Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities.
We again cover the tech aspects of the war crimes going on in Ukraine and how you can help. Symfony news was light this week, so we’ve added extra Drupal and cybersecurity coverage.
Take your time and enjoy the items most valuable for you.
Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony.
Please note that links will open in a new browser window. My opinions will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> “This week, Symfony announced the merging of SymfonyCloud into Platform.sh. In addition, SymfonyCasts published the new (and free) Symfony 6 video tutorials. Finally, SymfonyCon Disneyland Paris 2022 conference announced the end of its early bird registration period.”
A Week of Symfony #794 (14-20 March 2022)
They also announced there’s:
1 week left before the end of early bird registration for SymfonyCon Disneyland Paris 2022
SymfonyCasts continues their free look at Symfony 6 and the Easy Admin paid courses.
This week on SymfonyCasts
It’s long past time to make your Symfony applications as secure as possible.
As should be obvious to anyone not living under a rock, cybersecurity is critical. This has always been the case, but it’s even more important now thanks to the Russian war crimes in Ukraine.
The potential for a cyber-war has never been higher. As Russia struggles with illegally occupying Ukraine it may lash out with cyber-attacks against anyone supporting the Ukrainian nation.
Russia’s fellow rogue state allies, Belarus, Iran, North Korea, and China, could increase their current efforts. Plus, many cyber-criminal gangs are based in these countries.
Examine the Reassuringly Robust Flexibility and Extensibility of Symfony Security
This is the most important, original content Symfony Station has created to date so please be sure to read it.
Jolicode writes “Once upon a time, a developer was asked to move a form from one application to another. The source application was a Symfony app. The target application was WordPress, the CMS that runs the Web.
Follow us in that journey that will take you to the edge of what is possible and what should not be done, but most importantly it will show you how to use the full power of Symfony Form inside the WordPress CMS.”
Using Symfony Form in WordPress
Prestaconcept shows us “how to cut out your code that has become too complex with the decorator pattern, using Symfony.”
Le pattern Décorateur avec Symfony
Rajesh Bhimani says, “Drupal 10 is coming soon. Are you ready for this new version? Are wondering since Drupal 9 is quite new, why is Drupal 10 being released? There are a few practical reasons for Drupal 10 early release, which we will discuss in this article. But before it arrives, we have to get prepared for it.”
Hint - It’s tightly tied to Symfony 6.
Are you ready to upgrade to Drupal 10? Know how to prepare for the upcoming update!
Evolving Web “Drupal's API-enabled architecture opens up infinite possibilities for a decoupled Drupal, separating its back-end CMS from its front-end theming system and giving us the tools to use our Drupal installation as a content hub for various technologies and applications.”
This two-part series should apply to straight Symfony in general.
Building Decoupled Drupal - Part 1
Building Decoupled Drupal - Part 2
Vishwa Chikate shows us “how to mock the global Drupal object when writing unit test cases for the custom code.”
Drupal 8/9: Unit Test cases mocking the global Drupal object and Services
He also has:
REST API: How we implement resource handlers for PATCH req:
Jacob Rockowitz notes “Recently, I shared a guide for auditing, reviewing, and improving a Drupal module. I suggested that developers experiment with the
drush generate command, which uses the Drupal Code Generator to help gain an overall understanding of the potential architecture of a Drupal module. Here I put my recommendation to the test by generating an example module using the Drupal Code Generator library."
Understanding the architecture of a Drupal module using the Drupal Code Generator library (a.k.a. the
drush generate command)
Nicolas Pennec says, “Drupal is an open-source content management platform powering millions of websites and applications. Here we will see how you can easily deploy a simple Drupal website on Docker to the cloud with ScaleDynamics.”
How to deploy Drupal on cloud with Docker
We published our third sponsored article on Symfony Station exploring how to Implement Code Execution Monitoring for your Symfony apps via Inspector. Like all our articles it is now available via audio.
How to Implement Code Execution Monitoring for your Symfony apps via Inspector
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they applied to the Symfony Station site.
Nabila Khansa writes “Clean code plays a major role in the understandability of a code, along with its readability, changeability, extensibility, and maintainability. It is vital for building a successful and maintainable product, especially when you are part of a developer team. You should always think about the next person who will maintain your code.”
Let’s Take Out the Trash: Writing Cleaner Code
Victor Todoran notes “Ever since the release of PHP 8.0 all I’ve been hearing is constructor property promotion. It’s a neat little trick and I like it, though it wasn’t of much help when I started work on PHP 8 compatibility. This article is a high-level overview meant to show you some of the things you need to look into before you can upgrade to PHP 8 and to encourage you to research the topic on your own.”
Migrating From PHP 7.4 to PHP 8.0
There are many PHP 8 articles, but this one directly compares code examples from 7 and ones refactored with 8.
What’s New in PHP 8.1?
Tomasz Dobrowolski says, “Functions are fundamental to writing code, making it vital that you write them well. Well-written functions make your code efficient, easy to read and reduce the chance of errors. Here is a list of advice on writing good functions with PHP examples.”
10 Ways to Use Functions in Your Code to Become a Better PHP Developer
Brent is back and writes “Collections; they are probably the easiest way to explain what generics are about, but they also are the example that everyone talks about when discussing generics. It’s not uncommon for people to think that “generics” and “collections with a type” are the same thing. That’s definitely not the case.”
Generics in depth
This tutorial shows us how to work with files in PHP.
PHP File — Open/Read/Write/Close
Italo Baeza Cabrera notes “If you want a free and simple route to host a private package in Github and download it to your project, there is one.”
PHP: Use your private repository in Composer, without SSH keys
Vitalii Marenkov says, “Domain-driven design advises to create aggregates and other complicated objects in factories. In PHP we can define constructor as private or protected and then the object can be created only in a factory method in the class itself. But it violates the single-responsibility principle. Is there another way?”
Forbidding of creating objects outside factory in PHP
This one is self-explanatory:
Open Swoole 4.11.0 released with HTTP2 improvements, PHP GRPC server, bug fixes, and more
Frank Prins writes “The last few months I’ve been working a lot on optimizing our Gitlab pipelines for a large private codebase to keep the runtime of them below 4 minutes. As there is not a lot of info about optimizing Gitlab pipelines for PHP projects in general, I decided it was time to change that. As there is a lot to unpack here, this will be the third in a multipart series.”
Optimizing Gitlab pipelines - PHPStan (3)
Pascal Landau says, “In the fourth part of this tutorial series on developing PHP on Docker we will revisit the previous tutorials and update some things to be up-to-date in 2022.”
Docker from scratch for PHP 8.1 Applications in 2022
Add A WordPress-Style Update Utility To Any Application
Please visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually).
The cyber response to Russia’s War Crimes
TechCrunch opines “Russia's current talent outflow might well be the last wave of its chronic brain drain stretching back decades.”
Tech talent flees Russia as Western sanctions bite
Venture Beat notes “Vera Chernysh is the СЕО and managing editor of the three largest technology and business news publications in Ukraine — MC.today, ITC.UA, and Highload. Chernysh and her husband, Timur Vorona, who run and manage the news outlets together, made the business decision to shift the operations of their entire business from covering the latest tech trends to war and survival reporting.”
Ukrainian tech publications pivot to cover the war and provide survival advice
FP reports “Russia’s communications systems are failing at higher-than-expected rates during the nearly monthlong war in Ukraine, U.S. and European officials and experts said, forcing invading troops in the field to rely on open systems that can be readily intercepted by Ukrainian forces.”
‘The Ukrainians Are Listening’: Russia’s Military Radios Are Getting Owned
In other communications news CNBC reports “SpaceX has sent “thousands” of Starlink satellite internet kits...which come with an antenna, a mounting tripod and a Wi-Fi router to Ukraine shortly after Russia invaded. Ukrainians can use the Starlink kits to connect directly to SpaceX’s network in orbit, with the company having launched about 2,000 satellites to date.”
Elon Musk's SpaceX sent thousands of Starlink satellite internet dishes to Ukraine, company's president says
WP Tavern reports “WordPress managed hosting company WP Engine has joined Acquia, Fastly, Gatsby, Netlify, and Pantheon to begin booting Russian companies off their platforms.”
WP Engine, Pantheon, and Others Drop Support for Russian Business Customers
Fast Company reports “The “Play for Ukraine” game, developed by IT pros in Lviv, crowdsources and gamifies DDOS attacks on Russian websites. It’s already racking up successes.”
This game crowdsources cyberattacks against Russian websites
Wired reports “The developer of a popular open-source package has been caught adding malicious code to it, leading to wiped files on computers located in Russia and Belarus. The move was part of a protest that has enraged many users and raised concerns about the safety of free and open-source software.”
A Developer Altered Open-Source Software to Wipe Files in Russia
This is the way not to do it. Indiscriminately. Not yet.
Politico quotes President Biden “The more Putin’s back is against the wall, the greater the severity of the tactics he may employ … one of the tools he’s most likely to use in our view, is cyber-attacks...The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming.”
Biden warns Russian cyberattacks 'coming'
The Evil Empire Strikes Back
Laptop reports “As Russia deploys brute force to invade Ukraine, the US fears that the nation may have another tactic up its sleeves: cyber warfare. On Monday, President Joe Biden warned business leaders about the looming threat of cyber attacks that could cripple US infrastructure.
You may be wondering, "What does cyberwarfare look like and how can it affect me?" Let's take a look at what the experts have to say so that you can keep your data and devices protected in the event of a cyber-attack.”
A Russian cyber-attack may hit the US — how to protect your data and devices
Wired also reports “For years, Russia’s cybercrime groups have acted with relative impunity. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn’t target Russian companies. Despite direct pressure on Vladimir Putin to tackle ransomware groups, they’re still intimately tied to Russia’s interests. A recent leak from one of the most notorious such groups provides a glimpse into the nature of those ties.”
Leaked Ransomware Docs Show Conti Helping Putin From the Shadows
The Guardian reports “The US has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries.”
US charges four Russian hackers over earlier cyber-attacks on global energy sector
The Next Web notes “the continued operation of cryptocurrency exchanges in Russia, such as Binance, Yobit, and Local Bitcoins, has been worrying US officials for some time. Even before Russia’s latest invasion of Ukraine, the US Treasury Department warned cryptocurrencies could undermine the sanctions already imposed on Russia over its 2014
annexation invasion of Crimea.”
Russians are using crypto to evade sanctions — but it’s not just the elite
So, where is this humanitarian disaster created by evil men leading us? My Master’s Degree is in International Relations, so this deep dive into where the world economy may go from here is quite interesting to me.
Putin and Xi Exposed the Great Illusion of Capitalism
Venture Beat writes “There are a lot of myths surrounding open-source software, but one that continues to permeate conversations is that open source is not as secure as proprietary offerings. At face value, this claim would seem to hold merit as how do you secure a supply chain for a product that is created in an environment where anyone can contribute to it?
But perceptions are changing, as open-source code is running many of the most sophisticated computational workloads known to mankind.”
The risk of undermanaged open-source software
The Next Web reports “the communications between thousands of SaaS platforms are also an emerging threat to corporate cybersecurity. Most existing cybersecurity solutions still do not offer adequate protection or a convenient way to monitor the communications between these apps and platforms, leaving companies vulnerable to cyberattacks and unable to effectively know or control which parties have access to sensitive corporate or personal data.
The next big cybersecurity threat is connected SaaS platforms
Digital Ocean says, “IaaS, PaaS, and SaaS are all different options for cloud delivery models. They each have their own pros and cons, and the difference between them is the level of abstraction they offer the end-user.”
IaaS vs. PaaS vs. SaaS: What’s the Difference?
ZNet opines “A combination of resourcing, government initiatives, and innovation will mean some organizations are able to handle cyber threats in real-time -- and then there is everyone else.”
We are headed for an ecosystem of cyber haves and cyber nots
This is comparable to Symfony’s StimulusUX which is based on Hotwire.
StoryLab exclaims “All the coding has been completed and it’s (almost) perfect. So, now what? - How do we make sure it stays (almost) perfect? - Is linting ok? - Are all tests passing? - Do we have all builds (versions) archives? - And… all above for all our 19 (nineteen, in words) GitHub repositories!”
3, 2, 1 and Action - Github Action
Time reports “as crypto has soared in value and volume, Vitalik Buterin has watched the world he created evolve with a mixture of pride and dread. Ethereum has made a handful of white men unfathomably rich, pumped pollutants into the air, and emerged as a vehicle for tax evasion, money laundering, and mind-boggling scams. “Crypto itself has a lot of dystopian potential if implemented wrong,” the Russian-born Canadian explains.”
The Man Behind Ethereum Is Worried About Crypto's Future
TechCrunch reports “In a formalization of an earlier Twitter-led push to try to exert influence over fast-forming European digital regulations, the social media firm has used its Twitter Spaces platform to host the official kick-off of a policy advocacy lobby group that’s being branded the Open Internet Alliance (OIA). Alongside Twitter, video streaming platform Vimeo; Automattic, the company behind WordPress.com, WooCommerce and Tumblr; the Czech and Slovak-focused search engine company, Seznam; and Jodel, a Berlin-based (profile-less) social network, are named as founding members.”
Twitter leads call for EU lawmakers to 'think beyond Big Tech'
That's it for this week. Thanks for making it to the end of another edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
More importantly, if you are a Ukrainian company with coding-related products, we can provide you with free promotion on our Support Ukraine page. Or if you know of one, get in touch.
Keep going Symfonistas!