I'm quite sure that most of you wouldn't bat an eyelid on losing a pro bono job. You proposed to do some work for free, the other party didn't agree for some odd reason, less work for you, end of story. But once in a while there's a lesson to be had from such an experience, leading to interesting ripple effects. For example, a Joomla! guy ended up with a WordPress blog. Intrigued?

Joomla! 3.2 includes an abundance of new features appealing to end users and developers alike. One of these new features is two factor authentication. In this tutorial you will learn what two factor authentication is and how you can use it in your components to enhance the security of potentially dangerous or important operations, just like most banks do.

As I've said many times, I am an avid user of Zend Server for local development on my Mac. It has pretty much everything you need, including a simple to use back-end for viewing issues occuring on your server which make debugging easier. Well, on the debugging front it has a major shortcoming: it comes with Zend Debugger which only works with the very expensive Zend Studio IDE. All other IDEs (Eclipse, NetBeans, phpStorm, ...) only provide support for XDebug. Every time I update Zend Server I have to install and enable XDebug instead of Zend Debugger. It's easy and will help you debugging your PHP applications easily on your local environment. This article describes how to do it.

As a Joomla! developer I often find myself providing support to users of my software. Sometimes, despite my best intentions, I hit a stone wall: a server setting is amiss. In this case I explain to my users what the problem is and ask them to contact their host to rectify it. One of the most irritating situations I've found myself dealing with is when a host replies "we can't do this for security reasons". I would generally accept that, if only the host actually knew what they're talking about. And, yes, I am specifically talking about the fopen URL wrappers and the fact that they are stupidly disabled on many hosts.

There is a very common misconception that moving configuration.php outside of your Joomla! root somehow makes your site more secure. It’s so common that you can even find instructions on the Joomla! documentation wiki. Let’s separate the myth from the facts and let’s see why this “security” advice may not be as secure as one might think.

You may remember that two years ago I reviewed a great book about Joomla! 1.5 written by Eric Tiggeler. Fast forward two years. Joomla! has come up with a great new stable release, Joomla! 2.5. The need for disseminating the knowledge of the CMS to newcomers –or returning users of previous releases– is higher than ever, with Joomla! already powering almost 3% of all Internet sites out there. Eric has once more picked up the task and did a great job with his new book, "Joomla! 2.5: Beginner's Guide" available by Packt Publishing.

This is a user-submitted French translation of my "777: The number of the beast" blog post. Please do not post questions in the comments in French. My French is very rusty :)

Je vous promets, cet article n'a rien à voir avec la religion, il traite de la sécurité des sites web. Le démon que je mentionne se refaire au fait d'ouvrir une éventuelle porte pour permettre aux pirates de compromettre votre site. Cet article est long mais je vous promets que vous allez apprendre des choses que vous n'avez jamais imaginées. Faisons la lumière sur le mystère du numéro 777 et tuons le démon !

This is a question I have been asked too many times ever since I announced I would be refactoring the component to not use Nooku anymore. Well, it all boils down to stability and compatibility of the framework. And it's finally time to write down everything I have in my mind and promised to put on a blog post many times during the last three weeks.

As you all know, Joomla! 1.7 brought a major change in the direction of the project. The self-developed libraries upon which the Joomla! CMS is built on are now spun-off as a separate project, called Joomla! Platform. The goal of this split is to allow developers to built applications on the Joomla! Platform without having to install the Joomla! CMS and all the unnecessary cruft this brings with it. The vision is to have a standalone framework, much like Zend Framework, CakePHP, CodeIgniter or Symphony, with a twist. It will be equally easy to create a component for the Joomla! CMS, a standalone web application or a CLI (command-line) application without much changes in the source code or, at least, reusing big portions of it. A mighty, noble goal. Is it possible? Are we there yet? Is it worth it?

If you are into Joomla! extensions development you are undoubtedly familiar with the rule of index.html, that is the necessity to put a “blank page” index.html file on any and all directories containing PHP files. This habit is so ingrained to the mentality of Joomla! developers that it’s now dubbed a “security feature” and made a prerequisite to publishing your extension in the Joomla! Extensions Directory. The thing is, is it really a security feature or are we trying to solve the wrong problem?