Thursday, September 18, 2008

Day 4 - FINAL KEYNOTE!!!!!

This is the final keynote.... OHNOEZ!!!!!!!!!

Even though I've ragged on it, it's been a good experience... Met a few of the people that are devoted to Zend, ZF, PHP, and those that are heavily part of the IRC Channel (#zftalk)...

So Mark de Visser just stepped on stage, to talk about the conference.
650-700 people showed up, which was an increase from last year.
25% of people came from outside of the U.S.
60 Sessions, not counting UnCons!!!!!

The PHP elephant showcased.

Showing us pictures from throughout the conference. Most of which are actually pretty funny.

Joking about how presenters are dressing up (finally).

Shoutout to PHP women! (Matt says, "WHOOO... Women!")

There's a bunch of talk about video, and how it's impacting the internet. How people share, how people dedicate sites to the types of videos being shared.

Day 4 - Session 1 - PHP, JS, AIR, et al

This is our last day at ZendCon, and you can tell the buzz has died down QUITE a bit.


PHP vs JS

  • JS is a functional language, the functions are objects.
  • Anonymous functions
  • Define functions inside functions
  • Object model is different, using the prototype model.
  • Everything in JS is an object.
  • Arrays are not associative.
  • No include/require statements
  • Event driven model/asynchronous actions.
Communicate via JSON to JS (jQuery).

Wednesday, September 17, 2008

Day 3 - Session 6 - Caching and Scaling

I'm late to this session... We opted to stop and talk with Katie w/Zend Technologies. No news there.

Ok so we walk in, and this guy's talking about caching - most of which is real obvious.

Right now he's talking about Memcached server farms.

Real quick, I'm going to interject my own thoughts on cache:
  • Do NOT cache entire objects that contain sub objects. You should cache each object independantly.
  • As objects need common sub-objects, you find that your cache is used more often.
  • It is very important to clear your cached object when it is updated. One problem I've often hit is when the DB/external (read as NON-PHP) scripts update records, it's usually met with dismay to have to clear the cache.. I'm not sure why yet, but that's pretty common.
  • This one is critical...... ONLY CACHE SOMETHING YOU'RE WILLING TO LOSE!!! As expected, something will creep up and cause issues (failures, bugs in caching schemas, etc).
So this guy's saying one important thing to consider is Failover protection. If (when) it fails, you need to have a failover protection in order to not overload your remaining servers. Dynamic allocation might be hard, but it's nice to be able to change them based on real tests.

Day 3 - Session 5 - Zend_Form

OK, You'll probably (or not) notice I skipped Session 4... I was actually present during it, but mentally it wasn't challenging or really anything worth noting.

Matthew Weier O'Phinney is giving a speech on Zend_Form, and if we're lucky Zend_Layout.

DOH! We're NOT lucky apparently.

LOL, and NO talk about Dojo.

The Problem (and the solution):
The downsides (problems):
  • A form is HTML markup, with input filtering (sanitization and validation), error reporting.
  • Even though forms can look simple, the markup isn't really all that simple.
  • You also have to do your own validation, and other logic that mucks up your code. Not to mention it's not standardized.
  • Even though ZF has validators and filter chains, it's still a lot of work.
  • Your tests are specific to the input [types].
  • Repetition of code.
The upsides (you guessed it, solutions):
  • Enter Zend_Form.
  • Completely configurable!
    • Multiple filters
    • Multiple Validators
    • Required
    • Labels
  • Pass the form right to the view, and echo the object for the entire form (say it with me, "One Line of Code").
  • Automatic errors for validation and required elements.
  • i18n is easy to localize!!!
  • Decorators!
  • Break forms into logical groups.
Base classes:
  • Forms
  • Elements
  • Display Groups
  • Sub Forms
Plugins:
  • Filters
  • Validators
  • Decorators
  • Elements; you can create custom elements (like a calendar element or something)
Zend_Form_Element:
These store and manipulate element metadata, validator chains, filter chains, and decorators.
There are tons of element types for your typical form-based input types (i.e., checkbox, captcha, select, etc).
Elements are plugins, and loaded by Zend_Form AS plugins, so you can overload their functionality.

But makes an element?
  • Metadata - stored as properties of the element, via overloading; anything that can qualify an element. Typically, it's used for rendering, such as with CSS classes or JS events, explicit IDs, or any other HTML attributes.
  • Filters - normalizing input prior to validation (such as proper casing, etc). They attach to elements using addFilter[s](), setFilters(). You can even use Zend_Form::setElementFilters() to filter all elements.
  • Validators - much like Filters, but (obviously) validate.
  • Decorators - ditto of Validators
Another cool thing about elements, is you can specify order format. The default action is to set the order based on how it's added to the form.

Zend_Form_DisplayGroup:
These are for visually grouping elements when rendering.

Zend_Form_SubForm:
This is for grouping items together LOGICALLY. Usually for validation purposes, but can also be used for display purposes if desired.

When to use them?
  • Multi-page forms are a good example of why to use them.
  • Dynamic forms as well (multiple records of the same type).

Plugins:
You can specify alternate class prefixes to load new plugins, or overload existing plugins.
Filter plugins allow you to normalize or filter input, which you create your own kinds of. Many already exist for Alpha, digits, StripTags, etc.
Validators as well are nice in the plugin section so that you can make sure the user input meets your input criteria, such as EmailAddress, StringLength, etc.

Decorators:
These are difficult to understand, but can be very powerful.
Each decorator decorates the content passed to it, and iteravely you get your finalized output.
Each decorator also has awareness of the element/form/etc. When building a decorator, you can pull pertinent info and de specific things you want.
  • Callback - delegate to a specified [sic] valid PHP callback
  • Description - render from getDescription()
  • Errors - render from getMessages
  • Fieldset - puts in a legend if necessary, and wraps in a fieldset
  • FormElements - Iterate through elements, groups and subforms
  • Form - wrap into an HTML form
  • HtmlTag - wraps in specified HTML tag (default
    )
  • Label - render from getLabel() (default
    )
  • ViewHelper - render using a view helper
  • ViewScript - render using a view script
-- Italicized decorators are default for elements.

Form validation:
  • isValid() = validate entire form (except optional fields which can be empty)
  • isValidPartial() - validate fields submitted
  • getErrors() - return fields with errors
  • getMessages() - return error messages

Personal Thoughts:
A lot of these elements work almost identical, considering they're all plugins to Zend_Form.
Good talk.. good talk...

Day 3 - Session 3 - Ajaxy Sites

So this is actually a keynote session, and it's not really dedicated to "AJAX" per-say.

In reality, this discussion is mostly about different technologies (Fluid, Google Gears, etc) that will allow you to tie into the OS for features (growls, badge updates [mac], etc) as well as being able to do background threaded JavaScript (which Chrome has embedded Gears, so the browser is starting to pick up this instead of using plugins).

It also discussed how HTML5 will be changing ways we start looking at application design, particularly in regards to the Canvas element, and how you can dynamically draw on the retained objects to do things like video games, quick response applications, etc, at extremely fast frame rates.

I can't even begin to touch all the topics (disregar the fact that we were about 30 minutes late to the session) that the speaker was discussing, but I have to say this was one of the more technical and advanced ideologies of the ZendCon I've seen thus far. It definitely worries me about my age-old saying of how "anyone that can type thinks they can develop" in that it means we're going to see way more advanced applications come out. Doesn't sound like a bad thing right? Well, not entirely, but I think what we'll be seeing is a lot of apps start showing up that would normally be simple to do in a desktop environment being attempted in these new technologies, which will in turn eat up your PC because these crap-devs don't know what they're doing. It definitely looks like these technologies are becoming more advanced, but not necesarially making development any easier. With the advent and injection of threading being a popular topic, and newer ideas coming about all the time, I think it will be interesting to see how the IT industry (particularly the development industry) will shape, and what it means for us current developers.

-Spaz

Day 3 - Session 2 - Zend_Layout

This is what's called an UnCon, which isn't an official topic for the ZendCon.

I've attended a few of these, and haven't blogged about them, but from my experience here at ZendCon 08, these are generally more technical, and really discuss what I was looking to hear. The level of complexity at these are more advanced and more to my level rather than a lightweight discussion around implementing solutions.

We're still waiting for the talk to start, but there are technical issues (which seems to be a reoccurring theme today).

Slides: http://www.speedyshare.com/424358692.html

What are layouts?
  • Consistent, independent, and common components of HTML/etc output.

The problem:
  • Generally you used something like Smarty, or some [sic] other hackish implementation.
  • Always include header/footer/et al on each page.
  • Changing the structure for a particular page caused a lot of issues for sub-pages.
  • Attempts w/ZF were trying things like pre/postDispatch events.
The solution is the 2-step-view pattern via Zend_Layout!
Gives total control of view; turn off, change view, partials, etc.

Partials will allow you to modularize your views, and can be reused everywhere.

Use the View methods to capture title, scripts, style information for your Layouts.

---

Summary:
This was a pretty simple discussion, albeit presented extremely solidly.... I give it 2 thumbs up compared to the rest of the sessions I've attended this ZendCon.

Day 3 - Session 1 - Pick your Service

I'm feeling a bit under the weather today, so my Blog-fu might be a little weak today.


Starting off today, we're discussing Web Services, and how exactly they fit into your application.

Quick note, this speaker is horrible, and goes a million miles an hour without explaining anything, often going over 4-5 FULL slides within a matter of seconds. Sorry for the lack of in-depth descriptions and/or a stream of conciousness.

What is a web service?
  • Automate communications between systems by removing the human element as much as possible.
  • Exchange information that different systems need yet don't share the same platform.
HTTP Auth:
  • Extension of the HTTP protocol used for ident auth (RFC 2617)
  • Zend_Auth_Adapter_Http - Supports Basic and Digest.
Common Server Components:
  • Zend_Server_Interface "enforces" the use of the SoapServer API on server classes.
  • Zend_Server_Reflection extends the PHP5 Reflection API to add features used in introspection for gather/delivering API metadata to clients.
  • Zend_Server_Abstract is likely to be deprecated.
Operations:
  • POST generally used for Create, Update, Delete
  • GET generally for Read.
--- I'm sorry, this guy moves too fast and mumbles, and I honestly don't have the capacity to keep up with him (as seemingly no one around me does either as they're all going "robble robble robble"). Sorry folks

Tuesday, September 16, 2008

Day 2 - Session 6 - Case Study for HarrisData

So this is extremely far from a technical discussion, but important in our industry none-the-less... It's often we only look at architecture, proper ways of developing, and of course, patterns. We normally forget the entire user experience, and sales aspect, and this is a tribute to that in the form of a case study.

Talking about customer retention, and how it's very important to show added value for upgrades, as well as a comfort level of upgrading with minimal effort.

It's also important internally to figure out what caused the upgrade to take place to begin with. This also helps with sales.

Why HarrisData chose PHP:
  • Obligitory PHP answers (price, ease of use, etc).
  • Can do procedural (for legacy developers), or OOP. Java would have destroyed setups and developer ramp-ups.
  • Professional IDE improving productivity and quality
  • Market acceptance (many people already using PHP and understand it).
  • Ideal application arch (server-centric vs desktop, reliable, secure, flexible)

Day 2 - Session 5 - Secure Application Life Cycle

Secure apps are apps that do what they're supposed to do, ALL the time.

Application information must be available, have integrity, and confidential.

Where do you implement security?
Most people consider security only on the external interfaces. This is a fallacy.
You should be implementing security/sanity checks throughout your entire application to avoid issues throughout your app.

Who is a threat?
  • Script Kiddies
  • Hackers
  • Crackers
  • Unconscious users (no, not knocked out, but rather they don't know what they're doing)
  • Your own framework (modules talking to modules).
  • Physical environment.
Approach to solve issues:
  • Take the entire SDLC, and create specialized security methods for each portion.
  • Securing your application is NEVER done. Each release is an iteration of security, and must be revisited on each release.
Requirements:
Functional and non-functional requirements both input to the application, but security needs to be considered a functional requirement. Generally these fall under the System requirements.

Test plans:
  • Training
  • Awareness
  • Outside-the-box thinking
  • Codified security test plans
  • Use tools
  • Review application w/programmers
  • Reporting and analysis
  • End goal: clean bill of health
Look fors:
  • Remote code execution
  • XSS
  • SQL Injection
  • PHP Configuration
  • File system attacks

Best Practices:
  • Whilelisting vs. blacklisting
  • filter input, escape output
  • Keep errors to yourself (ie, invalid password, 3rd letter correct.. right...)

Day 2 - Session 4 - Scalability via Zend Platform

So far we've briefly discussed the purpose of scalability, and what it means to be scalable.

Root-cause analysis:
When an event is captured, it's context is also saved. If a POST was made, and it threw the error event, then it would capture that POST data in order to provide contextual information to isolate the problem.
This also integrates with Zend Studio, so you can debug/profile immediately. You can even reproduce the HTTP request that triggers the problem.

Examples:
Showing an example of division by 0, and how the event is displayed in the Platform. You get tons of nice information such as the file hit, the file the error is in, the php error, event occurrence information (ie, how many times, first and last error trigger), method parameters, and the entire stack.

Comprehensive Performance:
Performance is affected by many factors, such as:
  • Network load
  • PHP processing time
  • Server load
  • DB load
  • Logic in the application
A key takeaway among these performance methods is that Zend Platform can cache items all along the way.

Clustering:
  • 1 key issue is sharing session data across cluster nodes.
  • Shared storage becomes a bottleneck (NFS going down, DB going down).
Job Queues:
USUALLY:
  • PHP is isolated, nothing sharing for parallel execution.
  • Job's must finish before another starts
  • No asynch execution
  • Background processing requires "hacking"
NOW:
  • Jobs executed in background
  • scheduled via API or a web gui
  • elaborate scheduling rules
  • job failure handling
  • monitoring and execution stats.


Personal notes about the features which are badass:
Yeah that's my official title.
  • You can tell which server exactly the error comes from.
  • Clustering is scalable quickly and easily.
  • Caching can be set up for a lot of different things.
  • You can potentially have backup plans based on clusters.

Day 2 - Session 3 - RIA Applicaitons w/ZendFramework

Zend AMF is an OS implementation of Adobe's AMF(Action Messaging Format), which is a binary protocol that the flash player uses to store objects.

Can serialize any object in Flash to AMF.

-------
So far, most of this discussion is really obvious things, like Flex being a stateful application language.
-------

Day 2 - Session 2 - of Haystacks & Needles

Presented by Derick Rethans (dr@ez.no)
Slides at: http://derickrethans.nl/talks.php


Before searching, you must index, which requires:
  • Finding documents to index (crawl)
  • Separate the docs into indexable units (tokenizing)
  • Massage the found units (stemming)
Crawling:
  • Domain specific: file system, CMS, Google, etc.
  • Should have different fields of a document: title, description, meta-tags, body.
  • Crawling strategy must be determined based on domain.
  • Text:
    • global, whitespace (explode on space), continuous letters (like whitespace, but includes special chars)
    • Define stop-words that won't be included (the, of, and, or, etc)
    • define synonyms (ie, British vs American words)
    • normalize text (remove special chars w/regular chars)
    • Japanese/Chinese texts are difficult, and require special tools to interpret.
  • Stemming:
    • Porter stemming
    • Language dependent
    • Many algorithm's exist.
    • ex: arrival -> arrive, skies -> sky
    • Alternatively can use soundex or metaphone
  • Types of searching:
    • words, phrases, boolean: airplane, "red wine", "wine - red"
    • facetted(categorized) search: limit results by categories defined to found results, usually an iterative process. Can be "document type", et al.
  • MySQL FullText searching: use MATCH() and AGAINST(). Also has a lot of limitations.
Apache Lucene:
  • Implemented in Java
  • Powerful query types
  • Ranked searching
  • fielded searching
  • Proximity queries (search for words close to another word)
  • Zend Lucene port to PHP, but not as feature rich (although growing).
    • Keywords not tokenized or stemmed.
    • UnIndexed fields
    • Binary fields
    • Text/Tokenized Fields
    • UnStored, tokenized, but only indexed
Apache SOLR: Lucene access via a webservice.


So, this session is actually rather boring... I was expecting more theory rather than discussing the tools that are mostly used. I'm interested in Lucene, sure, but in reality I'd like to know how search engines work... Surely Google doesn't use Lucene?

Oh well, onto the next session!

- Spaz

Day 2 - Session 1

There's a beginning keynote this morning about how PHP leaders are transforming high-impact applications.... We'll soon see what exactly this means..

----

Started keynote... He's talking about how wired we have been for the past few years.

Keith Kacey (sp?) noted for organizing UnCon.

If you answer your phone, you're going to be ridiculed... That's that...

CEO Harold Goldberg walks on stage.
  • Largest ZendCon ever. Thanking everyone in the PHP community for making ZendCon possible.
  • Comparing ZendCon/PHP innovation potential to ancient technologies such as an Eel/Fish trap, honey-bee ranches, orchard sprayer, etc founded in this area in California.
  • 3 main take-aways:
    • PHP is Poised for Widespread Enterprise Adoption.
    • YOU are central to PHP's success.
    • Together, We're making History.
  • Examples:
    • Kargo Mobile Telephony replacing Java w/PHP. Did anyone doubt this happening?
    • PHP is faster, uses less resources, and allows faster roll-outs.
    • New site, all in ZendFramework, with 400% capacity, at an undisclosed amount of less hardware.
    • Tons more, all with basically the same story.
  • Top choices to use w/AJAX: PHP!
  • Estimation of 40% of PHP jobs moving to Enterprise level development.
  • More and more jobs are PHP related.
  • Declaration that Zend Certs can demand 25-35% more compensation.
  • Surpassed 8 million raw downloads of ZendFramework (from v1 to v1.6)
  • New Zend Framework Certification officially announced.
Why is PHP thriving so well?
  • ZendFramework
  • Eclipse
  • PHP Advancements
  • Support for the most well-used OS (Windows, Linux, MacOS, IBM-i)
  • Tooling:
    • phpMyAdmin
    • Eclipse
    • phpUnit
    • etc
  • Key Tech:
    • XML
    • MySql
    • Oracle
    • Flex
    • Ajax
    • Dojo
    • etc
  • PHP Applications:
    • Magento (new eCommerce site built completely in ZF)
    • SugarCRM
    • WordPress
  • NEW ZEND STUDIO FOR ECLIPSE (6.1) ANNOUNCED
  • Best Practices and reuse for PHP
  • Powerful testing
More stuff about how people are using PHP, specifically with IBM i5, and a new ZendCore for IBM i5 platform.

Adobe is helping PHP implement AMF support... YAY!!!!!

Stream Energy (my company) just got mentioned... WOOT BITCHES!

OK.. end of Keynote.... Nice way to finalize it all up...

- Spaz

Monday, September 15, 2008

Day 1 - Notes from ZendCon

For those that don't know, there's generally 3-5 sessions happening concurrently at given scheduled blocks that are not related. In laymen terms, there's other classes happening at the same time, and obviously I can only go to 1 at a time.

Today's class was "PHP Certification Crash Course," and as I stated earlier we were late, so I was only able to attend the latter half of the class.

Regardless, the topics covered were generally rather simple. I was actually amazed at how simple they were.

So here's the topics we covered during the time I was there:

OOP: Magic functions, SPL
So this was actually pretty lame. They talked a lot about the magic methods (e.g., __autoload, __call, __set/__get, __sleep, __wakeup, and so on) and exact parameter use. However the instructor (as I'll be calling him for now on) stated many times that it wasn't really necessary to know these, but he spent a lot of time talking about them.

The cool part about this section, while rather brief, was the discussion around Reflection. This clearly confused probably 80-90% of the room, you could just tell by their faces. But like I said, it was really brief. But the instructor did go over some good points. There are some helper classes for the reflection object by passing them to the static method Reflection::export.
These helper classes are as follows (and can be found here): Object, Class, Method, Property, Function, Parameter, Exception, Extension. Now I'm not entirely keen on the output of export, but the actual reflection classes seem to have some nice methods that can assist. I'll have to look at how our project at work handles the reflection for WSDL generation and see if I can tweak anything (another developer wrote that stuff and is no longer with the company).

We also talked a little bit about SPL. The key things we talked about was ArrayIterator and ArrayObject. Both of which I have a lot of experience in, and the instructor didn't
really delve into much detail about how to the magic functions are called or what they're used for. But he did at least state that they help your object act as arrays, which for the most part is true.

String Manipulation:
To me this was another no-brainer section. We talked a bit about strpos, and the dangers of doing a simple test as follows:
$url = "http://blah.com";
if (strpos($url, 'http://')) {
echo 'You have a URL';
} else {
echo 'Not a valid URL';
}
In case you can't tell what the issue is, it's that strpos will return "0" since it returns the index of the string that the needle was found in. And for those not thinking straight, 0 evaluates as false (as does NULL, "" [empty string], and of course FALSE).

Here's another funny little trick that one might see on the test. What does this evaluate to:
var_dump( ($a == $b) * strcmp($a, $b) );
Or how about this?
strcmp ($a, $b) + strcmp($b, $a);
Well, in both cases, the answer is always, without any doubt, "0".

Files, Streams, Networking:
The next session was more discussing how these 3 ideologies were combined and implemented in practically the same way.
In terms of Files, the main topic of discussion was how to differentiate what functions do what. That is to say, functions that start with "f" are for file resources (except file), and all functions with "file_" act on file names.
There was also a good little discussion on file wrappers (e.g., file://, http://, custom://) and how to build your own file wrappers to return custom data as expected from your wrapper. A good example would be to build a custom compression file wrapper for local compressed files. The downside to this, is that it's not part of SPL, and doesn't have any Interfaces to implement, so the methods need to be looked up every time. Ugh.
There was a lot about streams, in particular: contexts and meta data. To be honest, I started dozing off at this point, and don't have any good take-aways.

XSS, XSRF, and Security:
The rest of the class was a bunch of security considerations. The main take-away for this section is: All input (from outside) is (potentially) evil.
That is to say, you really should scrub the hell out of your data before storing in a session, form element, or database; and in particular, you should never just echo things out. An example is that someone can end a tag, or override a header (for PHP_SELF) and output raw html/javascript to do things you really don't want them to (like redirect, hijack data, phish, etc).
This is also true for SQL injections, and should use the database-specific escape methods and prepared statements to ensure you don't have someone insert a username of "Bobby; drop tables" (thankyou, XKCD).


Whelp! I think that's it, and a long ass post. Let me know if you have any questions, but I think most of it was really straight forward.

-Spaz

Day 1 - EoD for ZendCon

So we just got back from the ZendCon for today....

And damnit! We were too late to sign up for the PHP Cert and the ZendFramework Cert tests that were being given away for FREE today. DAMNIT!

Oh well, at least the crash course gave me an idea what to expect.
And honestly? It seems to be like I could breeze through this test without any preparation. That's not to say I will NOT prepare before my initial testing.

I'll post more on the notes and topics discussed, and some of the more interesting points behind the topics discussed during the session.

Right now, we have some scheduled drinking time

Arrived at the Hotel

So we got a package via the ZendCon registration, and we just arrived at the hotel out in Santa Clara, CA.

I haven't seen any other ZendCon-ers to know if this is a really popular spot, but at $180/night (normally $380/night) I'm not sure what to expect.

We're off to grab lunch, then head out to the actual conference... We're late as we left this morning, but I'll be jumping in on the 2nd part of the Zend Cert crash course.

Lates

-Spaz