Incident Response at Heroku

As a service provider, when things go wrong you try to get them fixed as quickly as possible. In addition to technical troubleshooting, there’s a lot of coordination and communication that needs to happen in resolving issues with systems like Heroku’s.

At Heroku we’ve codified our practices around these aspects into an incident response framework. Whether you’re just interested in how incident response works at Heroku, or looking to adopt and apply some of these practices for yourself, we hope you find this inside look helpful.

Read more →

Two-factor Auth in Public Beta

Today, we’re excited to announce public beta of two-factor authentication for Heroku accounts. With two-factor auth enabled, an authentication code is required whenever you log in. The code is delivered using an app on your smartphone, and access to your phone becomes a required factor (in addition to your password) to access Heroku. An attacker that has somehow discovered your password will not be able to log in using just your password.

Read more →

Introducing the new PHP on Heroku

PHP developers are makers at heart. The core strength of PHP has always been in creating a tight feedback cycle between developers and their audiences. That strength is the reason why PHP powers so many of the world’s biggest and best web properties such as Facebook and Etsy. But as developers of those and similar apps know, PHP hasn’t always enjoyed some of the runtime, management or infrastructure elements its peer communities like Ruby on Rails, Python with Django, and Node have had for some time.

As one of the web’s largest PHP shops, Facebook has been an advocate and innovator for the language, but it’s been hard for PHP developers beyond Facebook’s walls to take advantage of that innovation. We’ve been fortunate to work with Facebook on a variety of occasions, and with their F8 Conference next door to our office here in San Francisco, we thought it would be a great opportunity to help bring some of their and the PHP communities’ latest innovations to developers everywhere, by announcing today full Heroku support for the new PHP. If you are in town for F8, please join us tonight for a pre-conference PHP meetup at our office right next door to the main venue.

Read more →

PHP – a look back, a look forward

The history of PHP is the history of the web. Long-time developers will remember how PHP changed the universe of web development. PHP brought two key innovations to the table when it first launched. First, it was interpreted, which meant you could edit a file in place, then refresh the page and see the result. This quick feedback loop was why so many started with PHP and is still a cornerstone of what makes the language so useful. Second, it was the first widespread templating language which enabled intermixing of HTML and PHP code. Every other major web language and framework since PHP has followed suit.

Over time, PHP became a cornerstone of the “LAMP stack”. The LAMP stack consisted of Linux, Apache, MySQL, and PHP, and helped to define the world of open source we all take for granted today. The ubiquity of open-source software in web development is near-absolute now, but it was the success of these technologies that redefined an industry.

Of course PHP wasn’t perfect and other languages and their frameworks came along to contend with PHP as the years went by. In fact, Heroku’s founders ran a PHP consultancy called Bitscribe which focused on PHP development before founding Heroku. They eventually moved from PHP on to Ruby on Rails, which led to the creation of Heroku when they discovered that the Rails ecosystem lacked good hosting options.

Read more →

Beyond Heartbleed: Improved Security for Encrypted Connections

The announcement earlier this month of the “Heartbleed” bug (CVE-2014-0160) in OpenSSL once again focused attention on the technology used to secure communications on the Internet. Heartbleed was a very serious vulnerability and we moved as quickly as possible to patch systems and eliminate this threat on behalf of our customers.

But security is not just about fire drills, there are many steps that can be taken over time to continually improve security. Over the last months we have rolled out several security improvements to Heroku SSL Endpoints, including:

Read more →

Browse the blog archives or subscribe to the full-text feed.