Hayden: Thank you for taking the time to speak to me about Paraxial.io, I think the community will be really interested to hear about Phoenix-specific security.
Would you start by giving us a short introduction to yourself & your own tech background?
Michael: Thanks, I’m Michael Lubas, founder of Paraxial.io. Before learning Elixir, I worked as a security engineer at various companies, protecting web applications and doing application security work. I’ve always been interested in programming, and enjoy helping people keep their websites safe.
Hayden: With a product focused on securing Elixir apps, I'd love to know how were you first introduced to Elixir? What attracted you to it?
Michael: A few years ago I was hired by Frame.io as a security engineer. The whole backend is Elixir, so I decided to learn the language. I didn’t know anything about Erlang or the benefits of Elixir, the more I learned the more I appreciated the excellent design of not only Elixir, but the major projects in the ecosystem as well. (Phoenix, Plug, Ecto, Mix, etc.)
Hayden: Could you tell us how you came to create Paraxial.io? What problem were you trying to solve? Michael: Today there are hundreds of companies using Elixir in production, and in industries with high security requirements like finance or healthcare. There’s excellent open source tooling for Elixir security, such as Sobelow, but many companies want to buy security software, because they need enterprise support and expertise in this area.
The two main problems Paraxial.io solves is stopping malicious bots (reCaptcha has a similar function, but with annoying puzzles), and vulnerability management for Elixir (scanning your project for security problems and tracking those findings). The majority of software security vendors don’t care about Elixir, even if they ship an integration it’s never the focus of the business.
Hayden: Who are your target audience for Paraxial?
Michael: If a company is using Elixir in production, that’s the target audience. When you have a Phoenix application exposed to the public internet, bots are going to attack it, so that’s a big motivation for using Paraxial.io. Even if a company is not using Elixir for a public web application, the vulnerability management feature ensures the necessary security checks are being run successfully.
Hayden: Could you share a short case study with us as an example of Paraxial in action?
Michael: One of our customers, Betafi, is a user research platform. It’s a fantastic product, and before their launch on Product Hunt they set up Paraxial.io. The day of the launch, over 1,000 spam registration attempts were blocked. These spam requests are often the first step in a credit card fraud attack, which are very expensive to deal with, if there’s no protection in place. Here’s a link to the case study.
Hayden: What’s your plans for the future of Paraxial? Do you have any exciting plans coming up in the near future?
Michael: I’m very interested in security education for Elixir developers. It seems like everyone wants to learn more about security, and there’s a number of resources out there, but none of them are in Elixir. If you follow the Paraxial.io blog, there’s a number of posts about this topic already published, and I’m giving a training on this topic next ElixirConf. So developer education is a big part of Paraxial.io’s future.
Hayden: How could one get a demo of Paraxial for their company to see how effective it could be?
Michael: The best way is to book a meeting. It’s okay if you are not certain how Paraxial.io would be useful, the reason we encourage new customers to meet is so we can learn about their business, and advise them how to best use Paraxial.io. Businesses using Elixir in production are eligible for a free bot risk assessment, because determining where bot detection is needed is a big part of defending an application.
Hayden: Other than Elixir, is there any other languages/technology that is exciting you?
Michael: Any research around bots or automation on the internet is interesting to me. ChatGPT was released a few months ago, so right there’s a lot of discussion and speculation about how it will influence content on the internet. Is the person you’re talking to real or a bot?
Something I found interesting is the bot detection on ChatGPT’s interface. When I first signed up months ago they had this basic captcha (type in the distorted letters), then it was Google reCaptcha, now something different. OpenAI is this billion dollar company working on these hard problems, but they were using captcha to stop bots. I’m very interested in how that will change.
Hayden: As a long term user of Elixir, I’d love to ask for your advice on behalf of Elixir Newbies. What are your recommended books/talks for those just starting out?
Michael: The first book you should read is “Programming Elixir 1.6 by Dave Thomas”. Then, if you want to make web applications, “Programming Phoenix 1.4 by Chris McCord, Bruce Tate and José Valim”. Finally, to really understand what makes Elixir so great, “Elixir in Action, Second Edition by Saša Jurić”. The first book teaches you the syntax and style of Elixir, the second is an introduction to Phoenix by the creator, and the third really goes into detail on the BEAM and underlying OTP functions.
The official documentation is also excellent. The page for Elixir’s Enum, for example, is full of great examples of common problems and shows you the primitives for solving them. The Exercism Elixir track is great as well, it’s these small challenges to test your problem solving skill and knowledge of Elixir.
Hayden: And lastly, with hindsight, what would you tell your ‘Elixir beginner self’?
Michael: Don’t spend all your time just reading books, or online content, you need to apply the knowledge by solving problems and creating projects. Exercism is very helpful in this area.
Hayden: Thank you so much for your time today, it’s been great to find out more about Paraxial! Looking forward to sharing this with the community!
Michael: If you have a question about Paraxial.io, or Elixir security in general, LinkedIn is the best way to reach me. If you don’t have LinkedIn, my email is - michael@paraxial.io
More bout Paraxial:
ElixirConf EU Training, April 18 - Phoenix Application Security - https://www.elixirconf.eu/trainings/phoenix-application-security/
Paraxial.io - https://paraxial.io/
Twitter - https://twitter.com/paraxialio
LinkedIn - https://www.linkedin.com/company/paraxial-io/
GenServer Social - https://genserver.social/paraxial
YouTube - https://www.youtube.com/@paraxial5874