Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities.
Again, we cover the tech aspects of the war crimes going on in Ukraine and how you can help.
Take your time and enjoy the items most valuable to you.
Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony.
Please note that links will open in a new browser window. My opinions will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> “This week, Symfony 4.4.40, 5.4.7, and 6.0.7 maintenance versions were released. Meanwhile, the upcoming Symfony 6.1 version added new features such as a Serializer profiler panel and a simpler bundle/extension configuration. Lastly, the SymfonyLive Paris 2022 conference will take place next week.”
A Week of Symfony #796 (28 March - 3 April 2022)
Javier Eguiluz previews an upcoming feature of the 6.1 update.
New in Symfony 6.1: HtmlSanitizer Component
SymfonyCasts continues their free look at Symfony 6 and Easy Admin paid courses.
This week on SymfonyCasts
Platform. sh announced “We’re excited to announce that Platform.sh now offers OpenSearch as a service available and included on all plans. OpenSearch is a distributed RESTful search and analytics engine you can use for log analytics, a search backend, clickstream analytics, and more.
With the recent move by ElasticSearch to switch to a licensing model, it was important for us to propose a strong open-source alternative. And OpenSearch is completely open-source, so you could run and manage it on your own. But if you add it to a Platform.sh project as a service, all of the infrastructure is taken care of. All you have to take care of is your data: indexing it and retrieving it.”
OpenSearch is here
We missed this last week. Blackfire Monitoring now integrates with API-Platform.
Democracies are far from perfect. However, while sometimes chaotic and prone to taking one step back for every two forward, they are the best governments in the world. Currently, they are in a growing battle with autocracies ranging from tyrannical to criminal for the future of mankind.
The Copenhagen Pledge puts forward a vision for the digital age, based on democratic values and human rights. It serves as the overall value framework for the Tech for Democracy initiative.
Take and sign the pledge
Its Action Coalitions target specific issues at the intersection of tech, democracy, and human rights. Coalition partners engage in concrete activities and deliver concrete solutions in line with the Copenhagen Pledge.
The Action Programme contains recommendations ****on how to transform the Copenhagen Pledge into action and charts a path for various areas, such as how to truly improve digital responsibility and mobilization.
Find the full Action Programme and civil society´s 8 recommendations here.
Please get involved today. You have to have open societies to have open-source.
WeLoveDevs says, “Ce questionnaire, d'environ 10 minutes, est proposé par Smaïne Miliani ainsi que la communauté WeLoveDevs.com (entreprises, experts, formateurs, indépendants) pour aider les développeurs à auto-évaluer leurs connaissances.” If you are fluent in French, take this test.
Test Symfony 6
Mohamad Eldhemy explores:
The What-Why-How Guide of PHP code quality tools
Sriram webnexs asks:
What Is the Magento Marketplace Extension and How Does It Work?
tangled net writes “Grav CMS allows developers to give third parties the ability to manage their (structured) content in a very elegant and flexible way. At the same time, there are few restrictions on how this content ends up displayed on the website — as long as the developer knows what he is doing.”
Grav CMS — A way to pass URL parameters in a frontend form
Unearthed says, “we use the AWS service Cognito to issue JWTs to clients during authentication. From there, the JWT is exchanged with whichever services the user is interacting with in order to validate their identity. This is helpful when building out a service graph, since each JWT can describe an authenticated users session without any direct dependency on a user service.
It's worth mentioning, if you are using Symfony, there is a Symfony Bundle which will make some of the factories and services used in this blog post available from the container. In our application we decided instantiating these dependencies directly was preferable.”
Decoding and validating AWS Cognito JWTs with PHP
#! Code has this very useful article for us:
Drupal 9: Getting A Good Score In Google PageSpeed Insights
Droptica notes “In this article, we’ll present what standards are used to create Drupal projects. We will show you the basic aspects that are worth paying attention to and the tools that make work easier.”
What are Drupal Coding Standards, and How to Use Them in Your Daily Work?
Arslan Ijaz looks at:
Amazing UX design using Drupal
Matt Robinson shares:
What to Do With Your Drupal 7 Website
Christian Kolb has two articles for us:
Using CQRS in Symfony
Using id value objects for better readability and type safety
The April edition of php[architect] is out.
Tomasz Dobrowolski shows us:
Why You Should Limit Your Use of Comments to Make Cleaner Code as a Developer
Study Section notes “A session is a way to continue information across different web pages to recognize users as they traverse a site or app. There is absolutely no way a server could remember a specific user between multiple requests, which is why we call the HTTP protocol a stateless protocol.”
Explaining this pattern with example in PHP — Server Session State
Farhan Tanvir shares “Here are 7 VSCode extensions which will help you to make the best use of VScode if you are a PHP developer.”
7 useful VSCode extensions for a PHP developer
Yacine Touati discusses:
Setting up Dockerized cron jobs: For example, using PHP and MySQL
The one and only Brent is back with “You've probably used the strategy pattern before: a behavioral pattern that enables selecting an algorithm at runtime.
Let's consider a classic example: the user provides some input either in the form of XML, JSON or an array; and we want that input to be parsed to a pretty JSON string.”
Jordi Bassaganas shares his:
Hicham Ben Kachoud continues his SOLID series with the I:
Interface Segregation Principle
Jarek writes “Generic types are templates which allow us to write code without specifying a particular type of data on which it will work. Thanks to them, we avoid redundancy and the objects operate on the previously declared types. A good example is collections of various types. If we want to be sure that a collection consists of a given data type, we can either create a separate class to store each type, use various types of assertions, or just use generic types.”
How To Start Using Generic Types In PHP
Andreas Moller notes “The chances are that you are already aware of the concept of named constructors. If not, take a look at Matthias Verraes' excellent article Named Constructors in PHP.
When it comes to consistently naming constructors, I currently apply the following rules for different types of objects.
- value objects”
Incredibly there were two articles on this last month.
Stefan Priebsch writes “Despite a greatly improved type system in versions 7 and 8, PHP does not support constructor overloading. If an object has to be created in different ways, so-called named constructors are used. Are there any best practices for naming them?”
How do you name constructors?
Please visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually).
The cyber response to Russia’s War Crimes
CNBC reports “Alex Iskold, a tech entrepreneur and start-up investor, revived the 1K Project to provide direct relief to Ukrainian families impacted by the war.”
A Ukrainian Techie Combined ‘Code and People' to Raise $3.5 Million So Far for Families Back Home
Twitter limits reach for Russian government accounts and bans most POW imagery
Fortune reports “Hacker collective Anonymous announced on Twitter that it successfully breached and leaked the personal data of 120,000 Russian soldiers.
"All soldiers participating in the invasion of Ukraine should be subjected to a war crime tribunal," Anonymous said in the message.
The leak included personal information like dates of birth, addresses, passport numbers, and unit affiliation.
Anonymous takes revenge on Putin’s brutal Ukraine invasion by leaking the personal data of 120,000 Russian soldiers
After what we have seen this week, IMHO these soldiers are legitimate targets for hacktivism.
NBC reports “Distributed Denial of Secrets, is best known for curating, publishing, and promoting giant caches of files from a variety of sources, including U.S. police departments, the conservative social media platform Gab and the far-right Oathkeepers, a prominent group involved in the Jan. 6 riot.
But since Russia invaded Ukraine, Best and her colleagues have been inundated with files that hacktivists say they’ve stolen from Russian banks, energy companies, government agencies, and media companies. For weeks, the group has scrambled to translate, verify, format, and upload files that they can assess are legitimate and new, with the caveat that they usually haven’t gone through every single file to assess if it hasn’t been altered or planted with malicious software.”
Hackers flood the internet with what they say are Russian companies' files
The AP reports “The Biden administration has charged a Russian oligarch linked to the Kremlin with violating U.S. government sanctions, and disrupted a cybercrime operation that was launched by a Russian military intelligence agency, officials said Wednesday.”
US charges Russian oligarch, dismantles cybercrime operation
The New York Times reports that the:
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks
Politico reports that “The firms that helped document the Russian invasion of Ukraine are now finding imagery of atrocities.”
Satellite companies join the hunt for Russian war crimes
Cloudflare writes “Following Russia’s unjustified and tragic invasion of Ukraine in late February, the world has watched closely as Russian troops attempted to advance across Ukraine, only to be resisted and repelled by the Ukrainian people. Similarly, we’ve seen a significant amount of cyber attack activity in the region. We continue to work to protect an increasing number of Ukrainian government, media, financial, and nonprofit websites, and we protected the Ukrainian top-level domain (.ua) to help keep Ukraine’s presence on the Internet operational.
At the same time, we’ve closely watched the significant and unprecedented activity on the Internet in Russia. The Russian government has taken steps to tighten its control over both the technical components and the content of the Russian Internet. For their part, the people in Russia are doing something very different. They have been adopting tools to maintain access to the global Internet, and they have been seeking out non-Russian media sources. This blog post outlines what we’ve observed.”
What Cloudflare is doing to keep the Open Internet flowing into Russia and keep attacks from getting out
On a related note, NPR asks “What do Russians know about what's happening in Ukraine? Well, it depends in large part on what independent media they're able to access - access the Russian government has been forcefully trying to restrict. So many Russians have been relying on VPNs - virtual private networks - that obscure their identity online and allow them to access blocked websites.”
Some Russians are skirting website restrictions through VPNs. What are they?
Radio Free Europe reports “Western governments imposed crushing sanctions on Russia for its unprovoked attack and foreign companies began pulling out of the country, setting its economy reeling and making investments in the technology sector unattractive. Three days later, Krupnik froze his project, and on March 9 he fled to Turkey, seeing a bleak future back home.”
'A Nail In The Coffin': Tech Workers Are Fleeing Russia and The Impact Will Last For Years
The Evil Empire Strikes Back
TechCrunch reports “The mass exodus of IT specialists has been met with hostility from Moscow.”
Tech workers describe detentions and interrogations as they flee Russia
If you are in Russian IT and want to escape the new Iron Curtain, we suggest you get the fuck out now. If not enjoy the Gulag.
CBS reports “A group of hackers with ties to the Belarusian government broke into the Facebook accounts of Ukrainian military officials and posted videos calling on the Ukrainian army to surrender.
Meta's head of security policy, Nathaniel Gliecher, said the videos posted on the accounts of Ukrainian military officials were not seen by users and were taken down by the platform before it could be shared with others.”
Russian-backed hackers broke into Facebook accounts of Ukrainian military officials
The Jerusalem Post reports “China launched a massive cyber operation against the Ukrainian military and its nuclear facilities before Russia began its invasion, according to UK intelligence reports obtained by The Times.
The British reports were backed up by Ukraine's national security service, the SBU, which claimed China coordinated thousands of cyberattacks and hacking attempts on official Ukrainian government sites.”
China carried out massive cyberattack operation on Ukraine - report
The New York Times notes:
Bristling against the West, China rallies domestic sympathy for Russia
The Guardian reports “Putin may be ‘playing a long game’ on the cyber front, with attacks underway but not fully understood.”
Russia’s slow cyberwar in Ukraine begins to escalate, experts say
The Associated Press reports “Though Russia is the country that invaded its neighbor Ukraine, the Kremlin’s version relentlessly warns social media users across Latin America that the U.S. is the bigger problem. “Never forget who is the real threat to the world,” reads a headline, translated here from Spanish. The article, originally posted in late February on Twitter by RT en Español, is intended for an audience half a world away from the fighting in Kyiv and Mariupol.”
Russia aims Ukraine disinformation at Spanish speakers
ZDNet reports “The US Federal Government's latest attempt to create a centralized office for cybersecurity within a major agency will also be tasked with exploring economic and policy concerns within cyberspace.”
US Bureau of Cyberspace and Digital Policy officially commences operations
TechRepublic has this discouraging bit of news:
Developers do not view application security as a top priority, study finds
They also have:
5 tools to make encryption key management easier
GitHub shows us:
How Dependabot empowers you to keep your projects secure
They also have:
Prevent the introduction of known vulnerabilities into your code
“Alpine is the modern jQuery, that’s my vision for it,” Porzio explained in an interview. “When I started in web development, jQuery was what you did to sprinkle in stuff on your front end. Your whole front end wasn’t driven by a frontend framework, it was driven by something like Rails. I still like to write web apps that way. I’ve come full circle, I did the whole SPA thing and there’s nothing wrong with it, per se, but for a lot of use cases it’s just way too much complexity.”
Infoworld notes “SQLite is embedded everywhere. Will Postgres follow suit?”
Getting Started with Docker Desktop
They also have:
CTO Chat: Overcoming the Developer Experience Gap (feat. RedMonk & Flow.io)
VSCode writes ”The Visual Studio Code team has used this insight as the heart of their research over the years: if we can reduce time spent on overhead, like reading about environment setup, then we can increase productivity time. We have a vision where developers don't have to keep fighting the same battles over and over again. This means a consistent development setup that can handle the never-ending churn of version upgrades, configuration changes, and hardware refreshes.
But what does the path look like to get us there? Let's examine the journey to increase developer productivity that has led us from local development to container-based development, to the cloud.”
Using Containers to move from Local to Remote Development
TechCrunch reports “At its Team ’22 conference, Atlassian announced the launch of Atlas, a new service for cross-functional team updates it previously offered as a beta under the name “Team Central.” The service is meant to be a central repository for what teams are working on — with those updates limited to a Twitter-like 280 characters.”
Atlassian launches Atlas to improve team alignment
Sule-Balogun Olanrewaju Ganiu says, “This article will teach you an alternative approach to testing client APIs using Thunder Client, an open-source extension available on VS Code marketplace.”
Thunder Client – An Alternative Way to Test Restful APIs
That's it for this week. Thanks for making it to the end of another edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Also, be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
More importantly, if you are a Ukrainian company with coding-related products, we can provide you with free promotion on our Support Ukraine page. Or if you know of one, get in touch.
Keep going Symfonistas!