Looking back at a great CakeFest in Berlin, I learned a lot about CakePHP and met many nice and inspiring people. Here are some conference notes I took that were particularly useful or new to me.

These notes are not a representative summary of the event's highlights. For that you may want to checkout the resources at the end of the article, or just attend the next CakeFest.

Best Code Practices

• Think about making it into a datasource. Now think again. Now really hard.

Clue: Can you make atomic CRUD operations on it? Does it interface with the outside world? It's probably a datasource.

• Use TCPDF on sourceforge for generating PDF files

• Try Media Plugin for any kind of media upload, it protects you from all known vulnerabilities & caveats and will save you work.

• Follow the view folder logic inside /app/webroot/js directory as well

• Use rules with wildcards to explain what JavaScript files need to be included at what pages

• Obviously true for CSS as well

(Thanks to: @NOSLOW, @jperras, @felixge, @nperson)

Tools, Methods & Task Management

• Use "Club Mate" to code 48 hours a day ; )
• Checkout OmniFocus for tasks
• Remember the milk could work
• Sequel Pro for Mac MySQL management
• Sharpen your skills & keep your eye on the ball with pair programming, programmers will tend to get lost on their own
• The Pomodoro Technique could also help you getting things done without investing/wasting too much time with the methodology itself.
• Outside the zone, you're working at 10% of your potential. It takes 50 minutes to get into the zone. It takes 2 seconds to get out. Manage distractions.

(Thanks to: @felixge, @gwoo, @alkemann)

Cake Core

• Cake 3 is going to be very powerful, we like it. We want it. Now. pretty pretty please @nateabele?
• Why not look at Cake's testcases for additional understanding & documentation
• If there are multiple validation errors, the last rule is displayed. So swap them until they make sense from a usability standpoint.
• Should have known that element() has built in caching. Just use the cache parameter.
• We're getting a nice Plugin Repository. Probably even one with CLI tools so we could just type 'install plugin x'

(Thanks to: @nateabele, @jperras, @gwoo)

Performance & Benching

• Use Lucene (instead of e.g. sphinx) for text searches
• Siege instead of Apache **Benchmark **for performance benchmarking.
• Pagespeed is Google's yslow. So a client side benchmarking addon for Firefox. Supposed to be better than yslow at some things too. 2h blog reading a day... How did I miss this?
• To avoid DB stampede, use a 'two-expire' system: tracking a smaller expire date yourself inside memcached. When it expires reset it to the small time again & then update DB & memcached so value is valid again & only 1 request ended up processed by the database. Opposed to actual expiring where all slashdotters will massively hit the DB and it may not even be able to restore the memcache entry.
• Pecl/inclued to show all source dependencies
• Don't use cache blacklisting. Use whitelisting instead. So e.g. cache elements, and don't use <cake:nocache> ever again.
• Use Gearman to schedule out jobs to other machines.

(Thanks to: @jperras, @teemow)

Source Control & Deploy

• Go use github for your projects. No, really. Go... Are you still here?
• Ignoring files & branching in GIT is way easier than SVN
• Assembla has a continuous integration AMI (virtual image) that you can launch right now @ Amazon EC2
• Use Capistrano for simultaneous deployment on multiple servers

(Thanks to: @felixge, @alkemann, @d1rk, @gwoo, @jperras)

Testing

• Selenium can fire up browsers and test your sites like an actual user. It will tell you if unexpected output returns.
• Unit testing. "Be your own giant", make tests while you write not after. Then: refactor & optimize and be sure your test cases keep working.
• Don't go for 100% test coverage. Test topdown instead. That usually provides the best rendement: bugs reduced / time spent

(Thanks to: @felixge, @alkemann)

I18n & Translation

• Use %s inside __() inside sprintf()
• Use the cake console to index all translate strings: __() which can then be read by poedit
• Poedit is a good tool for translators. It works for all OSes and developers/testers can afterwards flag invalid translations
• Language code must be in URL & not some cookie. Think of the crawlers.
• There is a Translate behavior to do the heavy lifting
• Instead of sprintf, one can also use the Cake built-in String::insert() method and have tokens (:name) instead of %s (or %1s)

(Thanks to: @pierremartin, @miglesias)

Security

• Use PHP IDS to detect XSS & SQL Injection attacks
• Never trust mimetypes, they can & will be forged so people can upload scripts & just execute them
• Resizing images will get rid of harmful content. Never serve original files.

(Thanks to: @nperson, @teemow)

Further Resources

Day

• @felixge's Summary of CakeFest [#3](https://twitter.com/i/#!/search/%233) over at the debuggable.com blog (checkout their new layout!)
• @alkemann's CakeFest 3 roundup with some pictures as well
• Very cool mind map put together by @timk_ for presentation topics at

CakeFest (via @predominant)

• All of @predominant's info on the #cakefest downloads page

Night

• You will find the Night Shots in the private "Cake War Faces" app that will launched when ready ; ) James Fairhurst was already kind enough to donate me his "CakeBattles" app which I will base it on.

You could check @kvz to find out when I launch it.

Suggestions?

I already said this wouldn't be a complete summary of the event, basically just the things I want to follow up on personally. But if you like me to add or change something still, just drop a line below.