talk_description: Object-Oriented programming provides a framework for software collaboration. We’ll see how the terminology relates to our code. We’ll see how these techniques provide the framework for collaboration, and we’ll learn to match the strategies to the terminology. Our first key to collaboration is that we all understand this terminology and how it’s expressed in our code. We’ll be examining the code for a specific project that we’ll be building on throughout the conference, beginning with keeping track of file imports.
talk_description: When it comes to web APIs, we tend to forget that we consume various APIs (other people’s code) every day in the form of SDKs, libraries, development tools, etc. The same design principles that make the high-quality non-web APIs we consume easy to work with can be applied to the web APIs we build.
In this session we’ll explore what attributes are common to the tools, SDKs, libraries – the other APIs – we use on a daily basis, and how we can apply them to the web APIs we’re building.
talk_description: Federated identity and authentication come in a number of flavors. There’s OAuth, OpenID Connect, SAML, FIDO, and Web Authn to name a few.
Learn about the pros, cons, and use cases for each.
talk_description: An Intro to PHP Internals: Getting Involved Without Being an Expert in C
“I don’t know C!”, is probably one of the most common excuses that us PHP developers give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don’t want to touch PHP internals with a ten-foot pole.
Contrary to popular belief, being an internals contributor isn’t just for C experts that play in a “toxic kindergarten;” in fact, there are myriad ways to get involved with PHP internals without writing a single line of C code and that doesn’t play into any toxicity at all.
And on top of some of the conventional ways to get involved with PHP internals, you’ll learn about some new and exciting projects that desperately need a courageous person (read, “you”) to launch.
If you’re ready to meet a lovely, helpful community of passionate individuals who will mentor and support your efforts to make PHP better, this talk will encourage and inspire you to join me on an epic journey to the center of PHP internals.
talk_description: Get a quick refresher on all aspects of Objects, as we cover basic inheritance and method/property visibility. We’ll learn these by example. We’ll see magic methods and anonymous functions. We’ll also learn about Exceptions and error handling the PHP way.
talk_description: We’ve all heard about ‘API First’ when it comes to building a new product or feature. It can allow your team to develop in parallel, enable expansion to multiple platforms, and create an opportunity for outside integration.
But creating a usable and maintainable API doesn’t start with opening your IDE. If you want to build an API that will meet the long term needs of your users (both internal and external), you start by designing the interface they’ll consume, not writing the code that powers that interface.
In this session, we’ll consider the benefits of a design-first approach, how that contrasts some of our natural instincts as web developers, and how design-first works even when you don’t do ‘API first’.
talk_description: Biometric authentication is no longer relegated to science fiction and spy novels. It continues to become more and more popular as it is both secure and less obtrusive than the traditional password. However, the very nature of biometrics
requires special handling and forethought.
By the end of this session you will have learned:
How biometrics have advanced over the years
How you can utilize biometrics in your applications
How biometric data is different from other authentication methods
How to protect your application users from data breaches and account takeover
talk_description: Step debugging through the PHP engine with GDB/LLDB and Visual Studio Code
You may have already used Xdebug with your favorite IDE to step through your PHP apps line by line, but what happens “behind the curtain” at the C level? That’s where the GDB debugger steps in. In this talk, you will learn to:
Compile PHP from source with debug symbols
Run PHP scripts through the GDB debugger
Control GDB from the command line
Configure Visual Studio Code to step through the C code
By the end of the talk, you should feel more confident in exploring how the sausage is made by stepping through the C code.
talk_description: Naming things is hard but sorting out how your application should be structured shouldn’t be! It’s always frustrating when the boss or client hands you this giant ball of requirements and how everything is interconnected. Half the fun of programming is breaking these down and turning these requirements into code to solve the business needs. We’ll cover several code scenarios and show you the best way to break down complex domains.
talk_description: Does GraphQL signal the end of REST APIs? Does GraphQL really solve problems the REST pattern fails to address? Can the two be used in a complementary way?
In this session, we’ll take a high-level look at what GraphQL offers, as well as use cases where GraphQL is a good fit – and those where it isn’t. We’ll also explore what it takes to write code that consumes GraphQL, and the code that provides a GraphQL interface.
talk_description: Most people don’t stop to think about how their car works; They just turn the key and go. That’s not good enough for engineers, and the same isn’t good enough for programmers who rely on a software engine to get their work done.
This session is a high-level overview of what makes up the PHP runtime, how the pieces fit together, and what to expect as the language continues to evolve in the coming years. We’ll cover the lifecycle of a request, compilation, execution, caching, and leveraging all these tools to gain a broader understanding of what happens when you turn that key and ask your web server to go.
By the end of this session, you will have learned:
How to advise your customers on password strength
How to enforce users are leveraging strong passwords
How to protect your application from brute-force bypass attempts
How to securely authenticate a user without ever seeing their password
talk_description: Algorithms are much like design patterns. They are a way of collaborating and sharing an experience. As we think through how to solve a specific programming problem, we’re actually designing (or using) an algorithm. Meanwhile, the “fizz buzz” coding challenges we find in job interviews are based on the premise that most professional software developers and computer science graduates “can’t code their way out of a wet paper bag.” We won’t talk about fizz buzz, but we’ll talk through a programming problem. We’ll design an algorithm to convert numbers from decimal to hexadecimal and back – in our heads, without calculators, computers, or sprints(). It’s fun!
talk_description: As you design an API you’ll run into a few questions. How should you authenticate your users? Are there cases where you don’t even need to? There are a variety of authentication methods, which one is the best? It’s time to talk about API security – at least one aspect of it.
Each method has strengths and weaknesses, and the right authentication method depends on a few things: the kind of API you’re building, the users that consume it, and the context of the authentication. A client-side browser application shouldn’t use the same authentication mechanism as an API that serves data to other web services.
In this session, we’ll cover various authentication methods, and gain an understanding of the similarities and differences of the underlying mechanisms. We’ll also consider various use cases and the authentication concerns they introduce.
talk_description: Many developers using hosted database solutions like Amazon RDS or Microsoft Azure are familiar with the “encrypt at rest” checkbox provided by their host. This will provide a modicum of security, but only defends your data against a narrow set of potential threats. Instead, we’ll discuss both the threats this feature does and does not protect against and some practical approaches to handling the uncovered edge cases. Attendees will learn how their application can both encrypt and decrypt data before communicating with an external data store for complete data protection.
By the end of this session, you will have learned:
The difference between encryption at rest and in transit
Some of the approaches to end-to-end data protection
How to construct an application that handles protected data securely
talk_description: With the retirement of the last release of PHP 5, some sites are still scrambling to complete an upgrade that’s been in the works for a while. Others, who perhaps leverage the latest PHP has to offer, need even more than what’s delivered by default.
Whatever your motivation, join us for a high-speed journey through the process of creating, debugging, and releasing an extension for PHP 7 written in C/C++. We’ll expose new functional and oop based APIs, wrap methods from 3rd-party libraries, and explore PHP’s type system in ways you never get to see from userland.
talk_description: We don’t need to burden modern PHP code with countless “require” or “include” statements. In this talk, we’ll learn how the PHP autoloader works, how to write our own autoloader, and how to work with composer’s autoloading map. We’ll see exactly how to design our namespaces for PSR-4 compatibility so everything “just works.” We’ll learn the PEAR and PECL conventions as well. We’ll finish by learning how to create our own packages for distribution and reuse.
talk_description: Requests and responses are the core of an API, and a significant part of the interface you’re designing. The code that consumes your API needs to create the request, and parse the response, so it’s worth considering what formats are natural for those consumers, not just what’s natural for the API code we’ll be writing.
But the consuming code isn’t the only thing to consider. If you have to support multiple formats, how do you do that consistently? What techniques can be used in APIs that need to handle binary data as well?
In this session, we’ll take a look at common request and response formats. We’ll also consider the advantages of each, not just in terms of the consuming code, but also use case and context. Finally, we’ll explore the general structure of API requests and responses for different API design patterns.
talk_description: Mobile devices, namely smartphones allow users to perform several actions from the basic phone call, the use of geo-location services and even processing payments. Though how are mobile applications able to perform so many actions on behalf of a user? What really happens when a user gives an application permission to use device services? Join us in this talk as we dive deep on different user-facing mobile permissions, learn about the potential risks of accepting permissions, and walk through cases studies of how device permissions could serve as potential risks to the end user.
By the end of this session, you will have learned:
The differences between Android and iOS device permissions
What device permissions are typically asked of mobile device users?
How asking for too many permissions might put the end user at risk?
talk_description: As you might have already heard from a grumpy individual, adding more tests to your codebase is crucial to its stability over time. This talk isn’t about adding tests to your PHP codebase; it’s about adding tests to the PHP language itself. And the best part is, all the tests are written in PHP so you don’t even have to dust off that old C book from college.
In this talk, we will show you how to find untested parts of the PHP source code, how to write a test for the untested feature and how to submit your tests to PHP internals. Not only will you be making PHP more stable and reliable, but there’s a good chance the tests you write will give you a deeper understanding of PHP; the knowledge you can use to improve your own codebases. Not to mention you’ll be able to call yourself an internals contributor. Come on in! The water’s fine!