Jun 2, 2026
·
1h 10m 15s
·
May 30, 2026
The PHP Podcast 2026.05.28
PHP Podcast – May 28, 2026 Hosts: Eric Van Johnson & John Congdon Links from the show: PHP barely avoided disaster – YouTube CVE-2026-45793: Anatomy of a 14-Hour PHP Supply-Chain Near-Miss · graycoreio/github-actions-magento2 · Discussion #261 · GitHub An Update on Composer & Packagist Supply Chain Security PHP Tek: A Homecoming by Ben Ramsey Tek Roundup – Roave Speaking at PHP Tek 2026! #tech – YouTube PHP Tek is behind us, the ballroom is cleaned up, and we’re back to talk about all of it. Here’s what we covered: RIP Archie Bot After a long fight to keep him alive, Eric has officially retired Archie — the Discord bot built on OpenClaw that handled team standups, monitored PHP Architect’s Twitter/X group for join requests, and did a surprising amount of background work for the consulting team. When Anthropic shut down the OpenClaw API, Eric tried every model and service he could find to bring Archie back to form, but nothing got him all the way there. After a month of “almost working,” the call was made. He’s dead. Eric hasn’t ruled out revisiting it eventually — maybe with Claude Cowork — but for now, the bot is gone and the starting-soon link in Discord is broken because of it. Reviving a Six-Year-Old Codebase A client PHP Architect Consulting worked with from 2018 to 2021 has come back. The project — a reimagining of their app — was killed off when COVID hit and the CEO couldn’t align with the team’s vision. The last commit was six years ago. Now the client wants to bring it back, and Eric is spending the next few days analyzing what it’ll take to get it running again. Outdated packages, an old PHP version, and the general entropy of time are all on the checklist. Eric has genuine affection for this codebase — it was one of the first projects where he felt like the team was truly operating as a team, not just as an extension of him. Now it’s time to dust it off. Partner Spotlight: PHP Score → Our CVEs The PHP Score sponsor read may be getting a refresh — the folks at Artisan Build, who built PHP Score, have a new product they’re excited about: ourCVEs.com. It monitors your codebase’s Composer and NPM packages — and optionally your servers via a lightweight agent — for exposure to open CVEs, and alerts you when something needs attention. Pricing is generous: free forever for open source projects, $17/month for solo devs, $83/month for teams (or $1,000/year), with server monitoring scaling at $1 per server above 50. Ed from Artisan Build was at PHP Tek and made a strong impression. Go check it out at ourcves.com. How PHP Barely Avoided a Supply Chain Disaster Brent Roose released a 22-minute video covering a near-miss in the PHP ecosystem involving GitHub and Composer. The short version: GitHub changed their token format and briefly released it before Composer was ready to handle it. Composer was logging the token when the format check failed — meaning GitHub tokens were ending up in CI logs. In GitHub Actions, depending on how your action is configured, that container (and its token) might stick around for a while, giving an attacker a window to act. An alert developer caught the issue, used Claude to help research it, then did responsible disclosure — contacting the Composer maintainers and reaching out to Taylor Otwell, Vincent Pontier, and others in the ecosystem to disable their actions until the fix was in place. Update your Composer. GitHub rolled back the new token format but won’t keep it rolled back forever. Packagist MFA and Account Security Following up on the supply chain theme: Nils and Igor (Composer/Packagist maintainers) released a blog post on what they’re doing to improve supply chain security. The immediate ask for anyone publishing packages is to enable MFA on your Packagist account — it’s not required yet, but it will be. Eric went to check his own account, found MFA was already on, but noticed his username was still “diegodev” and he was using an old email. While updating it, he noted that Packagist didn’t require him to re-authenticate or confirm the change via the old email — a gap worth flagging if you have popular packages and someone ever gets into your session. PHP Tek 2026 Recap — The Good PHP Tek 2026 in Chicago is done, and despite everything (see below), the team is proud of how it went. Some highlights: Holly (CodeLorax) built a conference mobile app from scratch, released on both Google Play and the Apple App Store within 24 hours of the conference opening. The app let attendees build their own schedule, detected conflicting talk selections, sent push notifications when talks moved rooms, and even included a vendor lead-scanning feature where vendors could scan attendee QR codes to capture contacts. It was a genuine game-changer for the event. Eric and John named the conference elephant after Holly in appreciation — she also changed a trailer tire during setup, which sealed the deal. Clayton Kendall sponsored and produced the conference shirts and bags on an extremely tight timeline — shirts two weeks out, bags just one week before the event. Both were a hit. Attendees at the conference were getting questions about the rainbow PHP Architect shirt in particular. A job fair ran for the first time, with four companies represented. One hiring manager showed up even though they already had 1,400 applicants — because they knew that conference attendees are exactly the kind of motivated, self-improving developers they want. Attendees got to ask questions directly, including the real-world stuff like remote vs. office. Eric would love feedback on how to make it better next year. JS Tech debuted as a fourth track alongside the three PHP tracks, bringing in fresh faces from the JavaScript community. Eric came away energized by the cross-pollination — different people, different approaches to similar problems. Ben Ramsey and James Tickham (Rove) both wrote great blog posts about the conference. Ben’s will be featured in the magazine. Diana Pham also put together a video recap. Links in the show notes. PHP Tek 2026 Recap — The Incident On Monday during final setup, a hotel employee had a medical incident while walking through the main ballroom — leaving a trail that required hazmat-suited cleanup crews and forced the team to quarantine the ballroom, the hallway leading to it, and the adjacent bathroom. The person is okay and was back at the hotel by Friday, which was a relief. But in the moment, nobody knew what was happening or how long the room would be unavailable. The team had to rebuild the entire conference footprint overnight. The keynote moved, the JS Tech track went into the quiet room, vendors moved to the atrium, and the hotel staff — to their enormous credit — cleared their own furniture and accommodated every ask without complaint. Attendees were equally patient; once they understood the situation, there was no drama, just “tell us where to go.” The incident also took out the streaming setup for day one, compounding an already-difficult start. The solution that eventually worked — plugging the Ethernet into a hub before the streaming equipment — wasn’t tried until day three. Eric is mad at himself for thinking of it and not doing it sooner. PHP Tek 2027 — Save the Date (TBD) Planning for next year is already underway. The current target is April 2027 — away from the May timing that caused Eric to miss two of his kid’s band performances this year. Nothing is locked yet, but they’re working through venue and date options and hope to have an announcement soon. Links from the show: ourCVEs.com — Daily security audit on autopilot PHPScore — Technical debt monitoring for PHP Brent Roose — “How PHP Barely Avoided Disaster” (YouTube) Packagist — Enable MFA on your account PHP Architect Discord PHP Architect Merch Store PHP Architect YouTube Host: Eric Van Johnson X: @shocm Mastodon: @[email protected] Bluesky: @ericvanjohnson.bsky.social PHPArch.me: @eric John Congdon X: @johncongdon Mastodon: @[email protected] Bluesky: @johncongdon.bsky.social PHPArch.me: @john Streams: Youtube Channel Twitch Connect & Hire PHP Architect Website Twitter/X Mastodon Hire PHP Developers Looking to hire PHP developers? Email [email protected] – Joe and the team are available for consulting, infrastructure work, Ansible playbooks, and code review. Partner This podcast is made a little better thanks to our partners Displace Infrastructure Management, Simplified Automate Kubernetes deployments across any cloud provider or bare metal with a single command. Deploy, manage, and scale your infrastructure with ease. https://displace.tech/ PHPScore Put Your Technical Debt on Autopay with PHPScore CodeRabbit Cut code review time & bugs in half instantly with CodeRabbit. Music Provided by Epidemic Sound https://www.epidemicsound.com/ Join Us Live Next Week Youtube Channel Got feedback? Join us on Discord at discord.phparch.com The post The PHP Podcast 2026.05.28 appeared first on PHP Architect.
May 28, 2026
·
1h 6s
Passkeys, Moats, and Scheduling Models
Jake and Michael discuss all the latest Laravel releases, tutorials, and happenings in the community.Show linksGenerate HTML Password Rules Attribute in Laravel 13.9.0Storage Cache Store in Laravel 13.10.0Scrollbar Styling and Container Size Utilities in Tailwind CSS v4.3.0Laravel Introduces First-Party Passkey Authentication SupportLaravel's AI SDK adds sub-agentsDHH Joins Laravel Live Denmark 2026 for Fireside Chat with Taylor OtwellManage Laravel Cloud Deployments Inside PhpStormMoat: A Security Review for Your GitHub AccountModel-Based Scheduling for Laravel with CadenceLarapanda: A Type-Safe Lightpanda Browser SDK for LaravelUse a Google Sheet as Your Laravel Database with the Google Sheets Database DriverDrag-and-Drop Sorting for Eloquent Models with Reorderable for LaravelPiper: Laravel-Style Array and String Helpers for PHP's Pipe OperatorSimple Feature Flags for Laravel with Laravel ToggleLaravel Paper: A Flat-File Eloquent DriverTutorialsLaravel MongoDB Full-Text Search tutorial: The Art of the RelevancyShip AI with Laravel: Real-Time Streaming Chat UI with Livewire
May 26, 2026
·
49m 53s
Marketing Developer Tools with Cynthia McGillis, VP of Marketing
The Laravel Podcast is brought to you by Tighten, your friendly neighborhood Laravel experts. Check us out at tighten.com and also by other sponsors you will hear about later in the episode. In this episode, Matt Stauffer is joined by Cynthia McGillis to talk about her unlikely path from English major and nonprofit fundraiser to leading marketing at Laravel.They discuss what it’s like to market developer tools as a non-developer, how Cynthia helped launch Laravel Cloud, and why the Laravel community feels different from other dev tool ecosystems. The conversation dives into Laravel Cloud features users still don’t realize exist — including auto-scaling, hibernation, preview environments, and the CLI with tinker — along with the challenges of pricing, onboarding, and scaling a modern hosting platform.Matt and Cynthia also explore how AI is reshaping workflows inside Laravel, including how the marketing team is using Claude Code to generate weekly kickoff decks from Linear and Hex APIs, vibe-code landing pages without a CMS, and operationalize a fast-moving marketing org. Matt Stauffer on X Cynthia on X Cynthia’s Website Cynthia’s Email - [email protected] Twitter Laravel Website Tighten WebsiteSuggestion Box----- Editing and transcription sponsored by Tighten.Big thanks to the companies that support the show:Honeybadger Mailtrap Thunk Laravel - Laracon US and Laravel Cloud
May 26, 2026
·
1h 21m 13s
133: Do The Hardest Thing with Jesse Hanley
Aaron is joined this week by Jesse Hanley, founder of Bento, to talk about building a seven figure business, why he feels less stress now than he did when he started, migrating from Heroku to Planetscale, and more.Sponsored by InterNACHI, Honeybadger, Bento, Vask, and NativePHP UltraInterested in sponsoring Mostly Technical? Head to https://mostlytechnical.com/sponsor to learn more.Going to Laracon? Sign up for the Mostly Technical Pre-Party!(00:00) - 5 TB of Data (11:12) - Laravel Live Japan (15:46) - Seven Figure Business (24:32) - Advice for Indie Hackers (28:57) - Pick Better Problems (32:50) - Friends of Bento (42:33) - Heroku to Planetscale (01:15:02) - What's Next Links:Jesse HanleySpeedshopJesse's Database School episodeTatamiDragonflyRedisShakeLaravel Live JapanDaniel Coulbourne
May 23, 2026
·
13m 58s