251: SSH Vulnerability and Cookies are Changing

Thinking Elixir Podcast

محتوای ارائه شده توسط ThinkingElixir.com. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط ThinkingElixir.com یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

4M ago 41:51

MP3•خانه قسمت

News includes a critical Unauthenticated Remote Code Execution vulnerability in Erlang/OTP SSH, José Valim teasing a new project, Oban Pro v1.6's impressive new "Cascade Mode" feature, Semaphore CI/CD platform being open-sourced as a primarily Elixir application, new sandboxing options for Elixir code with Dune and Mini Elixir, BeaconCMS development slowing due to DockYard cuts, and a look at the upcoming W3C Device Bound Session Credentials standard that will impact all web applications, and more!

Show Notes online - http://podcast.thinkingelixir.com/251

Elixir Community News

https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer.
https://x.com/ErlangDiscu/status/1914259474937753747 – Unauthenticated Remote Code Execution vulnerability discovered in Erlang/OTP SSH.
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 – Official security advisory for the Erlang/OTP SSH vulnerability.
https://paraxial.io/blog/erlang-ssh – Paraxial.io's detailed blog post addressing how the SSH vulnerability impacts typical Elixir systems.
https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539 – Updated Nerves systems available with SSH vulnerability fix.
https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g – Announcement of Oban Pro v1.6's new "Cascade Mode" feature.
https://oban.pro/articles/weaving-stories-with-cascading-workflows – Blog post demonstrating Oban Pro's new Cascading Workflows feature used to create children's stories with AI.
https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k – José Valim teasing a new logo with "Soon" message.
https://tidewave.ai/ – New site mentioned in José Valim's teasers, not loading to anything yet.
https://github.com/tidewave-ai – New GitHub organization related to José Valim's upcoming announcement.
https://github.com/tidewave-ai/mcp_proxy_elixir – The only public project in the tidewave-ai organization - an Elixir MCP server for STDIO.
https://x.com/chris_mccord/status/1913073561561858229 – Chris McCord teasing AI development with Phoenix applications.
https://ashweekly.substack.com/p/ash-weekly-issue-13 – Zach Daniel teasing upcoming Ash news to be announced at ElixirConf EU.
https://elixirforum.com/t/dune-sandbox-for-elixir/42480 – Dune - a sandbox for Elixir created by a Phoenix maintainer.
https://github.com/functional-rewire/dune – GitHub repository for Dune, an Elixir code sandbox.
https://blog.sequinstream.com/why-we-built-mini-elixir/ – Blog post explaining Mini Elixir, another Elixir code sandbox solution.
https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir – GitHub repository that contains Mini Elixir, an Elixir AST interpreter.
https://www.reddit.com/r/elixir/comments/1k27ekg/we_built_a_custom_elixir_ast_interpreter_for/ – Reddit discussion about Mini Elixir AST interpreter.
https://github.com/semaphoreio/semaphore – Semaphore CI/CD platform open-sourced under Apache 2.0 license - primarily an Elixir application.
https://semaphore.io/ – Official website for Semaphore CI/CD platform.
https://docs.semaphoreci.com/CE/getting-started/install – Installation guide for Semaphore Community Edition.
https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t – Announcement from Marko Anastasov, co-founder of Semaphore CI, about open-sourcing their platform.
https://github.com/elixir-dbvisor/sql – GitHub repository for SQL parser and sigil with impressive benchmarks.
https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1 – Discussion about SQL parser being 400-650x faster than Ecto for generating SQL.
https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p – Announcement about BeaconCMS reducing development due to Dockyard cuts.
https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w – Related profile for BeaconCMS announcement.
https://beaconcms.org/ – BeaconCMS official website.
https://github.com/BeaconCMS/beacon – GitHub repository for BeaconCMS.

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]

Discussion Resources

Discussion about Device Bound Session Credentials, a W3C initiative being built into major browsers that will require minor changes to Phoenix for implementation.
https://w3c.github.io/webappsec-dbsc/ – W3C - Device Bound Session Credentials proposal
https://github.com/w3c/webappsec-dbsc/ – Device Bound Session Credentials explainer
https://developer.chrome.com/docs/web-platform/device-bound-session-credentials – Device Bound Session Credentials (DBSC) on the Google Chrome developer blog
https://en.wikipedia.org/wiki/Trusted_Platform_Module – Wikipedia article on Trusted Platform Module, relevant to Device Bound Session Credentials discussion.
https://www.grc.com/sn/sn-1021-notes.pdf – Other podcast show notes discussing Device Bound Session Credentials (DBSC).
https://twit.tv/shows/security-now/episodes/1021?autostart=false – Security Now podcast episode covering Device Bound Session Credentials (time coded link to discussion).

Find us online

Message the show - Bluesky
Message the show - X
Message the show on Fediverse - @[email protected]
Email the show - [email protected]
Mark Ericksen on X - @brainlid
Mark Ericksen on Bluesky - @brainlid.bsky.social
Mark Ericksen on Fediverse - @[email protected]
David Bernheisel on Bluesky - @david.bernheisel.com
David Bernheisel on Fediverse - @[email protected]