Engineering
- Engineering
- Last Updated: June 03, 2024
- Charlie Gleason
How to blend a rock-solid CMS and API with the absolute best in front-end tooling, built as a single project and hosted seamlessly on Heroku.
Rails is an incredible framework, but modern web development has moved to the front-end, meaning sometimes you don’t need all the bulk of the asset pipeline and the templating system. In Rails 5 you can now create an API-only Rails app, meaning you can build your front-end however you like—using Create React App, for example. It’s no longer 100% omakase .
And for projects that don’t need CMS-like capabilities,…
- Engineering
- Last Updated: June 03, 2024
- Richard Schneeman
Rails 5.2 was just released last month with a major new feature: Active Storage. Active Storage provides file uploads and attachments for Active Record models with a variety of backing services (like AWS S3). While libraries like Paperclip exist to do similar work, this is the first time that such a feature has been shipped with Rails. At Heroku, we consider cloud storage a best practice, so we've ensured that it works on our platform. In this post, we'll share how we prepared for the release of Rails 5.2, and how you can deploy an app today using the…
- Engineering
- Last Updated: March 29, 2024
- Jonan Scheffler
I sat down with some Ruby friends in Hiroshima last year to have a conversation about just-in-time compilation for Ruby, specifically the new MJIT method-based implementation. Those of you who are already familiar with JITs and how they work might want to skip directly to the interview , the rest of us are going to hang out for a minute and learn about how things presently work in Ruby, and what it is exactly that the MJIT would change.
Computers don’t speak Ruby or any other high-level language, they…
- Engineering
- Last Updated: June 03, 2024
- Etienne Stalmans
At Heroku we consistently monitor vulnerability feeds for new issues. Once a new vulnerability drops, we jump into action to triage and determine how our platform and customers may be affected. Part of this process involves evaluating possible attack scenarios not included in the original vulnerability report. We also spend time looking for “adjacent” and similar bugs in other products. The following Ruby vulnerability was identified during this process.
A vulnerability, CVE-2017-8817 , was identified in libcurl. The FTP function contained an out of bounds read when processing wildcards. As soon as the vulnerability was made…
- Engineering
- Last Updated: March 13, 2018
- Ryan Townsend
Editor’s Note: One of the joys of building Heroku is hearing about the exciting applications our customers are crafting. SHIFT Commerce – a platform helping retailers optimize their e-commerce strategy – is a proud and active user of Heroku in building its technology stack. Today, we’re clearing the stage for Ryan Townsend, CTO of SHIFT , as he provides an overview of SHIFT’s journey into building microservices architecture with the support of Apache Kafka on Heroku. Software architecture has been a continual debate since software first came into existence. The latest iteration of this long-running discussion is between…
- Engineering
- Last Updated: May 30, 2024
- Etienne Stalmans
Containers, specifically Docker, are all the rage. Most DevOps setups feature Docker somewhere in the CI pipeline. This likely means that any build environment you look at, will be using a container solution such as Docker. These build environments need to take untrusted user-supplied code and execute it. It makes sense to try and securely containerize this to minimize risk.
In this post, we’re going to explore how a small misconfiguration in a build environment can create a severe security risk.
It's important to note that this post does not describe any inherent vulnerability in Heroku, Docker,…
- Engineering
- Last Updated: April 02, 2024
- Caleb Hearth
Observatory by Mozilla helps websites by teaching developers, system administrators, and security professionals how to configure their sites safely and securely.
Let's take a look at the scores Observatory gives for a fairly straightforward Static Buildpack app, https://2017.keeprubyweird.com .
Test
Pass
Score
Explanation Content Security Policy ✗
-25
Content Security Policy (CSP) header not implemented Cookies ―
0
No cookies detected Cross-origin Resource Sharing ✔
0
Content is not visible via cross-origin resource sharing (CORS) files or headers
HTTP Public Key Pinning
―
0
HTTP Public Key Pinning (HPKP) header not implemented (optional) HTTP Strict Transport Security ✗
-20
HTTP Strict Transport Security (HSTS) header not implemented…
- Engineering
- Last Updated: May 16, 2024
- Damien Mathieu
Kubernetes is a container orchestration system that originated at Google, and is now being maintained by the Cloud Native Computing Foundation . In this post, I am going to dissect some Kubernetes internals—especially, Deployments and how gradual rollouts of new containers are handled.
This is how the Kubernetes documentation describes Deployments:
A Deployment controller provides declarative updates for Pods and ReplicaSets.
A Pod is a group of one or more containers which can be started inside a cluster. A pod started manually is not going to…
- Engineering
- Last Updated: June 03, 2024
- Randall Degges
The following is the story of how Randall Degges created a simple API to solve the common problem of external IP address lookup and how he scaled it from zero to over 10 thousand requests per second (30B/month!) using Node.js and Go on Heroku. Several years ago I created a free web service, ipify . It is a highly scalable IP address lookup service. When you make a GET request against it, it returns your public-facing IP address. Try it out yourself!
I created ipify because, at the time, I was building complex infrastructure management software and needed…
- Engineering
- Last Updated: December 19, 2017
- Jeff Chao
Designing scalable, fault tolerant, and maintainable stream processing systems is not trivial. The Kafka Streams Java library paired with an Apache Kafka cluster simplifies the amount and complexity of the code you have to write for your stream processing system.
Unlike other stream processing systems, Kafka Streams frees you from having to worry about building and maintaining separate infrastructural dependencies alongside your Kafka clusters. However, you still need to worry about provisioning, orchestrating, and monitoring infrastructure for your Kafka Streams applications.
Heroku makes it easy for you to deploy, run, and scale your Kafka Streams applications by…
Subscribe to the full-text RSS feed for Charlie Gleason.