In response to some of the claims made by CNet about the security of PHP, Ken Guest has made a few comments on his blog hoping to correct a few wrongs.

What are featuring in IBM's top ten of vulnerable that makes the report insinuate that the PHP language is a security risk are Jooma, Wordpress and Drupal. How PHP would feature in a list of "vendors" is beside the point.

He illustrates with an allegory that it's not the tool's fault if it's used improperly. Pointing out software like WordPress and Drupal is not the same as pointing out issues with the language that powers them (no matter how trendy it is). The burden is on the developers to use the power the language offers to create more secure, flexible, stable applications. Does PHP have its share of problems? Sure, but get it right next time CNet - don't blame the tool if the builder's not up to spec.

Ivo Jansch mentions an interesting comparison that CNet made on security and levels of vulnerability in a new blog post today. Their article mentions PHP right along side Apple and Microsoft in their list of "most vulnerable software".

This article once again demonstrates the cluelessness that some people have regarding what PHP is. First of all, PHP is not a vendor, so "Apple, Microsoft & PHP" does not make much sense. Furthermore, the only reason PHP even is mentioned in this context is that Joomla, Drupal and Wordpress appear in the list. So PHP, a programming language, gets blamed for the security flaws that are in these packages.

By their logic (applications written in a language on the list means the language is more insecure), they should have marked C as a more insecure language given the ratio of PHP to C software.

AS Evan Sims mentions on his blog today, Automattic has released a version of WordPress for the iPhone (a client to connect to your remote blogging system).

There are a least a half dozen plugins for creating a more hospitable environment for managing your content on the iPhone, but quite honestly the quality of the ones I'd tried left a lot to be desired.

He noes that the application is "polished, official and completely native" and includes features that allow you to take a picture with the phone's camera and embed it directly into the post you're writing. Check out the sample video of it in action on an iPhone. You can download it from the App Store for free.

As Vinu Thomas has noted, the latest stable version of the WordPress blogging software has been released - WordPress 2.6.

From the Twitter feed of Matt Mullenweg:

I'm happy to announce that version 2.6 of WordPress.org is now available, almost a month ahead schedule. Version 2.6 "Tyner," named for jazz pianist McCoy Tyner, contains a number of new features that make WordPress a more powerful CMS: you can now track changes to every post and page and easily post from wherever you are on the web, plus there are dozens of incremental improvements to the features introduced in version 2.5.

You can check out some of the new functionality in the video included in Vinu's post and you can grab this latest download from the main WordPress website.

The Developer Tutorials blog has a new post full of links to some great add-ons for the popular WordPress blogging software to help make your site into more of a community.

Wordpress is a CMS that was built for blogging but many people have repurposed it for magazines, newspapers, blog networks and all sorts of other goodies! But did you know you can hack your Wordpress blog to be a no-cost solution for a social network? Well you can, and here's fifteen plug-ins that will let you do it.

Some of the packages they link to include Ajaxd WordPress, Profiles, Quick SMS, Invite Friends and SezWho.

Thanks to it being posted on reddit, the traffic to a certain post on Michael Kimsal's blog gave him a crash (literally?) course in high load management on a WordPress blog.

The blog post was voted up on reddit, and the server got slammed. So slammed, in fact, that it was unusable for a few hours while I investigated the problem. I didn't know the post was on reddit, but I knew I was getting some traffic.

He spent some time trying to get the Apache server to finally die off and give him back his machine, at least enough to get a feel for what was going on. Part of his problem was not having APC installed like he thought and the other part - WordPress. While friendly on the outside, it's apparently somewhat lacking on the inside.

Matthew Turland has said goodbye to Wordpress and hello to Habari - a "next-generation free software blogging platform". He also includes one of the more helpful tips for those thinking on doing the same:

So after eventually getting fed up with WordPress, especially after the WYSIWYG editor disappeared in the 2.3.3 update, I finally decided to bite the bullet and migrate my blog over to Habari. Once I'd been through the process, I thought I'd write a short blog entry about the experience.

The two tips he mentions are about exporting the old content (made simple from the WordPress admin interface) and making Habari support his WordPress URL scheme (so as not to loose links to any content out there). He found this to help on that front.

Frustrated by the trouble he's having finding a really good PHP developer to fill a few positions, has posted about this process he's been going through - the good, the bad and the downright ugly - of trying to find those right, qualified folks.

During the last six month or so, I've been looking to hire a PHP programmer for at least three companies. I have spoken to quite a few people on the phone, reviewed a bunch of resumes, and even interviewed a few. Out of all those candidates I recommended to hire exactly zero.

Some of the "roadbumps" he experienced along the way include the interviewees inability to write down code without a computer and them giving either the wrong or no answers to simple, common knowledge computing questions. So, he came up with a list of what he calls the "roots of the problem". Included in the list are things like:

• PHP is an ugly language
• PHP is rich with secondary reasons
• PHP is getting mature
• PHP avoidance

Also be sure to check out this response from Nick Jenkins to Leonid's post.

UPDATE: Leonid has also posted a follow-up post with a few corrections and clarifications of the original post.

On the KillerPHP blog today, Stefan Mischook comments on whether or not WordPress version 2.5.1 "sucks".

I just recently installed the this latest version of Wordpress (2.5.1) and quickly found it hanging (while trying to load a page) for as long as 40-50 seconds! I then proceeded to isolate the potential causes (database, custom fields, custom theme) and have since found out that something stinks in 2.5.1's core.

He details some of the steps he took to try to track down the bug - installing on another server, searching the web for others with the same issue. His suggestion?

Before you upgrade your old working installation of Wordpress, I would suggest that you test 2.5.1 in some other directory just to be sure it works with your server.

In a new post today, Michael Kimsal walks through the procoess he followed to try and get the most optimized testing environment he could around a WordPress installation he already has set up.

I've recently been working on a project trying to take an existing customized wordpress site and create automated integration tests around parts of it. I'm using phpUnderControl, phpUnit, Selenium RC, Firefox, Xvfb (virtual frame buffer) and...well, I think that's it.

He mentions the two issues he came across, both with the WordPress software (the "siteurl" setting and the pathing for the templates). He recommends that application code be portable to avoid problems like these. Applications that can be dropped in anywhere and "just work" can help not only make life easier for the installer but also for the tester.