Donde guardo mis ideas

Empezamos la conferencia PHP.Barcelona de este año con lleno completo. Así ha sido el 1º día.

Opening Keynote

Rasmus Lerdorf – PHP creator

Rasmus will talk about all the shiny new things in PHP 7.4 and PHP 8 we all love but the keynote will also cover important things in our careers such as motivation, burn-out and focusing on things that really matter.

https://php.barcelona/talk/760f5396-5251-47cc-a9a6-c1dee1f3b497/questions

La charla ha empezado con un breve resumen sobre donde «nació» Rasmus y como se gestó el nacimiento de PHP

• 

• 

• 

Luego a continuado con la evolución del rendimiento a lo largo de las diferentes versiones.

• 

• 

Para continuar ha mostrado diferentes herramientas para hacer profiling: https://github.com/adsr/phpspy para realizar análisis estático del código y además permite realizar gráficas de dependencias. https://github.com/phan/phan realiza un análisis del código para mostrar las compatibilidades con otras versiones de PHP. Y por último, para realizar profiling en los procesos de PHP http://pdep.lerdorf.com/

• 

• 

• 

Por último acabó mostrando nuevas cosas que llegarán en las próximas versiones de PHP

• Mejoras de rendimiento en Opcache
• FFI – foreign function interface (loading libc and exporting functions into php code)

Y cerró con una frase motivadora

WORK ON THINGS THAT MATTER (TO YOU)

Slides: http://talks.php.net/phpbcn19

From Helpers to Middleware

Marco Pivetta – @RoaveTeam, #doctrine2 team, #zendframework team.

We’ll look at a brief history of frameworks, at which practices emerged from the various communities, and which of them survived and evolved, as well as recommendations to keep pushing forward.

https://php.barcelona/talk/c25cf612-d76a-4a19-ace3-2193227a6f86/questions

Buenas prácticas:

• DI / Container
• TDD
• DDD
• ORM

Y ahora toca evolucionar hacia:

• Kill the framework -> frame-to-work
• Pushing immutability
• Values as Value Objects
• Static analysis: PHPStan, Psalm, Exakat…
• Functional programming (x.e: curring functions)
• Event sourcing

• 

• 

• 

Slides: pendiente

Microservices gone wrong

Anthony Ferrara – Engineering @ FB

Microservices are the latest architectural trend to take the PHP community by storm.
Is it a good pattern? How can you use it effectively? In this talk, we’ll explore real world experience building out a large scale application based around microservices – what worked really well, what didn’t work at all, and what we learned along the way.
Spoiler alert – we got a lot wrong.

https://php.barcelona/talk/78eb8e51-adb7-4b21-b3da-3e59a65142e5/questions

• Background
  • Frameworks (legacy): Laravel, Zend 1, Crons (+1000)
• Architecture:
  • API gateway https://tyk.io/
  • Queues: Rambbit MQ to manage Domain Events («event sourcing» si lo guardas en S3)
• Infrastructure
  • Hardware infrastructure.
  • Network Infrastructure: External ELB + HA Proxy + Mesos Cluster.
  • Logging infrastructure: https://zipkin.io/

• 

• 

Hasta este punto, explica, es todo lo que Kubernetes hace.

• Local dev experience
  • «The automated local environment tool was unreliable, difficult to use, and excruciating SLOW»
• Getting it running
  • ENV differences took a few days to sort out
  • Services were built to idealized infra behavior
  • Engineers had moved on to other services by the time infra challenges were sorted.
  • Most deployments required high levels of coordination
  • Getting a local/staging environment to a known state was exceedingly challenging
  • Lack of circuit breakers led to difficult to detect and debug cascading failures.
• Dealing with change
  • Partially due to feedback from clients
• Leassons learned
  • Service calls are unreliable
    • how often do you expect a method call to fail randmly? (1M, 1000M?
    • how about network calls?
  • How small should you build your services?
  • Don’t do microservices unless you have a dedicated tooling and automation team.
  • Big services are easier to split and stitch small services.
  • Automate everthing (spin-up, deploy, migration, backup, etc…)
  • Failure modes should be built first.

Managing complexity is vital to long-term success.

Slides: https://docs.google.com/presentation/d/1lsqDhUCI57WrY6x…..

Serverless PHP applications with Bref

Matthieu Napoli –

Let’s see if serverless lives up to this promise! We will check out AWS Lambda and Bref, an open source solution for building serverless PHP applications.

https://php.barcelona/talk/ebde04b9-7442-4cbb-8e46-5900a3cea332/questions

• Manage less
• scale more
• pay per use
• https://bref.sh/

Consejos:
– Do not use cheapest lambda services, use with at least 1024MB of CPU
– Take care with «cold starts»

Termina con una herramienta para poder realizar análisis automático de PSR y MessDetector.

Is the future serverless?
Is PHP’s future serverless?

…..

Try it and share!

https://serverless-php.news/

Knock knock, who’s there? Authenticating your single page apps using JSON Web Tokens.

Sam Bellen – Auth0

In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly. No specific previous knowledge is required, but it helps the audience has some experience with authenticating users.

https://php.barcelona/talk/dc95e4af-0296-4008-a99e-4f0f7a0f508d/questions

Existen varios tipos de «tokens»

• Access token
• Id token
• Refresh tokens

Cookies don’t like CORS

Partes de un token JWT:
– Header (fecha de expiración + algoritmo utilizado)
– Payload (datos)
– Signature (verficación de la firma)
Y dentro del payload:

• Reserved claims
• Public claims
• Private claims

DON’T PUT SENSITIVE DATA IN THE PAYLOAD!
Keep the payload small, only put in relevant data!

JOSE specification: acrónimo de JSON OBJECT SIGNING AND ENCRYPTION

Slides: https://jwt.sambego.tech/

Developing cacheable PHP applications

Thijs Feryn

In this presentation I will show you how to leverage specific mechanism to achieve a good hit rate without losing touch with some of the challenges of real-life web projects.

https://php.barcelona/talk/80127c19-d670-4263-ba56-78a67e530383/questions

• Slow websites SUCK
• Throwing servers at the problem
• Mo’ Money, Mo’ server, Mo’ Problems

Cache control:

• Cache-control header
• Conditional requests: only fetch part that has changed
  • If-None-Match
  • Etag + 304
  • Last-Modified + 304 / If-Last-Modified
  • Stale-while-revalidate
• Redis: Store & retrieve Etag
• Content composition: cache: header/nav/footer + only render «Main» section (in separate http request -> ajax)
• Placeholders
  • ESI: Edge-side includes
  • VCL: https://varnish-cache.org/docs/trunk/users-guide/vcl.html
• Composition at the view layer:
  • Change {{ include(‘footer.twig’) }} —> {{render_esi(‘footer’) }}
• Cache variation
  • Chach key based on url + Accept-Language if change.
    • Vary: Accept-Language
  • Only keep accept some cookies
• caching personalized data
  • Synthetic http
• Edgestash: https://github.com/ThijsFeryn/Edgest ashTwigBundle

• 

• 

• 

Slides: https://speakerdeck.com/thijsferyn/developing-cacheable-php-applications-php-barcelona-2019
Libro sobre Varnish -> https://info.varnish-software.com/getting-started-with-varnish-cache-oreilly-book

PHP Performance Trivia

Nikita Popov – JetBrains

This talk discusses various issues of low-level PHP performance, such as: When is it more efficient to use arrays or objects? What causes catastrophic garbage collection? Does adding type annotations make PHP faster or slower?

https://php.barcelona/talk/caf83167-eb0c-4727-805b-27ddec4e3b1f/questions

• Opcache
• Preloading
• Value Caching:
  • Composer classmap
  • APCUP <–> PHP <–>OpCache
  • (Ab)use opcache as data cache
• Opcache reset:
  • Invalidated files remain in opcache + cleared on full reset.
  • Needs to be repopulated from scratch.
  • Cache not used during reset (proccess up)
• Arrays vs Objects
• Garbage Collection

Do they make PHP slower or faster?

• Type declarations need to be checked
• Type declarations allow more optimizations
• Global Namespaces -> Cachéa la primera vez que se usa. No hace falta optimizar añadiendo \json_encode(…..);
• Specialized functions
• Sometimes FINAL class are faster with Opcache

• 

• 

Slides: https://www.slideshare.net/nikita_ppv/php-performance-trivia/nikita_ppv/php-performance-trivia

Get GOing with a new language

Kat Zień – Monzo

The goal of this talk is to give you a good idea of what Go is and how it compares with PHP. We’ll look at the language itself as well as the tooling and communities around it. Even if you’re not sold on Go by the end of it, I hope you’ll leave inspired to go out there and learn whatever language you wanted to look into next.

https://php.barcelona/talk/f498f15d-d3f0-4b93-914c-3e5f1205cdb9/questions

Slides: https://github.com/katzien/talks/blob/master/get-going-with-a-new-language/phpbarcelona-2019-11-12/slides.pdf