International PHP Conference Redux

A photograph of PHP developers on a tram in Amsterdam

As I mentioned earlier, I was unable to find any time to blog during the week of the International PHP Conference in Amsterdam. This was due to several factors including, but not limited to, the lack of high-speed Internet connectivity and the sheer fact that I was largely unprepared for my talks. Sure, I had my outlines and slides, but I didn’t quite have all the examples and screenshots on the slides. This required much of my time during the early part of the trip, and so my brain didn’t want to think in order to attempt any sort of formulation of thoughts about the conference or the trip in general.

But now I am on the airplane, high in the sky over the Atlantic and watching (only in a cursory sense, since I’m not actually listening) the Marvel movie Elektra. Thus, I have plenty of time to think about the conference and to reflect on all the meetings and introductions that occurred during the week.

My Sunday blog was an attempt to start a habit of blogging during the week, but we know how that turned out. Immediately after posting, Aaron Wormus showed up and, despite my tiredness, I decided that I was both hungry and interested in taking another look at the town. So, we set off with Tobias Schlitt, Christopher Kunz, Stefan Neufiend, and others. Unfortunately for me, all the others wanted to eat at KFC (Kentucky Fried Chicken)—apparently, they have a love for American fast food. McDonald’s was next door and, since I was so hungry, I grabbed a burger and fries; the burger was better than in America. Afterwards, we wandered around some more, found a bar, had a drink, and then headed back to the hotel, where I managed to sleep away my jetlag until 13:00 on Monday.

When I awoke on Monday afternoon, I grabbed a sandwich from the hotel restaurant and worked on my security presentation for the remainder of the afternoon. Aaron was nice enough to give me a call to say that a group would be going out to dinner, so I left with everyone else at 17:30. We managed to follow Andrei Zmievski around town for nearly two hours before finally settling on a restaurant. After dinner, I took a tram back to the hotel and worked through the night to finish up my security and frameworks talks.

After finalizing my talks, it was time for breakfast and the conference. The first talk I attended was Andrei’s unicode talk, a very informative discussion about what’s coming down the line for PHP 5.2 (or thereabouts). Next was my frameworks talk. As I set up my laptop and tried to figure out how to get the presentation to work correctly with the projector, I watched the crowd pour in, dreading giving a talk to such a large group. I don’t know whether I officially rasmussed anyone, but one thing’s for sure: it was a standing-room-only crowd – totally unexpected. This made me even more nervous, and my lack of sleep didn’t help either. On top of all this, we had no Internet connection, an irritant I found only after I was in the middle of my talk and unable to show an example. In all, I thought the frameworks talk was a flop, further emphasized by my opinionated and running mouth in answering some questions about “enterprise” and “design patterns” at the end of the talk. I suppose if it were a mailing list, I would’ve started a “religious” flame war. To top things off, my talk was the only talk (other than his own) that Zeev Suraski managed to attend; I figured it wasn’t a great first impression.

At lunch, I asked an attendee what his impressions were about the talk, and he responded by saying it was “absolutely horrible.” This did not improve my outlook for the rest of the day and served to confirm my fear that I would reveal the hack that I am and everyone would know the truth that I don’t know really what I’m talking about. Fortunately, for me, I do know what I’m talking about, but I had not planned the frameworks talk very well. My next presentation, IMHO, was dead on.

After lunch, Christian Wenz gave part one of the Web application security talk. It was excellent! He had the full attention of the audience as he fired up his Web browser and gave live examples of XSS, SQL injection attacks, and more. You could tell by the reaction that attendees were surprised at how easy the attacks were to perform. There were slight chuckles (obviously people dumbfounded and slightly shocked) and “oohs” and “ahhs.” After Christian wrapped up, we had a short break and then I launched into part two of the talk: security on the server side. By this time, my nerves had settled and I was calmer, having sat through Christian’s talk. I believe that my talk was the perfect compliment to Christian’s in that he was able to show all of the attacks, and I followed up with how these attacks could be stopped at the server level (even with bad code, though it is not my intention to promote poor programming practices in lieu of good server stopgaps). I covered mod_chroot, mod_security, Hardened PHP, and offered some tips with regard to safe_mode, open_basedir, and using include files. Finally, we wrapped up with a brief mention of the PHP Security Consortium.

A few questions were asked about virtual servers, so I will need to do a bit more research on that and add some more information to my talk. Also, someone asked about whether an .htaccess file can block a PHP script from browsing server directories. The short answer is “no” because .htaccess files only affect Web server actions from the HTTP level. Once processing is passed off to PHP, it can access other parts of the server independent from the Web server before passing control back to the Web server.

Afterwards, I had no intention of sitting in on another talk, though there were two developers, Joseph Kolin and Yuri Kutsovsky, who wished to showcase their Enterprise Applications Development Platform to me. I’m still not entirely sure what they wanted from me in presenting their framework to me (maybe I was too tired to catch on), though I did gain one great thing from them. Joseph told me his definition of an “enterprise” framework, which is: an enterprise framework allows the end-user to drop in only the business logic to make it work; they do not need to add anymore programming to the framework. While I consider this more or less an ideal than something that is actually achievable by any framework that I’ve seen, I think it serves as a good general description of what being an “enterprise” framework means. They wrapped up the presentation asking whether I thought they should release their framework under an open source license and make money by selling a service or make money by selling the framework as a proprietary product. I told them that I was not qualified to offer such consultation, but that they should decide on their own what they think is best for them and target the appropriate audience. For example, if they choose to go the proprietary route, then targeting a PHP convention where most developers are open source advocates is not generally the best move. Their framework, nevertheless, looks very interesting and is perhaps something that could be very useful to even those who aren’t developers. It almost seems that their framework matches his definition of an enterprise framework, and if it does, then it’d be a great framework.

I then left the conference center and walked back to the hotel for a two-hour nap before the speakers’ dinner at the hotel. I sat with Aaron Wormus, Stefan Neufeind, and Luke Welling and Laura Thomson for a very nice four-course meal that began with salmon and caviar and ended with some kind of pastry dessert and cinnamon and nutmeg ice cream. I returned to the lobby after dinner to download some things for my PHP-GTK talk in the morning, and then I joined Aaron and Stefan in the hotel pub for a drink. I slept well that night, rising at 6 a.m. for breakfast and to finish up my PHP-GTK talk.

After my slides for the PHP-GTK talk were finished, I attended Sebastian Bergmann’s “PHP 5: The Year After” talk. Out of his talk, object-relational mapping with Propel is what struck me as the most intriguing topic. When the plane lands, I plan to download and try it out. My PHP-GTK talk was immediately after Sebastian’s so I set up for it and gave a different delivery than I had originally planned. My original idea was just to showcase and cover applications written in PHP-GTK. However, after what I’m calling my “frameworks fiasco,” I decided to add in a short tutorial to provide added value and to show how easy it is to create a GUI application with PHP. I think this went over quite well, though Andrei, Mr. PHP-GTK himself, was in the room, as well as PHP-GTK proponent and contributor Christian Weiske, and this made me a little bit nervous, but I pulled through okay, and I think I achieved my goal, which was to promote the use of PHP-GTK to the community. I’m pretty sure that several of those in attendance left the talk with ideas of PHP-GTK applications to write, and that was the entire point.

After the presentation, Christian Weiske showed me his PHP-GTK AppWizard, which has been around for a while, but I’ve been oblivious to it or I would’ve covered it in my talk. It’s a tool for RAD PHP-GTK development using a libGlade .glade file. It will essentially build your entire GUI in PHP and connect the events appropriately. You need not spend hours of development time programming the code that draws the application; it does it for you.

At lunch, I asked Thomas Weinert to tell me about his Weaverslave IDE, which is a brilliant program. I cannot stress enough how cool the application really is, and how well he’s designed it. It’s unfortunate, though, that I can’t use it because there is no Mac version; it runs on Windows only. Nevertheless, it’s something I would actually pay money for, and I would encourage all developers to check it out (it’s not just for PHP). Perhaps in the future, someone will port it to Mac OS X (maybe I should learn Cocoa just for this reason).

The conference continued on into the afternoon with a talk about character encodings by Derick Rethans. This is one talk I almost didn’t attend, but I decided I needed to hear the discussion on unicode, and I’m glad I did. Derick gave a great definition of unicode and described a handful of character encodings and how they are organized. This actually helped me to finally grasp the idea of unicode and what it means. I’ve been stuck in my American ASCII world for so long, I didn’t even know there were other languages out there!

Finally, the third and final day of the conference rounded out with Laura Thomson’s commercial Web services for PHP talk. Most of what she covered was not unknown to me (XML-RPC, SOAP, and various Web services out there); however, there was her discussion about REST that intrigued me. I’ve heard this term tossed about recently, especially with regard to, and I kept thinking, “Oh, great! Just some other new Web services standard I need to learn eventually.” Laura cleared this up and put my mind to rest concerning REST: it’s not a standard at all, and I’ve been doing it for years. It’s just standard XML over HTTP with no official recommendation by the W3C or any other organization. The name REST comes from the phrase “REpresentational State Transfer,” and just describes the type of HTTP transaction that’s taking place.

The conference closed and many of my newfound friends departed, which I found quite saddening since I was left behind for two more nights, but there were more friends to, uh, befriend, and more fun to have just around the corner.

Wednesday night, after a relatively short but good conference, I went to an Indonesian restaurant called Djago (I think) with Derick, Andrei, Dan Scott, John Coggeshall, Steph Fox, Jeremy Johnstone, Luke Welling, Laura Thomson, and a few others (sorry for the omission of your name if you were there). We had a great meal, and afterwards, Dan, Andrei, Luke, Laura, and I decided to do a little bar hopping, while the rest of the group did their own thing. The small group was just fine with me, though. We went to about three different bars, tried out a few different beers, and then had some religious conversation with the taxi driver on the way back to the hotel, of which I can neither remember how we got on the subject, nor what the point was. Luke, Laura, and I just remained quiet, nodding our heads.

At some point during our stay at the third bar, Dan decided he wanted to discuss DB2. Discussing DB2 is not something I would recommend when you have had a few beers. Or, maybe I would recommend it, but you may find yourself waking in the morning with a terrible Madonna song (“Like a Prayer”) on a continuous loop in your head and DB2 on the brain. These two are not complimentary. For one, I think I realized for the first time that “Like a Prayer” is really about a sexual act; I’m not sure how DB2 comes into play on this, however. Nevertheless, Dan asked me why I thought Oracle is the example PHP speakers use for an enterprise database. I proceeded to explain to him that if IBM would actually market DB2, then they’d probably see more sessions given on it. Oddly enough, there’s probably some truth to this.

Another revelation we had during that night was this: with Perl, “there’s more than one way,” but with PHP, “there’s always something better” or “there’s always a better way.” I think I’ll put that on a t-shirt. PHP: There’s always a better way.

Thursday was a day of rest and relaxation for me. I slept in, missing my 8:30 wake-up call, but that didn’t matter. I took a tram into town and walked around for a bit. The day was a national holiday, so most people were off work, and there were concerts playing in the parks and near the museums, which is where I just happened to be going. I walked through a crowd and watched the band on stage play for a few minutes. It was rock music that was pretty good, and was, oddly enough, a cover of Madonna’s “Like a Prayer,” which I’ve gathered must be some cultural affliction.

I do retract my earlier statement about Amsterdam being such a dirty city. Since Sunday, the street sweepers and workers have done an excellent job of cleaning up the city, and it is an absolutely beautiful town.

I took a few hours to walk through the Van Gogh Museum, finding myself particularly drawn to his earlier works since he was aspiring to capture the plight of the local peasants. However, he soon gave up on that and started using much more color and experimenting with pointillism, which is what he seems to be most famous for. Still, I think his later paintings are impersonal and fail to capture the humanity that was evident in his earlier works; people are faceless individuals in the background. What I found to be the most interesting tidbit is that Van Gogh’s painting career really only spans some seven or eight years up until his death by suicide. Prior to painting, he had no experience with illustration of any kind and he worked other jobs.

Thursday evening, I met up with Christian Wenz. Christian and I spent a good hour or so going over a table of contents for an upcoming book that I will not yet mention the topic of until we’ve signed some contracts. I’ll just say this: the book seems very promising at this point, and I’m excited to be a part of it.

After our brief meeting, we went into town together to find De Blonde Hollander, a Dutch restaurant. On our way to the restaurant, we happened to catch sight of some guy who stripped off his clothes in the middle of the street and jumped into one of the canals for some sort of swim. The friends that were with him then proceeded to run after him and some of them also jumped into trying to retrieve him, but he kept pulling back and getting away. Then, the crowd of his friends got into a boat – almost overloading it – and tried again for a “rescue mission.” By this time, a large crowd of observers had gathered on the bridges to watch the entertainment. Apparently, the guy was drunk and Christian guessed that it could’ve been his bachelor party. The police showed up – lots of them – and set about trying to retrieve him from the canal. Whatever it was, it was absolutely hilarious.

After the “streaking” incident, we met Luke and Laura again, who had spent the day at a horse show in a nearby town. After dinner, we had some drinks at the hotel lobby, had a few more laughs, and then parted our ways.

Now, here I am on the plane ride traveling home, and I will liken this week to a summer camp for PHP nerds. I say “summer camp” because I’m left with that same feeling of some kind of “loss” that I had while growing up when a week of summer camp was over. This is not necessarily because I’ll miss the conference or the town of Amsterdam, though both were excellent. It is rather because I’ve met so many awesome people this week that I actually enjoyed spending time with, and just when it seems you’re starting to enjoy yourself, it’s time to pack up and leave those people behind.

Nevertheless, we have the Internet to keep in touch, and I can be sure to meet up again for a drink or two at future conferences. Now, if I can just find the money to go to OSCON

Still, it will be good to be home with Liz and Ashley, both of whom I missed greatly this week, and I wish I could’ve shared some of my experiences walking through town and at the Van Gogh museum with Liz. I imagine were she here, we would’ve taken a boat trip through the canals, which would’ve made for a very nice, scenic tour of the city. Well, I’ll just have to plan for that next year. With the frequent flyer miles I’ve been racking up, it shouldn’t be too hard.