web01.fireside.fm Sat, 23 May 2026 16:57:52 -0500 Fireside (https://fireside.fm) Thinking Elixir Podcast - Episodes Tagged with “Best Practices” https://podcast.thinkingelixir.com/tags/best%20practices Tue, 17 Oct 2023 04:15:00 -0600 The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community. Whether you are already experienced with Elixir or just exploring the language, this show is created with you in mind. We discuss community news, Functional Programming, transitioning from OOP, coding conventions, and more. Guests visit the show to help challenge our assumptions, learn about new developments and grow in the process. Subscribe to join us on this journey! en-us episodic News and interviews for the Elixir community ThinkingElixir.com The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community. Whether you are already experienced with Elixir or just exploring the language, this show is created with you in mind. We discuss community news, Functional Programming, transitioning from OOP, coding conventions, and more. Guests visit the show to help challenge our assumptions, learn about new developments and grow in the process. Subscribe to join us on this journey! no elixir, programming, web, clustering, phoenix, liveview, news, developer ThinkingElixir.com podcast@thinkingelixir.com 173: Web App Security Best Practices and Sobelow https://podcast.thinkingelixir.com/173 f1cd648d-8b6e-4a39-8fd2-b546c718c80d Tue, 17 Oct 2023 04:15:00 -0600 ThinkingElixir.com full ThinkingElixir.com We're joined by Michael Lubas of Paraxial.io as we delve into cybersecurity! We talk about the EEF's Web Application Security Best Practices guide. We show Sobelow some deserved love as it helps all Elixir web apps and much more! 47:26 no <p>We delve into the tricky world of cybersecurity with our guest, Michael Lubas. We touch on the widely-discussed 23andMe data breach, discussing what went wrong and how it applies to Elixir apps. A significant part of our talk is centered around the informative guide by the EEF Security Working Group called “Web Application Security Best Practices for BEAM languages.” An essential tool featured in our discussion is Sobelow, a security-focused static code analysis tool invaluable in warding off potential security breaches. We wrap up the conversation by discussing the practical application of these tools, using Paraxial.io's vulnerable-by-design “Potion Shop” app as a case study to run Sobelow and practice fixing issues. Join us for an enlightening discussion packed full of important insights!</p> <p>Show Notes online - <a href="http://podcast.thinkingelixir.com/173" target="_blank" rel="nofollow noopener">http://podcast.thinkingelixir.com/173</a></p> <p><strong>Elixir Community News</strong></p> <ul> <li> <a href="https://github.com/phoenixframework/phoenix_live_view/pull/2845?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/phoenixframework/phoenix_live_view/pull/2845</a> – Information on the upcoming LiveView that speeds up client DOM patching 5x.</li> <li> <a href="https://twitter.com/chris_mccord/status/1709681327019086044?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/chris_mccord/status/1709681327019086044</a> – The post to further explain the upcoming LiveView.</li> <li> <a href="https://twitter.com/josevalim/status/1709841186972705033?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/josevalim/status/1709841186972705033</a> – José Valim's clarification on how LiveView's 5x DOM patching works.</li> <li> <a href="https://twitter.com/wojtekmach/status/1709675064944144605?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/wojtekmach/status/1709675064944144605</a> – Teaser about a cool new Req feature by Wojtek Mach.</li> <li> <a href="https://twitter.com/wojtekmach/status/1710053454217887970?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/wojtekmach/status/1710053454217887970</a> – Release note for Req v0.3.12 and v0.4.4 and encouragement to upgrade.</li> <li> <a href="https://twitter.com/Tangui/status/1709645048906748378?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/Tangui/status/1709645048906748378</a> – Announcement of a new HTTP Caching library called http_cache.</li> <li> <a href="http://svground.fr/blog/posts/introducing-http-cache/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">http://svground.fr/blog/posts/introducing-http-cache/</a> – Blog post that accompanies the release of the new HTTP Caching library.</li> <li> <a href="https://github.com/tanguilp/plug_http_cache?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/tanguilp/plug_http_cache</a> – plug_http_cache - An Elixir plug that caches HTTP responses.</li> <li> <a href="https://github.com/tanguilp/tesla_http_cache?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/tanguilp/tesla_http_cache</a> – tesla_http_cache - HTTP caching Tesla middleware.</li> <li> <a href="https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2</a> – Post about Day 1 of Livebook's launch week with information on the new feature.</li> <li> <a href="https://twitter.com/thmsmlr/status/1709309268183367901?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/thmsmlr/status/1709309268183367901</a> – Announcement of Livebook Copilot by Thomas Millar.</li> <li> <a href="https://github.com/thmsmlr/kino_copilot?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/thmsmlr/kino_copilot</a> – kino_copilot - Livebook SmartCell that refactors code, generates SQL for data analysis, writes documentation, and generates dashboards.</li> <li> <a href="https://twitter.com/hugobarauna/status/1709631824555573554?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/hugobarauna/status/1709631824555573554</a> – Demonstration of Livebook voice transcription by Hugo Baraúna.</li> <li> <a href="https://github.com/brainlid/langchain_demo?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/brainlid/langchain_demo</a> – LangChain Demo project that includes an example of an Agent.</li> <li> <a href="https://fly.io/phoenix-files/created-my-personal-ai-fitness-trainer-in-2-days/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://fly.io/phoenix-files/created-my-personal-ai-fitness-trainer-in-2-days/</a> – Blog post - Created my Personal AI Fitness Trainer in 2 Days</li> <li> <a href="https://www.youtube.com/watch?v=AsfQNtoaB1M?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.youtube.com/watch?v=AsfQNtoaB1M</a> – YouTube video overview for AI Personal Fitness Trainer with demo</li> <li> <a href="https://spawnfest.org/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://spawnfest.org/</a> – Information on SpawnFest, a 48-hour online software development contest.</li> <li> <a href="https://codebeameurope.com/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://codebeameurope.com/</a> – Information on CodeBEAM Europe event.</li> </ul> <p>Do you have some Elixir news to share? Tell us at <a href="https://twitter.com/ThinkingElixir" target="_blank" rel="nofollow noopener">@ThinkingElixir</a> or email at <a href="mailto:show@thinkingelixir.com" target="_blank" rel="nofollow noopener">show@thinkingelixir.com</a></p> <p><strong>Discussion Resources</strong></p> <ul> <li> <a href="https://www.wired.com/story/23andme-credential-stuffing-data-stolen/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.wired.com/story/23andme-credential-stuffing-data-stolen/</a> – 23andMe breach</li> <li> <a href="https://erlef.github.io/security-wg/web_app_security_best_practices_beam/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://erlef.github.io/security-wg/web_app_security_best_practices_beam/</a> – Web Application Security Best Practices for BEAM languages - a guide from the EEF Security Working Group</li> <li> <a href="https://paraxial.io/blog/real-sobelow?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://paraxial.io/blog/real-sobelow</a> – Elixir Security - Real World Sobelow</li> <li> <a href="https://podcast.thinkingelixir.com/148?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://podcast.thinkingelixir.com/148</a> – Security Scanning our Apps with Sobelow</li> <li> <a href="https://www.ftc.gov/enforcement/refunds/equifax-data-breach-settlement?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.ftc.gov/enforcement/refunds/equifax-data-breach-settlement</a> – Why use Sobelow? The Equifax breach, $425 million penalty, was a remote code execution (RCE) vulnerability</li> <li> <a href="https://paraxial.io/blog/elixir-rce?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://paraxial.io/blog/elixir-rce</a> – Understanding remote code execution (RCE) attacks in Elixir</li> <li> <a href="https://paraxial.io/blog/potion-shop?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://paraxial.io/blog/potion-shop</a> – Potion Shop</li> <li> <a href="https://www.meetup.com/new-york-city-elixir/events/296705817/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.meetup.com/new-york-city-elixir/events/296705817/</a> – The NYC Elixir meetup</li> <li> <a href="https://www.meetup.com/denver-erlang-elixir/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.meetup.com/denver-erlang-elixir/</a> – Denver Elixir meetup</li> </ul> <p><strong>Guest Information</strong></p> <ul> <li> <a href="https://twitter.com/paraxialio?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://twitter.com/paraxialio</a> – on Twitter</li> <li> <a href="https://github.com/paraxialio/?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://github.com/paraxialio/</a> – on Github</li> <li> <a href="https://genserver.social/paraxial?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://genserver.social/paraxial</a> – on Fediverse</li> <li> <a href="https://paraxial.io/blog/index?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://paraxial.io/blog/index</a> – Blog</li> <li> <a href="https://www.linkedin.com/company/paraxial-io?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.linkedin.com/company/paraxial-io</a> – LinkedIn</li> <li> <a href="https://www.youtube.com/@paraxial5874?utm_source=thinkingelixir&amp;utm_medium=shownotes" target="_blank" rel="nofollow noopener">https://www.youtube.com/@paraxial5874</a> – Paraxial YouTube channel</li> </ul> <p><strong>Find us online</strong></p> <ul> <li>Message the show - <a href="https://twitter.com/ThinkingElixir" target="_blank" rel="nofollow noopener">@ThinkingElixir</a> </li> <li>Message the show on Fediverse - <a href="https://genserver.social/ThinkingElixir" target="_blank" rel="nofollow noopener">@ThinkingElixir@genserver.social</a> </li> <li>Email the show - <a href="mailto:show@thinkingelixir.com" target="_blank" rel="nofollow noopener">show@thinkingelixir.com</a> </li> <li>Mark Ericksen - <a href="https://twitter.com/brainlid" target="_blank" rel="nofollow noopener">@brainlid</a> </li> <li>Mark Ericksen on Fediverse - <a href="https://genserver.social/brainlid" target="_blank" rel="nofollow noopener">@brainlid@genserver.social</a> </li> <li>David Bernheisel - <a href="https://twitter.com/bernheisel" target="_blank" rel="nofollow noopener">@bernheisel</a> </li> <li>David Bernheisel on Fediverse - <a href="https://genserver.social/dbern" target="_blank" rel="nofollow noopener">@dbern@genserver.social</a> </li> <li>Cade Ward - <a href="https://twitter.com/cadebward" target="_blank" rel="nofollow noopener">@cadebward</a> </li> <li>Cade Ward on Fediverse - <a href="https://genserver.social/cadebward" target="_blank" rel="nofollow noopener">@cadebward@genserver.social</a> </li> </ul> elixir, security, sobelow, best practices We delve into the tricky world of cybersecurity with our guest, Michael Lubas. We touch on the widely-discussed 23andMe data breach, discussing what went wrong and how it applies to Elixir apps. A significant part of our talk is centered around the informative guide by the EEF Security Working Group called “Web Application Security Best Practices for BEAM languages.” An essential tool featured in our discussion is Sobelow, a security-focused static code analysis tool invaluable in warding off potential security breaches. We wrap up the conversation by discussing the practical application of these tools, using Paraxial.io's vulnerable-by-design “Potion Shop” app as a case study to run Sobelow and practice fixing issues. Join us for an enlightening discussion packed full of important insights!

Show Notes online - http://podcast.thinkingelixir.com/173

Elixir Community News

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Discussion Resources

Guest Information

Find us online

Sponsored By:

]]> We delve into the tricky world of cybersecurity with our guest, Michael Lubas. We touch on the widely-discussed 23andMe data breach, discussing what went wrong and how it applies to Elixir apps. A significant part of our talk is centered around the informative guide by the EEF Security Working Group called “Web Application Security Best Practices for BEAM languages.” An essential tool featured in our discussion is Sobelow, a security-focused static code analysis tool invaluable in warding off potential security breaches. We wrap up the conversation by discussing the practical application of these tools, using Paraxial.io's vulnerable-by-design “Potion Shop” app as a case study to run Sobelow and practice fixing issues. Join us for an enlightening discussion packed full of important insights!

Show Notes online - http://podcast.thinkingelixir.com/173

Elixir Community News

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Discussion Resources

Guest Information

Find us online

Sponsored By:

]]>