PHP UK Conference
I went to this year’s PHP conference in London at the Business Design Centre. Approximately 450 people attended from various backgrounds – Developers, consultants and team managers. The conference was sponsored by Microsoft WebsiteSpark, PayPal X developer network and Facebook. Other companies that attended included ibuildings, TEK systems, O’Reilly’s amongst others.
All together there were 16 talks. The speakers list included Johannes Schluter release manager for the PHP 5.3 series, Josh Holmes of Microsoft and Stephan Koopmanschap who’s worked on PHPBB and the Zend Framework.
Below is a brief summary of three talks. I won’t go into any detail but just highlight some concepts leaving you to delve deeper should you wish.
The list below is literally a few points that I took from the each of the talks that I thought were interesting. All the ideas are related to the title of each lecture.
Keynote talk
Josh Holmes
The lost art of simplicity
Recommended book: The inmates are running the asylum.
- Don’t be a victim of “The truck factor”. Truck factor: if the writer of the code gets hit by a truck you’ve lost the solution!
- Find technologies that “solve the problem for you”. Don’t do everything yourself.
- Don’t use the latest, greatest, shiniest tool just because everybody else does, it has to fit your project’s needs. Do you have the right tools for the job?
- Understand the rules, the fundamentals, know what’s happening “under the hood”. Study the essentials of programming regardless of the technology you’re using.
- A good way to test simplicity is to explain your solution to a non technical person, do they understand it easily?
- Let your users dictate what your next feature should be rather than predicting the future, keep ‘might be’ in the back of your head. Get the fundamentals done and launch.
- How many users do you see, talk to or even sit next to you during development? How well do you know a group of your users, what’s natural to you may not be natural to them.
- Don’t make technical decisions based on political or religious issues, i.e. ‘I want to do something to spite so and so’ or ‘I’m a believer in X so we should use it no matter what’.
Finally, a quote from Albert Einstein presented by Josh Holmes amongst his many slides (http://www.slideshare.net/joshholmes/the-lost-art-of-simplicity):
“Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction.”
Anti PHP patterns
Stephan Priebsch
- Don’t copy and paste chunks of code and have the same code repeated everywhere.
- Try to reduce the amount of constants, values of constants have to be memorised and it creates dependencies which are difficult to track.
- Use dependency injection or better yet class variables instead of global variables.
- Don’t have ‘God classes’( classes that do everything), make dumb objects that do their job and nothing else, break the code up so it’s more manageable.
PHP Code audits – security
Damien Seguy
- Interview the developer – to find out what the application does, what the business does, what information they need securing.
- Usually the view of a system between a programmer and non programmer is different. So get to the bottom of the key areas of security.
- Biggest fears are usually data loss, destruction or exploration.
- Security rules should be enforced by everyone, not one or two developers.
- Keep all non application folders outside of the webroot.
- When analysing your code focus on the entry points into code i.e. where user input is taken.
- Two areas of security breaches to bear in mind are: Code injections and XSS scripts.
