Open source ecosystem
"I don't care about technology I care about sales!"Slavey Karadzhov
This is a technical session in which the speaker will share his knowledge about migrating legacy PHP projects to PHP 7. This session is divided in two parts. The first part will explain the advantages that we have seen in real-life large PHP applications. The second part will describe the steps needed to get there and what you should be aware of in order to better plan your PHP 7 migration.
An Analysis of the Quality of Libraries in the Packagist UniverseClark Everetts
How do you find a truly reliable, well-built, and tested package? Do you have concerns about the overall quality and security of third-party libraries and packages you rely upon as dependencies in your code? Does quality have anything to do with number of reported downloads? Come see the results of our analysis of the quality of components available through Packagist - some popular, some under-appreciated - using various PHP QA Tools. Then, see a code module "before-and-after" some refactoring to change the values of a few specific QA metrics, one at a time. Time to relate those abstract metrics to real code!
Asynchronous Messaging Processing with ActiveMQJustin Reock
The modern enterprise landscape is a hybrid of heterogeneous technologies and disparate endpoints. In this tutorial, we’ll discuss ways that you can leverage the flexibility and sophistication of ActiveMQ’s message processing to federate your front-end applications with back-end services. Beyond integration, we’ll discuss the user experience benefits that come with processing tasks asynchronously, rather than forcing a user to wait for a task to complete interactively. The ActiveMQ community has made innovative leaps in the last few years, and we’ll look at what is available to you within this powerful, open source platform.
Browser Serving Your Web Application SecurityPhilippe Gamache
Build a Bot Workshop: Async PrimerAdam Englander
Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.
Build your APIs with ApigilityChristian Varela
Immerse in the API world with Apigility. Learn how to take advantage of this tool to create APIs from scratch or to expose current functionality from an existent system. You'll learn the core API concepts, processes, functionality, logic, and in general how you can create good APIs, including documentation and all the considerations you must have.
Building a Real API Using Command PatternAnderson Casimiro
It is. We'll start from a simple Symfony Microkernel application. Then change the Kernel to use Controllers as Commands and build classes to serve Data and Interaction to endpoints. Then we'll create tests for logic and behavior. Then we'll create more routes. Then we'll connect to a database. Then we'll improve it more. The intention is not to show "how to build an API from scratch" but evolve a Symfony Microkernel project as a Flexible Framework and explore more possibilities using Command pattern to split HTTP logic from business logic.
Building a Solid Cloud Architecture for Small to Medium BusinessesAhmed Dirie
When you're a business with an online presence, achieving a 99.999% uptime is critical. Yet with many small to medium businesses, this is usually either a prayer or a reliance on the in-house IT person to figure things out. In some cases, you rely on a service provider, such as a hosting company, or the managed team assigned to your virtual machine. All in all, it's never really an implementation decision. In this session we'll look at how we can use small to medium businesses can take advantage of the cloud, and use some of the open source tools available to build a solid cloud architecture.
Building Interactivity with WebsocketsWim Godden
The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it, as well as when not to use it. Websockets are the new way of providing live interactivity with users, in many cases replacing the need for Ajax requests alltogether. This relatively new technology isn't always as straightforward as it may seem though, as will be demonstrated in several examples.
Chatbots are Fun! So Let's Build One!Tessa Mero
Chatbots and conversational agents have become very popular in the recent years and there is a huge research effort to automate conversations in several applications. What are Chatbots? How can it benefit you? How do you write the code for it? These questions will be answered during the session with step by step directions so you can easily follow along. Come join us and build your first Chatbot in less than an hour!
CommonMark - Markdown Done RightColin O'Dell
Markdown is one of the most popular markup languages on the web. Unfortunately, with no standard specification, every implementation works differently, producing varying results across different platforms. The CommonMark specification fixes this by providing an unambiguous syntax specification and a comprehensive suite of tests. In this session you'll learn about this standard and how to integrate the league/commonmark parser into their PHP applications. We'll also cover how to customize the library to implement new features like custom Markdown syntax or advanced renderers.
Continuous Delivery with Jenkins, Terraform, AWS, and DockerJoshua Copeland
Create an API centric systemChristian Varela
Designing Responsive IBM i Web and Mobile ApplicationsChelsea Fenton
IBM i organizations benefit when users can access web applications from both desktops and mobile devices. But how do you accommodate all of the different device types without spending valuable time developing multiple versions of your applications?
Attend this session to learn:
- What responsive design is
- How Bootstrap makes it easier to create responsive web applications
- How to install Bootstrap on IBM i
- How you can use Bootstrap with PHP
Domain-Driven DataBradley Holt
There are many types of databases and data analysis tools from which to choose today. Should you use a relational database? How about a key-value store? Maybe a document database? Or is a graph database the right fit for your project? What about polyglot persistence? Help! Applying principles from Domain-Driven Design such as strategic design and bounded contexts, this session will help you choose and apply the right data layer for your application's model or models. We'll explore traditional relational databases, graph databases, document databases, key/value stores, polyglot persistence, CQRS, event sourcing, and data layers for microservices.
Gitting the Most Out of Your Version ControlDavid Hayes
Git is everyone's go to method of version control. Our goal is to cover what it is, why it's important, and a few of the superpowers it unlocks. Of course, we'll touch on the basics:
- git status
- git commit
- git pull
But we'll also take some time to understand more powerful commands and features like cherrypick, bisect, and using alternative differential browsers for those hairy merges.
Going Bare - Writing the Web without a FrameworkSammy Kaye Powers
If you've only ever experienced web development through a web framework, you're missing out. Have you ever been tempted to rewrite a codebase in your favorite framework? That's a smell that you need to come to this session. Being comfortable developing without a framework is a crucial skill to have for refactoring legacy applications. In this session you'll see how to harness the power of going "frameworkless" so you'll feel empowered to make better decisions in your next web project. Be set free from your web-framework ball and chain.
How I Learned to Stop Worrying and Love Regular ExpressionsJordi Boggiano
This session will cover Regular Expressions from the basics to the darkest corners of this arcane art. Regular Expressions, at the core, come in handy to achieve validation and text manipulation tasks. In the day-to-day life of a developer, becoming comfortable with them opens up many more use cases. As one of the tortured souls that actually enjoys writing - and reading - regexes, Jordi will share his passion so that you too can see there is no reason to worry.
How to Go From Developer to StakeholderAnn Gaffigan
Technology is everything these days, and your skills as a developer are in high demand. How can you leverage your unique skill set and understanding of technology to climb the ranks in your company beyond “just a developer?” Ann will tell her story of going from underpaid full-time developer, to broke freelancer, to entrepreneur, and finally to partner and CTO. More importantly, she’ll tell you what she learned along the way about the art of persuasion, transparency as a trojan horse, indispensability, confidence, standing your ground, and ultimately how to be treated and respected as a leader and not an employee. Disclaimer: I cannot confirm or deny that I have a problem with authority and a thirst for power.
HTTP/2 and Asynchronous APIsDavey Shafik
HTTP/2 (H2) is coming, and along with it a whole new way of communicating over the web. Connection re-use, prioritization, multiplexing, and server push are just some of the features in H2. In this session we'll look at the HTTP/2 protocol, and at how we can use asynchronous request now with HTTP/1.x. We'll also look at what asynchronous requests and H2 mean for your API and clients in the future.
Identifying and Managing the Risks of Open Source Software for PHP DevelopersDave McLoughlin
Do you really need to worry about using open source software in developing commercial applications? In this session we'll talk about the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks.
We've all heard about security risks and license compliance risks associated with OSS, but how do you identify these risks and how do you manage them? After this session, you'll have the information to better understand how to assess these risks. It will provide you with no nonsense steps to take to manage your OSS so you can rest easy and not worry if these issues will affect you or your business.
The session will include:
- Key risk areas and how to identify them
- Common use case scenarios
- Understanding and developing risk remediation strategies for OSS use
Implementing LanguagesChristopher Pitt
Programming is hard. Making compilers is harder. Or so people think. The truth is that making a compiler is just a series of small steps, using regular language constructs. It's so easy, we'll make one in this session. Many developers (especially those who are self-taught) believe the lie; that making compilers is too hard for them. That they lack the tools and knowledge to bring their ideas about programming languages to life. There's a lot of complex thinking that goes into mainstream compilers, but that's no reason not to try! We can make less efficient compilers and interpreters which enable the same amount of power and flexibility as mainstream compilers. We could use tools like Parser Expression Grammars or JISON, but this session will look at something even simpler. Let's build our own cross compilers using regular expressions and a stack. Let's implement our own programming languages, in real-time.
Kubernetes is your DevOps GuyBrent Shaffer
You're not the DevOps guy, and you hate bash scripts. You want to deploy a scalable and secure PHP application, but you spend most your time in application code. This session shows you just how easy it can be to achieve security and scalability in the PHP ecosystem using Docker containers. By the end of the session, you'll be able to deploy an autoscaling Kubernetes cluster of PHP frameworks and microservices.
Lessons Learned Building the Composer InternalsJordi Boggiano
This session will dive into Composer's guts to see which choices we made worked and which ones did not. After six years and a few hundred thousand users, the Composer code has been through many iterations, problems, and successes. Let's have a retrospective to see what we can learn from it.
Leveraging Composer In Existing ProjectsMark Niebergall
Keeping external libraries current and organized can be a tedious and risky task. Converting those libraries from embedded inside a codebase to being included via Composer is a clean and efficient solution. Learn how to migrate and autoload those libraries, use the composer.json and composer.lock files, find new libraries, and run Composer commands. Use what you learn to clean and organize your codebase to make it easier to maintain, and more lean and better to work with.
Machine Learning for the RescueMariusz Gil
Gathering the data is not a problem today. The bigger challenge is how to understand this information and draw some conclusions. Fortunately, we can use some techniques like machine learning to teach computers how to learn from our data. Fast artificial neural networks, random forests, SVMs, classification, clustering - just to name a few concepts. We'll apply all these solutions to PHP applications to deliver automatic insights/predictions and create a real business value for a client. By the end of this session you'll be familiar with machine learning ideas and prepared to solve unsolvable problems in PHP.
Make your Application ExpressiveChristian Varela
Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You'll see the different approaches, advantages and disadvantages, and the contrast of this paradigm and other more conventional paradigms.
Meet Johnny the Deployer: A LAMP Stack Professional's Journey to Artificial IntelligenceGeorgiana Gligor
- “What tickets are ready for QA?”
- “Prepare a release candidate and deploy it to QA”
- “When did we last install the API in staging?”
- “How did the traffic look for the last 36 hours?”
- “How many sales are there today compared with last week?”
- “What version of the API is installed in production?”
- “How many servers are we using now in the integration environment?”
- “What is the medium load across the cluster in the last three days.”
- “List the last three deployments in the way environment.”
- “Who ordered the update on release candidate?”
Multi-factor AuthenticationPhilippe Gamache
MySQL JSON Data Use GuideDave Stokes
MySQL 5.7 provides a JSON data type. Previously you could store JSON formatted data in some sort of text field but then you would have to use REGEX which would reduce the quality of your work life, make your grumpy, and would be frustrated when you had to maintain it. Now you have over two dozen functions, can create materialized columns from JSON data that can be indexed for fast searchers, and can output data in JSON. This is a quick introduction for PHP developers to learn to incorporate this new data type with plenty of programming examples.
MySQL 8Dave Stokes
MySQL 5.7 was the most popular version of the open source database. But several legacy problems needed to be solved, performance increased, and new features added. The biggest change is a true data dictionary which removes all those odd little files with meta-data (.frm, myi, myd, etc) and provides transactional ALTER TABLEs. Plus you see Invisible Indexes, roles, CTEs/Windowing functions, UTF8MB4 support, and learn what happened to MySQL 6 and MySQL 7.
Nom Nom: Consuming REST APIsTessa Mero
Feeling hungry? You’ve came to the right place! As APIs have become increasingly more important and popular in usage in the past few years in web development, it is important to understand the basics of what they are and why to use them. We'll be going over the basics: The What’s, Why’s, Where’s, and When’s. You'll learn the basics of REST APIs and we'll show you how you can use POSTMAN to test making REST API calls. By the end of this session, you’ll be able to go home and make REST calls on any API.
Offline Sync for Progressive Web AppsBradley Holt
Open Source Applied - Real World Use CasesJustin Reock
For enterprises, it's rarely a single function causing your OSS problem, it's a combination of architecture, packages, or networks. Spend an hour examining real-world use cases and learn:
- Typical architectures (OSS, commercial, and more)
- Top issues we see in the field
- Top packages and why they're chosen
Particulum Mobile: Zend Expressive Microservices in Docker SwarmJan Burkl
What's the benefit of microservices? They are easy to maintain, easy to link and easy to scale. Theoretically. The tiny sample app "Particulum Mobile" gives us an introduction into the power, flexibility and simplicity of Zend Expressive as the basis for microservices. Let's talk in this session about a straightforward process to deploy the Zend Expressive part - and a HTML/JS frontend - to a Docker Swarm and see how it scales!
PHP Package Management with ComposerClark Everetts
- What PHP source code dependency management looks like, and what problem Composer solves
- How to install Composer (friendly to all developers, including IBM i developers)
- How to use Composer to install, update, and lock code dependencies to appropriate versions
- Autoloading in general, Composer's autoloader in particular
- The difference between composer.json and composer.lock
- What Semantic Versioning means, and what those version numbers communicate to you as developer
- Packagist, the public clearing house for Composer-managed packages
- Considerations when using Composer in development vs. production environments
- Important do's and don'ts when using Composer
- Intro to setting up and using a private repository
PHP Prepared Statements and MySQL Table DesignEdward Barnard
When using a PHP framework, standard practice is to use an Object-Relational Model (ORM) for database access. However, with high-volume logging and statistics-gathering, it pays to go "old school" with PHP prepared statements. Meanwhile, when MySQL tables quickly grow by millions of rows, table storage space becomes an issue. Our table design must focus on keeping these tables more compact and efficient. Here too, prepared statements simplify both coding and table design. This session will use CakePHP 3's excellent support for PHP prepared statements, but all concepts are native to PHP and apply to any project striking this use case.
Practical PHP Deployment with JenkinsAdam Culp
Developers would love to "automate all the things", but where do we start? What tools exist for automating? And what can actually be automated? If we don't have unit tests, can we still benefit from deployment automation? This session will show how a PHP application pulled from Git, complete with unit tests, Composer dependency management, and package creation, can be deployed flawlessly using Jenkins. Then see how "Dev" and "Ops" are supported by a system if the application breaks through automated rollbacks.
Rise of the Machines: PHP and IoTColin O'Dell
The Internet of Things (IoT) is fundamentally changing how we interact with the digital world. In this session we’ll explore the implementation of real examples which bridge the gap between the physical and digital world using PHP: asking Alexa for information within a PHP application; displaying API data on an Arduino-powered display; using PHP to control LEDs on a Raspberry Pi to monitor application uptime; and connecting IR sensors to Slack to see whether a conference room is in use.
Silo-Based Architectures for High Availability ApplicationsGeorgiana Gligor
Data redundancy, computing clusters, load balancing, fail-over mechanisms, each of these individually addresses one potential issue, but none treats systems in your organisation holistically for maximising business revenue. You'll learn how to stop hating your existing infrastructure, prepare it for the leap to high availability using simple and intuitive changes that your DevOps team will love. Silos are a clever method of grouping servers in such a way that they can be scaled both horizontally and vertically, depending on the actual application needs. Most importantly, it frees you from over-optimizing the architecture upfront, by allowing fine adjustments easy to integrate in your Agile workflow. And they offer real A/B testing for your infrastructure and backend code. Then we'll look together at the awesome new things that you can do with your new silo superpowers. You'll be able to impress not only your fellow tekkies, but also marketing with helpful new tricks.
There's a Middleware for That!Matthew Weier O'Phinney
Ever need to add authentication to an application? Or log HTTP messages? Maybe you wanted to trim trailing slashes from URIs. Or add security features such as CORS, Content-Security-Policy, or other headers. How do you easily enable the features, or enable them only for certain contexts within your application? The PSR-7 HTTP Messages specification created an ecosystem of PHP middleware that provide solutions to these problems! We'll cover creating an Expressive application that composes middleware from a variety of ecosystems in order to demonstrate that, in the end, there's a middleware solving every problem.
Transforming WordPress Search and Query Performance with ElasticsearchTaylor Lovett
WordPress traditionally uses MySQL. MySQL is a powerful relational database but falls short on complex multi-dimensional queries and search. At 10up, the largest WordPress-centric agency in the world, we use Elasticsearch and ElasticPress, our open source solution for integrating Elasticsearch with WordPress, to transform search and query performance on some of the biggest, most high-traffic WordPress installations in the world. This session will dive into optimizing Elasticsearch and WordPress for highly relevant search results and high performance.
Understanding Open Source LicensesDave McLoughlin
- How OSS licenses are enforced
- What are the main types of OSS licenses
- How to identify them
- What steps you need to take to ensure you are complying
Watch the Hacker HackMichael Hess
This interactive session will outline a range of common vulnerabilities in websites. You'll watch Security Team members try to hack these sites and share their thought process as they go. You'll learn how to think like an attacker so you can better understand common vulnerabilities and we'll cover best practices for configuring and protecting your sites. Finally, we’ll share how the Drupal Security team oversees security across this global open source community.
Web Security: Website Hacks and Heists, Be a Detective and Find out `Whodunnit`Michael Hess
Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four tales of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating the problem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks. We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system. While web security can be intimidating to beginners — including early-career web developers — it's not difficult to maintain a secure Drupal website. We'll share best practices and recommendations as to how to approach security for your site.
What You Need to Know Before You Deploy Your Next MongoDB ImplementationBill Crowell
You're days away from rolling out a MongoDB application to production. Your code and data model is set. Integration testing is successful, and the business has given its blessing after thorough testing. Performance testing commences revealing a critical issue on a common use case in your application. Any changes to your code will require a new QA cycle delaying your production rollout. What can you do?
NoSQL databases promise quicker iterations allowing you to deliver more functionality for your business, but there may be obscure signs of trouble you are overlooking.
This session will show you how to uncover performance problems before deploying to production, and empower you with knowledge of tools that assist developers and administrators to achieve high read and write throughput. Discover how to attain maximum performance in environments with redundancy and high availability with ease.
Why You're Not Secure: Apache, OpenSSL, and PHPAndrew Carr
PHP 7 has been released and your production environment needs to be upgraded. Apache 2.4 came out 5 years ago, yet you are running Apache 2.2. OpenSSL 1.1.0f is the current GA version, your servers use OpenSSL 0.9.8. A lot of companies have outdated software running in live environments, making them vulnerable to commonly exploitable weaknesses. Based on information gathered working with dozens of companies, it's commonplace to see servers running open source software that is 5, 10, or even 15 years old. A simple Google search for vulnerabilities on these older versions produces exploits and kits that any person can use to wreck your company’s share prices, data, and reputation. Learn how to protect yourself, your team, and your company from threats by these methods.
We'll use some common techniques to upgrade and harden our servers, concentrating on PHP, Apache, and OpenSSL. Hardening the operating system needs to happen as well, but this session focuses on the software. Bringing your coworkers, employers, and colleagues on board with your migration plan will allow you to more easily move from the old to the new. We'll also cover the skills you need to learn, the resources available to assist you, and the methods to accomplish a migration that will result in a secure and robust production environment.
Writing Tests for PHP SourceSammy Kaye Powers
As you might have already heard from a grumpy individual, adding more tests to your codebase is crucial to its stability over time. This session isn't about adding tests to your PHP codebase, but adding tests to the PHP language itself. And the best part is, all the tests are written in PHP so you don't even have to dust off that old C book from college. In this session you'll see how to find untested parts of the PHP source code, how to write a test for the untested feature, and how to submit your tests to PHP internals. Not only will you be making PHP more stable and reliable, but there's a good chance the tests you write will give you a deeper understanding of PHP; knowledge you can use to improve your own codebases. Not to mention you'll be able to call yourself an internals contributor. Come on in! The water's fine!
Zend Server in Docker Swarm: Deployment and MoreJan Burkl
Cluster management, decentralized design, scaling, load balancing, and rolling updates. These are some of the beneficial features of Docker Swarm. But how can you utilize them in conjunction with an enterprise PHP stack? Is Zend Server the right choice? What has to be considered from a DevOps point of view? In this session see how to provision and deploy a Zend Server Service, update a PHP app container, use a clustered session handling, and experience how networking is handled in a Docker Swarm setup.