The PHP Podcast 2026.06.04

🎙️ PHP Podcast – June 4, 2026

Hosts: Eric Van Johnson & John Congdon

Another fun episode of the PHP Podcast! Here’s what we covered:

🎪 PHP Tek 2027 — New Dates, Bold New Format
Mark your calendars: PHP Tek 2027 is happening April 27–29 in Chicago, and Eric and John are shaking things up. Rather than a straight three-day PHP conference, next year gets three tracks — two of which are familiar PHP-focused content, and a third specialty track that rotates each day: one day of JavaScript, one day of DevOps, and one day of Laravel. The Laravel track is specifically focused on how developers actually use the framework day-to-day, not a product pitch. Single-day passes will be available, so if you’re only coming for the DevOps or JS day, you’re covered. One important heads-up: there’s a big convention happening at a venue nearby in Rosemont, so the hotel block could sell out faster than usual. When they open reservations, don’t wait.

🐘 Holly the Elephant Is Going Fast
The PHP Architect conference elephant, named Holly, is now available at store.phparch.com, and demand has been remarkable. Eric woke up one morning to a flood of orders and genuinely couldn’t figure out what happened. The warning from last year applies here: people said they’d grab Tony later, and now Tony is gone forever. Holly ships June 17th for most orders, but if you’ve already ordered, it’s likely on its way. Get yours while you can.

📺 PHP Tek TV Is Doing Something Different This Year
In past years, conference talk videos would get edited and uploaded weeks (or months) after the event. This year, John is doing things differently: the raw, unedited recordings are going up now, with timestamps in the description so you can jump straight to specific talks — some rooms recorded a seven-hour continuous feed and just left it running. The clean edited versions are still coming (a video editor friend in the UK is on it), but if you want to see a talk right now, the raw version is there. Audio quality varies by room, but it’s watchable.

📷 Immich — A Self-Hosted Google Photos That Actually Works
John has been running Immich, a self-hosted photo management platform, in a Docker container for about a month and loves it. It does facial recognition, GPS tagging, and auto-uploads from his phone — essentially everything he cares about in Google Photos, without handing his photos to Google or Apple. He’s now planning to use it as the PHP Architect conference photo library, centralizing all the Tech photos in one browsable, shareable place. It’s fully open source, with no licensing cost, and an optional donation tier. If you’re sick of paying ever-increasing storage bills to big tech companies, this is worth a look.

📄 Ben Ramsey’s PHP Tek Homecoming Article Is Free to Read
The May issue of PHP Architect magazine is now available to digital subscribers, and this month’s free article is Ben Ramsey’s piece on the PHP Tek homecoming experience. Eric reached out to Ben last minute and he delivered. If you’ve never subscribed, this is a low-barrier way to see what the magazine is like. Head to phparch.com, grab the free article, and if you like what you see, subscriptions are not expensive.

🔧 John Is Resurrecting a Legacy Laravel App — With Claude’s Help
John has been grinding away on a Laravel 6 app that was a passion project years ago and has now been revived as an actual client project. Using Claude to methodically baby-step through each version upgrade — starting with writing tests to establish a baseline — he’s worked up through the major Laravel versions. The turning point came when he hit the version where the old event sourcing package (Prooph) was clearly on its way out, and the decision was made to migrate to Verbs, Nuno Maduro’s Laravel-native event sourcing package. John’s now looking forward to it. He’s also accidentally been burning tokens on the company Anthropic account (not his personal account), which Eric caught live on air. They are going to talk about it after the show.

🔗 Eric’s Mystery Side Project Is Almost Ready — If DNS Would Cooperate
Eric teased a new side project last week and intended to reveal it this week, but he’s stuck waiting on DNS propagation. The domain was registered with DigitalOcean DNS already in use by a previous owner, so Eric moved it to Cloudflare — only to discover there may be a conflict because the previous owner was also on Cloudflare. The result: the name servers are stuck on old values. John’s live suggestion was to move it to Route 53, and Eric was immediately sold. The project is almost ready to show the world, DNS gods willing.

🤖 Meta’s AI Support Bot Got Socially Engineered
Eric shared a video demonstrating how someone prompt-injected Meta’s AI customer support bot into sending a verification code to an attacker-controlled email address — and then using that code to add the email to an account, enabling a full password reset and account takeover. The irony: Meta is the company behind Llama and has some of the deepest AI expertise on the planet, and they still shipped a support bot with permissions it shouldn’t have. Eric’s point was pointed: you can fire a human employee who gets social engineered, which creates accountability throughout the team. An AI has no such incentive structure. Crowbarring AI into account-modification workflows without appropriate guardrails is just asking for this.

📋 The PHP Foundation Now Publishes Board Meeting Minutes
Eric discovered that the PHP Foundation has started publishing their board meeting minutes in a public GitHub repository. Nothing earth-shattering yet, but seeing who attended, what was discussed, and what decisions are being made gives the community a real window into how the foundation operates at scale. It also helps explain something Eric and John have always found interesting: why PHP stalled so hard between versions 5 and 7. There was no foundation, no financial backing, just volunteer hours. Now there’s a paid staff and governance structure — and the minutes show exactly how complex running something at PHP’s scale actually is.

🛡️ The PHP Foundation Has a Dedicated Security Team Now
Speaking of the Foundation, it now has a dedicated security team — a sign of how seriously the supply chain attack problem has gotten. AI tools are being deployed by black hat actors to find vulnerabilities in open source projects at a scale that wasn’t possible before. PHP is not just another open source project; it underpins a massive slice of the web, and companies depend on it staying secure. Having a team specifically focused on this is the right call, even if it’s a sobering reminder of where the threat landscape is heading.

🔍 Moat — Nuno’s GitHub Security Auditing Tool
Nuno Maduro (of Laravel fame) quietly shipped a tool called Moat that audits your GitHub presence for security gaps. Install it globally via Brew or Composer, point it at your GitHub org, a specific repo, or even a specific branch, and it gives you a report on where your security posture could be improved. It’s read-only — it won’t change anything — and it’s explicit that it is not a security certification. Eric wants to use it to audit the PHP Architect organization’s repos, many of which haven’t been touched in years. Think of it as a fast, opinionated triage tool, not a replacement for a real security audit.

Links from the show:

Host:

Eric Van Johnson

John Congdon

Streams:

- Youtube Channel
- Twitch

📬 Connect & Hire

Looking to hire PHP developers? Email support@phparch.com – Joe and the team are available for consulting, infrastructure work, Ansible playbooks, and code review.

Partner

This podcast is made a little better thanks to our partners

Displace

Infrastructure Management, Simplified
Automate Kubernetes deployments across any cloud provider or bare metal with a single command. Deploy, manage, and scale your infrastructure with ease.
https://displace.tech/

PHPScore