122: Securing Elixir and Teaching the Team
Thinking Elixir Podcast
English - October 25, 2022 10:15 - 45 minutes - 31.8 MBHow To Education News Tech News elixir programming web clustering phoenix liveview news developer Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
It’s important to learn safe coding practices. As developers, we want people to love our products and happily pay to use them. We also want to protect our services and users from hackers and information leaks. However, sometimes we unknowingly create vulnerabilities in our systems. One of the best ways to prevent problems is to train the team working on the project. To help do this, Holden Oullette started an OpenSource project called Elixir Secure Coding Training for teams. Livebook based, the lessons can be forked and customized for what’s relevant to our projects. Check out what's already available! There’s more work and lessons to create. People are invited to jump in and help out. The goal is to create an education and training resource for the Elixir community!
Show Notes online - http://podcast.thinkingelixir.com/122 (http://podcast.thinkingelixir.com/122)
Elixir Community News
- https://twitter.com/AshFramework/status/1582062954891350016 (https://twitter.com/AshFramework/status/1582062954891350016) – Ash Framework 2.0 released
- https://github.com/ash-project/ash/blob/2.0/CHANGELOG.md (https://github.com/ash-project/ash/blob/2.0/CHANGELOG.md) – Ash Framework changelog
- https://www.ash-hq.org/ (https://www.ash-hq.org/)
- https://elixirforum.com/t/ex-cldr-common-locale-data-repository-cldr-functions-for-elixir/17350/92 (https://elixirforum.com/t/ex-cldr-common-locale-data-repository-cldr-functions-for-elixir/17350/92) – Ex_cldr and Kip Cole's development plans
- https://podcast.thinkingelixir.com/120 (https://podcast.thinkingelixir.com/120) – Interview with Kip Cole
- https://hexdocs.pm/excldrroutes (https://hexdocs.pm/ex_cldr_routes) – New CLDR library to help localize Phoenix routes
- https://hexdocs.pm/phoenixlocalizedroutes (https://hexdocs.pm/phoenix_localized_routes) – There are other route localizing options as well
- https://twitter.com/lukaszsamson/status/1578521810554916864 (https://twitter.com/lukaszsamson/status/1578521810554916864) – Elixir-LS fixed 4 year old bug with help from reporter!
- https://github.com/elixir-lsp/elixir-ls/issues/120 (https://github.com/elixir-lsp/elixir-ls/issues/120) – Elixir-LS history and details on the fix
- https://twitter.com/fhunleth/status/1580524909939556353 (https://twitter.com/fhunleth/status/1580524909939556353) – Nerves on Apple silicon improvements in upcoming release
- https://spawnfest.org/ (https://spawnfest.org/) – Spawnfest competition closed. People sharing their creations.
- https://twitter.com/spawnfest/status/1581347422671806464 (https://twitter.com/spawnfest/status/1581347422671806464) – List of Spawnfest judges
- https://twitter.com/michalmuskala/status/1581743531764617217 (https://twitter.com/michalmuskala/status/1581743531764617217) – JSON Native project shared
- https://github.com/spawnfest/json_native (https://github.com/spawnfest/json_native)
- https://twitter.com/livebookdev/status/1581995785637756928 (https://twitter.com/livebookdev/status/1581995785637756928) – Livebook Ecto extension called Lively supports Entity Relationship Diagrams and more.
- https://github.com/orgs/spawnfest/repositories?q=2022+in%3Atopics (https://github.com/orgs/spawnfest/repositories?q=2022+in%3Atopics) – See all the submissions with this non-obvious GitHub search
- https://www.elixirconf.eu/ (https://www.elixirconf.eu/) – ElixirConf EU 2023 in in Lisbon Portugal - Hybrid conference 20-21 April 2023 - In person and virtual
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at [email protected] (mailto:[email protected])
Discussion Resources
- https://github.com/Podium/elixir-secure-coding (https://github.com/Podium/elixir-secure-coding)
- https://www.podium.com/ (https://www.podium.com/)
- https://jupyter.org/ (https://jupyter.org/)
- https://twitter.com/holdenoullette/status/1565486046237921280 (https://twitter.com/holdenoullette/status/1565486046237921280)
- https://2022.elixirconf.com/speakers/holden-oullette (https://2022.elixirconf.com/speakers/holden-oullette)
- https://owasp.org/Top10/ (https://owasp.org/Top10/)
- https://en.wikipedia.org/wiki/Capturetheflag_(cybersecurity) (https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))
- https://github.com/podium/elixir-secure-coding/blob/main/modules/4-graphql.livemd (https://github.com/podium/elixir-secure-coding/blob/main/modules/4-graphql.livemd) – Incomplete GraphQL module
- https://hex.pm/packages/sobelow (https://hex.pm/packages/sobelow)
- https://semgrep.dev/ (https://semgrep.dev/)
- https://www.theregister.com/2016/03/23/npmleftpad_chaos/ (https://www.theregister.com/2016/03/23/npm_left_pad_chaos/) – Background on "left pad"
- https://github.com/podium/vigil (https://github.com/podium/vigil)
Guest Information
- https://twitter.com/holdenoullette (https://twitter.com/holdenoullette) – on Twitter
- https://github.com/houllette/ (https://github.com/houllette/) – on Github
- https://oullette.xyz (https://oullette.xyz) – Blog
Find us online
- Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir)
- Email the show - [email protected] (mailto:[email protected])
- Mark Ericksen - @brainlid (https://twitter.com/brainlid)
- David Bernheisel - @bernheisel (https://twitter.com/bernheisel)
- Cade Ward - @cadebward (https://twitter.com/cadebward)
It’s important to learn safe coding practices. As developers, we want people to love our products and happily pay to use them. We also want to protect our services and users from hackers and information leaks. However, sometimes we unknowingly create vulnerabilities in our systems. One of the best ways to prevent problems is to train the team working on the project. To help do this, Holden Oullette started an OpenSource project called Elixir Secure Coding Training for teams. Livebook based, the lessons can be forked and customized for what’s relevant to our projects. Check out what's already available! There’s more work and lessons to create. People are invited to jump in and help out. The goal is to create an education and training resource for the Elixir community!
Show Notes online - http://podcast.thinkingelixir.com/122
Elixir Community News
https://twitter.com/AshFramework/status/1582062954891350016 – Ash Framework 2.0 released
https://github.com/ash-project/ash/blob/2.0/CHANGELOG.md – Ash Framework changelog
https://www.ash-hq.org/
https://elixirforum.com/t/ex-cldr-common-locale-data-repository-cldr-functions-for-elixir/17350/92 – Ex_cldr and Kip Cole's development plans
https://podcast.thinkingelixir.com/120 – Interview with Kip Cole
https://hexdocs.pm/ex_cldr_routes – New CLDR library to help localize Phoenix routes
https://hexdocs.pm/phoenix_localized_routes – There are other route localizing options as well
https://twitter.com/lukaszsamson/status/1578521810554916864 – Elixir-LS fixed 4 year old bug with help from reporter!
https://github.com/elixir-lsp/elixir-ls/issues/120 – Elixir-LS history and details on the fix
https://twitter.com/fhunleth/status/1580524909939556353 – Nerves on Apple silicon improvements in upcoming release
https://spawnfest.org/ – Spawnfest competition closed. People sharing their creations.
https://twitter.com/spawnfest/status/1581347422671806464 – List of Spawnfest judges
https://twitter.com/michalmuskala/status/1581743531764617217 – JSON Native project shared
https://github.com/spawnfest/json_native
https://twitter.com/livebookdev/status/1581995785637756928 – Livebook Ecto extension called Lively supports Entity Relationship Diagrams and more.
https://github.com/orgs/spawnfest/repositories?q=2022+in%3Atopics – See all the submissions with this non-obvious GitHub search
https://www.elixirconf.eu/ – ElixirConf EU 2023 in in Lisbon Portugal - Hybrid conference 20-21 April 2023 - In person and virtual
Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]
Discussion Resources
https://github.com/Podium/elixir-secure-coding
https://www.podium.com/
https://jupyter.org/
https://twitter.com/holdenoullette/status/1565486046237921280
https://2022.elixirconf.com/speakers/holden-oullette
https://owasp.org/Top10/
https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)
https://github.com/podium/elixir-secure-coding/blob/main/modules/4-graphql.livemd – Incomplete GraphQL module
https://hex.pm/packages/sobelow
https://semgrep.dev/
https://www.theregister.com/2016/03/23/npm_left_pad_chaos/ – Background on "left pad"
https://github.com/podium/vigil
Guest Information
https://twitter.com/holdenoullette – on Twitter
https://github.com/houllette/ – on Github
https://oullette.xyz – Blog
Find us online
Message the show - @ThinkingElixir
Email the show - [email protected]
Mark Ericksen - @brainlid
David Bernheisel - @bernheisel
Cade Ward - @cadebward
Sponsored By:
Fly.io: Fly.io is a great place to deploy your next Phoenix application! Check them out!