At the current point in time there exists a very significant SQL Injection vulnerability in the WordPress code base. I want to make it abundantly clear that this does not affect anyone using WordPress “off the shelf”. It only is exploitable if you use certain WordPress code outside of a WordPress install. So this is not a very “attackable” vulnerability. Or to put it in other terms, this is a high level vulnerability which has a very low threat level. It is also worth noting that it has not been fixed by WordPress (even 90 days after disclosure).

Lately I’ve been playing around with some functional languages and concepts. I have found that some of these concepts are directly applicable in the OOP code that I’ve been writing. One of those concepts that I think is worth talking about is the Monad. This is something that every functional developer tries to write a tutorial on, because it’s such a cool but hard to grasp concept. This post is not really going to be a Monad tutorial per se, but more of a post about bringing the general concept to OOP, and what that looks like.

Yes, you read that right. If your project aims to provide backwards compatibility as a primary goal, you’re a sucker. Tons of popular software projects from PHP to Microsoft Windows have stated goals of providing Backwards Compatibility between releases. And yes, I am here to say that they are doing it wrong.

This past Thursday evening I picked up my Explorer edition of Google Glass. I was lucky enough to have my #ifihadglass tweet chosen to receive the chance to pay an arm and a leg to get them. Needless to say, I did choose to pony up the cash, and on Thursday evening I walked home with my brand new piece of technology dangling off of my right temple. Since first impressions are often strong, but can be misleading, I chose to wait until I had used them for a few days before writing my thoughts. So here they are:

Today, I did a talk at The Dutch PHP Conference 2013 on how PHP works under the hood. Click through for the slides!

Today, I’m doing a talk at DrupalCon Portland 2013 on Static analysis and code metrics. Here are the slides for that talk. When the videos are posted, I’ll make a followup post that links to it. Click through for the slides!

In the April issue of the PHPArch magazine (also published on her blog), Elizabeth Tucker Long wrote a really interesting editorial piece coining a concept she called Security-Driven-Development. She (quite correctly) identified a problem in the current development community where security has become an after-thought (if it’s thought of at all). This isn’t a new concept, in fact it’s a concept that I and many others have been preaching for quite a while now. However I’ve been coming to realize that I’ve had it wrong the whole time. And I think the entire industry is getting it wrong today.

A few days ago, I posted a video about how to become a better developer. There were a few interesting comments made, but one in particular from the Reddit thread ( http://www.reddit.com/r/PHP/comments/... ) peaked my interest. So I decided to do a reply. Check it out:

In today’s episode, I talk a little bit about what it takes to become a better developer. Nobody will ever expect you to know everything, but you better know how to find it…

I’m trying out a new format with this video. Less scripted, more free-form, and with less visuals. This is not going to replace the other format (which I’m still working on), but instead compliment it from time to time. Let me know what you think in the comments below! Check it out:

It’s been a little while since I’ve posted anything here or on YouTube. I’ve been working on some interesting ideas that hopefully will be pretty decent, so it wasn’t time wasted. But I figured now would be a good time to tell you about some upcoming speaking engagements that I have, and where I’ll be over the next few months. So with no further adue: