Earlier this month, the OpenSSL project team announced that three days later it would be releasing a new version of OpenSSL to address a high-severity security defect. In the end, this vulnerability resulted in another non-event for our customers, but we thought it might be useful and informative to share the process we went through to prepare for the issue.

Triage

The announcement from the OpenSSL project team only said that a vulnerability would be patched, but kept the specifics of the vulnerability embargoed to limit the likelihood of an attack before they could release their patch. Obviously, it’s difficult to gauge the potential impact of a vulnerability when you don’t know the...


Heroku Connect provides seamless data synchronization between Heroku Postgres databases and Salesforce organizations. Without writing a single line of integration code, you can sync hundreds of millions of Salesforce records in near real time using a simple point-and-click UI. Resiliency and data consistency are assured with robust automatic error recovery and easy to use Salesforce centric logging capabilities. We’re pleased to announce that beginning July 2, 2015, Heroku Connect’s data synchronization with your Salesforce organization -- which relies on the SOAP API -- will no longer be constrained by your Salesforce API usage limits. Customers can now focus on using Heroku Connect to...


In February, we announced Heroku Enterprise, with collaboration and management capabilities for building and running your app portfolio in a governable and secure way on Heroku. We also introduced fine-grained access controls with app privileges as a beta feature. Today, we are pleased to announce general availability of this feature: Heroku Enterprise accounts are now automatically enabled for fine-grained access controls. We're very happy to deliver this feature that many of our largest customers have requested.

"Enterprises need greater visibility around applications and scalability, and Heroku Enterprise adds those features to the core Heroku value proposition," said...


Today, we're excited to introduce Go as the newest officially supported language on Heroku. Over the last 2 years we’ve fallen in love with Go, an expressive, concise, clean, and efficient language with built-in concurrency, making it easy to write and maintain network services, microservices and high-traffic API endpoints.

Now when writing Go you can leverage Heroku’s great developer experience and platform to quickly build apps your users can depend on. This includes the familiar git push heroku master, review apps, metrics within your dashboard, and much more. As you'd expect, Heroku doesn't introduce any changes to your Go application runtime or dependencies. Your code is...


Fun fact: the Heroku API consumes more endpoints than it serves. Our availability is heavily dependent on the availability of the services we interact with, which is the textbook definition of when to apply the circuit breaker pattern.

And so we did:

API web queue, p95 latencies

Circuit breakers really helped us keep the service stable despite third-party interruptions, as this graph of p95 HTTP queue latency shows.

Here I'll cover the benefits, challenges and lessons learned by introducing this pattern to a large scale production app.

A brief reminder that everything fails

Our API composes over 20 services – some public (S3, Twilio), some internal (run a process, map DNS record to an app) and some provided...


Browse the blog archives or subscribe to the full-text feed.