Jonatan Männchen
@maennchen.dev
CISO & Member Security WG @theerlef.bsky.social | he/him
Reposted by Jonatan Männchen
At Code BEAM Europe 2025 @maennchen.dev : War stories from a security disaster. What to do when everything breaks.
November 5, 2025 at 1:43 PM
At Code BEAM Europe 2025 @maennchen.dev : War stories from a security disaster. What to do when everything breaks.
Reposted by Jonatan Männchen
Reposted by Jonatan Männchen
💜 @elixir-lang.org v1.19 is the first release with OpenChain certification — bringing more transparency and trust to the BEAM ecosystem.
Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏
🔗 elixir-lang.org/blog/2025/02...
#Elixilang
Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏
🔗 elixir-lang.org/blog/2025/02...
#Elixilang
October 16, 2025 at 6:51 PM
💜 @elixir-lang.org v1.19 is the first release with OpenChain certification — bringing more transparency and trust to the BEAM ecosystem.
Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏
🔗 elixir-lang.org/blog/2025/02...
#Elixilang
Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏
🔗 elixir-lang.org/blog/2025/02...
#Elixilang
I received a small donation mentioning ads.fund, which apparently created a token around my open-source project.
I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...
I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...
💬 Input wanted: ads.fund “Zipstream PHP” token · Issue #382 · maennchen/ZipStream-PHP
Hey everyone, I recently got a small donation through GitHub Sponsors, and the message mentioned something called ads.fund (@ADS-Fund). That made me look into it, and apparently there is a token on...
github.com
October 12, 2025 at 2:06 AM
I received a small donation mentioning ads.fund, which apparently created a token around my open-source project.
I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...
I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from.
github.com/maennchen/Zi...
Reposted by Jonatan Männchen
Hey folks! We have a CVE up for #AshFramework bypass policies. It's a *highly unlikely edge case*. But, as always, we take security extremely seriously and will always follow proper procedure here. Props to @maennchen.dev for reporting and resolving 🙇
October 10, 2025 at 4:05 PM
Hey folks! We have a CVE up for #AshFramework bypass policies. It's a *highly unlikely edge case*. But, as always, we take security extremely seriously and will always follow proper procedure here. Props to @maennchen.dev for reporting and resolving 🙇
Reposted by Jonatan Männchen
Elixir Radar issue 486 is out! 📣
You can read it here: buff.ly/2UM7hp6
This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you!
#ElixirLang
You can read it here: buff.ly/2UM7hp6
This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you!
#ElixirLang
Elixir Radar 486
buff.ly
October 1, 2025 at 4:15 PM
Elixir Radar issue 486 is out! 📣
You can read it here: buff.ly/2UM7hp6
This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you!
#ElixirLang
You can read it here: buff.ly/2UM7hp6
This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you!
#ElixirLang
Reposted by Jonatan Männchen
We have made major progress toward CRA readiness for the BEAM ecosystem!
🔙So far: CNA operations, OpenChain certification, and more already in place.
🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.
security.erlef.org/assets/aegis...
🔙So far: CNA operations, OpenChain certification, and more already in place.
🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.
security.erlef.org/assets/aegis...
September 29, 2025 at 7:13 PM
We have made major progress toward CRA readiness for the BEAM ecosystem!
🔙So far: CNA operations, OpenChain certification, and more already in place.
🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.
security.erlef.org/assets/aegis...
🔙So far: CNA operations, OpenChain certification, and more already in place.
🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability.
security.erlef.org/assets/aegis...
Reposted by Jonatan Männchen
Another 🔥 package release from @maennchen.dev 😎
AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀
AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀
September 29, 2025 at 1:51 AM
Another 🔥 package release from @maennchen.dev 😎
AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀
AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀
Reposted by Jonatan Männchen
What if the BEAM got hit by a worm? 🪱
We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.
👉 Read more & support: erlef.org/blog/eef/bea...
#Erlang #Elixirlag #Gleam
We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.
👉 Read more & support: erlef.org/blog/eef/bea...
#Erlang #Elixirlag #Gleam
September 25, 2025 at 5:25 PM
What if the BEAM got hit by a worm? 🪱
We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.
👉 Read more & support: erlef.org/blog/eef/bea...
#Erlang #Elixirlag #Gleam
We’ve been lucky so far — but luck runs out.
The Ægis Initiative is how we defend our ecosystem.
👉 Read more & support: erlef.org/blog/eef/bea...
#Erlang #Elixirlag #Gleam
One package.
One update.
A worm crawling through the BEAM ecosystem.
A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...
#erlang #elixirlang
One update.
A worm crawling through the BEAM ecosystem.
A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...
#erlang #elixirlang
September 24, 2025 at 9:23 PM
One package.
One update.
A worm crawling through the BEAM ecosystem.
A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...
#erlang #elixirlang
One update.
A worm crawling through the BEAM ecosystem.
A dark “what if” — and how we can stop it before it’s real.
erlef.org/blog/securit...
#erlang #elixirlang
Reposted by Jonatan Männchen
There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.
🎥 From Rebar3 to Rebar4: Peer Stritzinger on why this matters for the BEAM community.
👇👇
www.kickstarter.com/projects/pee...
👇👇
www.kickstarter.com/projects/pee...
From Rebar3 to Rebar4: Integrating with Erlang/OTP
Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.
www.kickstarter.com
September 14, 2025 at 5:40 PM
There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.
Reposted by Jonatan Männchen
@maennchen.dev has just released the first version of Clarity: hexdocs.pm/clarity/Clar...
Clarity is an interactive introspection and visualization tool for Elixir projects.
Clarity is an interactive introspection and visualization tool for Elixir projects.
September 13, 2025 at 5:24 PM
@maennchen.dev has just released the first version of Clarity: hexdocs.pm/clarity/Clar...
Clarity is an interactive introspection and visualization tool for Elixir projects.
Clarity is an interactive introspection and visualization tool for Elixir projects.
Reposted by Jonatan Männchen
September 13, 2025 at 8:17 AM
Reposted by Jonatan Männchen
The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host @lawik.bsky.social showed us thousands of VMs running on the same machine.
#goatmire #elixir
#goatmire #elixir
September 12, 2025 at 7:24 PM
The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host @lawik.bsky.social showed us thousands of VMs running on the same machine.
#goatmire #elixir
#goatmire #elixir
Reposted by Jonatan Männchen
Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌
Thanks to the @theerlef.bsky.social (EEF) for a €1,750 contribution to our Rebar4 Kickstarter. It moves us closer to funding work to prepare for OTP integration and cut external deps.
Back: www.kickstarter.com/projects/pee...
Back: www.kickstarter.com/projects/pee...
September 8, 2025 at 7:04 PM
Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌
Reposted by Jonatan Männchen
Hey folks, we have a CVE for #AshFramework. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see: github.com/ash-project/... #AshFramework #ElixirLang
Before action hooks may execute in certain scenarios despite a request being forbidden
### Summary
Certain bulk action calls with a `before_transaction` hook and no `after_transaction` hook, will call the `before_transaction` hook before authorization is checked and a Forbidden erro...
github.com
September 6, 2025 at 9:32 PM
Hey folks, we have a CVE for #AshFramework. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see: github.com/ash-project/... #AshFramework #ElixirLang
Reposted by Jonatan Männchen
Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang!
www.kickstarter.com/projects/pee...
www.kickstarter.com/projects/pee...
From Rebar3 to Rebar4: Integrating with Erlang/OTP
Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.
www.kickstarter.com
September 4, 2025 at 8:50 AM
Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang!
www.kickstarter.com/projects/pee...
www.kickstarter.com/projects/pee...
I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on @kickstarter.com www.kickstarter.com/projects/pee... #elixir
From Rebar3 to Rebar4: Integrating with Erlang/OTP
Building on top of Rebar3 to Fully Integrate with Erlang/OTP for All BEAM Languages, creating Rebar4 the next generation build tool.
www.kickstarter.com
September 3, 2025 at 7:49 PM
I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on @kickstarter.com www.kickstarter.com/projects/pee... #elixir
Reposted by Jonatan Männchen
Community growth needs collective action
Roadmap for outreach and engagement
@danj3.bsky.social on taking responsibility for Elixir's future through community championship. #ElixirConfUS
Roadmap for outreach and engagement
@danj3.bsky.social on taking responsibility for Elixir's future through community championship. #ElixirConfUS
August 29, 2025 at 7:14 PM
Community growth needs collective action
Roadmap for outreach and engagement
@danj3.bsky.social on taking responsibility for Elixir's future through community championship. #ElixirConfUS
Roadmap for outreach and engagement
@danj3.bsky.social on taking responsibility for Elixir's future through community championship. #ElixirConfUS
Reposted by Jonatan Männchen
Security incident response: from panic to patch
CVEs, Hex retirement, vulnerability scanners
@maennchen.devshows how to handle security disasters with transparency and leadership.
CVEs, Hex retirement, vulnerability scanners
@maennchen.devshows how to handle security disasters with transparency and leadership.
August 29, 2025 at 3:56 PM
Security incident response: from panic to patch
CVEs, Hex retirement, vulnerability scanners
@maennchen.devshows how to handle security disasters with transparency and leadership.
CVEs, Hex retirement, vulnerability scanners
@maennchen.devshows how to handle security disasters with transparency and leadership.
Reposted by Jonatan Männchen
Had a great chat with @zachdaniel.dev and @maennchen.dev during a break at @elixirconf.bsky.social about the Erlang Ecosystem Foundation and its role in security.
#elixirlang
#elixirlang
August 28, 2025 at 4:14 PM
Had a great chat with @zachdaniel.dev and @maennchen.dev during a break at @elixirconf.bsky.social about the Erlang Ecosystem Foundation and its role in security.
#elixirlang
#elixirlang
Reposted by Jonatan Männchen
🚀 6 must-see talks at CodeBEAM Europe 2025: Gleam careers, workflow orchestration, VPP with Elixir, security disasters, BEAM+Rust combo, and taming 20M Oban jobs! Featuring @ihh.dev @maennchen.dev codebeameurope.com#register
August 22, 2025 at 11:18 AM
🚀 6 must-see talks at CodeBEAM Europe 2025: Gleam careers, workflow orchestration, VPP with Elixir, security disasters, BEAM+Rust combo, and taming 20M Oban jobs! Featuring @ihh.dev @maennchen.dev codebeameurope.com#register
Reposted by Jonatan Männchen
👉🏽 "From Freakout to Fix: Navigating a Security Disaster"
Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down.
📢 Don’t miss it: elixirconf.com/talks/from-f...
#ElixirLang #Security #BEAM
Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down.
📢 Don’t miss it: elixirconf.com/talks/from-f...
#ElixirLang #Security #BEAM
August 6, 2025 at 5:02 PM
👉🏽 "From Freakout to Fix: Navigating a Security Disaster"
Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down.
📢 Don’t miss it: elixirconf.com/talks/from-f...
#ElixirLang #Security #BEAM
Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down.
📢 Don’t miss it: elixirconf.com/talks/from-f...
#ElixirLang #Security #BEAM
Reposted by Jonatan Männchen
🎙️ @maennchen.dev joins the latest @openssf.org podcast!
In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach.
Listen! shorturl.at/iKdG7
In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach.
Listen! shorturl.at/iKdG7
July 29, 2025 at 6:16 PM
🎙️ @maennchen.dev joins the latest @openssf.org podcast!
In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach.
Listen! shorturl.at/iKdG7
In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach.
Listen! shorturl.at/iKdG7
Reposted by Jonatan Männchen
🎉 Today we celebrate #OpenSSFCommunity Day NA 2025, welcoming six new member organizations and honoring incredible contributors with the Golden Egg Awards 🥚.
Read the full update:
🌐 openssf.org/blog/2025/06...
#OpenSSF #OpenSource #SoftwareSecurity #OSS
Read the full update:
🌐 openssf.org/blog/2025/06...
#OpenSSF #OpenSource #SoftwareSecurity #OSS
June 26, 2025 at 2:00 PM
🎉 Today we celebrate #OpenSSFCommunity Day NA 2025, welcoming six new member organizations and honoring incredible contributors with the Golden Egg Awards 🥚.
Read the full update:
🌐 openssf.org/blog/2025/06...
#OpenSSF #OpenSource #SoftwareSecurity #OSS
Read the full update:
🌐 openssf.org/blog/2025/06...
#OpenSSF #OpenSource #SoftwareSecurity #OSS