API Design Patterns for the REST of Us :: Ian Littman

Back in 2000, Roy Fielding wrote a dissertation codifying a set of design patterns for the web that he termed Representational State Transfer, or REST. This talk condenses that dissertation down to its main points, providing the "why" behind the patterns of a REST API, while pointing out the tenets that people still don't follow (and then blame the resulting API shortcomings on REST itself). We'll also take a look at sets of design principles that, while not the core of REST itself, are common principles and patterns that keep APIs from being creative in all the wrong ways.

Asynchronous Awesome - Task Management in PHP :: Eric Mann

Sometimes, our use of PHP grows beyond the typical request/response cycle of dynamic page generation. Unfortunately, the threaded nature of PHP - and the stateless nature of the server - betrays any efforts to expand our utilization of the server. Image processing, video rendering, APNS (Apple Push Notification Service) integration - any of these can easily take longer than is reasonable for a simple page request. Enter tools like message and job queues that empower daemonized PHP workers to handle data processing in the background. Yet further tools enable long-running event loops and asynchronous Promise-driven operations. PHP isn’t multi-threaded, but that doesn’t mean you’re limited to a single-thread paradigm. I will demonstrate various use cases necessitating asynchronous operations, then delve into the code and the tools that make these systems work. Every attendee will leave armed with new ways to think about the management of large data jobs in PHP and an understanding of the tools they can use to make it happen.

Attackers want your data and they're getting it from your API :: Tim Bond

APIs are everywhere. Some companies sell theirs and publish documentation alongside it. Others expose just enough APIs to provide value to the end users through a website or app without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.

Build and Release Confidently with Continuous Integration and Delivery :: Steve Grunwell

Continuous Integration (CI) and Continuous Delivery (CD) are the Holy Grail for software development teams: no matter who pushes the feature, the same tests are run, the same processes are followed, and nothing gets released without satisfying well-defined quality standards. Unfortunately, setting up that initial CI/CD workflow can be a bit daunting for teams that don't have an experienced DevOps engineer. Fear not, my dear developers! This talk breaks down the basic concepts of continuous integration, continuous delivery, and how to integrate them into your team's workflow. Whether you're working on a small side project or your next big idea, CI and CD can make the journey better. For this talk, we'll be using GitLab's (free) CI/CD pipelines, but the principles translate well to any major CI/CD platform!

Building a SOLID Foundation :: Cori Lint

You've probably heard of the SOLID principles of Object-Oriented Programming. But how many are you actually considering day-to-day? Could you describe all five to a coworker? And who is that Liskov guy again? Whether you’re new to programming or just want to refresh your OOP knowledge, this talk will explore the five principles in an accessible, actionable, and memorable way.

Building Enterprise Applications with Domain Driven Design (DDD) :: Mark Pruett

Building an enterprise application can be challenging with all the many stakeholders and domains involved. In this talk, I'll discuss how Domain Driven Design (DDD) principles can be used to model real-world systems/processes. Entities, data mappers, aggregates, and value objects will be covered. There will be a brief section on event storming as well.

Cool Tools for PHP Development :: Ben Ramsey

Good developer experience (DX) is critical in the tools we use, whether external- or internal-facing. The easier it is for your team to do their job, the happier and more efficient they'll be. So far, the JavaScript community has cornered the market on developer tooling, but the PHP community is catching up. In this talk, I'll crack open my toolbox and share some of the tools I use in daily development and why I think they improve the DX of projects I work on. We'll look at some familiar tools, such as PHPUnit and PHP_CodeSniffer, along with new tools like PHPStan and Psalm. I'll show how to configure these tools for better workflows through Composer scripts and plugins. We'll also see how to standardize your team's workflow with CaptainHook. By the end, I hope you'll leave with some good ideas for improving your team's DX.

Data Privacy in Software Development :: Jana Sloane

An insight into today's data privacy landscape in software development. Specific discussions on how to implement privacy by design concepts into development lifecycle.

Database Abstractions and Where They Leak :: Sergei Morozov

Doctrine DBAL is the most popular relational database abstraction library for PHP. Many developers prefer using a database abstraction since they usually provide a better developer experience than working directly with database drivers. However, despite the best effort of their designers, abstractions often make developers unhappy when it comes to using non-trivial database features. Per Joel Spolsky[1], "all non-trivial abstractions, to some degree, are leaky". As a quite complex one, Doctrine DBAL leaks in a variety of aspects: drivers, SQL dialects, and schema management specifics. In this talk, I will highlight the most notable inconsistencies of Doctrine DBAL APIs and provide recommendations on dealing with them. [1] https://www.joelonsoftware.com/2002/11/11/the-law-of-leaky-abstractions/

Debugging Our Way Through PHP :: Derick Rethans

In this presentation, we are going to have a look at the journey that PHP has made with the PHP 7 and PHP 8 releases, by using the latest Xdebug to see what actually goes on. We're literally going to debug our way out of PHP's new features! Join me to have a look at how the type system is strengthened with Enumerations and "never", Fibers, a new closure syntax, the First Class Callable Syntax, intersection types, and other new smaller features, as well as a preview of what PHP 8.3 and Xdebug 3.3 are going to bring.

Dependency Injection for Mere Humans :: Ian Littman

What's the difference between service location and dependency injection? Why is this dependency injection thing such a big deal anyway, and how do you use that tool correctly? I'll answer these questions and more, including real-world examples of refactoring an application toward the more explicit, testable, closer-to-SOLID applications.

Designing Design Systems :: Joseph Lavin

Does your interface suffer from inconsistencies and bad user experience? Does it look like an off the shelf template? Do you need a unique look and feel to stand out from the competition? A design system can help. In this talk we will learn what a design system is, how it benefits a company and review practical front end examples & strategies to get you started.

Diagram Like a Principal Engineer :: Jeremy Lindblom

What separates software engineers from principal software engineers? Mainly communication skills. One of the main communication skills in the principal engineer’s toolbelt is **diagramming**. In this session we’ll discuss different types of diagrams and their purposes. Then we’ll look at different tools we can use to make and share diagrams. Hopefully, we’ll all come out of this with a greater ability to draw boxes and arrows in a way that can bring about better software and teamwork and bigger paychecks.

Docker For Dev Teams :: Gunnard Engebreth

In this talk I will focus on how you and your team can work smarter and faster in order to ship better code using Docker as your development environment. I will also include a bash script that will save you time and keystrokes in managing your docker setup!

Domain-driven Design in PHP Workshop :: Andrew Cassell

Building PHP applications using domain-driven design (DDD) techniques results in code that is easier to modify, maintain, test, and makes for a better user experience. In this hands-on tutorial, you will become versed in the best practices for solving problems using domain-driven design in PHP from start to finish. You will learn to: - Understand what Domain-driven design is and what problems it is good for - Discover a ubiquitous language and identify changes in the design of PHP classes, methods, and problem-solving - Use Event Storming build the best software for the client/user - Assemble an incorruptible domain model in PHP - Use bounded contexts and domain events to better organize code and make it more modular - Employ best practices for persisting and accessing entities and aggregate roots in Laravel Eloquent, Doctrine, Zend, etc - Use advanced PHP object-oriented techniques to simplify code and reduce state complexity - Plan for change by using the Hexagonal Architecture Pattern - Evaluate when and how to use CQRS and Event Sourcing techniques - Introduce DDD to a “legacy” codebase - DDD and handling thousands of requests per second at scale - Discover recommended resources for learning more about applying DDD in PHP

Filesystem Management with Flysystem :: Mark Niebergall

Reading and writing files locally comes with many nuances and difficulties. It becomes even more complex when files are hosted on external servers like SFTP, AWS S3, Azure, and other providers. Flysystem provides an abstraction layer between an application and interacting with the filesystems. Explore how to use Flysystem Adapters for seamless file management for writing, reading, moving, copying, deleting, and other file interactions. See how to set permissions, configure adapters, get file information, stream files, write unit tests, and more in this technical dive into file management with Flysystem.

Framework wars aren’t all bad :: Mike Elsmore

Most popular languages have gone through a framework war as new hotness enters the market to supplant the incumbent. Most of the time, the industry moves towards the new flashy thing because, in general, they naturally would have included a number of improvements. But this isn’t always the case, in this talk, we’ll discuss why the dogmatic approach towards specific frameworks doesn’t always help you build better and why keeping an open mind about picking your toolbox is always a good idea.

Funding PHP :: Sara Golemon

The PHP Foundation is a collective of people and organizations whose mission is to ensure the prosperity of the PHP language. Take a look at who we are, what we've done so far, and what we hope to accomplish in the coming year.

Getting Started with Test Driven Development :: Scott Keck-Warren

Test Driven Development (TDD) is the process of using very short development cycles to test and then implement your code. In this session, we'll explain the process of TDD, why you should be using TDD every time you write code, discuss tools you can use to develop PHP applications using TDD, and work through several examples to get you started.

HAL It Works :: Tim Lytle

HAL is a lightweight yet useful hypermedia format. We'll talk about how we're using it at PhoneBurner, the constrains we've put on it, and the patterns that we're using to implement APIs both server and client side. We'll also cover the powerful cache pattern that allows client side request optimization to be handled server side. If you're looking for practical examples of how to implement and benifit from hypermedia when developing the internal APIs that power your own client side applications, this is the talk for you.

I'm Not Supposed to Be Here :: Beth Tucker Long

Shhh...don't tell anyone, but I'm not supposed to be here. This wasn't in the plan, but I'm really bad at saying no, so here we are.

Immutability to Save an Ever-Changing World :: Andrew Cassell

Want to build software that is more testable, easier to modify, and has fewer lines of code? Architecture with more immutable objects that are always in a valid state is the most important lesson I have learned in building better software applications. Using immutable value objects will lead to less checking, fewer bugs, and more DRY code, and will help avoid the “spooky action at a distance” problem in PHP. We will also learn how to use immutable objects and immutable collections to improve design of our mutable entities. Lastly, we’ll see how our immutable modeling approach can drastically reduce the complexity of things in our systems that are mutable.

Introducing: Pest :: Nuno Maduro

Testing can be more intuitive, user-friendly and productive than you think! This talk introduces you to Pest - a delightful PHP Testing Framework with a focus on simplicity. It was carefully crafted to bring the joy of testing to PHP. Check out the website: pestphp.com Get ready for a live-coding session, where I unveil all the goodies of this new open-source testing framework. After this talk, you’ll be able to use Pest in your everyday PHP.

Laravel Pipelines: Keeping Data Transformations Clean :: Terry Matula

There are multiple ways to filter and transform data in PHP, either as procedural code in a single method or one of the many design patterns we could choose from. In this session, we’ll cover how to use Laravel Pipelines to transform our data and trigger other processes. This will allow us to write distinct, testable classes that we can use in multiple parts of our code.

Let Go of Ownership :: Tim Lytle

We may adopt a perspective of ownership around the code we write and maintain, the career path we find ourselves on, and our position in the community around us. Intentionally shifting that perspective away from the ownership model to an alternative model can lead to finding opportunity where before there was frustration and finality. And it can impact more that just our code. It can bring a powerful new perspective to our career, our community, and even this very conference.

Leveling Up with Unit Testing :: Mark Niebergall

Writing unit testing on a project can seem like a daunting task, and earning team and leadership buy-in can be challenging. Level up your skillset as we cover PHPUnit and Prophecy setup with composer, writing meaningful tests, restructuring existing classes with dependency injection to allow for unit testing, using mock objects, and releasing code confidently with test coverage. We'll also discuss overcoming common biases, unit testing challenges, and shortcomings of unit testing.

Machine Learning in PHP with RubixML and Laravel :: Mark Pruett

In this talk, I will give an overview of using the RubixML PHP library to build machine learning models and run predictions. I will build an MVP using a dataset, model, and predictions with Rubix and the Laravel framework. 1. Quick Introduction to Machine Learning 2. Examples of Where Machine Learning Is Beneficial. 3. Quick Overview of RubixML and Laravel. 4. Choosing a Classifier/Regressor for Your Model 5. Example: Building a Housing Price Predictor with a Gradient Boosted Machine (GBM) (Open source example from RubixML) 6. Questions/Discussion

Making things Happen with Make :: Joe Ferguson

Tired of typing out the same long commands over and over? Come learn about Make and how Makefiles can simplify long and complex command line tasks such as managing dependencies, creating test environments, executing test suites, and even deploying our application. We can even simplify our CICD tasks and use Makefiles to create repeatable steps that we can run locally to debug complex CICD scenarios.

MySQL Indexes -- How They Really Work :: Dave Stokes

Indexing queries is simple engineering but many get confused by what to index, when to index, and why sometimes adding an index really s-l-o-w-s processing down. This session covers why you really need to designate your own primary key as the default picked by the server will not be helpful, how to see which index the query optimizer chooses, why the old rules about multi-column index are gone, and how optimizer hints can get you back on track. There is a lot of mythology about indexing MySQL tables and you will see how it is simple engineering to speed up your queries.

OpenAPI: More Than Documentation :: Matthew Turland

Documentation is an important way of communicating how your API works to its consumers. However, if you're using OpenAPI (formerly known as Swagger) solely for documentation, you're openly tapping into a mere fraction of its power. Or, if you're not using OpenAPI at all, you're missing out on a huge way to reduce the workload involved in maintaining your API and enabling others to use it successfully. This talk will walk you through the development lifecycle of an API, from conception to consumption, and show you how an OpenAPI spec can be a boon to your project, be it new or legacy, at each development stage.

PHP Internals Deep Dive :: Derick Rethans

In this tutorial we are going to dive deep into PHP's Internals. It is appropriate for people that know PHP as a language well, but are interested into finding out what goes inside in-depth. We will start by looking at how the language parser and scanner work, which convert scripts into an Abstract Syntax Tree. When then look at how PHP internal byte code is generated from this AST, and how the engine runs byte code. After the introduction, we will working together on extending the PHP core with a new feature. As a treat, we'll also have a look at the OPcache extension, and see which optimisations it does to generated byte code. Reasonable knowledge of C (or similar languages) is required to make the most of this tutorial. What You Will Learn ------- - How PHP works internally. - How to extend PHP with a new feature. - How OPcache does some of its optimisations. Required -------- For understanding the tutorial: - Moderate knowledge of C For taking part in the exercises: - A Linux machine or Linux VM - Compilers installed (apt-get install php-dev, or similar) - A GIT clone of the PHP source tree (git@github.com:php/php-src.git)

PostgreSQL Versus MySQL :: Dave Stokes

The two most popular open source relational databases at a high level are basically the same. PHP has historically been closely linked to MySQL. But PostgreSQL has some interesting features that may have caught your attention. Or maybe the short comings of Oracle's open source database have finally taken out your last nerve. This talk will cover the major differences and the pain points with each, care & feeding issues, and why or why not) you may want to consider converting.

Producing an Audio Playlist with PHP :: Herve Aniglo

Would you like to create your own musical playlist in a very simple way? Would you like to show your friends your very own personal playlist of favorite songs? Would you like to implement the code into your personal website? You can do that with PHP! To some individuals, PHP is a simple language but it can be very complex. In this talk attendees will learn about how to create their own musical playlist with their favorite songs just by coding in PHP! Attendees will leave this talk with an understanding of PHP and learn how to: Create a simple playlist of their favorite songs Add their favorite songs to their playlist Loop through their favorite songs Make a song go to the next song Have it play in any kind of browser on the Internet

Put A UUID On It! :: Ben Ramsey

Universally unique identifiers, or UUIDs, are a fun and exciting way to identify things. You can put them on anything! Use them to identify books, documents, parents, pets, bread, apples, very small rocks—the list goes on! But why stop there? We can keep issuing UUIDs for eternity and never run out. They're practically unique. Join me on an adventure in search of the perfect identifier to find out why UUIDs might be good for your projects. Along the way, you'll learn what is a UUID, various types of UUIDs, newer versions of UUIDs being proposed, pros and cons of using UUIDs, how UUIDs relate to ULIDs, and how to use the ramsey/uuid library to generate all kinds of UUIDs. Advanced and little-known features of ramsey/uuid will be covered—as well as a few previews for what's coming next.

Reducing Bugs With Static Code Analysis :: Scott Keck-Warren

Have you ever deployed code only to have it causes errors and unexpected results? By using static code analysis we can reduce, if not completely remove this risk. In this session, we'll discuss the basics of static code analysis, some free and inexpensive tools we can use, and how we can run the tools successfully.

Regular Expressions Made Eas(y|ier) :: Matthew Turland

Distilled to its simplest form, engineers solve problems largely by manipulating text: writing code (that often writes other code), querying or transforming data, validating input, filtering output, and so forth. As such, text manipulation is a critical skill that demands our proficiency. You may have heard that regular expressions can be used to do this, but know little else about them besides their resemblance to what happens when a cat finds your keyboard, or you may be completely unfamiliar with them. Regardless of your current knowledge level, come see them be demystified and take the next step on your journey to becoming a master text manipulator.

Rust For PHP Developers :: Nuno Maduro

You’ve probably heard stories about the Rust programming language, and you’re probably wondering why it’s becoming so popular. In this talk, you’ll see what Rust is from a PHP developer’s perspective. Get ready for a live-coding session, where we are going to recreate an existing PHP application in Rust, from scratch, and demystify all the awesomeness behind it. After this talk, you'll better understand Rust, and you will be able to apply some of its safety techniques in your everyday PHP code.

Serverless Services For Serverlful CMSes :: Nate Finch

As static and headless CMSes become more common and mainstream, it’s important to know how to build solutions for dynamic actions these sites make. Common examples are form submissions, site search, real-time updates, etc. How can you build dynamic solutions for static sites? Enter serverless functions and services! If you’ve built custom plugins or themes before and can use the command line you’ll feel right at home. Can I still benefit from serverless functions and services if I’ve running a CMS like WordPress or Drupal on a server? Absolutely! Anytime you can offload processing from your own server to someone else’s is going to improve user experience on your site. Takeaways: I will give everyone access to a Git repo they can use/reference as a starting point for this workshop. In this workshop, we'll cover: - What serverless functions and services are. - Establish a mental framework for when and why to create services. - Main players for our use case: Serverless Framework deploying to AWS, and Netlify Functions. (It would be great if they could create an account - Code-along to create several services for a static WordPress site, including creating your own webhook, “breaking news” service, and more. - Learn to deploy functions and services to different providers. - We’ll also look at the cost associated with these providers and how to evaluate projected costs.

Setting up GitHub Actions for your PHP projects :: Jason McCreary

Setting up CI is probably on a list somewhere of something you want to do, but maybe haven't done yet. In this talk, I'll set up a CI using GitHub to run multiple jobs for checking lint and code style as well as running static analysis and tests. I'll also demonstrate how to cache dependencies for faster builds, and even export artifacts so you can use GitHub Actions to generate assets. Don't skip out if you're using another service like Bitbucket or GitLab. Everything I set up in this talk can be done within those services as well and I'll provide an example workflows at the end.

Stop Committing Your Secrets - GIt Hooks To The Rescue! :: Dwayne McDaniel

No one wants their keys and secrets on GitHub, but one bad push can mean you are suddenly exposed. In the best-case scenario, you discover the issue and fix it before something bad happens, but in the worse case, you don’t find out until it is far too late. Most devs are familiar with using .gitignore files to prevent Git from tracking specific files and folders, but did you know that you can leverage Git hooks and some open source awesomeness to keep you from accidentally committing your secrets in the first place? If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities!

Testing in Laravel :: Jason McCreary

In this tutorial, I'll introduce you to testing your Laravel applications. We'll start by adding tests to an existing application using Laravel's HTTP testing layer. We'll then work our way into testing other components in Laravel like email, jobs, and more. I'll also demonstrate when, and when not, to use Laravel's testing layer. I'll leave time for discussing how to test your own code. So come with your questions and we'll work together to gain confidence in our applications through testing.

Thanks For Coming :: Chris Tankersley

"It takes a village to raise a child" is a common phrase thrown around for a variety of reasons, but nothing could be further from the truth when it comes to the PHP Community. We are a huge, weird, colorful cast of characters that write in a language everyone loves to make fun of. We form internal communities that share, argue, complain, and innovate. For many of us, the Community is why we are here, and why we are able to be successful. As the world changes around us, we need the community, and you, more than ever. Not because we are dying, but because we are flourishing, and we want to bring you along for the ride. Today is the first day of the rest of your career, and you did well choosing to spend it here. Thanks for coming.

The Many Layers of OAuth :: Keith Casey

OAuth is one of the most important but most misunderstood frameworks out there. What you think it is, it probably isn’t. What it actually is, you probably hadn’t considered. Regardless, when you consider the standards, specifications, and common practices interact and fit together, it’s impressive what you can accomplish with minimal effort. In this session, we’ll explore through the most common RFCs that are combined to make powerful, robust, and secure solutions that drive modern software development.

Tmux and Vim for fun and profit :: Gunnard Engebreth

Command line is king. Learn how to take advantage of your ssh sessions with tips and tricks to impress your friends and improve your performance

Touching Grass: How NOT Developing Makes Us Better Devs :: Cori Lint

What do food service, music performance, teaching, and playing sports have to do with software development? They all require the “soft skills” we look for in a developer: empathy, focus, attention to detail, communication, problem solving, decision making, and more. This talk explores what we can learn from other industries, why we should hire career changers, and how our interests and hobbies outside of tech make us better developers.

Webhooks: Lessons (Un)learned :: Keith Casey

Webhooks are a pillar of modern application development. They notify us of that new commit, an incoming text message, our email was delivered, and a payment was processed. Our systems can’t function without webhooks sending data seamlessly and securely across the internet. But what happens if they’re not secure? What happens if your webhooks are intercepted, manipulated, or even replayed against your systems? What are the best ways - as both a provider and consumer - to protect our systems? In this session, we’ll delve into the 100+ implementations we explored to build webhooks.fyi to identify the best and worst patterns to protect our systems now and in the future.

What Does A Modern PHP Application Look Like? :: Tim Bond

With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.