248: Security Insights with Paraxial

News includes a new Elixir case study about Cyanview's camera shading technology used at major events like the Olympics and Super Bowl, Oban Pro 1.6 with 20x faster queue partitioning, the openid_connect package reaching version 1.0, Supabase's new Postgres Language Server for developer tooling, and ElixirEvents.net as a community resource. Plus, we interview Michael Lubas, founder of Paraxial.io, about web application security in Elixir, what's involved in a security audit, and how his Elixir-focused security company is helping teams and businesses in the community. Show Notes online - http://podcast.thinkingelixir.com/248 (http://podcast.thinkingelixir.com/248) Elixir Community News https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/ (https://elixir-lang.org/blog/2025/03/25/cyanview-elixir-case/?utm_source=thinkingelixir&utm_medium=shownotes) – New Elixir case study about Cyanview, a Belgian company whose Remote Control Panel for camera shading is used at major events like the Olympics and Super Bowl. Their Elixir-powered solution enables remote camera control across challenging network conditions. https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html (https://oban.pro/docs/pro/1.6.0-rc.1/changelog.html?utm_source=thinkingelixir&utm_medium=shownotes) – Oban Pro 1.6 released with subworkflows, improved queue partitioning (20x faster), and a new guide explaining different job composition approaches. https://oban.pro/docs/pro/1.6.0-rc.1/composition.html (https://oban.pro/docs/pro/1.6.0-rc.1/composition.html?utm_source=thinkingelixir&utm_medium=shownotes) – New Oban Pro guide explaining when to use chains, workflows, chunks, or batches for job composition. https://github.com/DockYard/openid_connect (https://github.com/DockYard/openid_connect?utm_source=thinkingelixir&utm_medium=shownotes) – The Elixir package 'openid_connect' reached version 1.0, providing client library support for working with various OpenID Connect providers like Google, Microsoft Azure AD, Auth0, and others. https://hexdocs.pm/openid_connect/readme.html (https://hexdocs.pm/openid_connect/readme.html?utm_source=thinkingelixir&utm_medium=shownotes) – Documentation for the newly released openid_connect 1.0 package. https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z (https://bsky.app/profile/davelucia.com/post/3llqwsbyutc2z?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement that openid_connect is maintained by tvlabs. https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b (https://bsky.app/profile/germsvel.com/post/3llee5lyerk2b?utm_source=thinkingelixir&utm_medium=shownotes) – PhoenixTest v0.6.0 has been released with significant changes, including a breaking change. https://github.com/germsvel/phoenix_test (https://github.com/germsvel/phoenix_test?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for PhoenixTest. https://hexdocs.pm/phoenixtest/upgradeguides.html#upgrading-to-0-6-0 (https://hexdocs.pm/phoenix_test/upgrade_guides.html#upgrading-to-0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Upgrade guide for updating to PhoenixTest v0.6.0 with its breaking change. https://hexdocs.pm/phoenix_test/changelog.html#0-6-0 (https://hexdocs.pm/phoenix_test/changelog.html#0-6-0?utm_source=thinkingelixir&utm_medium=shownotes) – Changelog for PhoenixTest v0.6.0. https://supabase.com/blog/postgres-language-server (https://supabase.com/blog/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – Supabase has released a new Postgres Language Server for developers, providing IDE intellisense and autocomplete for PostgreSQL. https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools (https://marketplace.visualstudio.com/items?itemName=Supabase.postgrestools?utm_source=thinkingelixir&utm_medium=shownotes) – VSCode extension for Supabase's new Postgres developer tools. https://github.com/supabase-community/postgres-language-server (https://github.com/supabase-community/postgres-language-server?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Supabase's Postgres Language Server. https://pgtools.dev/ (https://pgtools.dev/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Postgres Tools with documentation and features. https://pgtools.dev/checking_migrations/ (https://pgtools.dev/checking_migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Feature in Postgres Tools that lints database migrations to check for problematic schema changes. https://github.com/fly-apps/safe-ecto-migrations (https://github.com/fly-apps/safe-ecto-migrations?utm_source=thinkingelixir&utm_medium=shownotes) – Resource for ensuring safe Ecto migrations. https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/?utm_source=thinkingelixir&utm_medium=shownotes) – Article about safe Ecto migrations posted on Fly.io. https://elixirevents.net/ (https://elixirevents.net/?utm_source=thinkingelixir&utm_medium=shownotes) – Community resource created by Johanna Larsson for tracking, sharing, and learning about Elixir events worldwide. https://bsky.app/profile/elixirevents.net (https://bsky.app/profile/elixirevents.net?utm_source=thinkingelixir&utm_medium=shownotes) – Bluesky account for ElixirEvents.net for following Elixir community events. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/index (https://paraxial.io/blog/index?utm_source=thinkingelixir&utm_medium=shownotes) – Blog with posts about security for Elixir, Rails, and the Paraxial service https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html (https://www.cnn.com/2025/03/18/tech/google-wiz-acquisition/index.html?utm_source=thinkingelixir&utm_medium=shownotes) https://podcast.thinkingelixir.com/93 (https://podcast.thinkingelixir.com/93?utm_source=thinkingelixir&utm_medium=shownotes) – Our last discussion was 3 years ago in episode 93! Titled "Preventing Service Abuse with Michael Lubas" https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244 (https://www.amazon.com/Innovators-Dilemma-Revolutionary-Change-Business/dp/0062060244?utm_source=thinkingelixir&utm_medium=shownotes) https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality (https://www.merriam-webster.com/dictionary/Kafkaesque - having a nightmarishly complex, bizarre, or illogical quality?utm_source=thinkingelixir&utm_medium=shownotes) https://paraxial.io/blog/oban-pentest (https://paraxial.io/blog/oban-pentest?utm_source=thinkingelixir&utm_medium=shownotes) – Completed a Security Audit of Oban Pro - this is after ObanPro went free and OpenSource https://paraxial.io/blog/elixir-best (https://paraxial.io/blog/elixir-best?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir and Phoenix Security Checklist: 11 Best Practices https://paraxial.io/blog/rails-command-injection (https://paraxial.io/blog/rails-command-injection?utm_source=thinkingelixir&utm_medium=shownotes) – Ruby on Rails Security: Preventing Command Injection https://paraxial.io/blog/paraxial-three (https://paraxial.io/blog/paraxial-three?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io v3 blog post Guest Information - Michael Lubas, Paraxial.io Founder - michael@paraxial.io - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://x.com/paraxialio (https://x.com/paraxialio?utm_source=thinkingelixir&utm_medium=shownotes) – on Twitter/X - https://github.com/paraxialio/ (https://github.com/paraxialio/?utm_source=thinkingelixir&utm_medium=shownotes) – on Github - https://www.youtube.com/@paraxial5874 (https://www.youtube.com/@paraxial5874?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io channel on YouTube - https://genserver.social/paraxial (https://genserver.social/paraxial?utm_source=thinkingelixir&utm_medium=shownotes) – on Fediverse - https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)