Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities.
This week, we again cover tech aspects of the war crimes going on in Ukraine and how you can help.
Take your time and enjoy the items most valuable for you.
Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony.
Please note that links will open in a new browser window. My opinions will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> “This week, Symfony development focused on fixing bugs and finishing new features for the upcoming Symfony 6.1 version. One of those new features is a button to copy requests as cURL commands in the Symfony Profiler. Meanwhile, the SymfonyLive Paris 2022 conference, which will take place in just 4 weeks, announced its complete workshop and talk schedule.
A Week of Symfony #793 (7-13 March 2022) (Symfony Blog)
Early bird registration for SymfonyCon Disneyland Paris 2022 ends on March 31st
Unsurprisingly after the recent merger they announced:
Symfony in the Cloud: Platform.sh becomes the official Symfony PaaS
Fabien Potencier asks “How can you get started with Symfony 6? What are the best resources to learn Symfony? How can I learn about the latest best practices? Those are legitimate questions I get from the community.”
Get started with Symfony 6
SymfonyCast has started a new course on Symfony 6!
This week on SymfonyCasts
Elise Hamimi reports “As the creator of Symfony, SensioLabs strengthens its relationship with its long-time partner in the US: Unleashed Technologies. This strategic partnership is the result of successful joint projects with Unleashed Technologies. In 2022, SensioLabs and Unleashed Technologies are speeding up to better serve American users of Symfony.”
SensioLabs strengthens its partnership with Unleashed Technologies
She also has:
Learn how to migrate to the PHP framework Symfony
Forbes writes Ukraine’s IT pros are “ fixing internet in bombed-out buildings, finding rogue operators providing Russians with mobile connections and thwarting hackers. The telecom companies of Ukraine and their employees are being hailed as heroes in the war.”
Bombs And Hackers Are Battering Ukraine’s Internet Providers. ‘Hidden Heroes’ Risk Their Lives To Keep Their Country Online
If these heroes can do this, we can do more ourselves to stand with Ukraine and protect democratic values.
Sergii Demianchuk writes “welcome to the second article devoted to the theme: “How to work with ElasticSearch using Symfony PHP framework”. Here we will prepare our local environment for further development. As you remember from Part 1 we have to create a web server, microservice application, and Elasticsearch as standalone docker containers.”
Symfony, Elasticsearch, and Docker environment
Michał Romańczuk notes “There are many tools for static PHP code analysis, but one of the most popular is PHPStan. It may be due to its ease of use, versatility and the possibility of using many extensions for example to Symfony, Doctrine, Elasticsearch, Monolog, Guzzle, etc.”
Using PHPStan with Symfony - static analysis for better PHP code quality
Fabien Lemoine show us “How to combine the power of the Symfony Mailer component with the features offered by an email provider.”
Envoyer des e-mails transactionnels avec un service tiers sous Symfony
Mchojrin takes a look at how to handle exceptions in Rest APIs with Symfony. It’s in Spanish.
Cómo manejar las excepciones en API Rest con Symfony
Webkul writes “PrestaShop employs various types of cache such as Smarty, assets (CSS/JS), XML cache, etc. It also provides ways to clear individual cache types from our module. So in this blog, we will discuss how we can clear PrestaShop cache in module code.”
Clear PrestaShop Cache in module
They also have:
Custom Events and Event Subscribers in Symfony
Sylius notes “Since the very beginning of Sylius’ existence, our philosophy was to focus on our domain and not reinvent the wheel. That’s why Sylius is entirely based on Symfony which gave us a solid foundation to build specific e-commerce bundles within the already existing and highly standardized framework.
Following the very same core idea, Sylius never intended to solve problems of other domains. There are wonderful tools in different categories, which allows us to focus on what we know best – the e-commerce domain.”
Why best-of-breed is the best thing that can happen to your mid-market e-commerce?
I agree that unless you have a small and simple application, best-of-breed is the way to go for your stack.
Joseph Ndedde Udonsak writes “Recently, I was working on a feature and needed to generate and mail a PDF document whenever a payment was made. I dispatched a Message and in the message handler, I used the KNP Snappy Bundle to generate a PDF from a twig template. It was pretty straightforward (or so I thought) until I saw the mayhem that had been let loose in my failed transport.
Today I Learned — Twig and Services
He also has:
How to inject multiple instances of an interface in a service
The Drop Times has an interview with Drupal’s founder with some interesting takes on headless and low code.
Dries Buytaert: Low Code No Code Adoption Good for Drupal
And speaking of headless Drupal here’s an article and a solution taking a look.
Five basic things I’ve learned using GraphQL in Drupal
The future of Drupal is headless
Dries disagrees with the headless opinion and so do I. That applies to WordPress as well.
Ryan Szrama writes “We've long recommended Swift Mailer for formatting and sending HTML emails from Drupal Commerce. Symfony announced the project's deprecation late last year, recommending folks switch to using the 3-year-old Symfony Mailer instead after they brought it up to full feature parity with the Swift Mailer library.
Fortunately, there's a module for that!”
Replace Swift Mailer with Symfony Mailer for HTML email
We published our third sponsored article on Symfony Station exploring how to Implement Code Execution Monitoring for your Symfony apps via Inspector. Like all our articles it is now available via audio.
How to Implement Code Execution Monitoring for your Symfony apps via Inspector
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they applied to the Symfony Station site.
Dariusz Gafka writes “We often need to schedule the execution of given business functionality in our applications. The timing depends on what we want to achieve. It may be monthly executed invoices or notifications sent after the user was registered on the website. And in this article, we will deep into different ways of scheduling execution in PHP.”
Scheduling Execution in PHP
What's Up With @template-covariant?
They also look at:
Generics By Examples
Digital Ocean shows us:
How To Use Functions in PHP
Gaurav Makhecha says, “Thanks to the PSR-4 autoloading, we can define the namespaces prefix and their corresponding base directories.”
PHP Namespaces are not the same as the Directory Structure
Marcin Szydlowski writes “I have recently spotted an interesting vulnerability in a PHP application, which was in the scope of a private bug bounty program. This vulnerability has nothing to do with standard web app issues like SQLi, XSS, or IDOR, hence despite relatively small impact I decided to write about it.”
Insecure comparison in PHP — Business Logic Bypass vulnerability
Brent Roose & Freek Van der Herte are starting a series of posts with tips for writing clean PHP. They’re from a course the duo offers.
Code that breathes
Joshua Otwell says, “I'm sharing my 5 favorite Programming/Developer newsletters that I think you should read too.”
5 Developer/Programming Newsletters You Should Be Reading
There are good SQL and PHP choices on the list.
Meet Simseck states “I’d like to talk about Swoole in this article but it won’t be covering the cumbersome processes such as installing, configuring, using, and so on. I’d like to cover the philosophy behind it. Why do we need it in the PHP world? Which scenarios are the best to use this kind of external package/extension?”
Let’s Tackle PHP Swoole Solemnly
Please visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually).
The cyber response to Russia’s War Crimes
MarketWatch writes “One reason that some military analysts and Russia experts believe may have contributed to Putin miscalculating his chances of a quick victory, or his ability to outlast the Ukrainians, is that he underestimated the efficacy of Western sanctions in sapping Russia’s power to wage war, specifically by denying it access to critical technologies.”
Putin tried to create a homegrown tech industry. His failure could be key to a Russian defeat, experts say
The Hill notes “With the assistance of the West, Ukraine has become more resilient since the initial cyberattacks, especially given that it is uniquely vulnerable to Russian attacks since most of its infrastructure was built by Moscow during the Soviet era.”
US and EU cyber investments in Ukraine pay off amid war
Reface, a synthetic media app that’s developed out of Ukraine has added push notifications informing its ~200 million-strong global user-base about Russia’s invasion of the country — urging people to #StandWithUkraine, including by watermarking face-swapped videos created with the app.
Reface, a viral face-swap app from Ukraine adds anti-war push notifications
Wired writes, “Within three days of the first missiles falling on Kyiv, Mykhailo Fedorov and his staff launched a public campaign to pressure US tech giants to cut off Russia, began accepting cryptocurrency donations to support Ukraine’s military, secured access to Elon Musk’s Starlink satellite internet service, and began recruiting a volunteer “IT Army” to hack Russian targets. More recent projects include a chatbot for citizens to submit images or videos of Russian troop movements.”
Ukraine’s Digital Ministry Is a Formidable War Machine
The Guardian reports “about 300,000 people have signed up to a group on the chat app Telegram called “IT Army of Ukraine”, through which participants are assigned tasks designed to take the fight to Vladimir Putin. In so doing, they are trying to level the playing field between one of the world’s (so-called) superpowers and Ukraine as it faces bombardment and invasion.
‘It’s the right thing to do’: the 300,000 volunteer hackers coming together to fight Russia
Anonymous continue their efforts.
Anonymous releases 364,000 files about Russia's censorship of invasion
They also hit the German subsidiary of Russian energy giant Rosneft with a cyberattackRosneft withal Office for Information Security (BSI) says.
Hackers target German branch of Russian oil giant Rosneft
Fast Company reports on how “A group of techies-turned-hackers called the Cyber Partisans are targeting railways carrying Russian troops and exposing a brutal Belarusian regime.”
How hackers in Belarus are complicating Putin’s Ukraine invasion
Rest of World asks:
In Ukraine’s cyber-war with Russia, who is a civilian, and what is a war crime?
The Wall Street Journal notes “People around the world are using a new website to circumvent the Kremlin’s propaganda machine by sending individual messages about the war in Ukraine to random people in Russia.”
Using a New Cyber Tool, Westerners Have Been Texting Russians About the War in Ukraine
The Guardian also notes “Experts say both sides may understand that large-scale cyber-attacks will result in ‘mutually assured destruction of systems’.”
‘Catastrophic’ cyberwar between Ukraine and Russia hasn’t happened (yet), experts say
I thought this would have been a no-brainer but:
Germany warns against using Kaspersky software citing 'considerable' cyber risk after Russia's invasion
VentureBeat reports “Cloudflare unveiled a new tool in its suite of security offerings, the Cloudflare API Gateway, which seeks to simplify the protection of increasingly prevalent application programming interfaces (APIs). The solution also aims to feature a significantly lower price point than many of the other API security products now on the market, which could go a long way toward “democratizing” API security for the market.
Cloudflare aims to boost API security with a new gateway
On the Public API Network, Postman gathers some of the best APIs to ramp up productivity including Notion (just released to GA!), Peruse Code, and Machine Learning Tools for Developer Professionals.
Build Software Faster with These Productivity APIs
This was from a while back but is worth another look. Via Github:
The Open Source Software Security Summit: securing the world’s code together
C.S. Rhymes says, “GitHub offers a dependabot service that can let you know of any potential security issues with your dependencies and automatically create a Pull Request for you. This works great without any configuration if you have a repo that contains npm, composer, or gem dependencies, but you may need additional configuration if your lock files aren’t in the root directory, or in separate directories in the case of a monorepo.”
Using GitHub Dependabot with a Monorepo
GitHub also has a video exploring “ some of the shortcomings of legacy application security solutions, and share a developer-first approach that can help your organization overcome challenges with an end-to-end security process and improved collaboration.”
Developer-first security: The next step for AppSec
If you are having trouble getting cybersecurity buy-in with your CEO or CFO, share this with them. Plus, it’s a good review for anyone.
Cybersecurity: What Every CEO and CFO Should Know
Core DNA writes “We take a close look at the evolution of the CMS platform, specifically, how the management of content has changed and how platforms have been designed to cater for the changing browsers, new channels, and client needs.”
Custom CMS & Backend Frameworks Be Damned
Postman asks us to “Explore the World of APIs. Browse the largest network of APIs, workspaces, and collections by developers across the planet.”
Postman API Network
Ben Gurney shares an effective way to approach improving the web accessibility of your apps.
My secret to better web accessibility
What many people don’t know is that the best way to manage JSON is with a seemingly ancient tool: the SQL language. Let’s look at why that is and five examples of how to do it.”
Why (and How) You Should Manage JSON with SQL
That's it for this week. Thanks for making it to the end of another extended edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
More importantly, if you are a Ukrainian company with coding-related products, we can provide you with free promotion on our Support Ukraine page. Or if you know of one, get in touch.
Keep going Symfonistas!