Today begins my coverage of ZendCon 2007. This is the first entry and covers Day 0... the Tutorials.

Today started with a $4 muffin. As the first day of festivities but not yet the conference, breakfast was not available. Hence, the muffin and a flock of slightly annoyed geeks.

When I checked in at the registration desk, I got one of the best surprises so far. Last year Zend put together a deck of cards featuring prominent PHP'ers. This year they got even more creative went with trading cards featuring the speakers and other prominent PHP'ers. I happen to be one of them... BarCampDC was the first time seeing CaseySoftware, LLC on shirt, this is the first time seeing myself on a card. Sounds odd but kind of fun. I'll attach the card once they're available online.

The tutorials were an extended format. Two three hour sessions with a deep focus on a single topic. There was the standard Zend Certified Engineer Crash Course by Chrisitan Wenz, an Extending PHP session given by Wez Furlong and Sara Goleman, a Security Crash Course by John Coggeshall, and finally PHP Development Best Practices by Matthew Weier O'Phinney, Mike Naberezny, and Sebastian Bergman. I attend that last one last year, so I opted for the Security Crash Course.

A three hour session - even with a break - is a long time. A ridiculously long time. That said, John did a good job of keeping most of the audience engaged. He covered security topics, fixes, and strategies from a variety of angles and covered some ground that I hadn't seen covered in a presentation before. The more interesting aspect was the fact that he introduced a number of examples and let us pick them apart and identify issues. There were a handful of times that someone suggested ideas or solutions that John hadn't noted. I seemed like a good balance of topics and examples.

At lunch, I got a reminder from Christian Flickinger on why I attend these conferences. At every one of these, I meet a number of people across the spectrum ranging from complete newbie PHP'ers to Rasmus... people who are setting the agenda and leading the community. The most important thing about all these chance meetings is that almost all of these people are personable. You realize that these briliant developers are basically normal people and they're generally doing what they enjoy. The biggest difference is their stock options. ;)

After lunch, there was more of John's tutorial. It got deeper and then we were left with a relatively open Q&A session. I asked one of the biggest security questions:

"When you find a vulnerability, how do you approach reporting it?"

Lots of people who say "Don't!" which is generally the easy answer. John pointed out that you need to contact the site in question and make sure you get in touch with the right people. Hacking the site is a Bad Idea(tm) but just passing the complete info to some random person on the site can be a bad idea too. You need to make sure the information gets to the right person at the right time.

After the sessions ended, there was the Speaker/ZCE Reception in the bar. The food and beverages flowed and I had the opportunity to talk to a number of people about a number of topics... and even pitch a few people on my presentation. ;) Unfortunately, I had to leave early for a conference call, but I caught Cal Evans' announcing introducing a brand new ZCE.