Grown Up PHP

Hi, I'm Hamish, I'm the CTO of SilverStripe, and welcome to my talk, which has the link-bait-y title "Grown Up PHP"

I actually struggled with the title for this talk, so as we go through I'll be bringing up some of the rejected titles. Both because they're still insightful, and also because I already wrote the slides, and I'm lazy.

But basically, what I'm going to be covering is how PHP, despite it's reputation, can be used to write software that solves important problems. It's grown a lot since it's beginnings, both the language itself and the tooling ecosystem, and while the stink of foul slander still hangs on it to an extent, I think it's a legitimate choice for any size of project.

Of course, I'm a CTO of a company that amongst other things sells PHP based solutions to large clients, so I have to say that. But I believe it too.

Or

Please stop doing this:


$member = mysql_query("
   SELECT *
      FROM Users
      WHERE Email={$_GET['email']}
");

So here's a rejected title

Rasmus gave a great keynote yesterday that amongst other things described how PHP tries to "scale down" to allow non or only fractionally technical people to write websites.

You are not these people though. And even the least technical person wants to be able to not just put a website up, but keep it up, and not be replaced by spam.

So, while I'm _sure_ none of you do this, I see your secret shame - deadlines, budgets, there are plenty of reasons you're going to feel like you need to cut corners. But what I'm going to talk about is ways to avoid having to do cut corners more often - or at least make the decision to write terrible code on purpose.

There's no excuse for this though.

SilverStripe?

www.silverstripe.org

So I mentioned I'm CTO of SilverStripe. And if you missed the marketing blitz we've set up outside, or the barrage of blue t-shirts around the place, you might be thinking "What is SilverStripe?". To which I say, "thank you for asking, that's an increadibly apropro question to ask".

SilverStripe is an open source PHP-based framework for developing web applications, and a CMS built on that framework for developing content driven sites. It's a "modern" framework, MVC based and Object Oriented.

SilverStripe is also the company that does a lot of the development for that framework, and sells both bespoke development on top of that framework, and a platform and other services that support that framework.

It's based here in Wellington, although we've got an office up in Auckland, over in Australia and plans for complete world domination that _definitely_ don't involve attaching sawblades robots.

The framework and CMS are completely free - BSD licensed - and easy to set up, so if you get bored, rather than tweeting about how much I suck, why don't you pop your laptop out, get it installed and check it out. Or even raise a pull request - prize for the best one.

I haven't actually organised a prize though, so it's probably not going to be terribly good.

Or

Just use Silver Stripe

Here's another rejected title

I'd like to think I'm only here because I'm awesome, and everyone is super interested in everything I have to say. But impinging annoyingly on my ego-bubble is the fact that my employeer is a sponsor of this conference.

I don't want this to turn into an "ad disguised as a presentation" though. SilverStripe is definitely the solution for every problem you have, and any other decision is probably the wrong one. But there are plenty of people who can't make the right decision - maybe you just enjoy the pain a deliberately wrong decision makes, or maybe criminals are threatening your family. Whatever the reason for your terrible choices, it doesn't seem fair to harrass you about them for 50 minutes.

So although I'll be discussing things I've learned while I've been working at SilverStripe, and how I think SilverStripe supports the goals I'm laying out here, I'll also be discussing the competition, and things I don't think SilverStripe solves as well as it could - yet.

Hamish

That's my name

Don't wear it out

Why grow up?

Trust lets us participate in

solving important problems

Actually though, it's a photo from the NASA mission control center. They _are_ being serious and adult, but it's because they're working on something important - something that matters, with billions of dollars and lives on the line.

If you want to work on projects like this, people need to trust you. Grown up behaviour leads to well though out decisions, well though out decisions lead to trust, trust leads to the dark side - ah, I mean, being able to work on meaningful things.

And if you're not working on meaningful things - why are you doing it? Just for the money? I mean, that's a good reason, money buys you pretty things.

But the nice thing about grown up code is that it can still be fun, you can actually make more money, you can work on important projects, and you can both have and eat your cake.

So what don't I mean by grown up code?

"Serious" / "Enterprise"

Statically typed
Heavily isolated components
Pre-defined architecture
Waterfall development methodology

First off, lets take a look at big, corporate, "serious" development. Lots of people, cubical farms, well defined constraints and everyone getting apportioned small segments of code. Massively parallel development.

This sort of development isn't often done in PHP - it prefers languages that offer lots of constraint and isolation, so that problems can be broken down into very small pieces, worked on independently, and then stitched together. It needs something that provides lots of compile time guarantees to try and reduce the chance of regressions caused by this isolation.

This looks grown up because everyone is super serious, and wears a suit. This model has a very high project failure rate though, and it has a few problems.

Problem?

Boring
Slow
Can't adapt to changing requirements

Also not what I mean: stereotypical "start-up"

Cowboy / plan-less
Very rapid development cycles
Velocity above all
Sell it now / dev it later

Young people are just smarter

— Mark Zuckerberg, 2007

Or

An old man complains about the young

Maybe they are though?

More likely, they just have different internal weighting to risk
Works fine until it doesn't

What do you mean by grown up code then?

Maturity

Clear comprehension of purpose
Self-knowledge leading to appropriate decision making
Respond to environment in an appropriate manner

Being grown up isn't ignorance or fear

It's walking into the wilds with your eyes wide open

Some things to be considering

Know your risks, and your resiliency

"Serious" development completely constrains risk by preventing all change
"Start-up" development completely ignores risk
But grown-up development is know your risks, document them all, then implement sensible constrains based on trade-offs

Think about the costs of your decisions over the entire lifetime of the project

Have a plan for support and maintenance
Consider having to pick a project back up after everyone who knows anything about it has gone
Are other people relying on a specific behaviour?

Be aware of your user's requirements and experience

What's the reason they're using your site?
Nobody likes bugs, but willingness to accept them varies
How will you know if there's something going wrong?

Know your own capabilities

You can't be a subject matter expert in "everything"
Sometime, an existing inelegant solution is better than a non-existant perfect one
You're never going to be able to do all the things you'd like to do

That sounds hard

And I'm very lazy

That's OK - there are some common things you can do to help

Or

Some things you should be using

(that maybe you aren't)

Agile development methodology

Scrum
Kanban

The first thing you need to do is pick an agile methodology. And then, and this is the hard bit, actually _follow_ that methodology.

It's amazing how many shops say they're "agile" or "lean" - but if you dig into those statements often you'll find what they actually mean is "no process" or "make it up as we go along"

Remember, grown-up code is about clear comprehension of purpose leading to correct decision making. And a development methodology gives you tools for both resolving issues of clarity and purpose, and a framework for decision making.

These methodologies are the true-est form of free, as they're just ideas. And most of the time they've been invented by developers looking to be grown up without being serious. If you're already in a company that has some oppressive form of waterfall, you might be stuck, but for everyone that just has "nothing" - why?

Scrum

Develop understanding of client's requirements by working with them on stories
Iterate in short sprints to complete a set of stories
Work closely with client at the end of every sprint to discuss requirements and trade-offs

Scrum tools

JIRA
Trello
About a million others

Frameworks

SilverStripe
Symfony 2
Laravel

Frameworks - outsource your responsibility

Security
Common structures and APIs
Reusable components and seperation of concerns
Integrated testing system


$member = mysql_fetch_assoc(mysql_query("
   SELECT *
      FROM Users
      WHERE Email={$_GET['email']}
"));


$member = Member::get()
   ->filter('Email', $_GET['email'])
   ->first();


class BlogPost extends DataObject {
   static $db = array(
      'Post' => 'HTMLText'
   );
}


class BlogPost extends DataObject {
   static $db = array(
      'Post' => 'HTMLText'
      'Tags' => 'Text'
   );
}

Testing

PHPUnit
Behat
Phockito


Member:
   admin:
      FirstName: Admin
      Email: admin@silverstripe.com


class SecurityTest extends FunctionalTest {
   protected static $fixture_file
      = 'MemberTest.yml';

   public function testThatThing() {
      // Do the test
   }
}


Feature: Create a page
   As an author
   I want to create a page in the CMS
   So that I can grow my website

   @javascript
   Scenario: I can create a page from the pages section
      Given I am logged in with "ADMIN" permissions
      And I go to "/admin/pages"
      And I should see a "Add new" button in CMS Content Toolbar
      When I press the "Add new" button
      And I select the "Page" radio button
      And I press the "Create" button
      Then I should see an edit page form

Continuous integration

Travis
Teamcity
Jenkins

Continuous deployment?

Consistent and reproducible development environments

Puppet
Vagrant
Docker

Dependency management

Composer
Packagist

{
   "name": "silverstripe/cms",
   "type": "silverstripe-module",
   "description": "The SilverStripe Content Management System",
   "homepage": "http://silverstripe.org",
   "license": "BSD-3-Clause",
   "keywords": ["silverstripe", "cms"],
   "require": {
      "php": ">=5.3.2",
      "composer/installers": "*",
      "silverstripe/framework": "3.1.*"
   },
   "minimum-stability": "dev"
}

Monitoring

Greylog2

Specifications

PSR-0, etc
Internal code style documentation

Language features

Exceptions
Name spaces
Improved expressibility

What have we learned?

Everything is acceptable except ignorance
Tools tools tools
You can be grown up and still have fun

Grown Up PHP

Or

Please stop doing this:

SilverStripe?

www.silverstripe.org

Or

Just use Silver Stripe

Hamish

That's my name

Don't wear it out

Why grow up?

Trust lets us participate in

solving important problems

So what don't I mean by grown up code?

"Serious" / "Enterprise"

Problem?

Also not what I mean: stereotypical "start-up"

Or

An old man complains about the young

Maybe they are though?

What do you mean by grown up code then?

Maturity

Being grown up isn't ignorance or fear

It's walking into the wilds with your eyes wide open

Some things to be considering

Know your risks, and your resiliency

Think about the costs of your decisions over the entire lifetime of the project

Be aware of your user's requirements and experience

Know your own capabilities

That sounds hard

And I'm very lazy

Or

Some things you should be using

(that maybe you aren't)

Agile development methodology

Scrum

Scrum

Scrum tools

Frameworks

SilverStripe

Frameworks - outsource your responsibility

Testing

Continuous integration

Continuous deployment?

Consistent and reproducible development environments

Dependency management

Monitoring

Specifications

Language features

What have we learned?

The end