OpenSSL Heartbleed Security Update

Yesterday the OpenSSL Project released an update to address the CVE-2014-0160 vulnerability, nicknamed “Heartbleed.” This serious vulnerability affects a substantial number of applications and services running on the internet, including Heroku.

All Heroku users should update their passwords as a precautionary measure. If you are currently running the SSL Endpoint add-on, you should re-key and reissue your certificate and update it as it may have been exposed. As of Tuesday, April 8 at 15:55 UTC, all Heroku certificates, infrastructure, and Heroku Postgres have been updated and are no longer vulnerable. Continue reading for further details on each affected vector.

Read more →

Heroku at the AWS Summit SF - Wed March 26th

AWS Summit SF is coming up on Wed March 26th at Moscone South. We are thrilled to be sponsoring the Developer Lounge. Heroku engineers and staff will be available throughout the day to answer your questions about Heroku; developing Ruby, Python, and Node apps on Heroku; Heroku Postgres; and the architecture of apps using both Heroku and AWS.

If you plan on attending, please stop by, say hello, and bring your questions. Or you can just play ping pong. If you would like to set up an appointment for a specific time, please send us an email.

Hacking Hack on Heroku

Anytime a new language comes out it’s fun to immediately download it and give it a try. Yesterday Facebook announced Hack, a programming language they developed for HHVM which interoperates seamlessly with PHP. Facebook itself is already running on Hack, and it looks to deliver some exciting improvements from its PHP influence, we thought we’d make it a bit easier for you to run your own apps on Hack by working with them to create a Heroku buildpack. To highlight a few of the awesome things about Hack:

  • Many PHP files are already valid Hack, so you can just start with an existing PHP project
  • Gradual typing, which lets dynamic and statically typed code play well together
  • More language features including: collections, lambdas, and run-time enforcement of return types and parameter types
Read more →

10 Habits of a Happy Node Hacker

For most of the nearly twenty years since its inception, JavaScript lacked many of the niceties that made other programming languages like Python and Ruby so attractive: command-line interfaces, a REPL, a package manager, and an organized open-source community. Thanks in part to Node.js and npm, today's JavaScript landscape is dramatically improved. Web developers wield powerful new tools, and are limited only by their imagination.

What follows is a list of tips and techniques to keep you and your node apps happy.

Read more →

SxSW Starts Today!

SxSW Interactive starts today. The crowds have arrived, the sessions have begun, and the ExactTarget Orange Oasis is open. Please stop by and say hello at the Heroku purple pavilion there, or schedule a private meeting or demo.

Check out the SXSW Fitbit Leaderboard from ExactTarget while you are here. This Heroku app logs and tracks your steps at SxSW. You can join the Leaderboard by logging into Fitbit, and sending a mail to fitbit@exacttarget.com.

Also join us for the Heroku SxSW meetup on Sun from 5 - 8p. We'll have food, a haiku poetry slam, and drinks.

Have a great (and safe) SxSW, and hope to see you there. The Heroku Team

Browse the blog archives or subscribe to the full-text feed.