I sat down with some Ruby friends in Hiroshima last year to have a conversation about just-in-time compilation for Ruby, specifically the new MJIT method-based implementation. Those of you who are already familiar with JITs and how they work might want to skip directly to the interview, the rest of us are going to hang out for a minute and learn about how things presently work in Ruby, and what it is exactly that the MJIT would change.

How does a Ruby program run?

Computers don’t speak Ruby or any other high-level language, they only speak machine language. In a compiled language like C++ you use a compiler to convert all of your C++ code into machine language directly before you run...


At Heroku we consistently monitor vulnerability feeds for new issues. Once a new vulnerability drops, we jump into action to triage and determine how our platform and customers may be affected. Part of this process involves evaluating possible attack scenarios not included in the original vulnerability report. We also spend time looking for "adjacent" and similar bugs in other products. The following Ruby vulnerability was identified during this process.

Vulnerability Triage

A vulnerability, CVE-2017-8817, was identified in libcurl. The FTP function contained an out of bounds read when processing wildcards. As soon as the vulnerability was made public, we went through our...


Asynchronous provisioning allows add-ons to perform out-of-band provisioning in a first-class way. It’s intended for add-on services that need extended time to set up and help make automated app setup and orchestration easier and less error-prone.

The customer will be billed as soon as the add-on starts provisioning. This means the time and cost of provisioning your service is accounted for in how much a customer pays. As such, you should make every effort to provision expediently so customers get value from your service as quickly as possible.

Add-ons that take longer than 12 hours to provision (or those your service fails to mark as “provisioned” via the API in that time period) will be...


Today we're excited to announce that we've open sourced oclif, a framework for building command line interfaces.

We built oclif to serve as the common foundation for both the Heroku and Salesforce CLIs and to abstract away the common struggles. The framework is now available to any developer for building CLIs large or small. oclif makes building CLIs more accessible by providing you with the patterns and tools to scaffold a working command line interface. It provides a structure for simple to advanced CLIs, including documentation, testing, and plugins for adding new commands.

Screen Shot 2018-03-19 at 11

With oclif you can get up and running with your command line interface quickly, and focus on the...


Editor’s Note: One of the joys of building Heroku is hearing about the exciting applications our customers are crafting. SHIFT Commerce - a platform helping retailers optimize their e-commerce strategy - is a proud and active user of Heroku in building its technology stack. Today, we’re clearing the stage for Ryan Townsend, CTO of SHIFT, as he provides an overview of SHIFT’s journey into building microservices architecture with the support of Apache Kafka on Heroku.


Software architecture has been a continual debate since software first came into existence. The latest iteration of this long-running discussion is between monoliths and microservices – large self-contained applications vs...


Browse the blog archives or subscribe to the full-text feed.