SymfonyCon 2019 Amsterdam, Conference notes

This article is about SymfonyCon 2019 in Amsterdam. If you are interested in Symfony Conference 2020 Online, read all about it here.

SymfonyCon 2019 is organized in Amsterdam this year.

Borislav Lazendic and me are attending the conference between 19th to November 23rd of November. If you are at the conference or in #Amsterdam at that time, let us know. We can have a coffe/beer at or after the conference.

The first experience – Checkin process

Checkout process was really good. We did a registration within 15 minutes.

Very well organized, lots of people involved and very good coordinated.

SymfonyCon 2019 Venue itself

Good venue for up to 2000 people.

More then enough food, coffee (WeAreDevelopers crew I am looking at you… ;), tables to stand, jacket placeholdersz security and stuff in general…

SymfonyCon 2019, day 1

Keynote by Fabien Potencier

SymfonyCon 2019  - Fabian does live release of Symfony 5.0
Fabian does live release of Symfony 5.0

Very interesting and unusual keynote. I won’t be describing it in details, but I will give couple of teasers and headlights:

  • Fabians Talk… “50% of the coding time is Backward Compatibility work”
  • Live release of Symfony 5.0
  • Rebasing fork, automated release with script
  • Zero Fucks Given release (Mark Manson)
  • Bot that “reads a book”.. “Automate the book”
  • BDD (Book Driven Development) approach.. lol. ๐Ÿ™‚

How to contribute to Symfony by Valentin Udaltsov

Motivation for contributing to open source. Merged PR, get a part of blog post. Becoming an in-demand (git hub green graph)

SymfonyCon 2019 - Symfony contributing

glue code (dont reinvent the wheel)

Diverse community (optimistic talk and good experiences in contributing)

Valentin talked about common questions related to contributing. What am I supposed to do? What should I contribute to.

  • Firstly, you can become a “bug hunter”. But do this in a smart way. Check the documentation, google for solutions. Then ask collegues, then google it again. ๐Ÿ™‚ Furthermore, check th support in #slack. If all of these steps fail, make a reproducable example and submit a bug.
  • Secondly, involve yourself trough reading of blog and existing pull requests. This goes for every open source project I would say.
  • Furthermore, sign up for latest releases. Check new issues and PRs.
  • Afterwards, filter open issues with label #good to find a good issues. Also, doublecheck if that issue is “reserved” by someone.
  • Bonus tip: Search issues for #recent issue, which might be easier to solve.

Finally, there was a detailed explanation on how to contribute, but I won’t be writing about it. These steps are available on Symfony web site.

Semantic versioning and backward compatibility.

As a final note, always check coding standards and write unit tests for functionalities that you introduced. Then again, this should apply to any coding project we are working on.

How Doctrine caching can skyrocket your application by Jachim Coudenys

Three, two, one… Room is slowly filling in… Lecturer makes a quick tweet about current state in room… And, we are starting….

SymfonyCon 2019  - image of Jachim
Image of Jachim, taken by us
SymfonyCon 2019  - Boris and I
Image of us taken by us, because why not ๐Ÿ™‚

Doctrine definition (ORM)

Terminology , Entity and Mapping

Demo application, bug tracker, many to many relation. Bug, BugRepository, Product

SymfonyCon 2019  - - terminology, entity and mapping

unit or work and flush (persisting into database). We communicate only with Entity Manager. Unit of work uses transactional write-behind, meaning it delays execution of queries (optimized in short transaction).

Identity map ensures that eaxh object gets loaded only once. If several queries load object to memory, identitycmao ensures that there is only one object in memory at time.

Entity states (new, managed, detached, removed). These states are important because they hint entity manager on which entities should be handled.

Hidration is something like serialization, turning object to array and vice versa.

Proxy objects is used for lazy loading. An object that doesn’t contain all the data but knows where ro get it.

There was a quick notice of Read Only objects. Extra-lazy loading collections are good for counting (contains, count, etc.).

Finally, there was talk about Doctrine Caching and metadata caching (optimize parsing efforts).

Some topics to check: repository decorator, custom caching, Hidration and PHP7, second level caching, association cache, regions, modes, query cache, delete and update caching (entities that are cached will not be invalidated), hint() or evict…().

Thank you all for joining my talk (the biggest audience I’ve ever spoken to) at #SymfonyCon.

Slides are available at https://t.co/tMiG2GLExc and the code is on https://t.co/84uGFQEUjv

For more information check out Jachim Coudenys (@coudenysj): https://twitter.com/coudenysj?s=09

Crawling the web with the new Symfony components by Adiel Cristo

SymfonyCon 2019 - crawling web

This is a lecture about crawlers, spiders, bots and how to build them.

Crawler is used to get content from web (this is how Google started). Scrapers is API or tool used to get the data when we already have a content (use case for that data).

Crawler download content and scraper extracts data from downloaded content.

Php tools for making this happen are cURL, Guzzle and HttpClient.

Guzzle uses PSR-7 interfaces for requests, responses and streams.

SymfonyCon 2019 - symfony versions

This lecture had several interesting examples on how to get data from some web pages using Symfony components.

SymfonyCon 2019 - explanation of messaging concept
Explanation of messaging concept

Finally, to avoid doing overload of requests, there was the explanation of messanger (integration concept of queue and workers). Essentially this is a way to define order and speed of execution of your tasks, jobs or API calls.

PHP, Symfony and Security by Diana Ungaro Amos

SymfonyCon 2019 - dev security music and kung fu
Dev, Security, Music and Kung Fu ๐Ÿ™‚

One great lecture about PHP security and how to secure our own products better. Firstly, PHP is good language and PHP is not dying. Secondly, PHP is still very much alive and actually increasing. (WordPress, Symfony, Laravel).

SymfonyCon 2019 - php is popular but
Php is popular, but…

However, PHP is in the Top 5 of the most dreaded languages. For example, there are memes like “PHP Best practices: use something else”.

Therefore, this lecture pinpointed main reasons why this is a case, and what could be done to make this better.

Common issues with PHP versions:

  • Huge percentage of PHP 5.x sites
  • Big percentage of PHP 7.0
  • 79% of web is using PHP, but 42% is 7x.
  • While 33% of the web is running PHP 7
  • 47% of 33% is 7.0 or 7.1
  • Leaving us with only 17% of PHP Web applications are running updated and safe versions of PHP.

Several security research tips:

  • Firstly checkout CVE Details (Common Vurneravilities and Exposures).
  • Seconsly checkout exploit database, try search with PHP 7.0
  • Finally, tip: Mitre – automatic tool for exploits

At the end of the lecture there was a list of quick wins on how to improve security on some specific cases:

  • Filtered unserialize() considerations
  • Mcrypt removed from PHP core. It is not supported any more in PHP 7.2
  • Password_argon2
  • Libsodium as core extension for credentials handling
  • “MAX_DEPTH” option for unserialize() in PHP 7.4
  • Proc_open() changes in PHP 7.4

Diana, thank you for a great and valuable information and insights.

SymfonyCon 2019 - php popular thank you

Finally, one fantastic lecture and I would highly recommend to check it out if and when available online.

Configuring Symfony at SymfonyCon 2019 – from localhost to High Availability by Nicolas Grekas

This lecture at SymfonyCon 2019 gave an introduction to configuring the Symfony app, core characteristics, components, handling secrets.

The core of the Symfony application is dependency injection of already existing components.

Furthermore, what are parameters and how to use them (Facebook App Id, Google Analytics id etc.). Also, there was a notice of PHP constants for rarely changed values. Finally, usage of environment variables is explained.

There was an explanation of services.yaml configuration file. If I would try to describe this lecture in details it would lose it’s value, because of large amount of small details.

Takeaways

Having that in mind, I would advise in checking out this lecture if and when available online.

Further reading?

You want to learn programming in PHP? If you are interested in some PHP projects with complete source code check out this link.

SymfonyCon 2019 day 2

SymfonyCon 2019 day two.

We were wellcomed with a coffee, juices and hot croassans. A nice way to start this day.

I was expecting less people today, being a second day and all, at least in the morning, but the rooms are full.

Actually it makes sense, since first part of the day is filled with interesting topics.

Beginners and advanced tracks completely full

PHPUnit Best Practices – Sebastian Bergmann at SymfonyCon

Life is too short for old software ๐Ÿ™‚

One great presentation at SymfonyCon by the creator of PHPUnit himself. Twitter contact: @s_bergmann

A year from now we will have PHP 8. Once again, as other authors mentioned yesterday, using the latest supported version of PHP is a must!

Sebastian explained difference between active support (bugfixes) and security support. He pointed out that Long term support is not a solution, but an possible problem.

This actually makes sense, because it keeps you “sleepy” instead of investing time to keep up with valid PHP versions.

PHP and PHPUnit tips

Related to PHPUnit, same rule goes. Use the supported version and utilize good new features of new version. Furthermore, updating to major version can not be done without a process.

For example, ” * in composer is not a version constraint. That is somewhat of a Deathstar from StarWars for your code.

Do not install PHPUnit globally, because this is “per project” dependency and it different projects can require different versions. One size does not fit all.

Before updating to new major versions (and for minors as well), read the ChangeLog. ๐Ÿ™‚

PHP tips

Some important PHP technical hints:

  • Ensure that your PHP configuration displays errors at all. (Configuration of php.ini file, error reporting to -1)
  • log.errors_max_lenght = 0, to ensure getting full length of error message
  • show_exception_trace = 0
  • memory_limit = -1 (only in development, never in production)
PHPUnit tips at SymfonyCon 2019

PHPUnit hints:

  • Firstly, utilise phpunit.xml configuration as much as possible. Sebastian presented examples of good configuration, you can find them on his slides. I won’t be screenshoting them here.
  • Secondly, think about possibility of reordering tests. For example, if one test fails, on next execution that test will be executed first. Eesentially, there are several different ordering strategies (including random).
  • Thirdly, use strict annotations, this can be forced within configuration.
  • Furthermore, PHPUnit test has wizard to automatically create skeleton configuration, so this is a nice feature.
  • As a sidenote make meaningful test names, Love your test code. ๐Ÿ™‚
  • Finally, utilize data providers for data intensive tests. Use @covers annotation, code coverage is a great tool. Use PCOV.

Using API Platform to build ticketing system – Antonio, Peric-Mazar at SymfonyCon

Antonio is getting ready for

What is API platform?

API platform is full stack framework dedicated to API-Driven products. Antonio gave a detailed overview of this platform.

Personally, this part of presentation was too fast with lots of details and fast talk in couple minutes. It is a personal preference, but I would prefer less information but in more structured way. For technically complex topics, sometimes Less is More.

API platform tips

Tips, as provided my lecturer:

  • Firstly, use Yaml (actually, presented screenshot looked like Swagger/OpenAPI specification, which can be written in Yaml format).
  • Secondly, using JWT (Jason Web Tokens) for authentication. This was followed by explanation on how JWT works. There was a quick explanation of how token works (but without mentioning grant policies or commenting on which grant was used in presented project).
  • Thirdly, resource and operation level using voters.
  • Fourthly, tip was to use “database-less user” to get authentication speed.
  • Fiftly, automate translation process if possible
  • Finally, manipulate context, do not build separate api/admin resources.

Symfony Messanger Controller is mentioned (it is SymfonyCon after all), as other lectures did as well, with a very good note of praise.

All in all, interesting presentation, but with lots of details and screenshots of code. I guess that real value of this presentation can be utilised by slowly reading presentation and trying out one of many examples.

Integrating performance management in your development cycle by Marc Weistroff, CTO of Blackfire

“We have huge performance issues” is one of the common sentences.

Performance is how well a person or machine does a piece of work or an activity.

Representing bugs as features.

Slow performance is always a bug. Good performance is a feature.

Bar performance means bad business.

Bad performance COSTS a lot (charts drop, higher infrastructure costs). “BBC losts 10% users for each second they lost.”

“AutoAnything improved performance for 50% which resulted in 12-13% increase in revenue”.

Performance work is an investment.

Furthermore, maybe new feature is not what we need, maybe we first need better performance.

Therefore, performance tests should be part of CI (Unit tests for performance).

Better performance means less servers, less electronic waste and less CO2.

Performance work requires measurements on multiple environments.

Measure what matters:

  • request time
  • memory usage
  • number of HTTP calls
  • size of HTTP response in bytes

Perfect tool to measure performance is profiler (blackfire.io is a profiler).

Blackfire

Blackfire hooks into PHP engine by being a PHP extension. It was mentioned multiple times at SymfonyCon 2019

Furthermore, it has 400 and more built-in metrics (for WordPress for example).

Multisteps functional calls and profile at each step.

Marc made a nice presentation of use case for profiling.

Building really fast applications – Thobias Nyhalm at SymfonyCon

The last lecture for a day. Full house, people are sitting on the ground, room is full.

What is a framework?

A framework is basically a code that we are responsible of.

Three rules of performance optimization

  • Buy a better server (hardware is always cheaper than software). Previous lecturer would not agree. ๐Ÿ™‚
  • Use Varnish (handling kzilion of requests)
  • Run less code (only way to really make faster code)
Less code, more speed ๐Ÿ™‚

Defining project complexity

Whenever we start new project we need to think about complexity. Basically, what level of framework support do we need. Maybe something is an overkill for us?

Do we need ORM (i.e. Doctrine) or can simple PDO do the job?

Are we trying to cover all edge cases or should we cover only edge cases that we actually have?

Thobias presented “SuperSlim framework” strictly in educational purposes.

Some code, because why not ๐Ÿ™‚

General tips

For a complete list of tips and code examples, please find this lecture and slides if and when available.

  • Firstly, postpone work. Use async for basically anything possible.
  • Secondly, use lazy services.
  • Thirdly, use Subscriber services
  • Furthermore, proper usage of indexes (and SQL explain query for analysis)
  • Then, keep in mind that dehidration is expensive in Doctrine (keep an eye of number of created objects by ORM queries)
  • Data transfer concerns (partial objects, split entities with 1 to 1 mapping, create “simpler model”, i.e. for Doctrine it is NEW keyword)
  • Proper configuration of php.ini and caching
  • Run less code in frontend.
  • Limit cookies.
  • Only include JS scripts that are actually needed.
  • Use font swap (load first, change later)
  • Optimaze and lazy load images
  • Proper cache control and immutable keyword (indicating that resource will never change).

Bonus tip: Lie and cheat. ๐Ÿ™‚

Example: Laggy logging in PayPal with message “Logging you in safely”. It’s not a performance issue, it is a security feature.

Lets play a game, HTTP pipeline as a Restaurant.
Waitress creates chief and gives order. Lol ๐Ÿ™‚

Great and funny lecture, several very good points and ideas. In mu opinion, one of the best lectures within whole SymfonyCon.