Post ASmVK1HsfMt6fyLEBc by soulcutter@ruby.social
(DIR) More posts by soulcutter@ruby.social
(DIR) Post #ASm8MolLOLNzkoUIy0 by simon@fedi.simonwillison.net
2023-02-17T15:59:32Z
0 likes, 1 repeats
"As part of operational stability, we instituted an inactive account data deletion program. Customers who go a year or more without logging into their Heroku account will receive a notification giving them 30 days to log in to prevent their account’s deletion."Sends shivers down my spine... I can imagine so many valuable projects accidentally falling foul of that policyMy own blog is still on Heroku, and I could easily go a year without signing into their dashboardhttps://blog.heroku.com/heroku-2022-roundup
(DIR) Post #ASm8jMdY81onBTaouO by PublicLewdness@freespeechextremist.com
2023-02-17T16:05:35.437481Z
0 likes, 0 repeats
@simon I would think sending them an email to warn them might better as they may see it quicker.
(DIR) Post #ASm9X5u8c5x5li46IC by voxpelli@mastodon.social
2023-02-17T16:12:40Z
0 likes, 0 repeats
@simon That’s a crazy way to judge whether an account like that is active
(DIR) Post #ASmNTXUlULSfXWOcjY by soulcutter@ruby.social
2023-02-17T18:48:47Z
0 likes, 0 repeats
@simon How many years would be the right answer?
(DIR) Post #ASmUth8uwO0ofZb1dY by simon@fedi.simonwillison.net
2023-02-17T20:12:07Z
0 likes, 1 repeats
@soulcutter the only safe way I can think of to do this is via outages that preserve data for a periodIf you turn my site off but leave the data stored safely for 60 days (not 30, I've had holidays in my life that lasted 30) then I do at least have a fighting chance of noticing it's down and signing in to fix things
(DIR) Post #ASmVK1HsfMt6fyLEBc by soulcutter@ruby.social
2023-02-17T20:13:49Z
0 likes, 0 repeats
@simon I can appreciate the additional grace period. 👍
(DIR) Post #ASmWcby97hERboXWgS by mostalive@mastodon.social
2023-02-17T20:29:14Z
0 likes, 0 repeats
@simon I'm eagerly waiting for my account to be deleted after the data breach and their handling of it https://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/
(DIR) Post #ASmWuvzrOpauw64w4W by LucidDan@fosstodon.org
2023-02-17T20:34:03Z
0 likes, 0 repeats
@simon meanwhile, given the recent experience of a friend, not sure they can even be trusted with “active” accounts… https://twitter.com/dannypostmaa/status/1624689089332281344 (a week later heroku still haven’t explained how it happened).
(DIR) Post #ASmbW4Ux9aQLpmaNrE by bartek@sfba.social
2023-02-17T21:26:11Z
0 likes, 0 repeats
@simon @soulcutter cold storage is extremely cheap, let's say S3 Glacier Deep Storage is $0.00099/GB a month. Heroku could do that in-house, so should be able to do it even cheaper. Free tier limit was 1GB, I strongly suspect most people used far less. Assuming 500MB that would be $6 a year per 1,000. As I understand 4.5M people were affected, which would be total of $27k/year. I bet they spend far more on handling the PR fallout of not preserving that data.
(DIR) Post #ASmbiEL6OGYdpZmABU by simon@fedi.simonwillison.net
2023-02-17T21:27:40Z
0 likes, 0 repeats
@bartek @soulcutter There are definitely other constraints at play here: holding onto data is risky, because if it leaks and has PII in it there are all kinds of potential legal consequencesSo I get that they want to reduce their risk by implementing a robust retention policy... but for my own projects, I don't WANT the data to get flushed for arbitrary policy reasons
(DIR) Post #ASnY52GXEzFuO3DbsG by bartek@sfba.social
2023-02-18T08:22:28Z
0 likes, 0 repeats
@simon @soulcutter Hmm why would there be any more concerns now, that didn't exist before? After all they already were storing that data. If anything having that in cold storage make it more viable to use very slow encryption. Per individual account.
(DIR) Post #ASsfPNR5uVrdJ4bUlk by friism@mas.to
2023-02-20T19:38:02Z
0 likes, 0 repeats
@simon this only applies to non-paying accounts (i.e. no active apps or databases). We've clarified the blog post. Thanks for raising this concern
(DIR) Post #ASsgN0NiksrHBCSVHc by simon@fedi.simonwillison.net
2023-02-20T19:46:10Z
0 likes, 0 repeats
Excellent news: this policy does NOT apply to accounts with active databases, so it's not at all as bad as my post here makes it out to be https://mas.to/@friism/109898752492507778
(DIR) Post #ASsgjIKIiXHbCnUHp2 by simon@fedi.simonwillison.net
2023-02-20T19:47:17Z
0 likes, 0 repeats
@friism thanks for letting me know! I've edited my post here (hooray for the edit button) to clarify
(DIR) Post #ASsgyPz8WbhFImnd3o by codebam@mstdn.ca
2023-02-20T19:50:30Z
0 likes, 0 repeats
@simon so you can just add a database to avoid getting deleted?
(DIR) Post #ASshA1qA7WKTtS8d28 by simon@fedi.simonwillison.net
2023-02-20T19:54:34Z
0 likes, 0 repeats
@codebam Heroku doesn't have a free database tier any more so you'd have to pay for that To be honest I'm not that bothered if my inactive account gets suspended when I don't have any data I can lose stored there
(DIR) Post #ASsi0B7er2JfjwBkem by codebam@mstdn.ca
2023-02-20T20:00:06Z
0 likes, 0 repeats
@simon oh I see okay
(DIR) Post #ASuppAXRsD4eh0QuQ4 by masukomi@connectified.com
2023-02-21T20:44:12Z
0 likes, 0 repeats
@simon see also all browsers now marking anything that isn't https as “dangerous" and google downgrading search results or them. we're loosing countless great sites that no-one is ever going to bother upgrading to use https