64: OTP Certificate Woes with Bram Verburg
Thinking Elixir Podcast
English - September 14, 2021 10:15 - 42 minutes - 29.6 MBHow To Education News Tech News elixir programming web clustering phoenix liveview news developer Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
We talk with Bram Verburg about an important root certificate expiring at the end of September and how this impacts your Elixir and Erlang projects! Bram helps explain where this IS and IS NOT a problem. He also explains the different update options available. We also get Bram’s security perspectives from his years of focused study and contributions in the Elixir and Erlang communities. A great resource for understanding the current certificate situation and for protecting your Elixir projects!
Show Notes online - http://podcast.thinkingelixir.com/64 (http://podcast.thinkingelixir.com/64)
Elixir Community News
- https://github.com/elixir-nx/explorer (https://github.com/elixir-nx/explorer) – New Elixir-Nx project called Explorer released
- Explorer summarized with "When combined with other Nx libraries, Explorer is like a super-powerful spreadsheet"
- https://twitter.com/cigrainger/status/1433934973682139139 (https://twitter.com/cigrainger/status/1433934973682139139) – Twitter announcement of Explorer
- https://github.com/hauleth/mix_unused (https://github.com/hauleth/mix_unused) – mix_unused is a compiler tracer for detecting unused public functions.
- https://hexdocs.pm/prom_ex/readme.html (https://hexdocs.pm/prom_ex/readme.html) – PromEx sees a new 1.4.x release
- https://github.com/erlang/rebar3/releases/tag/3.17.0 (https://github.com/erlang/rebar3/releases/tag/3.17.0) – Rebar had a new release 3.17.0
- https://github.com/woylie/ectonestedchangeset (https://github.com/woylie/ecto_nested_changeset) – Ecto Nested Changeset project
- https://github.com/elixir-ecto/ecto/pull/3731 (https://github.com/elixir-ecto/ecto/pull/3731) – Discussion that lead to pulling out as a separate library
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at [email protected] (mailto:[email protected])
Discussion Resources
- https://blog.voltone.net/post/29 (https://blog.voltone.net/post/29) – Initial post describing the problem
- https://blog.voltone.net/post/30 (https://blog.voltone.net/post/30) – Updates and mitigation recommendations
- https://www.youtube.com/watch?v=0jzcPnsE4nQ (https://www.youtube.com/watch?v=0jzcPnsE4nQ) – Learn you some 'ssl' for much security! - ElixirConfEU 2019
- https://erlef.github.io/security-wg/securecodinganddeploymenthardening/inets (https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets)
- https://blog.voltone.net/post/27 (https://blog.voltone.net/post/27) – CVE-2020-35733 discovered in December
- https://blog.voltone.net/post/28 (https://blog.voltone.net/post/28)
- https://www.youtube.com/watch?v=r0DuAse9tK8 (https://www.youtube.com/watch?v=r0DuAse9tK8)
- https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/ (https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/)
- OTP 24.0.4 and later is good
- OTP 23.3.4.6 and later is good
- https://github.com/dlesl/erqwest (https://github.com/dlesl/erqwest)
- https://hex.pm/packages/mint (https://hex.pm/packages/mint)
- https://xkcd.com/927/ (https://xkcd.com/927/) – The referenced XKCD comic
- https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/ (https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/)
- https://github.com/elixir-mint/mint/pull/328 (https://github.com/elixir-mint/mint/pull/328)
- https://blog.voltone.net/post/28 (https://blog.voltone.net/post/28)
- https://blog.voltone.net/post/27 (https://blog.voltone.net/post/27)
- https://en.wikipedia.org/wiki/Heartbleed (https://en.wikipedia.org/wiki/Heartbleed)
- https://istio.io/ (https://istio.io/)
- https://hex.pm/packages/hackney (https://hex.pm/packages/hackney)
- https://hex.pm/packages/finch (https://hex.pm/packages/finch)
- https://blog.voltone.net/ (https://blog.voltone.net/)
Guest Information
- https://twitter.com/voltonez (https://twitter.com/voltonez) – on Twitter
- https://github.com/voltone/ (https://github.com/voltone/) – on Github
- https://blog.voltone.net/ (https://blog.voltone.net/) – Blog
Find us online
- Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir)
- Email the show - [email protected] (mailto:[email protected])
- Mark Ericksen - @brainlid (https://twitter.com/brainlid)
- David Bernheisel - @bernheisel (https://twitter.com/bernheisel)
- Cade Ward - @cadebward (https://twitter.com/cadebward)
We talk with Bram Verburg about an important root certificate expiring at the end of September and how this impacts your Elixir and Erlang projects! Bram helps explain where this IS and IS NOT a problem. He also explains the different update options available. We also get Bram’s security perspectives from his years of focused study and contributions in the Elixir and Erlang communities. A great resource for understanding the current certificate situation and for protecting your Elixir projects!
Show Notes online - http://podcast.thinkingelixir.com/64
Elixir Community News
https://github.com/elixir-nx/explorer – New Elixir-Nx project called Explorer released
Explorer summarized with "When combined with other Nx libraries, Explorer is like a super-powerful spreadsheet"
https://twitter.com/cigrainger/status/1433934973682139139 – Twitter announcement of Explorer
https://github.com/hauleth/mix_unused – mix_unused is a compiler tracer for detecting unused public functions.
https://hexdocs.pm/prom_ex/readme.html – PromEx sees a new 1.4.x release
https://github.com/erlang/rebar3/releases/tag/3.17.0 – Rebar had a new release 3.17.0
https://github.com/woylie/ecto_nested_changeset – Ecto Nested Changeset project
https://github.com/elixir-ecto/ecto/pull/3731 – Discussion that lead to pulling out as a separate library
Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]
Discussion Resources
https://blog.voltone.net/post/29 – Initial post describing the problem
https://blog.voltone.net/post/30 – Updates and mitigation recommendations
https://www.youtube.com/watch?v=0jzcPnsE4nQ – Learn you some 'ssl' for much security! - ElixirConfEU 2019
https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets
https://blog.voltone.net/post/27 – CVE-2020-35733 discovered in December
https://blog.voltone.net/post/28
https://www.youtube.com/watch?v=r0DuAse9tK8
https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/
OTP 24.0.4 and later is good
OTP 23.3.4.6 and later is good
https://github.com/dlesl/erqwest
https://hex.pm/packages/mint
https://xkcd.com/927/ – The referenced XKCD comic
https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/
https://github.com/elixir-mint/mint/pull/328
https://blog.voltone.net/post/28
https://blog.voltone.net/post/27
https://en.wikipedia.org/wiki/Heartbleed
https://istio.io/
https://hex.pm/packages/hackney
https://hex.pm/packages/finch
https://blog.voltone.net/
Guest Information
https://twitter.com/voltonez – on Twitter
https://github.com/voltone/ – on Github
https://blog.voltone.net/ – Blog
Find us online
Message the show - @ThinkingElixir
Email the show - [email protected]
Mark Ericksen - @brainlid
David Bernheisel - @bernheisel
Cade Ward - @cadebward