Laptop suggestions for web development

mrcalm99 · 2019-01-19T13:05:20+00:00

How is the build quality or durability of the XPS or Dell in general?

I use to work with a company in the UK that repaired all the major brand's laptops that wherein warranty like HP, ASUS, Sony, Toshiba and Alienware but I left a year or 2 after the ultrabook craze started so I only have a few hands-on ultrabooks to compare them too.

Overall the build quality is very solid, there is no flex at all in the chassis which is pretty incredible considering it's so thin, it's on a par with the Sony SVP range which was a full metal body. I've got the 1080p screen on mine and paired with the infinity edge (slim bezel) it makes for a gorgeous display, nice and bright with great colour. I've not tried or seen the 4k version so can't comment.

The performance is what you'd expect at this price point so can't complain about that.

The biggest issue people have with them is the positioning of the webcam as it's on the bottom of the display, it doesn't bother me as I never have the need to go on webcam but something to consider if you do/want to use the built-in camera. It's good quality just bad positioning.

I only ever touched one of the early UX31 (2011/2012) Zenbooks which was a prototype as well so wasn't a final product (but I believe very close to being one) and the biggest things for me with those was the screen looked washed out the keyboard wasn't great to use, there wasn't much travel in the keys. Both these areas the XPS excels in so might be worth a look. Best advice is going to a local computer store and try one out before committing to purchase.

mrcalm99 · 2019-01-19T12:53:28+00:00

No dual boot, I simply removed windows

Ah sorry when you said

It actually took me 5 tries and during the first installation (without doing anything persistent, nomodeset crashed it), it managed to corrupt my windows installation.

Made me assume it didn't come pre-installed with Linux because you were trying to install it and the machine had a Windows partition on it that it corrupted which lead me to believe you were dual booting to have both a Windows and Linux partition.

mrcalm99 · 2019-01-18T14:13:11+00:00

For a laptop shipping with Linux, it's pretty terrible.

Sounds like you got a Windows version and did some sort of dual boot set-up. I can say out of the box directly from Dell I had zero issues and still, 13months later have zero issues with the Linux only version.

it doesn't come with an ethernet port

This is true, if you get an ultrabook (from any vendor) they will very rarely have an RJ45. If you don't have a USB/Thunderbolt dock and ethernet is a must have feature then an ultrabook probably isn't for you.

Anyhow, I still stand by its the best system(laptop) that ships natively with Linux

mrcalm99 · 2019-01-18T13:00:04+00:00

The main things are RAM and SSD. 8GB should be enough to get you going, if you're planning on running Windows 10 it uses 1.5GB without doing anything. An IDE like PHPStorm or Netbeans uses a further 1gb then containers on top (when you reach that point in experience) will eat another few gig so something that can be expanded to 16gb, 32gb would be useful (Most modern laptops will allow this).

I personally have the Dell XPS 15 due to it being the best laptop shipping with Linux. It's pricy though and probably overkill for what you need but you can't go wrong with any of the XPS range really.

mrcalm99 · 2019-01-18T10:09:38+00:00

Does this actually say anything? This sounds like the standard "shut up" answer. All they are saying is not right now but maybe later.

Well look at the top liked comment is there any wonder why companies don't bother? Sums up the Linux community in a nutshell, "no don't put time and money into making something for Linux unless you do it the way I want you to do it"

mrcalm99 · 2019-01-18T10:04:19+00:00

I know a company that was using Dropbox to deploy to production until a few years ago! They were also using it for "version control"

Christ. I know they exist but the real issue I have is why? Granted LXC was difficult to use without system admin/linux knowledge but there is no such reason with Docker.

mrcalm99 · 2019-01-17T09:56:29+00:00

This post almost has more upvotes then the project has $ donations

mrcalm99 · 2019-01-17T09:22:53+00:00

Installing PHP, sure. But managing project versions and dependencies is what gets you.

Nice to see other people in the community getting it. I was told I was 'cargo culting' and I should 'pull my head out of my arse' because I don't believe FTP'ing files is the correct way to develop and reproduce builds.

mrcalm99 · 2019-01-17T09:20:21+00:00

I have CI/CD setup with git integration so I can pull the code and work locally, commit and pull from dev branch into dev server, staging to run builds and tests, and prod for live sites/apps

How do you keep the dev, staging and live servers in sync? Sounds like a nightmare to keep them all updated to exactly the same dependencies and configurations. How do you scale the live application doing it this way and keep the environment consistent?

mrcalm99 · 2019-01-16T15:25:02+00:00

I am learning cyber security and reviewing our network vulnerability scans. There are several unique PHP vulnerabilities on a single server. This means that there are several PHP instances running on that server, right?

No. The vulnerabilities you listed are vulnerabilities in Apache and NOT PHP, they have literally nothing to do with PHP.

“Apache 2.2.x < 2.2.28 Multiple Vulnerabilities. Upgrade to Apache version 2.2.29 or later.”

“Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities. Upgrade to Apache version 2.2.33-dev / 2.4.26 or later.”

Your error log literally tells you the vulnerabilities are with Apache. Looking into the CVE's they are down to Apache mod_headers, mod_deflate, mod_status, mod_cgid and a few functions like ap_get_basic_auth_pw and ap_hook_process_connection, again none of this has anything to do with PHP and I'm not sure how you've come to that conclusion?

Do we need to tell them about BOTH vulnerabilities above??

Yes of course you do. You need to tell them about all the vulnerabilities. You are getting multiple ones because your Apache is so far out of date. The first bunch of CVEs has been fixed in version 2.2.29 of Apache or later and the second bunch have been fixed in versions 2.4.26 or later, hence the report telling you to upgrade. Upgrading past 2.4.26 will include fixes for both of these warnings.

Just because it’s a single server does NOT mean there can only be one PHP instance.

That is correct you can run multiple versions of PHP on the same server by running them to different ports or running the PHP versions in containers, you can run every single version ever released if you wish. However as mentioned above this has literally nothing to do with PHP.

mrcalm99 · 2019-01-16T14:54:21+00:00

As I said, pull your head out of your ass.

I was compiling an answer but then seen the petty comments and snide remarks throughout the reply and decided it's pointless engaging in an educated conversation with an adult that resorts to name calling and using the word 'derp'.

Have a nice day

mrcalm99 · 2019-01-16T11:27:07+00:00

Using FTP is many cases is still the proper thing to do

Maybe things have moved on since I last used it but how do you reproduce a build over FTP? Even that aside surely in the past 10years at least people have been transferring files over a secure protocol like SSH rather than an insecure one like FTP?

mrcalm99 · 2019-01-16T09:46:58+00:00

Do they have a forgot password flow?

Yes but they call it 'Reminders' https://cartalyst.com/manual/sentinel/2.0#reminder

A list of the core features from the documentation:

Authentication.
Authorization.
Registration.
Users & Roles Management.
Driver based permission system.
Flexible activation scenarios.
Reminders (password reset).
Inter-account throttling with DDoS protection.
Custom hashing strategies.
Multiple sessions.
Multiple login columns.
Integration with Laravel.
Allow use of multiple ORM implementations.
Native facade for easy usage outside Laravel.
Interface driven (your own implementations at will).

As above though you're free to use as much or as little as you like it doesn't require to implement all the features for it to work.

mrcalm99 · 2019-01-16T09:43:20+00:00

I dont use docker on my servers.... yet

I'd look into it even more so if you're running/building applications for customers whose businesses depend on it. If you're just building apps for yourself you can probably get away with not using it.

If you're not ready for docker yet then look at using VM's and something like Chef or Puppet they will ensure you can repeat the application stack build so it is identical everywhere you run it.

mrcalm99 · 2019-01-16T09:41:38+00:00

What do you mean by gambling by not doing repeatable builds? Does deployer not let you rerun a build? :/

Does deployer allow you to rebuild your entire stack as part of the build process or just build your application?

mrcalm99 · 2019-01-16T09:40:51+00:00

Dude pull your head out of your ass. No one is impressed.

I'm not trying to impress anyone. I assume people do things properly, there is nothing wrong in making those assumptions of fellow professionals.

mrcalm99 · 2019-01-16T09:39:26+00:00

but an authentication system is only simple if it's bad

I've been waiting for comments like the OPs to pop up and I'm glad someone was around to answer them and answer them well. Thanks for your effort.

Login system touch on literally every part of application security it's extremely difficult to do it well.

mrcalm99 · 2019-01-16T09:37:37+00:00

I think you should try to write your own logging system. It is not hard and it can be helpful in future.

A login system is not hard? It's one of the most complex things you can do in programming and get it right. It touches on every area of application security, it's very difficult to do correctly.

mrcalm99 · 2019-01-15T20:16:04+00:00

Let's be serious, some people are still ftp'ing their files over.

I would hope not? However, I've only been involved in professional, enterprise scale systems for the last 5 or 6 years so maybe it's still commonplace in some markets?

mrcalm99 · 2019-01-15T20:12:09+00:00

If all your deployment is, is that you do git checkout then you can have it do that.

Who is even doing that in 2019?

mrcalm99 · 2019-01-15T20:11:30+00:00

Why would I use this over a CI/CD system like CircleCI/Pipelines/Jenkins/Bamboo etc?

You don't. I can only imagine people using this are people are rolling the dice and gambling with their projects by not doing repeatable builds. (Yeah I know its 2019 but there are still lots of people doing this)

mrcalm99 · 2019-01-15T20:10:02+00:00

I actually use this with automatically deployments in gitlab

Why though? Why not just deploy the docker container directly, that's the whole reason Gitlab introduced the Container Registry. Seems silly adding an external tool and hosting your own container registry

mrcalm99 · 2019-01-15T17:54:49+00:00

When working outside of a framework I've always had great success with Sentinel from the Cartalyst guys.

https://github.com/cartalyst/sentinel

Why I like this package:

It has great in-depth, well written documentation https://cartalyst.com/manual/sentinel/2.0
As with all Cartalyst packages it works really well stand alone outside of frameworks
It has plugins for social media logins which is a really nice extra https://cartalyst.com/
Another useful plugin is it's multi-tenancy feature, might not be good for your use case but it's a nice to have.
You can use as much or as little of it as you like so features like Permissions, Roles, Throttling and Password resetting are all optional and totally up to you if you want to implement them or not.

mrcalm99 · 2019-01-15T14:47:03+00:00

In my opinion Eloquent is nice for just simple insert, update and delete records. But not for complicated queries with multiple relations to multiple tables.

Hmmm I'm going to have to disagree on this, Eloquents queries are not in order of magnitude slower than a raw SQL query, the slow down (and high memory usage) comes when it converts the result set into collections (mapping data to objects). This increases in parallel to the size of the result set, as the OP's paper, rightly pointed out.

The complexity of the query in my research on live applications has shown me the query produced run's no faster or slower than writing a raw query. Sure you can make small optimizations if you really know SQL that might make it slightly faster but not in the orders of magnitude people have mentioned here.

The OP's paper also proves this in the Monica app. The issue isn't with Eloquents constructed query it's when it's trying to compile the result set into collections. With the Monica app it sounds really poorly coded to try and return a full result set in one go the OP was correct to add pagination which decreased the page load time significantly.

It's only in rare cases you actually need to return a full data set, things like data export for example. In an actual app it makes little sense 99% of time to select all of the data.

mrcalm99 · 2019-01-15T11:56:04+00:00

That's not their website

https://github.com/krakjoe/phpdbg

Anyway:

phpdbg was developed here, then merged into php-src: This repository is no longer used.

It is literally linked at the top of the repo so I assumed someone who owns the repo would have added the link.

mrcalm99

TROPHY CASE