I'm certainly biased because my company (ServerPilot) sells a service for PHP developers using DigitalOcean and other servers, but it does seem like PHP is making great progress in the past few years both in the language and in terms of a strong developer community. We're very glad to see PHP 5.3 EOL'd recently. To encourage adoption of 5.6, we've already packaged and added support for 5.6.

[Note: I'm the RequestPolicy author.]

Thanks for letting people know about RequestPolicy. I would like to stress, however, that RequestPolicy is not a replacement for NoScript. I actually keep a FAQ entry about the high-level differences between the two extensions as this is a not uncommon misunderstanding:

http://www.requestpolicy.com/faq#faq-noscript

To give one example of why it can be bad for a package manager to accept older metadata when it has previously seen more recent (valid/signed) metadata: If you are installing a new package (rather than updating a package) and the old package you are served doesn't conflict with your currently installed packages, you will be installing a package that may have known security vulnerabilities. Additionally, the attacker who gave you that package may know your IP address now.

In this case it does not matter that the packages are signed. And if the metadata isn't signed, the above still applies but is easier to exploit.