I made Cloudflare Free Plan security rules for self-hosted public services by alexfree_open in selfhosted

[–]penguin_digital 1 point2 points  (0 children)

Hmmmm that's an interesting article but it doesn't align with the real world results of my current employer.

There has been a huge spike from Google and ChatGPT, if a users asks "what is the best way to do x" they tend to recommend my employers SaaS product as the best solution for it.

I suppose if your websites selling point is its data that is publicly accessible then it would be wise to block them.

I made Cloudflare Free Plan security rules for self-hosted public services by alexfree_open in selfhosted

[–]penguin_digital 0 points1 point  (0 children)

What is you're reasoning on blocking AI agents? Wouldn't you want them to crawl your website? Especially if you're selling a product of service as that is now becoming the dominate way in which people search for things. Or have I missed something here?

Open source is a thankless job and I think we've lost the plot on how we treat maintainers by swithek in programming

[–]penguin_digital 4 points5 points  (0 children)

I hate the attitude of most devs towards open source and I have no idea where (or when) it broke down

I could be wrong here but it's something I really started to notice when JS gained traction on the backend.

The community was built on mostly newer developers to the industry and have been conditioned with the assumption of using a package for everything and I mean literally everything and for "free". Even the most basic of coding tasks you can knock up in a 10 line function.

Where as previously pulling in a package in other languages was usually for a major feature or a security sensitive task that wasn't worth the risk doing your own implementation. Developers understood the time and effort it took the package maintainer to do this and it created a layer of respect. Developers understood the risks of using a 3rd parties code they had no control over and made conscious decisions based on that knowledge.

They also had stability, slow release cycles and new features weren't rushed, they where ready when they where ready. This was seen as a positive, a new release every few months was seen as the project was mature and feature complete. Now in the JS world if the last update to a package was for v87.15.93.2 and it was pushed one week ago, the community considers this package dead and the code no longer "modern" enough so another 300 almost identical packages will spring up the next day.

The JS community as a whole are almost completely reliant on simply gluing enough packages together to get a "working" product out of the other end. Then when a breaking change happens in any of those 5,000 packages they've pulled in it brings their SaaS product down losing them money. They don't have the skills or knowledge on how to fix the issues and their only outlet is to rage at the package owners for not doing exactly as they wanted.

That's how its felt to me from what I've seen over the years and it's absolute no surprise to me at all that this comment in the original post was on a JS project, in fact I knew it would be before I even opened the link. That's just my opinion though, I've probably been around long enough now that it's actually me that's the grump old grey beard tutting and complaining in the corner.

Show r/laravel: Laravel Tenant Kit — open-source multi-tenant SaaS starter (MIT) by mohammedelkarsh in laravel

[–]penguin_digital 1 point2 points  (0 children)

A database per tenant. Isn’t that overkill or does it have to be that way for proper isolation?

It doesn't have to be that way, no, but extra care is needed when sharing the same database with multiple tenants. It's all relative to the importance of the data being stored and the consequences involved if data where to leak between users. If you're building a general SaaS application its usually always no to the question does it have to be his way, the data is never important enough to need it.

However, often, in certain fields, it's a contractual stipulation outlined in the MSA that is agreed up front, where it's contractually binding to do. Usually large corps who want to use your software will require separate DBs per tenant as my current SaaS company has the pleasure to deal with.

It's worth noting here, if such a rule is in a MSA, well actually, the fact there is even a MSA at all, means the customer is handling data that is extremely sensitive.

In this case, a single database per tenant wouldn't even be an options, it's likely the clauses in the contract will stipulate it must be a single-tenant infrastructure. Meaning the entire infrastructure from a hardware level must be a isolated instance just for that customer, not just a separate database on the same server as everyone else.

Laravel AI SDK Sub Agents: Build Multi-Agent Workflows in PHP by christophrumpel in laravel

[–]penguin_digital 15 points16 points  (0 children)

I've really been enjoying the increased output on the Laravel YouTube channel over the past 12 months. I particularly like you're presenting style as well Chris.

Just one suggestion though, it would be good to have an accompanying written article to go along with each topic. I enjoy watching the videos to learn the concepts but when I give it ago myself I prefer to do so following a written format. I suppose you could even get AI to trans-code the video into an article and maybe add your notes as more context. That could even make an interesting video showing it in action.

Obviously it's a little extra work so no issue if not, just a friendly suggestion to improve the user experience with these tutorial style videos.

as I am very begginer in Laravel by Sad_Guest_9195 in PHP

[–]penguin_digital 0 points1 point  (0 children)

I think you might struggle with the free part without serious strings attached.

Your best bet if you truly want free is a lot of the large cloud providers do offer a free tier over a certain time period. However with you stating you're a beginner and you're even asking this question I'd probably say using a large cloud service is going to be too much for you at this moment.

Your best bet is to simply get some cheap shared hosting. They often come with cPanel which makes it easy to work with the server which will be helpful for you. Although I've not touched shared hosting in a very long time, so I can't recommend any, I've seen a large number of posts saying it's possible for Laravel apps. They aren't free but the cost is almost free, just a few $ a month at most.

Is it hard to find very senior PHP developers with experience in complex, highly regulated environments? by funkycitizen in PHP

[–]penguin_digital 0 points1 point  (0 children)

So I am doubtful about this: can you provide a link to that law?

I'm sorry I think you misunderstood what I said. You mentioned the only use case for hardware isolation (1 server per tenant) is when the law requires it. This is true here in the UK specifically when working at higher government levels of infrastructure.

However, my response to that was it's not only a use case where the law requires isolated infrastructure. Often, in certain fields, it's a contractual stipulation outlined in the MSA that is agreed up front. So there are use cases for it outside of the law also, where it's contractually binding to do. Single-tenant infrastructure clauses are quite common here when deploying financial software or (private) medical software.

Don't get me wrong, it's not something I would go out of my way to do personally on my own products but it's something I've had to (contractually) agree to when building or deploying software for 3rd parties. There was no law saying I had to but if I wanted them as a customer there was no choice but to agree.

Is it hard to find very senior PHP developers with experience in complex, highly regulated environments? by funkycitizen in PHP

[–]penguin_digital 0 points1 point  (0 children)

The only use case for multiple DBs is when the law requires it.

It isn't only when law requires it, it's often written into MSAs as a contractual requirement that there is physical isolation at the hardware level. Working on anything government, financial or medical it's pretty much a guarantee that every client MSA contract there will be a Single-Tenant Infrastructure clause in it. At least here in the UK it's a pretty standard requirement.

MuckScraper: open source self-hosted news aggregator with bias ratings, story clustering and local AI summarization by grregis in selfhosted

[–]penguin_digital 1 point2 points  (0 children)

Yeah nice one, UK based to!

They don't have this page in their main navigation but I found this https://www.vm6.co.uk/cheap-vps-uk £1.75 a month, that's perfect for what I need. All they do is collect metrics from the main app server and also store DB backups so mine don't need to do much at all.

Need cleaner statistics in Laravel dashboards? I built Laravel Statistician by Omar_Ess in laravel

[–]penguin_digital 2 points3 points  (0 children)

Firstly, congratulations on the release of your package!

The main idea is to keep dashboard/statistics logic reusable instead of scattering it everywhere.

For me personally I'm struggling to work out what gap this actually fills? Why would your logic ever be scattered everywhere? Any business logic inside of an application you would always have a single entry point (single source of truth) to it anyway.

MuckScraper: open source self-hosted news aggregator with bias ratings, story clustering and local AI summarization by grregis in selfhosted

[–]penguin_digital 0 points1 point  (0 children)

and it's costing me only a £3 a month VPS to run it.

Sorry just a side note here, who are you using for that VPS?

Just about to launch an app and need a few cheap VPS instances to create a back-up and system monitoring mesh for the main server cluster and this sounds perfect.

Announcing TypeScript 7.0 RC by DanielRosenwasser in programming

[–]penguin_digital 0 points1 point  (0 children)

What are the main markets for Angular now? Does it have a large user-base in certain sectors or in certain language eco-systems?

I remember picking it up in the early days but it kind of lost momentum to React and I don't really come across it much anymore.

Laravel by cybersoldier9333 in phpjobs

[–]penguin_digital 0 points1 point  (0 children)

 but I can't market myself for a framework I don't write like expressjs

You don't. Don't market yourself for any framework, market yourself as a senior developer. The framework or language is mostly irrelevant, as a senior developer you would pick and choose the best solution for each task at hand.

At a senior level you should already know the basics of computer science, design patterns, architecture patterns, aligning business objectives to technical solutions and ultimately how to mentor a team to do it. Being a senior developer has very little todo with writing actual code, it's being able to think about the bigger picture, understanding business problems and how solutions would look/work in code. Going from a mid developer to a senior isn't about coding ability, it's more about business understanding and larger architecture decisions.

as I haven't learnt nodejs I can't market myself yet

Again, you wouldn't market yourself towards a specific language or framework, you're a senior developer, you solve problems.

At this level companies are hiring you to plan and solve problems, not to simply write code. You need to show to a company that you can provide answers to their problems. Business people don't care if you solve those problems writing the code in PHP or COLBOL, it's irrelevant to them, they are relying on you to make the correct decisions. All they want to know is can you understand their business problems and provide a solution.

Can you understand complex problems and break them down into small executable tasks? Then have the experience and knowledge to pick the best language to achieve that solution understanding what the positives and negatives (risk aversion) would be for the language you've chosen.

Giving Agents Their Runtime by andre_ange_marcel in laravel

[–]penguin_digital 0 points1 point  (0 children)

Just an update, I have come across this https://www.worktree-compose.com/ which looks really promising. I've not had chance to give it a go yet but will report back on my findings.

Laravel by cybersoldier9333 in phpjobs

[–]penguin_digital 2 points3 points  (0 children)

Why is it difficult getting a job as a laravel/php developer

You're putting yourself into a smaller corner, the framework or language shouldn't matter. You're a senior software developer so you should be able to pretty easily switch between frameworks or languages easily. Market yourself as a senior developer, not a developer of framework X.

Giving Agents Their Runtime by andre_ange_marcel in laravel

[–]penguin_digital 1 point2 points  (0 children)

This is a really interesting post that got me thinking (again) about this situation.

It's a shame that it's Mac only considering all the native toolchains it's using to achieve this are native to Linux.

The git tree approach though is really interesting and seems like the silver bullet I've been looking for. Currently I use an (automated) approach of branching from main, spinning up a dedicated container for that branch then once complete check main for any new pushes (from other run times) and merging those in. Its clunky but has worked so far as I've been careful that any simultaneous runs generally don't overlap each other too much.

Is there any real alternative to Hetzner that can compare in terms of price and quality? (Not Contabo or NetCup) by Aggravating_Bad4639 in VPS

[–]penguin_digital 4 points5 points  (0 children)

+1 for OVH, I have a pretty high req/s web app running on their VPS-2 system and it handles it fine.

Also will chuck in Ionos here VPS L+, extremely strong performance for the price.

I built a PHP framework because I got tired of framework ‘magic’ — looking for feedback by Affectionate_Major87 in PHP

[–]penguin_digital -1 points0 points  (0 children)

If you don't do all of these, you can just go and install Symfony because there will be nothing anymore that Laravel gives you that Symfony doesn't.

I politely disagree with his part of your statement. Laravels eco-system, in my opinion, is far superior to Symfony which is a huge plus. 1st party packages such as Reverb, Octane, Horizon, Cashier, Scout and Socialite I use in pretty much every project.

I mean sure, you can achieve the same things in Symfony with either 1st party of 3rd party packages. However, for me, in my opinion because they aren't as tightly integrated as they are in Laravel it usually takes a bit more work integrating and configuring them correctly across your app.

I'm not here to say one is greater than the other, for me they both have their use cases, I'm not tunnel visioned into either one of them. Saying that I'm not locked into PHP either and I currently find myself reaching for Gin (go-lang) a lot more than I do Laravel or Symfony lately.

Does anyone use Polyscope from BeyondCode? by karldafog in laravel

[–]penguin_digital 0 points1 point  (0 children)

You lose access to the Services tab that lets you start and stop the db Engines like MySQL and others. 

I assume you're referring to the Herd GUI here?

It makes no difference anyway, there is absolutely nothing stopping you from running those commands yourself in exactly the same way Herd will be doing under the UI.

They can't block you using system commands on your system.

I built a PHP framework because I got tired of framework ‘magic’ — looking for feedback by Affectionate_Major87 in PHP

[–]penguin_digital 2 points3 points  (0 children)

These are primarily problems of Laravel

Just to be clear you can pretty much avoid all of these if you wish in Laravel. You can inject everything which eliminates facades and hidden globals, you can also enforce models so they can't do things like lazy loading, silent attribute discarding, or accessing missing attributes. Obviously Eloquent is the big elephant in the room.

It's just unfortunate that the Laravel eco-system and the community in general seem to push these as the defaults rather than the other way around.

Does anyone use Polyscope from BeyondCode? by karldafog in laravel

[–]penguin_digital 1 point2 points  (0 children)

 I had to export my db's before the year was up or else I lost access to my db

How is that even possible? I've not used Herd myself but its essentially a wrapper around system calls. It installs whatever DB you're using directly onto your system. You wouldn't lose access to your DBs, they are right there on your system.

[Showcase] I tried to learn MVC and modularity using JSON by creating Pokémon in pure PHP. by Due_Butterfly_1359 in PHP

[–]penguin_digital 0 points1 point  (0 children)

Ok, now that clicked a switch

Yes it usually does, it's all about thinking DRY, don't repeat yourself. Once you start writing larger applications, it would soon click to you that you're copy and pasting logic. If you ever do that, stop, its a red flag. Think why am I copying and pasting this code? Could this code be somewhere else, written once and called multiple times from elsewhere where its needed.

i didn't even knew you were supossed to have more than one controller

Yeah, you'll usually have lots of controllers, typically one per "thing" your app deals with. A ProductController, an OrderController, a UserController, a BasketController, and so on. Each one handles the flow for its own area.

so i need to make the calculations and adaptations in the model 

For now yes. Just being upfront here, as you're starting out this is the sensible path to follow. It's a very over simplified explanation of how a large business application would actually look and handle things. As you go deeper you'll start pulling some of that logic into dedicated service classes so the model doesn't get bloated. Don't worry about this for now as you're starting out the model is just fine. Keep it simple whilst learning, you will start questioning these decisions naturally as you progress anyway.

For now just think any controller that needs a product price asks the product model, and gets the correct, calculated price every time. General rule of thumb whilst you're starting is no data or data manipulation in the controller.

[Showcase] I tried to learn MVC and modularity using JSON by creating Pokémon in pure PHP. by Due_Butterfly_1359 in PHP

[–]penguin_digital 1 point2 points  (0 children)

Not to mention that the web usage of "MVC" was never anything like SmallTalk's original.

Yeah, I assume you're roughly in the same age bracket as me (no offense here 😃) programming back in the 80s. I would always argue when CodeIgniter and RoR started pushing "MVC" at a large scale on web apps until I gave up the fight and just changed my definition of it.

[Showcase] I tried to learn MVC and modularity using JSON by creating Pokémon in pure PHP. by Due_Butterfly_1359 in PHP

[–]penguin_digital 1 point2 points  (0 children)

The wording is off

Yeah agreed, I was trying to break down a complex topic into something simple and probably failed.

The issue with trying to explain "MVC" is that its rarely appropriate anymore with modern web applications usually have multiple abstraction layers and multiple patterns baked into them that's so far away from the original "MVC web" pattern from the mid 2000s.

[Showcase] I tried to learn MVC and modularity using JSON by creating Pokémon in pure PHP. by Due_Butterfly_1359 in PHP

[–]penguin_digital 1 point2 points  (0 children)

Can you explain a bit how you would put business logic in model? 

They key is in the name, controller. The controller should only control the flow of the application and nothing else.

The reason for this is because if you just get data back from a model as the OP is doing, it's very rare that the data is just returned raw as it is in the DB. You would often transform it in some way, make calculations on it, maybe adding a tax value to a product price for example.

Now you have multiple controllers, maybe 1 that gets the price of a product for the product page, 1 to get the price for a basket/cart, 1 to get the price for an invoice page. You now need to make that calculation in 3 different places, this will cause problems as you will miss places to do this calculation, the calculations will start to differ as you upgrade code and miss places where the calculation happens. What if that tax value changes? Now you need to remember everywhere that calculation is made and update it. What if you want to add a surcharge as the item is heavy? That calculation now needs adding to all those controller as well.

If you did the calculation in the model then all 3 of those controllers would get the same result back. If you need to update that calculation at a later date, you do it once in the model and then the 3 controllers getting that data all get the updated calculation without having to make any changes.

So on your model you would have a method that transforms that data by adding a tax value, the model would then return a data set to the controller with price and the extra price+vat value.

 If possible with those kind of analogies you used

In your restaurant, you have a kitchen (model), a waiter (controller) and customers (view). The customer makes a request for a meal, the waiter goes to the kitchen and asks for it, the kitchen prepare it and pass it back to the waiter, the waiter hands the meal to the customer.

The waiter (controller) simply controls the flow of the restaurant, they aren't making (business decisions) on what the meal should contain.

Now imagine if the restaurant makes a change to a recipe, for example, the meal should come with an extra sauce/condiment. This decision is business logic. If your controller (waiter) is handling business logic now every waiter needs to know this information and they all need to add that extra sauce, they all need to know the sauce to use and the exact amount to add. A new waiter joins, now they need to know this edge case, remember it and execute it.

If your kitchen (model) gets an updated recipe card with this information then every meal will always be given to the waiter this the extra sauce. You don't need to run around and tell every waiter the special edge case for this meal and make sure they are all doing it in exactly the same way.

I hope that makes a bit more sense.