The Heroku-16 Stack is Now Generally Available

Your Heroku applications run on top of a curated stack, containing the operating system and other components needed at runtime. We maintain the stack – updating the OS, the libraries, and ensuring that known security issues are resolved, so that you can focus on writing code.

Today we're announcing the general availability of Heroku-16, our curated stack based on Ubuntu 16.04 LTS. In addition to a new base operating system, Heroku-16 is updated with the latest libraries. If you’re a Ruby or Python developer, Heroku-16 includes 15% more development headers at build time, making it easier to compile native packages on Heroku. Finally, Heroku-16 offers a better local development experience when using Docker, because of its smaller image size.

Since its beta in March, Heroku-16 has been tested on thousands of applications and is now ready for production on both Common Runtime and Private Spaces apps. Heroku-16 will become

Continue reading “The Heroku-16 Stack is Now Generally Available”

Exploring Hashrocket’s Vimbundle: Vim Hashrocket

Hashrocket committed to Vim early in our history, and it's been a crucial decision. When we set up a new development machine, we
install the Dotmatrix, a library of
configurations that includes our favorite, must-have Vim plugins. This blog
post is part of a series exploring some of those plugins, focusing on Vim Hashrocket.

Vim Hashrocket

Vim Hashrocket is a collection
of settings our team shares. Spend enough time
writing code with Vim on a shared machine, and you'll find that the Vim configuration
file in the root directory (.vimrc) swells to hundreds of lines,
as each developer adds their own favorite settings. Vim Hashrocket codifies that into a plugin. It's a neatly organized
junk drawer that reflects many of our evolving goals as a development team.

Here are a few noteworthy settings in the 227-LOC hashrocket.vim plugin.


:NotRocket (line 36) is one of those

Continue reading “Exploring Hashrocket’s Vimbundle: Vim Hashrocket”

On Building Tools for Developers: Heroku CI

How we built Heroku CI: our product intuition checked against what the market wants (we surveyed ~1000 developers to figure out the latter, and the results were surprising)

Two approaches to building any product are often in tension: designing from inspiration, and designing from information. On the pure inspiration side, you just build the product you dream of, and trust that it will be so awesome and useful, that it will succeed in the market. On the pure information side, you build exactly what the market is asking for, as best you can tell (think: surveys, top customer feature requests, consultants, customer panels).

Our initial design for Heroku CI (currently in public beta) was nearly pure inspiration, in large part from our engineering staff. We had a good idea of our dream CI product, and many of the raw materials to build it (Heroku apps, our build process,


Continue reading “On Building Tools for Developers: Heroku CI”

A Module By Any Other Name: Aliases in Elixir

Modules provide a way for us to organize our code and compose complex

"A module is a collection of functions, something like a namespace. Every
Elixir function must be defined inside a module. To call a function of a
module, you use the syntax ModuleName.function_name(args)."

— Elixir in Action, pg. 22, Saša Jurić

Any module, whether part of the standard library or defined by us,
is available if it has been loaded into memory or is on the BEAM's code
path. It is easy to see this in practice within an IEx session. For
instance, the String and Enum modules are readily accessible.

> "1 2 3"
  |> String.split()
  |> -> String.to_integer(x) * 10 end)
[10, 20, 30]

Enum and String are aliases. They are a convenient syntax

Continue reading “A Module By Any Other Name: Aliases in Elixir”

Embrace the Database with Ecto

The database is a hugely important, and often times underappreciated, part
of the development stack we use to build most web applications.

Web frameworks, such as Ruby on Rails, and their database adapter layers can
sometimes lull us into a false understanding of the world. They leave us so
far removed from the actual database that we sometimes forget it is even
there. It becomes a mysterious black box that we can shovel data into and
then ask very rigid standard questions to get that data back out. When we
treat the database in this way — as a dumb data store — we miss out on all
it has to offer. However, if we seek to understand the database and how to
fully utilize it, we can harness guarantees about the correctness of our
data, build a solid data model, and write expressive, powerful, and highly
performant queries.


Continue reading “Embrace the Database with Ecto”

Running Out Of IDs

People have fingerprints. Products have bar codes. Cars have vehicle
identification numbers (VINs). Internet connected devices have IP
addresses. Anything that needs to be uniquely identifiable tends to have a
mechanism for uniquely identifying it. It makes sense. This is particularly
important for the data that we store as part of the applications we build.
Every user, every product, every financial transaction should all have
some kind of identifier that we can use to uniquely identify it.

The limits of these identifiers is the subject of this post.

Though we can utilize fancier schemes like UUIDs and composite keys, the
most common approach to uniquely identifying records is an id — an
integer that we guarantee is unique. But where do these unique integer ids
come from?

A Sequence

In PostgreSQL, we generally create an id column as a primary key using

create table products (
  id serial 
Continue reading "Running Out Of IDs"

The Glimmer VM: Boots Fast and Stays Fast

Great web applications boot up fast and stay silky smooth once they’ve started.

In other contexts, applications can choose quick loading or responsiveness once they’ve loaded. Great games can get away with a long loading bar as long as they react instantly once the gamer gets going. In contrast, scripting languages like Ruby, Python or Bash optimize for instant boot, but run their programs more slowly.

To optimize for boot time, scripting languages use interpreters and avoid expensive compilation steps. To optimize for responsiveness, games pre-fill their caches and do as much work up front as they can get away with. The web demands that we do both at the same time: users coming from search results pages must see content within a second on modern devices, but also demand 60fps once the application gets going.

Over the years, web browsers have responded to this requirements with more JIT tiers

Fast Updates in Ember

Continue reading “The Glimmer VM: Boots Fast and Stays Fast”

Encryption with gpg, a story (really, a tutorial)

GPG is a compatible replacement of PGP. That, in and of itself, is confusing.

That each acronym is sufficiently obtuse on its own is enough to prompt a less
privacy minded developer to give up. GPG stands for Gnu Privacy Guard and PGP
stands for Pretty Good Privacy. Pretty Good Privacy came first and prompted
the government to prosecute the creator, Phil Zimmerman, for exporting
munitions illegally. He published the code in a book, and then he was
exporting a book not munitions.

The first thing to understand about gpg is that it is not like openssl.
openssl takes inputs and delivers outputs and maintains no state inbetween
requests. gpg, on the other hand, functions as a key server along with
encrypting, decrypting and key generation. It runs in the background, a
daemon, and manages your private keys and the public keys of others. It is a

Continue reading “Encryption with gpg, a story (really, a tutorial)”

Sockets in a Bind

Back on August 11, 2016, Heroku experienced increased routing latency in the EU region of the common runtime. While the official follow-up report describes what happened and what we've done to avoid this in the future, we found the root cause to be puzzling enough to require a deep dive into Linux networking.

The following is a write-up by SRE member Lex Neva (what's SRE?) and routing engineer Fred Hebert (now Heroku alumni) of an interesting Linux networking "gotcha" they discovered while working on incident 930.

The Incident

Our monitoring systems paged us about a rise in latency levels across the board in the EU region of the Common Runtime. We quickly saw that the usual causes didn’t apply: CPU usage was normal, packet rates were entirely fine, memory usage was green as a summer field, request rates were low, and socket usage was well within the acceptable

Continue reading “Sockets in a Bind”

N+1 Queries or Memory Problems: Why not Solve Both?

This post is going to help save you money if you're running a Rails server. It starts like this: you write an app. Let's say you're building the next hyper-targeted blogging platform for medium length posts. When you login, you see a paginated list of all of the articles you've written. You have a Post model and maybe for to do tags, you have a Tag model, and for comments, you have a Comment model. You write your view so that it renders the posts:

<% @posts.each do |post| %>
  <%= link_to(post, post.title) %>
  <%= teaser_for(post) %>
  <%= "#{post.comments.count} comments"
<% end %>

<%= pagination(@posts) %>

See any problems with this? We have to make a single query to return all the posts – that's where the @posts comes from. Say that there are N posts returned. In the code above, as the view iterates over

Continue reading “N+1 Queries or Memory Problems: Why not Solve Both?”

Now in print: iOS 10 SDK Development: Creating iPhone and iPad Apps with Swift

Announcing Free and Automated SSL Certs For All Paid Dynos

We are happy to announce the general availability of Automated Certificate Management (ACM) for all paid Heroku dynos. With ACM, the cumbersome and costly process of provisioning and managing SSL certificates is replaced with a simple experience that is free for all paid Dynos on Heroku’s Common Runtime. Creating secure web applications has never been more important, and with ACM and the Let’s Encrypt project, never easier.

ACM handles all aspects of SSL/TLS certificates for custom domains; you no longer have to purchase certificates, or worry about their expiration or renewal. ACM builds directly on our recent release of Heroku Free SSL to make encryption the default for web applications and helps you protect against eavesdropping, cookie theft, and content hijacking. Heroku has always made it easy to add SSL encryption to web applications — today’s release of ACM extends that further to automatically generate a TLS certificate issued by

Continue reading “Announcing Free and Automated SSL Certs For All Paid Dynos”

Functional Web Development with Elixir, OTP, and Phoenix

Titled URL Slugs in Phoenix

Today I Learned has a feature I love that
we call 'titled slugs'. This week I reimplemented it in Phoenix.

Here's an overview of the feature. Visit any post on 'Today I Learned', and
the URL looks like this:

61e2f0db67 is the url_slug for the post, a unique string that does not
change. But what's with the rest of the URL? -logrotation-for-a-rails-app is
a slugified version of the title of the post. It makes the URL easier to read,
and might improve our SEO in some magical way.

Bur what happens if an author changes the title? The slugified version of the
title should change, altering the URL and breaking any old links to the post.

To test this scenario, visit this link, and look at the URL in your browser:

Surprised? The feature I want to discuss today allows you to remove or

Continue reading “Titled URL Slugs in Phoenix”

A Common-Sense Guide to Data Structures and Algorithms

Design It! From Programmer to Software Architect

Introducing the Einstein Vision Add-on for Image Recognition

The most innovative apps augment our human senses, intuition, and logic with machine learning. Deep learning, modelled after the neural networks of the human brain, continues to grow as one of the most powerful types of machine learning. When applied to images, deep learning enables powerful computer vision features like visual search, product identification, and brand detection.

Today, we bring you the Einstein Vision add-on (beta), allowing Heroku developers to easily connect to and use Einstein Vision, a set of powerful new APIs for building AI-powered apps. With this release, Salesforce is making it easy for you to embed image recognition directly into your apps. Rather than building and managing the specialized infrastructure needed to host deep learning models, simply connect to Einstein Vision's HTTP/REST API for custom image recognition with little development overhead.

Use Einstein Vision to discover your products across your social media channels, analyze

Continue reading “Introducing the Einstein Vision Add-on for Image Recognition”

Yarn: Lock It in for Deterministic Dependency Resolution

Choices are an important part of a healthy open source software community. That’s why we’re excited about Yarn, a new package manager that addresses many of the problems with Node’s default package manager, npm. While npm has done a fantastic job creating a large and vibrant JavaScript ecosystem, I want to share why Yarn is an important addition to the Node.js ecosystem, how it will improve your Node.js development experience, and how Heroku has incorporated it into the build process for your Heroku apps.

Yarn Logo

We began testing Yarn almost immediately after it was released, and began fully supporting it on December 16.

About Yarn

Yarn was released in October 2016 and made a big splash immediately. And while it came out of Facebook, Yarn is a true open source project: it has a BSD license, clear contribution guidelines and code of conduct. Big changes to Yarn are


Continue reading “Yarn: Lock It in for Deterministic Dependency Resolution”

Books I Liked In 2016 Part Two

Here’s part two of my 2016 “Books I Liked List”. This is the list of books I really, really liked, for the list of books I just liked one “really” worth, head here. All the book titles like to the Kindle edition of the book, so enjoy.

All The Birds in the Sky by Charlie Jane Anders

I really did like this book quite a bit, though not as much as other people: you’ll find several online lists that have it as the best or one of the two or three best books of the year. (It was also one of three books on both these lists to be nominated for a Nebula Award for best Novel.) (Though now that I think about it, we’ve also got a Novella nominee in here.)

The book features two characters, he’s basically a mad scientist, she’s basically a magician. They meet

Continue reading “Books I Liked In 2016 Part Two”

Bundler Changed Where Your Canonical Ruby Information Lives: What You Need to Know

Heroku bumped its Bundler version to 1.13.7 almost a month ago, and since then we've had a large number of support tickets opened, many a variant of the following:

Your Ruby version is <X>, but your Gemfile specified <Y>

I wanted to talk about why you might get this error while deploying to Heroku, and what you can do about it, along with some bonus features provided by the new Bundler version.


First off, why are you getting this error? On Heroku in our Ruby Version docs, we mention that you can use a Ruby directive in your Gemfile to specify a version of Ruby. For example if you wanted 2.3.3 then you would need this:

# Gemfile

ruby "2.3.3"

This is still the right way to specify a version, however recent versions of Bundler introduced a cool new feature. To understand

Continue reading “Bundler Changed Where Your Canonical Ruby Information Lives: What You Need to Know”