Welcome to GigaElixir Gazette, your 5-minute digest of Elixir ecosystem news that actually matters.
This week, a new Nx backend turns your MacBook's Metal GPU into an ML accelerator, Erlang Solutions launches data-flow static analysis for the BEAM, Jose Valim sits down for Thinking Elixir's 300th episode, XTrace puts BEAM tracing behind a web GUI, and a zero-knowledge habit tracker proves LiveView can keep secrets.
. WEEKLY PICKS .
🔥 Emily Turns Your MacBook Into an Nx-Powered ML Workstation
Emily drops Nx computations onto Apple's Metal GPU with a single config change. Set it as the default backend and Bumblebee, Axon, Nx.Serving, and defn all dispatch to Metal automatically. Fused transformer kernels handle RMS norm, RoPE, and scaled dot-product attention. int2/int4/int8 quantization cuts model memory, bf16 mixed-precision training works out of the box. Runnable Livebooks cover DistilBERT QA, Qwen3 generation, MNIST training, and Whisper transcription.
🛡️ SAFE Exposes BEAM Vulnerabilities Pattern Matching Misses
Erlang Solutions built SAFE to close the gap between the BEAM's built-in safety and application-level vulnerabilities. It analyzes compiled BEAM files rather than source code, so it works across mixed-language Erlang/Elixir/Phoenix codebases. The differentiator is data-flow analysis: SAFE tracks which values variables can hold at each program point, hitting a 7.78% false positive rate across 70,000 lines of BEAM code. Covers XSS, SQLi, command injection, CSRF, atom exhaustion, and unsafe deserialization. Free for open source.
🎯 Thinking Elixir Hits 300 with Jose Valim on Types and Tidewave
Thinking Elixir reached episode 300 - just under six years of weekly coverage. The milestone features Jose Valim on Elixir v1.20, set-theoretic type system progress, and Tidewave's evolution from a debugging tool to an AI-assisted development platform. Also covered: Localize v0.15.0 brings locale-aware formatting without compile-time generation, Reach builds program dependence graphs for coding agents navigating BEAM codebases, Tidewave adds voice input and PWA install, and ErlEF 2026 board elections run May 8-15.
🔒 Metamorphic Encrypts Every Byte Before LiveView Renders It
LiveView is server-rendered by design. Zero-knowledge encryption means the server cannot see what it renders. Metamorphic does both at once: client-side libsodium with XSalsa20-Poly1305, hybrid post-quantum key encapsulation (ML-KEM-768 + X25519), and three independent encryption layers at rest. Skeleton placeholders flash briefly while JS hooks decrypt content client-side through 15+ push_event/handleEvent round-trips. No server-side search on encrypted fields - filtering happens after decryption. Lose your password without a recovery key, and your data is gone.
🛠️ XTrace Wraps BEAM Tracing in a Web GUI Worth Using
BEAM tracing is powerful, but the CLI interface pushes most developers toward printf debugging. XTrace wraps Extrace and recon_trace in a web-based interface. Connect to a running Phoenix node, specify target functions in the UI, trigger requests, and analyze invocation data, execution traces, and runtime state visually instead of grepping terminal output. The new release focuses on distributed tracing - connect once and trace function calls that span your whole cluster.
💡 Pro Tip
When Stripe and Your State Machine Disagree, Neither Is Wrong
A paused subscription gets a customer.subscription.updated webhook from Stripe.
The payload says the new status is past_due. Your local state machine has eight states and fifteen valid transitions. Paused can only transition to active. There is no paused-to-past_due edge.
Rejecting the event loses every other field in the payload - period dates, metadata changes, and plan assignments. Forcing the transition lets the dunning engine chase payments on a subscription the customer intentionally paused.
Both choices are wrong because both treat the problem as a sync issue. It is not. Stripe and your local model serve different purposes, and their state machines will diverge.
The fix is a pattern called strip-don't-reject. A single function, maybe_strip_status/3, checks the transition map.
Valid transition? Accept everything. Invalid? Replace the incoming status with the previous status and pass the rest of the payload through untouched.
Period dates, trial dates, metadata, and plan references all survive. Only the illegal status change gets filtered. The local model wins for execution logic, which dunning sequences fire, which notifications send, and which metrics count churn. Stripe wins for billing. Neither is the universal authority.
Pattern matching on guard clauses handles cold starts (nil previous status accepts anything) and no-ops (same status passes through). This deliberate inconsistency is the architecture.
Remember, for webhook state machines:
Strip invalid transitions, never reject full payloads - Webhooks carry more than status changes. Rejecting an event to protect one field means losing every other update in the payload
Separate billing truth from execution truth - Stripe owns payment state. Your app owns business logic state. Design for disagreement, not synchronization
Guard cold starts with nil-matching clauses - New subscriptions have no previous state. Accept whatever the first event sends without consulting the transition map
Log divergence, do not force convergence - When local status drifts from Stripe status, log the gap for reconciliation. Forced transitions break downstream invariants
. TIRED OF DEVOPS HEADACHES? .
Deploy your next Elixir app hassle-free with Gigalixir and focus more on coding, less on ops.
We're specifically designed to support all the features that make Elixir special, so you can keep building amazing things without becoming a DevOps expert.
See you next week,
Michael
P.S. Forward this to a friend who loves Elixir as much as you do 💜
