Open source ecosystem

"I don't care about technology I care about sales!"

Slavey Karadzhov Beginner

This is a technical session in which the speaker will share his knowledge about migrating legacy PHP projects to PHP 7. This session is divided in two parts. The first part will explain the advantages that we have seen in real-life large PHP applications. The second part will describe the steps needed to get there and what you should be aware of in order to better plan your PHP 7 migration.

An Analysis of the Quality of Libraries in the Packagist Universe

Clark Everetts Intermediate

How do you find a truly reliable, well-built, and tested package? Do you have concerns about the overall quality and security of third-party libraries and packages you rely upon as dependencies in your code? Does quality have anything to do with number of reported downloads? Come see the results of our analysis of the quality of components available through Packagist - some popular, some under-appreciated - using various PHP QA Tools. Then, see a code module "before-and-after" some refactoring to change the values of a few specific QA metrics, one at a time. Time to relate those abstract metrics to real code!

Browser Serving Your Web Application Security

Philippe Gamache Intermediate

One important concept in web application security is defense in depth. You protect your server, your network, your database, and your application, but what about the user browser? Can it be done?
Yes! Several new technologies and protocols to assist security has been added to the browsers. Several should be added, activated, and configured from your web server or webpage. In this session we'll explore these technologies and learn how to use them. You’ll learn about the Robots meta tags (for crawlers indexing), browsing compatibility, XSS and clickjaking protection, SSL/TLS Control, and content security policy.

Build a Bot Workshop: Async Primer

Adam Englander Beginner

Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.

Build your APIs with Apigility

Christian Varela Intermediate

Immerse in the API world with Apigility. Learn how to take advantage of this tool to create APIs from scratch or to expose current functionality from an existent system. You'll learn the core API concepts, processes, functionality, logic, and in general how you can create good APIs, including documentation and all the considerations you must have.

Building a Real API Using Command Pattern

Anderson Casimiro Intermediate

It is. We'll start from a simple Symfony Microkernel application. Then change the Kernel to use Controllers as Commands and build classes to serve Data and Interaction to endpoints. Then we'll create tests for logic and behavior. Then we'll create more routes. Then we'll connect to a database. Then we'll improve it more. The intention is not to show "how to build an API from scratch" but evolve a Symfony Microkernel project as a Flexible Framework and explore more possibilities using Command pattern to split HTTP logic from business logic.

Building a Solid Cloud Architecture for Small to Medium Businesses

Ahmed Dirie Intermediate

When you're a business with an online presence, achieving a 99.999% uptime is critical. Yet with many small to medium businesses, this is usually either a prayer or a reliance on the in-house IT person to figure things out. In some cases, you rely on a service provider, such as a hosting company, or the managed team assigned to your virtual machine. All in all, it's never really an implementation decision. In this session we'll look at how we can use small to medium businesses can take advantage of the cloud, and use some of the open source tools available to build a solid cloud architecture.

Building Interactivity with Websockets

Wim Godden Beginner

The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it, as well as when not to use it. Websockets are the new way of providing live interactivity with users, in many cases replacing the need for Ajax requests alltogether. This relatively new technology isn't always as straightforward as it may seem though, as will be demonstrated in several examples.

Chatbots are Fun! So Let's Build One!

Tessa Mero Beginner

Chatbots and conversational agents have become very popular in the recent years and there is a huge research effort to automate conversations in several applications. What are Chatbots? How can it benefit you? How do you write the code for it? These questions will be answered during the session with step by step directions so you can easily follow along. Come join us and build your first Chatbot in less than an hour!

CommonMark - Markdown Done Right

Colin O'Dell Intermediate

Markdown is one of the most popular markup languages on the web. Unfortunately, with no standard specification, every implementation works differently, producing varying results across different platforms. The CommonMark specification fixes this by providing an unambiguous syntax specification and a comprehensive suite of tests. In this session you'll learn about this standard and how to integrate the league/commonmark parser into their PHP applications. We'll also cover how to customize the library to implement new features like custom Markdown syntax or advanced renderers.

Continuous Delivery with Jenkins, Terraform, AWS, and Docker

Joshua Copeland Advanced

In this tutorial we'll cover setting up a continuous delivery pipeline with Jenkins. We'll use Terraform to provision our AWS resources needed and how to use Jenkins to manage your cloud infrastructure. We'll go through the steps needed to get your PHP app packaged in a Docker image and deployed to AWS Elastic Container Service. You'll see how to match your environments as closely as possible and some things to watch out for.
You'll need an AWS,, and GitHub account. For a meaningful setup you'll want a paid AWS account. You'll also need a paid account if you want private repositories for Github and Docker. At the end of this tutorial, you'll be able to push some code to GitHub and your Jenkins instance will automatically pick that change up to test, build, plan, and deploy your PHP application to the cloud. We'll also show you how to rollback code; update composer dependencies; build Docker images; manage resources; and setup RC, QA, staging, and other environments. Please come prepared by signing up for these accounts and having an editor capable of editing PHP, Groovy, Bash, Dockerfile, HCL (Terraform), and JSON.

Create an API centric system

Christian Varela Intermediate

In this tutorial we start by defining an API with Apigility as our main engine, we'll define all the details to make sure we set up our API so it can be consumed by our web application and our mobile application.
We continue by creating a web application that will consume the API resources and how to define the flow from data consumption to views using Zend Framework.
Then we'll define a simple mobile app, which will consume the services from our API. For this we will use Sencha Touch. We'll learn about the details to promote our App to the App store and Google play.

Designing Responsive IBM i Web and Mobile Applications

Chelsea Fenton Beginner

IBM i organizations benefit when users can access web applications from both desktops and mobile devices. But how do you accommodate all of the different device types without spending valuable time developing multiple versions of your applications?

Attend this session to learn:

  • What responsive design is
  • How Bootstrap makes it easier to create responsive web applications
  • How to install Bootstrap on IBM i
  • How you can use Bootstrap with PHP

Domain-Driven Data

Bradley Holt Advanced

There are many types of databases and data analysis tools from which to choose today. Should you use a relational database? How about a key-value store? Maybe a document database? Or is a graph database the right fit for your project? What about polyglot persistence? Help! Applying principles from Domain-Driven Design such as strategic design and bounded contexts, this session will help you choose and apply the right data layer for your application's model or models. We'll explore traditional relational databases, graph databases, document databases, key/value stores, polyglot persistence, CQRS, event sourcing, and data layers for microservices.

Gitting the Most Out of Your Version Control

David Hayes Beginner

Git is everyone's go to method of version control. Our goal is to cover what it is, why it's important, and a few of the superpowers it unlocks. Of course, we'll touch on the basics:

  • git status
  • git commit
  • git pull

But we'll also take some time to understand more powerful commands and features like cherrypick, bisect, and using alternative differential browsers for those hairy merges.

Going Bare - Writing the Web without a Framework

Sammy Kaye Powers Beginner

If you've only ever experienced web development through a web framework, you're missing out. Have you ever been tempted to rewrite a codebase in your favorite framework? That's a smell that you need to come to this session. Being comfortable developing without a framework is a crucial skill to have for refactoring legacy applications. In this session you'll see how to harness the power of going "frameworkless" so you'll feel empowered to make better decisions in your next web project. Be set free from your web-framework ball and chain.

How I Learned to Stop Worrying and Love Regular Expressions

Jordi Boggiano Intermediate

This session will cover Regular Expressions from the basics to the darkest corners of this arcane art. Regular Expressions, at the core, come in handy to achieve validation and text manipulation tasks. In the day-to-day life of a developer, becoming comfortable with them opens up many more use cases. As one of the tortured souls that actually enjoys writing - and reading - regexes, Jordi will share his passion so that you too can see there is no reason to worry.

How to Go From Developer to Stakeholder

Ann Gaffigan Intermediate

Technology is everything these days, and your skills as a developer are in high demand. How can you leverage your unique skill set and understanding of technology to climb the ranks in your company beyond “just a developer?” Ann will tell her story of going from underpaid full-time developer, to broke freelancer, to entrepreneur, and finally to partner and CTO. More importantly, she’ll tell you what she learned along the way about the art of persuasion, transparency as a trojan horse, indispensability, confidence, standing your ground, and ultimately how to be treated and respected as a leader and not an employee. Disclaimer: I cannot confirm or deny that I have a problem with authority and a thirst for power.

HTTP/2 and Asynchronous APIs

Davey Shafik Intermediate

HTTP/2 (H2) is coming, and along with it a whole new way of communicating over the web. Connection re-use, prioritization, multiplexing, and server push are just some of the features in H2. In this session we'll look at the HTTP/2 protocol, and at how we can use asynchronous request now with HTTP/1.x. We'll also look at what asynchronous requests and H2 mean for your API and clients in the future.

Identifying and Managing the Risks of Open Source Software for PHP Developers

Dave McLoughlin Beginner

Do you really need to worry about using open source software in developing commercial applications? In this session we'll talk about the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks.

We've all heard about security risks and license compliance risks associated with OSS, but how do you identify these risks and how do you manage them? After this session, you'll have the information to better understand how to assess these risks. It will provide you with no nonsense steps to take to manage your OSS so you can rest easy and not worry if these issues will affect you or your business.

The session will include:

  • Key risk areas and how to identify them
  • Common use case scenarios
  • Understanding and developing risk remediation strategies for OSS use

Implementing Languages

Christopher Pitt Beginner

Programming is hard. Making compilers is harder. Or so people think. The truth is that making a compiler is just a series of small steps, using regular language constructs. It's so easy, we'll make one in this session. Many developers (especially those who are self-taught) believe the lie; that making compilers is too hard for them. That they lack the tools and knowledge to bring their ideas about programming languages to life. There's a lot of complex thinking that goes into mainstream compilers, but that's no reason not to try! We can make less efficient compilers and interpreters which enable the same amount of power and flexibility as mainstream compilers. We could use tools like Parser Expression Grammars or JISON, but this session will look at something even simpler. Let's build our own cross compilers using regular expressions and a stack. Let's implement our own programming languages, in real-time.

Kubernetes is your DevOps Guy

Brent Shaffer Intermediate

You're not the DevOps guy, and you hate bash scripts. You want to deploy a scalable and secure PHP application, but you spend most your time in application code. This session shows you just how easy it can be to achieve security and scalability in the PHP ecosystem using Docker containers. By the end of the session, you'll be able to deploy an autoscaling Kubernetes cluster of PHP frameworks and microservices.

Lessons Learned Building the Composer Internals

Jordi Boggiano Beginner

This session will dive into Composer's guts to see which choices we made worked and which ones did not. After six years and a few hundred thousand users, the Composer code has been through many iterations, problems, and successes. Let's have a retrospective to see what we can learn from it.

Leveraging Composer In Existing Projects

Mark Niebergall Beginner

Keeping external libraries current and organized can be a tedious and risky task. Converting those libraries from embedded inside a codebase to being included via Composer is a clean and efficient solution. Learn how to migrate and autoload those libraries, use the composer.json and composer.lock files, find new libraries, and run Composer commands. Use what you learn to clean and organize your codebase to make it easier to maintain, and more lean and better to work with.

Machine Learning for the Rescue

Mariusz Gil Intermediate

Gathering the data is not a problem today. The bigger challenge is how to understand this information and draw some conclusions. Fortunately, we can use some techniques like machine learning to teach computers how to learn from our data. Fast artificial neural networks, random forests, SVMs, classification, clustering - just to name a few concepts. We'll apply all these solutions to PHP applications to deliver automatic insights/predictions and create a real business value for a client. By the end of this session you'll be familiar with machine learning ideas and prepared to solve unsolvable problems in PHP.

Make your Application Expressive

Christian Varela Intermediate

Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You'll see the different approaches, advantages and disadvantages, and the contrast of this paradigm and other more conventional paradigms.

Meet Johnny the Deployer: A LAMP Stack Professional's Journey to Artificial Intelligence

Georgiana Gligor Beginner

Artificial intelligence products are all the rage these days. How do we, as LAMP stack professionals, ensure we embark this wonderful journey?
After working on AI-powered applications for a while now, we'll show you how we built, with PHP, a devops chatbot that enables the release manager skip the confusing discussions with the tekkies and master the release process.
Here are some questions you may ask Johnny:
  • “What tickets are ready for QA?”
  • “Prepare a release candidate and deploy it to QA”
  • “When did we last install the API in staging?”
  • “How did the traffic look for the last 36 hours?”
  • “How many sales are there today compared with last week?”
  • “What version of the API is installed in production?”
  • “How many servers are we using now in the integration environment?”
  • “What is the medium load across the cluster in the last three days.”
  • “List the last three deployments in the way environment.”
  • “Who ordered the update on release candidate?”
AI is not scary, and there are a lot of awesome things you can do with it right from PHP. Johnny is our devops friend that we created, and we'll show you how helpful he is in our day-to-day tasks.

Multi-factor Authentication

Philippe Gamache Beginner

The password is currently the most commonly used way to identify a user. It does not, however, have the level of security required to protect sensitive information.
The addition of new identification factor allows to solve this problem. But what, where, when do you have them? In this session we'll see the concepts of strong authentication, the introduction of alternative free or low cost second-factor identification. 

MySQL JSON Data Use Guide

Dave Stokes Intermediate

MySQL 5.7 provides a JSON data type. Previously you could store JSON formatted data in some sort of text field but then you would have to use REGEX which would reduce the quality of your work life, make your grumpy, and would be frustrated when you had to maintain it. Now you have over two dozen functions, can create materialized columns from JSON data that can be indexed for fast searchers, and can output data in JSON. This is a quick introduction for PHP developers to learn to incorporate this new data type with plenty of programming examples.


Dave Stokes Beginner

MySQL 5.7 was the most popular version of the open source database. But several legacy problems needed to be solved, performance increased, and new features added. The biggest change is a true data dictionary which removes all those odd little files with meta-data (.frm, myi, myd, etc) and provides transactional ALTER TABLEs. Plus you see Invisible Indexes, roles, CTEs/Windowing functions, UTF8MB4 support, and learn what happened to MySQL 6 and MySQL 7.

Nom Nom: Consuming REST APIs

Tessa Mero Beginner

Feeling hungry? You’ve came to the right place! As APIs have become increasingly more important and popular in usage in the past few years in web development, it is important to understand the basics of what they are and why to use them. We'll be going over the basics: The What’s, Why’s, Where’s, and When’s. You'll learn the basics of REST APIs and we'll show you how you can use POSTMAN to test making REST API calls. By the end of this session, you’ll be able to go home and make REST calls on any API.

Offline Sync for Progressive Web Apps

Bradley Holt Intermediate

With the introduction of Progressive Web Apps and web platform APIs such as persistent storage, payments, and geolocation, the web platform is taking on native apps. A Progressive Web App combines the best parts both a web app and a native app. You browse to a Progressive Web App just like you browse to any other website. It lives at a URL, can be indexed by search engines, and can be linked to from anywhere else on the web. As you continue to use a Progressive Web App it gains additional native app-like capabilities. For example, the app could be installed to the home screen on your device. You might also grant the app the ability to send you push notifications, or the ability to access your camera, your microphone, or other device resources.
One important aspect of Progressive Web Apps is the concept of building your app to be Offline First. With an Offline First approach, you design your app for the most resource-constrained environment first. This approach provides a consistent user experience whether the user's device has no connectivity, limited connectivity, or great connectivity. One of the biggest benefits of Offline First apps is that they can be very fast, as they provide zero-latency access to content and data stored directly on the device.
The Service Worker API can do most of the heavy lifting when it comes to storing content and assets for Offline First Progressive Web Apps. A bigger challenge can be storing and sync'ing your app's data. One of the best answers today for offline sync for Progressive Web Apps is a combination of Apache CouchDB (an open source document database), Hoodie (an open source Node.js backend for Offline First apps), and PouchDB (an open source JavaScript database that syncs). This stack can provide you with the starting point for your own Progressive Web App mobile backend and frontend, and it's entirely open source! You'll leave this workshop having built a fully-functional Offline First Progressive Web Apps using Polymer, Web Components, Service Workers, Apache CouchDB, Hoodie, and PouchDB.

Particulum Mobile: Zend Expressive Microservices in Docker Swarm

Jan Burkl Intermediate

What's the benefit of microservices? They are easy to maintain, easy to link and easy to scale. Theoretically. The tiny sample app "Particulum Mobile" gives us an introduction into the power, flexibility and simplicity of Zend Expressive as the basis for microservices. Let's talk in this session about a straightforward process to deploy the Zend Expressive part - and a HTML/JS frontend - to a Docker Swarm and see how it scales!

PHP Package Management with Composer

Clark Everetts Beginner

Get a practical deep-dive into Composer, the dependency manager for PHP. We'll compare Composer to "global" managers like PEAR, apt, and yum; show how Composer helps you obtain the components your applications depend upon, install them into your project, and control their update to newer versions. We'll explain autoloading, demystify keys in the composer.json file, and get you confidently using Composer, with practical examples all the way. When you leave this tutorial, you'll understand:
  • What PHP source code dependency management looks like, and what problem Composer solves
  • How to install Composer (friendly to all developers, including IBM i developers)
  • How to use Composer to install, update, and lock code dependencies to appropriate versions
  • Autoloading in general, Composer's autoloader in particular
  • The difference between composer.json and composer.lock
  • What Semantic Versioning means, and what those version numbers communicate to you as developer
  • Packagist, the public clearing house for Composer-managed packages
  • Considerations when using Composer in development vs. production environments
  • Important do's and don'ts when using Composer
  • Intro to setting up and using a private repository

PHP Prepared Statements and MySQL Table Design

Edward Barnard Beginner

When using a PHP framework, standard practice is to use an Object-Relational Model (ORM) for database access. However, with high-volume logging and statistics-gathering, it pays to go "old school" with PHP prepared statements. Meanwhile, when MySQL tables quickly grow by millions of rows, table storage space becomes an issue. Our table design must focus on keeping these tables more compact and efficient. Here too, prepared statements simplify both coding and table design. This session will use CakePHP 3's excellent support for PHP prepared statements, but all concepts are native to PHP and apply to any project striking this use case.

Practical PHP Deployment with Jenkins

Adam Culp Beginner

Developers would love to "automate all the things", but where do we start? What tools exist for automating? And what can actually be automated? If we don't have unit tests, can we still benefit from deployment automation? This session will show how a PHP application pulled from Git, complete with unit tests, Composer dependency management, and package creation, can be deployed flawlessly using Jenkins. Then see how "Dev" and "Ops" are supported by a system if the application breaks through automated rollbacks.

Rise of the Machines: PHP and IoT

Colin O'Dell Beginner

The Internet of Things (IoT) is fundamentally changing how we interact with the digital world. In this session we’ll explore the implementation of real examples which bridge the gap between the physical and digital world using PHP: asking Alexa for information within a PHP application; displaying API data on an Arduino-powered display; using PHP to control LEDs on a Raspberry Pi to monitor application uptime; and connecting IR sensors to Slack to see whether a conference room is in use.

Silo-Based Architectures for High Availability Applications

Georgiana Gligor Intermediate

Data redundancy, computing clusters, load balancing, fail-over mechanisms, each of these individually addresses one potential issue, but none treats systems in your organisation holistically for maximising business revenue. You'll learn how to stop hating your existing infrastructure, prepare it for the leap to high availability using simple and intuitive changes that your DevOps team will love. Silos are a clever method of grouping servers in such a way that they can be scaled both horizontally and vertically, depending on the actual application needs. Most importantly, it frees you from over-optimizing the architecture upfront, by allowing fine adjustments easy to integrate in your Agile workflow. And they offer real A/B testing for your infrastructure and backend code. Then we'll look together at the awesome new things that you can do with your new silo superpowers. You'll be able to impress not only your fellow tekkies, but also marketing with helpful new tricks.

There's a Middleware for That!

Matthew Weier O'Phinney Intermediate

Ever need to add authentication to an application? Or log HTTP messages? Maybe you wanted to trim trailing slashes from URIs. Or add security features such as CORS, Content-Security-Policy, or other headers. How do you easily enable the features, or enable them only for certain contexts within your application? The PSR-7 HTTP Messages specification created an ecosystem of PHP middleware that provide solutions to these problems! We'll cover creating an Expressive application that composes middleware from a variety of ecosystems in order to demonstrate that, in the end, there's a middleware solving every problem.

Transforming WordPress Search and Query Performance with Elasticsearch

Taylor Lovett Beginner

WordPress traditionally uses MySQL. MySQL is a powerful relational database but falls short on complex multi-dimensional queries and search. At 10up, the largest WordPress-centric agency in the world, we use Elasticsearch and ElasticPress, our open source solution for integrating Elasticsearch with WordPress, to transform search and query performance on some of the biggest, most high-traffic WordPress installations in the world. This session will dive into optimizing Elasticsearch and WordPress for highly relevant search results and high performance.

Understanding Open Source Licenses

Dave McLoughlin Beginner

There are hundreds of open source licenses. Most developers don't take the time to read or understand them, but can you continue to ignore them? We have seen a rise in litigation around open source license over the last 10 years. And, in the last 12 months we have seen the first examples of OSS copyright trolls that are taking developers to court in an attempt to monetize GPL violations. 
This session will covers:
  • How OSS licenses are enforced
  • What are the main types of OSS licenses
  • How to identify them
  • What steps you need to take to ensure you are complying
We cover use case scenarios and do a "deep dive" on the most used licenses today and how to understand them.

Watch the Hacker Hack

Michael Hess Intermediate

This interactive session will outline a range of common vulnerabilities in websites. You'll watch Security Team members try to hack these sites and share their thought process as they go. You'll learn how to think like an attacker so you can better understand common vulnerabilities and we'll cover best practices for configuring and protecting your sites. Finally, we’ll share how the Drupal Security team oversees security across this global open source community.

Web Security: Website Hacks and Heists, Be a Detective and Find out `Whodunnit`

Michael Hess Beginner

Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four tales of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating the problem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks. We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system. While web security can be intimidating to beginners — including early-career web developers — it's not difficult to maintain a secure Drupal website. We'll share best practices and recommendations as to how to approach security for your site.

Writing Tests for PHP Source

Sammy Kaye Powers Beginner

As you might have already heard from a grumpy individual, adding more tests to your codebase is crucial to its stability over time. This session isn't about adding tests to your PHP codebase, but adding tests to the PHP language itself. And the best part is, all the tests are written in PHP so you don't even have to dust off that old C book from college. In this session you'll see how to find untested parts of the PHP source code, how to write a test for the untested feature, and how to submit your tests to PHP internals. Not only will you be making PHP more stable and reliable, but there's a good chance the tests you write will give you a deeper understanding of PHP; knowledge you can use to improve your own codebases. Not to mention you'll be able to call yourself an internals contributor. Come on in! The water's fine!

You Got JavaScript in My PHP

Taylor Lovett Beginner

PHP is a powerful language. However, when building applications on the web, JavaScript can’t be ignored. Browsers run JavaScript client side. Many powerful frameworks and tools are built on Node.js. Additionally, isomorphic web applications have become increasingly popular. Good news: We can use JavaScript within PHP. Using the PHP extension V8Js and Google V8, we can execute Node.js code within PHP. This session will run through the why and how of V8Js and executing JavaScript in PHP.

Zend Server in Docker Swarm: Deployment and More

Jan Burkl Intermediate

Cluster management, decentralized design, scaling, load balancing, and rolling updates. These are some of the beneficial features of Docker Swarm. But how can you utilize them in conjunction with an enterprise PHP stack? Is Zend Server the right choice? What has to be considered from a DevOps point of view? In this session see how to provision and deploy a Zend Server Service, update a PHP app container, use a clustered session handling, and experience how networking is handled in a Docker Swarm setup.