Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
PHP owes its appeal and popularity to its low barriers to entry. Anyone with access to a basic LAMP stack can get started in just a few hours, but if you want to write a production-level application, you need the right tools. Composer and PHPUnit are central to the modern PHP toolbox. Markdown, phpDoc, and the PSRs (particularly PSR-1, PSR-2, and PSR-4) form a common dialect of the PHP community. Git, though not specific to PHP, is critical to developing a maintainable project. This talk will guide you through these topics so that you have a basic understanding of the modern PHP developer's toolbox.
Unsure where to start with your next application? Are you sure you want full stack Symfony eventually but not sure you can commit to the extra work upfront? Afraid if you start with a micro-framework like Silex you'll end up needing to migrate to full stack Symfony anyway? Enter Symfony Flex. Symfony flex brings all of the power of full stack Symfony with the upfront requirements of a micro-framework. Choosing Symfony upfront not longer commits you to the overhead you might expect from a traditional Symfony project. See how quickly a new project can be started and how it can evolve over time.
Have you heard about event sourcing and wondered what it is all about? Have you looked into it and wondered what sort of sorcery is going on behind the scenes that makes this magical technology work? Are you convinced that you cannot possibly move your existing applications to be event sourced? Take a step back and learn how event sourcing can be applied to a simple database-backed object model with little to no fuss. From there, see how you can start adding read models and begin to see how event sourcing and CQRS (Command Query Responsibility Segregation) go hand in hand!
While many things (Composer, PSR compliance, MVC, API layer, and test coverage) about Magento 2 will feel familiar to modern PHP developers, what better way to dig into how the framework works than by building a module? This live coding exercise demonstrates both Magento's modular architecture and its plugin system for customizing core behavior.
Aimeos (Laravel). Drupal Commerce. Magento. OSCommerce. PrestaShop. Shopware. Sylius. WooCommerce. Bespoke. SaaS. It's no doubt that when a website needs a commerce component, open source provides the most control - but how do you know which one is the best choice? While it's easy to go with a system built on your favorite framework, it may not be the best choice based on business needs. This talk takes an objective look at the open source commerce ecosystem and provides a set of questions and guidelines to use to find the right system for your application.
The expectations of clients and developers are not always aligned and sometimes what a developer thinks is not the same as the client. I will demonstrate practices to make the life of the developer easier and help to communicate important points to the client often and succinctly. This talk is a balance between what the client sees and what the developer sees. I will give the bird's eye view of a project and how it rolls out. I will show what a demanding client could and most likely will demand and how a developer can communicate roadblock and risks to the client in a timely fashion to help make a successful project.
The Command Line should be a developer's best friend, but many times it sits there, sad and lonely as we use to call other programs. Behind that unassuming little blinking cursor is an entire world of productivity, just waiting to be strung together. There is even an entire scripting language hidden underneath that is just waiting for you to use it! Let's investigate BASH, the shell that's syntax is universal across almost all systems (and find out why your Linux scripts do not always work on OSX).
Humanity has seen an explosion of technology over the span of almost no time. We have gone from computers being mechanical devices for crunching trajectories to computers making decisions on whether or not we are dressing fashionably. We have also seen an explosion of services that resolve around massive amounts of data about ourselves. At the same time we see developers working on Tor, ad blockers, privacy tools, and ways to keep your data yours. Programmers just like us are building these systems. What are our moral obligations to the technology that we are building? Strap on your tinfoil hat and [REDACTED]
Learn the concepts of PSR-7 middleware with Zend Expressive and how your application could be developed from scratch adapting those concepts with a new mindset. You will see the different approaches, advantages and disadvantages and the contrast of this paradigm and other more conventional paradigms.
Since launch, this current version of MySQL have new features such as: JSON Data Type and Generated/Virtual Columns,. If your application is breaking when you upgrade to 5.7, the new GROUP BYdefault may be the reason, learn here how to properly address that issue and keep your data consistent, how to index JSON data type and when to use generated columns.
The way we design API documentation has a lot to do with how we think people will use it and how we think of the product. Those conceptual modes don't always align. How can you make sure you are serving the needs of your users, instead of what you are pretending to think they might want? Join me for a step-by-step analysis of what needs to happen to make your APIs welcoming.
Risk Reduction is trying to make sure bad things happen as rarely as possible. It's anti-lock brakes and vaccinations and irons that turn off by themselves and all sorts of things that we think of as safety modifications in our life. We are trying to build lives where bad things happen less often. Harm Mitigation is what we do so that when bad things do happen, they are less catastrophic. Building fire sprinklers and seatbelts and needle exchanges are all about making the consequences of something bad less terrible. This talk is focused on understanding where we can prevent problems and where we can just make them less bad, and what kinds of tools we can use to make every disaster a disappointing fizzle. Audiences will leave with a clearer understanding of risk and harm, and a set of tools than can be used to minimize future problems. I'm going to talk about why we need to understand both avoiding problems and making them less catastrophic, and what kinds of tools are appropriate to each. I think that developers need to be thinking about failure states more than we currently do. We talk about avoiding them, or testing them away, but we don't talk about how to make even failure a better experience.
"Clean Code" is code that communicates. But how do we write clean code? In this talk we'll look 5 simple practices that will help you write clean code. We'll see how each one reducing complexity and improves readability. We'll also look some of the common "Code Smells" in PHP and the refactors to clean them up. Don't worry though, we're not just going to "talk". All of these practices and refactors will be done with live coding demos to show you all of the little steps involved so you can start cleaning up your own code.
We've all been to the talks about the tools for test driven development. But TDD is not just about writing tests, it's about driving development through testing. There's a very specific process of TDD with red, green, and blue phases. There's also different patterns, like outside-in or inside-out. In this talk, we will focus on these practices by test driving development of a common data structure from start to finish. Attendees will gain experience and leave with tips to help them practice TDD in the real world.
Have you ever been in a situation where you were provided very little information and asked to estimate it out? Have you been in the followup scenario where you had to explain why your estimates were "wrong"? I have been in this situation multiple times and decided to do something about it. By requiring technical annotations and building out a process for providing better estimates, I found myself less and less in the difficult conversations about the work completed. Learn about my tips and tricks to technical annotations and estimating.
Join us for an evening to take a tour around the Laravel PHP Framework. We'll explore the basics of getting started and tour around the Laravel Ecosystem including local development with Homestead, deployment with Envoy, and building your next great application idea. We'll explore the basics of databases, routing, views, and then into the deep end with model relationships, form requests, testing, and more!
COME ONE! COME ALL! As we explore the circus of server provisioning and automation tools. Watch the puppet show and learn how to make your servers dance at your command! We'll manifest production environments right before your very eyes! See the cooking show where our Chef whips up a fresh batch of servers from their playbooks ready to bring your application to your visitors! Lastly, watch how ansible makes easy work of automating everything from application deployments to server updates. We'll even cover your servers in fabric - the pythonic remote execution tool for server automation! We'll give a whirlwind tour of each tool and show real world examples of usage. We'll compare, contrast, and maybe enjoy some cotton candy while we wait for the tools to run!
Complexity theory. Big-O. Constant, linear, logarithmic, and quadratic time versus space trade-offs. What does it actually mean when we say a function or an algorithm is efficient? How can we tell if we can do better? Join me, on this tour through a corner of computer science few developers actively think about, and you’ll walk away with a new way of looking at code and thinking about problems.
With data available on the internet doubling at an amazing rate, the modern web is increasingly focused on search. There are many ways to implement search in your PHP application. Some of them are downright terrible, while others are truly amazing. This talk will introduce you to the basics of various search engines like Solr, Sphinx, and ElasticSearch. We’ll learn strengths and weaknesses of each as well as how to integrate them into your existing PHP application. Every application has differing and often very niche needs for search, so our goal is to show you what’s available and help you make an educated selection for which type of search is right for your application.
Let's eat, Grandma! Let's eat Grandma! This cannibalistic joke is a favorite among copy editors and writers but gets right to the core of proper punctuation and comma usage. As a copy editor working in tech, I see many of the same flaws in writing over and over again. One common mistake I'll be discussing (and a frequent point of contention between my developer husband and I) is the proper capitalization of the abbreviated form of identification. Like many developers whose work I've edited, he tends to write "id" as you would in your code. Id, however, is a psychoanalytical term referring to a specific portion of the psyche; whereas ID is the abbreviated form of identification. Being a developer isn’t only about writing code. Devs must be able to communicate via verbal and written means properly. Sometimes, it’s something as simple as writing an email or message in Slack to a coworker, or contributing to the much-dreaded documentation. For some, it’s sharing your knowledge via authoring blog posts, articles, or books. Even conference speakers spend hours writing text for their slides. In this talk, I’ll point out some of the most common and most frustrating grammatical issues such as double spacing after punctuation, how and when to use a comma, and how grammar can help you assert your expertise on the topic of your choice!
"Community" is a term often bandied about in tech circles, but what does it mean? Where is this community? What is Community's hit point max, magic rating, and XP to next level? Does it have special abilities? How can individuals best connect with, contribute to, and benefit from the greater technical community? And also what is the end goal? So many questions! I don't have all of the answers but I may have a few, so join us and let's share some community skillz.
Have you ever thought "I'd like to use AWS for my PHP application, but it's so complicated!"? With over 70 distinct services available, how can you possibly learn them all or even decide which ones you need in the first place? Join me in this session as we grow a simple LAMP server into a scalable, fault-tolerant, highly-available, secure application stack on AWS. Whether you've already got some experience with AWS, or all you know so far is how to spell it, you'll walk away from this talk armed with the essentials for running PHP workloads on AWS!
In this session we’re going to take a hard look at hypermedia, and what it really means to utilize HATEOAS (hypermedia as the engine of application state). We’re also going to jump into different hypertext specifications, tackle the hypermedia vs documentation debate, and take a good hard look at how hypermedia can help extend the life of your API. But we’re also going to take a hard look at the cons of implementing hypermedia, and why not everyone is a fan. In short, we want to look at the good, the bad, and the downright ugly to make sure that we utilize hypermedia in our RESTful APIs in the most efficient manner possible.
Let’s face it, REST APIs can be problematic, and hypermedia hasn’t quite proven to be the answer we’ve looked for. GraphQL has quickly become more popular offering a solution to the problems REST created – but opens back up the very problems REST was created to avoid (remember SOAP?). But what if there was a way to take the best of both: enter API chains. In this session we’ll take a look at the pros and cons of REST, GraphQL, and a new specification and library for chaining numerous resource calls into a single HTTP request.
Free Open Source Software was going to change the world. My own experience working on Open Source projects over the last 18 years shows me that it did. For many people. Yet, many FOSS applications don't take accessibility into account. But nearly 20% of the population has a significant disability. This number grows when you take into account people with temporary or situational impairments.
I'll dig into the relationship between FOSS projects and accessibility, as well as the positive impact FOSS has, or could have, on the lives of people with disabilities. Leaving the world a better place is something we all aspire to. I'll discuss how you can have a beneficial effect on the accessibility of the projects you're involved with. We can all be heroes for the more than 1 in 5 people who need accessibility. We can make a real and significant impact. We can do it. You don't need to be an accessibility expert. You only need to work in Open Source, and to want to be an accessibility champion."
Different jobs require different tools. There are times where PHP isn't the right tool for the job. When those times arise, Go can be a great alternative tool to use. Go is a compiled programming language created by Google and used in emerging tools like Docker, and Kubernetes. This session will take you through the basics of Go, compare and contrast it with PHP, and give you some pointers as to what problem areas can you best use Go to compliment your PHP applications.
One of the first challenges of moving your workloads to the Cloud is figuring out which three major flavors of computing technology to use: virtual machines, containers, or what is being called serverless. Each of these tools has its niche, its hype, and its downside. This session will tour application scenarios, discuss how each technology would handle them, consider the tradeoffs, and leave you with recommendations for which one to pick.
Continuous Integration is becoming an important part of the development process. However, to some, the how and why are still a bit fuzzy. This session talks about the natural progression of a development team and how each important piece of the development process can be automated via Continuous Integration & Deployment. I will also walk through an example WordPress project using Continuous Integration, Delivery & Deployment that implements Sass Compilation, Automated Testing & Deployment to a Server. Attend. Absorb. And you too can conquer.
It’s easy to spend your entire day, heads down, coding projects without thinking twice about other developers around you. We often get too absorbed with completing our immediate deadlines to spend any time considering the future of our projects, the future of our teams. By not mentoring new developers we are failing our future. We are failing at providing new developers with the industry experience they need to be a one-day successful candidate for our teams. Let’s talk about ways we can contribute to mentoring new developers in our teams and in our communities.