SymfonyOnline June 2024 is just around the corner and will start on: June 4-5: Workshop days. It is possible to attend 1 two-day training or 2 one-day trainings! June 6-7: Online conference days in English. All talks will be available for replay…
SymfonyLive Berlin 2024 is just around the corner and will start on June 20-21. Get ready for the impressive lineup of speakers and topics. Visit here to more details and don't miss out on this exciting opportunity! We're excited to reveal the next…
Symfony 7.0.7 has just been released. Here is the list of the most important changes since 7.0.6: bug #54699 [DoctrineBridge] Update AbstractSchemaListener to adjust more database params (@ywisax) bug #54691 [Finder] Also consider .git inside the basedir…
Symfony 6.4.7 has just been released. Here is the list of the most important changes since 6.4.6: bug #54699 [DoctrineBridge] Update AbstractSchemaListener to adjust more database params (@ywisax) bug #54691 [Finder] Also consider .git inside the basedir…
SymfonyLive Berlin 2024 is just around the corner and will start on June 20-21. Get ready for the impressive lineup of speakers and topics. Visit here to more details and don't miss out on this exciting opportunity! We're excited to reveal the next…
Symfony 5.4.39 has just been released. Here is the list of the most important changes since 5.4.38: bug #54751 [Validator] detect wrong e-mail validation modes (@xabbuh) bug #54723 [Form] read form values using the chain data accessor (@xabbuh) bug…
This week, Symfony continued tweaking and polishing the new features of the upcoming Symfony 7.1 version. Meanwhile, Symfony UX 2.17 version was published, with the first stable release of Symfony UX Icons. Lastly, we published more information about some…
SymfonyOnline June 2024 is in less than 2 months: on June 6-7, get ready for the impressive lineup of speakers and topics. Visit here to learn more and don't miss out on this exciting opportunity! We're excited to reveal the next speaker, and it's…
SymfonyOnline June 2024 is in less than 2 months: on June 6-7, get ready for the impressive lineup of speakers and topics. Visit here to learn more and don't miss out on this exciting opportunity! We're excited to reveal the next speaker, and it's…
EDIT 2024-04-25: Clarified when a PHP application is vulnerable to this bug.Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set can result in remote code execution. This specific buffer overflow in glibc is exploitable through PHP, which exposes the iconv functionality of glibc to do character set conversions via the iconv extension. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely. The bug is exploitable, if and only if, the PHP application calls iconv functions or filters with user-supplied character sets. Applications are not vulnerable if: Glibc security updates from the distribution have been installedOr the iconv extension is not loadedOr the vulnerable character set has been removed from gconv-modules-extra.confOr the application passes only specifically allowed character sets to iconv. Moreover, when using a user-supplied character set, it is good practice for applications to accept only specific charsets that have been explicitly allowed by the application. One example of how this can be done is by using an allow-list and the array_search() function to check the encoding before passing it to iconv. For example: array_search($charset, $allowed_list, true) There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself. If your PHP application is vulnerable, we first recommend to check if your Linux distribution has already published patched variants of glibc. Debian, CentOS, and others, have already done so, and please upgrade as soon as possible. Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library. If your Linux distribution has not published a patched version of glibc, there is no fix for this issue. However, there exists a workaround described in GLIBC Vulnerability on Servers Serving PHP which explains a way on how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library.PHP users on Windows are not affected.There will therefore also not be a new version of PHP for this vulnerability.
SymfonyLive Berlin 2024 start in 2 months: on June 20-21, get ready for the impressive lineup of speakers and topics. Visit here to learn more and don't miss out on this exciting opportunity! We're excited to reveal the next speaker, and it's none…
I'm a maintainer of several small open-source libraries. It's a fun activity. If the scope of the library is small enough, the maintenance burden is typically fairly low. They're usually mostly 'done', and I occasionally just need to answer a few questions per year, and do the occasional release to bring it back up to the current 'meta' of the ecosystem.
Also even though it's 'done', in use by a bunch of people and well tested, it's also good to do a release from time to time to not give the impression of abandonment.
This weekend I released a 2.0 version of my bigint-money library, which is a fast library for currency math.
I originally wrote this in 2018, so the big BC break was switching everything over to ESM. For a while I tried to support both CommonJS and ESM builds for my packages, but only a year after all that effort it frankly no longer feels needed. I was worried the ecosystem was going to split, but people stuck on (unsupported) versions of Node that don't support ESM aren't going to proactively keep their other dependencies updated, so CommonJS is for (and many others) in the past now. (yay!)
Probably the single best way to keep maintenance burden for packages low is to have few dependencies. Many of my packages have 0 dependencies.
Reducing devDependencies also helps. If you didn't know, node now has a built-in testrunner. I've been using Mocha + Chai for many many years. They were awesome and want to thank the maintainers, but node --test is pretty good now and has pretty output.
It also:
Is much faster (about twice as fast with Typescript and code coverage reporting, but I suspect the difference will grow with larger code bases).
Easier to configure (especially when you're also using Typescript. Just use tsx --test).
It can output test coverage with (--experimental-test-coverage).
Furthermore, while node:assert doesn't have all features of Chai, it has the important ones (deep compare) and adds better Promise support.
All in all this reduced my node_modules directory from a surprising 159M to 97M, most of which is now Typescript and ESLint, and my total dependency count from 335 to 141 (almost all of which is ESLint).
Make sure that Node's test library, coverage and assertion library is right for you. It may not have all the features you expect, but I keep my testing setup relatively simple, so the switch was easy.
Over the last few weeks I have been publishing a series of videos on writing PHP extensions.
I record these videos through OBS, and then slice and dice them with Kdenlive. This editing is necessary to make up for my mistakes, shorten the time we wait for things to compile, and to remove the noise of me hammering away on my keyboard.
Editing takes a lot of time, and I still wasn't always pleased with the result as there was still a fair amount of noise while I am talking.
For the PHP Internals News podcast, I used a set of noise cancellation filters, which worked wonders. But it turns out that Kdenlive does not come with one built in.
I had a look around on the Internet, and learned that there is a LADSPA Noise Suppressor for Voice plugin. LADSPA is an open API for audio filters and audio signal processing effects. LADSPA plugins can be used with Kdenlive.
Some Linux distributions have a package for this LADSPA Noise Suppressor for Voice, but my Debian distribution bookworm does not.
I found instructions that explain how to build the plugin from source. These instructions worked after some tweaks. I ended up creating the following script:
After running this script, and restarting Kdenlive, I found the installed plugin when I searched for it.
With the plugin loaded, I now have much clearer sound, and I also don't have to edit the sections where I am typing, as the plugin automatically handles this.
I will still have to edit out my mistakes.
I then also had a look at how it worked. It turns out that this plugin uses neural networks to cancel the noise.
In the background, it uses the RNNoise library which implements an algorithm by Jean-Marc Valin, as outlined in this paper. There is an easier to read version of how the algorithm works on his website.
The data to train the model is also freely available, and uses resources from the OpenSLR project. Noise data is also available there. From what I can tell, all this data was contributed under reasonable conditions, and not scraped from the internet without consent. That is important to me.
Hopefully, from the third video in the series, you will find the sound quality much better.
I've just released version 2.0 of Crell/Tukio! Available now from your favorite Packagist.org. Tukio is a feature-complete, easy to use, robust Event Dispatcher for PHP, following PSR-14. It began life as the PSR-14 reference implementation.
Tukio 2.0 is almost a rewrite, given the amount of cleanup that was done. But the final result is a library that is vastly more robust and vastly easier to use than version 1, while still producing near-instant listener lookups.
With some commercial projects, it can be useful to know that all your dependencies have licences that your organisation deems acceptable. I had this requirement for a few clients now and came up with this script that we ran as part of our CI which would then fail if a dependency used a license that wasn't allowed. This proved to be reasonably easy as composer licenses will provide a list of all packages with their… continue reading.
In order to verify a JWT created with an asymmetric key, the verifier needs to get the correct public key. One way to do is described in RFC7517 which describes the JSON Web Key format. Within the header of the JWT there is a kid property which is the key ID which is then used to find the correct key within a list provided at the /.well-known/jwks.json endpoint. The JWT header therefore looks something like… continue reading.
The most common use of JWTs is as an authentication token, usually within an OAuth2 workflow. Creating these tokens is part and parcel of the authentication library that you use. I recently had a requirement to use a JWT independent of authentication and these are some notes on what I learned when researching with Lcobucci\JWT. Make up of a JWT To really understand JWTs, read RFC7519. For a more readable introduction, read the one on… continue reading.
I'm still on a long sabbatical so this will be a brief post. In my absence our Oracle Database driver team has been busy and are proud to announce that python-oracledb 2.1 and node-oracledb 6.4 have been released. Also our C Oracle Database Programming Interface for Drivers and Applications ODPI-C 5.2 is available from GitHub.
Some of the great behind-the-scenes work to reduce connection establishment times for Oracle Database can now be used in the python-oracledb's default Thin mode. (Thick mode will automatically get these benefits when compatible Instant Clients or Oracle Client libraries are used). In addition to the benefits for all Oracle Database 23c users, there is a new, extra option to use "TCP fast open" support when connecting to Oracle Autonomous Database Serverless (ADB-S).
Ongoing work exposes more of Oracle Database's advanced JSON support, in particular to let you take advantage of Oracle's efficient internal storage format ("OSON") with its extended data types.
Installing or Upgrading python-oracledb
You can install or upgrade python-oracledb by running:
python -m pip install oracledb --upgrade
The pip options--proxy and --user may be useful in some environments. See python-oracledb Installation for details.
Remix Disc Golf is a brand of disc golf discs that I have only been able to find on Amazon. The seller on Amazon is named Disc Golf Goods. On its Amazon store page, they sell MVP, Axiom, Remix and other brands of disc golf equipment. The detailed seller information on Amazon says the "Business Name" is MVP Pro Shop, LLC. It is pretty common knowledge that these discs are manufacturered and sold by MVP. The speculation is that they are molds made for other companies (Mint, Thought Space Athletics, and possibly others) which they are selling under the Remix name on Amazon. Many of the reviews mention the discs have cosmetic defects or look like they have been used. That has led some to think these are factory seconds. The cool thing is, they cost less than any of the MVP brands or third party brands for which they are known to manufacturer discs. The discs sell from $9.95 to $12.95.
One thing people are always trying to figure out is what disc from another brand was renamed for a Remix disc. Well, it's not an exact science. Some of them could be rejected molds. So, while they may be very similar to another disc, it could be a mold that was meant for another disc that was not used for that disc. This is pure speculation based on talking to people in the know for almost 28 years of playing disc golf.
Now, there is a site that already has a feature that lets one search for similar discs. It is called Try Discs. Their recommendation engine seems to favor flight number similarities over measurements. And we all know that flight numbers are kind of made up. I decided to use the PDGA specs for approved discs to find the discs most similar to the Remix discs available on Amazon. I did not limit the search to brands that are known or believed to be manufactured by MVP. Perhaps you have a favorite disc from another brand that is similar to a Remix disc. There are more Remix discs approved by the PDGA than are on thist list. However, they are not for sale anywhere I can find. I am not claiming that any of the discs will fly like one another. I am solely comparing the measuerments has observed by the PDGA.
If you are interested in some reviews of Remix Discs, Pete Collins has some on his YouTube channel.
All values are centimeters except rim configuration. To determine similarity, diameter and inside rim diameter must to be +/- 0.5cm, height, rim depth, and rim thickness must be +/- 0.2cm (it was 0.1cm in an earlier version of the blog post), and rim configuration must be +/- 1.
Do you plan to go to a DGPT event this year? Are you a PDGA member? Then it could be worth it to buy the Disc Golf Network yearly plan.
Disc Golf Network (aka DGN) (the media arm of the Disc Golf Pro Tour) (aka DGPT), announced their new pricing tiers for 2024 earlier this month. It was met with some mixed reviews. Some users of the service had issues using it the first week. Most of those appear to be due to users needing to update the app on their devices or using older streaming devices that do not support the new 60fps stream. They have updated their upgrade guide. I experienced this on one of my Roku devices. I was not surprised to be honest. Many of the Roku apps we use on that device are laggy and crash from time to time. It is over 10 years old. The fact that it has kept working at all is a credit to Roku.
As for the pricing for DGN, there are three tiers: Basic, Standard, and Pro. See the link above for the differences. The pricing ranges from $5.99/mo to $19.99/mo for non-PDGA members. While PDGA members can get Basic for free, Standard for $5.99/mo, and Pro for $12.99/mo. There are also yearly options. Basic for $59.99, Standard for $129.99, and Pro for $239.99 for non-PDGA members. And for PDGA members, Standard for $69.99 and Pro for $139.99. Since Basic is free, there is no yearly option for PDGA members of course. Most people I know that want to consume live disc professional disc golf are PDGA members. While some say you have to factor in the $50 annual PDGA membership cost along with the discounted DGN price, that does not apply to me. I would be renewing my PDGA membership either way. So, I will only be speaking about how and why I chose the option I did based on the discounted PDGA pricing.
The first question I had to ask is what do I want to pay monthly or go ahead and pay for the whole year? The Standard plan annual cost only saves you $2 for the year. Not a compeling reason to do it in my opinion. The annual cost for Pro actually saves more than the cost of a month, $139.99 one time compared to $12.99/mo over 12 months totaling $155.88. There are some ways to save if you change your plan for certain months for certain events or remember to cancel after the DGPT Finale in October. But, let's be real. I won't remember to do that. Most people won't remember to do that. That is why the subscription model is so popular in the USA. That is how gyms stay in business to be honest. If you are the kind of person that likes to manage subscriptions that way, go for it. If you micro manage it completely and only pay for February through October and upgrade the months of the USDGC and European Open, you could get all of the coverage for as low as $88.89 for the year as a PDGA member. I think I did that math right. You are probably saying "Hey, your headline says you are getting it free for the whole year! What gives?" Yes, let me get to that.
Here is why I opted for the full year, Pro plan. It's $139.99 for the year. The kicker for me is that any yearly plan includes two free general adminssion (aka GA) weekend passes to a Disc Golf Pro Tour event as well as 10% off any other DGPT ticket purchases. As a family, we had already booked an AirBnB for Nashville in April to go watch the Music City Open before this announcement was made. My two sons and I are going for all three days. And two other family members will be joining us for Sunday. I had planned to get the weekend VIP pass for myself. So, altogether, our tickets to the Music City Open were going to cost around $350. However, with the yearly DGN option, I get the GA passes for free. And I get a 10% discount on the other tickets. Those ended up costing me around $210 after the discount. So, my savings on tickets (tickets I had already planned to buy before I knew there was a discount available) is around $140. That is the cost of the yearly plan. If you include all of the decimals in all of the math, I technically am spending 17 cents more on the DGN subscription than I am saving on tickets. Would that make a better headline?
Ticket
Quantity
Regular Price
DGN Discounted Price
3-Day General Admission
2
$116.88 ($58.44/ea)
FREE
Sunday General Admission
2
$71 ($35.50/ea)
Truncated by Planet PHP, read more at the original (another 2788 bytes)
