Writing good code with automated tests does pay off, even more on the long run, when major changes to your software become necessary. In this workshop, we will introduce you to Test-Driven Development as it was meant to be. You will not only understand how TDD fundamentally challenges how you have thought about software to this day, but also experience the joy of the red-green-refactor cycle. Join Sebastian and Stefan on a journey that might forever change the way you think about code. And tests, for that matter.
To improve your code base, you run an audit. Now, with so many diagnostics, the situation appears to be overwhelming. If you have a mere million lines of code, it may display thousands of errors, in various orders. And with that, the market leaves no time to reduce technical debt before the next feature: We’ll do it when pressure gets lighter, right? WRONG! Code quality starts with a daily review. Learn how to navigate in the results of code audits that actually find more issues than you want. During this workshop, we’ll check PHP classic traps, architecture errors, security vulnerabilities and logical bugs. We’ll see how to detect those bugs, how they happen, and how to prepare a fix (or not). By the end, you’ll be able to set up your own coding reference, the one that reflects your style of coding in your projects.
There is a stereotype of programmers as being antisocial and difficult, and unfortunately many of us take on this attitude as if it comes with the job – but it doesn’t have to be this way! I know it from experience, because I’ve been an angry, judgmental know-it-all, and I’m ready to tell you how I completely changed my attitude and refactored my life.
In this talk I’ll explain how anger and fear are the root causes of our aggressive behavior, how these feelings manifest as judgmental comments online, bullying in the workplace and ultimately keep the tech community toxic and stunted. I’ll show you how embracing compassion, respect, and empathy will make you a better programmer and a happier person.
Unter PHP-Entwickler*innen gilt Java bis heute als großes Monster. Man braucht Applikationsserver, die sich nicht horizontal skalieren lassen. Schon ein einfaches "Hello World" benötigt 30 Klassen. Außerdem bestehen Klassennamen grundsätzlich aus mindestens 10 Wörtern, von denen garantiert eins "Factory" oder "Adapter" ist. Und nicht zu vergessen sind natürlich die Anzüge, die jeder Java-Entwickler tragen muss. Wir wollen mit diesen Vorurteilen aufräumen und zeigen, dass moderne Java-Anwendungen sich gar nicht so stark von modernen PHP-Anwendungen unterscheiden. Wir beleuchten auch, dass Java an ein paar Stellen PHP vielleicht voraus ist, und welche Probleme es im Gegensatz zu PHP-Anwendungen gibt. Selbst wenn man danach nicht alle PHP-Anwendungen in Java neubauen möchte, kann es hilfreich sein einmal über den Tellerrand hinaus zu schauen.
Data storage and data access are subjects of this talk. CQRS is quite a simple pattern to split responsibilities when working with data, but incredibly complicated papers have been written about it! Event Sourcing can be viewed as a natural extension of CQRS, though in reality a decision for or against it is independent and comes with its own consequences. Oliver uses practical examples in this talk to demonstrate implementation and combination of both patterns.
We cannot avoid mistakes. But with the right tools, we can make sure they don’t hurt too much. Git offers many ways to undo, revert, recover and fix. We’ll look at the bad things that can happen to you – and how Git can save your neck. In this hands-on session, we’ll have a look at Git’s various "undo" features. My intention is to give developers more confidence in their day-to-day operations when working with code: "mistakes can be undone" is something I'd like the audience to keep in mind. I will both talk about the theory and show the corresponding commands/tools in practice. I’ll be using both Git on the command line and the popular GUI "Tower" to show how to deal with mistakes in real-world scenarios.
Automatisierte Tests sind wichtig für die Gesundheit, die Teams, das Employer Branding, die Mitarbeiter und einfach alle. Natürlich auch die Kunden. Gesundheit ist wichtig und nervliche Ausfälle dauern sehr lange und heilen eventuell gar nicht. Programmierer sind sich nicht bewusst, dass Kopfschmerzen und andere Warnzeichen komplette Leben zerstören können.
Das Zend Framework hat eine bewegte Geschichte hinter sich. Unter dem Mantel der Linux Foundation hat es nun eine neue Heimat gefunden und wird im Laminas Projekt weiter geführt. Laminas setzt die Arbeit fort und bündelt die eigenständigen Komponenten, das MVC Framework, Expressive und Apigility in einem neuen gemeinsamen Projekt. In diesem Vortrag erfahren Sie alles über den Wechsel von RogueWave Software zur Linux Foundation. Wir schauen, was sich ändern wird, was wegfällt und was neu sein wird. Und wir wagen auch einen Blick in die Zukunft des Frameworks.
The last ones who told me I could learn from a plush toy were my daughters. Of course, I acknowledged. Yet, it dawned on me: After ten years of life, the PHP plush has achieved so much! It went to the White House and Antarctica; it spawned forty thousand offspring and a jet-set generation of collectors; it built bridges within and outside the community. The PHP elephpant is the living symbol of the PHP community, straight from the genius of Vincent Pontier. It is a whole character, running across the world and changing colors all the time. Everybody needs elephpant love!
Security is hard. Using the same password for everything is easy.
Over the years, we've made it easier for users to do the right thing, from email-based verification to one-time passwords via email and security tokens. But nearly all these solutions require you to have your mobile phone, or security device with you. And if you're overseas, you might have additional problems.
Let's look at mechanisms for biometric authentication with web applications. There are a few out here, and this talk will help you understand the options and implementation, together with a live demo.
Biometric security? Because you rarely leave your face and voice at home!
Where do you store your credentials and secrets? In .env files or in environment variables, or even worse, in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers?
If your answer is "yes" to one or more of these questions you probably haven't heard the term "secrets management". In this talk, we will look into managing secrets in development and operations and expose the problems related to them. I will give you an overview of the current state of techniques to mitigate these problems and we'll take a brief look at how an open source tool like Hashicorp Vault can provide a solution to managing secrets in the years to come.
It is done: All developers have committed themselves to clean code and craftsmanship principles, they have signed the agile manifesto and carry colored wristbands. The software quality is improving (whatever that exactly means), pull requests are no longer the reason for fundamental discussions and thanks to pair programming, knowledge is spread more evenly. But despite green tests and happy developers, the users are still not satisfied. Why are development costs still so high and why is the velocity still so low? In addition to learning how to write software right, we must also learn to write the right software.
Do you TDD or BDD? Why not both? Come learn the “Double Loop” workflow and discover how you can use both Behavior Driven Development and Test Driven Development to write well designed, tested and documented code. Double Loop works for lone engineers, small teams or entire product departments. I’ll cover the steps you’ll take in the workflow as each role as well as tools for executing Double Loop.
Purchasing experience on the mobile web is broken! Every time you want to do payment on a mobile device you get stuck with the payment form, tapping n clicks and filling endless forms.
Imagine if you can make only one click and that ’s it - your payment is done. Yes, that is possible and you need only a few lines of code. In this talk, I will give you an introduction to new Web Payment API works and how you can improve your users’ experience with it.
When using Clean Code, what are the first steps to increase software quality in an existing project? The main themes are "Code Standard", "Code Convetionen", "Code Refactoring" and of course "Clean Code". The talk is very entertaining and it integrates the audience. The focus is on the “big win” for companies that have a regular weekly code refactoring. The target audience is web developers and decision makers.
What are the known examples of DDD mistakes. How to fix them or even avoid them to happen at the first place. What sort of benefits can be seen applying DDD to the companies with large-scale of activities. What sort of pain it causes in different teams and their agile processes when it implemented not correctly.
Everybody is talking about code quality, but not me. Who cares about clean code or design principles like SOLID? We only want to make sure everything stays the way it is because we hate change. If you follow my tips you will no longer have to change your application because it is so fragile business will not risk to break anything and therefore lose money. You will not find any developers staying for more than 6 months because your codebase feels horrible to them. So you don’t have to listen to this refactoring nonsense for long. And if the business asking you to rewrite everything from scratch you can do everything over again and again.
So you’ve finally secured your APIs. It uses JWT because everyone else does. But is it secure? JWTs are the new great thing that everyone is talking about, but you need to use them correctly. During this talk, we will see how we can use various attacks to hack into OAuth systems that use JWTs as a token mechanism. From token validation to brute forcing HS256, by seeing the attackers’ point of view the attendees will learn how to better defend themselves and make more secure servers.
The growth of internet usage in developing countries has been very uneven, with adoption focussing mainly in urban centres. But this is a trend that is rapidly changing in areas like South Asia and Africa. As billions of users get added to this ecosystem by 2020, many of them using technology for the first time, it brings with it a ton of new challenges. As the internet expands to accommodate a larger user base in Asia, huge gaps are created between what the consumers want and what engineers build as a digital solution.
This talk focuses on exploring how we can give the best performance for users from these areas by considering their usage patterns and behaviours, with a special focus on mobile performance
How can we build websites for illiterate people?
How can we improve the performance of our websites in spite of terrible infrastructure?
How can we come together to make the best digital experience we can for the people who have only started embracing the internet recently?
An organization with a primary digital product that lacks even basic data security practices is living in a Utopian world where people leave their safe open and never expect a burglar to walk in. With the advent of SaaS, companies are relying more on more on third-party services for CDNs, analytics, recommendations, loyalty, advertisements, email marketing, etc. But not so much effort is being put in ensuring what data is being shared with these third-parties. As an example: The URL is the most commonly tracked piece of information, the innocent choice to structure a URL based on page content can make it easier to learn a users’ browsing history, address, health information or more sensitive details. They contain sensitive information or can lead to a page that contains sensitive information. But just by adding a simple code snippet in our webpage, for analytics, fonts, etc is enough to leak sensitive data. This talk will focus on creating awareness among developers: How websites are leaking sensitive data with third-parties, how can we audit our apps, to detect such leaks and how we can prevent leaks of sensitive data to third-parties.
WordPress is still the most popular and powerful content management system with a massive, robust community behind it. In this talk, I’ll show you how to use WordPress as a headless CMS, and build a modern and performant front-end for it using Angular.
GDPR has brought privacy and security into the spotlight, but it’s still not obvious to developers how to make this a part of everyday development. The term "privacy by design" has been around since 1995, but is only now receiving the attention it deserves, providing a clear set of principles that can be used to embed privacy into development workflows. Modern tools are great at automation, but how can we use them to build auditable privacy into our projects in the same way that we handle documentation and testing? This talk covers a quick overview of GDPR, introduces the seven foundational principles of privacy by design with practical examples, and discusses how these principles can be used to embed privacy at the deepest levels of your applications. There are rumours that there may be a special appearance by Privacy Spiderman!
Does your application rely on autoloading? Chances are, it does – given autoloading was introduced to PHP back in Version 5. While the original global function __autoload has long been deprecated, with PHP 7.4 the whole concept of autoloading becomes superfluous! This talk will introduce you to one of the many new features of the upcoming PHP version that is likely to change pretty much everything: how to load classes and when, and how to deploy new versions to production.
Strong typing is spreading across PHP: PHP 7.4 is adding it to class properties, after it was added to arguments and return values. While typing goes against the initial choices of weak typing in PHP, it also brings more code consistency, auto-validation features and probably some strange puzzles with dependencies. Typing lends a helping hand to quality tools, makes code validation work harder and earlier, and promotes great coding pattern like nulll object. Indeed, it is a brave new tool, great for large projects and easy to use tacticallly.
In vielen React-Applikationen hat sich der Trend etabliert, die Global-State-Managementlösung (meist Redux oder MobX) zu verwenden – als Allheilmittel für alles, was auch nur im entferntesten mit State zu tun hat. Aber während der Gedanke insbesondere angesichts unzähliger Tutorials naheliegt: irgendwie fühlt es sich meist unhandlich an. Außerdem arbeiten wir damit "an React vorbei" und machen oft genug React-interne Performanceoptimierungen kaputt.
Zum Glück gibt es für viele Anwendungsfälle inzwischen bessere Lösungen, mit denen wir den Herausforderungen einer modernen React-Applikation beikommen können – am Ende bleibt ein globaler State, den man auch guten Gewissens so nennen kann.
Der Talk stellt verschiedene Arten von State in einer modernen React-Applikation vor und analysiert, welche Spielweisen besser nicht in den globalen State gehören (natürlich auch: wohin denn dann?). Beispiele, wo der globaler State weiterhin eine wichtige Rolle spielt und wie wir ihn klüger nützen können, runden den Vortrag ab.
In order to start out with machine learning, you typically would need to learn Python, TensorFlow, Jupyter Notebook, etc. But what if we could run our machine learning straight in the browser? This can be done through Tensorflow.js. In this session, you will get an introduction so that you can use it in your own projects.
Die Sirene tutet. Geordnete Reihen von einheitlich gekleideten Entwicklern strömen in die Softwarefabrik, um für weitere acht Stunden ihrer Arbeit nachzugehen. Wie immer wird sich auch am Ende dieser Schicht an der Laderampe eine planbare Menge von gleichförmigen und makellosen Computerprogrammen aufhäufen.
Freilich wissen wir heute, dass die Erstellung von Software keine Serien- oder Massenfertigung ist, denn verschiedene Versuche, Software industriell herzustellen, sind – glücklicherweise – gescheitert. Dennoch: Erinnert es nicht an Fließbandarbeit, wenn die Entwickler ihre Tickets abarbeiten? Und warum dauert das alles immer so lang? In diesem Vortrag bauen wir systematisch die typischen Barrieren in der Kommunikation zwischen Business und Entwicklern ab und öffnen den Raum für eine produktivere Zusammenarbeit mit besser planbaren Ergebnissen.
It's unusual to develop applications that have no identity requirements nowadays. Whether it's securing access to resources, synchronising data between devices, or providing a customised experience, any new project will soon need that login form.
While you might start out with a simple login form and a backend user directory, these soon grow into their own beasts, when requirements call for multi-factor authentication, or machine-to-machine authorisation functionality.
These requirements and associated maintenance costs are often at odds with the desire to focus on building new features that actually bring your users value, or fixing bugs that currently bring them pain.
In this talk, you will learn about OAuth, OpenID Connect, and JSON Web Tokens; how they work, and how they can simplify your projects. We'll also cover the ways in which you can run your identity management services and the pros and cons of each.
PHP has a reputation for being a very flexible, yet very messy programming language: Keeping the chaos at bay requires a non-trivial amount of cognitive load and technical expertise. In this talk, we will explore how quality assurance for popular open source packages has evolved in the past few years, and how we can further improve our own projects. We will cover architectural practices, naming, code design, tooling and how to avoid common pitfalls that waste everyone’s time. With this experience, we can all help the PHP ecosystem in further evolutions.
PHP's evolution in the last 10 years has been significant. A project such as the online game Grepolis has seen many changes to the technology in this time, and maintaining code quality and code coverage has been a challenge. What are some of the issues facing older projects to be successful and sustainable in the future?
Currently, the PHP project actively supports PHP 7.2 and PHP 7.3. The security support for PHP 7.1 ends in December 2019. Now is the time to prepare for this year’s PHP 7.4 and plan for next year’s PHP 8. Attendees of this presentation will learn everything they need to know about PHP 7.4 and how to keep up with PHP’s development so that they will not be surprised, at least not in a bad way, when PHP 7.4 and PHP 8 come out.
The presentation shows how software development developed from the waterfall model to DevOps to improve software quality. However this is not the end of the transition and more and more people are talking about DevSecOps.
The core of the talk is the journey of a microservice traveling along a build pipeline making the following steps to become a secure software:
You've got strange characters like "�" or "Ã¶" displayed in your application? Yes, handling non-English characters in application code, files and databases can be a challenge, to say the least. Whether that’s German umlauts, Cyrillic letters, Asian glyphs or emojis: It's always a mess in an international application. In this session, you will see why that is and how handling characters evolved in computing. You will also see how handling characters in applications and databases can be done less painfully. And don't worry when EBCDIC, BOM or ISO-8859-7 are Greek to you and your Unicode is a bit rusty: We’ll have a look at them, too.
The world of virtual reality allows us to build new 3D interactive spaces that we can fill with anything we want - like the art of the great Renaissance masters. More into Cubism? With a quick click - now the gallery is full of a completely different genre. With new AR features, we can actually build the gallery in our own space - and just as easily swap out the art - all in our browser! In this talk, we’ll walk through the steps to build a virtual ARt gallery, with web technology available today, but also take a peek at the new WebXR technology that is coming to our browsers soon!
Everybody was Git fu developing, those bugs came fast as lightning. In fact, it was a little bit frightening, but they fought with expert rebasing. There were funky developers from funky everywhere. They were merging bend up, they where merging bend down. It is a special developer art, and everybody knew their part. For my friend, ain’t your head is detached. Then I’m guiding you to a clean state. Everybody was Git Fu developing, those problems where solved fast as lightning.
Want to sing along and master your Git fu? Listen to this lecture of sensei Sebastian.
In recent years we've seen a growing awareness of privacy and security issues, particularly in the wake of seemingly endless data breaches and Edward Snowden’s revelations. After many years of inconsistent legislation, the EU’s powerful General Data Protection Regulation (GDPR) came into force in May 2018, raising privacy and data protection standards dramatically, and increasing exposure for companies both inside and outside the EU. GDPR’s effects are being felt around the world, helping users to regain control of their own data both inside and outside Europe. As part of this, privacy by design provides a primary line of defence between companies and terrible headlines. All too often legal departments have no contact with developers, and the only time the right conversations happen is when something has gone horribly wrong and it’s too late. We need to fix this – developers need to be aware of legal responsibilities because it is implementation details that matter. This talk covers security vs. privacy, what’s in GDPR, controllers and processors, data protection rights and principles, privacy by design, and more. This talk features a special appearance by Privacy Spiderman!
Operating a high-load mobile application and its backend on a daily basis while continuously adding new features and preventing everything from collapsing is a difficult job. Numerous external services and APIs, continuous refactoring and system optimization makes this process even more error-prone.
We will overview internals of a an app with 13 million users worldwide processing over a million transactions per day. We will cover fault-tolerant system design guidelines with an emphasis on multi-fault tolerant systems. Author will share robust application development best practices and go through common mistakes with detailed explanations.
Participating in conferences and learning from experts is great, but as a community, we are missing a lot when it’s the same faces every year, everywhere. We have to do our best to include everyone from a diverse background as speakers and learn from their experiences. This talk will prove you have what it takes to become a speaker yourself and will give you practical advice to start your career as a speaker. We will talk about overcoming impostor syndrome and eliminating self-doubt like “I don’t know what to talk about” and “I can’t talk in front of people”.This is a fun, inspiring talk, and by the end of it, you will discover the super-hero speaker in you, bursting already with ideas for your first talk.
Optimizing image content for every browser and device size can be difficult. Random cropping of images can lead to losing context and features (sometimes as extreme as lopping off the heads of your subjects). In this talk I will present how AI can be used to identify the important content in each image, allowing for smart cropping of images. This allows us to optimize images further than previously possible, shrinking page size and speeding up page load times.
nginx and PHP-FPM are the defacto standard when it comes to serving PHP today, rendering the good old LAMP stack superfluous. But how to tune the default settings to match your actual requirements? Preparing this powerful stack for high load situations and monitoring the performance, optimizing the PHP runtime for specific types of requests or hardening the security of your environment – there is much to consider. From low hanging fruits to crazy, this session will show configuration tips for beginners, tweaks for experts and tricks for the insane.
Are you interested in how PHP's compiler understands the programs you write and how it transforms them into bytecode for execution? Have you ever wondered how a new keyword for the PHP language can be implemented? If that is the case then this presentation is for you.
Do you have several repositories which use Docker, like us? Now they need to talk to each other on your local computer to be able to develop features which live in more than one repository. Today, I want to show you how we solved the problem. We orchestrate our Docker Dev-Env just with simple shell scripts, the support of a proxy image and some simple rules for every project. Let me show you how easy it is to build a Docker Dev-Env and how fast it will be to introduce additional projects.
What if I told you that you don't need a 100% code coverage? Compiled languages need to know about the type of every variable, return type of every method etc. before the program runs. This is why the compiler needs to make sure that the program is “correct” and will happily point out to you these kinds of mistakes in the source code, like calling an undefined method or passing a wrong number of arguments to a function. The compiler acts as a first line of defense before you are able to deploy the application into production. On the other hand, PHP is nothing like that. If you make a mistake, the program will crash when the line of code with the mistake is executed. When testing a PHP application, whether manually or automatically, developers spend a lot of their time discovering mistakes that wouldn’t even compile in other languages, leaving less time for testing actual business logic. There are several static analyzers available for PHP that substitute the role of the compiler in other languages. By finding bugs without even having to execute the code, they can save a lot of effort that'd be spent on tedious writing of boring unit tests. In this talk, I will share tips and tricks on how to structure your code to maximize benefits from using a static analyzer. You won't stop writing unit tests, but you will focus your efforts on areas where they count the most.
For a microservices architecture to be succesful it is crucial to have the right boundaries between the microservices. But where are the right boundaries? We would like to present a tool that helps us answer this question.
Domain Storytelling (www.domainstorytelling.org) means that we let our users tell us stories about their work. While listening, we record the stories using a pictographic language. The experts can immediately see if we understand their story. After very few stories, we understand the language of our users and find different areas of the domain. Each of these areas (called a subdomain) is a good candicate to become a microservice in our architecture.
In this talk we show how to find subdomains and which heuristics can help us.
When you're building successful startup, there's always lack of resources, time and ability to implement enterprise level architecture. You start with minimum valuable product, then think which features would you customers need, then fight with your competitors. However, time is going and earlier or later, you would need to come back to all your architectural technical debt, make a pause and think, how will you grow further. In this session I'd like to share our experience gained in Regiondo - startup which is currently being transformed into enterprise level company. We will talk about service oriented architecture, domain driven design and other general concepts and practice. We will think together, how to refactor your production application step by step without complete switch off / switch on. And I will tell you how we are doing this today in Regiondo
It’s difficult to work on a project nowadays that does not support Docker. Surely, it is market standard and when we have more and more Dockerfiles it becomes hard to manage all dependencies and all possible environment setting.
In this talk I’ll present how it is possible to use only one Dockerfile per project and continue creating safe, small and multi-environment images. Also, I’ll introduce the multi-stage technique and how we can use it together with docker-compose to maximize our development experience. Finally, we’ll end up with a better build time, clean images that contain just what’s really needed and control almost everything.
I separated this talk in 3 parts:
Part 1: how I use ephemeral docker in my machine to execute commands
Part 2: how I use docker to develop software in a multi-environment space
Part 3: how I build, test and deploy images using CI/CD
Die Zeiten in den Entwickler sich wegen PHP beworben haben sind lange vorbei, heute bewerben sie sich trotz PHP. Während PHP technisch besser ist als es jemals war, haben sich trotzdem Zweifel über seine zukünftige Bedeutung breit gemacht. Wir beleuchten eine Reihe aktueller und historischer Daten zur Beliebtheit von PHP und seiner Herausforderer. Wo kommen diese wechselnden Trends her und was bedeuten sie für mich als Entwickler?
PHP doesn’t have a great reputation in the wider programming community. One reason: It’s really easy to write code with type errors, and it’s pretty hard to spot them manually. When writing PHP at Vimeo, avoiding mistakes is fairly important. For the last four years, I’ve worked on a static analysis tool called Psalm that’s designed to allow PHP developers to express the same sorts of type concepts that are found in TypeScript et al., with fast and accurate type inference that finds bugs. Every time it runs, Psalm informs users about type coverage (the percentage of expressions with inferrable types). This talk will discuss why we prioritised improving type coverage across our codebase and how we’ve increased it with both automated tooling and manual updates. This talk will also outline Psalm’s type inference algorithm, and discuss the myriad benefits of a nearly type-safe codebase from a maintenance and refactoring perspective.
Software development is model building. We rebuild a part of the world as a program and improve it by doing so. A traditional approach is to reproduce the domain as accurate in every detail as possible – building the company-wide canonical domain model. But is this the actual goal of models? If we look close enough, we will see that a model is the exact oposite—a model is actually an abstraction of the reality in which only the essential parts are transferred. The inessential is left out of the model. What parts of the reality are essential or inessential is defined by the context.
A simple model is easier to understand than a complicated one. Therefore, it is a good idea to break a complex reality (i.e. domain) into multiple simple models. Exactly this effect is what the strategic design of DDD takes advantage of. Here instead of one complex company-wide model we build several small models that are easy to understand.
In this talk we look into bounded context and the other tools that are available to to divide the domain into clearly separated models.
Domain-driven design (DDD), CQRS and event sourcing: big words that obviously require an equally big tech stack to be applied – with bleeding edge frameworks, lots of tools, and a complex infrastructure to run it all. Or not? In this workshop, we will create a solid, event-sourced web application from scratch. We will not rely on any frameworks or libraries to really get to the bottom of things.
PHPStan is to PHP what the compiler is to Java. Java compiler won't let you run a program with an obvious error like accessing an undefined variable or calling a method with wrong number of arguments. But PHP is very forgiving which is why you will find out about these obvious errors when you or users of your app execute the line of code with the error. That's where PHPStan comes in - it scans your whole codebase and points out errors even in deep nested conditions. It will also tell you when some code is unreachable because a condition can never be true, and hundreds of other types of errors. In this workshop, the attendees will learn how to install, configure and run PHPStan, and also receive tips on how to write code so that PHPStan can be as powerful as possible. They will also be able to write their own PHPStan rules and extensions.