As the Host of the Dutch PHP Conference this year, you can imagine I'm squeaky-excited about the whole event. This story goes right back to last year though, when someone (Ivo? Cal? I don't know who) conceived the idea of including an unconference in this year's event. DPC is easily one of my favourite conferences and although I work for Ibuildings, I wasn't directly involved with its organisation last year. In the autumn I wrote a proposal for running the unconference, and it was agreed that we should do it. Fast forward a bit and I became the host of the main conference, which is great news but left a slightly abandoned unconference behind - until the PHPBenelux user group stepped up and will be hosting the unconference alongside our main event (thanks guys!)

I'm so excited about the unconference, although I don't know how our wider attendees will take to it as it hasn't been done before locally. In order to include as many people as possible (and to keep the admin overhead to a minimum) we'll schedule during the conference, on a first-come, first-served basis. This avoids the in-crowd getting voted into all the slots in advance; the uncon is for everyone to take part, not just for the people who are already well known! The uncon will also give us space to include extra on-demand sessions where people are wanting to see more about a particular topic, or see a demo of something a speaker mentions in a talk. Managing a changing schedule in real time will be interesting, we're planning a two-pronged approach with twitter and Joind.in and I'm hoping this will allow attendees to hear about things they want to see in time to actually see them!

Its a new venture and I'm really interested to see how it turns out ... if you're coming to the conference then I hope you will give the uncon a look (in between the other awesome sessions on the schedule of course) and also take the time to share your thoughts on this and on the event as a whole. If you're going to be there - leave a comment and let me know :)

I've been speaking at conferences since 2003, but I've never been as excited about a conference as I am about Webstock. I remember discussing it at the first Kiwi Foo Camp with Natasha Lampard and a few others. I liked the name — I love wordplay — and her enthusiasm was infectious; she wanted to make Webstock extraordinary.

The first Webstock took place just a year prior to that impromptu discussion, and it has quickly become the top web conference around. I first began to realize what a big deal Webstock was when Nat Torkington had this to say about it:

Back home safe, utterly exhausted after Webstock. Best. Conference. Evar.

For those who don't know Nat, he ran OSCON — usually my favorite conference each year — for a decade. He has also been heavily involved in lots of other O'Reilly conferences, including unconferences like Foo Camp and Kiwi Foo Camp. For him to call Webstock the best conference ever is really saying something.

Fast forward to today. I'm sitting in a Starbucks in Los Angeles. The new Vampire Weekend album is playing. 16 hours ago, I began my journey to Wellington, New Zealand, and in another 20 hours, I will land there. (This journey will take a full day and a half.) I've been busy with a really exciting Analog project lately, so I haven't blogged about Webstock yet. If you haven't registered, you should hurry. They were almost sold out a few days ago, so it might already be too late. If you're lucky enough to be going, I hope you'll say hello.

I'm giving a workshop called Evolution of Web Security that combines some of my previous talks with some new material, covering the security spectrum from old to new, technical to social:

This is a multi-faceted workshop that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I'll demonstrate how traditional exploits are being used together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I'll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.

I'm also giving a talk called Security-Centered Design that focuses and expands on some of the material from the workshop:

Security is more than filtering input and escaping output (FIEO), and it's more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn't even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception is as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I'll explore topics such as change blindness and ambient signifiers, and I'll show some real-world examples that demonstrate the profound impact human behavior can have on security.

I gave this talk a few times in 2009, and I have updated it for 2010. Although the technical-to-social shift of web security isn't a topic that's being talked about that much yet, the transition is evident in a lot of recent activity, including solutions like OAuth and Facebook Connect. We need more people thinking about how to solve evolving technical and social problems. I don't pretend to have all the answers, but I hope this talk can be a catalyst for more awareness and discussion.

Webstock, here I come!

Sat, 13 Feb 2010 00:58 GMT — Chris Shiflett’s Blog

Recently, I realized that despite talking about Karl Fogel's book - "Producing Open Source Software" - numerous times over the past year[1][2][3], I've never written a review of it. So without further ado, here we go.

I originally picked up my copy in mid-2007. It took me a couple months to get to it, but once I did, it rocked my professional world. To be clear, Karl Fogel is an early (founding?) member of the Subversion Version Control System.

Karl starts off talking about the beginning an Open Source project and the things - both community and technical - that are required to get things rolling. If you're participated in an even moderately active/successful open source project, none of this will be surprising, but having all of it enumerated clearly never hurts. If you go with something like SourceForge, Google Code, Launchpad, or Microsoft's CodePlex, you'll have version control, forums, some release management and bug tracking immediately. Honestly, getting the technical infrastructure setup is just plain simple.

The more important portion to me was the other "half" of the book where he discusses the team dynamics side of things.

First of all, he talks about basic Political and Social Structure of the team itself. While he lays out some general principles, the more important and valuable stuff is in his specifics. How are important decisions made? How do community members become team members? What roles and responsibilities does a team member have over a random community member?

Next, in Communications, he talks about all the day to day things we have to deal with. Difficult users, the proper tone, how to diffuse arguments, and generally how to keep things on topic are all covered. Does it all work? Nope, not all the time. But some of it definitely might work some of the time. Regardless, it's a good overview of tips and tactics interspersed with real world examples from the Subversion project.

Finally, there is detailed discussion of Managing Volunteers. This is where the vast majority of projects have problems and the reason is obvious. Very few developers - no matter how sharp they are - know how to motivate people, engage a community, and delegate tasks. Most of us confuse communications and evangelism with marketing... which realistically, I guess they are the same. Doh.

This was highlighted for me last fall at ZendCon when one person asked a panel "Do you think it's appropriate for a project to ask their users to go vote in [technical] polls?" If a project's leadership isn't supposed to engage and occasionally direct their community towards goals complementary with the project, I'm not sure what the point is.

So overall, almost every single idea struck me as both blindly obvious, incredibly powerful, and almost always missed. And the single best part about this entire book... about 90% of it applies to any project or technical community. Yes, I don't care if you're working on an Open Source project, an internal project, or a commercial shrink-wrapped application. You can use almost any idea from this book and apply it immediately.

When I started reading this book, I was active in DCPHP, working with a startup, and on the verge of leaving dotProject. This book crystallized many of my concerns and thoughts about what a community and project could and should be, so I set out to take the best ideas from the book and apply them to each of the communities that I participate in. It's been one of my primary motivators in unconference organizing and web2project and I don't hesitate to recommend this one to anyone who needs to make their project successful.

Overall, I give it a 10.

By the way, all of "Producing Open Source Software" is available under a Creative Commons license at ProducingOSS.com.

This year, I traveled in 7 countries for PHP conferences, giving a total of 12 talks. It has been a very exiting year of conferences for me. I met old and new friends, I learned a bunch of new things (not always related to PHP) and I had of course very interesting conversations about PHP 5.3, symfony, Twig, the Zend Framework, and various other topics.

In March, I went to the PHP Quebec conference. Three years ago, this was my first PHP conference, and as such it's always a very special event for me. This was also the first conference where I gave a talk about Symfony 2.

In May, I had the pleasure to go to the PHP Day in Italy. This was probably one of the most convivial conference of the year. Italian people are very friendly, and the food is always amazing.

In June, it was the first Symfony Live conference. I was one of the organizer, and also a speaker of course. This was a great success and I had a wonderful time talking with so many symfony users.

In September, I went to Japan for their 10th PHP conference. This was my first time in Japan, and I'm eager to come back someday. This was also the first time I worked with a professional translator.

In October, thanks to Zend, I went to the Zend PHP Conference in San Jose. Needless to say that this was an amazing experience. I have also kind of officially "launched" Twig at this conference, and created Pirum during a night thanks to the jetlag. This is also where I decided that Symfony 2 would only support PHP 5.3. At the end of October, I also went to the PHP Barcelona conference for the first time.

In November, after the Forum PHP conference in Paris, where I talked about PHP 5.3, my new friend, I went to the IPC conference in Karlsruhe. Two great conferences, where I always meet a lot of friends.

Thanks to all conference organizers for giving me these great opportunities.

All my slides are available in the talk section of this website, and also on Slideshare.

Here is a list of the most interesting/up-to-date talks I gave this year:

• Dependency Injection with PHP and PHP 5.3

• Symfony Components: What's in for you?

• Jouons avec PHP 5.3

• Symfony 2.0 on PHP 5.3

• Using Zend Framework and Symfony Together

• Twig, the flexible, fast, and secure template language for PHP

2009 is coming to an end, and 2010 is already almost here. I'm going to be doing a fair bit of traveling early next year as I will speak at least at these conferences:

• Dependency Injection in PHP 5.2 and 5.3: PHPBenelux conference (January 30, 2010 - Antwerp, Belgium)

• Playing with the symfony components: Symfony Live Conference (February 16, 2010 - Paris, France)

• Symfony 2 revealed: Symfony Live Conference (February 17, 2010 - Paris, France)

• PHP 5.3 in practice: PHP UK Conference (26 February, 2010, London, England)

• Symfony Components: What's in for you?: ConFoo (March 10, 2010, Montreal, Canada)

• Dependency Injection in PHP 5.2 and 5.3: ConFoo (March 10, 2010, Montreal, Canada)

See you next year at one of the PHP conference!

Now that ZendCon 2009 is over and I’m back home safely, albeit tired, in London after a whole week of giving presentations and meeting old friends and making new, I have an itch to reflect a little bit on the trip, reminisce if you like.

First I would like to mention the talks I gave at ZendCon and make my slides available, as I have been asked quite a few times so far to publish them but have no yet had much time to deal with it.
If anyone wants the originals they can contact me directly and I will be more than happy to oblige :-)

The first talk I gave was about frontend caching and how you can get the most speed out of your website by optimizing the various bits of the frontend.
This is a talk I really enjoy giving and have but a good amount of work in preparing for, and didn’t spoil it that I got a full room for that one where people were very engaging and keen on learning about the topic.
All in all it was a huge success and I got a lot of good feedback from people, both in terms of how I can tweak the presentation and people just generally interested in knowing more, both of which makes it worth it spending time on making a good presentation! :-)

Here is the slide deck for the caching talk: http://www.slideshare.net/helgith/frontend-caching-the-new-frontier

My other talk was about PEAR2 and Pyrus and what’s upcoming with both of those initiatives, this one I was asked to give at a very short notice but I’m very ecstatic how it turned out, especially given the time constraints I had on various fronts.
My crowed was small, mostly due to the fact that Elizabeth Smith was giving her famous SPL talk, but I didn’t mind as I had a very good group of people and I toned it down into a more of a personal approach where I gave each person more attention and it gave people the opportunity to more freely bring up their questions and control the flow of my talk, a very nice change of pace.

The slides are available at http://www.slideshare.net/helgith/pear2-pyrus-the-look-ahead

PEAR2 and Pyrus are definitely something for everyone to look at as soon as they can and something they will use in the future.
The future is here! Reach out and embrace it ;-)

Now with a big conference like ZendCon there are many aspects to the conference it self and how one can measure the conferences success, ranging from the speaker experience to the attendee experience all the way over to the social aspect of the conference and in between.
With ZendCon as far as I could see, most of those went over stellar! As a speaker I really enjoyed the conference and I heard very good feedback from people about the conference in general.
It didn’t hurt that Keith Casey organized a unconference for ZendCon this year and man oh man it was a success, a lot of quality talks and panels came out of it and it was to a point where some people attended more uncon sessions than actual conference sessions! Now if that is not success then I don’t know what is!

On the social side of things there were fewer conference organized social events than most other conferences that I usually attend and the open bars were a fair amount of joke, I’m sorry Zend but you get a minus point there :-/
But fear not, that’s where the whole social aspect comes in, the people around you will make it bearable and you will feel more inclined to chat with a random person just to make up for the lack of alcohol.
But as with any other PHP conference there were a couple of self organized social events in various bits of San Jose and San Francisco, where speakers and attendees likewise get up and figure out a plan to entertain them self, usually involving alcohol, and the outcome – A great social event with drinks at hand and great people to get to know and catch up with old friends.

In relation to the social portion above, among other things, I feel like I should make a special mention of Microsoft and the people they had at ZendCon this year.
Josh Holmes and Paul Treichler were the Microsoft guys that stand out head and shoulders above the rest.  Not only was it enjoyable to talk to them about the way and the world, but they were just as adapt and prepared to discuss what Microsoft were doing right and what they were doing wrong, in addition to talk about Microsofts competitors (One could say that in some cases they knew the competitors tech just as well, if not better than Microsofts, but you didn’t hear that from me! ;-)) on top of being socially capable and just fitting right into the crowed with us, be it at the bar of at the conference – This kind of diversity

Truncated by Planet PHP, read more at the original (another 4080 bytes)

I presented during the Unconference at ZendCon 2009 on Handling Database Deployments. I have posted the slides up on slideshare and you can find them embedded below:

Overall it was a great experience, I have put in a few of the examples in the slides. Slideshare did cut a few slides off so you might want to download the slides to ensure that you can view them.

This was my first Zend Conference, and I must say I had a great time there. The organization was top notch, there were plenty of good sessions, and the unconference topics proved to be very interesting.

I've also met and talked with a lot of great people. I have particularly enjoyed the talks I had with the Zend team, and with all the people I had email conversations with in the past but never had the chance to meet in person.

Beside my talk about how to use symfony within a Zend Framework project, I have also held an uncon session about Twig, and took part in a roundtable about Dependency Injection.

If you have not attended Zend Con this year, most of the presentations are now available online on both slideshare and joind.

Last but not the least, I have been invited yesterday by the San Francisco symfony user group to talk about Symfony 2, and I had a great time talking with SF symfony users.

Thanks again Zend for inviting me this year, and I hope to come back next year.

@phpconference told in a tweet: free registration for this year's inaugural IPC Unconference is open. Expect some cool sessions there! On Sunday, November 15th., all attendees will have the chance to not only to get a taste of the upcoming main conference, but to actively contribute to the conference itself.

 

See you there at Karlsruhe!

If you have an interest in dynamic language programming here are the Oracle sessions to attend. There are also unconference sessions happening - check out the OTN area for details on each day. Conference Sessions S311373 Agile Web Development: Ruby/Rails...

This blog post is not for the faint-hearted! Some people will strongly disagree with me and some others will probably want to kill me at the upcoming Zend Conference. And if starting an argument in the comments can help you feel better, please feel free to do so. If you want to have a more advanced discussion on this topic, vote for my talk at the Zend UnConference.

So, you think PHP is a templating engine? So did I... for a very long time. But recently, I changed my mind. Even if PHP can be used as a templating engine, the syntax is just plain ugly as a template language.

For several years now, I have been promoting web development best practices, and one of them is the separation of concerns. Of course, as the lead developer of symfony, all the projects we work on at Sensio are modeled after the MVC architecture. It certainly helps when we have big projects where many people need to work together. The developers work on the code (the Controllers and the Model) and the web designers work on the design. And templates are sometimes written by developers, but more often than not, they need to be written by web designers or by the webmasters themselves.

And a template language is something that helps you to write templates that respects this separation of concerns. A template language should find a good balance between giving enough features to ease implementing the presentation logic, and restricting the advanced features to avoid the business logic to cripple your templates.

So, when I asked a few days ago about the best and popular templating engines in PHP on Twitter, some people naturally answered "PHP" itself. I was not even surprised as that would probably have been my answer some weeks ago too.

Why PHP is not (anymore) a good template language?

Why do people still think PHP is a templating engine? Sure enough, PHP started its life as a template language, but it did not evolve like one in the recent years. If you think PHP is still a template language, can you give me just one recent change in the PHP language which enhanced PHP as a template language? I cannot think of one.

Template languages evolved a lot since 1995 and the initial release of PHP/FI:

<!--include /text/header.html-->
 
<!--getenv HTTP_USER_AGENT-->
<!--ifsubstr $exec_result Mozilla-->
  Hey, you are using Netscape!<p>
<!--endif-->
 
<!--sql database select * from table where user='$username'-->
<!--ifless $numentries 1-->
  Sorry, that record does not exist<p>
<!--endif exit-->
  Welcome <!--$user-->!<p>
  You have <!--$index:0--> credits left in your account.<p>
 
<!--include /text/footer.html-->
 

And as a matter of fact, PHP doesn't support many features modern template languages should have nowadays.

I will take Django as an example of a modern template language in my examples for reasons you will understand later on, and mainly because I think Django template language hits that sweet spot I talked about above.

The following sections describes the main features I want to find in a modern template language:

Concision

The PHP language is verbose. You need no less than 14 characters just to output a simple variable (and no, using the more compact <?= shortcut is not an option):

<?php echo $var ?>
 

And PHP becomes ridiculously verbose when it comes to output escaping (and yes, escaping variables coming from an unsafe source is mandatory nowadays):

<?php echo htmlspecialchars($var, ENT_QUOTES, 'UTF-8') ?>
 

Compare with the same examples written with the Django template language:

{{ var }}
 
{{ var|escape }}
 

Template oriented syntax

This one is mostly a matter of taste, but modern template language have nice idioms to express common needs. For instance, let's say you want to iterate over an array and want to display a default text when the array is empty. That's very common, but the PHP version is not very readable:

Truncated by Planet PHP, read more at the original (another 19059 bytes)