Stop by PayPal’s Booth in the Black Hat Career Zone to Talk Security and Learn about REAPER!

By

This year’s Black Hat conference is a big one for PayPal because it is the first time we are attending as a conference sponsor. In 2016 we’ve made a concerted effort to show up at a number of events to discuss security careers and hear about the experiences of you, our peers and colleagues. I will be at the booth along with several other PayPal InfoSec professionals from various security disciplines on August 3rd and 4th. Along with various swag and security puzzles, we want to highlight some interesting academic research conducted this year by our Threat Intelligence team. REAPER… Read more

Node.JS Single Page Apps — handling cookies disabled mode

By

Cookies since their advent have been an integral part of web applications. Since the underlying web HTTP protocol is stateless, cookies provide a nifty way to carry state full information about the user to the web server. With the rise of the Single Page Application (SPA), cookies have become even more instrumental to provide for a state full front end communicating with a stateless backend. Cookies are commonly used for user authentication, experience customization, tracking users across multiple visits etc. All modern browsers today by default enable cookies to be set by the various domains. However there may be cases… Read more

Open Source javascript offerings from PayPal Checkout!

By

We’ve had a pretty terrible history of failing to open sourcing code from the PayPal Checkout team. It’s way too easy to get caught in the trap of writing modular code, but including a lot of domain specific concerns and being left with something that is incredibly useful for your team, but incredibly unusable for anyone else. We’re hoping to change that. Which is why today (after a few weeks of getting everything prepared) we’re releasing a number of modules under the PayPal KrakenJS umbrella, and we’re planning on open sourcing more consistently going forward. Here are some of the… Read more

Securing your JS apps w/ Stateless CSRF

By

Hey there! You might have stumbled upon this post because you’re interested in securing your JS apps, or maybe you’ve heard about the other things we have open sourced. Today we’re releasing jwt-csrf, a stateless CSRF solution for securing your JavaScript apps! It’s something we’ve built and battle tested over the last year while building PayPal Checkout. In addition to talking about jwt-csrf, I’d like to talk about our journey of re-architecting PayPal Checkout and share our learnings and discoveries. If you’ve checked out with PayPal in the last year or so, woohoo! You know what we work on 🙂 By… Read more

Benching Microbenchmarks

By

In under one week, Statistics for Software flew past 10 Myths for Enterprise Python to become the most visited post in the history of the PayPal Engineering blog. And that’s not counting the Japanese translation. Taken as an indicator of increased interest in software quality, this really floats all boats. That said, there were enough emails and comments to call for a quick followup about one particularly troubling area. Statistics for benchmarks The saying in software goes that there are lies, damned lies, and software benchmarks. Yes, quantiles, histograms, and other fundamentals covered in Statistics for Software can certainly be… Read more

squbs: packaging and deployment instructions to run on AWS nodes

By

Overview This page describes a quick way to package, deploy, and start a squbs application. This guide uses Amazon EC2 as an example, showing how to run a squbs application in a few minutes. You can leverage either the scala activator template or the java activator template to begin development. Packaging You need to install the following on your build instance git java 8 sbt Steps to build: Clone the source code from the git repo to the <project> directory cd <project> Run the sbt build command, including “packArchive”, such as: sbt clean update test packArchive There are two archives created under… Read more

squbs: A New, Reactive Way for PayPal to Build Applications

By

Preface It is not uncommon for services in PayPal to cover 1000 VMs or more. These services make use of very small VMs and produce very low throughput for each VM. At the same time, the large number of nodes takes a toll on the network and routing infrastructure. Several of these services are interconnected into a complicated mesh, making a user request travel through many network hops. As the number of these services adds up, latency gradually increases and the user experience deteriorates. While it is good for a service to have a critical mass of VMs spread across many data… Read more

Statistics for Software

By

Software development begins as a quest for capability, doing what could not be done before. Once that what is achieved, the engineer is left with the how. In enterprise software, the most frequently asked questions are, “How fast?” and more importantly, “How reliable?” Questions about software performance cannot be answered, or even appropriately articulated, without statistics. Yet most developers can’t tell you much about statistics. Much like math, statistics simply don’t come up for typical projects. Between coding the new and maintaining the old, who has the time? Engineers must make the time. I understand fifteen minutes can seem like… Read more

We are hiring in the Payments team !

By

At PayPal, we are starting up a new team to build some cool mobile products in Payments. This initiative is aiming to provide an extremely integrated payment experience for our merchants and consumers alike and we’re looking for talented engineers to join the team. This is an exciting opportunity, because it’s both a new initiative and we’re experimenting with some cutting edge mobile technologies like react-native and node.js! Why Paypal ? We believe in hiring the best talent and investing in our people. And investing does not just mean remunerating them well (with competitive salaries/ unlimited vacation/ cool perks), but also… Read more

Nyx – Lightsout management at PayPal

By , , , , and

Nyx – Lightsout management at PayPal Overview Increased adoption of cloud-based infrastructure by the industry has shown tremendous improvements in effectively running and managing applications. But most of the industries’ current practices to manage these applications are imperative in nature. In an ever-evolving situation with an increasing demand to better manage these applications, a declarative approach is needed. The ideal declarative system aims to determine the base state of each of the managed applications, monitor them continuously for any induced mutations and restore it back to the desired base state. PayPal has one of the world’s largest cloud deployments with… Read more