Hacker News: lstoll

An Update on Heroku

lstoll — Fri, 06 Feb 2026 15:20:23 +0000

Article URL: https://www.heroku.com/blog/an-update-on-heroku/

Comments URL: https://news.ycombinator.com/item?id=46913903

Points: 525

# Comments: 352

New comment by lstoll in "Poll HN: Do you use SSH certificates (not mere public-key authentication)?"

lstoll — Wed, 31 Aug 2022 13:22:59 +0000

We use an AWS KMS asymmetric key for the CA keys, they're cheap and avoids exposing the private key material in an any way.

For signing SSH certificates, we run a small service (prototype code dump at https://github.com/pardot/sshsigner) that uses this key to sign short lived certificates. Auth to the service is via OIDC issued ID tokens.

On the client side we have a custom SSH agent that uses an ephemeral in-memory private key. The agent manages the OIDC web flow and calling out to the service for signing on demand. This lets us keep the cert duration small and scoped, and allows us to force re-auth for sudo etc. via the web flow.

We also do a similar thing for host keys, IAM auth the instances and sign certificates.

Altogether works well, provides a nice user experience, and keeps long-lived/leakable creds out of out environment.

New comment by lstoll in "Bosch opens German chip plant"

lstoll — Wed, 09 Jun 2021 00:00:07 +0000

I migrated from the EU to the US, but then realised that once everything was factored in (medical, car, housing, cost of living) the taxes were actually worth it, so I moved back to the EU.

New comment by lstoll in "Bosch opens German chip plant"

lstoll — Tue, 08 Jun 2021 23:56:43 +0000

you don't have to predict that exact scenario to know that domestic semiconductor manufacturing is a good idea.

New comment by lstoll in "Tripolar Nature of Software Engineering Salaries in the Netherlands and Europe"

lstoll — Mon, 08 Mar 2021 21:07:57 +0000

This is fine while you're employed, but what if you lose your position or decide to take a couple years off? Then it becomes a different equation.

Spread out over time, in the places I lived outside of the US that was not really a concern. Same with most other "social care" situations. In the US, it all felt a lot more tenuous which was a source of constant low-key anxiety.

New comment by lstoll in "Towards Sequoia OpenPGP v1.0"

lstoll — Mon, 27 Apr 2020 12:20:30 +0000

Git also supports S/MIME, and GitHub provides a tool to sign commits with this directly https://github.blog/changelog/2018-09-10-smime-signature-ver...

New comment by lstoll in "Benchmarking GitHub Enterprise"

lstoll — Wed, 22 Jul 2015 23:01:04 +0000

It used to use RubyEncoder, now it uses something custom. The overhead is very minimal, and it's only when the source is read off disk.

New comment by lstoll in "Experimental Dependency Vendoring in Go 1.5"

lstoll — Thu, 11 Jun 2015 19:19:16 +0000

We just keep all our go code in one repo.

New comment by lstoll in "Rearchitecting GitHub Pages"

lstoll — Wed, 27 May 2015 16:45:02 +0000

Heroku already does this pretty well, not sure what the benefit would be?

New comment by lstoll in "A simple virtualenv for Go"

lstoll — Tue, 03 Dec 2013 15:47:01 +0000

There's already a `goenv` https://github.com/wfarr/goenv, that I've been using for a bit. Also can do go version management.

New comment by lstoll in "Buildpacks: Heroku for Everything"

lstoll — Tue, 17 Jul 2012 16:35:24 +0000

There is, it's just not officially supported: https://github.com/heroku/heroku-buildpack-php . Github lists it as having 82 forks, so people are definitely playing around with this.

Buildpacks: Heroku for Everything

lstoll — Tue, 17 Jul 2012 16:02:23 +0000

Article URL: http://blog.heroku.com/archives/2012/7/17/buildpacks/

Comments URL: https://news.ycombinator.com/item?id=4256302

Points: 134

# Comments: 38

New comment by lstoll in "React is a PHP port of NodeJs non-blocking I/O platform"

lstoll — Sat, 19 May 2012 11:01:53 +0000

I'd rather see a benchmark of a more real-world case. These hello world microbenchmarks don't show anything.

New comment by lstoll in "Django is now (officially) on GitHub"

lstoll — Sat, 28 Apr 2012 07:36:24 +0000

I think if a new 'leader' in version control systems starts to make ground, github could easily adapt and support it. The github magic isn't just git, it's the network and collaboration tooling around your code.

New comment by lstoll in "Google's opening slides in the trial v. Oracle"

lstoll — Thu, 19 Apr 2012 20:57:17 +0000

It is however possibly the only obviously 'Java' experience that most non-techinal people have had.

If you're trying to prove to them that Java is everywhere, this is what's going to make them think "Oh yeah, it's on my computer too"

New comment by lstoll in "Facebook and many other sites also bypass Internet Explorer privacy controls"

lstoll — Tue, 21 Feb 2012 13:45:16 +0000

How is it flawed? According to the original report IE's handling is correct, it's the spec that's flawed.

New comment by lstoll in "Play on Heroku"

lstoll — Mon, 29 Aug 2011 18:31:00 +0000

Seems to work fine: http://smooth-stream-686.herokuapp.com/

(code at https://github.com/lstoll/heroku-playframework-scala , basically a simple hello world app)

New comment by lstoll in "Review of the 11" MacBook Air"

lstoll — Sun, 02 Jan 2011 03:56:52 +0000

I put 8GB in my 5,1 (Late 2008 Unibody 13") a few months ago, and it worked great. It's running 10.6 with the default 32bit kernel and was definitely using the full 8GB, so something has definitely changed at some point. For the record, I got the 8GB from OWC.

New comment by lstoll in "Impel - HTML5 Javascript ORM"

lstoll — Mon, 22 Mar 2010 06:54:15 +0000

So, what makes that array so fancy? I mean, it's name is fancy, but that is about it. Is that really enough for it to deserve that name?