October 25, 2022

122: Securing Elixir and Teaching the Team

45 minutes

It’s important to learn safe coding practices. As developers, we want people to love our products and happily pay to use them. We also want to protect our services and users from hackers and information leaks. However, sometimes we unknowingly create vulnerabilities in our systems. One of the best ways to prevent problems is to train the team working on the project. To help do this, Holden Oullette started an OpenSource project called Elixir Secure Coding Training for teams. Livebook based, the lessons can be forked and customized for what’s relevant to our projects. Check out what's already available! There’s more work and lessons to create. People are invited to jump in and help out. The goal is to create an education and training resource for the Elixir community!

Show Notes online - http://podcast.thinkingelixir.com/122

Elixir Community News

https://twitter.com/AshFramework/status/1582062954891350016 – Ash Framework 2.0 released

https://github.com/ash-project/ash/blob/2.0/CHANGELOG.md – Ash Framework changelog

https://www.ash-hq.org/

https://elixirforum.com/t/ex-cldr-common-locale-data-repository-cldr-functions-for-elixir/17350/92 – Ex_cldr and Kip Cole's development plans

https://podcast.thinkingelixir.com/120 – Interview with Kip Cole

https://hexdocs.pm/ex_cldr_routes – New CLDR library to help localize Phoenix routes

https://hexdocs.pm/phoenix_localized_routes – There are other route localizing options as well

https://twitter.com/lukaszsamson/status/1578521810554916864 – Elixir-LS fixed 4 year old bug with help from reporter!

https://github.com/elixir-lsp/elixir-ls/issues/120 – Elixir-LS history and details on the fix

https://twitter.com/fhunleth/status/1580524909939556353 – Nerves on Apple silicon improvements in upcoming release

https://spawnfest.org/ – Spawnfest competition closed. People sharing their creations.

https://twitter.com/spawnfest/status/1581347422671806464 – List of Spawnfest judges

https://twitter.com/michalmuskala/status/1581743531764617217 – JSON Native project shared

https://github.com/spawnfest/json_native

https://twitter.com/livebookdev/status/1581995785637756928 – Livebook Ecto extension called Lively supports Entity Relationship Diagrams and more.

https://github.com/orgs/spawnfest/repositories?q=2022+in%3Atopics – See all the submissions with this non-obvious GitHub search

https://www.elixirconf.eu/ – ElixirConf EU 2023 in in Lisbon Portugal - Hybrid conference 20-21 April 2023 - In person and virtual

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]

Discussion Resources

https://github.com/Podium/elixir-secure-coding

https://www.podium.com/

https://jupyter.org/

https://twitter.com/holdenoullette/status/1565486046237921280

https://2022.elixirconf.com/speakers/holden-oullette

https://owasp.org/Top10/

https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)

https://github.com/podium/elixir-secure-coding/blob/main/modules/4-graphql.livemd – Incomplete GraphQL module

https://hex.pm/packages/sobelow

https://semgrep.dev/

https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ – Background on "left pad"

https://github.com/podium/vigil

Guest Information

https://twitter.com/holdenoullette – on Twitter

https://github.com/houllette/ – on Github

https://oullette.xyz – Blog

Find us online

Message the show - @ThinkingElixir

Email the show - [email protected]

Mark Ericksen - @brainlid

David Bernheisel - @bernheisel

Cade Ward - @cadebward