Python by the C side

By

Mahmoud’s note: This will be my last post on the PayPal Engineering blog. If you’ve enjoyed this sort of content subscribe to my blog/pythondoeswhat.com or follow me on Twitter. It’s been fun! All the world is legacy code, and there is always another, lower layer to peel away. These realities cause developers around the world to go on regular pilgrimage, from the terra firma of Python to the coasts of C. From zlib to SQLite to OpenSSL, whether pursuing speed, efficiency, or features, the waters are powerful, and often choppy. The good news is, when you’re writing Python, C interactions… Read more

Spark in Flames – Profiling Spark Applications Using Flame Graphs

By

When your organization runs multiple jobs on a Spark cluster, resource utilization becomes a priority. Ideally, computations receive sufficient resources to complete in an acceptable time and release resources for other work. In order to make sure applications do not waste any resources, we want to profile their threads to try and spot any problematic code. Common profiling methods are difficult to apply to a distributed application running on a cluster. This post suggests an approach to profiling Spark applications. The form of thread profiling used is sampling – capturing stack traces and aggregating these stack traces into meaningful data, in this case displayed… Read more

Python Packaging at PayPal

By

Year after year, Pythonists all over are churning out more code than ever. People are learning, the ecosystem is flourishing, and everything is running smoothly, right up until packaging. Packaging Python is fundamentally un-Pythonic. It can be a tough lesson to learn, but across all environments and applications, there is no one obvious, right way to deploy. Frankly, it’s hard to think of an area where Python’s Zen applies less. At PayPal, we write and deploy our fair share of Python, and we wanted to devote a couple minutes to our story and give credit where credit is due. For… Read more

Powering Transactions Search with Elastic – Learnings from the Field

By

Introduction We see a lot of transactions at PayPal. Millions every day. These transactions originate externally (a customer using PayPal to pay for a purchase on a website) as well as internally, as money moves through our system. Regular reports of these transactions are delivered to merchants in the form of a csv or a pdf file. Merchants use these reports to reconcile their books. Recently, we set out to build a REST API that could return transaction data back to merchants. We also wanted to offer the capability to filter on different criteria such as name, email or transaction… Read more

Interning @ PayPal: Checkout A/B Testing, Developing Features, and Cracking Bugs

By

My internship at PayPal was a great experience. I was given real work that mattered. From day one, I had the opportunity to continuously write, commit, and push production level code that impacted the millions of people who use PayPal Checkout. As a Software Engineering Intern on PayPal’s Checkout Guest and Signup team, I focused on building and iterating A/B tests to improve customers’ experiences and onboard new users. Within a few weeks of joining, I developed a solid enough understanding of our frontend and backend codebase to fix several critical production bugs: everything from updating password tooltip feedback to risk validation fixes.… Read more

Stop by PayPal’s Booth in the Black Hat Career Zone to Talk Security and Learn about REAPER!

By

This year’s Black Hat conference is a big one for PayPal because it is the first time we are attending as a conference sponsor. In 2016 we’ve made a concerted effort to show up at a number of events to discuss security careers and hear about the experiences of you, our peers and colleagues. I will be at the booth along with several other PayPal InfoSec professionals from various security disciplines on August 3rd and 4th. Along with various swag and security puzzles, we want to highlight some interesting academic research conducted this year by our Threat Intelligence team. REAPER… Read more

Node.JS Single Page Apps — handling cookies disabled mode

By

Cookies since their advent have been an integral part of web applications. Since the underlying web HTTP protocol is stateless, cookies provide a nifty way to carry state full information about the user to the web server. With the rise of the Single Page Application (SPA), cookies have become even more instrumental to provide for a state full front end communicating with a stateless backend. Cookies are commonly used for user authentication, experience customization, tracking users across multiple visits etc. All modern browsers today by default enable cookies to be set by the various domains. However there may be cases… Read more

Open Source javascript offerings from PayPal Checkout!

By

We’ve had a pretty terrible history of failing to open sourcing code from the PayPal Checkout team. It’s way too easy to get caught in the trap of writing modular code, but including a lot of domain specific concerns and being left with something that is incredibly useful for your team, but incredibly unusable for anyone else. We’re hoping to change that. Which is why today (after a few weeks of getting everything prepared) we’re releasing a number of modules under the PayPal KrakenJS umbrella, and we’re planning on open sourcing more consistently going forward. Here are some of the… Read more

Securing your JS apps w/ Stateless CSRF

By

Hey there! You might have stumbled upon this post because you’re interested in securing your JS apps, or maybe you’ve heard about the other things we have open sourced. Today we’re releasing jwt-csrf, a stateless CSRF solution for securing your JavaScript apps! It’s something we’ve built and battle tested over the last year while building PayPal Checkout. In addition to talking about jwt-csrf, I’d like to talk about our journey of re-architecting PayPal Checkout and share our learnings and discoveries. If you’ve checked out with PayPal in the last year or so, woohoo! You know what we work on 🙂 By… Read more

Benching Microbenchmarks

By

In under one week, Statistics for Software flew past 10 Myths for Enterprise Python to become the most visited post in the history of the PayPal Engineering blog. And that’s not counting the Japanese translation. Taken as an indicator of increased interest in software quality, this really floats all boats. That said, there were enough emails and comments to call for a quick followup about one particularly troubling area. Statistics for benchmarks The saying in software goes that there are lies, damned lies, and software benchmarks. Yes, quantiles, histograms, and other fundamentals covered in Statistics for Software can certainly be… Read more