Slide 1

Slide 1 text

RailsConf May 19, 2022 More Engineers, More Problems: Solutions for Big Teams

Slide 2

Slide 2 text

Chime | 2 Welcome!

Slide 3

Slide 3 text

Chime | 3 REPLACE IMAGE HERE This is one of the most terrifying graphs I know

Slide 4

Slide 4 text

Chime | 4 As you get big fast, the amount of communication in your organization gets bigger, faster…

Slide 5

Slide 5 text

Chime | 5 Chime engineering more than tripled in 18 months…

Slide 6

Slide 6 text

Chime | 6 Chime ➔ Chime is a financial technology company founded on the premise that basic banking services should be helpful, easy and free. ➔ Members get early access to their paycheck, accounts with no monthly fees, fee-free overdrafts up to $200, and a secured credit card that actually helps you build credit. ➔ Helping our members achieve financial peace of mind with the simplest, lowest-cost, most human financial products ➔ We profit with our members, not from them

Slide 7

Slide 7 text

Chime | 7 Chime Engineering ➔ Almost 600 Engineers ◆ San Francisco, Chicago, Vancouver, and Remote ➔ Mostly Ruby Back-end ➔ Many services with APIs and custom messaging ➔ https://careers.chime.com/

Slide 8

Slide 8 text

Chime | 8 Three talks on solving “big team” challenges ➔ David Trejo: How Chime creates a proactive security & engineering culture ➔ Brian Lesperance: Secure & Observable Software with ActiveSupport ➔ Chris Dwan: How To Onboard Ruby Developers

Slide 9

Slide 9 text

Chime | 9 David Trejo

Slide 10

Slide 10 text

David Trejo • RailsConf May 19, 2022 How Chime creates a proactive security & engineering culture with Monocle

Slide 11

Slide 11 text

You: Instead, we empower engineers and build trust like this… Security Feelings

Slide 12

Slide 12 text

Tripled our engineering team ⬆ Created many new services 🚚 Noticed security gaps and filled them 🔐 Chime | 12 Lately at Chime we’ve…

Slide 13

Slide 13 text

Chime | 13 Our members share sensitive financial data with us. A security breach would be bad news. ➔ Leaders can see security posture ➔ Engineers aren’t overwhelmed by 5+ tools ➔ Automation saves us 2,000 eng hours per year on audits 😰

Slide 14

Slide 14 text

Solution: Monocle, our internal Rails application Chime | 14 Inspired by open source and to get attention from engineers, we’ve given a badge to each of our repos with a letter grade

Slide 15

Slide 15 text

Key items that reduce our audit workload: Approved base images Branch protection w/ 1+ review approvals Vulnerability resolution Empower engineers to improve the grade their service’s security

Slide 16

Slide 16 text

Safeguarded our members’ data Engineers easily improve their services’ security Leaders see our investments in security pay off Monocle’s Security and culture results:

Slide 17

Slide 17 text

A great start / MVP: - A cronjob - that hits the Github GraphQL API - then sends Slack notifications to teams, and creates reports I wish I’d started sending Slack messages sooner. Or, if you’re mostly interested in the security benefits, try open source tools like ossf’s AllStar–or more generally, Backstage.io. Chime | 17 “Where should I start?”

Slide 18

Slide 18 text

Email us (security at chime) or message me on Twitter: @ddtrejo Also, we’re hiring–and this is my favorite job ever 😎 Chime | 18 Questions?

Slide 19

Slide 19 text

Secure & Observable w/ ActiveSupport Brian Lesperance

Slide 20

Slide 20 text

Context

Slide 21

Slide 21 text

● The feature doesn’t work ● Requests are slow ● App is crashing Problem(s)

Slide 22

Slide 22 text

● Measure ● Learn ● Build Approach

Slide 23

Slide 23 text

Initial Solution

Slide 24

Slide 24 text

ActiveSupport::Notifications “An instrumentation API for Ruby”

Slide 25

Slide 25 text

ActiveSupport::Notifications

Slide 26

Slide 26 text

ActiveSupport::Notifications

Slide 27

Slide 27 text

ActiveSupport::Notifications ● Separates instrumentation from business logic ● Decouples logic (collection) from presentation (logging) ● Lays groundwork for further reuse

Slide 28

Slide 28 text

Measure: Before

Slide 29

Slide 29 text

Measure: After

Slide 30

Slide 30 text

Initial Solution: Reporting Results

Slide 31

Slide 31 text

Simple Subscription

Slide 32

Slide 32 text

ActiveSupport::LogSubscriber “An object set to consume ActiveSupport::Notifications with the sole purpose of logging them”

Slide 33

Slide 33 text

ActiveSupport::LogSubscriber

Slide 34

Slide 34 text

ActiveSupport::LogSubscriber

Slide 35

Slide 35 text

ActiveSupport::LogSubscriber

Slide 36

Slide 36 text

● Follows Rails convention ● Consolidates presentation ● Simplifies logging ActiveSupport::LogSubscriber

Slide 37

Slide 37 text

● Logged personal & sensitive data is a liability ● Users ○ Identity theft, financial hardship ● Business ○ Civil & criminal lawsuits ● Need to never log this Sensitive Data

Slide 38

Slide 38 text

ActiveSupport::ParameterFilter “Allows you to specify keys for sensitive data from hash-like object and replace corresponding value”

Slide 39

Slide 39 text

ActiveSupport::ParameterFilter

Slide 40

Slide 40 text

ActiveSupport::ParameterFilter

Slide 41

Slide 41 text

ActiveSupport::ParameterFilter

Slide 42

Slide 42 text

ActiveSupport::ParameterFilter

Slide 43

Slide 43 text

● Sanitizes hash-like structures ● Shared configuration w/ Rails.application.config.filter_parameters ActiveSupport::ParameterFilter

Slide 44

Slide 44 text

1. ActiveSupport::Notifications 2. ActiveSupport::LogSubscriber 3. ActiveSupport::ParameterFilter Mission Accomplished

Slide 45

Slide 45 text

● Further extraction ● Additional destinations Next Steps

Slide 46

Slide 46 text

Stay Curious

Slide 47

Slide 47 text

Thank you! 💚 Chime | 47

Slide 48

Slide 48 text

Chime | 48 Chris Dwan

Slide 49

Slide 49 text

Chime | 49 Ruby 💚 Rails

Slide 50

Slide 50 text

Chime | 50 Crazy Love 💚

Slide 51

Slide 51 text

Onboarding

Slide 52

Slide 52 text

Chime | 52 Chime | 52 Yawnboarding?

Slide 53

Slide 53 text

Chime | 53 Consistent

Slide 54

Slide 54 text

Chime | 54 Ruby 💚 Rails

Slide 55

Slide 55 text

Chime | 55 Bad 😡 Code 😭

Slide 56

Slide 56 text

Chime | 56 Team Up 󰠘

Slide 57

Slide 57 text

Chime | 57 Sustainable

Slide 58

Slide 58 text

Chime | 58 Content

Slide 59

Slide 59 text

Chime | 59 Balance? ⚖

Slide 60

Slide 60 text

Chime | 60 CHEATED

Slide 61

Slide 61 text

Chime | 61 ● Welcome and IRB ● Philosophy of Ruby ● Ruby at Chime ● Question Game ● Mob Programming Exercise

Slide 62

Slide 62 text

Chime | 62 Why?

Slide 63

Slide 63 text

Chime | 63 Curiosity

Slide 64

Slide 64 text

Chime | 64 Limitations

Slide 65

Slide 65 text

Chime | 65 Pull > Push

Slide 66

Slide 66 text

Chime | 66 ● Dirty Hands ● Two-Way Communication ● Empty Space ● Keep it Moving ● Split Ruby + Rails sessions

Slide 67

Slide 67 text

Chime | 67 Front Row Seat?

Slide 68

Slide 68 text

Chime | 68 Gratitude

Slide 69

Slide 69 text

Chime | 69 Ruby Learning Team 󰠘

Slide 70

Slide 70 text

Chime | 70 You

Slide 71

Slide 71 text

Chime | 71 Conclusion

Slide 72

Slide 72 text

Chime | 72 💚 Introduction

Slide 73

Slide 73 text

Chime | 73 Thank You Email: chris.dwan at chime.com @radixhound

Slide 74

Slide 74 text

Chime | 74 Q&A