We talk with Bram Verburg about an important root certificate expiring at the end of September and how this impacts your Elixir and Erlang projects! Bram helps explain where this IS and IS NOT a problem. He also explains the different update options available. We also get Bram’s security perspectives from his years of focused study and contributions in the Elixir and Erlang communities. A great resource for understanding the current certificate situation and for protecting your Elixir projects!
Show Notes online - http://podcast.thinkingelixir.com/64 (http://podcast.thinkingelixir.com/64)
Elixir Community News
- https://github.com/elixir-nx/explorer (https://github.com/elixir-nx/explorer) – New Elixir-Nx project called Explorer released
- Explorer summarized with "When combined with other Nx libraries, Explorer is like a super-powerful spreadsheet"
- https://twitter.com/cigrainger/status/1433934973682139139 (https://twitter.com/cigrainger/status/1433934973682139139) – Twitter announcement of Explorer
- https://github.com/hauleth/mix_unused (https://github.com/hauleth/mix_unused) – mix_unused is a compiler tracer for detecting unused public functions.
- https://hexdocs.pm/prom_ex/readme.html (https://hexdocs.pm/prom_ex/readme.html) – PromEx sees a new 1.4.x release
- https://github.com/erlang/rebar3/releases/tag/3.17.0 (https://github.com/erlang/rebar3/releases/tag/3.17.0) – Rebar had a new release 3.17.0
- https://github.com/woylie/ectonestedchangeset (https://github.com/woylie/ecto_nested_changeset) – Ecto Nested Changeset project
- https://github.com/elixir-ecto/ecto/pull/3731 (https://github.com/elixir-ecto/ecto/pull/3731) – Discussion that lead to pulling out as a separate library
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com)
Discussion Resources
- https://blog.voltone.net/post/29 (https://blog.voltone.net/post/29) – Initial post describing the problem
- https://blog.voltone.net/post/30 (https://blog.voltone.net/post/30) – Updates and mitigation recommendations
- https://www.youtube.com/watch?v=0jzcPnsE4nQ (https://www.youtube.com/watch?v=0jzcPnsE4nQ) – Learn you some 'ssl' for much security! - ElixirConfEU 2019
- https://erlef.github.io/security-wg/securecodinganddeploymenthardening/inets (https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets)
- https://blog.voltone.net/post/27 (https://blog.voltone.net/post/27) – CVE-2020-35733 discovered in December
- https://blog.voltone.net/post/28 (https://blog.voltone.net/post/28)
- https://www.youtube.com/watch?v=r0DuAse9tK8 (https://www.youtube.com/watch?v=r0DuAse9tK8)
- https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/ (https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/)
- OTP 24.0.4 and later is good
- OTP 23.3.4.6 and later is good
- https://github.com/dlesl/erqwest (https://github.com/dlesl/erqwest)
- https://hex.pm/packages/mint (https://hex.pm/packages/mint)
- https://xkcd.com/927/ (https://xkcd.com/927/) – The referenced XKCD comic
- https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/ (https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/)
- https://github.com/elixir-mint/mint/pull/328 (https://github.com/elixir-mint/mint/pull/328)
- https://blog.voltone.net/post/28 (https://blog.voltone.net/post/28)
- https://blog.voltone.net/post/27 (https://blog.voltone.net/post/27)
- https://en.wikipedia.org/wiki/Heartbleed (https://en.wikipedia.org/wiki/Heartbleed)
- https://istio.io/ (https://istio.io/)
- https://hex.pm/packages/hackney (https://hex.pm/packages/hackney)
- https://hex.pm/packages/finch (https://hex.pm/packages/finch)
- https://blog.voltone.net/ (https://blog.voltone.net/)
Guest Information
- https://twitter.com/voltonez (https://twitter.com/voltonez) – on Twitter
- h