In a new tongue-in-cheek (humor) post to his site, Tomas Votruba shows you how to criticize like a senior programmer when offering feedback on code errors or architecture decisions.

As I spend most of my socials online time on Github and PHP-related discussion, I've noticed many people do so many wrong things while giving critics. I want to correct this once and for all, so I've prepared a guide for you.

His recommendations (again, the opposite of what is actually useful) include and eight step process to find a bug, never reversing your stance, repeating the same comments over and over and always telling, never asking. Following this list of "not to dos" he also includes a list of "to dos" correcting the misconceptions. This list includes:

• asking if feedback is desired
• determining your motivation for the feedback
• replacing "you" with "I"

In each recommendation there's examples of phrasing and comments that give you some guidance on how you can be more effective at giving feedback on projects and code.

On Reddit.com there's a long thread with responses to the question "What are some genuine criticisms of PHP?" with opinions ranging from small issues (like syntax) out to more community-related topics.

PHP tends to get a lot of flak, but mostly it is for something that isn't really the fault of PHP. Things like "there is so much bad PHP code out there" may be true but you can write bad code in any language. You shouldn't be mixing PHP, SQL and HTML, and you should be escaping/parameterizing variables for queries. (Thankfully this is less prevalent nowadays.) So do many PHP criticisms actually hold true today, now we have namespaces and we have buried crap like magic quotes at the bottom of the ocean?

Other comments cover things like

• PHP's namespace implementation
• poor web services support
• Less code audits, more "roll-your-own fever"
• Function naming and parameter order
• weak OOP functionality

Check out the full post for lots more opinions and add yours too!

In reference to some comments made on the previous post ("Comments Considered Harmful") to the PHP in Action blog, there's a new post explaining and responding to some of the things said by visitors.

Conflict is not a bad thing. That is, if it leads eventually towards clarity and understanding rather than confusion and misunderstanding. [...] A debate about a technical matter may be conducted in parallel with an altercation that addresses the relationship between the participants. This is confusing in itself. Keeping these discussion apart will help maintain clarity.

Using this tact, he responds to the criticism made on the previous post, specifically one that points to this article as to why "considered harmful" articles should only be seen as fodder for argument and should be "considered harmful" themselves.

In this new post to the PHP::Impact blog, Federico takes a look at the architecture behind one of the PHP community's most popular frameworks - the Zend Framework.

Before we begin our exploration of the architecture of the Zend Framework (ZF), it is important to discuss how a typical MVC application is built. Examining and understanding the architecture of an MVC Web application allows you to make more contextually sound choices when building your application.

He starts with a look at a three-tier architecture (presentation, application, data) and compares that to the MVC used in the Zend Framework. He talks about how ZF is a hybrid component and infrastructure framework and the coupling that it provides between its components. He also has a few criticisms namely some performance issues from this style and the lack of a module to handle model/controller dependencies.

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...