A security bug (CVE-2015-8314) has been reported in Devise’s remember me system. Devise implements the “Remember me” functionality by using cookies. While this functionality works across multiple devices, Devise ended-up generating the same cookie for all devices. Consequently, if a malicious user was able to steal a remember me cookie, the cookie could be used … »

Sometimes Erlang programmers are worried “Elixir variables may be the source of hidden bugs”. This article discusses those concerns and shows how variables in Erlang can produce related “hidden bugs”, some of those eliminated by Elixir. Before we start, a short disclaimer: Elixir does not have mutable variables, it has rebinding. Mutability is often associated … »

Ecto v1.1 has been released. Ecto v1.1 brings improvements and bug fixes to Ecto but, more importantly, paves the way for the upcoming Ecto v2.0 release by deprecating functionality that has been said to be error prone or confusing by developers. This article will highlight both improvements and what to expect by Ecto 2.0. For … »

Our test tools often make it very easy to abuse mocks. This post provides some guidelines on using them properly by relying on explicit contracts.

This blog post aims to document how to work with associations in Ecto, covering how to read, insert, update and delete associations and embeds. At the end, we give a more complex example that uses Ecto associations to build nested forms in Phoenix. This article expects basic knowledge Ecto, particularly how repositories, schema and the … »

A few months ago we had the opportunity to interview Adam Kittelson about his experience using Elixir in production. Adam is a senior software engineer at Brightcove. Brightcove is a global provider of cloud solutions for delivering and monetizing video across connected devices. They’re using Elixir and Phoenix to process event streams. Watch the video … »