ZendCon & OpenEnterprise 2018
15 - 17 Oct 2018 at hard rock casino

6

Do you need to build an API? Are you paralyzed by the choices you need to make: What representation format to use, how to present errors, how to authenticate users? Will you be starting with a few endpoints, or many? Or gradually growing your API? Expressive is a middleware microframework that is incredibly suited to building APIs — particularly because we also provide packages for each of these API responsibilities. In this tutorial, we will demonstrate buidling a REST API using Expressive. It will provide representations using Hypermedia Application Language, error handling in Problem Details for HTTP APIs format, authentication using OAuth2, and demonstrate common concerns such as data validation and authorization.

In this workshop, we’ll cover different ways to test your PHP code. Our focus will be the tools and writing tests – we won’t get caught up in all the testing dogma. Instead, we’ll create a foundation in tools like PHPUnit, Mockery, and Codeception so you can make the decisions about what testing tools and strategies work best for you and your code. So if you’re looking to start testing your PHP code, or learn other PHP testing tools, this workshop is for you.

0

Say you’re ready to deploy your new, functionality-rich application to users, but will it perform? Learn how to ensure excellent performance for your PHP applications running on, or connecting to, IBM i. We will cover the entire ecosystem in depth: how to measure performance and identify bottlenecks, optimize your use of frameworks, learn Zend Server performance tools, DB2 best practices for performance with PHP, the fastest ways to call RPG or COBOL programs, including stored procedures and special tips for the toolkit, IBM i tools that make performance troubleshooting a pleasure, how to determine optimal Apache and FastCGI settings, tips on connecting to IBM i from a non-i PHP server, and how to optimize front end code (CSS, javascript, etc.). Bring your specific performance questions for us to answer. This workshop contains material not available anywhere else. You will return to your office brimming with ideas to make your application fly.

3

Did you know that Docker can be used to validate tools that help deliver defect-free code for life-critical applications? In this tutorial, we’ll offer hands-on learning for launching, provisioning, re-using, and sharing Dockers containers as developed by the Klocwork static code analysis team for its build and test infrastructure. Recently moving away from the traditional virtual machine environment, Docker significantly boosted the reliability and turnaround time of both software builds and tests, ensuring that the tools that validate safety- and mission-critical code maintain a high level of quality. Workshop attendees will: - Discover the difference between containers and virtual machines - Learn how to download Docker images, and from what locations - Become familiar with the essential Docker commands - Learn how to provision Docker images, creating the right container for your needs - Determine how containers interact with the host and the multitude of available run-time options

The Zend PHP Certification is the industry standard to test a candidate’s knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Zend Certified Engineer (ZCE) by one of the authors of the certification. We’ll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge.

TBA

1

With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code. In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.

2

In this tutorial, we’ll cover from beginning to end, setting up a scalable AWS ECS cluster running your PHP application. We will cover creating a Jenkins server via Terraform and setting up a continuous delivery pipeline within it. We’ll use Jenkins to manage your cloud infrastructure & environments using some open source Terraform scripts. We’ll go through the steps needed to get your PHP app packaged in a Docker image and deployed to AWS Elastic Container Service. You’ll see how to match your environments as closely as possible from local to live and some things to watch out for in this workflow. You’ll need an AWS, Docker.io, and GitHub account for this Tutorial. For a meaningful setup you’ll want a paid AWS account and if you want private repositories/images, then you’ll want a paid Github and Docker Hub account also. At the end of this tutorial, you’ll be able to push some code to GitHub and your Jenkins instance will automatically pick that change up to test, build, plan, and deploy your PHP application to the cloud. We’ll also show you how to rollback code; update composer dependencies; build Docker images; manage resources; and setup RC, QA, staging, and other environments. Please come prepared by pre-signing up for these accounts and having an editor capable of editing PHP, Groovy, Bash, Dockerfile, HCL (Terraform), and JSON.

Last year, I discussed hardening Apache Web server with Apache Tomcat behind it. There was a lot of interest in hardening Apache and recommendations. We will review possible exploits and how proper mitigation can prevent breaches. Apache has a lot of security holes, especially in older versions. While upgrading fixes a lot of problems, there will always be exploits. We want to demonstrate a system that is reliable and robust, with the least amount of information exposed to the public. Additionally, there will be a review of some standard configurations you can build from to protect your environment.

The modern enterprise landscape is a hybrid of heterogeneous technologies and disparate endpoints. In this talk, we’ll discuss ways that you can leverage the flexibility and sophistication of ActiveMQ’s message processing and Camel’s normalized routing to federate your front-end applications with back end services. Beyond integration, we’ll discuss the user experience benefits that come with processing tasks asynchronously, rather than forcing a user to wait for a task to complete interactively. The ActiveMQ and Camel communities have made innovative leaps in the last few years, and we’ll look at what is available to you within these powerful, open source platforms.

The Zend PHP Certification is the industry standard to test a candidate’s knowledge of PHP and to aid employers to select suitable developers. Learn what it takes to become a Zend Certified Engineer (ZCE) by one of the authors of the certification. We’ll have a look at all topic areas, discuss common traps and required knowledge for each of them, and will provide you with background information on the test. The full-day tutorial will be conducted by the lead author of the certification and will feature a number of typical questions that resemble the layout of the actual test questions, giving you a realistic impression of the test itself and aiding you in self-assessing your current PHP knowledge.

3

Building PHP applications using domain-driven design (DDD) techniques results in code that is easier to modify, maintain, test, and makes for a better user experience. In this hands-on tutorial, you will become versed in the best practices for solving problems in PHP from start to finish. You will learn to: – Discover a ubiquitous language and identify changes in the design of PHP classes, methods, and problem solving – Assemble an incorruptible domain model in PHP by encapsulating business logic in immutable value objects, specifications, and entities – Employ best practices for persisting and accessing entities and aggregate roots in Doctrine and Zend DB and Hydrator – Use advanced PHP object-oriented techniques to simplify code and reduce state complexity – Plan for change by using the Hexagonal Architecture Pattern – Evaluate when and how to use CQRS techniques – Write your own DIY event sourcing and use libraries like EventSauce and Prooph – Introduce DDD to a “legacy” codebase – Discover recommended resources for learning more about applying DDD in PHP

Panel discussion about APIs during welcome reception in Artist B/C

Complexity is the enemy of security and there’s nothing more complex than the general-purpose computer: the gnarly hairball of Turing completeness that lets attackers exploit your lightbulbs to attack your printer so it opens a reverse shell to their C&C box. To a first approximation, a computer that can’t run bad programs is a great answer: just design a cellphone that can’t run FBI-proof encryption, or a set-top box that can’t run a Netflix streamripper. Mission accomplished! The problem is, the Turing Complete Minus One computer doesn’t exist; instead, these ideas always end up being rootkits by another name: a device whose non-admin-accessible hypervisor spies on everything you do and tries to terminate any “bad” processes. This is a catastrophically bad idea. What’s worse is that corporations and governments are converging on a set of incentives to implement this technologically bankrupt idea in everything with a system-on-a-chip, from your toaster to your tractor to your pacemaker to your car.

The modern enterprise landscape is a hybrid of heterogeneous technologies and disparate endpoints. In this talk, we’ll discuss ways that you can leverage the flexibility and sophistication of ActiveMQ’s message processing and Camel’s normalized routing to federate your front-end applications with back end services. Beyond integration, we’ll discuss the user experience benefits that come with processing tasks asynchronously, rather than forcing a user to wait for a task to complete interactively. The ActiveMQ and Camel communities have made innovative leaps in the last few years, and we’ll look at what is available to you within these powerful, open source platforms.

You’ve heard about Zend Expressive, PSR-7, HTTP messages, and middleware. How about a real Zend Expressive application that starts with CRUD, but goes beyond? How should models invoke RPG, DB2, SQL stored procedures? Where are “the controllers?” How do we handle issues like sessions, authentication, and access control with middleware? This is not the standard Sample Application; this one is for you, IBM i developers, with a 5250-based Order Entry/Lookup application to start from as a point of reference!

Who would have thought putting 140-character messages about one’s life online or having a virtual farm game could ever be popular? Then again, many of us have those weird (but sometimes brilliant) ideas. So you have the idea that will make you the next Twitter or Facebook. But how do you actually turn that into a successful service? What hurdles do you have to take and what pitfalls will you need to avoid?

Microservices are the latest shift in architectural design. Learn how implementing Kafka with your microservices architecture can allow for rapid and reliable inter-service communication. In this talk, we will demonstrate how Kafka communicates reliably between different services, how Kafka and Zookeeper interact, and how to establish availability and durability in your messaging framework. Finally, we will discuss the differences between Kafka and ActiveMQ, and which one is better for your architecture.

As a kid, do you have ambitions for the future? “When I grow up I want to become a …”. Maybe you wanted to become a fireman, an astronaut, a nurse, a teacher, or a police officer? As you grow up, these ideas evolve and get replaced with actual ambitions, actual hopes and dreams. These might be entirely different than your childhood dreams. But how do you reach these goals? How do you accomplish these dreams? By listening to your parents, friends, or teachers? By doing it yourself? Or maybe, you have given up and settled for a watered down version of the career and life you envisioned? People often attribute success to luck, and lack of success to incompetence. But what if I told you it’s all about controlling the variables? Luck is something that you can control in a way. The more you figure out the context, the key players, the relationships, the values, and the rules of the ecosystem in which you want to succeed, the easier it is to gain from it. The more variables you control, the easier it is to find potential opportunities and to bank on them. Maybe you didn’t get lucky, maybe you just saw it coming, and prepared yourself for it. In this talk, Thijs is going to share his experiences, his hopes, his dreams, and how he applies a positive mental attitude to level up in his career, and in life in general. This is not a growth hacking talk, but a simple set of tips and tricks to succeed, even if it seems like the odds are stacked against you.

With the explosion of consumer devices, designing flexible and device-independent optimized APIs has become increasingly challenging. This talk covers API design best practices for serverless microservice architectures, demonstrates core principles of microservices using sample PHP examples, and summarizes the lessons learned. This talk also covers highly-optimized API design using GraphQL to address versioning issues and device resource constraints.

If you’ve been working with virtual machines and want a smooth transition to containers, then this talk is for you. We’ll look at how to set up cloud architecture using containers with an orchestration layer using Rancher. We’ll cover setting up stacks, scaling containers, getting SSL established, and load balancing traffic between stacks and containers. We’ll also look at monitoring solutions and viewing the health of your containers.

This talk will cover what Kubernetes is and the working bits of Kubernetes, and even show examples of some of the components. It is a good starting place for PHP developers to get a grip with Kubernetes and start thinking about or even start using it. The talk also covers how Docker and Kubenetes work together to make a great infrastructure. I will also cover the self healing part of Kubernetes and why you would want to use Kubernetes.

0

A good web developer should know all major techniques used for faster web communication. This talk will review them for you and will show you how they can be applied in the embedded world where they are even more important. And that knowledge will be applied to a microcontroller where we will run an embedded web server and HTTP client. The slides can be downloaded from the link below: https://drive.google.com/file/d/1roL2R1lHxzXsbgf9w_cI5XiQEnkaasLI/view?usp=sharing

Can you find how much of your inventory is on hand or allocated? Which product lines your customers are buying, and in what volume? Can you do it hands-free? In this session, we demonstrate live how IBM Watson can help an inventory or sales manager understand how much stock is available, who is buying and selling it, and spot important trends. We leverage speech-to-text, text-to-speech, natural language processing, and good ol’ SQL, and train a chatbot engine to implement more than a chatbot: a hands-free, truly interactive application, powered by Watson in the cloud, using inventory, customer, and sales data.

4

Have you ever wondered about any of the following security concerns? - How to store user passwords - How to encrypt/decrypt sensitive information - How to authenticate users The Sodium crypto library, offered as a core extension of PHP since 7.2, is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more, solving each of the above problems. We will demonstrate each during this session, as well as present advanced features such as authenticated encryption, anonymous public-key encryption, and elliptic curve cryptography.

The MySQL Document Store is a NoSQL JSON document store that gives developers the ability to store data without setting up relational tables, finding a DBA, normalizing data. or using Structured Query Language (SQL). No more embedding messy strings of SQL in your beautiful code. By taking advantage of the MySQL’s new X Devapi, you can can do all the Create, Replace, Update, and Delete (CRUD) functions from within PHP (or your other programming language of choice). You get the best of both worlds as you can access your data with or without SQL on a stable well known technology that provides data replication and transactions. The session heavily covers how to build the X DevapI PECL extension, using the MySQL Document Store from PHP, and ways to exploit this new feature for your benefit. Plenty of programming examples so you can walk out knowing how to use the MySQL Document Store.

Panel discussion during lunch in Artist B & C

TBA

2

Legacy applications are full of supervillains scheming to halt modernizing efforts. But deprecated versions of PHP, frameworks, libraries, and more drive a never-ending battle to keep applications up to date, supported, and secure. This can leave any would-be superhero seeking how, what, when, and why. Join me as we consider real-life case studies of modernizations from various large legacy applications, and will share common evil-doers, ways to foil their plans, and how to eliminate vulnerabilities in the first place. See how to make refactoring your super power!

The Mongo command-line is not just for creating and manipulating documents. Unlock the true power of this document-oriented database. Explore features from basic commands to advanced concepts such as sharded cluster performance and management.

0

Using var_dump() to debug your app has its benefits but there are more comprehensive and efficient ways to debug those particularly elusive bugs. Enter step debugging. We’ll be using the PhpStorm IDE to step through our PHP apps line by line and see how much more power step debugging gives us over the conventional var_dump() technique. We’ll also touch on debugging from the command line. Learn to dance in PHP with step debugging.

Blockchain technology was originally developed to protect financial data, such as bitcoin mining, to securely send transactions. In addition to using blockchains for financial transactions, we are now starting to see solutions that include using blockchain technology to secure communications between devices. Researchers are finding that we can use blockchains to provide authentication between devices and in any application that requires data integrity as it prevents spoofing. In this presentation, learn the history of blockchain, how blockchains work, along with some practical applications of blockchains.

We all know how frustrating it can be when we deal with IBM i DB2 naming conventions in our codebase. Let me show you why and how Doctrine can take a lot of the frustration away. I will explain everything that is needed to get you started, down to the different query options. Please find the slides on slideshare under https://www.slideshare.net/GuidoFaecke1/doctrine-on-ibmi

Open infrastructure is everywhere, and it is software defined. The foundation of infrastructure software is hugely based on open source, providing better cost, security, scalability, and performance to the applications and services running on top. How do these applications relate to the underlying infrastructure? What open infrastructure options are out there? Kubernetes, Docker, OpenStack, KVM, baremetal…Which one is a better fit? In this session, we’ll use real-life examples from well-established companies to define the best practices when choosing open infrastructure technologies and vendors.

Technology has enabled small startups to disrupt and displace Industry giants. Now more than ever enterprise organizations must constantly innovate to remain competitive. Utilizing open source software is one approach that enterprises are leveraging to enable innovation. Learn how the perception of open source software has changed over the years and why it is no longer just for startups.

With the ever-growing threat of data and compliance breaches, the security of web applications and APIs is business critical. Z-Ray provides PHP application developers with fine-grained insights about page requests, warnings and errors, events, and database queries. It can be integrated into Zend Server or used standalone for efficient debugging. But until now, Z-Ray does not track the data flow for security-related issues. In this talk, we present our integration of automated security analysis into Z-Ray. We use the deep insights provided by Z-Ray to greatly speed-up and simplify a static code analysis process. Due to the reduced analysis time, it can be used during development and testing of single components without the need to analyze the complete code base. At the same time, detected security bugs can be easily verified with one click by combining the collected information about the web requests and the results of a context-sensitive security analysis. We will cover technical insights about how Z-Ray can be extended, basics about static code analysis, and how both technologies can be combined to a new plugin that allows on-the-fly bug detection and verification.

2

DB2Sock is an open source utility created by IBM that allows you access your DB2 data from any web language—including Javascript—without the need for DB2 connection functions. Learn how to use DB2Sock to query your DB2 data or call RPG/CL/COBOL programs using examples in Python and PHP. Bonus material will include how to contribute to this open source project.

3

Want to build software that is more testable, easier to modify, and has fewer lines of code? Architecting with more immutable objects that are always in a valid state is the most important lesson I have learned in building better software applications. Using immutable value objects will lead to less checking, fewer bugs, and more DRY code, and will help avoid the “spooky action at a distance” problem in PHP. We will also learn how to use immutable objects and immutable collections to improve design of our mutable entities. Lastly, we’ll see how immutable objects and functional programming can reduce complexity.

1

With the extensive amount of testing performed on large scale software projects, build, test and verification teams often experience lengthy wait times for test results, delaying the entire fault identification and resolution process. How can large-scale test teams take advantage of containerization and Amazon Web Services? Amazon Web Services (AWS) provides users with the capability to quickly and easily spin up numerous Amazon Machine Images (AMIs) on demand, allowing them to be provisioned for hardware specs using one of many instance types available in AWS. This provides users the ability to spin up a plethora of AMIs for specific purposes. To ensure repeatable, reliable and stable results, the Docker framework is used to create “canned” operating systems that contain all the required dependencies within these AMIs. The Docker images are run on AMIs and provide a renewed clean environment every time. Using this combination of technologies, users can create powerful frameworks that complete complex tasks in a timely and reliable matter. Furthermore, the use of Docker enables developers and testers to quickly replicate build and test failures in the exact environment they occurred in without taking resources away from automation frameworks and without interfering with any currently running frameworks. Come to this track to find out the secret sauce and recipes on how to make this all happen.

1

Cryptography is the invisible layer protecting everything around us. As software engineers, we are required to have some understanding of cryptography. Most of us only have a cursory understanding. Let’s dive deep into algorithms and modes for encryption, digital signatures, hashing, and key derivation. To get the most from this presentation, it is expected that you have a basic understanding of cryptography.

2

Yes, “PHP-1701-A” or better known as “Enterprise PHP” really is a thing. Enterprise level companies do have conventions when choosing what frameworks, libraries, and tools are used by employees to create their applications. Some are obvious, while others are hidden and not what we’d normally think. In this talk we will discuss elements and characteristics that are considered by enterprises, and what should be included. Attendees will learn how to better choose or create “Enterprise Ready” applications, and possibly what they should consider in their day to day coding.

0

The days of hand-crafted artisanal servers are long over. Modern web applications need to be able to run on many different servers without code changes – not just different hosting providers, but different environments on the same hosting provider. Whether you’re using a legacy dev/stage/prod setup or a modern branch-is-environment host, modern hosting imposes some requirements on your application design but also offers a huge potential for new and powerful tools. In this session, we’ll explore some key guidelines for building a cloud-friendly application, as well as look at some architectural options that a modern hosting platform enables.

Need to build a RESTful API in weeks versus months? In this talk, we will cover the biggest PHP Frameworks and what they offer towards building APIs quickly. We will show example APIs with frameworks built in Zend 3, Symfony 4, Laravel 5.6, CakePHP 4, and some micro-frameworks like Lumen and Slim. We will cover some clear differences in each framework and share my experience working with a few of them in the real world. We’ll cover best practices like versioning, testing, proper logging, and error handling, security, docs, and more. I’ll share the pros and cons of architectural decisions you need to make when building an API and ways to improve performance. There are also many different API development tools, libraries, and platforms we will touch on like “API Platform,” FOSRestBundle, Apiato.io, Apigility, and a few other notable mentions. After this talk, you should have a basic understanding of your options out there in the PHP ecosystem and have a better insight into what suits your needs best.

1

MariaDB is the new open source drop-in replacement for MySQL that has been adopted by IBM for use on Power Linux and IBM i. ZendDBi is the installer provided by Rogue Wave Software for installation of MariaDB on the IBM i. In this session, we’ll show how to use ZendDBi to install MariaDB and provide some important tips for post-installation. We’ll also demonstrate troubleshooting some common installation issues. While most installations of MariaDB are trouble free, the troubleshooting procedures will give us a chance to understand a bit more about the operation of MariaDB on the IBM i. It’ll also give us the opportunity to explore some concepts on IBM i that may not be familiar to some RPG programmers.

1

Whether you’re building an application in a DevOps + Security culture or have already bridged the gap with DevSecOps, the task remains the same: How do you ensure that security best practices are understood, architected for, and integrated into your application from day one and remain relevant year one. During this talk, I’ll focus on how to achieve these goals amidst the ever changing landscape of people, process, and technology in the cloud, in the context of various compute environments like instances, containers and serverless functions, and how to do so using off-the-shelf AWS services and features. I’ll complete the story by accompanying this discussion with a reference application architecture and examples. Attendees of this talk will receive actionable best practices and guidance, with specific implementation details for AWS using PHP and the AWS PHP SDK.

4

If you’re new to Docker, the lingo can be more than a little daunting. Containers? Stacks? Images? Services? What’s the difference between “docker stack ls vm” vs. “docker service ls”? What are all those toggles and do I need them? Where did all my logs go, and what the heck is a swarm? In this presentation, we’ll go over the lingo and explain some of the hidden gems in the list of commands that every developer should know.

A journey through the history of MySQL and MariaDB highlighting the unique relationship between MySQL and PHP. Monty will look at key events from when MySQL was created to the sale of MySQL, the creation of MariaDB, and how MariaDB has replaced MySQL in almost all Linux distributions. The talk will also cover the most unique features of MariaDB that sets it apart from MySQL.

“Clean code” is code that communicates. But how do we write clean code? In this talk, we’ll look at nine simple practices that will help you write clean code. We’ll see how each one reduces complexity and improves readability. Don’t worry though, we’re not just going to “talk.” All of these practices will be shown with live coding demos to reveal all of the little steps involved so you can go and start cleaning up your own code.

Application security is more important than ever, but as enterprise architectures increase in size and complexity it is also more complex than ever. John Saboe got his start in application security from a developer perspective and has continued to be an advocate for building architectures the right way – including security concerns from the start – throughout his career. John will cover application security basics, demystifying some of the common terminology and standards, and introduce resources for further learning. He will also discuss examples from his own experiences as an application security consultant, as a developer, supporting architectures, and designing new architectures with security in mind.

Last year, I discussed hardening Apache Web server with Apache Tomcat behind it. There was a lot of interest in hardening Apache and recommendations. We will review possible exploits and how proper mitigation can prevent breaches. Apache has a lot of security holes, especially in older versions. While upgrading fixes a lot of problems, there will always be exploits. We want to demonstrate a system that is reliable and robust, with the least amount of information exposed to the public. Additionally, there will be a review of some standard configurations you can build from to protect your environment.

1

Debugging an issue in PHP can be hard. Debugging a segfault in PHP is even harder. This talk is about helping PHP developers, with no prior C knowledge, to analyse and understand better the reason(s) for a segfault and ways to fix it. This is a practical talk which will demonstrate the usage of free/open source tools.

0

500 internal server error? Wait, now it’s a 404 error. I think it’s actually a syntax error. And now my program call isn’t returning anything. My page doesn’t look right, and my Javascript is not working. In this session, we cover the spectrum of debugging from server all the way to the browser with my tips and tricks learned in my 15 years of web application development experience. Learning objectives: - Analyzing Apache logs and Apache server issues - Debugging your PHP code - Debugging program calls, DB2 and library list issues - Debugging Javascript and CSS

3

With PHP 7.2 recently released, and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it’s time to paint a clear picture on not just why everyone should move to 7.x, but on how to get code ready for the latest version of PHP. In this talk, we’ll look at some handy tools and techniques to ease the migration.

This talk goes over what Docker is and how to use it. This covers the basics of Docker and will get most PHP developers up and running with it. Docker can replace slow systems like Vagrant and also set up developers to be able to easily get started using Kubernetes. Also with Docker, developers can take power of things like Amazon ECS and many other cloud platforms. Most of this talk is given with demos and explaining wheat each bit is doing.

In this three-part talk, we will first analyze the fundamentals of common security protocols such as Oauth1.0/2.0, Three-legged and Pin-based Auth. Next, we will review the security models of Facebook, Twitter, and Google APIs in the light of the aforementioned protocols. Finally, we will apply our learnings to construct a comprehensive security model using a dedicated trust server, handshaking token, hierarchical security matrix, and dynamic secret sharing.

Have you ever thought about how to get a good base setup for your next ZendFramework project? Have you never understood why others always talk about layers, or why API centric might be better? Let me guide you through the process of setting up your project in a interesting and alternative way. We will cover topics like database abstraction layers, model layers and service layers. We will also discuss good use cases for VO’s and Entities.

1

Websites, web applications, and APIs, they all speak HTTP. As a developer, most of us are familiar with HTTP but when it actually comes to creating cacheable web content, there is still a lot to be learned. In this presentation, I will show you how to leverage specific headers to achieve a maximum hit rate without losing touch with some of the challenges of real-life web projects. These best practices will be illustrated by applying them to a Symfony 4 application. The following topics will be covered: - The syntax of cache-control headers - How to use cache-control headers to control whether or not to cache - How to use cache-control headers to control the time to life of our cached objects - How to deal with cookies - How to separate stateful from stateless content - How to architect content blocks in your code using Edge Side Includes, HInclude, and AJAX - How to boost your performance by adding a reverse cache proxy like Varnish - How to invalidate your cache - How to leverage content delivery networks - How to create cache variations - How to reduce backend load and bandwidth by performing conditional HTTP requests - How to cache content for logged-in users by using JSON Web Tokens

You may have heard about the latest news with open source: RPM’s! As a system administrator, you may have lots of questions: - What does this mean for me? - Why the switch? - What new skills do I need? - How do I sanely manage open source on my system? Come to this session to demystify the bold new world of RPM’s! Also, learn about containers. We’ll introduce the ibmichroot (IBM i Chroot) open source project. Think of this technology being similar to being able to create a bunch of micro instances of IBM i all on a single instance of IBM i. This technology is excellent for those running applications in PASE such as Node.js, Ruby, Python, and PHP.

This is a classic example of older technology not being used to its fullest, which Justin proves by walking through little known configuration and optimization tricks that get data flowing reliably and efficiently – even for today’s complexity and scale. This session covers: A – Camel basics, understanding Exchanges, Routes, and how to implement EIPs with them B – Examples of real implementations of common EIPs like Content Based Routers and Recipient Lists C – Integration of Camel with common endpoints, like JMS, FTP, and HTTP

Instead of letting her experiences with bullying, harassment and discrimination tear her down, Janice Levenhagen-Seeley focused on creating ChickTech – a community empowering women to pull each other up. Using examples from her own life and drawing on anecdotes from the open source community at large, Janice shares how you can create powerful change in your community and beyond. By implementing these ideas and pulling each other up, we can create sustainable, inclusive, and successful open source communities together.

A tour through different useful applications of serverless computing and tools to use across different cloud providers, followed up with a walkthrough of a completely serverless application that I built to demonstrate some of those uses. I first go through what serverless computing really is and clear up some confusion that arises around serverless computing versus frameworks that have adopted the name. This leads into a brief tour of the popular serverless frameworks that are out there and how useful each one is. This is followed by a tour of cloud provider’s serverless offerings (AWS Lambda, Google Cloud Functions, Azure Functions, IBM Whisk), then a high level overview of the application I built and what it consists of, and things to watch out for when you build a fully serverless application.

0

DB2’s ever-expanding capabilities can simplify development in open source languages such as PHP, Ruby, Node.js, and Python. These languages, known for their ease in building web and mobile applications, can run most types of SQL, but why complicate them with repetitive database code that distracts from their power and simplicity? This talk shows examples of how to reduce tedious coding by using such DB2 structures as Views, User Defined Functions, stored procedures, Row and Column Access Control (RCAC), LIMIT/OFFSET, exciting new DB2 Services, and more. Security, performance, and ease of maintenance in the open source scripting languages will be the result of the recommendations and techniques given in this talk.

0

Open source has largely eaten the web. If you’re working on the web, you’re using open source software, somewhere – it’s virtually impossible to avoid. That’s because open source is a better, cheaper way to build software projects, and gets you lots of free help, too! Or at least that’s the myth. Is it true, though? What actually makes open source tick? Is it really better? Why? Why should organizations engage with open source, especially when it’s supposed to be free, dagnabbit! Let’s take a step back and examine just what the benefits of open source really are, and why open source is not a spectator sport.

A lot has been happening in the world of open source on IBM i! As part of this exciting adventure, customers are now trying new languages, compiling their own utilities, and using a large assortment of new tools. So, what does this mean for you? Come to this session for a quick glance at what technology is available and what IBM has been doing to ensure the IBM i customer can leverage the great business value in open source. Also, learn about the open source community and how you can participate in this exciting frontier!

Cyber-attacks have resulted in billions of dollars in lost revenue and production. Cybercrime losses in the US went up to nearly five billion during the past four years. Many players are involved in cyber-attacks, including hackers, organized crime gangs, and nation states, as the motivation for most malware attacks is profit. In this presentation, learn essentials of cybersecurity, including risks, threats, vulnerabilities, and malware. Learn ways to mitigate overall risk by understanding network security basics, ensuring physical and personnel security, use of cryptographic techniques, preventing social engineering and phishing attacks, and some of the laws and regulation that drive the overall need to secure an organization.

MySQL 8 is a big departure from earlier versions of the most popular database on the web. You can use histograms to radically decrease query time on secondary indexes, use NO WAIT & SKIPPED LOCKED qualifiers to avoid record contention, and use the Contention Aware Transaction Scheduler instances with extreme resource conflicts. All that, and how to use optimizer hints, invisible indexes, and roles!

3

Randomness is really important in many cryptographic contexts. Unfortunately, true randomness is a non-trivial achievement for computers. In fact, using weak sources of randomness can leave your application open to myriad vulnerabilities. Enter a good cryptographically secure pseudorandom number generator (CSPRNG). We’ll discuss the importance of using good sources of randomness, the CSPRNG options we had in PHP 5, and how the new-goodness CSPRNG functions in PHP 7 work under the hood.

Learn how to construct applications using the PHP driver for Mongo. Understand the pitfalls of schema design and learn how to properly select and create an index. Explore how to condense large loads of data using Mongo’s Aggregation Pipeline and MapReduce.

2

Artificial Intelligence is taking the world by storm, fueled largely by the introduction of the elastic compute resources in public cloud. If you’ve recently shopped online, searched the web, or streamed a video, you’ve almost certainly interacted with systems powered by AI. These systems are built on powerful Machine Learning (ML) algorithms, that until recently, required large time and financial commitments, as well as specialized knowledge and experience to properly develop, train and test. This is not so any more — the power of cloud computing has brought ML to the masses. Every developer now has the ability to leverage powerful ML resources of the cloud and bring the benefits of AI to their customers and users. But … where do you start? What services can you use? What services should you use? How do you integrate those services into you application? During this session we’ll answer those questions, and more, while building an AI-enabled PHP application. We’ll review ML, introducing common concepts, terms and language. Then, we’ll look at what ML services AWS provides and talk about which of those services is the right match for your application and for your team & skill set. Finally, we’ll walk through a real-world design and demo the resulting PHP application. You’ll walk away from this session with the confidence and knowledge necessary to make the right choices for your own application. You don’t have to be an AI/ML expert to attend this session, nor do you need AWS experience. We’ll keep that at a fairly high level. But we will be walking through PHP code examples, so some familiarity with the language would be beneficial.

0

Most of the time, for most people, Zend Server for IBM i installs simply and runs without any incidents. Most of the time, but not always. Rogue Wave Software support has seen it all, and over the last dozen years we have accumulated many tips, workarounds, and trouble shooters to assist with the most common issues that seem to pop up. In this session, we will review some of the more interesting and useful notes from our Knowledge Base, and in the process, shed a little light on how things work under the hood. Because in the long run, we have found, as is true for most things, that the best way to not have problems with a product is to understand how it works.

4

Heard a lot about Docker but not sure where to start? In this presentation, we will go over the simplest ways to convert your development environment over to a Docker stack, including support for full acceptance testing with Selenium. We’ll then go over how to modify the stack to mimic your production/pre-production environment(s) as closely as possible, and demystify working with the containers in the stack.

TBA