Thinking Elixir Podcast

251: SSH Vulnerability and Cookies are Changing

Listen Later

News includes a critical Unauthenticated Remote Code Execution vulnerability in Erlang/OTP SSH, José Valim teasing a new project, Oban Pro v1.6's impressive new "Cascade Mode" feature, Semaphore CI/CD platform being open-sourced as a primarily Elixir application, new sandboxing options for Elixir code with Dune and Mini Elixir, BeaconCMS development slowing due to DockYard cuts, and a look at the upcoming W3C Device Bound Session Credentials standard that will impact all web applications, and more!

Show Notes online - http://podcast.thinkingelixir.com/251

Elixir Community News

  • https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer.
  • https://x.com/ErlangDiscu/status/1914259474937753747 – Unauthenticated Remote Code Execution vulnerability discovered in Erlang/OTP SSH.
  • https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 – Official security advisory for the Erlang/OTP SSH vulnerability.
  • https://paraxial.io/blog/erlang-ssh – Paraxial.io's detailed blog post addressing how the SSH vulnerability impacts typical Elixir systems.
  • https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539 – Updated Nerves systems available with SSH vulnerability fix.
  • https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g – Announcement of Oban Pro v1.6's new "Cascade Mode" feature.
  • https://oban.pro/articles/weaving-stories-with-cascading-workflows – Blog post demonstrating Oban Pro's new Cascading Workflows feature used to create children's stories with AI.
  • https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k – José Valim teasing a new logo with "Soon" message.
  • https://tidewave.ai/ – New site mentioned in José Valim's teasers, not loading to anything yet.
  • https://github.com/tidewave-ai – New GitHub organization related to José Valim's upcoming announcement.
  • https://github.com/tidewave-ai/mcp_proxy_elixir – The only public project in the tidewave-ai organization - an Elixir MCP server for STDIO.
  • https://x.com/chris_mccord/status/1913073561561858229 – Chris McCord teasing AI development with Phoenix applications.
  • https://ashweekly.substack.com/p/ash-weekly-issue-13 – Zach Daniel teasing upcoming Ash news to be announced at ElixirConf EU.
  • https://elixirforum.com/t/dune-sandbox-for-elixir/42480 – Dune - a sandbox for Elixir created by a Phoenix maintainer.
  • https://github.com/functional-rewire/dune – GitHub repository for Dune, an Elixir code sandbox.
  • https://blog.sequinstream.com/why-we-built-mini-elixir/ – Blog post explaining Mini Elixir, another Elixir code sandbox solution.
  • https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir – GitHub repository that contains Mini Elixir, an Elixir AST interpreter.
  • https://www.reddit.com/r/elixir/comments/1k27ekg/we_built_a_custom_elixir_ast_interpreter_for/ – Reddit discussion about Mini Elixir AST interpreter.
  • https://github.com/semaphoreio/semaphore – Semaphore CI/CD platform open-sourced under Apache 2.0 license - primarily an Elixir application.
  • https://semaphore.io/ – Official website for Semaphore CI/CD platform.
  • https://docs.semaphoreci.com/CE/getting-started/install – Installation guide for Semaphore Community Edition.
  • https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t – Announcement from Marko Anastasov, co-founder of Semaphore CI, about open-sourcing their platform.
  • https://github.com/elixir-dbvisor/sql – GitHub repository for SQL parser and sigil with impressive benchmarks.
  • https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1 – Discussion about SQL parser being 400-650x faster than Ecto for generating SQL.
  • https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p – Announcement about BeaconCMS reducing development due to Dockyard cuts.
  • https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w – Related profile for BeaconCMS announcement.
  • https://beaconcms.org/ – BeaconCMS official website.
  • https://github.com/BeaconCMS/beacon – GitHub repository for BeaconCMS.

    • Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]

    Discussion Resources

    • Discussion about Device Bound Session Credentials, a W3C initiative being built into major browsers that will require minor changes to Phoenix for implementation.
    • https://w3c.github.io/webappsec-dbsc/ – W3C - Device Bound Session Credentials proposal
    • https://github.com/w3c/webappsec-dbsc/ – Device Bound Session Credentials explainer
    • https://developer.chrome.com/docs/web-platform/device-bound-session-credentials – Device Bound Session Credentials (DBSC) on the Google Chrome developer blog
    • https://en.wikipedia.org/wiki/Trusted_Platform_Module – Wikipedia article on Trusted Platform Module, relevant to Device Bound Session Credentials discussion.
    • https://www.grc.com/sn/sn-1021-notes.pdf – Other podcast show notes discussing Device Bound Session Credentials (DBSC).
    • https://twit.tv/shows/security-now/episodes/1021?autostart=false – Security Now podcast episode covering Device Bound Session Credentials (time coded link to discussion).

      • Find us online

      • Message the show - Bluesky
      • Message the show - X
      • Message the show on Fediverse - @[email protected]
      • Email the show - [email protected]
      • Mark Ericksen on X - @brainlid
      • Mark Ericksen on Bluesky - @brainlid.bsky.social
      • Mark Ericksen on Fediverse - @[email protected]
      • David Bernheisel on Bluesky - @david.bernheisel.com
      • David Bernheisel on Fediverse - @[email protected]

        • Sponsored By:

        • Paraxial.io: Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer.
        ...more
        View all episodesView all episodes
        Download on the App Store
        Thinking Elixir PodcastBy ThinkingElixir.com
        • 4.9
        • 4.9
        • 4.9
        • 4.9
        • 4.9

        4.9

        32 ratings

        More shows like Thinking Elixir Podcast

        View all
        Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

        Software Engineering Radio - the podcast for professional software developers

        264 Listeners

        The Changelog: Software Development, Open Source by Changelog Media

        The Changelog: Software Development, Open Source

        285 Listeners

        Talk Python To Me by Michael Kennedy

        Talk Python To Me

        584 Listeners

        Software Engineering Daily by Software Engineering Daily

        Software Engineering Daily

        631 Listeners

        Soft Skills Engineering by Jamison Dance and Dave Smith

        Soft Skills Engineering

        272 Listeners

        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        988 Listeners

        REWORK by 37signals

        REWORK

        208 Listeners

        CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

        CoRecursive: Coding Stories

        185 Listeners

        Elixir Mix by Charles M Wood

        Elixir Mix

        13 Listeners

        Elixir Wizards by SmartLogic LLC

        Elixir Wizards

        22 Listeners

        The Stack Overflow Podcast by The Stack Overflow Podcast

        The Stack Overflow Podcast

        63 Listeners

        Beam Radio by Lars Wikman

        Beam Radio

        11 Listeners

        Oxide and Friends by Oxide Computer Company

        Oxide and Friends

        47 Listeners

        Elixir Mentor by Jacob Luetzow

        Elixir Mentor

        2 Listeners

        The Pragmatic Engineer by Gergely Orosz

        The Pragmatic Engineer

        51 Listeners