Ivo Jansch mentions an interesting comparison that CNet made on security and levels of vulnerability in a new blog post today. Their article mentions PHP right along side Apple and Microsoft in their list of "most vulnerable software".

This article once again demonstrates the cluelessness that some people have regarding what PHP is. First of all, PHP is not a vendor, so "Apple, Microsoft & PHP" does not make much sense. Furthermore, the only reason PHP even is mentioned in this context is that Joomla, Drupal and Wordpress appear in the list. So PHP, a programming language, gets blamed for the security flaws that are in these packages.

By their logic (applications written in a language on the list means the language is more insecure), they should have marked C as a more insecure language given the ratio of PHP to C software.

On the Paranoid Engineering blog, there's a recent post with a "CMS battle" of sorts between two of the more popular PHP-based content management systems out there - Drupal and Joomla.

It's hard to choose which one to use without trying them out. As usually, there are more options - home grown custom programming or even building your own CMS (which I was once stupid enough to do). Programming from scratch is always fun and beneficial for your skills, however, if you need things up and running in no time or you don't do (or don't want to do) any programming, using a CMS is the way to go.

His vote is for Drupal but he's included a long list of specs comparing the features of both so you can decide for yourself on which is the better fit.

The Zend Developer Zone has posted a book review of an Packt book, "Building Websites with Joomla! 1.5" (by Hagen Graf - the book, not the review):

The book is a tutorial guide to Joomla! 1.5 and was already written and published during the development of Joomla! 1.5. This is the final version and it aims for "web developers, designers, webmasters, content editors and marketing professionals" and is suitable for anyone starting out with Joomla! 1.5, for people who upgrade to Joomla 1.5 and for those who just want a good printed guide/manual at hand.

The review steps through the chapters, highlighting points of interest and the wrapup uses terms like "great instructional value", "very passionate about Joomla!" and the fact that the only thing the reviewer sees missing of a chapter about security.

PHPClasses.org has posted a review of a new PHP-related book from Packt Publishing, "Building Websites with Joomla! 1.5":

This book is a tutorial guide to Joomla! 1.5. It was written and published during the development of Joomla! 1.5. It is intended for Web developers, designers, Web masters, content editors and marketing professionals. It is suitable for anyone starting out with Joomla! 1.5, for people who upgrade to Joomla! 1.5, and for those who just want have a good printed manual at hand.

R.L. (the reviewer) goes through some of the chapters, detailing their content including some of the software mentioned in them (like Fireboard and DOCman). He recommends the book to anyone looking for a good in-hand Joomla! resource but notes that a chapter on security would have been a nice addition.

If you're in the area of The Netherlands and you're into PHP, consider yourself lucky - just look at all the events that Ivo Jansch mentions in one of his more recent blog entries:

PHP is still growing in The Netherlands (according to nexen.net, 46% of Dutch domains use PHP). A good indicator of PHP's growth is the number of conferences and other events that are organized this year. [...] This year alone, there are already 6 major (>50) events; 3 done, 3 to go.

Some of the events (like Dutch Joomla Days and the PHP Business Seminar) have already passed but there's still a chance to get in on a few others like Kings of Code and the Dutch PHP Conference.

The Zend Developer Zone has posted a review of a new book from Packt Publishing that introduces you to the Joomla! content management system and how to create your own bits of functionality for it - Mastering Joomla! 1.5 - Extension and Framework Development.

Planning to write a few extensions for site's I host I was looking for a book that could at least in part be a replacement for this documentation. As I went through the site of Pact publishing My eye fell on this particular book because of the example chapter they show. And indeed now I have the book I'm in no way disappointed.

He mentions the target audience of the book (and how well it hits it), the approach the book takes to the topics it covers and specific looks at several of the chapter topics like web services, error handling, security and plug-in structure.

Packt Publishing has announced this year's winners for the CMS awards with categories such as "most promising", "best PHP CMS" and the "best open source social networking CMS".

The Packt Open Source Content Management System Award is designed to encourage, support, recognize and reward an Open Source Content Management System (CMS) that has been selected by a panel of judges and visitors to www.PacktPub.com. Following on from the success of 2006, Packt has expanded the Award for 2007 with an increase in prize money and the addition of new categories.

The top three on the Overall Open Source CMS category were (in rank descending) - Drupal, Joomla! and CMS Made Simple. Check out their feature article for more details on Drupal's win.

As mentioned by Elizabeth Naramore on the php|architect website, this year's Joomla!Day USA will be happening next month on October 13, 2007 in New York City:

The event is open to Joomla! fanatics or anyone who wants to learn more about the popular CMS (both using it and coding for it). It will run from 9:30 am - 5:00 pm ET.

There'll be both the regular conference and an un-conference sort of structure to the day allowing for times for official speakers and any audience members to present their ideas (audience speakers will still need to register a topic ahead of time, though). You can check out the official schedule on their site and get more information about the wheres and whens for the day.

Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.

The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:

• Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
• Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
• An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.

The latest release of the Joomla! CMS has been announced - version 1.5 Beta-2 has been posted for download.

Joomla! proudly presents its most important coding adrenaline surge to the development and designer community. With today's release of Joomla! 1.5 Beta-2, we're shifting gears into turbo mode; an entirely re-factored core, internationalisation, FTP layering, next-generation API and framework that's so flexible and powerful and, of course, a designer's dream for unparalleled templating flexibility.

Along with this release ("Red Barchetta"), they also encourage the community to participate and to contribute to the community, giving back their time and skills to help make the CMS even better.