Symfony Station Communiqué - 1 April 2022. A look at Symfony, PHP, and Cybersecurity News!
Reuben Walker, Jr.
Posted on April 1, 2022
This article originally appeared on Symfony Station.
Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities.
Again, we cover tech aspects of the war crimes going on in Ukraine and how you can help.
Take your time and enjoy the items most valuable to you.
Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony.
Please note that links will open in a new browser window. My opinions will be in bold.
Symfony
As always, we will start with the official news from Symfony.
Highlight -> "This week, Symfony development activity focused on fixing bugs, especially on the HttpClient component, and polishing the new features of the upcoming Symfony 6.1 version, such as the new local switcher. Meanwhile, SymfonyLive Paris 2022 conference is coming in just two weeks and SymfonyCon Disneyland Paris 2022 conference announced the last days of its early-bird discounts.
A Week of Symfony #795 (21–27 March 2022)
They also say:
See you next week at SymfonyLive Paris 2022 conference
SymfonyCasts continues their free look at Symfony 6 and the Easy Admin paid courses.
Platform.sh announced:
We're changing the way development environment URLs are generated
Featured Item
Thoughtworks notes a lack of thought by some. "We don't see teams making that trade-off analysis, blindly accepting the complexity of SPAs by default even when the business needs don't justify it. Indeed, we've started to notice that many newer developers aren't even aware of an alternative approach, as they've spent their entire career in a framework like React. We believe that many websites will benefit from the simplicity of server-side logic, and we're encouraged by techniques like Hotwire that help close the gap on user experience."
Symfony and StimulusUX people.
This Week
I know I've shared many of these, but this one is in Spanish.
Laravel vs Symfony, ¿cuál elegir?
Les-Tilleuls.coop says in French, "we're fond of DDD tactical patterns! In this structural approach, we must divide and prioritize our code into three main layers: Infrastructure, Domain & Application. However, the same idea can be expressed and defined in several areas, for example, if I design a forum module as well as a real-time discussion module. In both domains, I will have a public template whose class is named 'Message', each using its own namespace: 'App\Domain\Forum\Model\Message' and 'App\Domain\Chat\Model\Message'."
How do I make resources with the same name coexist from two different domains with API Platform?
Bernard NG thinks "it is preferable to use XML mapping when doing DDD."
DDD With Symfony : How to configure Doctrine XML Mapping
Matthius Noback had a different take back in May of 2020.
Michał Romańczuk has a very detailed case study of converting a nightmare legacy project to Symfony by using the Strangler Pattern.
Hatem Ben Yacoub has a review of a TYPO3 handbook.
The TYPO3 Guidebook reviewed. Understand and Use TYPO3 CMS.
You can learn more about Symfony-based CMSs like TYPO3 and Drupal here.
Specbee writes "Data. Files. They're what make up your website. And how you store and serve them can make all the difference for user experience. Obviously, cloud storage has changed the way we look at and manage data. Today, we're going to walk through one of the more popular options for Drupal websites. S3 (Simple Storage Service) is the cloud storage service provided by AWS (Amazon Web Services) and it has been providing durable, secure, and scalable cloud storage for many industries."
How to store and serve files from Amazon S3 on your Drupal website
Louis Nagtegaal shows us how to handle:
Timeless
Sponsored Article
We published our third sponsored article on Symfony Station exploring how to Implement Code Execution Monitoring for your Symfony apps via Inspector. Like all our articles it is now available via audio.
How to Implement Code Execution Monitoring for your Symfony apps via Inspector
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they applied to the Symfony Station site.
PHP
This week
The PHP Foundation published their March Newsletter.
Jonathan Bossenger writes "Ever since I discovered how to configure PhpStorm with Xdebug for debugging, it's been my go-to solution for hunting down difficult to reproduce bugs. What I didn't know until very recently was that it's also possible to debug JavaScript using the same setup, which blew my mind!"
Debugging React, JavaScript, and PHP at the Same Time With PhpStorm
Bobby Jack notes "Bitmasks are as old as computing itself and, admittedly, were more useful in the days of memory scarcity and low-level programming. But there's nothing to stop you using them today, when appropriate. PHP makes use of bitmasks in many of its built-in functions."
Amplitudo asks:
Why are we using sessions in PHP?
Italo Baeza Cabrera writes "PHPUnit is a very complete testing suite, and with Mockery is even better. Most of the assertions are covered: data in arrays, strings inside strings, classes instances, and so on. Even so, PHPUnit is not perfect, and for your project, you may need a "custom" assertion. For example, I just stumbled upon the need to create a simple assertion to check if a class extending other contains a given variable set of methods."
PHPUnit: Making your own assertion
Thomas Dutrion says, "Things in computing science are sometimes complex… And I consider myself a fervent proponent of self-descriptive code to limit complexity. I won't get back on why you should unit test at least some of your code, nor will I spend time teaching how to write unit tests in this article. I will consider that all of you are ok with these concepts and implementations. Examples will be based on a PHPUnit implementation."
Unit tests and data providers, the readable way
Code and Deploy shows us how to:
Hicham Ben Kachoud has a quick look at the S in SOLID programming.
SRP: Single Responsibility Principle
He also examines the L.
LSP: Liskov Substitution Principle
And regarding SOLID's D, Guy Erez explains:
Dependency Inversion vs. Dependency Injection
This is very useful.
Joseph Bielawski has "A short explanation of the Bus Factor and how to hold its score at safe levels."
What happens if your development team is hit by a bus?
Last Week
Dimitrios Lytras says, "While I wasn't paying attention, PHP got quite good."
Brent writes "Generics in PHP. I know I'd want them. And I know a lot of developers who agree. On the other hand, there is a group of PHP programmers, maybe even larger, that say they don't know what generics are, or why they should care. I'm going to do a series on this blog about generics and PHP. We'll start from the beginning, but quickly work our way to the more complex topics. We'll talk about what generics are, why PHP doesn't support them, and what's possible in the future."
Golems notes "What does $this mean in PHP and similar questions are increasingly appearing on the Internet. StackOverflow is also bombarded with questions about this variable. Let's find out everything related to dynamic PHP access object property with $this and break it down with examples."
Dynamically Access PHP Object Properties with $This
If you ever need an extensive PHP explainer article to share, Visualwebz has you covered.
Other
Please visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually).
The cyber response to Russia's War Crimes
The Next Web reports "For weeks, Russia's military assault on Ukraine has been complemented by full-fledged information warfare. The Kremlin has propagandized Russian state media,and is trying to control the narrative online too. We've seen a bombardment of "imposter content" circulating - including fake news reports and deep-fake videos - while Ukrainians and the rest of the world have scrambled to find ways to tell the real story of the invasion. The instant messaging app Telegram has surfaced as one of the most important channels through which to do so. But what is it about Telegram that has millions flocking to it amid the chaos?"
Why Ukrainians are turning to Telegram during the war
The New Zealand Herald reports "Ukraine has claimed to have uncovered the identities of more than 600 Russian spies in what has been described as a significant blow to President Vladimir Putin's espionage efforts. Officials in the war-torn country allege the unmasked individuals were carrying out "criminal" activity across Europe. The Main Intelligence Directorate of Ukraine released a slew of personal details of hundreds of alleged agents working for the FSB."
600 Russian spies busted in huge blow to Moscow's espionage war
Daniel Johnson reveals:
The real reason Ukraine's information war is so successful
This was long overdue.
Kaspersky Named First Russian Company on Security Risk List
The Washington Post writes "As the U.S.-funded broadcaster is forced to shut most of its Russian operations, its Web traffic indicates that Russian people are eagerly consuming its stories."
The Kremlin tries to stifle Radio Free Europe - and its audience surges
Lawfare.org reports "Companies like Meta, Google, Apple, Microsoft, Twitter, and even TikTok increasingly recognize that they cannot afford to sit geopolitical crises out. The war in Ukraine is the most dramatic instance yet of platforms' geopolitical turn - their growing engagement with security and geopolitical challenges incidental to their business operations. Platforms came a lot more prepared for the war in Ukraine compared to previous major geopolitical inflection points. They have coordinated their actions with Western governments and other international actors leading the charge against Russia."
The Evil Empire Strikes Back
Russian hackers appear to be more competent than their generals and soldiers.
Russian military reportedly hacked into European satellites at start of Ukraine war
ZDNet reports that:
Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts
The Intercept reports "Internal chat logs leaked from the notorious Russian ransomware gang Conti reveal unfiltered conversations between ultranationalist hackers in which they repeat Russian President Vladimir Putin's conspiratorial lies about Ukraine, discuss the impact of early Western sanctions against their country, and make antisemitic comments about
Ukraine's Jewish president."
Leaked Chats Show Russian Ransomware Gang Discussing Putin's Invasion of Ukraine
Cybersecurity
Richard Forno writes "I and other researchers at the University of Maryland, Baltimore County have studied the cybersecurity preparedness of the United States over 90,000 local government entities. As part of our analysis, working with the International City/County Management Association, we polled local government chief security officers about their cybersecurity preparedness. The results are both expected and alarming."
Hackers are targeting US local governments - and it's time to fight back
Michael Usiagwu shares "The recent increase in the severity and sophistication of cyberattacks in recent years may just signal an essential, albeit overdue, turning point in cybersecurity. The clamor by security practitioners concerning the securing of cloud technology by use of technology like Zero Trust by enterprises and organizations has never been louder, and it's not hard to see why."
Zero Trust - The Silver Lining to Cloud Cyber Attacks
GitHub notes "Securing your projects is no easy task, but end-to-end supply chain security is more top of mind than ever. We've seen bad actors expand their focus to taking over user accounts, commonly used dependencies, and also build systems. Defending against these attacks is hard because there's no one thing you can do to protect your project end-to-end. To help you defend against these attacks, we created new guides in our Docs that cover how to get started securing your end-to-end supply chain."
How to secure your end-to-end supply chain on GitHub
More
Rachel Lawson @rachel_norfolk says on Twitter, "If you are mining bitcoin in Europe then you are using up energy that could otherwise be heating people's homes. You are directly helping Putin's invasion of Ukraine by making it harder to apply sanctions on energy coming from Russia."
On a related note, The Guardian reports a "campaign, called Change the Code Not the Climate and coordinated by Environmental Working Group is calling on bitcoin to change the way bitcoins are mined in order to tackle its outsized carbon footprint. The software code that bitcoin uses - known as "proof of work" - requires the use of massive computer arrays to validate and secure transactions. Rival cryptocurrency Etherium is shifting to another system - "proof of stake" - that it believes will reduce its energy use by 99%.
Climate groups say a change in coding can reduce bitcoin energy consumption by 99%
Wired opines "A string of "sabotage" incidents in open source software is reigniting discussions of how to safeguard projects that underpin digital platforms and networks around the world. Many of the recent incidents have been dubbed "protestware" because they relate to open source developers making code changes to express support for Ukraine amidst Russia's invasion and ongoing attack of the country."
The Fragile Open Source Ecosystem Isn't Ready for 'Protestware'
Docker announces Extensions.
GitHub shows us how to:
Save time with partial re-runs in GitHub Actions
They also announced CoPilot Labs. A VS Code extension for experimental applications of Copilot.
Jonas Ulrich writes "We're still wasting massive amounts of valuable development cycles in the frontend world by working in silos, or by to at least some extent reinventing the wheel for every project. Results suffer in the process, impacting real-world results for users and content creators alike. How did we get here, and what could a way forward look like? How we've already come a long way, and why still (so far) even Jamstack hasn't been the sole answer, either…"
Unlocking the frontend - a call for standardizing component APIs pt.1
UX Tools notes "The term "user error" implies that it's the user's fault when they do something wrong. But in the vast majority of cases, the fault actually rests with the designer for having created an interface that is confusing or makes it too easy for the user to make a mistake. The solution to user errors is not to blame the user or try to train the mistakes out of them. The solution is to redesign the product in such a way that it prevents errors from occurring in the first place."
How Designers Can Prevent User Errors
Louis Lazarus says, "there is a whole bunch of lesser-used attributes that I was sure I'd forgotten about, and probably a whole bunch of attributes I didn't even know existed. This post is the result of my research, and I hope you'll find some of these useful to you, as you build HTML pages in the coming months."
Those HTML Attributes You Never Use
That's it for this week. Thanks for making it to the end of another edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Also, be sure to join our newsletter list at the bottom of our site's pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We're in our infancy so it's extra economical. ;)
More importantly, if you are a Ukrainian company with coding-related products, we can provide you with free promotion on our Support Ukraine page. Or if you know of one, get in touch.
Keep going Symfonistas!
Author
Reuben Walker
Founder
Symfony Station
Posted on April 1, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
September 17, 2022