NEWS

Written by Bruce, 21 Mar 2017

Reporting a Security Issue in Erlang/OTP

Please follow this document in order to report the issues regarding security in Erlang/OTP. Please do not create a public issue for a security issue.

When should you report a security issue?

The risk level is often determined by a product of the impact once exploited, and the probability of exploitation occurring. In other words, if a bug can cause great damage, but it takes highest privilege to exploit the bug, then the bug is not a high risk one. Similarly, if the bug is easily exploitable, but its impact is limited, then it is not a high risk issue either.

 

There is not any hard and fast rule to determine if a bug is worth reporting as a security issue to erlang-security [at] erlang [dot] org. A general rule is that an attack by someone that has no access to the Erlang application or its system can affect the confidentiality, integrity and availability.

 

What happens after the report?

All security bugs in the Erlang/OTP distribution should be reported to erlang-security [at] erlang [dot] org. Your report will be handled by a small security team at the OTP team. Your email will be acknowledged as soon as we start handling the issue.

 

Please use a descriptive email title for your report. After the initial response to your report, the security team will keep you updated on the progress and decision being made towards a fix and release announcement.

 

Flagging Existing Issues as Security-related

If you believe that an existing public issue on bugs.erlang.org is security-related, we ask that you send an email to erlang-security [at] erlang [dot] org. The email title should contain the issue ID on bugs.erlang.org (e.g. Flagging security issue ERL-001). Please include a short description to motivate why it should be handled according to the security policy.

Tags: [ Erlang OTP security report bug ]

Written by Bruce, 5 Dec 2016

We have just released the source code for erlang.org website on Github. 

https://github.com/erlang/erlang-org

The website is written in Cowboy, ErlyDTL and sumo_db. It is licensed under Apache License 2.0. You can follow the instructions to set up. 

The erlang.org website is developed and maintained by Industrial Erlang User Group in collaboration with Erlang/OTP team at Ericsson.

Happy hacking!

Written by Bruce, 9 Dec 2015

December 8th 2015 marks the seventeenth year since Erlang/OTP was released as open source. 

 

What is Erlang/OTP and why was Erlang Open Sourced?

The Erlang programming language was created and implemented in the Ericsson Computer Science Laboratory, headed by Bjarne Däcker. Later, a separate organisation was created within Ericsson - the OTP unit. Its aim was to commercialise and stabilise the implementation of Erlang, its libraries, tools and documentation. This unit still continues today, headed by Kenneth Lundin.

Prior to being released as Open Source, Erlang and OTP was used to develop several commercial telecommunication products by Ericsson. Erlang/OTP was released as open source to encourage innovation and to spread the use of Erlang. The Open Source release was thus well tested and stable.

 

What has happened during the 17 years?

"Looking back, it was a beneficial decision for both Ericsson and the Open Source community,” says Kenneth Lundin, head of Erlang/OTP, who is one of the original staff members.

The characteristics of Erlang and OTP - fault tolerance, massive concurrency, scalable distribution and ease of software development - have found applications in many other innovative areas. In the mid 2000s, the introduction of support for multicore (Symmetric multiprocessing, SMP) gave Erlang/OTP a major boost in popularity. 

We are now seeing products developed in applications as diverse as banking, network supervision, gaming, cloud services, databases, messaging and Internet of Things to name but a few.

 

Where is Erlang going?

Erlang and OTP nowadays witness an increasing popularity across industries, used by companies such as WhatsApp, Facebook, Bet365 and Machine Zone. "It is exciting to see that what started as a small project an a software research laboratory has grown into the basis of commercial successes around the world,” says Mike Williams, one of the co-inventors.

In 2015, Erlang/OTP 18.0 was released under a less restrictive and OSI-approved Apache License 2.0. Behind the license change was the Industrial Erlang User Group, a group of enterprise users of Erlang/OTP collaborating with Ericsson in securing the future health, well being and commercial success of the Erlang outside of Ericsson.

 

Bruce Yinhe

community-manager@erlang.org

Written by Bruce, 11 Nov 2015

Berlin Erlang Factory Lite is back on 1 Dec. Get ready for one day of Erlang and Elixir talks ranging from beginner to advanced. Meet experts such as Sonny Scroggin and Peer Stritzinger as well as local members of the Erlang and Elixir communities: http://www.erlang-factory.com/berlin2015/#speakers 

 

Three days courses on Elixir - PhoenixErlang Express and OTP Express will be held after the conference on 2-4 Dec: http://www.erlang-factory.com/berlin2015/training#elixir-phoenix-24-december

 

To get a 50% off student discount email conferences@erlang-solutions.com from the university email account.

Written by Bruce, 21 Oct 2015

We are happy to announce the issue tracker for Erlang/OTP (http://bugs.erlang.org). Our intention is that the issue tracker replaces the erlang-bugs mailing list, in order to make it easier for the community to report bugs, suggest improvements and new features. You can start using the issue tracker today.
 
The issue tracker for Erlang/OTP is a step towards improving and formalising the process of community contributions, a goal which is actively worked on by the Industrial Erlang User Group. The IEUG is working with Ericsson to improve libraries, tool chains, middle-ware and contributions while spreading awareness and increasing user adoption.
 
FAQ
 
1. Where is the issue tracker?
 
bugs.erlang.org
 
2. Will I still be able to use the erlang-bugs mailing list?
 
We recommend you to report new bugs at bugs.erlang.org instead. You are still able to use erlang-bugs and see its archives, but we won't be looking at it as often. We will gradually phase out the erlang-bugs mailing list. 
 
3. How do I create an issue or feature request?
 
Create an account or Log in with an existing account. Select Create Issue after you log in. You can also log in with your Erlangcentral.org account if you have one.
 
4. What types of issue can I report?
 
Bug, Improvement, New Feature

Written by Bruce, 1 Sep 2015

 
 

The Dublin Erlang Factory is a single day conference focused on Erlang and Elixir programming. It’s undoubtedly a great opportunity for all tech lovers passionate about Erlang/OTP/Elixir programming to meet up, learn about new emerging technologies, exchange ideas, inspire and get inspired by others!

The Dublin Erlang Factory Lite 2015 will take place Friday afternoon on 11 Sept, hosted by the friendly folks at AOL.

The programme and speaker lineup includes Joe Armstrong, Erlang's Co-Inventor, sharing his brilliant ideas through a keynote talk and also a tutorial (a limited number of seats still available), Philip Clarke (AOL) diving into the topic of Real Time Bidding Exchange, Christopher Brown (University of St Andrews) presenting LAPEDO framework for programming heterogeneous multicore systems in Erlang, and many more.

The Erlang Factory Lite is co-organised by AOL and Erlang Solutions and is organised in conjunction with the Kats Conf 15.

Tickets available here http://www.erlang-factory.com/dublin2015/home#registration

Find more details here http://www.erlang-factory.com/dublin2015

Written by Bruce, 21 Apr 2015

Join us in Stockholm on 11-12 June  for great talks about Erlang/OTP and Elixir innovations, the latest Erlang projects from companies such as Klarna, Machine Zone, Ericsson and much more: http://www.erlang-factory.com/euc2015/#home

Among the speakers are Erlang's co-inventor Robert Virding, functional expert Bodil Stokke, University of Kent professor Simon Thompson, Neotoma creator Sean Cribbs, author of the Cowboy web server Loïc Hoguin, Joacim Halén - Ericsson cloud technology researcher, Fredrik Linder - Erlang lead at Machine Zone, Alvaro Videla- co-author of ‘RabbitMQ in action’,  professor Kevin Hammond from University of St. Andrews, and Mikael Pettersson - senior developer at Klarna.

The Conference will be preceded by one day of tutorials at Ericsson on 10 June and 3 days of expert on 8-10 June: http://www.erlang-factory.com/euc2015/training#erlang-express-810-june

Tags: [ ErlangFactory EUC ]

Written by Bruce, 13 Mar 2015

To encourage a welcoming, inclusive climate for communication within the erlang.org community, the Erlang/OTP team, together with members of the community, has released a new code of conduct, available at http://www.erlang.org/download/erlang_org_code_of_conduct.txt. This code of conduct lays out a guideline of how to communicate within the erlang.org community in a way we hope is easy to read, help mutual understanding and avoid flames. The erlang.org community is by definition all communication in or around erlang.org, including but not limited to the erlang.org mailing lists or Github discussions.
 
This code is not exhaustive or complete. It serves to distill our common understanding of a collaborative, shared environment and goals. We expect it to be followed in spirit as much as in the letter.
 

Tags: [ CodeOfConduct ]

Written by Bruce, 2 Mar 2015

Erlang User Conference 2015

Stockholm 11-12 June

Call For Talks ends on 17 March

 

EUC 2015 will take place on 11-12 June, with one day of tutorials on 10 June and 3 days of expert training on 8-10 June: http://www.erlang-factory.com/euc2015

 

We are looking for passionate people who made an interesting innovation, open-source application or product with Erlang/OTP/Elixir. If you used Erlang or Elixir in a real-world project or you developed a cool tool, we want to hear about it! We are seeking talks aimed at beginners as much as for talks suited for more experienced users. This is to help newer members to the Erlang community make the maximum out of the EUC as well.    

 

The deadline for talk proposals is 17 March, please submit your talk here: http://goo.gl/forms/bO9kU9PYrr

Tags: [ EUC ErlangFactory ]

Written by Bruce, 13 Nov 2014

We are aware that parts of erlang.org need improvement. For example http://www.erlang.org/article/tag/examples and http://www.erlang.org/course/course.html are outdated. We would like to see a number of small code examples for beginners. The purpose of these examples is to provide an attractive and useful introduction for people who are interested in adopting the Erlang programming language. 

Please send your input to community-manager@erlang.org. We would like to call for help from the community since OTP team does not have too much time and it is not possible to submit pull requests for editorial of erlang.org as of now. 

Any other suggestions for erlang.org are always welcome.

Written by Bruce, 1 Sep 2014

 

Berlin EFL is back on 4 December, and we hope this year will be at least as fun as last year. The Call for Talks will be open until 10 October, but we tend to have more talks submitted than we have slots available, so the earlier you send yours the better your chances.

 

Have you made an interesting innovation, open-source application or product with Erlang/OTP? Have you used Erlang in a real-world project and want to present a case study? Or maybe you developed a cool tool? Let the crowd know about it! 

 

IMPORTANT: Elixir talks also welcome this year :) 

 

Link to submission form: https://docs.google.com/a/erlang-solutions.com/forms/d/1oD8J66a0pjOU-5Y8vG2Ffn8twyDIyPcRMFrPEdANaY4/viewform

Link to website: http://www.erlang-factory.com/berlin2014/home