Paul M. Jones

Don't listen to the crowd, they say "jump."

Aura: More Decoupled Than Symfony 2 and Zend Framework 2

The guys at PHPMagazin have posted a followup question about the Aura Project for PHP. Here is our original English conversation.


I'd like to follow up on the last point where we talked about other frameworks. I think that the second generations of symfony and Zend Framework have gone through a huge decoupling process. This becomes evident when you look at symfony2 components being used in Drupal 8 or web tutorials which show you mixed use of zend- and symfony components.

So I think we could elaborate further on that last bullet point we discussed. Does the above change your angle in this regard?

Not in this case. Being able to use Symfony2 components or ZF2 modules is not quite the distinction I am making. The distinction is that all Aura packages (with the exception of the Framework package) are completely independent, and have no cross-package dependencies, whereas at least some of the components from Symfony2 and ZF2 have dependency requirements.

By way of comparison, let's examine something that ought to be relatively straightforward: input validation and filtering. We'll start with ZF2, then move on to Symfony2, and end with Aura. In each case, we will try to download the package and run its tests; this should be a good indicator of whether or not the package can be used independently. We will discover that you can't do it at all with ZF2, you can kind of do it with Symfony2, and that it's trivially easy with Aura.

Zend Framework 2

Let's start by downloading the ZF2 InputFilter package. It doesn't appear to be available for download by itself -- there is the main ZF2 repository at Github https://github.com/zendframework/zf2 but that's the whole framework, not just the InputFilter.

OK then, we can at least use Composer to incorporate the InputFilter into a project. We will set up a Composer file per the ZF2 instructions and install the InputFilter package. Our composer.json file looks like this:

{
    "repositories": [
        {
            "type": "composer",
            "url": "https://packages.zendframework.com/"
        }
    ],
    "require" : {
        "zendframework/zend-inputfilter" : "2.0.*"
    }
}

After downloading Composer into the same directory, we run the installer, and this is what we see:

$ ./composer.phar install
Loading composer repositories with package information
Installing dependencies
  - Installing zendframework/zend-stdlib (2.0.5)
    Downloading: 100%

  - Installing zendframework/zend-servicemanager (2.0.5)
    Downloading: 100%

  - Installing zendframework/zend-filter (2.0.5)
    Downloading: 100%

  - Installing zendframework/zend-i18n (2.0.5)
    Downloading: 100%

  - Installing zendframework/zend-validator (2.0.5)
    Downloading: 100%

  - Installing zendframework/zend-inputfilter (2.0.5)
    Downloading: 100%

zendframework/zend-stdlib suggests installing pecl-weakref (Implementation of weak references for StdlibCallbackHandler)
zendframework/zend-servicemanager suggests installing zendframework/zend-di (ZendDi component)
zendframework/zend-filter suggests installing zendframework/zend-crypt (ZendCrypt component)
zendframework/zend-validator suggests installing zendframework/zend-db (ZendDb component)
zendframework/zend-validator suggests installing zendframework/zend-math (ZendMath component)
Writing lock file
Generating autoload files
$

In order to use input filtering from ZF2, six other packages are required, and a few others are suggested.

Now that we've installed it, where are the tests? They're not provided with the Composer package, although I suppose they are available with the framework as a whole. It appears the Zend offering is not entirely self-contained.

(If we look closely, we see that InputFilter is composed of at least two other packages that might suit our needs, zend-filter and zend-validator. However, when you examine them, they're not comparable to Aura.Filter and Symfony2 Validator.)

Symfony 2

Let's do the same thing with Symfony. This time it is downloadable through Github: https://github.com/symfony/Validator

Let's clone the package and run the tests.

$ git clone https://github.com/symfony/Validator.git
Cloning into Validator...
remote: Counting objects: 3459, done.
remote: Compressing objects: 100% (672/672), done.
remote: Total 3459 (delta 2708), reused 3451 (delta 2700)
Receiving objects: 100% (3459/3459), 621.73 KiB | 730 KiB/s, done.
Resolving deltas: 100% (2708/2708), done.
$ cd Validator/Tests/
$ phpunit
[phpunit fails]

It appears we can't just download the package and run the tests. The README states we need to use Composer and install all the --dev dependencies, so we'll do that. First we download Composer into the cloned repo, then:

$ ./composer.phar install --dev
Loading composer repositories with package information
Installing dependencies
Nothing to install or update
Loading composer repositories with package information
Installing dev dependencies
  - Installing symfony/yaml (dev-master bed4fdd)
    Cloning bed4fddc24392513e01b32a78d600b1272ed9a6c

  - Installing symfony/locale (dev-master 2dceded)
    Cloning 2dcededb060dfb6289ad8bb3f2a7a4e00929c4dc

  - Installing symfony/http-foundation (dev-master 067c310)
    Cloning 067c310fe4d0691a24adc97f39500233a58e42cb

Writing lock file
Generating autoload files

Interesting: in order for the tests to run we need three other packages. It looks to me like there are cross-package dependencies. Examining the codebase reveals this to be true:

  • If you want to use the YAML loader included with the Validator, you need that YAML package after all.

  • If you want to validate against anything related to locales or languages, you need the Locale package. For example, the LangaugeValidator.php file makes a static call to SymfonyComponentLocaleLocale::getLanguages().

  • If you want to use Annotations with the Validator, it looks like you need Doctrine, which isn't a part of the Symfony vendor hierarchy at all. Goodness knows what that will require.

Anyway, now we can run the tests; I have omitted the test progress output.

$ phpunit
PHPUnit 3.7.9 by Sebastian Bergmann.
...
Time: 8 seconds, Memory: 17.75Mb

OK, but incomplete or skipped tests!
Tests: 987, Assertions: 1091, Skipped: 12.
$

12 tests have to be skipped because of missing dependencies. When we run phpunit --verbose we discover that:

  • 3 tests are skipped are because APC is not loaded for the command line, which is not such a big deal;

  • 6 are skipped because "The Doctrine Common library is not available";

  • 3 are skipped because "Annotations is required for this test".

As with the ZF2 InputFilter component, it looks like the Symfony2 Validator component is not entirely self-contained. It has external dependencies that must be fulfilled in order for it to be fully useful.

Aura.Filter

Finally, we have the Aura.Filter package. It is downloadable through Github at https://github.com/auraphp/Aura.Filter. Let's try to clone it and run the tests; I have again omitted the test progress output.

$ git clone git@github.com:auraphp/Aura.Filter.git
Cloning into Aura.Filter...
remote: Counting objects: 1105, done.
remote: Compressing objects: 100% (373/373), done.
remote: Total 1105 (delta 631), reused 1076 (delta 602)
Receiving objects: 100% (1105/1105), 725.94 KiB | 606 KiB/s, done.
Resolving deltas: 100% (631/631), done.
$ cd Aura.Filter/tests/
$ phpunit
PHPUnit 3.7.9 by Sebastian Bergmann.

Configuration read from /Users/pmjones/Aura.Filter/tests/phpunit.xml
...
Time: 4 seconds, Memory: 9.75Mb

OK (1009 tests, 1443 assertions)
$

No external dependencies, and nothing extra is needed for the tests to run. The package is completely self-contained, independent, and decoupled. Now compare the memory use and time taken to that of Symfony2: about half the memory used, and about half the time taken, to complete about 30% more assertions in the tests. (Incidentally, we have 100% test coverage of the source classes, but I don't know how that compares to Symfony and Zend.)

Conclusion

None of the above is to meant to say that Zend Framework or Symfony2 are poorly architected, not useful, or any other negative thing. They are good projects, and the components appear to be good too.

The only thing I am saying is that their offerings of separate components are not always very well decoupled. This is because they started with a framework and tried to extract pieces from it. (To be fair, some components from both of those projects really are dependency-free, but not all of them.)

But in Aura, with its "libraries first" approach, every package is truly decoupled, independent, and self-contained, with zero cross-package dependencies. That is the major difference I want to emphasize.


How To Behave At A Funeral

I understand funerals can be awkward for those not directly grieving, but over-exaggerating your pretend sadness is of no benefit to anyone, it merely obligates the survivors to manage your fake concern.  If you feel compelled to speak in all caps or explain how terrible this all is to a person who knows first hand and way better than you how terrible it all is, don't.  Stay home.  When you find yourself in the presence of mourning, simply say,  "I'm sorry for your loss.  If there's anything I can do for you, please let me know," and if he happened also to have been a great man you can add, "he was a great man," then bow your head and fade to back.   That's all that's necessary.  The system will take care of the rest.

via The Last Psychiatrist: Funeral.


Government-Caused Inequality

Something else is odd about the sociology of the anti-inequality crowd. They seem to be unfazed by inequality created by government.

Take the recent Powerball outcome. At $588 million, it was the largest lottery prize in history ? to be shared by two ticketholders. In essence, hundreds of millions of dollars are being transferred from mostly low-income families in order to create a few super rich individuals.

via The Anti-Capitalist Mentality | John Goodman's Health Policy Blog | NCPA.org.


I Am The Eye In The Sky, Looking At You

Today EFF posted several thousand pages of new drone license records and a new map that tracks the location of drone flights across the United States.  These records, received as a result of EFF’s Freedom of Information Act (FOIA) lawsuit against the Federal Aviation Administration (FAA), come from state and local law enforcement agencies, universities and--for the first time--three branches of the U.S. military: the Air Force, Marine Corps, and DARPA (Defense Advanced Research Projects Agency).

Perhaps the scariest is the technology carried by a Reaper drone the Air Force is flying near Lincoln, Nevada and in areas of California and Utah. This drone uses "Gorgon Stare" technology, which Wikipedia defines as “a spherical array of nine cameras attached to an aerial drone . . . capable of capturing motion imagery of an entire city.” This imagery “can then be analyzed by humans or an artificial intelligence, such as the Mind's Eye project” being developed by DARPA.

via Vox Popoli: Federal spies in the sky.


Blaming the Person Offering you the Best Deal

I saw a woman on Stossel tonight who works for McDonald's. She said she was paid $8 an hour, but felt she deserved $15. I thought: Wait a minute, McDonald's isn't the only company not paying you $15 an hour: neither you nor I are aware of anyone willing to pay you that much. So why is your problem with McDonald's?

via Blaming the Person Offering you the Best Deal, David Henderson | EconLog | Library of Economics and Liberty.


Tennessee will not set up Obamacare exchange

Gov. Bill Haslam announced Monday that Tennessee will not set up its own health insurance exchange under the Affordable Care Act.

Haslam said in a speech to Nashville’s Downtown Rotary Club that he’s decided not to set up an exchange because he’s received insufficient information about how it would operate from the federal government. In just the last month, officials in Washington have released more than 800 pages worth of draft regulations, Haslam said, leaving him unclear whether Tennessee would be better off operating its own exchange or leaving the task to the federal government.

“I'm more and more convinced that they are making this up as they go,” Haslam said. “We weren’t told enough to be able to run this on our own.”

The decision comes days after tea party groups rallied near the state Capitol to oppose a health insurance exchange. Speakers, including a few Republican lawmakers, said Tennessee should block the exchange to send a message that the state continues to oppose the Affordable Care Act.

Right on. Via Haslam says Tennessee will not set up health care exchange | The Tennessean | tennessean.com.


Three Differences Between Fox News and NPR

1) Fox News loves a good on-air rumble. NPR is Lawrence Welk for baby-boomers.

2) Fox News thinks that in the US, lefties, while few in number, punch far above their weight culturally. Lefties agree.

3) Fox News think that the Democratic Party's form of an expanded social services net & interference in the corporate world is but a prelude to socialism. Lefties hope that's the case.

NPR, on the other hand, is basically the urban white wing of the Democratic Party in front of a microphone. It really doesn't want to give Lefties a platform to ask liberals embarrassing questions (like, "Gosh, just how long does it take to close Gitmo?") or to spout off with some Lefty hate-speech (e.g. New Black Panther Party), which might remind NPR listeners that their side is no where near as rational & nice as they think they are.

via Althouse: "Five Bloggers I’d Like To See On FOX News.".


Obama White House: Unhappy With Pot Legalization

Senior White House and Justice Department officials are considering plans for legal action against Colorado and Washington that could undermine voter-approved initiatives to legalize the recreational use of marijuana in those states, according to several people familiar with the deliberations.

Even as marijuana legalization supporters are celebrating their victories in the two states, the Obama administration has been holding high-level meetings since the election to debate the response of federal law enforcement agencies to the decriminalization efforts.

Marijuana use in both states continues to be illegal under the federal Controlled Substances Act. One option is to sue the states on the grounds that any effort to regulate marijuana is pre-empted by federal law. Should the Justice Department prevail, it would raise the possibility of striking down the entire initiatives on the theory that voters would not have approved legalizing the drug without tight regulations and licensing similar to controls on hard alcohol.

Hey, Mr Obama? In those states, more people voted for pot than for you. Via Radley Balko: In Which Harold & Kumar Go Into Hiding.


How Is Aura Better Than (er, Different From ;-) Than Symfony and Zend?

I did an email interview with the folks at PHP Magazin; their German version is here. What follows is our original email exchange in English.

First of all, congratulations for releasing Aura 1.0!

Thanks! Most of the packages are at 1.0, but there are still three that are in beta; I expect them to go "stable" soon as well.

Why did you do it?

Aura is essentially a second major version of the Solar Framework. (Solar was the first E_STRICT framework for PHP 5; its development pre-dates that of the Zend Framework.) One of the repeated questions we got regarding Solar went like this: "I want to use just one part of Solar; can I do that without having to download and configure the whole framework?" Of course the answer to that was "not really." It was a monolithic framework, where all the pieces were designed to work with each other in a relatively dependent fashion.

So with Aura, we started out from the other direction. We wanted the pieces to be usable on their own, without any other dependencies. Only after that would we build a framework out of the pieces. We called this our "libraries first, framework second" principle. This means you can use just one Aura package if you want, and you won't get a lot of of other packages as dependencies; each one is completely self contained, including its tests. Each one uses separated interfaces and data transfer objects as necessary to move information across package boundaries.

In addition to that, we wanted to take all the lessons we learned from Solar and break backwards compatibility to start over again. The single biggest BC break has been moving away from a Service Locator implementation and the universal constructor, toward a more formal Dependency Injection oriented system. That one change has made for gigantic improvements in decoupling, testability, and package independence. (I have to thank Jeff Moore here for being patient with me and slowly getting me on the dependency injection track.) We don't even use superglobals within the packages; everything from the environment has to be copied into the objects, which makes things really easy to test.

Why did you decide it has to be PHP 5.4? What's the advantage?

When we started the Aura project in 2010, we targeted PHP 5.3, since it was the most recent PHP version at the time. Closures and traits especially have a lot of powerful uses if you approach them wisely. Then PHP 5.4 came out in January 2012. Almost all of the Aura packages were still in development at the time, so we figured we might as well target PHP 5.4, with its short-array [] syntax and "callable" type hint. Those things seem small, but once you start using them, they are *so* convenient (and frankly they make the code look prettier :-).

You seem to love small packages. What do you think of the microframework approach Ed Finkler published in the beginning of the year?

I think Ed has a strong point, although to be clear I don't think he's so much about "microframework" as he is about "micro-PHP" in general.

It used to be, back in the PHP 3, 4, and early 5.x days, that the word "framework" was a dirty word in PHP land. (The word "CMS" was OK though.) Then, right after Ruby on Rails came out, suddenly a "framework" was a good thing. Lots of developers got on board with that, and we did the same with Solar.

So in a way, I think moving back to a library-oriented approach is a natural tendency for the PHP world. Frameworks still have value, especially for early-to-mid-career developers, or for teams where you need a standardized development process but don't have a strong senior-level architect on staff. But a lot of senior developers want to be able to pick and choose between libraries, and they want to be sure they understand what the library is doing (and why, and how). And they want to be able to replace the pieces they end up not liking. That's a lot easier when you have independent libraries than when you have a monolithic framework.

What can one do better with Aura than they can with Zend or Symfony?

A lot of PHP developers are stuck with codebases they didn't build themselves, or that they need to improve carefully over a long period of time because the business is dependent on it for revenue. For those PHP developers, switching the project to a framework isn't an option. The Aura project, being composed of independent packages, lets these developers use just the individual independent parts they need for their existing projects, and slowly improve the quality of their codebase. It's easier to refactor your project one part at a time using Aura than it is to start all over again with a monolithic framework.

If you're lucky enough to be able to start a brand-new project, Aura also provides a framework system that glues all the other packages into a cohesive whole. If you're the kind of developer who wants to use a full-stack framework, but you also want to be able to pull out parts of the framework and replace them with your own implementations, Aura (because it was built with a "libraries first" approach) makes that a lot easier for you than Zend or Symfony does. There are no cross-package dependencies like there are with Zend and Symfony, and we use separated interfaces for things that should have replaceable implementations. (The framework package is still beta, but it appears to be working just fine.)

Thank you very much and keep up the good work!

Thank you for your interest and attention!


Study Finds Misconduct Widespread in Retracted Scientific Papers

Last year the journal Nature reported an alarming increase in the number of retractions of scientific papers -- a tenfold rise in the previous decade, to more than 300 a year across the scientific literature.

Other studies have suggested that most of these retractions resulted from honest errors. But a deeper analysis of retractions, being published this week, challenges that comforting assumption.

In the new study, published in the Proceedings of the National Academy of Sciences, two scientists and a medical communications consultant analyzed 2,047 retracted papers in the biomedical and life sciences. They found that misconduct was the reason for three-quarters of the retractions for which they could determine the cause.

via Study Finds Misconduct Widespread in Retracted Scientific Papers - NYTimes.com.