Elixir Blog Posts

cloudytoday · April 28, 2023, 4:48am

I found this post about Erlang arrays quite interesting.

zediogoviana · May 5, 2023, 3:36pm

There are several tutorials and alternatives to build a “Sign in with Metamask” for a dApp (decentralized application) using any modern JS Framework, but very limited content on how to do it using LiveView. In this blog post, I make an introduction to how this sign-in method works under the hood and how we can integrate it with some ease into a LiveView app.

PJUllrich · May 7, 2023, 11:13am

When uploading sensitive user files to S3, you better encrypt them or you risk data breaches and fines! This post explains how to encrypt, decrypt, upload, and download files from S3 and how to display them in LiveView.

realcorvus · May 8, 2023, 11:43am

Hi everyone, new article about how Elixir does not suffer from the thread safety issues often seen in web apps - How Elixir Solves a Difficult Security Problem

toberoni · May 27, 2023, 10:50am

Hi, my first blog post is a beginner-friendly tutorial that shows you how to implement a full text search in SQLite without any external dependencies:

ausimian · May 27, 2023, 12:41pm

I read this and enjoyed it, but I think Elixir/Erlang are just as open to the kind of race described here as the Ruby code was, because the equivalent code in Elixir would be two independent processes reading / writing also to shared state, e.g. ETS (or even a third process). The problem isn’t the language (in this case), it is the shared state. You don’t even need true concurrency to provoke these errors, just a certain interleaving of events on the same thread.

miguelcoba · May 29, 2023, 11:19am

I wrote an article about ways to handle editing and previewing images in forms that use live_file_input.

Read it here:

I’d love to hear if you have alternative ways to handle this use case.

Thanks

szsoppa · June 1, 2023, 9:53am

Maintaining business logic in the web app (Phoenix Context in most cases) the right way is a must if you don’t want to refactor your project every year or two In this blog post, I’m presenting my approach to Phoenix Contexts’ maintainability.

zediogoviana · June 8, 2023, 6:42pm

Even if you’re relatively new to the Elixir ecosystem, you have likely come across the concept of generators. These generators are very common and you may recognize them from running commands like mix new hello_world, or Phoenix related commands.

In this short post, I give an insight into how you can quickly set up your own generators and why the first Google link/ChatGPT answer is not always the best approach to the problem at hand.

dom · June 11, 2023, 2:30pm

We also store the encryption salt or encryption_iv , which protects the encrypted file from dictionary attacks.

The IV is critical but for different reasons, see e.g. Reused IV-Key Pair Vulnerability | SecureFlag Security Knowledge Base. A dictionary attack wouldn’t do much here since you’re generating the key from random bytes

But if we use the encryption key of the current user for decrypting the file, the result would be gibberish or worst-case, throw an error.

It would be better to use an authenticated mode (crypto_one_time_aead/6). That would ensure decryption fails if the wrong key is used, or more importantly, if someone tampers with the encrypted data.

PJUllrich · June 14, 2023, 12:42pm

Thanks @dom for the clarification! You’re right, it’s not a dictionary attack that a salt is protecting against, at least not in this case. I don’t fully understand the impact of reusing salts as described in the article that you linked, but I agree that it isn’t dictionary attacks, so I’ll update that part of the article

Ah interesting! I didn’t know about this function. I have no experience using it though. What is the AAD that it references? It is another kind of salt maybe?

Lucassifoni · June 16, 2023, 10:17am

Hello ! My toy elixir-hosted elixir-looking language has reached evaluation via AST walking. Nothing too fancy, and I already spotted a lot of design errors, but I find a lot of joy in building this small interpreter from scratch. It also allows me to switch context when I block on something else. The code is quite basic and does not feature any optimizations, so maybe this, or the process, will be interesting to some.

Here is a link : Hosting a small language in elixir, pt 5 - evaluation

The next step for me will be working on the visual editor. Even if the only use of this language is for a side-project private app I’m building for fun, I really want to try to get to a fun visual<->text editing parity.

dom · June 18, 2023, 6:22am

AAD is “additional authenticated data”, it’s data that’s not part of the encrypted payload, but still gets validated. You have to pass the same value when encrypting and decrypting otherwise the decryption fails. It prevents tampering where an attacker doesn’t modify the encrypted payload itself, but rather copy-pastes it in a different context.

A good AAD here could be the file ID. This way if an attacker swaps the contents of two files A and B in S3, the app will try to decrypt the contents of A with B’s ID as AAD or vice versa, and that will fail even if they were encrypted with the same key.

PJUllrich · June 18, 2023, 12:01pm

Kill your Phoenix Context

Phoenix Contexts often become a dumping ground for code that doesn’t have an obvious place. Learn how to organize your code using services, queries, and repositories.

zediogoviana · July 4, 2023, 12:57pm

In this blog post, I used Livebook to analyse my house’s consumption and production of electricity. There are some interesting plots powered by mostly sunny days in the last 3 months. Hope you enjoy it!

realcorvus · July 5, 2023, 12:24pm

New Blog Post: Inspecting Elixir Dependencies at Runtime for Security. Doing this is a pretty simple one-liner, but knowing how to do it correctly is extremely important.

JohnnyCurran · July 7, 2023, 3:47pm

New post: How To Add Magic Link Login to phx.gen.auth - The simple, safe, and secure way to extend the tools phx.gen.auth gives you to implement magic link login in your app.

Any and all feedback welcome! Hope you enjoy!

alexpls · July 8, 2023, 6:46am

Hey! I’ve just published a post on rendering SVG sparkline charts using Elixir:

linusdm · July 8, 2023, 9:29am

Very nice description of how you can extends phx.gen.auth to do magic links (without any extra dependencies). Thanks for sharing!

The only minor feedback I’d have is to avoid calling back to your web module from your context module here. This creates a cyclical dependency. The original functions that send emails (like this one), in the Accounts context module avoid this by accepting an extra function that generates a full url, given an encoded token. Extending this pattern would be a better choice IMO.

silbermm · July 8, 2023, 9:06pm

I released a new project today. Very simple but fun - a webring for the BEAM community.

I’m happy to add anyone here to it if you’re interested!