Elixir Mentor

In this episode of the Elixir Mentor Podcast, I sit down with Jason Allum, creator of Bedrock and Beadwork and a 40-year veteran of computing, to talk about Bedrock: an embedded, distributed key-value store for Elixir with guarantees that go beyond ACID.
Jason walks through the problem Bedrock solves, keeping distributed state consistent when the same data is read and written across many nodes. We get into why the BEAM's decades-old ideas map cleanly onto today's AI and agent workloads, how Bedrock borrows its architecture from FoundationDB, and what serializable transactions actually buy you over plain ACID.
From there we dig into the machinery: log servers versus storage servers, the five-second version window and MVCC, letting it crash with supervision-tree thinking across a cluster, and how rows can live as values while indexes become keys. Jason also covers running distributed jobs with leases and what it takes to swap Postgres out for Bedrock.
Along the way Jason makes the case that none of this is magic, that the real wins come from understanding your machine and the shape of your data. We finish on Beadwork, his lightweight system for managing agent tickets directly in git. If you build with Elixir or care about distributed databases, there's a lot here to chew on.
Connect with Jason:
- X/Twitter:https://x.com/mullaj
- GitHub:https://github.com/jallum
Projects:
- Bedrock:https://github.com/bedrock-kv/bedrock
- Beadwork:https://github.com/jallum/beadwork
Resources Mentioned:
- Notes on the FoundationDB paper:https://uvdn7.github.io/notes-on-the-foundationdb-paper/
- FoundationDB architecture:https://apple.github.io/foundationdb/architecture.html
- Raft consensus algorithm (GeeksforGeeks):https://www.geeksforgeeks.org/system-design/raft-consensus-algorithm/
- The Raft Consensus Algorithm:https://raft.github.io/
Sponsors:
- BEAMOps:https://beamops.co.uk
- Paraxial.io:https://paraxial.io
- Jido (Elixir AI Collective Discord):https://agentjido.xyz/discord
SUPPORT ELIXIR MENTOR
- Elixir Mentor:https://elixirmentor.com

Michael Lubas, CEO of Paraxial.io, returns to the Elixir Mentor Podcast to talk about AI's dual role in cybersecurity: finding the vulnerabilities and writing the code that creates them. Michael was my first-ever guest, and a lot has changed since his last appearance — most of it driven by the inflection point of the past six months.
We open with the Hex package manager penetration test that Paraxial conducted as part of the Aegis initiative under the Erlang Ecosystem Foundation, funded through Alpha Omega and its donors. Michael caught a remote code execution vulnerability before it shipped, and the public report gives Elixir a strong story to tell about the security of its package ecosystem. From there we get into GitHub Actions supply chain attacks, why zizmor is the tool every maintainer should be running, and the recent campaigns where malicious code targets release pipelines rather than application source.
The conversation turns to the AI inflection point. The Erlang Ecosystem Foundation's CNA issued nine CVEs in all of 2025 and is on track for well over a hundred in 2026, driven by researchers like Peter Ullrich using AI to find vulnerabilities that already existed in source code. Firefox went from an average of 20 valid bug reports a month to over 400 in April 2026. Michael argues that Anthropic and OpenAI have been responsible stewards of these capabilities, and that defenders without access to state-of-the-art models are at a structural disadvantage. We also talk about why bug bounty programs are collapsing under AI-generated noise — something I experienced firsthand running Killswitch's program earlier this year.
In the second half we get practical. Michael walks through what a real penetration test costs, when Claude Code is actually useful for solo developers, and the common Elixir-specific gotchas: binary term deserialization, server-side request forgery, dynamic atom creation, and the importance of staying inside Ecto's default query syntax. We also touch on Erik Stenman's BEAM Book, the difference between Paraxial and Sobelow, and what SOC 2 compliance does and does not cover.
Resources Mentioned:
- Securing Hex, the Backbone of the Elixir Ecosystem (Paraxial blog): https://paraxial.io/blog/hex-pentest
- Hex Package Manager security audit report: https://hex.pm/reports/2026/paraxial.pdf
- Erlang Ecosystem Foundation CNA: https://cna.erlef.org/
- Behind the Scenes Hardening Firefox with Claude (Mozilla Hacks): https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/
- Project Glasswing (Anthropic): https://www.anthropic.com/project/glasswing
- The First CVE Wave (VulnCheck): https://www.vulncheck.com/blog/ai-assisted-vulnerability-discovery
- Third major Linux kernel flaw in two weeks found by AI (ZDNet): https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai/
- What the CVE? — Peter Ullrich: https://peterullrich.com/what-the-cve
- Nicholas Carlini, "Black Hat LLMs" (unprompted 2026): https://www.youtube.com/watch?v=1sd26pWhfmg
Connect with Michael:
- Website: https://paraxial.io
- X/Twitter: https://x.com/paraxialio
- LinkedIn: https://www.linkedin.com/in/michaellubas/
- GitHub: https://github.com/paraxialio
Sponsors:
- BEAMOps: https://beamops.co.uk
- Paraxial.io: https://paraxial.io
- Jido — Elixir AI Collective Discord: https://agentjido.xyz/discord
- Support Elixir Mentor: https://elixirmentor.com

In this episode of the Elixir Mentor Podcast, I chat with Vasilis Spilka, Head of Software Development at Teacherspace, about building agentic software as a solo developer, the pairing of Ash and LLMs, and what it takes to ship a startup side project alongside a day job.
Vasilis shares his path from Ruby on Rails in 2014 to nearly a decade of Elixir work across fintech, supply chain, and ad tech. We talk through Teacherspace's recent acquisition, the challenges of integrating with legacy Danish education contractors, and the three pivots it took to land on a working product.
We spend a good chunk of the episode on Ash: why its unique DSL and introspection make it unusually strong with LLMs, how Spark lets you build your own DSLs, and why usage rules plus Igniter are a game-changer for library authors. Vasilis walks through his Claude Code workflow, the sculpting approach he uses for prototypes, and where he still won't let the LLM near — system design and API keys.
The conversation also covers Communities, his local-first social platform; the paperclip-style autonomous company idea he's exploring with ash_typescript; whether LLMs actually understand anything; and the unglamorous reality of getting a consumer product off the ground through networking and volunteering. We close with practical tips on prompt phrasing and skill-file tweaks that meaningfully change output quality.
Resources Mentioned:
- Ash Framework: https://ash-hq.org
- Tidewave: https://tidewave.ai
- Igniter: https://hexdocs.pm/igniter
- ash_typescript: https://github.com/ash-project/ash_typescript

Connect with Vasilis:
- X/Twitter: https://x.com/vasspilka
- GitHub: https://github.com/vasspilka
Sponsors:
- BEAMOps: https://beamops.co.uk
- Paraxial.io: https://paraxial.io
- Jido (Elixir AI Collective Discord): https://agentjido.xyz/discord
SUPPORT ELIXIR MENTOR
- Elixir Mentor: https://elixirmentor.com

In this episode of the Elixir Mentor Podcast, I sit down with Luca Corti, CTO at Sibill, a Milano-based fintech startup building cash flow management software for Italian small and medium businesses. Luca walks through his path from the early days of the internet at a small ISP in Milano to discovering functional programming at a major Italian telco—and why Elixir clicked for him immediately after years of fighting mutable state in OOP.
Luca shares how he joined Sibill with an existing Python and TypeScript MVP, made the case for Elixir as the stack to rebuild on, and navigated integration with open banking APIs and Italy's national electronic invoicing system (SDI). We cover bank sync scheduling with Broadway and message queues, scaling a venture-backed engineering team to 40, and how fintech requirements around data privacy shape day-to-day engineering decisions.
The conversation goes deep on the BEAM's real superpower—fault tolerance and resilience over raw concurrency—and Luca's hands-on approach to learning by building: an HTTP/2 server in Elixir a decade ago, and more recently using AI to help implement an HTTP/3 library. We also discuss hiring into an Elixir codebase, the challenges of selling SaaS to Italian SMBs accustomed to on-premises software, and a grounded take on AI tooling—useful, with clear limits, and nowhere close to replacing experienced engineers.
Resources Mentioned:
- Sibill: https://sibill.com
- ankh (HTTP/2 library): https://github.com/lucacorti/ankh
- lapin (AMQP client): https://github.com/lucacorti/lapin
Connect with Luca:
- X/Twitter: https://x.com/lucacorti
- LinkedIn: https://www.linkedin.com/in/lucacorti
- GitHub: https://github.com/lucacorti
Sponsors:
- Paraxial.io: https://paraxial.io
- Jido (Elixir AI Collective Discord): https://agentjido.xyz/discord
SUPPORT ELIXIR MENTOR
- Elixir Mentor: https://elixirmentor.com

Steve Domino is the co-founder and CTO of Crew, a fintech startup building what he calls the most powerful checking account in the world — one with programmable automation rules, a family-scoped AI financial assistant, and zero of the fees that make traditional banking frustrating. He came up through startups, spent time at Divvy before its Bill.com acquisition, and brought his Elixir experience directly into Crew's foundation.
We cover a lot of ground on the product side: how Crew's "Autopilot" rules engine lets users program their money (and the recursion checks it took to make that safe), why Crew consolidated savings and checking into a single account, how the team handles high-value deposits without physical branches, and what's coming — business accounts, wills and trusts, family investing, and a credit card designed to work like a debit card. Steve also talks through the challenge of projecting bills years into the future to keep balance reservations accurate, and how building and using your own product surfaces problems fast.
On the Elixir side, Steve talks about why fintech is a natural fit for the BEAM — Crew decisions on card transactions in under 250 milliseconds — and how Oban became central to their reliability story when partner services go down. He shares what drew him to Elixir personally (pattern matching, the pipe operator, the with block), reflects on the Utah Elixir ecosystem that Divvy and Podium helped build, and explains how Penny, their AI financial assistant, is scoped per family so it can never reach outside a user's own data.
We also spend time on career and engineering culture: Steve's take on the "Extreme Ownership" mindset that shaped how he grew into a leadership role, why he asks candidates to design something they'd actually build at Crew instead of solving puzzles, and his honest concern that developers leaning entirely on AI may lose the ability to think critically about architecture. Good conversation throughout.
Resources Mentioned:
- Extreme Ownership (book): Amazon
- Oban: oban.pro

Connect with Steve:
- Crew: trycrew.com
- LinkedIn: linkedin.com/in/steve-domino
SUPPORT ELIXIR MENTOR
- Elixir Mentor: elixirmentor.com
SPONSORS
- Paraxial.io — Elixir-first app security: paraxial.io
- BEAMOps — Scalable Elixir infrastructure: beamops.co.uk
- Jido — Elixir AI Collective Discord: agentjido.xyz/discord