So, after a bit of harassment and whatnot (people harassing me, mind you), I’m releasing the LTN :: PHP patch and distribution, as well as maintaining an (un)official php mirror.

What is this distribution you may ask? Yeah, ok , maybe you don’t care, but I’ll answer anyways .The LTN Distribution of php is a bit more advanced, and quite a bit more secure than the “standard” distribution of php. How so?

Firstly, LTN :: php incorporates mail patches which have been updated, since the php5 (and 4) updates to mail headers. This means that you’re going to SEE who’s abusing what script, instead of actually wondering WTF is going on! Great idea, unfortunately, support by author is sporaddic, so I’ve added this to the list.

Secondly , suhosin support is added in. I’m not talking about a crappy “module”, I’m talking about patched into the core of php. Modules are great, but they suck when you recompile php and they can’t be activated. BOOOH!

Should LTN :: PHP be trusted? I’ll say this for it. I use it myself, and recommend that ALL individuals use it. Why? Because I said so, damnit. Ok, ok, so you need a better reason than that, I get it.

1. PHP is insecure. I’m not talking just globals, mail, etc, but the whole thing, it’s shot, and insecure. It’s good, but it doesn’t do jack for “security”.
2. PHP has bad mail handling capabilities. I mean, bad, bad, bad. They’ve improved on them, but it is still possible (with proper abilities) to send out mass spam to individuals. This should be stopped @ the core.
3. PHP has functions which are easily abused. Rather than DISABLE those functions, wouldn’t it seem more appropriate to patch the functions so that hey, they’re not so abusable? I mean, usability is key. If I can’t USE php functions, why, on god’s green earth am I bothering to use php as a core language, right?
4. PHP constantly releases premature, buggy releases. Rather than use something that’s premature, problematic and ick, why not use something that’s stable, utilized and tested? I’m not saying I’m not going to update php patches when necessary (cuz I will), but I’m not going to patch and update immediately. It’ll happen soon after the original release gets put out (within 2 weeks) to ensure that everything is dandy and copacetic.

The bottom line? Why NOT provide your clients with some sort of security? And hey, documentation, not a bad thing either! Took a couple hours to get 2.x gig across, but it’s there, and I will sync daily, so THAT part will be 100% updated and current. Support your local linux tech, use the UNofficial php documentation!

Peace out, enjoy your weekends.

P.S.:
I know I owe you a bit of an update on the RBL thing. I’ve been working on it. In the meantime, please, feel free to track the stats here. These are real time stats, updated whenever something happens . I’ve been a bit swamped lately with a rather large project, so bear with me. I promise, I’ll get it there, it’ll just take time!