demiblog supports the following buzzwords:

• Content management: humane markup using Textile with syntax highlighting, BBCode, and SmartyPants.
• Seperation of content, style and behaviour: Semantic markup with CSS styling. ECMAScript and AJAX with prototype.js.
• Output formats: W3C HTML 4.0 (both Transitional & Strict), HTML 4.01 (T&S), XHTML 1.0 (T&S), XHTML 1.1, ISO HTML^†, W3C XHTML 2.0^†, WHATWG (X)HTML 5^†.
• Syndication formats: RSS 0.91, RSS 1.0 (RDF), RSS 2.0, RSS Over CSV (plain text), Atom 1.0 (RFC 4287), iCalendar (RFC 2445), hCalendar^†, JSON, Serialized PHP Object.
• Blogging: comments, folksonomy / tagging, Trackback, Pingback.
• Programming: PHP 5 object-oriented programming.
• Databases: PostgreSQL 8.x, MySQL 5.x, others^† that support PDO and SQL:1999.
• Metadata: RFC 2731, Dublin Core and more.
• Dates and times: UTC, W3C-DTF.
• Internationalisation (i18n): Unicode (UTF-8), gettext, RFC 3066 locales, including ISO 3166 country codes and ISO 639 language codes.

†: experimental feature or partial support.

Modern

demiblog development only properly started in January 2007. (Some development was done in early 2006, but this was almost entirely abandoned and re-written the next year.) In other words, demiblog development started after concepts like tagging, microformats, AJAX, JSON, Trackback, Pingback and the semantic web were already catching on. This meant that these ideas could be built right in to the foundations of demiblog, instead of being tacked on as afterthoughts.

It means that demiblog development started after PHP 5 had been released, allowing demiblog to take advantage of PHP 5’s improved object-oriented programming capabilities including interfaces, type hinting and abstract classes; PHP 5’s more consistant database extensions (PDO); and newer PEAR modules. It means that demiblog started development after MySQL 5 was released, enabling demiblog to use many advanced features of SQL (e.g. transactions and subqueries). Other blogging systems that still support MySQL 4 (or even MySQL 3!) cannot take advantage of these features.

Security

demiblog avoids common PHP security traps such as include()ing file paths that are based on unchecked user input, and potential SQL injection vulnerabilities. (demiblog mostly uses a prepare()/execute() cycle for database queries.) It hardly uses any global variables, and the register_globals PHP setting is not used.

demiblog can be configured to use two different usernames to log into the backend database for different types of queries:

• Read-Only User: all routine queries are executed as with this username. In the unlikely event that an SQL injection occurs when these queries are being made, the user does not have permission to insert, update or delete data, so no damage can be done (though secret information from the database could theoretically be revealed).
• Full Access User: this user is only logged in to when demiblog needs to make updates to the backend database. If it was compromised, your site could be cracked into in a painful way, this is why demiblog uses this user name as little as possible, and all queries that use it are double– and triple-checked for potential security problems.

Most other blog and CMS engines use a single all-powerful user, so an SQL injection vulnerability can render them cracker-bait. (If you aren’t able to set up multiple users for your database, demiblog is still capable of using a single all-powerful user. This setting is not as secure, but demiblog should still be as secure, or more secure, than most of its competitors.)

Passwords are stored in a hashed format, so in the unlikely event that the database table containing login details was compromised, passwords would not be revelaed.

Cruft (or lack thereof)

Cruft (Wikipedia):

[…] In computer programming, code is cruft if it is duplicating code elsewhere in the system, is unnecessarily complicated, is a poor solution to the problem it solves, is left over from a previous change, etc. Code cruft is comparable to dust bunnies, as it is one outcome of not tidying up regularly. […]

Moveable Type and WordPress can each trace their heritage back to 2001. Age and maturity bring a lot of advantages, including large, established communities for help and advice, and good availability of plugins.

However, age and maturity also bring cruft. Both Moveable Type ang WordPress contain plenty of code to help them support older databases and server software to help them run on ancient servers. demiblog is brand, spanking new, and doesn’t need to support any of that, so it’s got less cruft. This makes it (theoretically, at least), smaller, faster and simpler.