Securing Hex, the Backbone of the Elixir Ecosystem

paraxial.io/blog/hex-pen...

Scaling Security from Zero: How a Small OSS Ecosystem Jumped Into the Deep End | Jonatan Männchen YouTube video by Eclipse Foundation

Scaling Security from Zero by @maennchen.dev CISO of our Foundation!

Learn how a Small OSS Ecosystem Jumped Into the Deep End!

Jonatan talk at Code & Compliance is now live: www.youtube.com/watch?v=jl89...

Can Erlang run on QNX? Turns out: yes ✅

In this article, @maennchen.dev explores what it takes to port Erlang/OTP to QNX. A great example of curiosity turning into concrete results.

erlef.org/blog/eef/otp...

Seeking Sustainable Sponsorship

Hi Elixir friends,
After 3 years on Hologram full-time (transpiles Elixir to the browser), I'm at a crossroads.

60+ hr weeks balancing contracts & dev isn't sustainable.
Where we are & how you can help: hologram.page/blog/seeking...

Even sharing helps 💜

#Hologram #Elixir #ElixirLang #BEAM #WebDev

I really like what Hologram is building, there’s a lot of potential there to take it further. If you haven’t yet, consider sponsoring. I just did myself.

Feels like one of those projects where a bit of support now could have a big impact later.

bsky.app/profile/bart...

The Erlang Ecosystem Foundation CNA now publishes vulnerability data directly to OSV.dev. No more relying solely on CVE→OSV conversion.

This update means faster, cleaner, and higher-quality security data for the BEAM ecosystem — including Erlang, Elixir, Gleam, and Hex.pm.

At Code BEAM Europe 2025 @maennchen.dev : War stories from a security disaster. What to do when everything breaks.

BEAM Unconference: Berlin · Luma ⁠Let’s unconference before you go! Wrap up your week with something a little more spontaneous and social, and all about the BEAM ecosystem. The BEAM…

🗓️ Nov 7- BEAM Unconference 1000-1500 7/11
luma.com/qyfevatp
Lightning talks, deep dives & community.

💜 @elixir-lang.org v1.19 is the first release with OpenChain certification — bringing more transparency and trust to the BEAM ecosystem.

Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏

🔗 elixir-lang.org/blog/2025/02...

#Elixilang

Thanks for your input. I spent time to check the numbers that were displayed everywhere. It looks like the price is only based on there being no liquidity available when selling that drives the price up.

I'll follow your and other people advice and won't verify with them.

bsky.app/profile/maen...

Thanks to everyone who shared feedback on the funding issue. After looking into it and hearing from others, it raises more questions than I’m comfortable with, especially around how the funds are handled. I’ve decided not to verify or move forward with it.

💬 Input wanted: ads.fund “Zipstream PHP” token · Issue #382 · maennchen/ZipStream-PHP Hey everyone, I recently got a small donation through GitHub Sponsors, and the message mentioned something called ads.fund (@ADS-Fund). That made me look into it, and apparently there is a token on...

I received a small donation mentioning ads.fund, which apparently created a token around my open-source project.
I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...

Hey folks! We have a CVE up for #AshFramework bypass policies. It's a *highly unlikely edge case*. But, as always, we take security extremely seriously and will always follow proper procedure here. Props to @maennchen.dev for reporting and resolving 🙇

Elixir Radar 486

Elixir Radar issue 486 is out! 📣

You can read it here: buff.ly/2UM7hp6

This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you!

#ElixirLang

We have made major progress toward CRA readiness for the BEAM ecosystem!

🔙So far: CNA operations, OpenChain certification, and more already in place.

🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.

security.erlef.org/assets/aegis...

Another 🔥 package release from @maennchen.dev 😎
AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀

What if the BEAM got hit by a worm? 🪱

We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.

👉 Read more & support: erlef.org/blog/eef/bea...

#Erlang #Elixirlag #Gleam

One package.
One update.
A worm crawling through the BEAM ecosystem.

A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...

#erlang #elixirlang

There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.

@maennchen.dev has just released the first version of Clarity: hexdocs.pm/clarity/Clar...

Clarity is an interactive introspection and visualization tool for Elixir projects.

Cool!!! @maennchen.dev introduces Clarity!
@ash-hq.org
#elixirlang

The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host @lawik.bsky.social showed us thousands of VMs running on the same machine.
#goatmire #elixir

Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌

Before action hooks may execute in certain scenarios despite a request being forbidden ### Summary Certain bulk action calls with a `before_transaction` hook and no `after_transaction` hook, will call the `before_transaction` hook before authorization is checked and a Forbidden erro...

Hey folks, we have a CVE for #AshFramework. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see: github.com/ash-project/... #AshFramework #ElixirLang

From Rebar3 to Rebar4: Integrating with Erlang/OTP Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.

Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang!

www.kickstarter.com/projects/pee...

From Rebar3 to Rebar4: Integrating with Erlang/OTP Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.

I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on @kickstarter.com www.kickstarter.com/projects/pee... #elixir

Community growth needs collective action
Roadmap for outreach and engagement
‪@danj3.bsky.social‬ on taking responsibility for Elixir's future through community championship. #ElixirConfUS

Security incident response: from panic to patch
CVEs, Hex retirement, vulnerability scanners
‪@maennchen.dev‬shows how to handle security disasters with transparency and leadership.

Had a great chat with @zachdaniel.dev and @maennchen.dev during a break at @elixirconf.bsky.social about the Erlang Ecosystem Foundation and its role in security.
#elixirlang