March 10-12, 2010
Montreal, Canada

Sessions

Top 20 My wish List
Learn about how your PHP, Ruby,.NET and Python applications can work with the Azure Cloud and SQL Services. SQL Azure allows relational queries to be made against stored data, which can either be structured or semi-structured, or even unstructured documents. SQL Azure features querying data, search, data analysis, data synchronization and reporting capabilities. This session deals with the challenge and opportunities that exist with deploying an application to the cloud.

An Xbox 360 can be won at this presentation!
La base de données parfaite n'existe pas. Chaque problème sera mieux géré soit par une base de données relationnelle, orientée colonne, XML, orientée document, clef-valeur ou encore sémantique.

Même en se limitant aux logiciels libres, il y a plus de 30 produits significatifs à considérer. Ceux-ci ne sont ni à l'abri des modes, ni de notre tendance très humaine à appliquer nos outils les plus familiers à tous les problèmes.

Malheureusement, les caractéristiques de performance des bases de données sont de moins en moins bien maîtrisées par les équipes de développement. Un effet secondaire malheureux de l'emploi des ORM et autres couches d'abstraction.

Vous désirez démêler le tout et savoir ce que des logiciels comme CouchDB, Hadoop, Voldemort, Virtuoso ou MonetDB (et 25 autres) peuvent vous offrir pour régler des problèmes concrets ? Cette conférence est pour vous !

En français, avec diapositives en anglais et questions bilingues.
There are some really good PHP-based CMS platforms out there, but despite the claims of the faithful, it's fair to say no single system is the perfect choice for every kind of website.

When no single CMS will fit your needs, then maybe it's time to integrate two systems, and get the best of both worlds. This presentation will examine an approach to using both Drupal and ImpressCMS/XOOPS to provide different content to the same website. We will examine the architectural issues, look at the code changes required, and the other bits of "glue" necessary, and discuss some different approaches to integration, depending on your requirements.

We will use this particular example to illustrate the broad issues. One great thing about open source is being able to reuse other people's code. I hope this presentation will inspire people to not be afraid of digging into other people's code, and use it to their advantage in new and exciting ways.
All web application frameworks suck, in one way or another. Some are overly complex for the task at hand, and others don't offer enough flexibility when your application steps outside of the nice & comfy confines of the ubiquitous blog tutorial. As stated by the venerable Sean Coates, the "#1 reason to avoid frameworks: you'll spend all your time working around edge cases."

Lithium, a new PHP 5.3+ RAD framework started by several CakePHP core alumnus, is designed to help you get the job done, and get out of your way. Built from the ground up by seasoned framework developers for today's web, it attempts to learn from the past by creating a cohesive set of replaceable, uniform components with intuitive interfaces, without crippling or hiding the important details from the developer. It's a stack that doesn't reinvent, and makes the developer a priority.
> Le standard SGQRI 008 arrive.
Présentation de la portée du nouveau standard du gouvernement du Québec en matière d'accessibilité numérique et du calendrier de son adoption.

> En quoi suis-je concerné?
Présentation des risques et des avantages concurrentiels

> Mes outils et mon organisation sont-ils prêts?
Au travers d'exemples concrets, évaluation des besoins en outils de gestion de contenu et des pratiques de production Web.
Acquia: une plateforme de gestion centralisée de nouvelle génération

• Présentation de la plateforme d’Acquia
• L'approche modulaire d'Acquia (Drupal)
• L'intégration des grandes distributions de logiciel libre avec Acquia : Alfresco.
• La gestion documentaire à travers un CMS
• Les avantages et les inconvénients
PHP 5.2 and PHP 5.3 introduce new powerful date and time handling functionality. This new functionality allows you to deal with many issues that arise when you are developing a web applications.

This session covers all of the new functionality that is now available. It presents ways on how to deal with timezones: converting between timezones, which timezones to use, updating the database that contains information about timezones and daylight savings time. Then I will proceed to how to deal with parsing strings containing date/time information, modifying parsed information
and formatting dates and times. I will also present time diffing and interval functionality. As last part of the session I will introduce some tips and tricks that make dealing with dates and times even easier.
We will look at CakePHP, a highly popular Model-View-Controller rapid application development framework. We'll look at a few of the basic MVC concepts that CakePHP utilizes, along with how we have extended these concepts to create reusable units of code. Next, we'll look at how we can use the Bake console to generate basic CRUD-enabled applications, starting from nothing but a database schema. Finally, we'll look at why you can actually trust CakePHP to do what you expect it to do, thanks to the extensive core unit tests, and how you can easily write application-level unit tests for your own projects.
The MapReduce framework promises to make computing of large sets of data very easy. An original approach, it offers excellent scalability across many computing nodes, and can easily be integrated with existing systems. This session will give an introduction to the basic techniques and ideas behind MapReduce, followed by hands-on examples using Apache Hadoop, a major implementation of MapReduce, including Hadoop's streaming functionality that allows users to write mapper and reducer tasks in PHP, Python or Ruby.
Regular Expressions: every developer's best friend and worst nightmare! Join Andrei Zmievski, PHP developer and author of the PHP Regex (PCRE) extension, on a journey that will take you from your first steps into the world of regular expressions to complete mastery of this most useful of tools. A must for everyone who's ever wondered what /(?=\d+)bar/ means.
Drawing on experiences of running large websites and blogs, this
session will discuss numerous tactics that you can use to keep spammers
and gamers at bay. Removing comment spam, stopping people from
artificially inflating the rank of items on voting sites, and so on will
be discussed. Some specific technologies and how to interface with them
will be mentioned, but also generic discussions of base theory, that you
can use to apply to your own website where you see fit.
It ain't right, just because others do it. Identified by reviewing the code of various well-known open source PHP applications, this session presents the most extensively used antipatterns -counterproductive design patterns- in the PHP world. You will learn what is wrong with each example, and why. We will analyze alternative solutions and discuss their advantages and disadvantages.
For many years, Apple has been shipping its OS with Ruby. But starting about two years ago, Apple started developing their own Ruby implementation on top of Objective-C runtime for performance and compatibility reasons. A developer can already write a fully native and compiled Cocoa application only using the Ruby language and the Cocoa API. But MacRuby is more than an Objective-C replacement, it allows developers to push the traditional boundaries of desktop/mobile applications & games by offering easy integration of web services, creation of p2p application, native GUI for backends web application, reuse of code and much more.

During his talk, Matt Aimonetti, MacRuby team member, will explain the state of the project, its goal and potential as well as show concrete examples of how to use this powerful new Ruby implementation.
This presentation is a grand tour of a number of new things at Microsoft: the ASP.NET MVC web application framework, the Open Source Initiative-approved MS-PL license, the Open Source Lab and the CodePlex Open Source repository. You’ll see what it’s like to develop web apps using ASP.NET MVC, the opportunities it offers both Microsoft and Open Source developers and even take a look some nifty language goodies within the C# programming language. You’ll also find out about Microsoft’s new approach to Open Source, from creating a new licence to helping Open Source developers get their applications running on Windows, as well as how many Star Trek references we can fit into a single presentation. There will be funny pictures on the big screen, and there may even be prizes!
Atmosphere is a high-level API designed to make it easier to build Comet-based Web applications that include a mix of Comet and RESTful behavior. Today writing portable Web applications that can use the power of the Comet technique is almost impossible: Tomcat, Jetty, and Grizzly/GlassFish application server all have their own set of private APIs.

Atmosphere leverages and builds on Project Jersey and the Java API for RESTful Web Services (JAX-RS). Jersey is the open resource reference implementation of JAX-RS that makes it easier to build RESTful Web services. Atmosphere and Jersey complement each other, with the goal of making it easier to build Comet-based Web applications that include a mix of Comet and RESTful behavior.

This session briefly explains what Comet is and demonstrates the power of Atmosphere by building multiple applications, starting with a simple chat, then building a REST Twitter-like application, and many more
OAuth allows users to authorize applications, mobile devices and web services to access their resources without having to expose their personal credentials to them. Using the Netflix API and the OAuth implementation provided by Mashery, I will demonstrate how OAuth works and why you might want to consider leveraging it when exposing your API to the world.
Just about anyone can write a basic SQL query for a table. Not everyone can write a *good* query though - that takes practice and knowing how to understand what the optimizer is doing with the query. Learn the basics of query optimization so you keep your application engaging the user rather then showing the progress bar as they wait on the database.
The Yahoo! Query Language provides a rich and dynamic method for obtaining and manipulating data from any source or API on the internet – with YQL the internet becomes your database. Coupling the data backend of YQL with the extensive visualization and flow techniques of JavaScript through libraries such as YUI, a developer can build powerful widget and data systems using the simplified SQL syntax that YQL is based in. The marriage of YQL and JavaScript brings a robust MVC interface to the browser.

This talk will cover the core techniques within YQL, including server-side JavaScript with native E4X support for manipulating data, key / value pair data storage and the process of creating your own YQL tables for accessing web based content. Building upon this core, design concepts such as those of a Model View Controller pattern will be introduced to display methods for taking the base data and merging that with front-end libraries to build out production level applications.
Setting up a web platform environment has never been so easy with Microsoft IIS7, WebPI and App Gallery. Find out how you can build, deploy and manage PHP web apps all within the easy-to-use IIS7 framework. See the updated modular architecture, extensions and tools that take the guess-work out of installing PHP environments on Windows. We’ll also show you what’s new in the Microsoft Web Platform, powerful development / design tools from Microsoft for building PHP applications.
"Are we there yet?" "Are we there yet?" "How 'bout now?" Ever go on a trip where someone is impatient and continues to badger those around them with questions about how quickly we're arriving? It's annoying, yet this is how most modern web applications work! Stop the insanity and learn how you can use XMPP (eXtensible Messaging and Presence Protocol), the same protocol behind Google Wave, in your applications today.
One of the key new features of .NET is the Web Programming Model with Windows Communication Foundation 3.5. The Web Programming Model enables developers to build Services using a RESTful architecture. The number of services implemented using this new architectural approach out in the wild is growing by leaps and bounds. In this session we cover the basics of REST versus SOAP/WS-*, and how to build Services using WCF 3.5 that are RESTful in nature. We also talk about adding Web feeds (RSS and/or ATOM) to our Services, which can enable easy access to enterprise data.
Current users include Facebook, LiveJournal, Flickr, Fotolog and Wikipedia.

Typical usage is for caching complete pages or components, complex database result sets and sessions. While there are many caching mechanisms that exist the simplicity of memcache makes it ideal for helping scale your applications.

Memcache is application neutral and APIs are available for most languages making it an indispensible tool. This session will cover some background on memcache and its usage in your application.
Today's high-traffic web sites must implement performance-boosting measures that reduce data processing and reduce load on the database, while increasing the speed of content delivery. One such method is the use of a cache to temporarily store whole pages, database recordsets, large objects, and sessions. While many caching mechanisms exist, memcached provides one of the fastest and easiest-to-use caching servers. Coupling memcached with the alternative PHP cache (APC) can greatly improve performance by reducing data processing time. In this talk, Ben Ramsey covers memcached and the pecl/memcached and pecl/apc extensions for PHP, exploring caching strategies, a variety of configuration options to fine-tune your caching solution, and discusses when it may be appropriate to use memcached vs. APC to cache objects or data.
In a recent PI Window on Business broadcast I talked about the differences between traditional media and the emerging world of social media in terms of having a sustainable revenue model.

Specifically, can the popularity of social media be practically monetized to the same level that traditional media such as television, print and radio had enjoyed in their past glory days (emphasis on past).

Given headlines such as “Twitter CEO: The revenue’s coming soon, but I won’t tell you how,” one cannot help but wonder if the new media moguls even know how to weave high transactional activity into gold.

If social media platforms have indeed evolved to where they are today without a tangible or proven revenue model, what does this mean in terms of ongoing sustainability? This presentation will provide critical insights into how businesses must adapt to the new reality of the social media world, including how to conveert conversational or relational marketing activities into sales.
Constellio est la première suite complète de moteur de recherche open source pour entreprises.

Le nouveau moteur de recherche de Doculibre Inc. est le résultat d'une expérience de 3 ans au sein du gouvernement du Québec. Supporter plus de 400 moteurs de recherche de sites Web gouvernementaux, nous a permis d'intégrer les meilleures pratiques à notre logiciel.

Constellio est basé sur l'architecture de Google Search Appliance et Apache Solr. Il utilise les dernières technologies en matière de recherche de l'information.

Conçu pour supporter toutes les données d'une organisation (web, intranet, courriel, gestion documentaire, bases de données etc.), il permet en un seul clic de ressortir tous vos actifs informationnels.

La Régie du Cinéma du Québec a intégré Constellio pour la recherche de films sur son site.
In the last few years, REST webservices have become the standard for a number of reasons: interoperability, simplicity, effectiveness.

I will cover a best practice of consuming REST webservices in AS3:

* using a singleton as the center of the API
* identifying the requests using IDs
* doing GET and POST requests
* how to get around Flash's limitations and do PUT & DELETE requests
* basic XML manipulation using e4x
Continuous Integration with automated code analysis and test execution has seen broad adoption in recent years. The ideas behind this have changed how companies look at Build Management, Release Management, Deployment Automation, and Test Orchestration.

This session presents the best practices and available tools that provide an insight into the development progress and code quality throughout the development lifecycle of PHP-based software projects.
In this session, we will discuss how to build custom PHP extensions for Zend Engine 2.2.0 (PHP 5.2.x) and Zend Engine 2.3.0 (PHP 5.3.x) with emphasis on how to create objects, register class constants, object properties, inheritance, interface implementation, visibility etc.

The beginning part will introduce the PHP request life cycle and the anatomy of a $variable then we will proceed to the more advance stuff.

Having some background knowledge of the anatomy of a PHP request life cycle and a PHP extension can help a PHP developer in understanding certain issues that arise during installation or use of a PHP extension or even the php language itself.

The presentation will also cover why a developer may want to create a PHP extension and what performance benefits are possible from writing the code in straight C instead of vanilla PHP.

We will then move into a tutorial format were we create some simple example php extensions to illustrate the items that have been covered.
To make OOP work, objects have to interact with each other. Too many and especially needless dependencies between objects, however, make the code hard to extend, test, and maintain. We will explore the various kinds of dependencies a PHP class can have, and how we can deal with, or even better, get rid of them. You will learn how to create and wire up loosely coupled objects at runtime for maximum flexibility and resuability.
Les experts s'entendent sur le sujet. Écrire des tests unitaire est un des fondements du professionalisme pour les développeurs. Malgré que tous les outils soient en place et que la pratique soit reconnue depuis plusieurs années, très peu de développeurs qui s'y applique systématiquement. Cette session vise à expliquer comment mettre en place les tests unitaires avec PHPUnit et débuter l'amélioration de la qualité. En première partie, un survol de la pratique sera présentée, mais la session se veut majoritairement technique. Il est recommandé d'avoir un portable pour suivre les exemples.
Developers are getting more professional every day by using web design patterns to solve common problems. This session will introduce one of the less-known design patterns in the PHP world, but also one that can greatly improve the decoupling and the testability of your code: Dependency Injection. I will demonstrate how to use Dependency Injection in your projects, and I will take advantage of the PHP 5.3 new features to create a fully-featured DI container live.
This talk is about what to do when you've identified your MySQL database is slow, but you don't know where to start.

I'll be showing you the approach I use - and how I've been able to put it to use on hundreds of customer machines.
Application servers are the central part of data applications. They are responsible for mission critical activities of businesses and yet have to be cost effective. Django offers a lot of flexibility by providing rapid application development. Django-piston makes it easy to add RESTful APIs to existing Django apps. Web servers are very common and rather cheap to rent or host in house.

Once your application has a RESTful API, nothing is keeping desktop applications to access your web services. For example, using librest on the desktop, Emerillon accesses on-line databases such as Geonames. Librest simplifies accessing RESTful web services and makes parsing XML fun again.

This presentation will cover:
* Intro to RESTful APIs
* XML, Json, Yaml or Klingon?
* Using Django-piston to provide such APIs
* Example usage from desktop applications
Doctrine 2 is a complete re-implementation of the Doctrine ORM under PHP 5.3. It is successor of Doctrine 1 and a major improvement over the first version both in code quality, organization and most important performance. Doctrine 2 is the first real enterprise persistence layer to ever be available for PHP and should open many doors to allow PHP to be more easily used by the enterprise world. It is heavily influenced by the JPA version 2 and the infamous Java ORM, Hibernate.
With HTML 5/CSS3 support becoming more prevalent, more and more developers want to cast away the older browsers. There are many constraints and things to consider before ignoring potential clients/viewers.

Jake Smith will provide you with the necessary check list to determine the cost/benefit of supporting older browsers. He will help guide you on tactics to help degrade from modern browser to older browser.
Apache Camel is a mature, powerful systems integration framework based on well-known, robust enterprise integration patterns. Using Apache Camel, web developers can stitch together lightweight, tailored backends for their applications that both publish to and consume from various internal and external services using multiple data formats. This talk will give a detailed overview of the framework, run through some code examples and will also showcase a few examples of how Camel is used in real-world web applications. There will also be a brief discussion of running Apache Camel through JRuby.
Attendees will learn to troubleshoot and solve email delivery problems. These problems are not easy to spot and solve, yet terribly important for the health of an online business. This session draws on CritSend experience.

Session is in two parts:

1. Email Delivery Basics: We will discuss why service providers mark your mail as spam. What are the key metrics, the tools, and the ecosystem. We will dissect "bad" emails and stellar emails. We will discuss here what is a spam (legal and practical definition), blacklist, reputation, deliverability, best practices (what the ISPs expect from you)

2. Case Studies: Troubleshooting, monitoring, resolving and improving I will take here a real world example. I will show how to monitor the deliveries using free tools, resolve a problem and improve your deliveries so this problem does not happen again.

Timely Q&A is encouraged, and I look forward to empowering attendees with simple steps to great deliverability.
L’Entity Framework est la technologie d’ORM proposée par Microsoft depuis VS 2008 SP1. Elle offre aux développeurs un gain de productivité très important et une abstraction particulièrement appréciée dans les bonnes pratiques de conception.
Avec EF4, Microsoft a corrigé la quasi-totalité des points qui lui faisait défaut dans la V1 ce qui permet maintenant à Microsoft de le promouvoir comme LA technologie d’accès aux données.
Couplé avec T4, le gain de productivité devient vite exceptionnel.
Nous illustrerons cela à travers le développement d’une application N-Tiers.
La littérature concernant l’agilité nous parle très souvent de « Gestion de projet » Agile. Mais est-il possible d’appliquer ces principes à d’autres usages que lors d’un projet? Peut-on envisager d’appliquer ces principes pour de la maintenance d’application?

Le Kanban permet d’augmenter l’efficacité des équipes de maintenance en se basant sur les principes du Lean Software Development. Cette présentation expliquera tout d’abord ce qu’est un Kanban ainsi que certains aspects théoriques. Par la suite, il y aura un retour d'expérience sur l'utilisation du Kanban pour de la maintenance d'application chez IBM Bromont.
Flash Player 10.1 will offer Multi-Touch capabilities. I will be presenting the API (TouchEvent, Multitouch Object) and how to use it!

I will also present a homebrewed multi-touch API that allows 1 to 1 manipulation of objects on the screen covering rotation, scaling and moving of the object.

If I have time, I can show how to add inertia to this system.
Votre logiciel sera exploité… Peut-être pas tout de suite et peut-être pas avec brio… mais il sera attaqué sans aucun doute. Et que ferez-vous ce jour-là?

Cette finalité que connaissent tous les spécialistes de la gestion d’incidents, n’est malheureusement pas toujours perçue par les développeurs. Ainsi, lorsqu’un incident survient et que le processus d’investigation débute une question revient constamment : comment l’attaquant a bien pu réaliser son attaque? Et le problème avec les journaux, les traces et les preuves, nécessaire pour y répondre c’est qu’ils ne peuvent pas être inventés, ils doivent avoir été prévus, créés et conservés dès le départ, et ça, c’est le mandat des développeurs.

Dans le cas des langages interprétés, il est souvent question de vulnérabilités applicatives qui nécessite une approche différente d’investigation. Une collaboration entre la sécurité et le développement permet donc une meilleure analyse d’impact et une résolution plus rapide.
PHP has evolved from a niche language for adding dynamic functionality to small websites to a powerful tool making strong inroads into large-scale Web systems. Critical business logic like this needs to work correctly. But how do you ensure that it does? You test it, of course.

PHPUnit is the de-facto standard for unit testing PHP applications. In this session, given by PHPUnit's creator Sebastian Bergmann, the audience will learn how to write, organize, and run unit tests for/with PHPUnit using real world examples.
Google App Engine allows developers to leverage Google's cloud infrastructure (Bigtable, Memcache, XMPP, Tasks, Cron) to run their web applications. App Engine was first released for Python, then for Java. But in the past few years there has been many efforts to make scripting languages work on the Java VM, and these community efforts have made a lot of progress to allow you leverage App Engine in other languages: JRuby, Quercus PHP, Groovy.
I'll cover Appengine APIs, including recent features like XMPP and Task Queues, tools integration, limitations, how to run other JVM based languages used in the wild (JRuby, Quercus PHP, Groovy), and show cool apps that have been developed with appengine.
C'est un fait que plus de 30% des efforts de consultation SharePoint en 2008 étaient reliés à la remise en ordre d'infrastructure SharePoint pour essayer de ramener de l'ordre dans le chaos de cette implantation.

Le dénominateur commun à tous ces mandats était le manque de gouvernance appropriée pour le déploiement de cette infrastructure SharePoint.

Cette session vous présentera quelques concepts clés de gouvernance dans un contexte d'implantation SharePoint. On vous démontrera aussi comment ces concepts peuvent être matérialisés.

Qui devrait y assiter? Gestionnaires, Responsables de la gestion de l'information, Architectes, Analystes d'Affaires
AJAX has opened up the world of rich and dynamic interfaces for web applications, but it comes with a price: the increasing complexity of developing JavaScript applications that run reliably and consistently across today's web browsers. The Google Web Toolkit (GWT) offers an original and highly effective solution to this problem by providing the tools to develop and debug AJAX applications in the Java language. In this session we will discuss how Google was driven to this solution, how it fits into Google's global portfolio and especially Google App Engine; we will expose the architecture of GWT, and examine the key features that make it an efficient solution for today's web applications.
A constant pariah on web applications is scaling once you become
popular. It's not always an easy task (ok, never). This talk will go
into depth on a few of the most common techniques for making your
website scalable. So that you can leave with enough knowledge to apply
this, if needed. Or just to plan ahead so that your future projects
don't preclude taking these steps when needed.
Gearman is an application framework for distributing work to other machines and processors which are better suited for the job. It can be used in a variety of applications, from high-availability web sites to the transport of database replication events. In other words, it is the nervous system for how distributed processing communicates. With things like scalability and distributed computing becoming more and more important to today's web applications, Gearman and its PHP interface can prove quite useful to us in a variety of situations. In this talk, we'll first have a look at what distributed processing exactly means, and then looking at what Gearman actually is and does, and how it can power up your application using the Gearman PHP extension. By showing different examples and application area's, you'll get a good feeling of what Gearman is capable of and why it can be a valuable asset to your next PHP project.
Last year at Google I/O, thousands of web developers heard Google say that HTML5 was here. Well, here we are, almost one year later. Where is HTML5 now? What works, and what is still to come?

Topics I'll cover:
- canvas
- HTML5 video
- geolocation
- offline web applications
- how to detect HTML5 features via JavaScript
We're web developers. Almost all the work we do concerns making requests and sending responses over the Web. Yet, how often do we really stop to consider the Web's protocol as part of our daily work? Still, we manipulate that protocol every day, whether we know it or not. Knowing this protocol and how it works can make us better web programmers.

Hypertext Transfer Protocol (RFC 2616), or HTTP, is the protocol of the Web. In this in-depth tutorial, Ben Ramsey will address methods and status codes, success responses, error responses, redirection, content negotiation, caching, and authentication, all with an emphasis on following HTTP semantics in a RESTful fashion. Ben will also demonstrate tools for manipulating and testing HTTP, illustrate the use of the pecl/pecl_http extension for PHP, and discuss browser support for HTTP functionality.
MySQL for many years has been everyone's default choice for data storage. It's easy to install, easy to use and scales well if you put just a little bit of effort into it.

Enter 2010, and there are a lot more options for data storage. We have fulltext systems like Sphinx available, and a whole wave of NOSQL databases. So in which cases shouldn't we be using MySQL?

Igniting Viral Campaigns By Creating Relevant Conversations.

Featured Speaker: Author of the bestselling marketing book, Mommy, Where Do customers Come From? and the CEO of the award winning Internet marketing company, Single Throw.
Creating persuasive momentum in the social media space is the key to viral B2B success. Learn how B2B companies of all sizes including major brands are taking advantage of the tools, trends
and technology to cut through the noise and connect with potential customers. Blogs, viral video,podcasting, twitter, Facebook, search engines optimization, which tools are right for your
campaign?
Unlike popular belief it is not necessary to pick a single framework for a PHP project. On the contrary, it is quite easy to use more than one for your next project. The flexibility of PHP and the currently popular PHP frameworks allows an easy and close integration with eachother. During this presentation, you will get to see how to combine the best of both worlds into a single application of pure awesome by using a second framework on top of another when the first falls short.
This is a presentation on how to create intelligent web-based search applications using PHP 5 and the out-of-the-box features available in Solr 1.4.

The presentation will cover how to set up Solr 1.4 with Tomcat 6 with and without SSL.

Then I will illustrate how to set up and configure the Solr PHP extension.

After the set up, we will move to illustrating a basic configuration tailored for a simple use case such as a job search website, online music store or simple classifieds website.

After we finish we finish the illustration of adding, updating and removing data from the Solr index, we will discuss how to add features such as auto-completion, hit highlighting, faceted navigation, spelling suggestions, similar matches and a host of other features Solr 1.4 has to offer to the search application.
Your mission, should you choose to accept it, is to internationalize your web site or application into four languages, one of which is ideographic. Whether you’re using PHP 5 or 6, the challenge is formidable. How do you do this with minimal effort, best performance, and flexibility to add more languages in the future?

This session will cover several approaches to this problem, focusing on utilizing the new intl extension as well as other open source tools. Warning: some live translations may be performed for the audience!
L'ère du .NET moderne est enfin arrivée! L'époque des Helper Classes et de la complexité syntaxique reliée à utilisation des méthodes anonymes sont maintenant choses du passé. Depuis le framework 3.5, Microsoft nous ouvre les portes d'un monde plus simple et plus accessible grâce aux Lambda Expressions et aux Extension Methods. Cette session se veut une introduction à ces deux concepts avec des exemples d'utilisation simples.

When thinking of online maps, Google Maps is often mentioned as a reference. But you can't user their data in all the exiting ways you could ever imagine. Enters OpenStreetMap: community built openly licensed map data. You are virtually free to do anything with the data, short of not giving proper attribution of its origins.

With this gained freedom, you can explore and create unique maps adjusted to your needs. You can also simply reuse the default one available on OpenStreetMap.org, in some locations it is way more complete than any other maps anyway.

This presentation will cover:
* Introduction to what is OpenStreetMap
* How to contribute data
* How to use it on your web site using OpenLayers
* How to use it in your applications using libchamplain, with Emerillon for example.
Malgré une apparence de simplicité des concepts, les défis liés à l’implantation de cette architecture sont nombreux et souvent la cause d'échecs. Il ne s’agit pas seulement d’implanter quelques services Web pour retirer les bénéfices d’une architecture SOA.

Cette présentation se concentrera sur la mise en application d’une telle architecture en utilisant des technologies open source. Plusieurs bonnes pratiques seront présentées ainsi que les technologies suivantes : Jboss, JPA, EJB3, JBPM, DROOLS, SEAM, JMS, Events, JAX-WS, SOAP, Eclipse.

Cette présentation est basée sur un cas concret exploitant les concepts et les particularités de SOA. De plus, l'exemple sera bâti en utilisant des techniques agiles particulièrement le TDD. Lors de cette présentation, nous verrons des exemples d'intégration à partir de technologies allant de PHP, Java, Python, Ruby jusqu'à Flex, Typo3 jusqu'au Iphone SDK.

Le tout, en exploitant des Web Services SOAP mais aussi des «Business Processes».
This talk is about harnessing the power of functional & prototypal style JavaScript to created a resource layer for a Restful API.

It is aimed a front-end developer wishing to dig deeper into the nature of JavaScript. It also provides a way of reducing the amount of code required to create meaningful functionality.
Scaling a web application is hard! But it doesn't require as much resources as you think.

This talk will explain how to build parts of a web application using asynchronous processing. Reddit, and other high traffic websites, started moving to an asynchronous infrastructure to sustain its growth without buying more machines. Forget about threads for concurrency in your web application, event-driven I/O is the way to go for extremely high scalability, performance and stability.

I'll explain the concepts and implementation while coding an application live in Ruby using EventMachine (http://rubyeventmachine.com/).
D'abord le concept de tests d'intrusions sera défini. Ensuite, le fuzzing sera présenté en détails : définitions, méthodologies, avantages et inconvénients, etc. en mettant l'emphase sur le fuzzing dans les tests d'intrusions, et plus spécifiquement les tests d'applications Web. Dans la deuxième partie, nous ferons un survol des différentes utilisations du fuzzing dans les outils de tests d'intrusions les plus populaires et deux cas de fuzzing d'applications Web seront vus en détails. Le premier de ces deux cas concerne les REDoS (Regular Expression Denial of Service). Nous avons développé pour cette présentation un plugin de détection des REDoS qui a été inséré au code de W3AF, un scanneur de vulnérabilités d'applications Web développé par l'OWASP. Le deuxième cas détail les possibilités de fuzzing de Web Services.
Python fournit plusieurs outils pour packager ses applications,
ainsi qu'un serveur de paquets appelé "PyPI".

Après une rapide introduction aux outils de packaging les plus.
communéments utilisés et à PyPI, cette présentation montrera à travers.
une étude de cas comment :
- les développeurs peuvent créer des distributions et les diffuser
en utilisant Distutils et Distribute.
- les utilisateurs peuvent les installer avec Pip et virtualenv.

Elle s'achèvera par une synthèse des travaux en cours dans Distutils.

ToC

- Distutils, Distribute, Pip, Virtualenv (5m)
- PyPI (5mn)
- étude de cas 1/2 (15mn)
- organisation du code.
- setup.py
- extensions C
- distributions source/binaire
- register et upload vers PyPI
- etude de cas 2/2 (10mn)
- installation avec Pip
- isolation avec Virtualenv
- limitations (5mn)
- Distutils vs paquets système
- Plusieurs standards
- Pas d'index d'installation
- PEPs en cours (5mn)
- Q/A (15mn)
SQLAlchemy est un ORM très puissant pour Python. FormAlchemy est un générateur de formulaires HTML basé sur les mappings SQLAlchemy.
Enfin Pylons est un framework web MVC comparable à Ruby On Rails.

Cette présentation montrera à travers un projet réel (critsend.com) comment
ces trois outils ont permis la création rapide d'un site avec un backoffice complet.

Contenu:

* Introduction (5mn)
* présentation de SQLAlchemy (5mn)
* présentation de Formalchemy (5mn)
* présentation de Pylons (10mn)
* Le projet "critsend.com" (15mn)
* Conclusion + Questions (15mn)
Cette session technique vous permettra de découvrir les dernières nouveautés apportées par Silverlight 4 afin de bâtir vos applications RIA d'entreprise avec cette technologie Microsoft.
Is has always been expensive for organizations to communicate with all stakeholders. The world is changing: Being visible in search engines and social networks is crucial for business. We already know how to deal with search marketing, blog postings and getting new people at social networks.

Simply dealing with it is not enough: We have to anticipate an integrated strategy for online marketing with Search and Social being key components of success. This is more than stakeholder communication, it means stakeholder marketing. Integratiing all aspects of advertising, communication and other relations is really challenging, but opens thousands of new possibilities to be ahead of your competitors.

This session shows how to build such a seamless web marketing strategy for small and medium sized companies. It cares about the playful expectations of your team members and your boss, as well as the global perspective. Session includes latest research work and some case studies.
With the advent of such rich open source tools such as Subversion, Git, Trac, CruiseControl, and Review Board, managing software projects of any size has become much easier than ever. But how do you best use these tools in your organization? In this talk we'll look at how these tools can fit into any software project, helping you make your team more efficient than before.
In this session, we will talk about data formats, transformations, queries and visualisation of status updates. More specifically; RDFa, microformats, GRDDL, SPARQL and jQuery will be used to go through the process of creating, capturing and viewing the data on social status sites. The goal of this talk is to highlight the potentials of supporting open data formats and querying for data instead of searching.

One server is not always enough. This talk will go through the process of scaling websites and professionals systems to survive sudden (or planned) increase in traffic or utilization. The usual suspects will be covered (software load balancing, multi-master database, persistent caching, cloud computing, shared storage, ...) in a programming language agnostic way.

The presentation will be centered around real life cases that I've experienced through day-to-day business of Les Laboratoires Phoenix.

Presentation could be made in English or in french, as to accommodate the largest audience.
Do you want to get the most return from your development team? Do you want to make sure that every man-hour and resource spent on the project increases its value? Then you cannot miss this eye-opening session where you will learn strategies and techniques that yield an extremely high return on investment.

This session will be filled with real-world stories and scenarios to demonstrate proven ways to maximize IT ROI. You will also learn from this session methods to accurately assess the ROI value of any IT request so that you can systematically determine if implementing it would be a worthwhile use of resources.
While MySQL and PostgreSQL are the usual options for database-driven web applications, developers can now consider non-relational databases as serious alternatives.

This session will present a case study of why and how we migrated from a backend built on a mix of MySQL and SQLite to MongoDB. The session will cover the following points:
- Key differences between an SQL RDBMS and Mongo,
- What made it a better fit in our case,
- Other similar databases that were evaluated (CouchDB, Tokyo Cabinet, Amazon SimpleDB),
- Hands-on technical examples of using MongoDB from PHP5.
The advantages of agile software development methodologies have been demonstrated in recent years, but project management and organizational structures of large government institutions can prevent efficient development of mission-critical applications.

This talk will focus on:

* Inherent differences between commercial and government agile software development.

* Controlling project apathy and weariness - How to motivate clients/stakeholders.

* An analysis of internal and external quality control measures and their integration within large government structures and complex deployment strategies.

* Implementation of iterative development strategies within rigid guidelines and procedures.

* The presentation of a model development structure which attempts to conform to common government application development and maintenance structures.
Zend Framework is by far the most popular framework for PHP currently
in existence. There are, however, still many myths and biases about
the framework. Is Zend Framework really only a marketing tool? Does it
have too much overhead? Is it really that hard to contribute to Zend
Framework? These and many more questions will be answered by the two
PHP myphp-busters.

[note for organizers: This is a joint talk with Michelangelo van Dam, who also submitted some other proposals]
Are you still manually coding HTML and JavaScript? Is AJAX becoming a burden? Do you worry about cross browser compatibility issues? Is managing the client and server relationship giving you a headache? Are you concerned about injections or security issues? Let us introduce you to NOLOH. NOLOH stands for Not One Line Of HTML and will change the way you develop your PHP web sites and applications. With NOLOH you work in single development space, and NOLOH takes care of the rest. No need to write HTML, or JavaScript. No need to implement AJAX, or worry about client-server communication. No need for messy templates with complex programming logic intermixed throughout.

In this session we'll attempt to showcase several applications and cover: Creating a Basic Application, Adding Controls, Events, Multiple Events, Syntactical Sugars, Shifting & Animation, and Integrating 3rd party widgets and Scripts.
Les bases de données relationnelles, telles que MySQL ou PostgreSQL, ont été les fidèles alliées des développeurs web durant des années. Nous assistons pourtant aujourd'hui, en grande partie sous l'impulsion des grands noms du web 2.0, à un foisonnement de nouvelles technologies de bases de données, et certains vont jusqu'à dire que le modèle relationnel à vécu. Qu'en est-il réellement ?

Cette session présentera une taxonomie du monde NoSQL et de ses acteurs. Nous verrons également des exemples concrets d'utilisation, notamment de Redis, Cassandra et CouchDB, en Python, Ruby et PHP. Enfin, nous verrons comment l'utilisation de ces outils modifie la conception des applications, ainsi que leurs avantages et inconvénients.
What system administrator has not at one point in his life written custom tools to help manage the complexity of his job? At first simple scripts, such programs have evolved today to sophisticated tools, called configuration management systems, able to manage thousands of servers.

No need to pay high fees for commercial products since today's open source alternatives are mature, robust and scalable.

Several tools are available, each based on different governing principles. Puppet, for instance, proposes a custom language based on a declarative engine, whereas Bcfg2 offers an XML-driven descriptive modeling engine. Other alternatives often cited includes Chef and Cfengine.

What tools are best for your needs? This conference proposes to enlighten you on the available options on the market.
Come and learn about Plone, winner of Packt Publishing's 2009 Best Other Open Source CMS Award, used by organizations like the FBI, CIA, Discover Magazine and the Government of Ontario.

Plone is a powerful, flexible Content Management Solution that is easy to install, use and extend.

As an introduction geared towards business owners, developers and end users, this talk will leave you with a deeper understanding of how Plone is used by businesses, governments, non-profits and educational organizations around the world.

Through demonstration, case studies, and explanation, Jordan Baker will illustrate the top ten things that people love about Plone.

Topics to be covered include Python, Zope, Plone's open source community, security, integration, multi-lingual capabilities and the extensive catalog of add-ons.

You'll also learn how you can download and install Plone and start evaluating it yourself in a matter of minutes!
Having experienced some of the problems that result from successful web applications and survived sudden peaks in traffic and the stress that they can induce, Sherif Zaroubi has learned how to assess, manage and prevent some of these risks. Using a number of projects as examples, he will provide an overview of how and why optimization should be ingrained in your hardware and software architecture, how it can be measured and why your last option is to optimize your code.
By using a few simple organizational principles, developers can make their project structure predictable, extensible, and modular. These techniques make it easy to de-conflict and share code between multiple projects. They also make it easy to automate project-support tasks such as testing, documentation, and distribution. This talk will discuss these principles, how they can be discovered from researching publicly available PHP projects, and how they are used (or not used) in popular applications and frameworks.
-Presentation (authors, methodology, timeline, adoption)
-List review, short comparison with the 2007 list
-Review of each risk and attributes (attack vector, testing and preventing measures) with examples
-Integrating the Top 10 2010 into an existing SDLC
-Q&A
With such a vibrant and emerging Blending SQL and NoSQL in Ruby Applicationseconomy of new persistence options for web applications, it can be diffcult to know when and how to use them in your applications. Worse yet, you don't want to lose mountains of existing infrastructure and support for RDBMS systems in Ruby. What's a developer to do? Blend it! Learn new techniques for using multiple persistence engines in a single application.

Participants will learn about a number of available NoSQL persistence engines (including document-oriented databases such as CouchDB and MongoDB, key-value stores like Tokyo Cabinet and Redis, and more) and when they might be appropriate for a Ruby application. In addition, attendees will learn good practice techniques for blending these systems together with traditional SQL for a "best of all worlds" implementation with real-world examples.
Introduction to PHP 5.3, covering both major and not-so major but useful features and functionality PHP 5.3 brings to the table. This talk would be of particular interest to people considering migrating to PHP 5.3 or have already done so and would like to know how PHP 5.3 can further simplify their tasks.
PHP in the Enterprise - Stories, Lessons and Anecdotes from serving 50M unique visitors per day

A collection of stories, anecdotes, lessons, and take home tips from the front lines of serving 50M unique visitors a day. Key items to be touched include: PHP, memcached, Apache, Sphinx, and MySQL.
In this technical session, you will learn how to take advantage of the performance and scalability mechanisms of the Oracle PHP driver, and the Oracle database including the Database Resident Connection Pool (DRCP),
reducing roundtrips with stored procedures, scaling queries with cube-organized materialized view.

The fastest database access is no database access. This talk also shows how effective database caching strategies can be implemented using Oracle's caching mechanisms including Continuous Query Notification and middle-tier cache invalidation, client query result cache and in-memory database cache.
There has been a lot of interest in PHP performance lately spurred by
Facebook's HipHop PHP announcement in February. Most people don't know
how fast their site is and will make uninformed architecture decisions
or spend time optimizing the wrong things based mostly on myths and
innuendo. This talk will try to get you started down the path of a
systematic approach to benchmarking, profiling and optimizing your
entire web site.
An obscure but ubiquitous design pattern in PHP development is known as Funky Caching. Using real architectural examples as a lens to look at this one simple PHP design pattern, we see how we can design web architectures that are "organic, democratic, and lasting/"
PHP is now part of the normal tools at every IT department. Indeed, it must now cope with a raise in exigence and level of quality expected beyond it's famed scalability and fast development. What tools are needed to organize a large dev team and produce several hundreds of web site a year? Now is the time of industrialisation, where planning and organizing the code production must track bugs before publishing the code. We'll cover the tools and technics available to tame conception, production, publication and team work.
Pinax is an open-source platform built on the Django Web Framework that dramatically reduces the time it takes to develop Web sites. By providing common components in a high-extensible framework, Pinax rapidly increases the speed at which your websites can be developed and launched.

Pinax has been used to build everything from social networks to corporate intranets and from banking software to online games.

This talk will provide an overview of Pinax and how you can use it as the foundation for your sites.
Utilisez-vous PowerPoint afin de créer vos prototypes d’applications Web? SketchFlow, inclus dans Microsoft Expression Blend 3, est un nouveau produit permettant aux designers et aux développeurs de créer et de distribuer des prototypes riches. Lors de cette présentation, vous verrez comment utiliser SketchFlow afin de créer un prototype d’application Web, comment ajouter de l’interactivité et comment le distribuer à vos clients afin qu’ils puissent l’annoter.
Pylons is the swiss army knife of web applications in Python.

It leverages the simple yet powerful WSGI specs to give you end-to-end control over your web app. Make it an XML/JSON-RPC web service, a custom WebDAV client, an on-demand video streamer, an embedded Trac instance or a standard AJAJ app.

Python is "batteries included", with powerful libraries - and not only web-wise - for all sorts of applications, from scientific MATLAB-like data-crunching apps to video rendering and compositing, including some beautiful tools to handle databases.

All of this, in the clean, elegant, first-class object-oriented Python language.
Using syntax well: slices, tuple unpacking, for-else, for-break.
Take advantage of language dynamics: introspection, bound methods, and getattr()
Non-java python: duck-typing, abstract base classes, easier-to-ask-forgiveness, and super().
Using iteration as glue: iterator pipelines, itertools, and generators.
Higher-level python: set(), sorted(), heapq, etc.
En l'espace d'une quinzaine d'années, le Web est passé du stade artisanal au stade pré-industriel. Utilisabilité, accessibilité, conformité, performance, sécurité, contenus, référencement, services web : la qualité Web traite de tous ces aspects en les abordant de manière transversale. Il s'agit de déterminer les méthodes, les outils et les standards qui permettent de développer efficacement des services en ligne pérennes et utilisables. Au cours de cette conférence, nous verrons ce qu'est la qualité Web et la façon dont la question a été traitée jusqu'à maintenant. Nous ferons également un état des lieux des méthodes et outils actuels pour évaluer et gérer la qualité d'un site, et envisagerons les différentes perspectives pour les années à venir.
Cette conférence s'adresse à la fois à des publics techniques ou gestionnaires.
Le ImpressCMS Persistable Framework (IPF) est un framework natif à ImpressCMS 1.1 qui permet le développement facile et rapide de modules pour ImpressCMS, un système de gestion communauté sous license GPL (http://www.impresscms.org).

Avec la publication récente de ImpressCMS 1.2, de plus en plus de fonctionnalités du Core ont été améliorés pour utiliser le IPF de façon native.

Cette présentation démontrera les concepts clés du framemork : L'utilisation du module imBuilding pour créer la base d'un nouveau module en 2 minutes,les fonctionnalités les plus utilisés du IPF soient l'ajout, la suppression et la modification d'objets, l'affichage des objets dans un tableau filtrables et triables, l'exportation des objets en CSV, la gestion des permissions, des notifications et des commentaires, etc...

Comme le IPF prend en charge 80% des tâches et fonctionnalités répétitives, il permet de se concentrer sur les spécificités du module sans perdre de temps avec les tâches de bas niveau.
Unless you have been living on a different planet for the last few years, you have more than likely heard of Ruby on Rails.
You have probably heard good and bad things about it, and might even have watched some of the famous screencasts.
The thing is, you don't really know that much about Ruby and are not sure that it is worth learning yet another programming language and a new framework.
With companies like Apple, Microsoft and Sun investing in Ruby, you might be surprised by how easy the transition can be.

Matt will show you the pros and cons of using Rails. He'll go through some of the myths around the framework and explain why it might be a better fit than you would expect.
Les développeurs web disposent aujourd'hui avec Cucumber et Pyccuracy de 2 excellents outils pour leurs tests d'interface. Leur force est de permettre l'écriture des scénarios de test dans un langage naturel, par des non-developpeurs : clients, chefs de projet, responsables assurance-qualité.

Pendant cette session nous explorerons la technique du Behavior-Driven-Development (BDD) à travers l'écriture de tests d'interface avec Cucumber et Pyccuracy. Nous verrons également comment structurer son code pour assurer la robustesse de son jeu de tests, avec notamment le motif Page Object. Enfin, nous découvrirons le futur Selenium 2.0, aka WebDriver.
Certain disent que le code ne subit pas la fatigue physique que subissent les autres matériaux à l'usage. Cependant, le code vieillit mal. Plus le temps avance, plus sa maintenance est difficile et moins les développeurs osent le toucher. Les règles deviennent complexes. Les fonctionnalités se construisent par dessus des bogues. Lui redonner vie est une tâche complexe. Tout ne peut être fait et comme ses anciens projets se comptent souvent en centaine de milliers de lignes de code, simplement savoir où commencer est une tâche complexe.

Cette session présente des approches pour identifier les endroits à améliorer qui offriront le plus d'impact, ainsi que des techniques pour assurer la compatibilité et permettre une évolution plus saine dans le future.
Ajax is awesome, Rich Internet Applications are even better. Yet some problems are inherent. Back/forward browser buttons cease to work, the number of concurrent HTTP connections is limited, some technologies offer no decent error handling for HTTP requests, keeping the application code free from security vulnerabilities is harder than before, client performance is much more at risk than with traditional web applications, search engines could ignore you completely, and many more. This session will identify these and other issues and provide you with best practices to overcome these limitations or even use them to your advantage.
Cloud computing had a huge impact on the way web applications are built and deployed today. Services like Amazon EC2 and RackSpace's Cloud give us flexibility we could never have dreamed of just 5 years ago.

However, most applications deployed to the Cloud do not take advantage of this because they are architected using old methodologies that are not optimal for the cloud.

During this session, I will explain new ways architecting your application to make it faster, scalable, fault-tolerant and easy to deploy. I will also present war stories encountered at Defensio over the last couple of years.
MySQL is fairly fast for most applications, but every now and then you might come across an application that needs fast writes at a very large scale. The problem with this is that if your inserts are not ordered according to your primary key, then once you cross a limit known as the innodb_buffer_pool_size (for InnoDB tables), write performance starts to degrade because you're now hitting disk a lot. This limit is dependent on the amount of RAM you have, and that in turn is limited by how much money you can throw at the problem. At some point it makes sense to close your pocket and start thinking of a way to hack around the problem.

Faced with a similar problem, we figured out a way to hack it with MySQL 5's partitioning to scale writes to a consistently high rate.

In this talk, I'll cover all the steps we went through to get to this solution in the hopes that either the solution itself or the thought processes behind it will help others solve their own scaling problems.
Scaling can be expensive, but a few useful open source tools allows you to do so efficiently and using cheap hardware. Alternatively cloud computing services can be utilised leaving your developers with a simple API to use and no hardware to manage.

This session will look at memcache, MogileFS, gearman, nginx, lighttpd and the offerings from Amazon Web Services.
Dans ce talk, je propose de définir une méthodologie de mise en place de la sécurité applictive dans le cycle projet.

Nous passerons en revues les différents outils et méthodes disponibles de l'OWASP pour voir comment les insérer de façon "concrete" pour améliorer sa sécurité.

Les exemples se baseront sur :
- l'utilisation du Top10
- l'utilisation de l'ASVS
- l'utilisation du CLASP
- l'utilisation du Testing Guide
- l'utilisation du code review guide


Many users are search dominant, they come to your site and look for the search box. <em>That</em> is their one true way of finding content. Unfortunately, searching with most databases is expensive, and often very limited (ignoring short strings, common words, etc). Your database probably has more important problems to solve.

Sphinx (and memcached) to the rescue!

This talk will walk you through the process of getting your data into sphinx, configuring your indices, and some tips on best use. Finally, storing your data in memcached for speed and glory.

This talk is based on information gained when rolling sphinx out to a site serving over 20 million unique visitors per day.
Join Mohammad Akif, the National Security and Privacy Lead for Microsoft Canada for a discussion about the latest security threat landscape and the prevention best practices. This session will outline the biggest threats facing the Canadian IT infrastructures and PCs and will discuss different strategies of ensuring a safe computing experience. The session will also cover some of the emerging challenges in the area of security, for example, how can individuals and organizations secure themselves while taking advantage of social networking sites and assets.
While security is commonly referred to as input and output filtering and about preventing all kinds of attacks from becoming successful, there is a lot more on the non-visual side of web development.
This talk will uncover all the small details that may disrupt the users trust in you and your application. It is about all the things you may forget when developing your application and planning the environment. You will learn that even without doing anything wrong you can easily manage to do nothing right.


Security is more than filtering input and escaping output (FIEO). It's more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn't even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception can be as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I'll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I'll show some real-world examples that demonstrate the profound impact human behavior can have on security.
L'utilisation de prototypes papier dans le développement logiciel est une méthode simple et rapide de créer et valider des interfaces utilisateurs avant même d'écrire une seule ligne de code. Cet atelier permet d'établir les bases, par la théorie et la pratique, sur la conception et validation de prototypes papier et leur intégration aux itérations Scrum. Les objectifs sont alors de faire mieux connaitre les avantages de l'utilisation de prototypes papier. Découvrir quand et comment les intégrer et les valider durant le déroulement d'une itération. La simulation inclus une partie théorique, mais principalement composée d'un atelier pratique.
This presentation is a whirlwind tour of the Solar framework for PHP 5. After a short bit of background, the presentation will outline the major concepts in Solar: everything is a library, the unified constructor, unified configuration, inherited configuration and localization, unified factory and adapter systems, lazy-loading registry, and the dependency-injection system. Next is an overview of how the dynamic dispatch cycle works in Solar, and how it compares to other framework dispatch cycles. From there we will move on to the SQL system, including the MysqlReplicated adapter, and lead into the ORM system. The ORM overview will briefly cover models, collections, records, automated filters, automated form generation, and more. After discussing the authentication layer, CLI tooling, and command-line controllers, it will wrap up with a brief discussion of Solar project architecture, and a short note on Solar's performance in relation to other popular frameworks.
Dans les dernières années, le « Behaviour Driven Development » a gagné beaucoup de popularité au près de la communauté Ruby. Par contre, les outils de développement actuels tels que RSpec et Cucumber montrent certaines lacunes lorsqu’ils sont utilisés dans un contexte agile.

Nous présenterons un nouvel outil open source nommé « GreenPepper Ruby » qui vise à faciliter l’intervention du client dans le processus de développement BDD sans pour autant sacrifier les fonctionnalités offertes aux développeurs.

En utilisant des spécifications exécutables et en fournissant des outils adéquats, il est maintenant possible pour un client ne possédant pas de connaissances techniques de spécifier lui-même ses besoins. Ces spécifications feront ensuite office de jeu de tests qui sera exécuté tout au long du cycle de développement de façon à s’assurer que les fonctionnalités implémentées respectent les besoins du client.
The Java runtime in Oracle database (OracleJVM) is not your traditional JDK virtual machine; it s a one of the kind implementation of Java SE inside the Oracle database kernel. This technical session will help Java developers, database application developers, DBAs and data architects understand the specifics of Java in the database in terms of performance (speed) and memory management (space). First how to reconcile Java memory management with Oracle database memory management.How different/similar are they and what are the implications for your Java application code? Second, how does the database-resident JIT compiler works and what are the benefits for your Java application? Finally, the best practices for developing and deploying Java in the database.
Many developers are still using the traditional XML parsers, such as DOM, SimpleXML and XML to read and/or create XML documents, completely unaware of the benefits using XMLReader and XMLWriter could bring to a project. Streaming XML can provide numerous benefits including simpler APIs, faster processing and better resource usage. Find out how you can take advantage of these benefits in PHP through the use of XMLReader and XMLWriter.
Now in its fifth year of development, the Agavi MVC framework offers a number of unique architectural features that make it a good choice in particular for service-oriented systems and large-scale applications. This talk will give an overview of the framework, and some of the approaches it takes to help small and big teams alike achieve their goals while maintaining a clean, structured code base.
Every month, the PHP developer toolbox gets better thanks to the PHP classes provided by ezComponents and the Zend Framework. Back in May 2009, the Symfony project announced yet another library of PHP classes: the "Symfony Components". In this session, I will give a quick overview of the components that you won't find elsewhere, how you can use them within your next project, and what's planned for the future. I will also highlight the benefits they can provide in a Zend Framework project.
During the course of the presentation you will learn the benefits of cloud computing, and how to leverage the features of Windows Azure. We will start by creating a Web Role (Web Application) using the Developer Fabric to simulate the cloud environment on our local machine. Next we will upgrade our application and add the ability to store data using Developer Storage and modifying the Service Configuration file. We will also cover debugging an application in the cloud as well as creating a background process using worker roles.

An Xbox 360 can be won at this presentation!
Message queuing is an art of handling background / asynchronous processing. Most processes can be off loaded for processing to another area. If you are interested in background / asynchronous processing, this presentation goes through why message queues are needed, what they help to solve, available software, textual examples as well as live examples. Distributed processing is a must these days with video, photos, social networking and scaling vertically on the cloud.
Application platforms, such as the Yahoo! Application Platform (YAP), Facebook, or Myspace, have become a core foundation of social web infrastructures. When constructing a platform to run applications, numerous layers of security and technology need to work off of each other in order to generate a secure, versatile system.

This talk will cover the core technologies behind the creation of a platform to host 3rd party applications. We will explore open technologies such as OpenID and OAuth for user verification, OpenSocial for architecture implementations, and the use of front-end security implementations such as Caja. This will explore the benefits and exploits from each of the implementations and the importance of open source technologies.
Analysis of user experience is typically done by taking a random sample of users, measuring their experiences and extracting a single number from that sample. In terms of web performance, the experience we need to measure is user perceived page load time, and the single number we need to extract depends on the distribution of measurements across the sample.

There are a few contenders for what the magic number should be. Do you use the mean, median, mode, or something else? How do you determine the correctness of this number or whether your sample size is large enough? Is one number sufficient?

This talk covers some of the statistics behind figuring out which numbers one should be looking at and how to go about extracting it from the sample.
TikiWiki CMS/Groupware is a full-featured, web-based, multilingual (35+ languages), tightly integrated, all-in-one Wiki+CMS+Groupware, Free Source Software (GNU/LGPL), using PHP, ADOdb, Zend Framework, jQuery and Smarty. Actively developed by a very large international community, Tiki can be used to create all kinds of Web applications, sites, portals, knowledge bases, intranets, and extranets.

Topics:
1- TikiWiki CMS/Groupware: A general presentation
2- The Tiki development model: The Wiki Way applied to software development
3- New features in Tiki 5.0
4- The case of Support.Mozilla.com

Related links:
http://tikiwiki.org/Model (Wiki Way development model)
http://info.tikiwiki.org/Fact+Sheet
http://marclaporte.com/TikiWiki
http://doc.tikiwiki.org/Tiki3
http://doc.tikiwiki.org/Tiki4
http://fsoss.senecac.on.ca/2009/node/122
The ability to debug and troubleshoot Java/JDBC applications errors is crucial. This technical session will show how to debug Oracle JDBC applications using easily accessible tools such as trcasst, tkprof, oracle logging, jnettrace, jdb, tcpdump/windump, jstack, pstack, strace/truss, lsof, etc.
The session will also address tips and best practices for avoiding those pitfalls.
Do you feel overwhelmed at the thought of yet more communication tools, like Twitter, FaceBook, LinkedIn, etc? Welcome to the Information Age - it’s only going to get worse! Keeping up with contacts, prospects, and customers can be a full-time job. The result is that what was supposed to be convenient communication has become an endless source of unlimited distractions. Attend this presentation and learn:
-a common-sense explanation of social media and how it applies to you
-manageable ways to consider incorporating social media into your life
-the truth about multi-tasking
-the most valuable skill for the future
-techniques to maintain focus, even amid all the distractions
-ideas to control information and technology, so it doesn’t control you
Grand Club is a sport social network for RDS TV Channel. The site has been created 18 months ago with Ruby on Rails framework. RDS creates a challenging trafic for a Web application by being one of the main sites in Canada. The social activity around hockey (finals, players life, etc.) creates direct impacts on software architecture design. We will introduce a few issues we had to face and how we put in place mechanisms for solving them.

- Présentation de ce qu'est un WAF
- Présentation de sa manière de fonctionner
- Comment le mettre en place
- Comment le détecter/le bypassé
=>solutions d'encodage
=>attaques DOS
- Un retour d'expérience
Ajax applications make heavy use of JavaScript, Web 2.0 applications rely on loads of user-generated content, plugins may allow developers (and attackers) more than traditional web technologies. This session will feature web application security with focus on modern web applications. You will see old attacks with new twists, new ways to hurt users and/or a web application, and will understand ways to prevent automated HTTP requests. We will also analyze features (and security measures) of plugins, and why especially men are involuntarily helping attackers to succeed.
-Understanding the need for information security and privacy
-Secure design: key principles
-Threat modeling and analysis: building a threat model and identifying major risks
-Secure coding: key weaknesses
-Security testing: testing techniques and perspectives
-The big picture: key resources and methodologies, and how to initiate them
Les langages dynamiques permettent d'écrire des applications Web rapidement, mais comment rendre ces applications suffisamment rapides ?

Notre présentation, dédiée à Python, passera en revue diverses considérations plus ou moins spécifiques à ce langage, parmi lesquelles :

- Les implémentations de Python
- Caractéristiques de l'implémentation de référence
- Structures de données
- Gestion de la mémoire
- Parallélisme
- Techniques d'optimisation
The Web is almost 20 years old. Unfortunately, it has never been as dangerous as now to surf it. Problems that have plagued email for years are now omnipresent on the Web. Spam, malware, spyware, you name it, can make it onto YOUR website if you don't do something about it. Yes, it can, and will happen to you.

In this session, we'll discuss what you can do to make sure your website, and most importantly your visitors are safe. We'll also go over how you can maintain the good reputation of your company on the web, the different kinds of unwanted content and the legal implications of unknowingly exposing your visitors to such malicious content.
WordPress is NOT just a blog anymore!

For the seasoned WordPress developer or anyone coding in PHP, CSS, and jQuery, we will look at how you can take your theme to the next level. I will explain how theme architecture works, how to extend this architecture with custom template files, and how to create custom functions. I will also walk through the some interested CSS frameworks, like 960grid, implementing intermediate to advanced jQuery features, and how to customize the back end. Finally I will briefly discuss how to take your theme mobile using WPTouch and WPMobile.
Est-ce possible de faire comprendre à des personnes les pratiques et les valeurs de XP en quelques mots ? Pas vraiment. Est-ce possible en 1 minute d’inviter une personne à un « Workshop » ? Il n’y a en général aucun problème, ça devient juste une question d'horaire. Une fois que l’on a ce type de personnes dans la salle, c’est l’heure de jouer. On a alors 3 heures devant soi pour faire passer le maximum d’informations en espérant que les participants vont s’en rappeler. Or, la meilleure façon d’expliquer XP, c’est de faire partie d’une équipe qui utilise XP. C’est exactement ce que le XP Game propose.

En 2 (ou 3) heures, accompagnées de 2 animateurs, des personnes qui n’ont peut être jamais utilisé XP de leur vie vont travailler en équipe à la livraison de « produits ».
Le XP Game s’adresse à ceux :
* qui veulent découvrir XP,
* qui veulent mettre rapidement des équipes XP en place,
* qui cherchent des actions de communication avant-vente pour la mise en place d’XP.
A presentation on the use of Python Web Frameworks, pitfalls, and history behind WebCore (formerly YAPWF). Covers the creation of a Paste-based web framework, core features, design decisions, rationale for the creation of a new framework, and an example application; the classic wiki. If time allows, using the wiki example as a reusable component in your own applications will also be covered.