On the Symfony blog they've posted an update about recent advancements in their diversity initiative. They share a few different updates, resources and changes that have been made to help improve the overall diversity of the community around this popular framework.

Updates included in the post cover:

• Respectful Review Comments (a guide on writing them)
• Mentorship program
• Code of conduct and enforcement process
• Context and Slack discussions
• New slack channels

The post ends with a few "final words" from Lukas Kahwe Smith about another initiative that's been started to help improve the representation from specific groups in the Symfony community and ecosystem.

On the Symfony blog the project has posted an announcement about a new effort to help make the Symfony community even better - the Diversity Initiative.

I like to say that docs are more important than code in a tech project. Docs are a challenge for any project as developers like to write code, not docs. But the real success of a project is best measured by its community: the people working on/with the project. Without people, code is nothing.

[...] What's the biggest challenge for Symfony as a community? Diversity. Through the years, we've made some baby steps. [...] But we can do better. Much better. That's not enough.

The post talks about some of the efforts that have been made so far to help increase the diversity of the members of the Symfony community and ensure everyone has a voice. In an effort to help drive a larger adoption of the ideals and processes around the effort, they've named Lukas Kahwe Smith as a community leader for the diversity initiative and a mention of some of the work he's already doing to improve things.

The Paragon Initiative blog has posted a gentle introduction to application security for those new to some of the ideas of secure code and wanting to learn more.

If you are a web developer (or are thinking about teaching yourself web programming), you probably don't think of yourself as a security engineer, or a white-hat/blue-team member of an information security assurance team. You might have considered security threats in the context of quality assurance before (e.g. validating input), but perhaps you're no expert on the subject. But the second your code is deployed in production, your code is the front line of defense for that entire system and quite possibly the entire network. Logically, that means the software you produce must be made reasonably secure.

[...] This might seem like a lot of pressure. [...] I'm not going to say you need to become an application security expert. That very notion betrays the (largely untapped) potential for rich diversity in the technology communities. But I will say this: Application Security is Every Developer's Responsibility

They remind developers that there's a lot more than just 10 types of vulnerabilities (or even 25) and proposes a new model for thinking of security weaknesses in your applications. He outlines five points for assessing the security of your apps, not just common vulnerabilities to fix:

• Failure to Separate Data from Instructions
• Unsound Application Logic
• Your Application's Operating Environment
• Cryptographic Weaknesses

The fifth is a catch-all "miscellaneous" category that would contain things that are either crossing the boundaries of the other categories or are just each in their own category. He suggests we move on to a "more secure tomorrow", evaluate our applications along these criteria.

There's a movement stirring in a part of the PHP community (the PHP-FIG group) that wants to bring back the idea behind the "GoPHP5" movement years back. This time, though, their focus is a bit different - it's not switching to PHP5 they want, it's pushing towards PHP 5.5.

We all know that PHP 5.3 is about to lose even security support in the first half of next year. PHP 5.3 is still the most widely used PHP version, with the completely unsupported 5.2 a strong second [and] 5.4 hasn't even reached 10% yet, and 5.5, which is current stable, barely registers. [...] The last time this big of a chicken-and-egg issue existed was around moving to PHP 5.x at all, which took *for frickin' ever* to supplant PHP 4. [...] I believe it is time to discuss round 2 of that effort. I also believe that it would be good for FIG to play a leading role in such an effort if possible.

There's been some varied feedback on the thread both for and against. Overall, there's a lot of support for the idea, but there are a few "hitches" in the plans - mainly the lack of support from the linux OS vendors to bump up their versions. The projects themselves are receptive, many noting that they've been planning the first steps to this already - a move to PHP 5.4 only.

Fabien Potencier (of the Symfony framework) has a new post to his site talking about a philosophy that the Symfony framework community should work towards, providing stability over features.

Long story short: in the coming months, the Symfony core contributors should focus their efforts toward stabilizing the existing features instead of working on new ones. At this point, backward compatibility and stability are more important than everything else.

He highlights some of the points that come along with this effort including less refactoring for the sake of refactoring, fixing more bugs/edge cases and writing more tests/documentation. He gets into some of the specifics of this kind of thinking and points out the things that can and can't be changed during this time. He talks more about stability and suggests that not only can it help enhance performance but it could also help motivate more projects/corporate users to start using the framework.

On the php|architect website today, Elizabeth Naramore mentions a move that NuShphere, creators of the PhpEd IDE for PHP, have teamed up with the Parallels Group in their "Partner Program's ISV initiative".

Via the ISV Initiative, NuSphere will make its flagship product, PhpED, which is an award-winning PHP Integrated Development Environment (PHP IDE) favored for its power, speed, ease of use, exceptional PHP debugging capabilities, and fully configurable user interface, available to the Mac and Linux communities through use of Parallels desktop virtualization products, which include Parallels Desktop 3.0 for Mac and Parallels Workstation 2.2 for Windows and Linux.

The collaboration between the two is bringing one of the more popular PHP IDEs over to the Mac world in one of the first steps the Paralleles Group has made to bridge the gap between Windows and OS X.

Check out some of Joseph Crawford's thoughts on the collaboration too.

On the php|architect website today, Elizabeth Naramore mentions a move that NuShphere, creators of the PhpEd IDE for PHP, have teamed up with the Parallels Group in their "Partner Program's ISV initiative".

Via the ISV Initiative, NuSphere will make its flagship product, PhpED, which is an award-winning PHP Integrated Development Environment (PHP IDE) favored for its power, speed, ease of use, exceptional PHP debugging capabilities, and fully configurable user interface, available to the Mac and Linux communities through use of Parallels desktop virtualization products, which include Parallels Desktop 3.0 for Mac and Parallels Workstation 2.2 for Windows and Linux.

The collaboration between the two is bringing one of the more popular PHP IDEs over to the Mac world in one of the first steps the Paralleles Group has made to bridge the gap between Windows and OS X.

Check out some of Joseph Crawford's thoughts on the collaboration too.