Developing software in the Real World

PHP UK Conference 2006 in Detail

I wrote this post to the PHP West Midlands mailing list, so thought I’d put it here too:

Iain asked, so here it is! It was a one day event for £50 on the early bird thing and £75 if you ordered later. I stayed at a hotel around the corner for £35 inc breakfast. I drove down and parked at Perivale tube station and used the Underground from there. Total cost for the entire trip was about £130 including petrol, travelcardsand beer bought during the social the night before!

The pre-conference social was held at the pub that the PHP London group use for their monthly meets. I can see why they use it as it has a basement room that seats 30 or so. More importantly, it isn’t a “formulaic” pub and it served lager from the brewery! Only £1.97 a pint too. Around 20 people turned up for the social I suppose and I quite enjoyed it, even though we had the obligatory argument about templating systems. (That reminds me I must look up the memory usage stats of Smarty.)

The conference itself consisted of 5 talks:
* ezComponents by Derick Rethans
* Pico/Dependency Injection by Pawel Kozlowski
* The Template Path by Matt Zandstra
* PHP Hardening and Security by Christopher Kunz
* AJAX@localhost by Harry Fuecks

One thing that all the talks had in common was that they all overran! Every speaker seemed very optimistic on what they could cover in the time available.

ezComponents by Dereck Rethans
Derick gave an overview of the ez Components. These are a set of components that do useful stuff like DB access, email, caching etc. They are not a framework. ez are creating these components as a set of foundations for their next major ezPublish version. They are PHP 5.1+ compatible because its faster than 5.0.x and PDO is better in it. He also indicated that they are aiming for 2 year API stability. All components are unit tested and BSD licensed.

He then went through each component showing how it’s used. This was where the timing went out the window and to be honest was probably not needed. Concentrating on two or three components and going into more detail might have been more useful. Highlights for me were the console classes for helping to write command line scripts and the mail class. There was also some database classes, but I need to look at them myself to be able to form an opinion. The persistant object class required a configuration file, so definitely need to see that before commenting on how useful the ezcDB classes are.

Pico/Dependency Injection by Pawel Kozlowski
Dependency Injection is software pattern intended to lower the coupling between classes. Pico is a small library to make doing it easier. It was originally written in Java, but has been officially ported to many different languages. Pavel wrote the PHP port of Pico and certainly knew what he was talking about. Unfortunately, there were microphone problems during his talk and I’m not sure how many people actually heard him! I found it fascinating, especially as it is conceptually very simple and should make class testing and reuse easier. I’m not enough of an “object bigot” yet to know exactly why DI is much better than other options, so will need to play with some code to work it out.

The Template Path by Matt Zandstra
For me, Matt’s talk was the most disjointed and also the most unexpected. He was talking about how to pick the correct template to display for a given page based on a variety of parameters like brand, language or site section. Essentially, Yahoo! have built a system that allows their designers to take a base set of templates and “override” the generic set of templates for the specific brand or page. Although he didn’t say so, the advantage to his approach was that it was an implementation of the “Don’t Repeat Yourself” principle for templating.

This is an area that my company struggles with. The actual PHP code is getting better and better in terms of avoidance of “copy/paste-itis”, but we haven’t got a clue for templates yet. I didn’t see any specific use for Matt’s actual implementation as it was very specific to the Yahoo’s development methods and situation. The ideas however could be translated though and I can see that over the next year I might implement something that achieves the same ends.

PHP Hardening and Security by Christopher Kunz
Chris started his talk by going over the main security issues that affected the core PHP code and PEAR last year. This was interesting as it highlighted to me how obvious security bugs are when you have the benefit of hindsight! He then moved on to talk about the Hardening Patch for PHP from the Hardened-PHP project. This is an interesting patch as it prevents some classes of security bugs at the PHP level. Chris did point out that not all the features are appropriate for every installation of PHP which is why it couldn’t be in the mainline PHP code. There is also a performance hit…

This talk was a mixed bag for me personally, in that I found the discussion of the security issues in PHP much more interesting than the parts about the Hardening patch.

AJAX@localhost by Harry Fuecks
Harry’s talk was about the issues in AJAX related to the network, that no one talks about. I don’t know a lot about AJAX other than what I’ve seen on websites like Flickr. He talked mainly about latency and sync issues and gave to great demos. Harry posted links to the demos on his blog at He also talked about error checking with the JS XMLHttpRequest object. Basically you have to do all your own error stuff that you can take for granted with standard http requests.

I can see a lot of benefit with AJAX, but when (if?!) I ever get around to using it, I’ll be much more clued up for the problems that might occur and will certainly be providing non-AJAX alternatives to get the same job done!

That sums up my experience of the conference. I haven’t talked about the conversations I had during the breaks, but they were equally useful and I met some very nice and knowledgeable people and learnt stuff that I never expected.