Laravel Hacker

Cyber Security Resources for Laravel PHP Programmers

No Employees
Founders Code
Solo Founder
Open Source

With more and more news stories finally illuminating all of the cyber security failings, the Laravel community needs a place to go for reference, education and help.

June 18, 2021 Working in Parallel & Intermediate Deploy

I've decided that yes - I do deserve to give myself a little credit and give myself a break. There are a lot of stories that we tell ourselves and things that happen in our brain as founders / programmers / entrepreneurs. One of those is "you're not working [hard] enough." You see all these great stories and you wonder - man - what if I just worked harder. And I've had that get to me a little bit.

But in reality, I'm working full-time, I'm working on my health and developing an exercise routine, I'm developing on Laravel Hacker, and I'm creating security programming videos for Infosec Institute. And when I was thinking about this all earlier today, that's when it hit me.

I'm actually working in parallel, too!

Infosec gives you royalties on your videos - but they also have a great partner/affiliate program. Part of the offer I want to offer my Laravel Hacker community members will be coupons for my videos - which technically are an extension (if slightly different) version of what I plan on teaching them along the way. So this works! I've actually been working harder than I thought. ;)

Anyway, today is a short day - have some vacation time this weekend and so I'm trying to close up everything. I will be focusing on swapping out to a new coming soon page in my current repo so I can learn to deploy entirely with the Cloudflare Pages. I have a mailchimp landing page up currently - and 2 people have signed up to get notified. It's not going to be such a big deal if I don't have that.

June 11, 2021 Slowing Down - but that's ok.

Last week I had quite a lot of slow progress and took a lot of time to think about my progress, life, balance, etc.

I'm slowing down on this project, but that's OK. I have a lot going on currently. And no side project or even regular project is worth destroying your mental health. I think I'm slowly getting to be ok with that. It's still a struggle not to beat down on myself, though.

I made landing page for LH home page that pitched the quiz with a link to the app skipping past its first step. That means that now if someone shares the main website, that's great - and they get pitched the quiz. If someone shares the quiz page, since its not directly coming from a special start link, it will have its own splash page.

Next steps are to write the cloud flare workers code, create a drip account, and write up the 7 or 8 emails I need in order to make use. Then I'm ready for launch. I thought I was going to be done with that by now - but now I'm going to set myself a goal to be ready to launch more around the first of July. This is "OK" - I am fine with this (he says to himself)...

June 4, 2021 What does "behind" even mean?

I've been behind on my work this week. Like way behind. Like I took a day off that I wasn't planning on, and the rest of them haven't went to plan either. And that's for my "real" work, not my Laravel Hacker work.

I feel like I'm now behind on LH work... but am I?

So, I decided on my persona last week I'm targeting, and built out my first "hook" for them. I'm focusing on the person who is pretty proficient at programming, but knows they're missing some stuff when it comes to security - or doesn't even know how to get going. The reason for using this particular persona is that I can focus in right at the content - I don't need to sell the reasoning or show how to program. If I say "do this thing" they know enough to either do it - or figure out how to do it. They need direction. They need to learn how to fish - not just have fish given to them.

So, I made a quiz. The quiz is 7 questions to tell you how secure your Laravel app is. I built out the questions, answers and scoring mechanism in a doc. I decided then that all of the answers would lead to a CTA to sign up for a crash course of 7 days expanding on each of the quiz questions. From then on, they'd be on my newsletter. Haven't planned much more beyond this yet.

I built out the quiz in a Vue app so that it could be as customized as I wanted - it didn't take a lot of time. I used Vue 3 to learn about how the composition functionality works - and made it with Bootstrap 5 - the new release - so I could get familiar with some of that. It looks really nice, is easy to use. All I need to do now is track the answers / score them. (I'm tracking the anonymous answers because I think there's something to be said about developing a white paper / research paper on where the average Laravel app is - and release that as some marketing as well).

I'm going to use cloudworkers with cloud flare and use their key value storage. I should be able to use their hosting as well - so everything will all be free and deploy in one fell swoop.

I even spent saturday working on it because I was so excited.

But, and this is sad, the design never leant itself to using my new logo! Hahah - I hope that wasn't a waste of time / money.

Today I still haven't started on the work - and I have other client work to do as well. So am I going to go behind? Or am I just going to skip it this week and start next week again?

The question really is - is Laravel Hacker something that I should consider "paying myself" - that is - do you invest in this first, before you handle all of your other obligations (like building an emergency fund). I think I have to decide that for myself before I move forward... maybe I'll make a post getting opinions from people.

May 28, 2021 Scheduling, Building in Public Qs, What's next?

Last week, I finalized my logo contest. I was able to get both versions that are very similar from one of my 99 design contestants. Overall the experience was great. I did notice that nearly all of my contestants were from the Philippines or that same geographic area. Lots of great artists there. In fact, now that I think about it, a couple years ago when I got my personal avatar on Fiverr, he was from there as well.

I also put together a "product ladder" which has different entry points and cost structures. The idea is to build authority, make small sales to people, and start to sell them larger things. I have a number of ideas along the way. It's time to start executing on some of those now.

Originally, I had planned that there was some sort of subscription SaaS at the end, and I was already planning out what it would be. I think I've pivoted a bit now. I think what I'm going to do is build out the beginning parts of the ladder and develop more relationships with people. My top rung will be customized consulting experiences for now. Through enough of those - but with a focus on security - I will then have a better idea of what product people might be willing to use/spend on. I've had plenty of consulting work so far in my career, but security has always been a thing I bring to the table, not the direct focus- and therefore the education of what people need in that realm never really bubbled to the top.

I have carved out fridays for my work on Laravel Hacker - but I just got a new contract that requires me to put in time both Tuesdays and Fridays. So, while not a set-back per se - I'm sure I can organize my time differently - it already throws my pattern off. I question whether I should have allowed that contract into my Friday spot. The alternative was working on weekends in a scheduled way - not as a way to catch up when necessary. I want to launch this, but part of my goals are not great monetary growth - but flexibility in my work/life balance.

Building in public is also falling under question for me - but I'm sure this probably happens to a lot of people who do it. I am wondering why I'm doing it. I'm seeing a lot of these type of posts on twitter and IH where they show some great hyped "this is what happened - I sold a billion widgets" - but they don't show the long trail (mainly I'm sure because it's boring) of how someone got there. Am I wasting valuable time writing here when I could be building my products?

On the flip side, having an agreement to write here every morning that I work on Laravel Hacker helps me gather my thoughts for the day. I just can't help but question if its worth it if no one reads it (and then I question - do I take time to promote my products or do I promote this posting instead? or how does that work?). I'm hoping my vulnerability in these posts at least inspire others to launch their own work, and realize that it's not all fun and amazing numbers.

Today, I'm planning on swapping out my logo into my landing page and my twitter account. Then I'm going to take some more notes building off of my user personas to build or restate my customer. Currently, my customer is "those who need a more secure laravel app" but that's not precise enough at all. I have a number of personas, and I'm going to try to write a better customer definition. I'm then going to figure out which persona and which customer definition to focus on first, and build out the landing page / hook / freebie for them. I've decided that no single landing page or freebie or hook will work for every persona - so I'm going to have to have a couple - more work, but I think it'll be more success.

May 21, 2021 Logo and Deciding a Product Ladder

I launched my contest on 99designs for a logo and I'm pretty happy so far. But, it didn't come without some concerns...

First, I put my contest up there. There are multiple tiers that you can use to pick how much you want to pay and how many entries you might get. I went with a middle tier. Then, you had options to highlight your listing, feature it, etc. I chose to highlight it for another $20, but I didn't do any other upgrades. I did mark it as non-refundable though. This basically says you'll accept one of the designs no matter what. They say you get better entries because of this.

I gave some direction on what I wanted, but left it open to their interpretation. You have to pick logos you like and colors you like during the submission process.

Of the entries I got, most of them were following my direction. Only two went a different way - and while one of them was totally unacceptable, I did appreciate the fact that they were willing to venture out.

There is a time bounds for giving feedback and picking finalists. Then, you have to decide more and give feedback. I think I'm in the final round picking and finalizing finalists. So, I should have a logo soon.

A couple things I found weird about this was that 1) it's oddly emotionally draining. Looking at all of these designs, especially knowing that people are competing, can be a tad bit stressful. I like completion in the marketplace, but something feels a little bit odd about this mechanism. I guess maybe it's because while I welcome competition in my own realm, I don't like being pitted against someone else directly. I'm not sure. And 2) having a locked in time frame is nice, but it doesn't really allow for say someone to take a vacation. I don't like that.

Anyway, for under $1k USD, I should have a logo in the next few days. It may not be what I want forever, but it sure is better than what I could have created myself - so it's worth it there.

Today I've planned out that my next "task" is to decide on my product ladder or offerings. I know in general what I want to do, but I haven't actually planned out the work yet.

This is important because I need to know how to prioritize work (since I'm working on this currently like once a week only), and I really want to know "what the point" is...

Let me explain that one. I know that I am developing a persona to group my talent in this particular area, but what is the end goal? It's education, sure, but what else? Do I go with educational courses, do I go with SaaS product? All of this I can do. It's interesting, because I had posted something about testing your idea - but I don't really have an idea to test now that I think about it.

Does this mean this is the wrong thing to be working on? Or is this just a part of the quandary and conundrum that founders experience? Or a mix of both?

Well I guess after today I should have a better idea of what my product ladder or path looks like - and then I should have a much more enlightening update for next week.

May 14, 2021 First Post, Scheduled Work, Next Steps

So today I shared my first post in the idea validation group. I basically asked is ok not to validate your idea? I have experience validating an idea, but asking the wrong questions. I have experience launching without validation. Neither worked. I used the example of a locksmith. You might not think you need them, but you do when you do. Most people would say they don't need them - or they'd say they need them but never use them - so is the validation actually useful? I'm nervous that I'm not validating my idea well enough.

So, I decided to follow some advice I got from an email from the guy creating BannerBear. He said one week he works on features, the next week he works on marketing. Since this is more of a side project and I have a lot of other work to do, I'm following the same pattern, but only on Fridays. One friday I'll work on content for my product, the other I'll work on marketing (which is making connections, writing in other communities, etc).

Today is going to be a bit of a planning day as well. I'm going to try to plan out what my sales funnels and product lines will be for the foreseeable future so I can start on my content.

I'm also going to go and get a logo design. The Laravel community has an appreciation for aesthetics so I think this is an important step. I'm thinking I'll try 99 Designs (because I haven't before). A business colleague had luck with Fiverr as well, but we'll see. I want to balance out the quality of logo and work with price. I don't mind paying a premium for a premium product, but I don't have the budget at this time. Hopefully a potentially lower-cost solution like this will work.

May 9, 2021 A slight detour and a gamble

I said I wouldn't be distracted by rewriting that PDF generation library, and I only half succeeded. I ended up forking it and altering it to my needs, or my perceived needs, but without rewriting it. Now I have something that is my internal tool that is lined up to be useful for me. I think it was a nice middle ground. I didn't waste all the time, and I think I still accomplished my end goal - which was modifying the tool to be something I could use.

Years ago, I did research about email providers for a different product/brand I was building called The Dev Manager. In the end, it came down to a consideration of Mailchimp, ConvertKit or Drip. I ended up going with ConvertKit. The product/brand didn't take off, and I ended up spending over $400 in monthly charges on a list that basically had about 20 people. Props to ConvertKit, though, because I asked them for a month off discount and they gave it to me. Still wasn't "worth" it from a cost point of view - but I did learn a lot.

Joel and I at No Compromises are using Mailchimp to manage a mailing list now. I like the functionality, it seems nice, and I don't have any complaints. However, he's been working in it a lot more than I have.

I did more research again, came up with the same 3 providers, and this time I decided to go with Drip.

I found a Drip training course from the Double Your Freelancing guy but its out of my price range. I value and respect the pricing and product, but I had to take a gamble: I emailed him asking for a discount or a trade.

I think part of launching your own business or product is to understand that sometimes you have to ask for things. There's a piece of me that was almost too proud to ask for help. But, that's just rubbish. I'm glad I asked; and I offered that he might want some of my services as trade. We'll see where this goes.

Finally, I'm working on scheduling tomorrow. I'm hoping to overlap some of my content development with a course I'm building for Infosec called Secure Laravel Coding. I don't want to overlap the content or give it away, but I do want to maybe follow along with both things and make use of say... the programming environments I set up, or something like that.

May 7, 2021 Focusing on the right thing

I'm trying to figure out what exactly is the right thing to focus on. I've got the following goals:

  • Develop content
  • Produce the content
  • Develop a logo / branding
  • Develop a marketing path
  • Figure out how to "build in public"

It's funny, as a developer and more of a private person, I have to battle a lot of tendencies: I want to stop this marketing "stuff" and focus on programming & I want to keep to myself.

For example, I know I need to create some PDFs for my landing pages. I have a forked tool that I created updates for and pull requests that were never accepted. I can still use it myself - but now I want to create my own version of it, built the way I want. What's the point? It's not going to help me sell anything, the existing product can do what I want really well, and I think its procrastination.

I also have stared at IndieHacker wondering how I should "build in public" - I don't necessarily think that I want to create posts so much into groups. I want feedback and to participate, but I don't want noise. The way this section is made it appears to be geared towards business milestones. So maybe this isn't the right place? Or maybe it is? I saw others doing it.

I think I've decided two major things today:

  1. Don't redo the PDF software. It will work fine.
  2. Use this particular avenue as where I'm going to write about building in public - and then use the posts to ask for help / feedback when I specifically am asking for help.
May 7, 2021 Launching on Indie Hackers

Decided to take the next step and launch my project idea on IndieHackers. I like the idea of building publicly on one hand, on the other it's a bit of a vulnerability.

I look forward to joining a community to learn and grow, ask questions, participate, contribute and help others.

With more and more news stories finally illuminating all of the cyber security failings, the Laravel community needs a place to go for reference, education and help.