Learn it first.

I almost exclusively use it with my own Dockerfiles, which gives me the same flexibility I would have by just using VM, with all the benefits of being containerized and reproducible. The exceptions are images of utility stuff, like databases, reverse proxy (I use caddy btw) etc.

Without docker, hosting everything was a mess. After a month I would forget about important things I did, and if I had to do that again, I would need to basically relearn what I found out then.

If you write a Dockerfile, every configuration you did is either reflected by the bash command or adding files from the project directory to the image. You can just look at the Dockerfile and see all the configurations made to base Debian image.

Additionally with docker-compose you can use multiple containers per project with proper networking and DNS resolution between containers by their service names. Quite useful if your project sets up a few different services that communicate with each other.

Thanks to that it’s trivial to host multiple projects using for example different PHP versions for each of them.

And I haven’t even mentioned yet the best thing about docker - if you’re a developer, you can be sure that the app will run exactly the same on your machine and on the server. You can have development versions of images that extend the production image by using Dockerfile stages. You can develop a dev version with full debug/tooling support and then use a clean prod image on the server.

Then again, cookie auth is vulnerable to CSRF. Pick your poison.

Although CSRF protection just adds a minor inconvenience, while there is never a guarantee your code is XSS vulnerability free.

Framework has multiple config files, allowing you to customize almost every aspect of it.

Nooo, this is too much config files, they take up too much space in my project tree.

Framework is a monolith with a single file to configure it.

Nooo, the file is unreadable and developing extensions for it is annoying.

Framework is minimal

Nooo, it doesn’t have any useful built-in features.

Framework is a complete solution without too many things to configure.

Nooo, it doesn’t allow me to do what I want.

Reminds me of that one episode on House M.D. where he performed an operation on himself in the bathroom.

The fact is there is no evidence for existance of God Flying Spaghetti Monster. But also there is no evidence that disproves the existence of God Flying Spaghetti Monster.

See how that doesn’t make sense?

Yeah I don’t get why it spits out whole types instead of only differences between them. Like “function expects non-null ‘some.param.in.object’ of type ‘string’ in argument ‘someArgument’, which is missing in passed argument”.

The language itself is not that bad. Especially the newest releases are really great, thought out DX improvements. What stinks are its legacy parts and how it needs to be run.

My biggest pain is that for it to actually behave like it should it requires some sort of an actual web server like apache or nginx.

Also, servers written in are actually request handlers - every time a request comes, the whole app is reinitialized, because it just can’t hold its state in memory. In many apps every request means reinitializing connection with database. If you want to keep some state, you have to use some caching mechanism like redis or memcached.

Also had one time when Symfony app was crashing, because someone forgot to close class braces, and everything was “working” until some part of code didn’t like it and was just dying without any error.

And one time when someone put two endlines after php closing tag at the end of the file, confusing the entire php interpreter into skipping some lines of code - also without warning, and only in specific php version.

Honestly, if you work in a shell a lot, learning vim is a great investment. You’re gonna fly through files editing them faster than with any IDE.

Co-pilot?

Is SMTP out of question?

Yup, if you have SSH service open on port 22, you’re automatically spammed by bots trying to brute force their way onto the system.

AFAIK it’s now 100, so basically unlimited for personal use.

Because terminal emulators are literally the old terminal emulators (ye oldy screens + keyboard combos that looked like a computer but were just IO) and everything modern they do is just a hack.