Thanks, I'm glad you liked it!

> This approach allows for complex browsers to actually become safer, by simplifying them. The browser is broken up into a set of components. Each component runs in a separate process, completely isolated (by the operating system) from the other components. In addition, each component is isolated from the rest of the system using mandatory access controls (SELinux in this case) which prevent the component from doing anything that it doesn't need to do.
[...]
> This approach is known to work - it's similar to the approach used by operating system kernels.

Unfortunately, this approach is also known to have several big problems. Take a quick spin through google for the "confused deputy" problem and you will see one of the primary complaints of ACL-based security. Capability-security researchers think they have a solution and in fact created a capability-secure browser called CapDesk several years ago. If anyone is actually interested in the problem they should check it out.

The relevant difference among these statements is that Reiser might, in fact, have murdered his wife in cold blood. I was going to say that the jury is still out, but of course that's not just a figure of speech in this case; according to Wikipedia, they will be convened in May.

The rest of the post was sort of funny, but that part was unjustifiable. Let the law do its work.

My main point was that it's unfair to pick on PHP because of something which - when done properly - isn't a problem.

I think that's where we differ. Your suggestions about how PHP ought to be written are reasonable, but I actually am picking on PHP for its poor design. When I say "broken" I don't mean a bug as in the implementation deviating from a spec, I mean Broken As Designed.

When PHP was created, a choice had to be made about what == would mean. And that choice was made in such a way that it would invite bugs; it practically guarantees confusion. In no other language does equality fail to be transitive.

The == operator is typically described as:

A == B tests whether A and B are equal.

but in fact what it really does is:

A == B tests whether A and B are equal or if either of A or B is a number then it tests whether they have the same numeric value, where strings containing common formats for integers and floats are converted to the corresponding numeric value, strings not containing recognizable numbers are converted to zero, and undefined values are converted to zero.

That behaviour is unnecessarily complicated. I claim the design choice was poor, and the widespread misunderstanding and misuse of the == operator provides some empirical support for that claim.