Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities.
This week, we continue our coverage of the war crimes going on in Ukraine and how you can help. That sparks some cybersecurity coverage as well. There was not much Symfony news so I’m adding in extra Drupal coverage that overlaps with Symfony development.
Take your time and enjoy the items most valuable for you.
Please note that links will open in a new browser window. My opinions will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> “This week, Symfony 4.4.39, 5.4.6, and 6.0.6 maintenance versions were released. In addition, the entire schedule of the SymfonyLive Paris 2022 conference was published. Finally, Symfony expressed its solidarity with Ukrainian people.”
They also remind us that “the French SymfonyLive conference organized in Paris will be soon here! Join us on April 7th and 8th for 2 days of Symfony talks. Regular pricing ends on March 14th!”
SymfonyCasts continues its exploration of EasyAdmin.
A recent Forbes article notes “over one-quarter of U.S. consumers have not taken any steps to protect their digital/online privacy - and that means it is more important than ever for organizations to ensure their software and applications are as bulletproof as possible against bad actors. However, the rapid shift to digital and the fast-paced nature of business in today’s post-pandemic world, coupled with the growing and sophisticated threat landscape, continues to challenge even the most advanced security teams.
Something needs to change, and one company is arguing that the industry requires a new approach to security centered on developers. After all, developers have become the lifeblood of an organization's digital transformation journey - but the faster developers move to bring new applications to market, the greater the chances for flaws or security issues within their code.”
I wholeheartedly agree with this.
Alexandre DuBois asks "is Symfony using some sort of magic to validate inputs?"
Dans français Guillaume Ponty explores 3rd-party authentication with Symfony.
Heddi Nabbisen has this interesting tutorial for us:
Andy Blum writes “Following Drupal 8’s ambitious overhaul to “get off the island,” the recommended way to create a new Drupal site is to use composer to manage all PHP dependencies. By now, most Drupal developers will have had a chance to install a new module or update existing modules using composer’s
update commands, but did you know that you can also use composer to run scripts to interact with your code?”
Griffin Polonus writes “PHP 8 includes improvements that show a clear desire to modernize, as well as capabilities of other popular languages that developers will appreciate. Thanks to PHP 8, Drupal 10 can now use tools that will enable continued growth and enhanced performance. Upgrading to PHP 8 will be beneficial to any site running on PHP–however, as a Drupal developer, I’m particularly excited about how this will impact Drupal 10. I’ll highlight some of the benefits that apply to many sites, but especially how it may apply to Drupal.
Golems states, “Drush (the Drupal Shell) is one of the most convenient and functional assistants for all Drupal developers. Read on if you're interested in learning how Drupal 9 and Drush work together, what benefits it has, and how easy it is to sanitize data with Drush.”
Manish Saharan says, “In this article, we’re going to discuss two such Drupal 8/9 utility tools that have massively simplified and improved the way you work with Drupal code, modules, and installations - Drupal Console (leveraging Symfony Console) and Drush.”
As we noted in How Symfony Station was built: an adventurous exploration of layout solutions, the default Drupal admin theme is an eye-destroying abomination. We wrote “Gin is beautiful in comparison. It's clean, cool, and collected with some customization options.” It was built on the foundation of Claro from one of the lead designers of the Claro & Drupal Design System.
Clayton Dewey expounds upon this with, “I’ve seen, time and again, the difference a clean and modern website editing interface can have on both the quantity and quality of site content. When a website’s back-end is frustrating and unappealing to work with, it dissuades the author from posting.” In a multi-post series, he explores the wonders of Gin.
There are a lot of design lessons to pick up in the series. And if you’re a new Drupal user, lessons on how to use it. It’s perfect for larger publishers.
Note: Drupal is addressing their usability problem with a version of Claro that will be non-experimental for core in v. 10.
We published our third sponsored article on Symfony Station exploring how to Implement Code Execution Monitoring for your Symfony apps via Inspector. Like all our articles it is now available via audio.
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they were applicable to the Symfony Station site.
Rafael Bernard Araujo explores Domain-Driven Design in and value object:
Tomasz Dobrowolski covers dependency injection and writes, “while it sounds complex, it’s not as scary as it sounds on the surface. And if used correctly, it can transform your code to be cleaner and easier to work with.”
Marco Aurélio Deleu says, “I have been working on a new Runtime for Bref for a while now and it has been my biggest open source journey so far. It has been incredibly challenging and a great learning experience. In this post, I want to run through some key aspects that I faced while working on this.”
Frank de Jonge shows us how to:
Andreas Heigl takes a look at PHP attributes.
Harpreet Kaur notes “Memcache is object storing mechanism which is used to store the results of database queries helping websites to serve pages faster. Memcaching process stores data as key-value pairs in memory so that it can be accessed later. It will be useful in those applications which rely heavily on database queries. Memcaching is going to improve the performance of the application significantly.”
Ten7 looks at Memcache in Drupal.
Gene Wilburn needed to build a lightweight search functionality. He writes “As I thought about a solution for this small site, I thought of grep, the open-source search utility with a long Unix heritage that can rip through text files to search for words or phrases and show them in context.”
Jakub Misek says, “Have you heard about the Visual Studio Code for the Web? It's the code editor running in your browser, allowing you to work with your local files, files on your GitHub repositories, or files on Azure. Anywhere.
In the case of the PHP language, it is only suitable for quick edits on small projects, due to its limitations. However, PHP Tools for Visual Studio Code is newly available for VS Code for the Web. All the editor features can now be used in this browser-based development environment.”
Alessandro Castellano has a new tutorial and says, “you are going to see how class constructors work in PHP, what happens with class inheritance, and a new PHP 8 feature called “argument promotion”.”
WPGraphQL notes “Setting up End to End tests for WordPress plugins can be done in several ways (Codeception, Cypress, Ghost Inspector, etc), but lately, the easiest way I’ve found to do this is to use the @wordpress/env and @wordpress/scripts packages, distributed by the team working on the WordPress Block Editor (a.k.a. Gutenberg), along with GitHub Actions.”
Frank Pins explores Gitlab pipelines in a series of articles.
Please visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine (eventually).
I think we should all stop doing business with Russian companies. However, many think internet access is an exception. At this point, I am not sure. But Cloudflare is.
It seems that Twitter itself agrees as it has created an onion site for Tor browsers.
And Lumen does not.
Venture Beat has a report on the Ukrainian IT Army’s offensive.
Anonymous continues its assault on Putin’s minions and lackeys.
Cyber Scoop reports “NATO nations voted unanimously last Friday to admit Ukraine to their Cooperative Cyber Defence Centre of Excellence (CCDCOE), a development which experts said will help Ukraine fight off mounting cyber threats from Russia.”
The free world also needs to kick up its defensive game. Three companies are aiding the effort.
What won’t work is the Ostrich approach.
One way to defend your site is to block access to it by country. If you don’t have an audience in Russia, you should do so. We do so we aren’t.
Tawhid has this security advice for us:
As an example of an attack, Nevulo explains XSS. “Cross-site scripting is an attack performed on websites, where an attacker can inject some malicious code or scripts that get executed to modify the behavior of that website.”
Harvard Business Review’s Stuart Madnick takes a peek at where this might all lead.
Via Fast Company “MacPaw’s Julia Petryk talks about sheltering in an underground parking garage, enduring Russian propaganda, and confronting the emotional toll of the war.” MacPaw is a Ukrainian company we urge you to support.
Speaking of tech companies:
Here are a few articles examining why Putin’s war of terror is not going so well (aside from the fact that most thugs are corrupt, dumb, and incompetent).
And now in more encouraging news, here’s a look at the impressive things coming to CSS. Michelle Barker writes “It’s fair to say that we’re in a booming era for CSS right now. As I write this, I notice that many of these new features have some things in common. Yes, they often help us write better, cleaner, and more efficient code.”
Icons are always useful for UI, UX, and web design. Here’s how to use Font Awesome no matter your dev/design stack.
Writing for Forbes, Amir Husain says:
That's it for this week. Thanks for making it to the end of another extended edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
More importantly, if you are a Ukrainian company with coding-related products, we can provide you with free promotion on our Support Ukraine page. Or if you know of one, get in touch.
Keep going Symfonistas!