The "24 Days in December" project has returned this year, sharing opinions and insights from members of the PHP community, one article posted each day. They've been running since December 1st and there's some great content in this year's batch already:

• How to become a good maintainer
• https://24daysindecember.net/2018/12/09/finite-resources-vs-infinite-knowledge/
• Open Source and Squeegee Men
• A love letter to legacy projects
• How a user group can change your live
• PHP and the secrets of emergent architecture

...and many more. Be sure to check out the full list and keep checking until December 24th of this year for more great articles from this year's 24 Days in December project.

The folks over at RIPSTech, a PHP-focused security company, have posted the announcement about the latest edition of their PHP Security Advent Calendar. This is the third year they've done this and it's always interesting and fun to find out about some of the vulnerabilities that can lie hidden in everyday PHP code.

The holiday season is coming up again and it’s time for some security fun. For the third time in a row, we are proud to announce our PHP security advent calendar. This year, we will analyze 24 exciting security bugs that we detected in the most widespread WordPress plugins.

In our first calendar edition in 2016, we analyzed exceptional vulnerabilities in some of the most popular open source PHP applications. Last year, we released 24 PHP security challenges with a hidden security pitfall in every day’s code challenge. This year we would like to give once again something back to the great PHP and Infosec community and release another advent calendar with 24 security surprises.

While you can't start on the calendar just yet (as of this post it's only November 28th) it will be coming soon. Be sure to sign up for their newsletter to get updates on when it's officially launched.

On their blog, RIPS Technologies have shared a wrap-up of their security advent calendar shared at the end of last year. The calendar provided a daily challenge related to a PHP security issue that may or may not be commonly known.

In this years PHP Security Advent Calendar we published 24 challenges for the PHP community where security issues were hidden in code snippets for fun and training. The challenges are based on real-world security vulnerabilities that we found with the help of RIPS over the last year in popular PHP applications. In this blog post we are going to discuss the main take-aways from our advent calendar regarding PHP security.

The calendar covered several different types of challenges but they fell into a few overall categories: issues with user input, weak typing, odd behavior of built-in features and the overall diversity of possible bugs.

The root cause for the security issues presented in our challenges are not new. But the diversity and combination of these pitfalls are sheer endless that trick even skilled developers. What looks secure at first sight quickly turns into an exploitable security bug. [...] We would like to thank everyone who participated, discussed, and provided great feedback and we hope our challenges helped in sharpening your security skills in a fun way!

The RIPSTech group has a post to their site with the announcement of the return of their security-related advent calendar. This year, however, it comes in the form of the PHP Security Advent Calendar with more of a "common security problems in PHP" approach than a list of vulnerabilities.

The end of the year is coming closer and the cheery advent time begins. We are looking back at a spectacular year and it is time to thank and give back to the great PHP, infosec, and RIPS community. Thank you for developing, auditing, and securing your PHP applications with us in 2017!

Similar to last years advent of PHP application vulnerabilities where we released a new application vulnerability each day, we will release a new calendar gift from December 1st to 24th this year again. This time, we will focus on nifty PHP pitfalls and release a daily code challenge for you to solve. Can you spot the daily security bug?

As today is December 1st, the first item has been posted to the calendar covering the use of whitelists versus blacklists. Keep checking back daily for new updates to the calendar and the daily code challenges.

As a part of his "Advent Contribution" series Derick Rethans has posted about an update to XDebug that fixes a bug reported around hidden properties.

This first contribution is for bug #987: "Hidden property names not shown". In PHP it is possible to convert an array to an object. [...] Xdebug's standard HTML var_dump() as well as the CLI, the coloured CLI and the debugger interface DBGp all suffered from the same issues that numerical properties were not showing in output.

With the committed fix the output of the var_dump now shows these special property names with curly braces around them and makes them available via the property_get method. If you're interested in the actual commit, you can check it out here.

From the folks that have brought you the PHP Advent series of posts in the past (Chris Shiflett, Sean Coates and all of their great contributing authors) comes this year's more general selection of articles - webadvent.org.

Christmas is upon us once again, and it's time to have a look at what's under the Web Advent tree. Join us each day as our wonderful authors provide presents of tips, tricks, & tidbits to usher in the new year.

This years posts are (list will be updated as more are added)

• Debugging Zen (Ben Ransey)
• Going from One to a Million Users (Joel Perras)
• The Gift of Sharing What You Know (Heather Payne)
• Better Forms for Mobile Users (James Socol)
• SSH Tips (Lorna Mitchell)
• PhantomJS (Paul Reinheimer)
• The Anti-Spec Movement is Going Too Far (Tracy Obsorn)
• Make a Difference (Noah Stokes)
• Dealing with Image Blocking (Chesley Andrews)
• More Code, More Problems (Ed Finkler)
• Landing on Your Feet (Emily Davis)
• Light It Up with Markup (Patrick Haney)
• Continuous Deployment Practices (Laura Thompson)
• Persisten Terminal Sessions (Remy Sharp)
• More than a Dot (James Duncan)
• Security in the Round (Chris Cornutt)
• Retina Ready (Jakie Balzer)
• Node.js with Express.js is in Business (Andreas Birkebaek)
• Three Ugly Sisters (Pádraic Brady)
• Take Time to Make Time (Jeff Loiselle)
• CSS Sliding Panels (Bedrich Rios)
• Get a Little Uncomfortable (Laura Beth Denker)
• The Long View (Lachlan Hardy)
• Be Lazy (Kit Hodsden)

You can find articles from previous years in the site's sidebar.

This year's PHP Advent calendar has finished up and if you haven't gotten a chance to check out some of the great content in this year's edition, be sure to take a look at the full list. It incudes topics like:

• Front-end testing with SimpleTest
• Scalable applications
• Cross-origin ajax
• working with Chef
• Error handling
• Dates and Times

The articles are by several well-knowns both in the PHP community and outside. While you're there, be sure to check out some of the previous years too!

Over on the Mayflower blog, the group has set up their own series of "advent calendar" posts on a wide range of topics. Here's their list (updated as new items are posted):

• Cloud Transformation Model
• PHP 5.3 Features in Real Life (German)
• Setting up a QA environment for Javascript
• Generating PDFs in PHP (German)
• Doctrine 2
• Doctrine 2 - Zend Framework Integration
• One-click Deployment
• Good Reasons Why to Learn a CSS Meta Language like SASS or LESS
• Lösungen für Debugging von Mobile Web Apps (German)
• Migrate to HTML5!
• Javascript Metriken (German)
• Profiling mit XHProf (German)
• Backbone vs Knockout vs JavascriptMVC
• Using Custom Annotations in PHP
• Zend Framework (1) vs. Symfony2
• Eine Einfüehrung in Behavior Driven Development (German)
• Cloud2Go Services for Your Web Development
• Test Driven Javascript Development
• JsHint - Dan Bessere JsLint? (German)
• Agile Developer Skills (ADS)
• Zend Framwork und Backbone.js (German)
• Verpacktes in PHP (German)
• PHP and the Lean Startup

They're a mix of English and German articles, but with a handy translator you can follow along pretty well.

It's that time of year again and this year's PHP Advent has kicked off with the first article posted yesterday. Below is a list of the articles for this year's advent calendar, to be updated as each new one is released:

• Because It's Fun! by Derek Sivers
• More Than Just Style by Laura Beth Denker
• Reduced-Friction Deployment by Chris Hartjes
• Better Than the Rest by Rob Allen
• A Stitch in Time Saves Nine by Paul Jones
• Dates and Times by Evert Pot
• Twilio in Two Minutes by Elizabeth Naramore
• Integration Testing by Wez Furlong
• Merry Error Handling by Samer Atiani
• Better Object-Oriented Arrays by Ryan Parman
• Out with the Old by Maggie Nelson
• Bake Cookies Like a Chef by Michael Nitschinger
• Don't Forget the Front by Beth Tucker Long
• Nightmare Before (Last) Christmas by Jeremy Kendall
• Cross-Origin Ajax with CORS by David Walsh
• Cracks in the Foundation by Gwynne Raskind
• PHP for All the Things by Matt Graham
• Simplifying Commerce for Small Business by Ben Ramsey
• Egomaniacal and Scalable Apps by David Coallier
• Code for the Users, Not for the Spec by Drew McLellan
• Social-Driven Development by Chris Cornutt
• Keep the Front in the Front by Rachel Andrew
• Look Ma! No Passwords! by Dan Mills
• Facilitating Development Environment Consistency by Jeff Loiselle

Check back for the growing list as this year's advent gets more great content every day!

On the Yahoo Developer Network a new post talks about some of the developer "advent" calendars that have popped up around the web - including the PHP Advent.

Christmas is upon us. Developers are embracing the spirit of sharing their knowledge and wisdom, while taking the opportunity to look back and recollect what 2010 brought us in terms of new technologies and ideas. A number of "advent" calendars started posting their blog-a-day-till-Dec-24th. Here are some for your reading pleasure while you kick back with a glass of wine by the fireplace.

Also on the list are: the 24 Ways (general web dev), the Perl Advent, Web Performance Calendar and the HTML5 Advent. Be sure to check out the comments for more calendars!