Second day of the ZendCon Europe! Like for the first day, I'll sum up in this post "my" conference, meaning the sessions and keynotes I saw, chronologically from my notes.
Keynote - Moving to the Cloud & Services: The Microsoft Case
... Going to write just what wrote in my notebook during the conference...
Essentially : "Roles are evolving, we need to do more continuous deployment/integration/etc! And look, we've got tools to do that! Windows Azure! Visual Studio Online! Come to the Dark Side, we have cookies!"
Except they were victims of the demo effect. And it was overall pretty boring.
A session about Composer! I never worked directly with the tool, but I've recently worked mostly with node.js so I know npm, and Composer is basically npm for PHP (or is it the other way?)
The session was about everything around Composer: Specifying versions, the ability to specify the minimum stability needed for a package, conditional dependencies, dev dependencies, autoloading, class maps...
Not anything revolutionary, but a nice introduction nevertheless.
I went to see a talk about refactoring! No magical recipes were given here but I found the session dynamic, and reassuring, as it's always good to be able to assert that what we try to put in practice every day is the good thing.
It was also a reminder that refactoring is something to do at all times, and that while we're doing it, no functionality in the code should be modified, even if it's often quite tempting!
Security : Dealing with other’s nightmares
A session about security!
It started with a fun analogy about the Internet, to explain why everyone, not just Google or Facebook, is a potential target and needs to care about security : "The Internet is a parking lot: a thief will just go for the first car door which opens, not necessarily for the prettiest car". The point was that some (automated) attackers just try to see "if the door opens", and if it doesn't, go try another website.
Indeed, the whole talk was about the security risks on the web (more generally than just PHP related), with various bits of information, including:
- The fact that there are publicly available lists of bad IP ranges to ban to avoid attacks by bots
- The necessity to be careful not to attract attackers, by not letting things such as phpinfo, changelogs and default installation files being available on servers
- The necessity to avoid weak passwords and stuff like the default admin/admin combination (or 00000000)
- The fact that just blacklisting user-agents from some bots could work
- The fact that some backdoors, drive by downloads problems could be discovered just by having an anti-virus installed
The talk concluded with this : While PHP is our friend, some of its features should be disabled or configured appropriately (like
display_errors), and that PHP has buddies to help, like suhosin.
This was actually an UnCon session, which were sessions in which anyone could talk. Julien Pauli was the one who talked there, and he presented what the OPcache was, why it was useful (because what PHP does by default is compile, execute, then forget what was just compiled), and in what situations the opcode generated by PHP could be optimized by the Zend Optimizer which is was integrated in PHP 5.5.
It was an interesting talk (even if I can't very well explain it in other ways that "the opcode gets optimized! Then is cached!") so I'm glad I noticed this talk was organized, as none of the three sessions at the same time in the schedule interested me.
Beyond PHP: it is not (just) about the code!
This talk had a set objective to be an "eye-opener" for developers which always have their nose in the code.
While it may be a bit exaggerated, it was indeed a good talk, which showed with examples how working applications could suddenly start to have problems because of factors external to the code.
3 main examples were given:
- A DB problem (the replication of a database becoming slow)
- A network problem due to too much data being transferred from the DB to the application while not much of it was really being used (
- Another network problem, due to a
file_get_contentsgetting external resources. Since PHP's default timeout for this is 60 seconds, it's quite problematic not to get an answer for all this time... (Plus that example also had problems with the code).
Finally, we were warned about I/O bottlenecks in case of excessive reads and writes, and warned about NFS.
Final keynote: The evolution of Devops
My favorite part of that talk was in the beginning. Not because it was bad, but because of what the speaker, Davey Shafik explained: When people asked him what he was doing for a living, his answer wasn't "making web pages", but "building the Internet". I like that job description :)
Anyway, this final keynote was about the evolution of the jobs of PHP developers as devops, with a job that extends more and more with the management of data in the cloud and continuous integration and deployment.
He talked about being a Devops (starting at 127.0.0.1, until deploying to production), of the complexity of today's environments (servers, languages, caching, databases...), of Service Oriented Architecture, of Separation of Concerns
The conclusion of the talk : Start using Vagrant, learn Chef or Puppet, deep dive into HTTP, think about caching, check out Apigility. A nice wrap-up for the whole conference.
The full list of talks, including all the ones I couldn't see and some of the slides for the conference are available on joind.in and on the ZendCon Europe website (but I guess the 2013 schedule will be erased when next year's is announced, as a 2014 edition was just confirmed).
I was quite satisfied by the ZendCon Europe and would totally recommend it, even if it's a bit pricey.
If anything, I wish the talks would've focused a bit more on other frameworks and tools - Symfony and Zend Framework may dominate the enterprise market, but it seems that Laravel's adoption is skyrocketing, and there are other tools (CakePHP, CodeIgniter, FuelPHP...) which deserve to be mentioned and represented.