PHP Conference UK, 2006

Yesterday I attended the UK's first PHP conference at LSBU. This was a low-cost, volunteer-run affair organised by the local PHP user group - and it was admittedly a little rough around the edges. However it was competently run and, taking it as an enthusiast's conference rather than a professional one, very much satisfactory. The conference was sponsored by O'Reilly, City Safe, Packt Publishing, Word Tracker and Propel Recruitment.

The conference took the form of a day of talks held in a university lecture theatre, with coffee and lunch breaks, but no lunch provided (something which the organisers may not have planned on, although there were adequate food sources nearby). Further, there were a number of technical hitches during the day when the venue's equipment either failed or wouldn't integrate with the speakers' equipment (which admittedly threw a couple of faults of its own). Fortunately, these were not overly disruptive (with enough geeks, all bugs are shallow) and the venue was modern and comfortable with excellent accoustics and high-speed WiFi.

Being an enthusiast's conference, with WiFi, the audience was well-equipped with laptops and were thus able to take notes and explore websites linked from the talks; I'm sure many notes were taken and blogs posted. As is common at PHP-London meetings, most of the laptops were Apple Macs; the combination of functional desktop and unix architechture seems to be a popular one among PHP developers.

The first talk was given by Derick Rethans on "ez Components" - a PHP toolkit providing useful base functionality such as configuration reading and management, caching, cli and mail tools (among others). To me, this talk was useful on the basis of the development and coding techniques used, as well as in bringing me up to speed on a few PHP5 developments I'd not caught up with. The use of function namespacing (as in this site's codebase, but sadly missing from PHP itself) was of interest as I was wondering if this was just some weird idea that only I used.

Besides technical discussion of such things as SQL connection pooling, the actual subject matter - the component library - was interesting (and something I could conceivably use in future). The tools themselves (although not fully described) seem distinctly useful, and the knowledge of the coding techniques used gave me confidence in the quality of the library.

Unfortunately the talk over-ran (I presume Derick is not a particularly praticed presenter) and we didn't get the full material before the break, but I certainly learned something from the talk and would suggest that anyone needing a component library take a good look at this one, which seems to fit the open source requirements of high code quality and active development.

After a belated break (it having been pointed out to the organisers that the sponsors would not appreciate being deprived of face-time with the participants) we moved onto the second talk, and the most visibly nervous presenter, Pavel Kozlowski with a talk on "Pico and Dependency Injection". Now, before this talk I'd heard a fair bit about "dependency injection" from Marcus (from whom I suspect I've learned a great deal) but never really understood what it was; the word "injection" for me having very negative connotations of SQL and code injection attacks.

In fact that's not the issued. Dependency Injection is, if I may make a stab at a definition, the problem of providing code elements with their functional dependencies closely enough to be effective, but loosely enough to make unit testing and isolated development pratcical. Methods of providing such dependencies vary from calling 'new' within the dependent object, through use of a DAO registry to a fully-fledged DI container such as Pico.

I won't go into much technical detail, as these concepts are still fairly new to me, beyond saying that Pico essentially acts as a dependency "broker" which accepts registrations by classes (in part) according to the interfaces they provide or the requirements of their constructors. I'll leave the rest to the Pico site itself.

Unfortunately this talk also ran out of time, although it was probably fortunate that the organisers were keeping on top of time by now; I'd have liked to here more but at least have a useful start point.

Lunch was a "seek and ye shall find" affair; I found a Nando's (portugese spiced chicken chain) and had a very pleasant meal in the company of a Swiss delegate, but found that Nando's idea of "medium" is rather hotter than my own. The lunchbreak also gave me a chance to get to the O'Reilly stand and feed my tech-book habit; I walked out with the SQL cookbook, PHP Hacks, a Podcasting pocket guide and (given to me for free later) an book on PHPUnit. Something of a haul, but 30% off for show prices helped. I also notice O'Reilly are releasing a "Head-First" series with a much lighter "voice"; personally I didn't think the cartoony elements were for me but I'm told they've been well received. Certainly the presentation of "Design Patterns" as "Why make your own mistakes when you can learn from others" is an interesting approach...

After lunch, Matt Zandstra - Author, Yahoo! senior developer and, to be frank, rather disappointing speaker. Matt's material on "The Template Path" was at best tangentially related to PHP and the presentation showed every sign of being an in-house training presentation. It didn't map well to the audience, who weren't generally interested in code specifics of in-house material they were unlikely ever to use. Yahoo! were actually recruiting at the event and I have to say I think Matt sold them short. I've got a copy of his book at the moment and will withold judgement until I've at least taken a look at it, but I really couldn't find much beyond a simple but interesing design pattern to take away from the presentation.

Update: Evidently Matt can write pretty well; the PHP5 exceptions article is extremely clear and readable. I suspect that if he'd billed his talk as "stuff you can do at Yahoo! if we hire you" and it had been one of alternative tracks, the talk would have worked much better.

Following that, however, a much more interesting presentation by Christopher Kunz: "I've been told to scare you awake". Well it wasn't quite that terrifying (as I'd already been studying PHP security recently) but it did make the point that "there's always going to be one more vulnerability". Some wince-inducing examples of "wild code" were shown but I was already familiar with the issues presented (not that I'm entirely immune to them in my own code yet). There were also some valid points on vulnerability disclosure and responsibility.

The focus of the talk, however, was the PHP Hardening patch, designed for and by ISP administrators to protect themselves and their users from internal and external attacks. It's not a complete solution to security - it doesn't claim to be - but it's a good start, and seems to be compatible with most well-written code (at least my own apps still work when I recompiled PHP after adding it on this server). I'll let the patch speak for itself, but I strongly advise that you take a look at it, and also at Christopher's book (at least, once it gets an english translation - any volunteers?), at which I was able to get a quick look after the conference.

The final talk of the day was something of an oddball - Harry Fuecks of SitePoint basically talking about why AJAX was overhyped and tricky to use effectively (and often misused) (talk resources here). Harry, this isn't news! Any technology can suffer from these issues and it's down to the developer to work around them. Had this been a presentation on how to work around them it might have been more interesting, but in the end I wasn't told anything I didn't know (in fact I'd already solved some of the issues mentioned in my own implementations) and the negative topic was unsatisfying. It might have served better on a multi-track conference where there were alternative topics.

That said, Harry's actually a pretty good speaker, and with a better topic (and he's certainly got the material) I could have really enjoyed his presentation; certainly his site's extremely useful (if slightly over-commercial, to my mind).

After Harry's talk there was the gathering of the feedback forms and then the Closing (which I imagine the organisers didn't gather much feedback on...) which involved a number of book giveaways and the traditional "Thanks to all". Following this, a number of us repaired to Living Space for free beer (courtesy of CitySafe, who are hiring) and general chat and (nominally) blogging; it was at this point that I installed the Hardening patch on this server (and *then* discovered an XSS attack on one of the sites had recently succeeded - I think I know why, though).

All in all, a good event; certainly worth the time and money, and a very promising first event. Congratulations and thanks to the organisers, and thanks also to all sponsors and speakers.

Update: It occurs to me that, while not all the talks were "great", no-one can really expect every single topic at a conference to excite them and that this is really just an artefact of a single-track conference. It'd be interesting to see if next year's can be made multi-track.

Disclaimer: I am a member of PHP-London but was not involved in the organisation of the conference. Hopefully I will be able to help out next year if the group decide to repeat the exercise.

Posted by parsingphase, 2006-02-11 11:00

Anonymous user



Contact Richard