Hey since this is blown up I just want to address it directly.
I take responsibility for what happened here. My RubyGems.org account was using an insecure, reused password that has leaked to the internet in other breaches.
I made that account probably over 10 years ago, so it predated my use of password managers and I haven't used it much lately, so I didn't catch it in a 1password audit or anything.
Sometimes we miss things despite our best efforts.
The base cost for a rack is about $85/mo. Convox is extremely cost effective for small businesses and up, but would be expensive for running a single, low-traffic hobby app.
We were in the Summer 2015 YC batch and we've taken some VC funding.
Our other main offering is a web console for managing your team's access to rack(s) and integrations with 3rd party services. https://console.convox.com We charge a subscription fee for that and we also sell support and services packages.
That's exactly the etymology. We were thinking about datacenters and servers. The original name was convox/kernel, but we thought it wasn't very descriptive.
The naming collision with the Ruby interface is unfortunate, but we figured it was pretty easy to tell them apart from context.
2) We're working on an RDS provisioning service today and hope to release something this weekend. We're also in early talks with other addon (we call them "services") providers. For now if you want to use one of these services you can connect to them using environment variables. http://docs.convox.com/docs/environment-variables/
3) Our RDS service will eventually handle backups and recovery, but those features aren't implemented yet. We're also exploring partnering with other hosted database services that already have these features.
4) Convox is open source https://github.com/convox and totally free. You can use it however you want and you only have to pay for the AWS expenses. We're also experimenting with managed hosting, which we'll charge a small premium for, so please let me know if you're interested in that.
You could run Wordpress today, afaik. Anything that can run in a Docker container can run on on Convox. You'd just need to use some sort of hosted database service like Amazon RDS to persist your data.
edit: Just looked at Wordpress a little closer. I didn't realize it expects a persistent filesystem, which I guess is what you're asking about. Convox follows the 12factor.net philosophy of ephemeral filesystems, so you'd need to figure out a way to persist files to S3 or similar...
Correct. It does default to us-east-1. The main reason is that we are using some fairly new AWS services that aren't launched in all regions, but we do want to and expect to expand to more regions.
Thanks! Yes right now we have a small team working on this full time. We do plan to commercialize it, but intend to always keep it open source.
We're super confident it will get to a more mature state. We have some resources to keep working on it ourselves, and we're seeing lots of interest and participation from the open source community as well.
1) Find high-value target libraries
2) Grab the usernames of accounts with push access
3) Check those against password dumps
I feel really stupid about this, but like I said it was an oversight. I apologize and will try to do better.