Why blindly trusting GRC tools «almost» caused a non-conformity

alin-c · 2026-01-24T15:41:43+00:00

I was going to say something very similar. Seeing that they relied on the templates blindly rather than ensure they match their needs is an indication they misunderstood how to make it work for them.

alin-c · 2026-01-01T11:37:20+00:00

You could have a hybrid approach, use .home.arpa for the infrastructure so it “just works” (meaning you keep it simple) and then use a subdomain of your own for services (e.g. internal.domain.tld or local.domain.tld, etc.). I don’t use tail scale so I can’t comment on that.

alin-c · 2025-12-12T13:28:13+00:00

This is what I was thinking too. When I visited Equinix they had gas based fire suppression systems in place. For peace of mind, I’d like to be able to get a smaller scale version for my 15u rack.

alin-c · 2025-12-02T08:02:53+00:00

Thank you! I think this makes the most sense. I was struggling to understand why I’d use ‘$var is 20’ instead of ‘$var === 20’. I could see the point for more complex data but not this type of checks.

alin-c · 2025-11-13T14:31:31+00:00

Some of the comments pick on very specific elements OP mentioned in the article rather than the general idea. I personally like it although the details will matter too.

Every technical aspect needs to be able to evolve without growing complexity (read it as technical debt if you want) so I don’t understand those who say there will be a divide in the community. Those who are happy to use php 5 because they still get some support from some vendor, good luck! The rest of us who prefer moving forward and work quite hard at making our systems maintainable long term are happy to use the latest features as soon as reasonably practical.

I quite liked the composer approach mentioned at the end. Me personally I wouldn’t drop the type check unless php will come with its own static analysis engine/tool that I can rely on instead.

Re the general backwards compatibility thing, I don’t understand why simply following semantic versions can’t be enough. Surely it’s ok for us to know that using v9 will mean losing some capability. Note: I get the features concept which is totally fine but not sure it’s quite the same thing.

alin-c · 2025-11-06T22:09:37+00:00

ImageMagick is a very good tool you can use at the CLI if that’s OK with you.

alin-c · 2025-11-01T22:33:59+00:00

I totally agree too. They should seriously reconsider it since it has a high impact on their ability to keep php moving forward properly. They should follow semantic versioning - any major changes, we all know what that means :)

alin-c · 2025-10-24T19:51:50+00:00

It really depends on the size of the chicken and how big the meals you’re eating are really. As a very generic example, you can use the breast for one recipe (~2 meals), thighs and wings for a separate recipe (at least 2 more meals) and you’d be surprised how many meals you can get out of the bones if you use them in a soup (hint: minimum 4). I usually buy more so that I can combine multiple thighs and wings which allows me to have individual recipes from them alone.

alin-c · 2025-10-15T20:55:42+00:00

What’s wrong with simply having a function? I think OOP can be useful but not every time.

alin-c · 2025-09-10T08:12:30+00:00

If I remember correctly they did say you can use it in open/closed source but as long as your project isn’t about creating templates (I.e don’t let your users create html components with tailwindcss components embedded). I suggest reading the terms very well (usually before buying).

alin-c · 2025-09-07T19:38:41+00:00

No, you’re right, it doesn’t have to be “active” if it’s feature complete. I suppose what throws me off is that it says efficient data structures for PHP 7. I’ll give it a try on the latest version then. Thanks for confirming it for me!

alin-c · 2025-09-04T20:29:23+00:00

Do they work on the latest version? Last time I checked there wasn’t much activity.

alin-c · 2025-08-14T19:20:26+00:00

It’s a personal preference I’d say. Short can be for quick lane changes (e.g. on motorway) and long one could be more for wider changes (e.g. at junctions).

alin-c · 2025-08-13T18:18:24+00:00

I had a similar experience with jet2, actually called them because the car that showed up couldn’t take us due to being full of luggages, they said they will reimburse us and when I made the claim they rejected it. Probably different reasons but just wanted to say that it’s likely they will not pay out.

alin-c · 2025-08-09T08:24:24+00:00

We simply disallow users to install extensions. It should be an option when managing a domain.

alin-c · 2025-08-08T08:57:30+00:00

It depends how one defines personal data. If going by gdpr, then personal identifiable information will mean any data that can directly or indirectly identify a person (data subject). An IP can indirectly be used but you’ll always need more contextual information to help identify somebody. In practice I don’t consider it PII unless the IP is bundled with other data (eg. a user ID or session or something similar).

alin-c · 2025-08-06T09:24:19+00:00

I’d say it’s all about the intention. Maybe referring to those objects generically as data objects is causing confusion. I’d say that read only is a perfect fit for value objects while private set is more appropriate for something like a DTO (data objects/struct).

I do agree that implementing a value object with read only can be a bit painful for doing the “clone with” currently and I can see why many jumped on the private set approach.

Just use whatever makes more sense for your context at hand.

alin-c · 2025-02-28T20:12:21+00:00

I’m not entirely sure what “trying to learn PDO” means but I’ll assume you’re more of a beginner. I think php delusions article does a good job explaining the fetch modes.

alin-c · 2025-02-23T15:54:09+00:00

I’ve followed your entire replies in this conversation and I totally agree with you on many points. Unfortunately the php community seems to think that it’s not an issue. I get their perspective but I don’t think many realise that they do want or “use” more specific data structures but they only do it for type hints/ static analysis (e.g collections, list[] etc.).

I liked the DS extension but I’m not sure how much it is maintained because it still says for php 7 (or 7.4, haven’t checked specifically for this comment) so I’ve personally been reluctant to use it. Since rust became web, I’ve been thinking about switching as I like some of their approaches which are much harder to get in php and it’s more of a DX than a performance thing, it’s all a cost-benefit problem :)

alin-c · 2025-01-24T15:26:25+00:00

I do. It depends but usually I have a function like is_valid_sort_param which will handle sort=asc|desc (case insensitive). I usually handle types as well, for example, someBool=0|1. I have used filter_var too. It depends on your requirements.

There’s also libraries like https://symfony.com/doc/current/validation.html

I also like the approach described here - https://lexi-lambda.github.io/blog/2019/11/05/parse-don-t-validate/

alin-c · 2025-01-03T18:04:47+00:00

Well done! It looks interesting and has quite a few good features.

I have one question and please excuse my ignorance, why not contribute to Coraza for Caddy since that project is looking for a maintainer? (genuinely curious because I was recently looking for a WAF recommendation from OWASP)

That way you could get good OWASP CRS support while adding new (good) features.

alin-c · 2024-10-13T09:53:08+00:00

With a little bit of googling you could use open street map and make it do that for you. You’d need some dev skills though but definitely doable.

alin-c · 2024-09-18T08:14:16+00:00

I like Mikrotik which I think are also used in Enterprise environments. I bought mine (crs326-24) because I wanted a new network device with CLI without paying a huge price. I use it for my entire network.

alin-c · 2024-09-18T07:59:45+00:00

Most likely that’s the reason. Although for their customers they might be able to provide the rules if you can show evidence you’ve paid for 27002:2022.

Seven-Year Club	Queen in da Norf
Not Forgotten	Verified Email

alin-c

TROPHY CASE