The development team of popular open-source blog-software Wordpress just released the security update 2.6.2. It is highly recommended to install the update to eliminate some security issues within the Wordpress installation - especially for blogs with open registration.

The update fixes a security issue caused by the weak implementation of the php function mt_rand() in many popular php-distributions. The function is used for seeding the random number generator. It also addresses the security risk of MySQL and SQL column truncation vulnerabilities. Stefan Esser reported both security-issues which are probably relevant to a lot of other php-based open-source projects. Thanks, Stefan!

Beside the fix of security issues, the Wordpress version 2.6.2 also implements some minor bugfixes. Therefor the upgrade to the newest version of WP is highly recommendet to everybody using Wordpress.

Zend Framework reached Version 1.5 since the last article about Zend or Rails. Ruby on Rails also did a big step towards version 2 – 2.0.2, too be precise
So, who is my personal winner in this race? Which framework suits best for fast and innovative web application development?
To say things first: My personal favorite is Ruby-on-Rails!

But the burning questions is: Why!

1. Ruby instead of PHP: At first it sounds rather loose to cold-shoulder the sweat and tears of learning PHP – and dig deeply into a quite young and a pure object oriented language. But everybody I talked to in the last months who came from Java or PHP just told me the same story: It’s no big deal to learn Ruby – and the benefits are overwhelming. Ruby enables you to write elegant, readable and easy to maintain code.
2. Vision-Driven-Community: No matter where you get in contact with the Rails community – at a developers conference or in a mailing-list: The basic mood and vision of the community is friendly, catching, international and productive. It’s all about creating something new, something better and more elegant with the power of the community … take a look at the RailsConf 2007 keynote of David Heinemeier Hansson in Portland.
3. Scalability: By now, there are several examples of high scaling web applications with rails. The only con of Rails applications compared to Zend framework apps is the need of a little bit more hardware. But the pros are worth it: faster development and easier maintenance. Twitter, Qype and Xing show it. Especially, the Twitter developers love to twitter about scalability, like Britt Selvitelle auf der RailsConf Europe 2007 in Berlin.
4. REST: Version 2.0 is a big step towards the principle of Representational state transfer. Now REST is deeply implemented into the Ruby on Rails framework. This makes it easy to create consistent interfaces to other systems. REST was nearly buried in oblivion but it’s a sophisticated and strong feature based on the http protocol. Find out more by the free PDF-book of b-simple focusing on RESTful-Rails.
5. Database-Migrations: Rails offers a powerful script based tool to create and redo database structures called migrations. For projects following the principles of “pragmatic programming” this is a perfect tool to create and improve the whole database schema and fill tables with data. Zend want to have a feature like that, too. There is a proposal for that feature – but nobody knows when this will be implemented and how it will function.
6. Test-Driven-Development: Rails still is one of the leaders in TDD by it’s built in creation of test infrastruktur for automated unit- tests, functional tests and integration tests. Zend Framework tries to catch up with its ZFTestManager – but a conclusive integration into the framework is still missing.
7. MultiView: Within Rails, content can be presented in different ways according to the type of request. You easily can create different views to show the data as a CSV file, an RSS feed, a classical HTML page or as a special iPhone page. SlashDotDash shows, how easy it is to create a special iPhone optimized user interface for a rails app.

But there are some specific projects, which are not well suited for Rails Read the rest of this entry »