Heroku Blog
- Engineering
- Last Updated: March 29, 2024
- Jonan Scheffler
I sat down with some Ruby friends in Hiroshima last year to have a conversation about just-in-time compilation for Ruby, specifically the new MJIT method-based implementation. Those of you who are already familiar with JITs and how they work might want to skip directly to the interview, the rest of us are going to hang out for a minute and learn about how things presently work in Ruby, and what it is exactly that …
- Engineering
- Last Updated: June 03, 2024
- Etienne Stalmans
At Heroku we consistently monitor vulnerability feeds for new issues. Once a new vulnerability drops, we jump into action to triage and determine how our platform and customers may be affected. Part of this process involves evaluating possible attack scenarios not included in the original vulnerability report. We also spend time looking for “adjacent” and similar bugs in other products. The following Ruby vulnerability was identified during this process.
A vulnerability, CVE-2017-8817, …
- Ecosystem
- Last Updated: March 21, 2018
- Arif Gursel
Asynchronous provisioning allows add-ons to perform out-of-band provisioning in a first-class way. It’s intended for add-on services that need extended time to set up and help make automated app setup and orchestration easier and less error-prone.
The customer will be billed as soon as the add-on starts provisioning. This means the time and cost of provisioning your service is accounted for in how much a customer pays. As such, you should make every effort to …
- News
- Last Updated: June 03, 2024
- Nahid Samsami
Today we're excited to announce that we've open sourced oclif, a framework for building command line interfaces.
We built oclif to serve as the common foundation for both the Heroku and Salesforce CLIs and to abstract away the common struggles. The framework is now available to any developer for building CLIs large or small. oclif makes building CLIs more accessible by providing you with the patterns and tools to scaffold a working command line …
- Engineering
- Last Updated: March 13, 2018
- Ryan Townsend
Editor’s Note: One of the joys of building Heroku is hearing about the exciting applications our customers are crafting. SHIFT Commerce – a platform helping retailers optimize their e-commerce strategy – is a proud and active user of Heroku in building its technology stack. Today, we’re clearing the stage for Ryan Townsend, CTO of SHIFT, as he provides an overview of SHIFT’s journey into building microservices architecture with the support of Apache Kafka on Heroku.
Software architecture has been a continual debate since software first came into existence. The latest iteration of this long-running discussion is between monoliths and microservices – large self-contained applications vs multiple smaller applications integrated together – but an even bigger question lies under the surface of our architecture philosophy: why does this even matter?
- Engineering
- Last Updated: May 30, 2024
- Etienne Stalmans
Containers, specifically Docker, are all the rage. Most DevOps setups feature Docker somewhere in the CI pipeline. This likely means that any build environment you look at, will be using a container solution such as Docker. These build environments need to take untrusted user-supplied code and execute it. It makes sense to try and securely containerize this to minimize risk.
In this post, we’re going to explore how a small misconfiguration in a build environment …
Subscribe to the full-text feed.