Michael Lubas, founder of Paraxial.io, shares deep insights into securing Elixir applications. He delves into the critical elements of conducting security audits and the importance of automated versus manual testing in identifying vulnerabilities. The conversation touches on the latest features of Paraxial's software, emphasizing its integration with CI/CD processes. Lubas also discusses the significance of effective communication in security findings and the rising threats in cybersecurity, offering valuable advice for developers in the Elixir community.
CyanView’s innovative Elixir-powered camera shading technology enhanced live broadcasts by ensuring color consistency among multiple cameras during major events like the Olympics.
The release of Oban Pro 1.6 significantly improved job processing efficiency in Elixir applications, with performance gains realized through extensive documentation on workflows and partitioning.
Security audits are crucial for Elixir applications to ensure compliance and identify vulnerabilities, highlighting the importance of integrating security into development practices from the start.
Deep dives
CyanView's Innovative Technology
CyanView, a small Belgian company, creates remote control panels essential for live video broadcasting events like the Olympics and major fashion shows. Their technology addresses the intricate process of camera shading, which ensures that various cameras seamlessly match in color and exposure during live broadcasts. This capability is particularly vital during high-stakes events where visual consistency is crucial, such as maintaining the same shade of green on a football field across different camera feeds. Despite being a small team, their product’s impact has led to significant industry adoption, often without any marketing efforts.
Elixir's Role in Camera Control
CyanView's success is partially attributed to their use of Elixir and Erlang technology, which facilitates the management of multiple camera feeds over IP connections, even under complex operational constraints. For instance, during the Beijing Olympics, their system interfaced with Panasonic cameras, which were originally not designed for internet control, using a unique protocol to mitigate issues related to network latency. This innovative use of Elixir's supervision trees ensures that if one camera connection fails, the overall system remains operational, showcasing Elixir's robustness in handling high-demand live environments. The case study highlights how small teams using powerful technology can efficiently solve complex problems in real time.
OpenPro 1.6 Enhancements
The recent release of OpenPro 1.6 introduces several compelling features designed to enhance workflows in Elixir applications. This version offers extensive documentation on workflows, chunking, and batching of jobs, making it easier for developers to utilize these functionalities effectively. Additionally, a noteworthy improvement in queue partitioning allows for significant performance gains; processing jobs across 20 partitions has reportedly improved from 360 seconds to just 17 seconds. These updates not only enhance the platform's utility but also indicate progress in making complex job management more efficient.
OpenID Connect Library Maturation
The OpenID Connect library maintained by Dockyard has recently reached version 1.0, marking a significant milestone for developers working with secure authentication mechanisms in Elixir applications. This library simplifies integration with popular identity providers such as Google, Microsoft Azure, and Auth0, making it a valuable resource for developers looking to implement single sign-on features. Its standard configuration maps allow seamless adaptation to various OpenID providers, eliminating the need for custom integration efforts from scratch. This development underscores the growing maturity and reliability of community-supported libraries in the Elixir ecosystem.
Security Audits and Challenges
Engaging in security audits is a critical process for companies utilizing Elixir, especially those adhering to compliance standards like SOC 2 or ISO. While automated tools may identify vulnerabilities, a thorough audit also requires an understanding of organizational controls and processes that must be in place to protect sensitive information. Conducting a security audit can reveal necessary improvements in security measures while simultaneously fulfilling compliance requirements, leading to better overall organizational security. Ultimately, integrating security considerations into development practices from the outset can mitigate risks and enhance the organization's readiness to meet compliance standards.
News includes a new Elixir case study about Cyanview's camera shading technology used at major events like the Olympics and Super Bowl, Oban Pro 1.6 with 20x faster queue partitioning, the openid_connect package reaching version 1.0, Supabase's new Postgres Language Server for developer tooling, and ElixirEvents.net as a community resource. Plus, we interview Michael Lubas, founder of Paraxial.io, about web application security in Elixir, what's involved in a security audit, and how his Elixir-focused security company is helping teams and businesses in the community.
https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/ – New Elixir case study about Cyanview, a Belgian company whose Remote Control Panel for camera shading is used at major events like the Olympics and Super Bowl. Their Elixir-powered solution enables remote camera control across challenging network conditions.
https://github.com/DockYard/openid_connect – The Elixir package 'openid_connect' reached version 1.0, providing client library support for working with various OpenID Connect providers like Google, Microsoft Azure AD, Auth0, and others.
