Saturday, October 31, 2009

Barcelona PHP Conference Day 2 #phpbcn2009

Even shorter summary of the second day of the Barcelona PHP conference. (see here for day 1)

Zend_Cache... by Enrico Zimuel

This was a introduction to the cache component of the Zend framework. It pretty much does what you expect: it wraps the common types of caching ( file, apc, memcached, ...) into a common API to make them easy to swap and use. It also has helper objects to support caching of PHP output with output buffering.

The State of Quality Assurance Tools for PHP by Sebastian Bergmann

Mr. PHPUnit gave a short introduction to testing and the PHPUnit framework. He then introduced some of the other tools that can help you with quality metrics of your software, these were:
  • phploc - counting lines and more
  • phpcpd - finding duplicate code
  • pdepend / phpmd - static code analysis
  • phpcs - code style and static code analysis
  • bytkit-clu - more analysis
He then continued to show how you would automate running these and include them in a continuous integration tool like CruiseControl with phpUnderControl or Hudson.

It was a good talk and gave an introduction to the whole process of quality assurance for projects.


Continuous Integration by Davide Mendola

Another talk about CI, which gave a bit more insight into the tools but because of the previous talk a lot of stuff was repeated and not a lot new information introduced.

One thing was obvious though: nobody is completely happy with the current tools, because they are all Java based and don't fit 100%. There seems to be a market now for new PHP CI tools and I am sure we will see some showing up in the near future. I would also see some of these using a MVC framework instead of being developed from scratch.

And for the hecklers in the back shouting "Xinc" : no release or commit since one year ? Maybe someone should pick that up again. :-)

Symfony 2.0 a sneak peak by Fabien Potencier

Fabien gave a very fast run through some of the new components and designs for Symfony 2.0. A lot of things will change and it will be difficult to port older projects, especially if you have business logic outside your models.

He spent a lot of time explaining the dependency container component and how and why it will be used in Symfony 2.0. I am a bit afraid that this will make things more complicated and difficult to debug or work with in an IDE. I usually don't like to see logic into configuration files, but now I at least understand why he is doing it and what advantages it will have in Symfony 2.0. I just hope I won't see these in every object and sometimes just simple injection is used.

I am looking forward to Symfony 2.0 though, I just got one suggestion to reduce Fabiens work a bit: throw away the Lime testing framework and use PHPUnit. Lime will never match the PHPUnit features and everything you need which isn't provided by PHPUnit yet is probably easy to integrate.

Open Classifieds by Chema Garrido

This was a refreshing different talk by the lone developer of Open Classifieds, which is an open-source classified web application. He developed it from scratch without using any framework (Rasmus would love this), it is very much in the spirit of the KISS talks of this weekend.

If I find time I will certainly have a look at it. And before the security concious object orientated dependency injecting agile caching crowd complains: give the guy a hand with a bit of code review if you find the time.

Open Classifieds Website

Friday, October 30, 2009

Barcelona PHP Conference Day 1 #phpbcn2009

First day of is finished and it was very enjoyable. The location was the same as last year, so was the quality of the organization. I saw six talks, here are small summaries:

KISS by Derick Rethans:

Pretty much a beginners, introduction and common sense talk. Most of it not even directly relevant to PHP. A bit of a disappointment, might have been more interesting for customers than developers.

No slides up yet, but they were very similar to these: Kiss Phpnw08

Trees in the database by Lorenzo Alberton:

A very interesting talk about ways to store trees in a database, which is something everyone has to deal with at some point. He started with the simple "parent-child" method and showed some of the problems with it. Then went through some better versions like the "nested set model", which is for example used in Doctrine. He finished with the "nested interval model", where I think I saw some smoke coming out of some heads around me (and probably mine).

Finally he showed how trees are supported directly in some of the databases and the SQL99 standard.

It would be nice if the "nested interval method" would end up in Doctrine too. And maybe support for the database extensions too, though at the moment I just care for mysql and here is a link with some information how to do the stuff there.

The slides are here: Trees in The Database

Talk by Rasmus Lerdorf

Rasmus did a two part talk. The first part was about performance and ranged from suggestions to replace lots of expensive library calls with simple echos to introductions into strace, valgrind and xdebug. He likes to complain about frameworks and abstraction, for which he got some angry looks out of the framework corners.

Second part was about security, where he showed some problems through examples in live sites. Because someone twittered about it before he wasn't able to show the ".svn" files on elpais, but he managed to show an interesting XSS exploit on another newspaper page. Then he went on about the "filter" extension, which I don't like much because I see it as just another Swiss army knife function for something which should belong into PEAR libraries or frameworks. One good thing about it is that you can switch it on globally so that you can block most attacks automatically and skip it for special cases, this reminds me a bit of magic quotes though and how much I hate those.

It was very interesting and he is a very charismatic talker, which helps obviously. The questions after the talk came mostly from the framework guys who pointed out that the security part is easier to fix with one of those, because you have centralized points where you can put your security hooks.

And the PHP filter extension is a bit like a "security framework" only that most PHP programmers won't be able to see or change the source.

Most of the people in the audience have different problems to solve than Rasmus, because we need to build websites quick and we don't have the amount of hits that Yahoo gets. But he gave some good pointers and I certainly get my Xdebug profiler out more often.

Ajax for scalability by Erik Schultink

Erik works for Tuenti, which is a facebook clone for the Spanish market. They have millions of hits and more or less the same scalability problems as the original. They use ajax to build the complete page and basically just retrieve json from their servers. He described everything they do to increase their performance, from the server farm set-up, CDN usage and monitoring to the distribution of the image sizes on the website.

This was a very good talk and I wish I had their problems or they would have an office with an opening in Barcelona :-) These are your guys if you want to work for facebook, but live in Madrid.

I wish I had a link to slides, but I don't

Integrating Zend Framework and Symfony by Stefan Koopmanschap

Stefan is the community manager for Symfony and gave some examples of integrating Zend components in Symfony and Symfony components into the Zend framework. He gave some small examples of both ways and introduction to some of the nice components of both worlds.

I definitely have to look more into the Zend framework and see if I can pick some nice things up. The twitter component would have made my life a lot easier while developing krass sets

And there are slides up for the talk.

PHundamental Security by Hans ZaunereDamien Seguy

As the title said: basic security stuff about the typical injection. The slides were a bit confusing at times. Good stuff I picked up: some more evil PHP functions to circumvent register_globals=off, using the tokeniser to find problematic code and using statistic analysis to find problems.

He also mentioned some black-box tools to help find problems in websites, but I forgot them and I can't find slides either.

Tomorrow is day 2, which looks promising again with talks by Herrn PHPUnit and Monsieur Symfony and some other goodies.