64: OTP Certificate Woes with Bram Verburg

We talk with Bram Verburg about an important root certificate expiring at the end of September and how this impacts your Elixir and Erlang projects! Bram helps explain where this IS and IS NOT a problem. He also explains the different update options available. We also get Bram’s security perspectives from his years of focused study and contributions in the Elixir and Erlang communities. A great resource for understanding the current certificate situation and for protecting your Elixir projects! Show Notes online - http://podcast.thinkingelixir.com/64 Elixir Community News https://github.com/elixir-nx/explorer – New Elixir-Nx project called Explorer released Explorer summarized with "When combined with other Nx libraries, Explorer is like a super-powerful spreadsheet" https://twitter.com/cigrainger/status/1433934973682139139 – Twitter announcement of Explorer https://github.com/hauleth/mix_unused – mix_unused is a compiler tracer for detecting unused public functions. https://hexdocs.pm/prom_ex/readme.html – PromEx sees a new 1.4.x release https://github.com/erlang/rebar3/releases/tag/3.17.0 – Rebar had a new release 3.17.0 https://github.com/woylie/ecto_nested_changeset – Ecto Nested Changeset project https://github.com/elixir-ecto/ecto/pull/3731 – Discussion that lead to pulling out as a separate library Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected] Discussion Resources https://blog.voltone.net/post/29 – Initial post describing the problem https://blog.voltone.net/post/30 – Updates and mitigation recommendations https://www.youtube.com/watch?v=0jzcPnsE4nQ – Learn you some 'ssl' for much security! - ElixirConfEU 2019 https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/inets https://blog.voltone.net/post/27 – CVE-2020-35733 discovered in December https://blog.voltone.net/post/28 https://www.youtube.com/watch?v=r0DuAse9tK8 https://pragprog.com/titles/jaerlang2/programming-erlang-2nd-edition/ OTP 24.0.4 and later is good OTP 23.3.4.6 and later is good https://github.com/dlesl/erqwest https://hex.pm/packages/mint https://xkcd.com/927/ – The referenced XKCD comic https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaround-for-abandonware-android-devices/ https://github.com/elixir-mint/mint/pull/328 https://blog.voltone.net/post/28 https://blog.voltone.net/post/27 https://en.wikipedia.org/wiki/Heartbleed https://istio.io/ https://hex.pm/packages/hackney https://hex.pm/packages/finch https://blog.voltone.net/ Guest Information https://twitter.com/voltonez – on Twitter https://github.com/voltone/ – on Github https://blog.voltone.net/ – Blog Find us online Message the show - @ThinkingElixir Email the show - [email protected] Mark Ericksen - @brainlid David Bernheisel - @bernheisel Cade Ward - @cadebward