Two weeks ago, we attended the PHP Tour 2015, organized by AFUP, the French PHP Users Association in Luxembourg. It was a great chance to meet other passionate developers, to exchange about current PHP best practices, brand new frameworks, or other indispensable tips to enhance our productivity. But it was also the occasion to watch several interesting talks.
The theme of this edition was the cloud. A lot of conferences were about migration from physical server to multi-scalable instances, and how to secure deployments.
The Continuous PHP Pipeline, by Michelangelo van Dam
As a first talk, this was a good one. Michelangelo talked about continous deployment. Automating every step of the development process is fundamental to let developers do what they do the best: develop. Then, the recipe to transform production deployment for big events to a common task you can do every day is:
- Use Vagrant or Docker to manage your system infrastructure,
- Think about a SCM workflow to not let other developers get in your work,
- Detect regressions ASAP with continous integration (Jenkins, Travis, etc.)
- Smooth production deployment using continous full automated deployment
About continous integration, I especially remember of one quote, which illustrates perfectly agility in development:
This talk showed a wide range of tools used to enhance your development process, to spend less time in cumbersome tasks, and think more about business solutions. We fully agree with it, as these concepts have been used for several years at marmelab. ;)
Extra kudos for discovering NetFlix Chaos Monkey, an evil monkey shutting down random parts of your AWS infrastructure.
The Promise of Asynchrounous PHP, by Wim Godden
I was pretty lukewarm before attending to this talk. As a pragmatic developer, I generally try to use the right tool for the right purpose. If I want to do some asynchrounous tasks, I use Node.js or Golang, not PHP. Yet, I was curious enough to watch this speaker.
That was a nice surprise. I discovered ReactPHP, a well-thought framework. It looks a lot like JS promises, which I’ve come to become fond of. If I were trapped in a pure PHP project, it would be worth to give ReactPHP a try. Otherwise, I would just keep Node.js. Indeed, some features or tools are still lacking to do asynchronous PHP efficiently. For instance, the excellent async utility to control multiple promises execution flow.
Side-effect discovery: there is already a built-in Thread class in PHP to manage asynchrounous tasks.
Code your infrastructure, by Oswald De Riemaecker
Oswald’s motto is “Developers should focus on code, not on deployment”. After a quick explanation about different provisionning tools (Puppet / Chef / Ansible), he focused on how to deploy PHP code with Chef, Berkshelf, Kitchen, Knife, Serverspec, Vagrant and Packer.
Chefis used to provision servers in the architecture (installing Apache, MySQL & Solr) with a couple of cookbooks
Knifeis the command line tool helping to manage recipes
Berkshelfmanage cookbook dependencies
Serverspecallow to test cookbooks automatically
Packercreates images (iso/ami/..) that can be deployed to a cloud prodiver
This was a complete overview of how we can provision, test and deploy a simple application on a cloud infrastructure with some code and configuration.
Comment migrer avec succès dans le cloud ? by Jonathan Van Belle
This talk was an honest feedback about how to migrate a nightmare website (no best practice, no documentation, huge developer turn-over) into a cloudy infrastructure. However, I didn’t catch with this talk. The main motto of this talk is “Ask help everytime you need!”. Of course it is still a valuable advice, but the lack of technical section left me a little bit disappointed.
Frameworks: an History of Violence, by François Zaninotto
Disclaimer: François is my boss at marmelab. So, yes, it is an excellent talk. ;)
More seriously, this talk was great, both in substance and form. François plays the leader of the Innovation Party, and tries to convinces the audience that we should not rely on big full-stack frameworks. Indeed, these frameworks are changing, unlike the business domain, which would still be topical. We should rather use micro-frameworks to reduce dependencies to a single code chunk. And do not hesitate to test new technologies into your real-world application. This way, you will be able to follow Web evolution without being stuck with outdated frameworks.
Sauf erreur, je ne me trompe jamais, by Frederic Bouchery
Frederic explained during this talk how we should deal with errors in our PHP applications. To sum up, log everything but don’t show any error messages for security reasons. Only banalities then (but just my personal opinion (-:).
Ansible pour le Cloud, by Maxime Thoonsen
I never use Ansible before. This talk inspired me a lot, and I will probably give it a try. Ansible allows to deploy apps based on configuration files, setuping your system easily. It integrates well with Docker containers, used both to install Docker on a fresh server, and to configure your container using some recipes.
Retour d’expérience ARTE, par Thibault Lenclos
Thibault gave us some insights about processes to build a brand new REST API for ARTE. Thibault and his team worked the agile way (daily stand-ups, task prioritization, etc.), using continous integration as a safety net. He also shared a lot of technical details about what they used for automation, development and monitoring. Nice humane and technical feedbacks.
Nobody Understands REST, but it is OK, by William Durand
William presented what REST really is: more than just using HTTP methods (GET, POST, etc.), it is also about HATEOAS and semantics. Yet, even if it sounds good, it is impossible to industrialize a strict RESTful API, and we should go toward a degraded REST standard that William calls HTTP++. Very instructive talk, with a good trip back to reality.
Security workshop by Manuel Silvoso
I registered to the security workshop without a lot of hope. Generally, these kind of workshops show only the basic SQL injection and XSS vulnerabilities. Yet, it was the best security workshop I ever attended. I was nicely surprised. Manuel Silvoso let us of course manipulate these flaws, but also went further:
- How to secure passwords correctly, with
- Generate one-time password with Yubikeys, a hardware device linked to an API
- Discovering of XSS dangers through BeeF Framework
- OWASP Cheat Sheet, a list of known vulnerabilities and how to counter them
- Detect vulnerabilities using honey pots, IDS or tar traps
- Lot of other stuff
Slides are not publicly available. But if you want to play with his vulnerable app, that’s on GitHub: msilvoso/vulnerableApp.
MVVM and Silex, by Billie Thomson
Today, applications are often developed using a client framework such as Angular.js or React. The server application is then pushed to background, exposing only an API. This refreshing talk presented this new way of structuring web applications, using Angular and Silex, but also with an introduction to Express. Speaking of Node.js in PHP Tour was a daring but successful bet!
PHP deploy 2015 flavor, by Quentin Adam
Here is another talk about deployment and its best practices. We can list:
- Do not use file system as a datastore (true for logs too)
- Mix datastores, each one has its own strengths and weaknesses
- Modularize your app with event brokers
- Do not commit dependencies
A good talk, even if there was too many animated Gifs.
Chroniques d’un voyage vers l’Est, by Frédéric Hardy
I got tangled up in this talk. It deals with the application of strict object oriented programming. An object should only be aware of its own functioning and of its interface with the outside world. If the basic idea looks good, the practice implies a lot of interfaces, which as far as I understand, complexify the code a great deal. But I probably missed the point. :)
PHP7 is coming, by Julien Pauli
A quick overview of new features of PHP7:
- Syntaxic sugar with
<=>(kudos for the name) operators,
- Fatal errors are turned into exceptions,
- Scalar type hinting,
- Ability to declare return types for functions,
- Anonymous classes, like anonymous functions
Performance isn’t forgotten in this new version. You can expect using half the memory and CPU power with version 7 compared to PHP6.
This was the first edition of PHP Tour we attended to. We were delightly surprised by the quality of talks, which were quite varied. See you again in 2016?