices in: * Password management (including hashing) * Credentials management (API keys) * Data encryption (both local and remote) * Data integrity (i.e., signing and authentication) * Server hardening Attendees will leave with a better understanding of PHP and how to use it in secure applications. Attendees should have an operable PHP environment before arriving. They will be given a code repo to use during the training class which will demonstrate the principles being discussed and allows them to practice from-scratch implementations in code.

In this tutorial we'll get hands on with atomic commits and all they have to offer. We'll be learning how to keep our history clean, how to navigate time and space, and how to correct mistakes we thought were permanent. Key things we'll be tackling during this tutorial include, but are not limited to, interactive rebase, reflog, and running bisect with regression tests.

In this speaker workshop, we will start with the basics of getting up and speaking. In each section from the introductions to the formal workshop at the end, there will be exercises involving the participants to help them be successful when applying the techniques. With advice ranging from how to project your voice properly to how to prepare for failure of your most critical demos and exercises ranging from how to breath properly to how to dodge nasty questions, there's something in here for anyone whether they have never given a talk or they are a seasoned professional speaker.

OpenAPI is more than just a documentation tool - even though it's great for that! As the tooling for OpenAPI version 3 has matured, there are now more opportunities to use OpenAPI to make your API development faster, easier, and more resilient. In this talk you'll learn how to use the OpenAPI spec and tools in the Open API ecosystem to power: - Mock servers to test your API before it exists - Integration tests to ensure that your API responses meet your specification - Validation logic - Documentation In this workshop we'll work together to build a simple API with documentation, testing, validation, and a simple front-end all powered by the spec. Slides: https://slides.com/dabernathy89/open-api-workshop

2

In this tutorial we will go over setting up a standard LEMP stack for development use and learn how to modify it to mimic your production/pre-production environments as closely as possible. We will go over how to switch from Nginx to Apache, upgrade PHP versions and introduce additional storage engines such as Redis to the equation. We'll also step through how to run both unit and acceptance suites using headless Selenium images in the stack. Leave here fully confident in knowing that whatever environment you get thrown into, you can replicate it and work in it comfortably.

0

_Given_ the prominence of API-first development _when_ developing web applications, projects _then_ need to be tested beyond unit and functional tests. Authoring tests using the Gherkin with Behat provides a way to achieve BDD with APIs. We'll dive right into writing Gherkin, how to create your own test scenarios in Gherkin, and how to hook those tests up with custom PHP test methods. See tests in action with live coding and live demos, including writing new custom tests. Leave excited to produce fully-tested APIs!

If anybody can write code, what separates programmers from those that just write code? Programmers think differently. Coders have to learn to think differently if they want to make the jump to programmers. In this talk we will look at 6 concepts that programmers need to master. Concepts that will help them think like a programmer.

2

Web applications are becoming the norm for users, and being able to handle thousands of requests per second is happening more and more. Developers spend an enormous amount of time making sure that their applications are as fast as possible, but tuning your web server can only go so far. Async Programming is being used by many languages as a quick and easy way to serve web applications, and PHP is no exception. Libraries like ReactPHP and Amp, alongside extensions like Swoole, give developers broad choices for how to build their applications using async principles. See how these tools and async programming can help your application stay quick and agile.

5

A/B testing? Canary Rollouts? Service maintenance windows? All of these and more can be controlled dynamically by using feature flags. In this presentation, we'll go over the benefits of feature flags and demonstrate how to effectively incorporate them into your codebase and workflows. You don't need a fancy service to make this happen - there are several php libraries you can use. In this scenario, I will demonstrate the Swivel library using a MySQL database.

8

If you are not writing tests yet, you should start. Tests will improve the quality of your code, reduce bugs and probably force you to think more about design and quality. Actually, the hardest thing is to start and figure out which type of tests to write. So you start researching and you find a lot of different materials and get even more confused. Even when you decide what type of tests to use, it can be hard to decide how to test some specific logic in your app. Don't give up! We have some tips we learned along the way that will hopefully make your life easier. In this talk, you will hear about different test types and when to use them. We'll also show some tools for checking the quality of your test. See you in Miami! :)

2

One of the hottest buzz words in programming today is "Serverless". But what does that mean? How can you host a PHP app without a server? Serverless can mean different things. I'm going to explain what it means to a PHP developer and why you might want to try it out. - Serverless means not having to maintain or manage a server - Serverless means not paying for computing power you don't use - Serveless means effortless scaling and speed - Serverless means easy fast deployments In this talk I'll show you some serverless options and example applications and the tremendous advantage deploying them to a serverless infrastructure can give you.

4

The paradox: I can't test this code because it's legacy. I need to refractor the code to make it testable. How can I manage that, without breaking existing functionality? I'll need to write some tests, but... argh! We've all been there! In this talk we'll look at safe ways to refactor and test 'untestable' code - without breaking any existing functionality. Promise!

9

PHP 7 introduced type declarations and so brought PHP into the world of strict typing. Each subsequent release in the 7 series has improved this and PHP 7.4 is no different with exciting new type features. In addition, PHP 7 enabled static analysis tools that coupled with type declarations enable us to significantly remove bugs in our code before we even run it! In this talk, I will review PHP's strict type system, including the new PHP 7.4 features and show how they can make our code safer and clearer and easier to reason about. We will then turn our attention to the available static analysis tools and look at how, with strict typing, we can eliminate whole classes of bugs and make our applications better. By the end of this session, you will be well placed to write better PHP code that has fewer bugs and works as you expect every time.

7

Programming is a wonderful profession for problem solvers, and a random sampling of developers will generally have different ways of solving the exact same problem. This can be great in teams, as it allows finding solutions that resolve the unstated issues: performance, flexibility, and maintainability being some of the more frequent. But programmers tend to also have egos, and think their way is the correct way, disregarding one or more facets of a problem, and this is when we have conflict within our profession. How can we resolve those conflicts? And when does quantity of code give way to quality of code — and how do we even judge quality? We'll discuss these issues, some potential ways to resolve them, and how we can become both better programmers as well as communicators.

5

Sometimes, our use of PHP grows beyond the typical request/response cycle of dynamic page generation. Unfortunately, the threaded nature of PHP - and the stateless nature of the server - betrays any efforts to expand our utilization of the server. Image processing, video rendering, APNS (Apple Push Notification Service) integration - any of these can easily take longer than is reasonable for a simple page request. Enter tools like message and job queues that empower daemonized PHP workers to handle data processing in the background. Yet further tools enable long-running event loops and asynchronous Promise-driven operations. PHP isn't multi-threaded, but that doesn't mean you're limited to a single-thread paradigm. I will demonstrate various use cases necessitating asynchronous operations, then delve into the code and the tools that make these systems work. Every attendee will leave armed with new ways to think about the management of large data jobs in PHP and an understanding of the tools they can use to make it happen.

4

Most of the PHP that still exists today was written long ago by developers lost to the sands of time. It was written in an era where we didn't have the tools we do today such as Composer, type safety, unit testing, and code standards. Even code that was written recently frequently ignores best practices in order to "get things done". You've been tasked with maintaining a legacy application and would like to modernize it, but the powers that be won't let you rewrite it. This talk will discuss strategies for bringing ancient codebases into the modern age piece-by-piece.

1

Being a consultant sounds amazing - set your own hours, choose your own projects, work where ever you want! Is this fairy tale dream true? Well, sort of. While consulting does have its perks, there is a lot of work that goes on behind the scenes to make it a success. Learn what goes in to running a successful consulting business and how to decide what to charge.

OpenAPI is more than just a documentation tool - even though it's great for that! As the tooling for OpenAPI version 3 has matured, there are now more opportunities to use OpenAPI to make your API development faster, easier, and more resilient. In this talk you'll learn how to use the OpenAPI spec and tools in the Open API ecosystem to power: - Mock servers to test your API before it exists - Integration tests to ensure that your API responses meet your specification - Validation logic - Documentation

As developers, we spend most of our time focused on business logic, features, delivery dates and yes, bugs. I know I do. This session will focus on the web security and including the HTTP security headers that travel with each server Request and Response. Based on the best practices, as defined by organizations like OWASP, Mozilla and others, we'll explore the various headers that act as a line of defense against the craziness that's part of the world wide web. Expect lots of details and plenty of examples that will help us get our head around why the settings are important and what the suggested settings might be for your site and services. Topics covered will include HTTPS, Subresource Integrity (SRI), Cookies, Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and Cross-site security (XSS). We'll also explore tools like securityheaders.com and Mozilla Observatory.

1

Are you familiar with all the different testing that your application should consider?, are you lost and don't know where to start?, You want to include testing in your application, but what kind of testing?, where can you start?, In this talk you will learn about the different kind of test that you can apply to your application, staring from unit testing, integration testing, UI testing, etc. and the different tools and methodologies associated to them including PHPUnit, Behat, selenium, codeception, puppeteer, etc. At the end of this session you should be able to determine how to test your application the best way that fits your needs and that will give you the reliability you need to trust in your application.

It's hard to believe that it's been a mere four years since the release of PHP 7.0 which took a phenomenal leap forward in both performance and type safety. Now, with the release of 7.4 just weeks behind us, the work on PHP 8.0 is already well underway promising even better performance and an exciting array of new functionality to make writing applications in the web's favorite language easier, safer, and more robust. This session will explore what's new in PHP, why it matters to every website, and peek into the future as we start to explore what's great, about eight.

MySQL has moved to a quarterly release cycle and it can be hard to keep up with the new features. For instance, there are now multi-valued indexes for things like JSON arrays to allow for fast searches of embedded data. And there is a bulk loaded for JSON, CSV, and TSV data that works in parallel. Or support for JSON-Schame.org's JSON schema validation. Plus you no longer need to run mysql_upgrade after an upgrade as that is all automated. In addition, you can now clone InnoDB tablespaces for fast initialization of replicate data. So if you need to catch up on the latest and greatest from MySQL you need to be in this session. Slides at https://www.slideshare.net/davestokes/mysql-new-features-sunshine-php-2020-presentation

6

In the context of information security, social engineering is a practice that can help hackers to acquire personal information, insights, and access. Social engineering techniques can also be used by hackers and non-hackers alike to become more skilled at observing the people around them and making informed decisions that are based on these observations. In this session, you will learn how to take a social engineering approach towards improving your team dynamics, including: - Strategies for assessing your team's current strengths and areas of improvement. - Recommendations for developing an action plan to initiate change, and using ongoing observation techniques to effectively manage change. - Best practices for resolving conflict, particularly for team members with different communication styles.

To really deliver quality software is more than just slinging code. The code itself, while it represents the product itself, is a smaller percentage of what is required to truly ship quality software. In this discussion with Josh Holmes, we will explore ensuring that you're solving the right problem for the right customer in the right way.

3

The rise of Node.js has many developers interested in asynchronous web application development, as it allows offloading heavy processes in order to provide snappy responses to clients. How can you achieve this in PHP, particularly with middleware architectures? Swoole, AMP, and ReactPHP each provide PHP with async operations, but which should you choose? In this session, we'll learn about each, but also cover how to code your middleware, handlers, and their dependencies so that they play well in an async environment, allowing you to leverage its scaling and performance benefits.

1

How do you handle the variables specific to the environment you use: Development, QA, Production, etc? Environmental Variables of course. But WHAT are they, WHY should you use them, WHERE do you put them, and HOW are they used. As an added bonus, Environmental Variables are not limited to PHP!

3

Searching based on a user's location is a feature of many websites and applications. This type of search can add relevancy and value to a website, especially when these results can include distance from a point, within a rectangle or other shape, combined with fast text searches. In this talk we'll take an in depth look at how Elasticsearch supports geosearching. We'll look at the different types of location searches and how to integrate them into your PHP application. By the end of this talk you will be able to add awesomely relevant location based searches that will impress your users.

We've all been to the talks about the tools for test driven development. But TDD is not just about writing tests, it's about driving development through testing. There's a very specific process of TDD...

8

Redis is a key-value store that has carved out a role for itself as a data structure server. If you're using it only for caching simple values, you're tapping a mere fraction of its power. This presentation provides an introduction to Redis and the Predis client library for it as well as related data structures that Redis supports and when it's best to use them. No computer science background is necessary; data structures are presented in understandable terms with practical examples.

You've been using MySQL's master-replica method to provide high availability and disaster recovery. And, you want to keep up-to-date with the latest replication tools to help your business prosper. I'll go over MySQL Group Replication and the theory of Paxos that is built into our latest replication tool to provide fault tolerance. I'll show you simple tools to test Group Replication (with its new consistency modes) to see if it is the right product for you.

If your code has little or no test coverage, you're working too hard. While testing may seem like a lot of extra work, it's really a way to debug your code before you even write it, and to make sure it keeps working when you change it later on. In this session I'll share my journey from a "non-tester", to "pragmatic tester", and finally to "test-first developer". I'll share what I've learned along the way, and describe how writing tests first fundamentally changed the way I write code.

7

This talk is for developers who want to know how to debug their code in a better way, through single step debugging, profiling, and simpler debugging tools. Xdebug is a PHP extension that implements many debugging aids and features. In this presentation we are going to look at this new version of Xdebug 3. The new version is a near total rewrite, and brings many improvements over its older releases. You will learn how to optimally use the new features and settings to make your development life easier. Besides introducing the redone functionality, we will also have a cursory look at how these features are implemented, just to provide a better understanding of what a debugging extension, can, and cannot do. You will learn: - Which features Xdebug 3 has. - How to debug your application with a single step debugger. - How to make optimal use of the configuration options in Xdebug 3. - How some of the things in Xdebug work.

0

PHP is an excellent choice to build HTTP/1 applications, but it has limitations when building other server-side applications like HTTP/2, WebSocket, RPC, and UDP servers. In this talk, I will talk about how to build high-performance application servers with the PHP extension [Swoole](https://github.com/swoole/swoole-src); how to implement challenging features like resource pooling, non-blocking I/O, task handling and scheduling; and how to develop, debug, test, deploy, and monitor these applications. Various real-life use cases will be studied during the talk.

From day one, PHP's main purpose has been to act as glue between an easy to use scripting language and more complex functionality found in established compiled libraries. Creating new bindings to glue in custom functionality has always been a complex operation requiring a special union of knowledge between C, PHP, and the somewhat inscrutable Zend API. While that's still the best route, PHP 7.4 does bring in a new option to make simple bindings much easier to produce; It's called FFI, or Foreign Function Interface. This session will explore using FFI to create stable, functional "extensions" with far less pointer juggling and everything about the Zend API abstracted away.

Do you have an advanced degree in mathematics or data science from a prestigious university? Me neither! That doesn't have to put machine learning beyond our reach, though. While the underlying theory can be extremely complicated, the practical applications are very approachable for us as developers. If you've been looking for an easy way to start dabbling in ML, this session is for you! Join me as I give an overview of ML and walk through the different types of algorithms available with some practical examples. We'll also see how we can take advantage of some of the various AWS machine learning products in order to quickly add these capabilities to our applications.

The Internet of Things (IoT) represents the concept of a massive system where things on the Internet communicate through omnipresent sensors. In the past decade, consumers have connected millions of IoT devices to the Internet at an exponential rate, designed to improve the quality of life in homes and businesses. This presentation will explain how businesses invest heavily in IoT in order to keep a competitive edge, going into IoT developments in automobiles, building automation, the medical field along with consumer devices, such as wearables and mobile devices. As a developer, you are part of this wave, as many devices are controlled via a web interface. This presentation provides an overview of IoT, where, in the end, you will realize how devices on the IoT will have the ability to be far more reaching, with the only thing limiting the growth is our imagination.

Bugs happen, and when they do, developers need to be ready to remove those bugs. While debugging tools are important, without methodology they'll always be stabs in the dark. In this talk, we'll walk through debugging a program using repeatable methods. Starting with confirming your assumptions, we'll walk through the steps any developer can take to fix any bug.

3

The shift towards API driven design has echoed in new design patterns from traditional MVC. Middleware pipelines is geared to address the complexities and nuances that arise with APIs. We'll delve into Expressive, discuss strategies for adding layers, handling authentication and authorization, and implications for projects. Come learn all about middleware and discover how you can leverage pipelines in your development.

1

This talk will look into Skaffold, a tool developed and Opensourced by Google, which aims to increase development productivity and bring closer the gap between developer's computers and other environments like staging, beta, and prod avoiding the "works on my computer" type of scenarios. This talk is brought by Angel Ramirez, who is a Certified Kubernetes Administrator (CKA) and CEO of Cuemby, a Kubernetes Certified Service Provider (KCSP). The content is from real experience implementing Skaffold in our daily workflows. Uncon Talk: Kubernetes 050 is also attached.

Many Git users tend to use Git as a save point, like in a video game; chronologically making checkpoint commits as they go. This spreads out changes to the same areas in the code over several commits, necessitates merging and resolving conflicts, and generally just making an incomprehensible jumble of your history. This talk makes a case for atomic commits and how to use them while only minimally affecting your workflow. Using pre-recorded demos, you'll learn how to properly interactively rebase, fix up, reset, bisect, and more. By the end of the talk, you'll have seen how this Git flow will make your life easier and how it will affect your ability to cherry pick, drop unwanted commits, and most importantly: not spend hours resolving conflicts in rebase hell. A little change in habits can go a very long way!

Closing remarks, some history, and personal trials that lead people to accomplish things and strive for quality in "normal" things.