PHPBenelux Conference 2020: the atmosphere and the best talks
The setting: the Wild West. The people: enthusiastic, playful and eager to learn. The tutorials and talks: amusing, fascinating and innovative. Once again, there were lots and lots of ideas that could be picked up at the PHPBenelux Conference 2020. This is an impression of the event and an overview of the talks that made an impression on us.
PHPBenelux: elephants in the Wild West
For the 11th edition of PHPBenelux conference, which took place on Friday 24 and Saturday 25 January at the Ter Elst Hotel in Edegem, the attendees were immersed in a Wild West atmosphere. The entire setting of the hall was brilliantly in theme, from cacti to pillory.
All the sponsors got into the western theme: you could toss horseshoes there, try out your luck in the casino or prove your courage with a ‘snake in a hat’ game. Meantime, a podcast was also being recorded in an actual sheriff’s booth. In what has become a tradition, Combell was a permanent partner again this year. And keeping up the annual habit, Stijn and Romy were again in attendance at the Combell stand to warmly welcome visitors. If you dared, you could test out your cowboy shooting skills to try and win a Nerf gun.
Busy programme with extra attention for students and diversity
Lots of ancillary promotional events provided the necessary recreation between the fascinating presentations. And just as always, there was a richly filled programme: practical tutorials on Friday morning along with interesting presentations in the afternoon and all day Saturday. A community-developed app (https://phpbenelux2020.glideapp.io/) made it easy to map out your schedule in advance.
This year, the organisers wanted to devote special attention to students. Although the entrance prices are very reasonable, thanks to generous sponsors, they can still be rather more than students can often afford. For that reason, students this year benefited from exceptional discounts on presentation of their student card.
The world of developers can often seem like an exclusive, male club for geeks – but it looks like this is changing little by little. Not only the number of female speakers, but also the number of female attendees is increasing year by year. PHPBenelux would therefore like to promote the inclusive character of the community worldwide. A separate group photograph of the ladies who help to make the conference more female-friendly and diverse is used to highlight that fact each year.
The Friday morning tutorials provided very specific tips on how to approach certain problems. The list of subjects was a developer’s dream – from Docker and Scratch to Domain-driven design and user experience design. We are already looking forward to the subjects that will feature at the next edition of the PHPBenelux Conference!
Some talks that made an impression on us
Naturally, the opening keynote Which Way is the ElePHPant Pointed and other ElePHPant Jokes from legendary PHP developer Cal Evans was the must for anyone present. The elephant jokes are not original. Cal gave an overview of PHP’s development over the years, and called for the people who made PHP possible to be given a vote of thanks.
Human beings can only be in one place at a time, and consequently the Combell team had difficult decisions to make: which presentations to attend? A selection of what they remember from the sessions they did ultimately attend is presented below.
1. Making your application faster with OPCache, Realpath Cache and Preloading
We have, of course, put our very own Jachim Coudenys, PHP developer at Combell, and co-organiser of PHP-WVL, at the front of our list! In his PHP OPCache, Realpath Cache and Preloading presentation, he demonstrated how you can make your applications run a whole lot faster by the way you have your PHP configured. He went deeper into OPCache, Realpath Cache and Preloading: how they work and how you can use them. And he made the connection to how Combell uses this to allow websites and applications to perform better.
2. PHP can definitely cope with serialization
In the Advanced Serialization presentation, Michelle Sanver related her experience of being confronted with the bottleneck produced by serializing. Serialization is the conversion of a data structure into a storable representation so that it can be stored in a file, a memory buffer, or transmitted across a network.
99% of the time, the existing implementations are sufficient. The dataset used has versions, and many variations in the data. Thus, you cannot just serialize straight out-of-the-box as it would be too slow. The datasets are so huge and complex that with a 100, or sometimes even just 50 products, PHP runs out of memory (OOM).
Inspired by Golang, the team managed to make compiled serialization handling superfast. But PHP can do that as well: by generating PHP code for specific versions the performance will be improved by no less than 55%!
3. You can set up an Elastic Stack really quickly in Docker
In Centralized Logging Patterns, Philipp Krenn, developer and evangelist with Elastic, gave an overview of Elastic Stack, which is a centralized logging technology, also used at Combell. He related how new extensions can be made in Elastic’s Monolog for logging in the Elastic Common Schema format. The presentation showed once again how quickly you can set up an Elastic stack (elasticsearch, kibana, logstash, beats) in Docker.
4. Security: new variations on old risks
Christian Wenz presented an overview of the latest Web Application Security Trends to keep you, as a developer, alert. By now, every developer is aware of the risks of XSS so that should actually not represent a problem anymore. But, in the meantime, the bad guys have found new variations on their old means of attack. A few tips from Christian:
- So many markup languages are used and each has its own escape sequence.
- Use a Content-Security-Policy (CSP) header on your website (and use level 2!). There is a risk that this will break things. But, in any event, use ‘script-src: unsafe-inline’ and if you do, then do not use CSP at all. In addition, work as strictly as possible.
- Do not trust any links, use ‘<a href='https://example.org' rel='noopener noreferer'>example</a>’. Otherwise, people can do really dangerous things with the JS ‘window.opener’ API, such as turning the original site into a phishing site.
- Do not allow any frames. Use 'X-Frame-Options: deny' where possible to prevent click-jacking.
5. RUM starts distributed tracing already in the browser
In Pairing with RUM: How DevOps can benefit from Realtime Using Monitoring, Ram Iyengar gave a nice overview of distributed tracing – which coordinated well with the talk about Elastic. Now that everything is becoming more and more microservices, and a single request can go through multiple systems, distributed tracing is extremely handy. But with RUM, it already starts in the browser, where we also track all the different assets we load up (such as the loading waterfall from Chrome Developer Tools).
6. You have to learn how to teach
The final presentation of day 1 did not actually have anything to do with PHP: in Stepping Outside your Comfort Zone: Learning to Teach, you were introduced to the different methods of learning. Heather White, herself a teacher-trainer, showed how best to present and structure information in order to reach all students.
7. Keep your architecture clean with DepTrack
Simon Mönch showed in Keep your architecture clean how you can maintain an overview with DepTrack, a package that checks your code. It ensures that you do not overlap the various layers in your application too much. For example, this enables you to prevent domain logic using code from frameworks, etc. And your core business logic stays more neatly in its own layer, with the additional advantage that you can simply move your framework if necessary.
8. There is still no native solution for Enums
Unfortunately, Andy Snell had to disappoint you about this in his talk Enums: The Missing Data Type… There is still no datatype for Enums, the "lists" in PHP, except for boolean (true & false). Many have already tried to make it part of the language but without success. There are indeed a number of UserLAnd packages which make Enum functionality possible in PHP, but a native Enum type in the language itself remains lacking.
9. And, above all, do not make it too easy for the hacker!
Yet more security tips were on offer from Srdjan Vranac, during his talk that was ironically entitled Be nice, help the person who hacks your servers to get your data. It is incredible but true that far too many secrets are still being saved in ordinary text files. And that can have serious consequences from a business perspective. Because if someone gains access to those files, then in the best case your company will lose some money, but in the worst case, it might simply go out of business.
It is therefore best to regularly rotate your secrets, and to use dynamically (compiled) secrets. Apply the principle: everything is a secret. ‘${USER}:${PASSWORD}@${MYSQLHOST}:${MYSQLPORT}’ is a formula that works wonders: it makes it really simple to maintain consistency throughout various environments: development, staging, acceptance and production.
And why not use a management tool for your secrets, such as Hashicorp Vault?
10. RAFT keeps clusters of computers in sync
Joshua Thijssen gave a great, in-depth overview of the RAFT technology in RAFT: A story of how clusters of computers keep your data in sync. When you are operating various servers, it is always possible for one of them to stop working or become unreachable due to network problems. RAFT technology helps to ensure that the system can remain in operation. In simple terms, the various servers agree which one is the master. The technology is hidden behind Elasticsearch, MongoDB, etc.
In reality, RAFT is a distributed consensus algorithm. It was created as an alternative to Paxos, which was found to be too complex. RAFT, on the other hand, was deliberately kept simple. RAFT rests on 3 pillars: Leader election – there can be only one leader; log replication – to ensure that the data is the same everywhere; and safety – so as to NEVER display an incorrect result.
11. Keep a careful eye on your PHP
We began with Jachim, a Combell colleague who shared his wisdom at PHPBenelux, and we end this report with another colleague: Ike Devolder, Devops Developer at Combell. He too prides himself on performance – but from a different perspective: keep an eye on what your PHP is doing. In his talk Spying on PHP, he gave an introduction to PHPSpy, a sampling profiler for PHP. It enables you to monitor what is going on in your PHP without you having to make any changes to your PHP.
This is actually Strace, a Unix tool that traces system calls but for PHP. You decide what effect PHPSpy has on performance, because you yourself can configure the sample rate. Ike is very enthusiastic about PHPSpy and he believes it deserves more attention.
Very interesting subjects – but, hey, do not think that it was all strictly serious stuff! There was plenty of laughter and a great atmosphere, especially during the moments of relaxation on Friday and Saturday. The PHPBenelux photo report on our Facebook page makes that very clear!