ZendCon 2017
23 - 26 Oct 2017 at Hard Rock Hotel & Casino

2

In this tutorial we start by defining an API with Apigility as our main engine, we'll define all the details to make sure we set up our API so it can be consumed by our web application and our mobile application. We continue by creating a web application that will consume the API resources and how to define the flow from data consumption to views using Zend Framework. Then we'll define a simple mobile app, which will consume the services from our API. For this we will use Sencha Touch. We'll learn about the details to promote our App to the App store and Google play.

3

Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.

In this tutorial we'll cover setting up a continuous delivery pipeline with Jenkins. We'll use Terraform to provision our AWS resources needed and how to use Jenkins to manage your cloud infrastructure. We'll go through the steps needed to get your PHP app packaged in a Docker image and deployed to AWS Elastic Container Service. You'll see how to match your environments as closely as possible and some things to watch out for. You'll need an AWS, Docker.io, and GitHub account. For a meaningful setup you'll want a paid AWS account. You'll also need a paid account if you want private repositories for Github and Docker. At the end of this tutorial, you'll be able to push some code to GitHub and your Jenkins instance will automatically pick that change up to test, build, plan, and deploy your PHP application to the cloud. We'll also show you how to rollback code; update composer dependencies; build Docker images; manage resources; and setup RC, QA, staging, and other environments. Please come prepared by signing up for these accounts and having an editor capable of editing PHP, Groovy, Bash, Dockerfile, HCL (Terraform), and JSON.

In this workshop we'll show you how to migrate a PHP source code from older versions to PHP 7. Slavey will guide you through a sample project and after that you should be able to migrate your own source code using the techniques demonstrated in the workshop. PHP knowledge is a must. GIT knowledge is a plus. Source code of the test application, slides and tool scripts can be found here: https://github.com/slaff/ZC2017

2

The IT security landscape is littered with events where cryptography was not properly used, leading to leaked sensitive data and major problems for organizations. Learn how to encrypt and hash data using cryptography features in PHP, including password hashing, libsodium, mcrypt, OpenSSL, CrackLib, and CSPRNG. Refresh on current industry standards and review cryptographic algorithms. Come ready to hash passwords, experiment with algorithm costs, and crack weak encryption using attacks from timing, brute force, and rainbow tables.

The Zend PHP Certification is the industry standard to test a candidate's knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Zend Certified Engineer (ZCE) by one of the authors of the certification. We'll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge.

2

Get a practical deep-dive into Composer, the dependency manager for PHP. We'll compare Composer to "global" managers like PEAR, apt, and yum; show how Composer helps you obtain the components your applications depend upon, install them into your project, and control their update to newer versions. We'll explain autoloading, demystify keys in the composer.json file, and get you confidently using Composer, with practical examples all the way. When you leave this tutorial, you'll understand: - What PHP source code dependency management looks like, and what problem Composer solves - How to install Composer (friendly to all developers, including IBM i developers) - How to use Composer to install, update, and lock code dependencies to appropriate versions - Autoloading in general, Composer's autoloader in particular - The difference between composer.json and composer.lock - What Semantic Versioning means, and what those version numbers communicate to you as developer - Packagist, the public clearing house for Composer-managed packages - Considerations when using Composer in development vs. production environments - Important do's and don'ts when using Composer - Intro to setting up and using a private repository

0

In this tutorial we'll cover how to design and implement web APIs in PHP 7 using a middleware architecture. We'll use Expressive to implement the API leveraging the PSR-7 standard. We'll demonstrate building both simple RPC and fully RESTful API endpoints. We'll also focus on features like authentication, authorization, versioning, content negotiation, validation and filtering of user's input, and more.

The modern enterprise landscape is a hybrid of heterogeneous technologies and disparate endpoints. In this tutorial, we’ll discuss ways that you can leverage the flexibility and sophistication of ActiveMQ’s message processing to federate your front-end applications with back-end services. Beyond integration, we’ll discuss the user experience benefits that come with processing tasks asynchronously, rather than forcing a user to wait for a task to complete interactively. The ActiveMQ community has made innovative leaps in the last few years, and we’ll look at what is available to you within this powerful, open source platform.

5

With the introduction of Progressive Web Apps and web platform APIs such as persistent storage, payments, and geolocation, the web platform is taking on native apps. A Progressive Web App combines the best parts both a web app and a native app. You browse to a Progressive Web App just like you browse to any other website. It lives at a URL, can be indexed by search engines, and can be linked to from anywhere else on the web. As you continue to use a Progressive Web App it gains additional native app-like capabilities. For example, the app could be installed to the home screen on your device. You might also grant the app the ability to send you push notifications, or the ability to access your camera, your microphone, or other device resources. One important aspect of Progressive Web Apps is the concept of building your app to be Offline First. With an Offline First approach, you design your app for the most resource-constrained environment first. This approach provides a consistent user experience whether the user's device has no connectivity, limited connectivity, or great connectivity. One of the biggest benefits of Offline First apps is that they can be very fast, as they provide zero-latency access to content and data stored directly on the device. The Service Worker API can do most of the heavy lifting when it comes to storing content and assets for Offline First Progressive Web Apps. A bigger challenge can be storing and sync'ing your app's data. One of the best answers today for offline sync for Progressive Web Apps is a combination of Apache CouchDB (an open source document database), Hoodie (an open source Node.js backend for Offline First apps), and PouchDB (an open source JavaScript database that syncs). This stack can provide you with the starting point for your own Progressive Web App mobile backend and frontend, and it's entirely open source! You'll leave this workshop having built a fully-functional Offline First Progressive Web Apps using Polymer, Web Components, Service Workers, Apache CouchDB, Hoodie, and PouchDB.

In this workshop we'll cover different ways to test your PHP code. Our focus will be the tools and writing tests - we won't get caught up in all the various testing practices. With a foundation in tools like PHPUnit, Mockery, and Codeception you can make the decisions about what testing tools and strategies work best for you. So if you're looking to start testing your PHP code, or learn other PHP testing tools, this workshop is for you.

2

DB2 is the heart of IBM i. For PHP applications, the DB2 database provides performance, data integrity, remote connectivity, and security. This tutorial will show the right way to use DB2 with PHP. Topics include: Performance tips, prevention of SQL injection, library list options, and how to connect IBM i's DB2 from Windows and Linux. Learning objectives: - Understand how to get the best performance from DB2 with PHP on IBM i - Take steps to secure applications by using parameter markers (prepared statements) - Learn about new features that help performance and stability - Make the right choices when configuring your application for library lists and more

The Zend PHP Certification is the industry standard to test a candidate's knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Rogue Wave Zend Certified PHP Engineer by one of the authors of the certification. We'll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge. This workshop will feature the new certification exam based on PHP 7.1!

The web revolves around PHP, and PHP evolves with it. In his keynote, Zeev will explore how PHP has impacted and continues to impact people's lives, and will share less commonly known and downright unusual PHP stories. Looking to the future of PHP and the web, he'll provide a glimpse of PHP’s upcoming technological advancement.

14

Ever need to add authentication to an application? Or log HTTP messages? Maybe you wanted to trim trailing slashes from URIs. Or add security features such as CORS, Content-Security-Policy, or other headers. How do you easily enable the features, or enable them only for certain contexts within your application? The PSR-7 HTTP Messages specification created an ecosystem of PHP middleware that provide solutions to these problems! We'll cover creating an Expressive application that composes middleware from a variety of ecosystems in order to demonstrate that, in the end, there's a middleware solving every problem.

5

When using a PHP framework, standard practice is to use an Object-Relational Model (ORM) for database access. However, with high-volume logging and statistics-gathering, it pays to go "old school" with PHP prepared statements. Meanwhile, when MySQL tables quickly grow by millions of rows, table storage space becomes an issue. Our table design must focus on keeping these tables more compact and efficient. Here too, prepared statements simplify both coding and table design. This session will use CakePHP 3's excellent support for PHP prepared statements, but all concepts are native to PHP and apply to any project striking this use case.

2

Everyone knows installing PHP on IBM i is easy. Just download the save file and run the RSTLICPGM command. But not everyone knows what that RSTLICPGM does. What is it putting on the machine? Where is it putting it? How does it all work together? In this session we'll take a look at the IFS directories added by the Zend Server installer to see what's in them. We'll see where PHP and PHP extensions, Apache and FastCGI configurations, log files, and more are kept. We'll also talk about how these new file objects interact with existing prerequisite software on the IBM i to present dynamic pages to the web. This session is for PHP developers and administrators interested in learning how PHP fits in with the unique operating environment of IBM i.

2

There's a whole world of open source software available on IBM i, whether that software comes from IBM, another software vendor, or even something you found on GitHub. Learn about some of the available software packages available to you from all of these sources.

4

Programming is hard. Making compilers is harder. Or so people think. The truth is that making a compiler is just a series of small steps, using regular language constructs. It's so easy, we'll make one in this session. Many developers (especially those who are self-taught) believe the lie; that making compilers is too hard for them. That they lack the tools and knowledge to bring their ideas about programming languages to life. There's a lot of complex thinking that goes into mainstream compilers, but that's no reason not to try! We can make less efficient compilers and interpreters which enable the same amount of power and flexibility as mainstream compilers. We could use tools like Parser Expression Grammars or JISON, but this session will look at something even simpler. Let's build our own cross compilers using regular expressions and a stack. Let's implement our own programming languages, in real-time.

1

Git is everyone's go to method of version control. Our goal is to cover what it is, why it's important, and a few of the superpowers it unlocks. Of course, we'll touch on the basics: - git status - git commit - git pull But we'll also take some time to understand more powerful commands and features like cherrypick, bisect, and using alternative differential browsers for those hairy merges.

Isomorphic web applications (running the same code on the server and client) are all the rage because they provide the flexibility, extensibility, and consistency needed to build large and powerful "app-like" experiences on the web. How can we create them in PHP and WordPress? The answer is NodeifyWP. NodeifyWP is a framework that relies on the PHP extension V8Js and the Google V8 engine. It allows WordPress to execute Node.js within the theme. Pretty crazy, huh? It even makes WordPress’s hooks, filters, and functions available for use within JavaScript. This talk will cover the basics of isomorphic JavaScript and using NodeifyWP.

We often have the tendency to over engineer our software. We want to use the latest packages, integrate with the hip services, and adopt those shiny patterns. Jason's here to say, "you aren’t gonna need it". In this session we’ll take a look at how to practice YAGNI and what that means when writing code and making design decisions.

6

This session will cover Regular Expressions from the basics to the darkest corners of this arcane art. Regular Expressions, at the core, come in handy to achieve validation and text manipulation tasks. In the day-to-day life of a developer, becoming comfortable with them opens up many more use cases. As one of the tortured souls that actually enjoys writing - and reading - regexes, Jordi will share his passion so that you too can see there is no reason to worry.

With some of the recent issues that occurred with cloud platform providers, many businesses are wondering whether they can leverage multiple cloud platforms for their solutions. In this intense session we'll do exactly that and set up cloud architecture over multiple cloud platforms that include: - Load balancer - Caching servers - Database servers - File servers - Web servers Once we've set up our environment, we'll deploy a PHP application and test out performance and redundancy.

This is a technical session in which the speaker will share his knowledge about migrating legacy PHP projects to PHP 7. This session is divided in two parts. The first part will explain the advantages that we have seen in real-life large PHP applications. The second part will describe the steps needed to get there and what you should be aware of in order to better plan your PHP 7 migration. The slides can be downloaded from here: https://drive.google.com/open?id=1QcOkbH00VtDsGMA0GxAjvGOhL26cRVxz

In this session you'll learn about and practice basic PHP syntax, as well as how to access DB2 data to populate HTML documents. You'll learn about how to read input from the browser and dynamically build an HTML document using a combination of HTML, PHP, and SQL. We'll review the HTML tags for tables, forms, and input fields in order to create prompt screens and database inquiries. This session is geared toward the RPG programmer with limited or no experience developing PHP web applications. This will be a self-guided lab – i.e., you will follow clear instructions from a printed lab guide, sometimes writing code from scratch, and sometimes using templates with key pieces missing, in order to maximize your time. Rather than focus on language syntax directly, these exercises will teach you syntax through the applications you are building. In the process, you will also get exposure to some of the most important HTML tags that you need to create useful business applications with PHP. You’ll also get some experience using Zend Studio, the premier IDE for PHP development on IBM i. IMPORTANT!! – LAPTOP REQUIREMENTS: This is a hands-on lab. To participate in this workshop, you will need to bring your own laptop, with the Zend Studio IDE installed, before arriving. You can download this from http://www.zend.com/en/products/studio/downloads. Choose the OS that runs on your laptop (Windows/Mac/Linux) and click the Download button. If you already have an older version of Zend Studio installed on your laptop, it should be fine, but I recommend version 10 or higher. Please see the release notes for the version of Zend Studio you are using for specific system requirements. If you have trouble getting Zend Studio installed, you can contact the instructor for assistance: [email protected]. The server used is an IBMi server running DB2 and Zend Server, and this will be provided for you via remote access.

3

Keeping external libraries current and organized can be a tedious and risky task. Converting those libraries from embedded inside a codebase to being included via Composer is a clean and efficient solution. Learn how to migrate and autoload those libraries, use the composer.json and composer.lock files, find new libraries, and run Composer commands. Use what you learn to clean and organize your codebase to make it easier to maintain, and more lean and better to work with.

In 1969, researchers at Stanford and UCLA collaborated to transmit the first message over what would become the Internet. In just five decades, the repercussions of that moment have echoed through every atom of society. The world is evolving at a pace unprecedented in human history as we use technology to change how we think, learn, communicate, and even how we understand ourselves. Let’s take an inside look at how the fusion of media and technology is reinventing human interaction and the role that we, as engineers and technologists, must play in this important process.

PHP 7.0 is old news, PHP 7.1 is the new hotness. As the first point release in the 7.x series, 7.1 will set the tone for future releases of the highly successful PHP 7. PHP 7.1 is shaping up to be an even more feature-filled release than 7.0, join me and walk through what's coming up in the most exciting release yet.

8

Even though you tested your application perfectly, errors and bugs will still happen in production, especially if other services or databases go down or are under high load. Thus it is very important to see errors happening and to be able to react to them quickly. In this session we'll introduce you to efficient ways for monitoring and logging for errors and show how you can handle them if they happen, covering deployment strategies, using intelligent circuit breakers, and gracefully reducing functionality. The session will give examples and recommendations so that you can quickly get started with implementing these.

1

IBM i organizations benefit when users can access web applications from both desktops and mobile devices. But how do you accommodate all of the different device types without spending valuable time developing multiple versions of your applications? Attend this session to learn: - What responsive design is - How Bootstrap makes it easier to create responsive web applications - How to install Bootstrap on IBM i - How you can use Bootstrap with PHP

MySQL 5.7 provides a JSON data type. Previously you could store JSON formatted data in some sort of text field but then you would have to use REGEX which would reduce the quality of your work life, make your grumpy, and would be frustrated when you had to maintain it. Now you have over two dozen functions, can create materialized columns from JSON data that can be indexed for fast searchers, and can output data in JSON. This is a quick introduction for PHP developers to learn to incorporate this new data type with plenty of programming examples.

2

There are hundreds of open source licenses. Most developers don't take the time to read or understand them, but can you continue to ignore them? We have seen a rise in litigation around open source license over the last 10 years. And, in the last 12 months we have seen the first examples of OSS copyright trolls that are taking developers to court in an attempt to monetize GPL violations. - This session will covers: - How OSS licenses are enforced - What are the main types of OSS licenses - How to identify them - What steps you need to take to ensure you are complying We cover use case scenarios and do a "deep dive" on the most used licenses today and how to understand them.

1

How do you find a truly reliable, well-built, and tested package? Do you have concerns about the overall quality and security of third-party libraries and packages you rely upon as dependencies in your code? Does quality have anything to do with number of reported downloads? See how you can assess the quality of components available through Packagist - some popular, some under-appreciated - using various PHP QA Tools. The short script used during the session to run the QA toolset is available here: https://gist.github.com/clarkphp/865b50659c513d486632ad8b7995ea73

3

Immerse in the API world with Apigility. Learn how to take advantage of this tool to create APIs from scratch or to expose current functionality from an existent system. You'll learn the core API concepts, processes, functionality, logic, and in general how you can create good APIs, including documentation and all the considerations you must have.

The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it, as well as when not to use it. Websockets are the new way of providing live interactivity with users, in many cases replacing the need for Ajax requests alltogether. This relatively new technology isn't always as straightforward as it may seem though, as will be demonstrated in several examples.

Things change fast in the PHP world. If you don't stop every once in a while and look around, PHP will pass you by. With regular point releases coming out, it's tough sometimes to keep up with all the new features that the core developers are constantly giving us. Join this session as we walk through the changes that came with PHP 7.1. We'll take a look at the important changes and how you can use them in your projects. Along the way, we'll say a fond farewell to some features that have served their purpose and are now just a fond memory...or nightmare.

500 internal server error? Wait, now it's a 404 error. I think it's actually a syntax error. And now my program call isn't returning anything. Attend this session to hear tips and tricks on how to debug your web application on IBM i, including: - Analyzing Apache logs and Apache server issues - Debugging your program calls and Toolkit issues - Debugging DB2 and library list issues - Debugging Javascript and CSS

For enterprises, it's rarely a single function causing your OSS problem, it's a combination of architecture, packages, or networks. Spend an hour examining real-world use cases and learn: - Typical architectures (OSS, commercial, and more) - Top issues we see in the field - Top packages and why they're chosen

2

The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!

You're days away from rolling out a MongoDB application to production. Your code and data model is set. Integration testing is successful, and the business has given its blessing after thorough testing. Performance testing commences revealing a critical issue on a common use case in your application. Any changes to your code will require a new QA cycle delaying your production rollout. What can you do? NoSQL databases promise quicker iterations allowing you to deliver more functionality for your business, but there may be obscure signs of trouble you are overlooking. This session will show you how to uncover performance problems before deploying to production, and empower you with knowledge of tools that assist developers and administrators to achieve high read and write throughput. Discover how to attain maximum performance in environments with redundancy and high availability with ease.

We've all been to the sessions about the tools for test driven development (TDD). But TDD is not just about writing tests, it's about driving development through testing. There's a very specific process of TDD with red, green, and blue phases. There's also different patterns, like outside-in or inside-out. In this session we'll focus on these practices by TDDing a common data structure from start to finish. You will gain experience and leave with tips to help them practice TDD in the real world.

3

Developers would love to "automate all the things", but where do we start? What tools exist for automating? And what can actually be automated? If we don't have unit tests, can we still benefit from deployment automation? This session will show how a PHP application pulled from Git, complete with unit tests, Composer dependency management, and package creation, can be deployed flawlessly using Jenkins. Then see how "Dev" and "Ops" are supported by a system if the application breaks through automated rollbacks.

6

There are many types of databases and data analysis tools from which to choose today. Should you use a relational database? How about a key-value store? Maybe a document database? Or is a graph database the right fit for your project? What about polyglot persistence? Help! Applying principles from Domain-Driven Design such as strategic design and bounded contexts, this session will help you choose and apply the right data layer for your application's model or models. We'll explore traditional relational databases, graph databases, document databases, key/value stores, polyglot persistence, CQRS, event sourcing, and data layers for microservices.

7

Technology is everything these days, and your skills as a developer are in high demand. How can you leverage your unique skill set and understanding of technology to climb the ranks in your company beyond “just a developer?” Ann will tell her story of going from underpaid full-time developer, to broke freelancer, to entrepreneur, and finally to partner and CTO. More importantly, she’ll tell you what she learned along the way about the art of persuasion, transparency as a trojan horse, indispensability, confidence, standing your ground, and ultimately how to be treated and respected as a leader and not an employee. Disclaimer: I cannot confirm or deny that I have a problem with authority and a thirst for power.

The Open Web Application Security Project (OWASP) is most famously known for its list of the top ten security risks for websites. After a long wait, the 2017 edition of the list has been released. We'll have a look at all entries on that list, what's new, what has changed, and what security risks a modern web application will face. And since this is a PHP conference, we'll look how we can mitigate those risks with our favorite programming language.

2

The session will explain how to create a flexible and modular architecture for managing complex industrial workflows. The workflows will be defined in pure textual syntax, feeding a microservice based infrastructure comprising of the following elements: - An API-based (REST, RPC) workflows manager (validation, analysis, propagation, etc.) - Modular, independent, business logic units covering many common aspects related to industrial workflows - An API-based (RPC) workflow implementer created by the manager on top of the business logic units

0

WordPress lets you create a website by choosing a theme and adding your own graphics without touching a line of code. This popular open source application also has thousands of plugins to add features to your site. Best of all, it runs on IBM i, and can leverage your own DB2 data and RPG programs. Learn why WordPress on the IBM i can be the most powerful WordPress anywhere. Since WordPress is based on PHP and MySQL, you'll get a taste of those technologies as well. In this session you'll: - See what your IBM i can do with WordPress, how you can quickly create a website that will wow the business people in your company - Get a taste of how open source technology runs the web - See your IBM i data and RPG output on a WordPress site on IBM i

It is. We'll start from a simple Symfony Microkernel application. Then change the Kernel to use Controllers as Commands and build classes to serve Data and Interaction to endpoints. Then we'll create tests for logic and behavior. Then we'll create more routes. Then we'll connect to a database. Then we'll improve it more. The intention is not to show "how to build an API from scratch" but evolve a Symfony Microkernel project as a Flexible Framework and explore more possibilities using Command pattern to split HTTP logic from business logic.

17

Has enterprise PHP got you down? Does juggling dependency management, SOLID principles, and spiraling complexity make you yearn for the simpler days of one-off scripts? What if we could once again embrace that simplicity, while retaining the ability to execute complex requirements? What if we could reduce the amount of code in our apps in a real way? The solution exists already: middleware! Discover how middleware can help your organization, from developing one-off prototypes to full-featured, complex enterprise applications, transforming your application development lifecycle.

7

Enterprise PHP development teams, no matter the maturity level, focus on one thing, releasing stable apps that perform. They also want to avoid reinventing the wheel. Therefore, make the investment to listen to the top lessons we've learned from across industries to deliver PHP code faster without sacrificing quality, user experience, or existing workflows. You will learn: - How to dig deep into application behavior and performance at runtime - How to maximize existing continuous delivery principles and tools - When to take advantage of existing frameworks and extensions and when to do it yourself - How to avoid reinventing the wheel each time you deploy, upgrade, or rollback

Static analysis tools checks PHP code without running them. Fully automated, they bring expertise to review the code, enforce good practices when programming, keep code ready for the next PHP version. PHP 7 has developed tremendously our capacity to audit code. Thanks to AST and return types, it is possible to go deeper and prevent more bugs. During this session, we'll review the current state of static analysis tools, learn what they can find for us, and how to integrate it in the development cycle: security bugs, migration incompatibilities, and directives recommendations. Simply said, better PHP coding.

See practical examples, in the context of a working 5250 RPG application, of how to integrate RPG, SQL, and other IBM i platform assets, with PHP. Learn the most up-to-date approach for structuring and configuring a Zend Expressive application. Learn about Expressive, the open source PHP microframework from Zend, and PSR-7, HTTP Messages, and Middleware. How about a real Zend Expressive web application that starts with CRUD, but goes beyond? How should models invoke RPG, DB2 queries, stored procedures? Where are "the controllers?" How do we handle sessions, authentication, caching for performance, and access control with middleware? This is not the standard sample application; this one begins with a small, but complete 5250-based RPG Order Entry and customer tracking application, and leverages the resources to build a mobile/tablet/desktop-friendly web application.

PHP 7 has been released and your production environment needs to be upgraded. Apache 2.4 came out 5 years ago, yet you are running Apache 2.2. OpenSSL 1.1.0f is the current GA version, your servers use OpenSSL 0.9.8. A lot of companies have outdated software running in live environments, making them vulnerable to commonly exploitable weaknesses. Based on information gathered working with dozens of companies, it's commonplace to see servers running open source software that is 5, 10, or even 15 years old. A simple Google search for vulnerabilities on these older versions produces exploits and kits that any person can use to wreck your company’s share prices, data, and reputation. Learn how to protect yourself, your team, and your company from threats by these methods. We'll use some common techniques to upgrade and harden our servers, concentrating on PHP, Apache, and OpenSSL. Hardening the operating system needs to happen as well, but this session focuses on the software. Bringing your coworkers, employers, and colleagues on board with your migration plan will allow you to more easily move from the old to the new. We'll also cover the skills you need to learn, the resources available to assist you, and the methods to accomplish a migration that will result in a secure and robust production environment.

4

Hypothetically speaking, what if you wanted to change all of the lightbulbs in your house to use LED bulbs, but your current wiring didn’t support LED bulbs? You would need to re-wire your house, which would take a long time. In the meantime, you wouldn’t have any working electricity. Is there a better way? What if there was an adapter that could transition LED to work with old wiring if necessary, or if the wiring was new, just work as usual? That’s a metaphor for how I figured out how to gradually upgrade a legacy (LAMP) code base to be compliant with PHP 7.0. Since PHP deprecated the MySQL extension functions as of PHP 5.5.0 and removed in 7.0, we needed to transition a LOT of code in a legacy system to use the modern MySQLi extension functions. In trying to figure out how to upgrade the code base without ceasing new development on the system, we decided to use an adapter database class to allow us to transition gradually. In this session, we'll explain how the adapter class works and also the rules we put in place to ensure there was an end to the transition tunnel.

Microservices… New architectural style oriented on splitting monolithic codebase into set of small and independent applications built around specific business needs. Microservices might be very useful in some situations, but they also can introduce a set of new problems to be solved, from designing to communication between microservices in production environment. During this session we'll introduce core concepts of microservices architecture, possible implementations using PHP, deployment strategies, and running applications in production environment. You'll also learn about patterns in microservices world; building blocks for your next complex projects. All topics will be presented in code, on real PHP 7 applications powered by microservices.

The Internet of Things (IoT) is fundamentally changing how we interact with the digital world. In this session we’ll explore the implementation of real examples which bridge the gap between the physical and digital world using PHP: asking Alexa for information within a PHP application; displaying API data on an Arduino-powered display; using PHP to control LEDs on a Raspberry Pi to monitor application uptime; and connecting IR sensors to Slack to see whether a conference room is in use.

7

Are you the kind of person who's too busy working to build robots with PHP? Well, you're missing out! Over the last few years, Christopher has built all sorts of useful robots (Internet of Things machines); to connect to virtual environments, automate the surroundings, or generally make life easier. All of these could be built using little more than the familiar PHP code used 9-to-5 jobs. Join this session to see some of the cool things you can do, with an Arduino, some useful PHP libraries, and a lot of imagination.

1

Making and keeping web applications fast is hard work, but also very rewarding and pays off very quickly with higher user satisfaction, increased usage, and better conversions. In this session we'll talk about all the lessons learned by working on application performance at ResearchGate: Why it is actually important, how you can convince your managers to invest time and money in it and what you have to do to measure and improve performance server and client side. Keeping a site fast is hard work, this session will contain lots of techniques that can be used and implemented to actually measure the performance and make the your web page faster.

2

With the introduction of Progressive Web Apps and web platform APIs such as persistent storage, payments, geolocation, and push notifications, the web platform is taking on native apps. One important aspect of Progressive Web Apps is the concept of building your app to be Offline First. With an Offline First approach, you design your app for the most resource-constrained environment first. This approach provides a consistent user experience whether the user's device has no connectivity, limited connectivity, or great connectivity. One of the biggest benefits of Offline First apps is that they can be very fast, as they provide zero-latency access to content and data stored directly on the device. The Service Worker API can do most of the heavy lifting when it comes to storing content and assets for Offline First Progressive Web Apps. A bigger challenge can be storing and sync'ing your app's data. One of the best answers today for offline sync for Progressive Web Apps is a combination of Apache CouchDB (an open source document database), Hoodie (an open source Node.js backend for Offline First apps), and PouchDB (an open source JavaScript database that syncs). This stack can provide you with the starting point for your own Progressive Web App mobile backend and frontend, and it's entirely open source!

1

Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You'll see the different approaches, advantages and disadvantages, and the contrast of this paradigm and other more conventional paradigms.

1

In this session we’ll walk through a case study of developing a PHP application using an API to interface with IBM i data. This is a great example of how IBM i developers can leverage their knowledge of business rules and authorization to help speed up the development of PHP applications. You’ll learn how ZF3, RPG, and Bootstrap were used to develop an application that: - Separates the front end coding from the backend - Optimizes the skills of IBM i and web developers - Works on both desktop and mobile devices - Integrates with other systems

4

If you've only ever experienced web development through a web framework, you're missing out. Have you ever been tempted to rewrite a codebase in your favorite framework? That's a smell that you need to come to this session. Being comfortable developing without a framework is a crucial skill to have for refactoring legacy applications. In this session you'll see how to harness the power of going "frameworkless" so you'll feel empowered to make better decisions in your next web project. Be set free from your web-framework ball and chain.

Failed projects are a reality of our business, with more than half of projects failing to come in on budget and on time. Yet despite the consistent failures and the platitudes for avoiding them, projects still fail with stunning regularity. Come learn why projects fail, and how you can break the cycle.

PHP is open source. But it’s only one part of the larger puzzle. Open source powers everything from droids to Mars landers. Justin Reock, who lives and breathes OSS, shares his vision on what open source truly is, what it can be, and how we all participate in this larger community. Mixing Ulysses, Stallman, and Heinlein with his own views, Justin examines the secret life of free software to answer: How do we power the cool things we want, build faster, better, and maintain free software? The Holodeck awaits.

8

This interactive session will outline a range of common vulnerabilities in websites. You'll watch Security Team members try to hack these sites and share their thought process as they go. You'll learn how to think like an attacker so you can better understand common vulnerabilities and we'll cover best practices for configuring and protecting your sites. Finally, we’ll share how the Drupal Security team oversees security across this global open source community.

0

One important concept in web application security is defense in depth. You protect your server, your network, your database, and your application, but what about the user browser? Can it be done? Yes! Several new technologies and protocols to assist security has been added to the browsers. Several should be added, activated, and configured from your web server or webpage. In this session we'll explore these technologies and learn how to use them. You’ll learn about the Robots meta tags (for crawlers indexing), browsing compatibility, XSS and clickjaking protection, SSL/TLS Control, and content security policy.

Are you wondering whether PHP frameworks are worth using when developing your applications? In this session we’ll explore the concept of PHP frameworks, and compare three popular frameworks (ZF3, Expressive, and Laravel) and show you how to get started with all three on the IBM i.

1

Do you really need to worry about using open source software in developing commercial applications? In this session we'll talk about the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks. We've all heard about security risks and license compliance risks associated with OSS, but how do you identify these risks and how do you manage them? After this session, you'll have the information to better understand how to assess these risks. It will provide you with no nonsense steps to take to manage your OSS so you can rest easy and not worry if these issues will affect you or your business. The session will include: - Key risk areas and how to identify them - Common use case scenarios - Understanding and developing risk remediation strategies for OSS use

7

Do you have multiple PHP projects with the same or similar logic? Are you sick of your team copy pasting code from one project to another? Let's talk about pulling all that shared code into one (or more) libraries and how to implement them in your projects via Composer. We'll also be touching on related topics like Statis, Packagist, Toran proxy, Composer settings, code structure, autoloading, and strategies to use when refactoring classes into your new library. Quit duplicating code and come check out this session!

2

Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.

2

Design a secure web application is definitely not a simple task! There are many aspects to consider like how to sanitize the user input, how to provide authentication, how to manage the permissions, how to escape output, etc. Using middleware, we can simplify most of these aspects thanks to the pipeline nature of this architecture design. We'll demonstrate how to implement security by design using middleware and the PSR-7 standard.

Data redundancy, computing clusters, load balancing, fail-over mechanisms, each of these individually addresses one potential issue, but none treats systems in your organisation holistically for maximising business revenue. You'll learn how to stop hating your existing infrastructure, prepare it for the leap to high availability using simple and intuitive changes that your DevOps team will love. Silos are a clever method of grouping servers in such a way that they can be scaled both horizontally and vertically, depending on the actual application needs. Most importantly, it frees you from over-optimizing the architecture upfront, by allowing fine adjustments easy to integrate in your Agile workflow. And they offer real A/B testing for your infrastructure and backend code. Then we'll look together at the awesome new things that you can do with your new silo superpowers. You'll be able to impress not only your fellow tekkies, but also marketing with helpful new tricks.

By the end of year we'll receive a brand new Symfony version on which we'll get an easier to use more flexible framework on our hands. Symfony team plans some deep changes on framework while it's still have a solid base. Say goodbye to old style bundled improvements and welcome auto-configuration. Symfony 4 will support only PHP 7 so there will be some deprecations from 3.4 version. The main purpose is to bring an improved developer experience to Symfony users as basis of the framework keeps strong as always. This presentation will cover all news from a developer sight.

Chatbots and conversational agents have become very popular in the recent years and there is a huge research effort to automate conversations in several applications. What are Chatbots? How can it benefit you? How do you write the code for it? These questions will be answered during the session with step by step directions so you can easily follow along. Come join us and build your first Chatbot in less than an hour!

What's the benefit of microservices? They are easy to maintain, easy to link and easy to scale. Theoretically. The tiny sample app "Particulum Mobile" gives us an introduction into the power, flexibility and simplicity of Zend Expressive as the basis for microservices. Let's talk in this session about a straightforward process to deploy the Zend Expressive part - and a HTML/JS frontend - to a Docker Swarm and see how it scales!

In this session we'll review three customer account stories where the combined PHP and IBM i solution is really changing the game for the company. We'll also talk about the latest and greatest product features and get the inside scoop on what's coming up soon.

HTTP/2 (H2) is coming, and along with it a whole new way of communicating over the web. Connection re-use, prioritization, multiplexing, and server push are just some of the features in H2. In this session we'll look at the HTTP/2 protocol, and at how we can use asynchronous request now with HTTP/1.x. We'll also look at what asynchronous requests and H2 mean for your API and clients in the future.

From ReactPHP to Facebook Hack's Async implementation and many more, asynchronous programming has been a hot topic lately. But how well does async programming support work in PHP and what can you actually use it for in your projects? Let's look at some real-world use cases and how they leverage the power of async to do things you didn't know PHP could do.

When you're a business with an online presence, achieving a 99.999% uptime is critical. Yet with many small to medium businesses, this is usually either a prayer or a reliance on the in-house IT person to figure things out. In some cases, you rely on a service provider, such as a hosting company, or the managed team assigned to your virtual machine. All in all, it's never really an implementation decision. In this session we'll look at how we can use small to medium businesses can take advantage of the cloud, and use some of the open source tools available to build a solid cloud architecture.

3

The IBM i platform is widely recognized as a supreme apparatus for complex elaborations. The modern, web-based workflows are forcing IBM i based corporations to expand the horizons of its deliveries. Is it truly necessary to denaturalize such a data driven, secure, mean machine? The session will explain how to guarantee the web consumption of the powerful business logic already existing in every IBM i platform, from any kind of device, in a secure and performant manner. The fulcrum enabling these workflows is Zend Apigility, a modern framework for building best-of-breed APIs in no time. The code examples will show typical HTTP-based interactions originating from all sorts of consumers (classic web pages, single page apps, handheld devices, etc.).

If you're new to using Zend Studio, or if you haven't yet had training in using this tool, you may not be aware of many of its features, some of which can save you a lot of time and frustration. Zend Studio is the PHP editor provided free to IBM i customers with a full year of free support and upgrades. Using a live version of Zend Studio, we'll cover some basic concepts of the IDE and demonstrate some popular features and techniques. We'll discuss perspectives and contrast the Remote System Explorer with the PHP Perspective, and demonstrate some of the advantages of the PHP perspective for developing larger projects. We'll also cover editing shortcut keys, creating templates, using filters, and more.

This session will dive into Composer's guts to see which choices we made worked and which ones did not. After six years and a few hundred thousand users, the Composer code has been through many iterations, problems, and successes. Let's have a retrospective to see what we can learn from it.

5

The original CRAY-1 Supercomputer was a 5-ton monster with just 8 MB of main memory, yet programming it can be a fun way to explore subtleties of PHP coding. In this session we indulge in programming "big iron" on "bare metal." We’ll look at CRAY-1 hardware instructions with the aim of understanding logic operations, boolean algebra, and octal arithmetic. As a Cray Research veteran, Edward has carried CRAY-1 logic design to both MySQL table design and PHP coding. After this session, you will as well. EDIT: The second "code" link is to the reading list.

2

Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP and learn about attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, code reviews, and unit and behavioral testing. Learn some helpful tips and tricks from experienced professionals within the PHP community as we review the latest blogs and discussions on best practices to defend your project.

1

Many frameworks and applications are bumping their minimum PHP requirement to 7.1; do you find yourself wondering why? PHP 7.1 contains new exciting features and improvements that can facilitate the life of many PHP developers. During this session we'll cover some of these new features like nullable types, catching of multiple exception, void return types, class constant visibility, authenticated encryption in OpenSSL, and more.

6

As you might have already heard from a grumpy individual, adding more tests to your codebase is crucial to its stability over time. This session isn't about adding tests to your PHP codebase, but adding tests to the PHP language itself. And the best part is, all the tests are written in PHP so you don't even have to dust off that old C book from college. In this session you'll see how to find untested parts of the PHP source code, how to write a test for the untested feature, and how to submit your tests to PHP internals. Not only will you be making PHP more stable and reliable, but there's a good chance the tests you write will give you a deeper understanding of PHP; knowledge you can use to improve your own codebases. Not to mention you'll be able to call yourself an internals contributor. Come on in! The water's fine!

1

The password is currently the most commonly used way to identify a user. It does not, however, have the level of security required to protect sensitive information. The addition of new identification factor allows to solve this problem. But what, where, when do you have them? In this session we'll see the concepts of strong authentication, the introduction of alternative free or low cost second-factor identification.

4

Spotting bugs is a skill developed over time with practice, but this session will put you on the fast track to being a bug exterminator! One day, your production environment will break and you have to reproduce it on your local box. Worst yet, getting XDebug wired up to step through isn't very straight forward when using Docker, Vagrant, or remote machines. In this session we'll cover how to properly setup XDebug in various situations. We'll cover how to use PHPStorm to step through your PHP and JavaScript code, and other neat features. We'll also cover how to profile your code to find slow bottlenecks in your app. Joshua will also share war stories of battles he's endured and what caused these issues.

3

Don't reinvent the wheel when developing PHP applications. Instead, re-use your valuable business logic. Reduce risk, speed development, reduce costs when developing web and mobile applications by calling RPG and COBOL programs, system commands, accessing data areas, and more, with the open source PHP Toolkit for IBM i, co-developed by IBM and Alan Seiden. The toolkit is free, flexible, supported by Zend and uses IBM's XMLSERVICE toolkit on the backend. In this session you'll: - Create a modern PHP-based graphical interface that uses RPG/COBOL/CL building blocks - Know when to access DB2 directly, and when to call a program - Optimize toolkit performance

Artificial intelligence products are all the rage these days. How do we, as LAMP stack professionals, ensure we embark this wonderful journey? After working on AI-powered applications for a while now, we'll show you how we built, with PHP, a devops chatbot that enables the release manager skip the confusing discussions with the tekkies and master the release process. Here are some questions you may ask Johnny: “What tickets are ready for QA?” “Prepare a release candidate and deploy it to QA” “When did we last install the API in staging?” “How did the traffic look for the last 36 hours?” “How many sales are there today compared with last week?” “What version of the API is installed in production?” “How many servers are we using now in the integration environment?” “What is the medium load across the cluster in the last three days.” “List the last three deployments in the way environment.” “Who ordered the update on release candidate?” AI is not scary, and there are a lot of awesome things you can do with it right from PHP. Johnny is our devops friend that we created, and we'll show you how helpful he is in our day-to-day tasks.

MySQL 5.7 was the most popular version of the open source database. But several legacy problems needed to be solved, performance increased, and new features added. The biggest change is a true data dictionary which removes all those odd little files with meta-data (.frm, myi, myd, etc) and provides transactional ALTER TABLEs. Plus you see Invisible Indexes, roles, CTEs/Windowing functions, UTF8MB4 support, and learn what happened to MySQL 6 and MySQL 7.

Them: We're Hiring! Me: Big deal, who isn't? There is a talent war going on in tech, everybody is hiring! These days’ developers have their pick of jobs, so why should they pick yours? If you say "because you pay more" then you've already lost. High salaries may get them in the door, but it won't keep them in the long run, and it won't capture their hearts and minds, only their wallets. You need a strategy that will engage your developers, something that will make them want to make your projects a success. You need to do more than hire developers and call them a team. You have to build a "Culture of Respect". This session is more than just a guide to help you find developers to hire. It’s more than just a guide on how to set up an effective method of interviewing developers. It teaches you the hard part, keeping them once you've hired them. It takes a lot of effort and money to find and hire developers these day, once you get them, you need to learn to hold on to them. "Culture of Respect" deals with why you want to invest the time and energy to build a team that developers want to be a part of. Once you understand why, you dive deep into how.

In this session we'll introduce the core concepts of unit testing and TDD — what it is, how it's done, why it matters — and then jump into doing it with one of the most time-tested techniques to comfortably start to get comfortable with the idea: code katas. Code katas are a systematic practice where you solve a specific code problem for about 25 minutes. After that, you throw the code away! This means they're the ideal safe places to learn new things and stretch our boundaries. We'll do one live front-to-back so you'll be comfortable taking the idea and doing it on your own.

In this session various IBM i centric experts will assemble for a rapid-fire Q&A session including folks like Rod Flohr, Mike Pavlak, Alan Seiden, and many more. No topic is off limits as long as it pertains to the web enablement of IBM i.

Gathering the data is not a problem today. The bigger challenge is how to understand this information and draw some conclusions. Fortunately, we can use some techniques like machine learning to teach computers how to learn from our data. Fast artificial neural networks, random forests, SVMs, classification, clustering - just to name a few concepts. We'll apply all these solutions to PHP applications to deliver automatic insights/predictions and create a real business value for a client. By the end of this session you'll be familiar with machine learning ideas and prepared to solve unsolvable problems in PHP.

Feeling hungry? You’ve came to the right place! As APIs have become increasingly more important and popular in usage in the past few years in web development, it is important to understand the basics of what they are and why to use them. We'll be going over the basics: The What’s, Why’s, Where’s, and When’s. You'll learn the basics of REST APIs and we'll show you how you can use POSTMAN to test making REST API calls. By the end of this session, you’ll be able to go home and make REST calls on any API.

Cluster management, decentralized design, scaling, load balancing, and rolling updates. These are some of the beneficial features of Docker Swarm. But how can you utilize them in conjunction with an enterprise PHP stack? Is Zend Server the right choice? What has to be considered from a DevOps point of view? In this session see how to provision and deploy a Zend Server Service, update a PHP app container, use a clustered session handling, and experience how networking is handled in a Docker Swarm setup.

Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four tales of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating the problem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks. We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system. While web security can be intimidating to beginners — including early-career web developers — it's not difficult to maintain a secure Drupal website. We'll share best practices and recommendations as to how to approach security for your site.

Everybody talks about refactoring, but what's the best way to actually refactor a part of your application? Come watch a live session where we'll refactor a piece of code and come away with a well-designed solution. Along the way we'll learn how to spot candidates for refactoring, and pitfalls to avoid.

You're not the DevOps guy, and you hate bash scripts. You want to deploy a scalable and secure PHP application, but you spend most your time in application code. This session shows you just how easy it can be to achieve security and scalability in the PHP ecosystem using Docker containers. By the end of the session, you'll be able to deploy an autoscaling Kubernetes cluster of PHP frameworks and microservices.

1

Markdown is one of the most popular markup languages on the web. Unfortunately, with no standard specification, every implementation works differently, producing varying results across different platforms. The CommonMark specification fixes this by providing an unambiguous syntax specification and a comprehensive suite of tests. In this session you'll learn about this standard and how to integrate the league/commonmark parser into their PHP applications. We'll also cover how to customize the library to implement new features like custom Markdown syntax or advanced renderers.

0

MariaDB is the new open source drop-in replacement for MySQL that has been adopted by IBM for use on Power Linux and IBM i. ZendDBi is the installer provided by Rogue Wave Software for installation of MariaDB on the IBM i. In this session we'll show how to use ZendDBi to install MariaDB and provide some important tips for post-installation. We'll also demonstrate troubleshooting some common installation issues. While most installations of MariaDB are trouble free, the troubleshooting procedures will give us a chance to understand a bit more about the operation of MariaDB on the IBM i. It'll also give us the opportunity to explore some concepts on IBM i that may not be familiar to some RPG programmers.

Code quality is not just for Christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code: no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code?

TBA