Friday, October 30, 2009

Barcelona PHP Conference Day 1 #phpbcn2009

First day of is finished and it was very enjoyable. The location was the same as last year, so was the quality of the organization. I saw six talks, here are small summaries:

KISS by Derick Rethans:

Pretty much a beginners, introduction and common sense talk. Most of it not even directly relevant to PHP. A bit of a disappointment, might have been more interesting for customers than developers.

No slides up yet, but they were very similar to these: Kiss Phpnw08

Trees in the database by Lorenzo Alberton:

A very interesting talk about ways to store trees in a database, which is something everyone has to deal with at some point. He started with the simple "parent-child" method and showed some of the problems with it. Then went through some better versions like the "nested set model", which is for example used in Doctrine. He finished with the "nested interval model", where I think I saw some smoke coming out of some heads around me (and probably mine).

Finally he showed how trees are supported directly in some of the databases and the SQL99 standard.

It would be nice if the "nested interval method" would end up in Doctrine too. And maybe support for the database extensions too, though at the moment I just care for mysql and here is a link with some information how to do the stuff there.

The slides are here: Trees in The Database

Talk by Rasmus Lerdorf

Rasmus did a two part talk. The first part was about performance and ranged from suggestions to replace lots of expensive library calls with simple echos to introductions into strace, valgrind and xdebug. He likes to complain about frameworks and abstraction, for which he got some angry looks out of the framework corners.

Second part was about security, where he showed some problems through examples in live sites. Because someone twittered about it before he wasn't able to show the ".svn" files on elpais, but he managed to show an interesting XSS exploit on another newspaper page. Then he went on about the "filter" extension, which I don't like much because I see it as just another Swiss army knife function for something which should belong into PEAR libraries or frameworks. One good thing about it is that you can switch it on globally so that you can block most attacks automatically and skip it for special cases, this reminds me a bit of magic quotes though and how much I hate those.

It was very interesting and he is a very charismatic talker, which helps obviously. The questions after the talk came mostly from the framework guys who pointed out that the security part is easier to fix with one of those, because you have centralized points where you can put your security hooks.

And the PHP filter extension is a bit like a "security framework" only that most PHP programmers won't be able to see or change the source.

Most of the people in the audience have different problems to solve than Rasmus, because we need to build websites quick and we don't have the amount of hits that Yahoo gets. But he gave some good pointers and I certainly get my Xdebug profiler out more often.

Ajax for scalability by Erik Schultink

Erik works for Tuenti, which is a facebook clone for the Spanish market. They have millions of hits and more or less the same scalability problems as the original. They use ajax to build the complete page and basically just retrieve json from their servers. He described everything they do to increase their performance, from the server farm set-up, CDN usage and monitoring to the distribution of the image sizes on the website.

This was a very good talk and I wish I had their problems or they would have an office with an opening in Barcelona :-) These are your guys if you want to work for facebook, but live in Madrid.

I wish I had a link to slides, but I don't

Integrating Zend Framework and Symfony by Stefan Koopmanschap

Stefan is the community manager for Symfony and gave some examples of integrating Zend components in Symfony and Symfony components into the Zend framework. He gave some small examples of both ways and introduction to some of the nice components of both worlds.

I definitely have to look more into the Zend framework and see if I can pick some nice things up. The twitter component would have made my life a lot easier while developing krass sets

And there are slides up for the talk.

PHundamental Security by Hans ZaunereDamien Seguy

As the title said: basic security stuff about the typical injection. The slides were a bit confusing at times. Good stuff I picked up: some more evil PHP functions to circumvent register_globals=off, using the tokeniser to find problematic code and using statistic analysis to find problems.

He also mentioned some black-box tools to help find problems in websites, but I forgot them and I can't find slides either.

Tomorrow is day 2, which looks promising again with talks by Herrn PHPUnit and Monsieur Symfony and some other goodies.


  1. the las talk was about security but the speaker was Damien Seguy.
    The organization had to move the speech of Jan Willem Eshuis to Saturday at 11:00.
    Hans Zaunere will do his presentation at 9:30.

  2. Corrected the speaker of the last talk now, cheers.