This is one area I expect LLMs to really shine. I've tried a few static analysis tools for security, but it feels like the cookie cutter checks aren't that effective for catching anything but the most basic vulnerabilities. Having context on the actual purpose of the code seems like a great way to provide better scans without needing to a researcher for a deeper pentest.
I just started a scan on an open source project I was looking at, but I would love to see you add Elixir to the list of supported languages so that I can use this for my team's codebase!
Static analysis tools were the bane of my existence being security guy at a software provider. A customer insisted on running a popular one on our 20 million line code base. Two of us spent two weeks clearing false positives. Absolutely nothing was left.
I've been using Codebuff for the last few weeks, and it's been really nice for working in my Elixir repo. And as someone who uses Neovim in the terminal instead of VS Code, it's nice to actually be able to have it live in the tmux split beside Neovim instead of having to switch to a different editor.
I have noticed some small oddities, like every now and then it will remove the existing contents of a module when adding a new function, but between a quick glance over the changes using the diff command and our standard CI suite, it's always pretty easy to catch and fix.
This is an awesome guide, but with mix dialyzer taking that long I'm curious: are you caching your PLTs? And if so, why not?
I've worked on some pretty huge Elixir apps, and I've seen the dialyzer take that long on the first run, but once the PLTs are cached it usually takes only a minute or two even in GH Actions
In my last startup I started to build my own video.js theme, and after a few hours realized it probably wasn't worth my time and stuck with the defaults. Going forward these themes would give me a much better starting point to do something more custom.
I’m a little late to the conversation, but I’m using the Elixir version of TypeID[0] in my project. While the repo linked to above doesn’t provide any guidance on storing the TypeIDs, the Elixir version does this really well. You store the prefix in the your schema (model) code, but the underlying database column is simply a UUIDv7.
So when you call the new function, it will generate a UUIDv7, base32 encode it, and then prepend the prefix. Then at the database layer it will translate that to a UUIDv7 for storing and translate back to the string version when loading.
Oh yeah that looks ideal. My initial idea was down those lines, but realised this wouldn't be possible with many (most?) languages/ORMs/adapters. Eg for Prisma (TypeScript ORM) it would need to be built in to Prisma itself.
Another small benefit of UPID is that it works even for raw SQL sessions, but this obviously requires that it's installed into Postgres, which unfortunately for most is much harder than installing an Elixir/whatever lib.
But even if you just store them as u128/UUID, a nice thing is the IDs always know what their prefix is, so eg if you dump data into a warehouse, the IDs don't lose their context and an analytics person can still find what they're looking for.
I'm guessing they mean overlaying the screen recording on top of a 3D render of a phone or laptop to show them being used "on device" instead of just as a flat screen recording.
Spent two months in Barcelona over the last year, and I second the recommendation. The mascarpone croissant is excellent, but I would actually recommend the raspberry jam croissant even more highly. I haven’t had a thing from Pastisseria Hofmann that I didn’t like.
On a related note, Google Maps has on occasion deleted reviews from businesses that used software that employed this tactic for requesting reviews. I’ve seen several businesses lose hundreds of five star reviews because of it.
I just started a scan on an open source project I was looking at, but I would love to see you add Elixir to the list of supported languages so that I can use this for my team's codebase!