0:01

Hello, and welcome

0:03

to the Thinking Elixir podcast,

0:05

where we cover the news of the community

0:07

and learn from each other. My name

0:09

is Mark Erickson. And

0:11

I'm David Bernheisel. Let's jump

0:13

into the news. First up,

0:15

the EEF is having

0:17

board elections. So the

0:19

Erling Ecosystem Foundation is set

0:21

up as a community organization to

0:23

be run for and by

0:26

the whole Erling ecosystem. As such,

0:28

the role of the board

0:30

is assigned by a democratic process

0:32

where voting members get to

0:34

run and vote for their preferred

0:36

candidates. So if you

0:38

are interested in helping to

0:40

guide and steer the direction

0:42

and influence, the direction of

0:44

the Erling Ecosystem Foundation and what

0:47

it's involved in, how

0:49

different decisions are being made, So

0:51

as a member of the board,

0:53

you have involvement with these different

0:55

types of meetings, voting how funds

0:57

are being distributed and what initiatives

0:59

are being taken on. So

1:02

if you're interested in helping

1:04

guide the community at that

1:06

level, they are open for

1:08

elections. So just going to mention some

1:10

of the important dates. We'll have a link to the EEF

1:12

has a blog post about this where they

1:15

go into more detail and have links and

1:17

explanations about what's involved with the role and

1:19

everything so you get a good sense of

1:21

it. So some of the important

1:23

dates coming up, April 24th, members can submit

1:25

their candidacy. That's where you put in your name

1:27

to say, I'm interested in being on the

1:29

ballot. May 8th is the last

1:31

day to submit your candidacy and

1:33

an email acceptance ends at

1:36

midnight UTC. Then

1:38

May 9th, voting is

1:40

opened. And May 16th, voting is

1:42

closed, and the election results will be

1:44

announced as soon as possible after the

1:46

closing. So yeah, this is a

1:48

great opportunity if you're interested in saying, you

1:50

know, I would love to be able to

1:52

get a little bit more involved. David, are

1:55

you on the board? No.

1:59

Though I did run for it,

2:01

I think, last year when one

2:04

of the cohorts. So there are

2:06

three cohorts, by the way. Each

2:08

of them have about four or

2:10

three people, and so that way,

2:13

the whole board ends up getting

2:15

washed away one year in an

2:17

election, right? You need some

2:19

institutional knowledge that sticks around each time.

2:21

Yeah. And so this

2:23

is cohort A. A

2:25

slight correction to what I said earlier, the

2:27

EEF board elections. I mentioned that

2:29

there are three cohorts, A, B, and

2:31

C. I mentioned that A was in

2:33

the reelection cycle this year. That's incorrect.

2:36

That's not actually the cohort. It's cohort

2:38

C that is going to be re...

2:40

That's the election cycle this year, which

2:42

currently includes three folks. So

2:44

a small election this year, just in

2:46

case you guys are looking up who

2:48

all is involved and which cohort it

2:50

all is, what the schedule is. It's

2:52

cohort C, my apologies, sorry about that. Every

2:55

election that they get elected,

2:58

it's for a three -year term

3:00

or so. Don't

3:02

have any idea right now of who

3:04

all's involved with the election, but they'll have,

3:07

you know, like you mentioned all the dates before, right

3:09

now at the time of recording,

3:11

members are able to submit their candidacy,

3:13

and then at some point after

3:15

that, they'll publish who is running, yeah,

3:18

and then voting dates and all

3:20

that, and then we'll find out

3:22

who's on there. No, I had

3:24

the honor of being the only

3:26

loser last election round, which

3:28

was totally fine by me because

3:31

that whole cohort was amazing. I would

3:33

have voted for all of them.

3:35

So, yeah, no

3:37

hard feelings. love

3:39

having that badge of honor. But

3:43

you can also be a

3:45

voting member of the EEF as

3:47

well. That's one of the

3:49

levels of membership. So you can be

3:52

a membership that's free, just you join,

3:54

but you don't have any voting rights.

3:56

But if you contribute some money, then

3:58

you actually saying, yes, I'm actually invested

4:00

in the community. And then you have

4:02

the ability to make votes on different

4:04

decisions and things like that. So that's

4:07

another level of a way to be

4:09

involved and to support it. Yeah, absolutely.

4:11

We cover the news a lot here.

4:13

And I'd say, especially in the last

4:15

year of the Elixir community, I think

4:17

the EEF has really stepped up a

4:19

lot in all of the things they're

4:22

doing. And so that's evidence

4:24

of the board members and the community, but

4:26

the board members helping to organize these

4:28

things and get the word out and all

4:30

that kind of stuff. That's evidence of

4:32

an effective board and effective community. And so,

4:34

yes, if any listeners out there are

4:36

members of the EEF or not members, go

4:39

join. Go pay some dues. It's not

4:41

super expensive to do that. Yeah, go be

4:43

a part of the EEF and then

4:45

just look out for the dates where you

4:47

can vote for your favorite candidates. All

4:50

right, well, speaking of the

4:52

EEF, working with the EEF Security

4:54

Working Group, the Glean team. In

4:57

version 1 .10 .0, we'll

4:59

ship and include the

5:01

build software bill of

5:03

materials, the S -bombs,

5:06

S -spombs, and S -lisses, the

5:09

S -L -S -A, build

5:11

provenance for all release artifacts and

5:13

Docker images. We got a link

5:15

to social media post about that.

5:17

What does this mean again? This

5:19

this means greater visibility into the

5:21

dependencies that Gleam uses in the stronger

5:23

supply chain and security. So a

5:25

stronger supply chain is in like

5:27

just knowing what's in the supply

5:29

chain at all. You

5:32

know, just just to like give it an

5:34

analogy of like the real world, right? We got

5:36

all this talk about tariffs and things. Well,

5:38

tariffs have to know about what the supply chain

5:40

is. What is the supply chain? Well, it's

5:42

all these people in between that are getting you

5:44

the things, right? And so if you don't

5:46

know what the things are, then how do you

5:48

tariff them, right? And so

5:50

if we're thinking about software, try to take that

5:52

over now that we're, you know, tariffing software

5:54

here, but You want to know

5:56

what's in between, what's all involved. And

5:59

that's the whole point of these

6:01

build, spams, and SLSA build provenances.

6:03

So that's all for the greater

6:05

visibility of what it takes to

6:07

make good software. And the Gleam

6:10

team in version 1 .10 is

6:12

going to start shipping and including

6:14

these. So amazing work. Glad to

6:16

see that happening. Today's

6:18

episode is sponsored by

6:20

Paraxial .io. Everyday hackers

6:23

search the internet for vulnerable applications

6:25

aiming to steal sensitive data,

6:27

commit fraud, and spitefully ruin the

6:29

weekend of a hard -working developer.

6:31

Paraxial is the first and only security

6:34

platform with full elixir support that stops

6:36

these attacks. Developers love

6:38

the elixir -native protection. Management

6:40

loves Paraxial's metrics that

6:42

detail security accomplishments of

6:44

engineering. Which, you

6:46

know, that stuff's required for SOC2, ISO,

6:48

and HIPAA compliance. Sign up for

6:50

a free trial of paraxial today and

6:52

mention thinking elixir when you schedule

6:54

a demo for a limited time offer.

6:56

Check it out today at paraxial .io.

7:00

And next up, following up from

7:02

last week, Dave Luchia shared that

7:04

the elixir secure coding training, that's

7:07

the ESCT. So if you

7:09

remember, this was a project

7:11

that's a GitHub project initially started

7:13

and taken over from podium

7:15

by TV labs. After TV

7:17

Labs got control of it, they were

7:19

able to merge in a bunch of PRs

7:21

that were already there, resolving a number

7:23

of issues, and added a huge upgrade to

7:25

how the grading works. And so

7:27

if you don't recall what this

7:29

is, it is a GitHub repo

7:32

for an interactive cybersecurity curriculum designed

7:34

specifically for enterprises that use Elixir.

7:36

So it's that security training that

7:38

you have to do as part

7:40

of compliance. And so what they're

7:42

doing is adding, you know, when you're taking these

7:44

tests and quizzes, So you customize it

7:46

for your company. One of the

7:48

things they just did was getting

7:50

that. So a big upgrade to

7:53

how the grading works. So what

7:55

the follow up was is Dave

7:57

Lucia shared that as planned, TV

7:59

Labs has that project over

8:01

to the Erlang Ecosystem Foundation for

8:03

a more permanent home and maintainership.

8:05

So when we talk about the

8:07

EEF and what they're being involved

8:09

in, like this is an example

8:12

of that, like, hey, making. this

8:14

as a resource available for companies

8:16

that run Elixir to be able

8:18

to do the security training in

8:20

-house and customize it. Thanks to

8:22

Podium for creating it, TV Labs

8:24

for helping to shepherd and re -home

8:26

it, and then EEF for

8:28

taking ownership of that. That's a really

8:31

great resource and we want to see

8:33

that succeed. And the TV

8:35

Labs crew made some good fixes and improvements

8:37

to it while they had it too. I'm

8:40

just imagining the old... meme

8:42

from SpongeBob, like just taking it

8:45

from over here and putting it

8:47

over there. They're

8:49

just kind of moving things around a little bit. All

8:52

right, well, next up, some quick

8:54

Phoenix wins. There's a couple of

8:56

PRs. just minor things, really, but just

8:59

wanted to call them out. So Phoenix 1

9:01

.0 RC is out right now, and so

9:03

it's a release candidate for a reason. So

9:05

there's a couple of PRs that are

9:07

included in the main branch right now,

9:09

and I imagine will either be released

9:11

in the upcoming full release or another

9:13

RC of Phoenix. But two PRs I

9:15

want to call out is that the

9:18

plug debugger screen that we've talked about

9:20

this for now has dark mode, which

9:22

is really cool. But I don't know

9:24

if you've noticed, it's easy to just

9:26

wash over all of the text that's

9:28

there. But if you actually look at

9:30

it, you'll see that there's ANZ codes

9:32

in there, like meant for the console.

9:35

but it's rendered in your HTML page,

9:37

right? This was a Phoenix thing that

9:39

was doing that, not plug debugger as

9:41

far as I can tell. And

9:43

so now Phoenix will strip out

9:45

those ANSI codes so that way

9:47

they actually display a little bit

9:49

better. Quick

9:51

little win, just little things. Speaking

9:54

of little things, the installer, the

9:58

phoenix .new installer. was

10:00

updated to Tailwind version 4

10:02

a little while ago. And

10:05

as part of the Phoenix

10:07

styling, we as in the

10:09

Phoenix team adds custom variants,

10:11

and this is Tailwind language

10:13

here, but they use custom

10:15

variants to target loading states

10:17

in Phoenix with LiveView in

10:19

particular. Those were done incorrectly

10:21

the first pass, so they didn't quite work.

10:24

So there's a fix coming up

10:26

now, a quick little fix. There's nothing

10:28

to it really, just removing

10:30

some quotes and commas and

10:32

wrap, you know, just syntax

10:34

errors really. If

10:36

you compared your app

10:38

to what Phoenix is

10:40

doing now, especially since

10:43

they upgraded to tail

10:45

1 .4, and you use that

10:47

as a reference, like the diff as

10:49

a reference, you might want to go

10:51

check that again, because those custom variants

10:53

are likely not working. at the moment.

10:56

And those are specific little quick

10:58

stylings on a page when

11:00

something's loading. So 90 % of

11:02

y 'all probably hadn't even noticed

11:04

it. But yeah,

11:06

check out the PR, a

11:08

quick little two -liner, three -line change, and then

11:11

you're up and going again. But those are

11:13

some quick Phoenix wins. They're in the main

11:15

branch right now, probably coming up in the

11:17

next RC or in the next patch release

11:19

of Phoenix. So look

11:21

out for those. And next

11:23

up, there was an Ash

11:25

authentication vulnerability that was published.

11:27

So we have a link

11:29

to this, the security advisory

11:31

in the show notes. There's

11:33

a few quick mitigation steps,

11:35

which is just basically update

11:37

Ash authentication to version 4

11:39

.7 .0 and Ash authentication Phoenix

11:41

to 2 .6 .0 or higher.

11:44

And then set require interaction true.

11:46

in the confirmation strategy and

11:48

add a confirm route above the

11:50

auth routes in the router.

11:52

So that's just a ordering just

11:54

to make sure it's in

11:56

that right order. All right. Next

11:58

up, we talked about this

12:00

last week, but we'll repeat it

12:02

here. ElixirConf US 2025 is

12:04

open for submitting talks and workshops.

12:06

So we've got a link

12:08

to elixirconf .com and social media

12:10

post. Just to remind you,

12:12

ElixirConf US 2025 is again, for the

12:15

last year, I think, in Orlando. So

12:17

you can submit a talk by

12:19

April 29th or a workshop by April

12:22

15th. And they're looking for topics

12:24

on. Well, probably the obvious Phoenix Live

12:26

View or distributed systems, you know,

12:28

the whole gamut really. And

12:30

you can join the wait list

12:32

for pre -sales, pre -sale tickets now, even

12:34

so even if you're not trying

12:36

to talk at ElixirConf, you

12:39

can go ahead and get on the wait

12:41

list for pre -sale tickets, which traditionally have

12:43

been the cheapest. So if you're looking

12:45

to save a couple dollars, get on that

12:47

wait list and they'll notify you when

12:49

the tickets are on sale and you can

12:51

save a couple bucks. And last up,

12:53

ElixirConf EU speakers were announced. We have a

12:55

link to the website where you can

12:58

see the keynote speakers and the set of

13:00

speakers that have all been announced. And

13:02

it looks like a great lineup. Just

13:04

as a quick reminder,

13:06

ElixirConf will be May 14th

13:08

for training. The actual

13:10

conference sessions is the 15th and

13:12

16th of May. It's in

13:14

Krakow, Poland and also virtual. So

13:17

that is a great thing to

13:19

see, but also You know, just

13:21

let me mention some of the

13:23

keynote speakers. We've got Jose Valim,

13:25

Chris McCord, James Arthur, Matthias Front,

13:28

and David Bito. And then

13:30

you have a great list of speakers

13:32

lined up. If you were holding off on

13:34

deciding to go to the conference because

13:36

you wanted to see what was going to

13:38

be talked about, well, now you've got

13:40

a great set of speakers to check it

13:42

out. Just so you have some price

13:45

points to know. So it's 250 euros for

13:47

a virtual ticket. to

13:49

ElixirConf EU, and then

13:51

in -person tickets are about 600 euros

13:53

to get in just to get

13:55

into the door. And so

13:57

then account for any travel and lodging

13:59

there, but those are the price points

14:02

that you're looking at. And if I

14:04

sound a little bit different, I'm at

14:06

a work conference in California in a

14:08

hotel. So a different mic with different

14:10

setup, hopefully it worked out well for

14:12

the recording and we'll find out later. But

14:15

unfortunately, that's all the time we have for today.

14:17

Thank you for listening. We hope

14:19

you'll join us next time on Thinking Elixir.