Introduction
Now in its 9th year of running, PHPNW saw 500 delegates arrive once again to the Manchester Conference Centre over 3 days from 30th September to 2nd October.
Keynote - A World without PHP
Ben Marks (Evangelist at Magento) began by observing that the people in the room were getting “old”. Most of the attendees seemed to be in their 30s and this raises some concerns about the future of the language if younger devs are not interesting in it. He then took us on a journey back to when the web was taking off and where we entered a dystopian universe in which Rasmus never invented PHP (quieten down Java colleagues!) and how the web would look and develop in such a universe. I found this talk very interesting, thought provoking and very enjoyable due to Ben’s style of presenting.
Continuously Delivering - James Cowie (Magento, Tech Team Lead)
In the first of the track talks, James described some of his previous experiences with PHP deployments and how they were (inefficiently) handled. He highlighted the areas where improvements were made such as introducing an Agile workflow to enable shorter development cycles, ensuring reliable releases and releasing more frequently.
One of the main areas he focused on was what he called “Feedback Time” which he described as the time a task was started less the time the first feedback was given. In the real world, it can be difficult to nail down each stakeholders/PMs in order to receive such feedback and devs can move onto another task during that waiting time. When they do receive feedback they need to context switch back to that task and this can increase cognitive load while interrupt the project flow.
He also spoke about the benefits of feature toggles in order to deploy production ready code and recommended a nice tool called Qandidate\Toggle which has a handy UI for managing the toggles.
Overall, this talk was pretty enjoyable with a lot of information also covering pipeline servers, BDD, scrutiniser bot and deployment tools.
Running PHP on NGINX – tips and tricks for high performance websites - Harald Zeitlhofer (Dynatrace)
Harald began with a brief explanation of how nginx works, how it forwards to php-fpm and explained some of the benefits of Nginx Plus (additional caching and load balancing features which can be managed via an api). We were taken through some basic nginx config tips concerning:
- The setting of worker processes
- pcre_jit for improved parsing of location blocks
- fast_cgi_finish_request() to allow responses to be flushed to the client while the php script continues executing slower work
- Memcache direct responses via nginx
- open_file_cache for keeping file handlers open for static files, configurable to allow specifying a minimum current amount of users and to ensure handlers are open for that number
Overall, this was an enjoyable talk with plenty of take away tips
OWASP Top 10 Proactive Controls 2016 - Katy Anton
The OWASP Top 10 Proactive controls is a list of security techniques that should be included in every software development project: OWASP
Katy described the OWASP Top 10 risks that all developers should be aware of and took us through examples of each risk and how to mitigate it. One particular vector that not all might be aware of is 2nd Order SQL Injection whereby, for example, a user “john’ - -“ can be persisted and this becomes the payload for SQL injection itself.
One useful tool she mentioned is OWASP ZAP which is an intercepting proxy that can be used to help find security vulnerabilities during automated testing.
At the Q/A I asked her about the security of data in transit and her thoughts specifically on SSL certificate pinning and I followed up with her after the talk to discuss further. She also responded to me by email after the conference to go into detail on a few points, many thanks Katy!
Kicking off with Zend Expressive and Doctrine ORM - James Titcumb
I went to this talk to get a better understanding of Zend Expressive and I wasn’t disappointed. James talked about Diactoros which is implementation of the PSR7 Interface (greek name for Messenger), Stratigility (Zend like their ‘igility’ naming don’t they) and how it is used for creating and dispatching middleware pipelines. Expressive itself is basically the glue that binds everything together.
We saw how an example application could be set up using the Expressive skeleton app which has a handy installer which allows you to choose certain component parts and will setup the config for you.
Being ready for ZF3 - Gary Hockin
This was probably the talk I was most looking forward to though it was disappointing to see a very low turn out which may be more of an indication of Zend’s place in the current framework world.
Gary spoke about the pain that was involved in moving from ZF1 to ZF2 and how Zend didn’t want people to have to go through that nightmare again. He believed ZF3 itself would move towards PHP7 only support in the next 12 - 18 months.
Zend are embracing components and they have broken up the framework into various ones. This allows each component to be developed faster, have its own versioning number as well as ensuring that PRs must have documentation before they can be merged. The current zendframework project is now simply a meta project that contains a list of all the components that make it up.
The talk showed some of the initial steps necessary in moving to ZF3 as well as the non-breaking and breaking changes that can be encountered. He provided very useful tips to ease the migration and this is a project I’m very keen to get started on.
Extracting wisdom from stupidity - Ramon de la Fuente
In this talk, Ramon spoke about how we should consider thinking as a skill and explained lateral thinking and how those ideas are related to a developers job. He referenced Edward de Bono’s books and used a quote ‘Shift focus away from the problems themselves to the way the mind tackles them’.
He spoke about some of the approaches to lateral thinking:
- Insight - need to know the whole problem
- Sequential - you know where to get to but you need a little time
- Strategic - the type of behaviour that you can use to lead to a particular outcome
He used an example of a mini project that he put together for a user group’s monthly raffle, the aim was to write a piece of software to pick winners of a raffle. He decided to use every single array_ function in PHP in order to complete this. A stupid idea of course but one that lead to some interesting insights into how he approached the problem.
I really enjoyed this talk, it wasn’t what I was expecting but I found it a very refreshing idea. The main takeaway for me was instead of starting your problem solving with
‘I don’t understand how this could happen’
change this to
‘How could I make this happen?’
and you’ll get to your solution quicker.
Decouple your framework now, thank me later - Michelangelo van Dam
I was looking forward to this talk as it was billed to include some actual scenarios encountered in the field and how they went wrong when moving from one (version) of a framework to another. Unfortunately, the talk was lacking in any serious content, the slides with code on them were too small and could not be read (the speaker admitted to only finishing the code at 4am that morning). After 15 minutes the talk was over and a few questions were asked.
I had expected a lot more from a seasoned conference speaker.
Looking forward to PHPNW17 though :D