News includes a major milestone for Elixir's set-theoretic types as inference of all language constructs is completed and merged with Elixir v1.20.0-rc.5 hot on its heels, OTP 29.0 drops as a major release with secure-by-default SSH, post-quantum SSL key exchange, Erlang doctests, and more, a wave of high-severity CVEs hits the Elixir and Phoenix stack prompting the EEF CNA to take on a larger work load as AI-driven vulnerability reports surge, string processing in Elixir gets a serious speed boost via SWAR (SIMD Within A Register) optimizations with 1.5–5x improvements across Base and String operations, and a handy tip for enabling state-preserving hot reloads in Phoenix LiveView with just a small dev.exs config tweak, and more!
https://paraxial.io/ – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a special offer.
https://github.com/elixir-lang/elixir/issues/14558 – The meta-issue tracking set-theoretic type inference of all Elixir constructs, now wrapped up. Includes occurrence typing for high-degree precision. A new RC is expected soon on the way to Elixir v1.20.
https://cna.erlef.org/ – The EEF CNA (CVE Numbering Authority) has seen a large increase in volume of CVEs, largely driven by AI tools. They are considering a funding campaign to cover the increased costs of fixing and administering CVEs.
https://bsky.app/profile/tylerayoung.com/post/3mlsxbdmrw22e – Tyler Young highlights a heap of recent high-severity CVEs published against the typical Elixir + Phoenix web stack. Packages to check include cowboy < 2.15.0, cowlib < 2.16.1, plug < 1.19.2, bandit < 1.11.1, and decimal < 3.0.0.
https://hex.pm/packages/mix_audit – The mix_audit package can be installed and run via mix deps.audit to check your app against up-to-date published CVEs. Recommended to make it part of your CI pipeline.
https://www.erlang.org/news/188 – OTP 29.0 released as a new major version. Highlights include unsafe function warnings, SSH daemon now defaults to disabled shell/exec services, SFTP no longer enabled by default, post-quantum hybrid key exchange as default in SSL, ANSI terminal support, Erlang doctest support, and xref now handles ignore_xref natively. Note that 32-bit Windows builds are no longer available.
https://github.com/elixir-lang/elixir/pull/15357 – PR adding SWAR (SIMD Within A Register) versions of Base validations to Elixir. SWAR treats a CPU register like a small vector to check multiple bytes at once instead of one by one.
https://github.com/erlang/otp/pull/10948 – The SWAR technique was also applied to Erlang itself, accelerating binary ASCII traversal using 56-bit SWAR. Improvements range from 0x to 2x depending on the operation.
Podden och tillhörande omslagsbild på den här sidan tillhör
ThinkingElixir.com. Innehållet i podden är skapat av ThinkingElixir.com och inte av,
eller tillsammans med, Poddtoppen.
