Securing our apps is our responsibility as developers. We are the custodians and the guardians of our user's data. We met up again with Michael Lubas to discuss some lesser known community security resources and helpful tips to get us started with securing our Elixir and Phoenix applications!
Show Notes online - http://podcast.thinkingelixir.com/131 (http://podcast.thinkingelixir.com/131)
Elixir Community News
- https://erlangforums.com/t/otp-25-2-released/2166 (https://erlangforums.com/t/otp-25-2-released/2166) – Erlang/OTP 25.2 is the second maintenance patch package for OTP 25, with mostly bug fixes as well as improvements.
- https://twitter.com/livebookdev/status/1603787699458113539 (https://twitter.com/livebookdev/status/1603787699458113539) – HuggingFace announced “spaces”, a feature that lets people run Docker images on HuggingFace.
- https://huggingface.co/spaces/livebook-dev/singlefilephxbumblebeeml (https://huggingface.co/spaces/livebook-dev/single_file_phx_bumblebee_ml) – Elixir Phoenix was specifically shown as a Docker example on HuggingFace
- https://twitter.com/sean_moriarity/status/1602817446875992066 (https://twitter.com/sean_moriarity/status/1602817446875992066) – Sean Moriarity added “negative prompts” feature to Nx's Stable Diffusion support.
- https://github.com/elixir-nx/bumblebee/pull/109 (https://github.com/elixir-nx/bumblebee/pull/109) – PR adding "negative prompt" support
- https://twitter.com/miruoss/status/1604849993130676225 (https://twitter.com/miruoss/status/1604849993130676225) – Michael Ruoss has a new Kino plugin for working with kubernetes pods
- https://github.com/mruoss/kinok8sterm (https://github.com/mruoss/kino_k8s_term) – KinoK8sTerm
- https://twitter.com/livebookdev/status/1603391808209391617 (https://twitter.com/livebookdev/status/1603391808209391617) – Livebook added two new neural network tasks to Bumblebee integration.
- https://twitter.com/hanrelan/status/1603470678081929216 (https://twitter.com/hanrelan/status/1603470678081929216) – Customized Livebook Stable Diffusion shows intermediate steps when generating images.
- https://blog.ftes.de/elixir-dijkstras-algorithm-with-priority-queue-f6022d710877 (https://blog.ftes.de/elixir-dijkstras-algorithm-with-priority-queue-f6022d710877) – Fredrik Teschke wrote a blogpost using Livebook to visualize Dijkstra's algorithm for finding the shortest path between nodes in a graph.
- https://notes.club/ (https://notes.club/) – Notesclub is a website by Hec Perez that makes it easy to share and discover Livebook notebooks online.
- https://twitter.com/louispilfold/status/1602740866602631170 (https://twitter.com/louispilfold/status/1602740866602631170) – Louis Pilfold announced his last full day at Nomio. He is now working full time on Gleam.
- https://twitter.com/louispilfold/status/1600960290455113728 (https://twitter.com/louispilfold/status/1600960290455113728) – Louis Pilfold shared that Bumblebee, Nx and Axon work in Gleam thanks to Gleam's new Elixir support.
- https://twitter.com/kipcole9/status/1604929772253229057 (https://twitter.com/kipcole9/status/1604929772253229057) – Kip Cole has a library called Image. He added Image.Classification.classify(image) using Bumblebee.
- https://sessionize.com/code-beam-lite-stockholm-2023 (https://sessionize.com/code-beam-lite-stockholm-2023) – Code BEAM Lite Stockholm 2023, 12 May 2023, Stockholm, Sweden. Call for speakers is open until Feb 5th 2023.
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at [email protected] (mailto:[email protected])
Discussion Resources
- https://paraxial.io (https://paraxial.io)
- https://paraxial.io/blog/securing-elixir (https://paraxial.io/blog/securing-elixir) – Securing Elixir/Phoenix Applications - 5 Tips to Get Started
- https://paraxial.io/blog/xss-phoenix (https://paraxial.io/blog/xss-phoenix) – Cross Site Scripting (XSS) Patterns in Phoenix
- https://podcast.thinkingelixir.com/93 (https://podcast.thinkingelixir.com/93) – Previous interview with Michael
- https://www.youtube.com/watch?v=w3lKmFsmlvQ (https://www.youtube.com/watch?v=w3lKmFsmlvQ) – ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application - Griffin Byatt
- https://felt.com/blog/rate-limiting (https://felt.com/blog/rate-limiting) – Rate Limiting Algorithms for Client-Facing Web Apps by Tyler Young
- https://github.com/podium/elixir-secure-coding (https://github.com/podium/elixir-secure-coding) – Elixir Secure Coding Training (ESCT) that runs in Livebook
- https://github.com/rrrene/htmlsanitizeex (https://github.com/rrrene/html_sanitize_ex)
- https://fly.io/phoenix-files/github-actions-for-elixir-ci/ (https://fly.io/phoenix-files/github-actions-for-elixir-ci/) – Blog post about Elixir CI/CD checks
- https://github.com/mirego/mix_audit (https://github.com/mirego/mix_audit) – mix_audit
- https://hexdocs.pm/mix/Mix.Tasks.Deps.Unlock.html (https://hexdocs.pm/mix/Mix.Tasks.Deps.Unlock.html) – mix hex.audit
- https://erlef.github.io/security-wg/securecodinganddeploymenthardening/ (https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/) – Erlang Ecosystem Foundation resource - Secure Coding and Deployment Hardening Guidelines
- https://github.com/slab/safeurl-elixir (https://github.com/slab/safeurl-elixir) – SafeURL hex package by Slab
- https://slab.com/ (https://slab.com/)
Guest Information
- https://twitter.com/paraxialio (https://twitter.com/paraxialio) – on Twitter
- https://github.com/paraxialio/ (https://github.com/paraxialio/) – on Github
- https://paraxial.io/ (https://paraxial.io/) – Blog
- [email protected]
- https://genserver.social/paraxial (https://genserver.social/paraxial) – on Mastadon
Find us online
- Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir)
- Message the show on Mastadon - @[email protected] (https://genserver.social/ThinkingElixir)
- Email the show - [email protected] (mailto:[email protected])
- Mark Ericksen - @brainlid (https://twitter.com/brainlid)
- Mark Ericksen on Mastadon - @[email protected] (https://genserver.social/brainlid)
- David Bernheisel - @bernheisel (https://twitter.com/bernheisel)
- David Bernheisel on Mastadon - @[email protected] (https://genserver.social/dbern)
- Cade Ward - @cadebward (https://twitter.com/cadebward)
- Cade Ward on Mastadon - @[email protected] (https://genserver.social/cadebward)

Ver todos los episodios