On the Developer Tutorials Blog today, there's a new post aimed at WordPress users to help them on the path to becoming "power users" with five tips.

If you're a wordpress power user, you'll inevitably have some questions about how you can improve your blog or add new features. Here are five tips that will make life easier for people wanting to maximize their use of Wordpress.

The list is:

• Quickly Find Page/Post ID
• Custom Front Page
• Password Protect Wordpress
• Protect from the 'Digg Efect' with HTML
• Stop Hackers

Each of them with their own explanations (and links to other resources detailing how they're done).

In this new post on the Northclick blog, Soenke talks about the stream wrappers included in PHP and some of the magic that can happen when they're applied correctly. In this case, it's an application of the ssh2 library (by Sara Golemon).

The new system must be very stable with a strict error checking and has to support several ways of file transports (FTP, SCP/SFTP). SCP is faster then FTP and secure by nature. It's going to be the standard way for deployment.

After finding and loading the extension, things flowed along swimmingly - the code shows a simple transfer method of transfer over a secure ftp connection, complete with a few performance stats at the end.

On the ITBusinessEdge site, there's a quick column from Lora Bentley looking at things from the other side of the Zend/Microsoft story - Microsoft's.

She mentions the "about face" that Microsoft has seemingly made when it comes to Open Source projects, specifically the Zend deal:

As a DigitalJournal writer pointed out yesterday, the deal makes great business sense for Microsoft, given that PHP runs more than 2 million Web sites and the software company's servers and tools business contributed one-fourth of its total revenue in the latest quarter.

You can get complete information regarding the collaboration from the Zend website.

Some unfortunate news from Edin Kadribasic to be felt particularly by the Windows PHP users out there - the box that hosts the PECL packages for Windows has suffered a bit from a power failure.

The power failures are very rare in Denmark, but nonetheless this one managed to take out the build box. The website itself is not affected, but there are no updates for the time being.

The PECL4WIN project hosts a repository of PECL extensions precompiled for the Windows platform. The packaging and distribution system used by PECL is shared with its sister, PEAR.

UPDATE (11.15.2006) - The box is back up and working at 100% again (faulty memory was to blame). A new build has already been created.

Andi Gutmans has a note of celebration on his blog today - the book that he, Stig Bakken, and Derick Rethans worked on, "PHP 5 Power Programming", has officially passed one million downloads.

A few days ago I was informed that the PHP 5 Power Programming book has now been downloaded over 1 million times. Exposure no doubt. And considering that there are about 4.5 million developers out there, it's safe to say that probably between 1 in 5 PHP developers have actually laid their hands on it (or should I say their computer screens on it).

Andi mentions also being happy to see this milestone crossed for many reasons, one of which that it's a sign of the PHP community maturing. To grab your copy, check out this page on phptr.com.

There's some unfortunate news from Greg Beaver today on his blog:

Some of you may have noticed a power workshop on PEAR advertised on the website of the S&S PHP Conference in Frankfurt this coming November. For personal reasons, I have been forced to pull out, so I'm sorry to say I will not be meeting any of you in Germany. If you're going, have a great time there!

For more information about the rest of the offerings that will be at this year's conference, check out their official page, specifically this page for the Power Workshops.

In a previous post on the Internet Storm Center website, they mentioned an issue that had come up with the Invision Board PHP/MySQL message board system by which a user clicking on a certian kind of link would push a .wmf exploit to the user.

More information about the exploit and the updates that the Invision Board team have made to counteract it can be found in this board pasting.

Unfortunately, there has also already been an incident with the exploit, causing the boards of "a large company" that was using it as a forum for its customers. Links started showing up that were causing problems, redirecting users to another server's page that pushed the bad .wmf file to them.

If you are running an Invision Board version before 2.1.6, it is stringly suggested you upgrade.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

A PDF of our slides is now available: Power PHP Testing (PDF).

Geoff also has some tarballs available that let you test a very simple PHP library (functions.inc) with Apache-Test, Simple-Test, PHPUnit, and phpt: http://people.apache.org/~geoff/power-php-testing

He also gives some other resources for finding out more about Apache/PHP testing as well as a brief mention of TAP (Test Anything Protocol)...

On Sunday, Geoff Young and I gave our tutorial, Power PHP Testing, which went really well. Most of the attendees had PHP experience and no testing experience, so it was a perfect fit.

We covered testing theory as well as some practical examples using phpt, Simple-Test, PHPUnit, and (of course) Apache-Test. We have tarballs for each framework that provide everything you need (I'll link to these in another post), including a Makefile so that make test runs your test suite.

In the talk, they tried to make each framework "shine", pointing out the highlights of each as a standalone method - not in comparison to the others. He also mentions how each was presented and what the largest difference between them is...