More Engineers, More Problems: Solutions for Big Teams

Transcript

1. RailsConf May 19, 2022 More Engineers, More Problems: Solutions for

   Big Teams

2. Chime | 2 Welcome!

3. Chime | 3 REPLACE IMAGE HERE This is one of

   the most terrifying graphs I know

4. Chime | 4 As you get big fast, the amount

   of communication in your organization gets bigger, faster…

5. Chime | 5 Chime engineering more than tripled in 18

   months…

6. Chime | 6 Chime ➔ Chime is a financial technology

   company founded on the premise that basic banking services should be helpful, easy and free. ➔ Members get early access to their paycheck, accounts with no monthly fees, fee-free overdrafts up to $200, and a secured credit card that actually helps you build credit. ➔ Helping our members achieve financial peace of mind with the simplest, lowest-cost, most human financial products ➔ We profit with our members, not from them

7. Chime | 7 Chime Engineering ➔ Almost 600 Engineers ◆

   San Francisco, Chicago, Vancouver, and Remote ➔ Mostly Ruby Back-end ➔ Many services with APIs and custom messaging ➔ https://careers.chime.com/

8. Chime | 8 Three talks on solving “big team” challenges

   ➔ David Trejo: How Chime creates a proactive security & engineering culture ➔ Brian Lesperance: Secure & Observable Software with ActiveSupport ➔ Chris Dwan: How To Onboard Ruby Developers

9. Chime | 9 David Trejo

10. David Trejo • RailsConf May 19, 2022 How Chime creates

    a proactive security & engineering culture with Monocle

11. You: Instead, we empower engineers and build trust like this…

    Security Feelings

12. Tripled our engineering team ⬆ Created many new services 🚚

    Noticed security gaps and filled them 🔐 Chime | 12 Lately at Chime we’ve…

13. Chime | 13 Our members share sensitive financial data with

    us. A security breach would be bad news. ➔ Leaders can see security posture ➔ Engineers aren’t overwhelmed by 5+ tools ➔ Automation saves us 2,000 eng hours per year on audits 😰

14. Solution: Monocle, our internal Rails application Chime | 14 Inspired

    by open source and to get attention from engineers, we’ve given a badge to each of our repos with a letter grade

15. Key items that reduce our audit workload: Approved base images

    Branch protection w/ 1+ review approvals Vulnerability resolution Empower engineers to improve the grade their service’s security

16. Safeguarded our members’ data Engineers easily improve their services’ security

    Leaders see our investments in security pay off Monocle’s Security and culture results:

17. A great start / MVP: - A cronjob - that

    hits the Github GraphQL API - then sends Slack notifications to teams, and creates reports I wish I’d started sending Slack messages sooner. Or, if you’re mostly interested in the security benefits, try open source tools like ossf’s AllStar–or more generally, Backstage.io. Chime | 17 “Where should I start?”

18. Email us (security at chime) or message me on Twitter:

    @ddtrejo Also, we’re hiring–and this is my favorite job ever 😎 Chime | 18 Questions?

19. Secure & Observable w/ ActiveSupport Brian Lesperance

20. Context

21. • The feature doesn’t work • Requests are slow •

    App is crashing Problem(s)

22. • Measure • Learn • Build Approach

23. Initial Solution

24. ActiveSupport::Notifications “An instrumentation API for Ruby”

25. ActiveSupport::Notifications

26. ActiveSupport::Notifications

27. ActiveSupport::Notifications • Separates instrumentation from business logic • Decouples logic

    (collection) from presentation (logging) • Lays groundwork for further reuse

28. Measure: Before

29. Measure: After

30. Initial Solution: Reporting Results

31. Simple Subscription

32. ActiveSupport::LogSubscriber “An object set to consume ActiveSupport::Notifications with the sole

    purpose of logging them”

33. ActiveSupport::LogSubscriber

34. ActiveSupport::LogSubscriber

35. ActiveSupport::LogSubscriber

36. • Follows Rails convention • Consolidates presentation • Simplifies logging

    ActiveSupport::LogSubscriber

37. • Logged personal & sensitive data is a liability •

    Users ◦ Identity theft, financial hardship • Business ◦ Civil & criminal lawsuits • Need to never log this Sensitive Data

38. ActiveSupport::ParameterFilter “Allows you to specify keys for sensitive data from

    hash-like object and replace corresponding value”

39. ActiveSupport::ParameterFilter

40. ActiveSupport::ParameterFilter

41. ActiveSupport::ParameterFilter

42. ActiveSupport::ParameterFilter

43. • Sanitizes hash-like structures • Shared configuration w/ Rails.application.config.filter_parameters ActiveSupport::ParameterFilter

44. 1. ActiveSupport::Notifications 2. ActiveSupport::LogSubscriber 3. ActiveSupport::ParameterFilter Mission Accomplished

45. • Further extraction • Additional destinations Next Steps

46. Stay Curious

47. Thank you! 💚 Chime | 47

48. Chime | 48 Chris Dwan

49. Chime | 49 Ruby 💚 Rails

50. Chime | 50 Crazy Love 💚

51. Onboarding

52. Chime | 52 Chime | 52 Yawnboarding?

53. Chime | 53 Consistent

54. Chime | 54 Ruby 💚 Rails

55. Chime | 55 Bad 😡 Code 😭

56. Chime | 56 Team Up 󰠘

57. Chime | 57 Sustainable

58. Chime | 58 Content

59. Chime | 59 Balance? ⚖

60. Chime | 60 CHEATED

61. Chime | 61 • Welcome and IRB • Philosophy of

    Ruby • Ruby at Chime • Question Game • Mob Programming Exercise

62. Chime | 62 Why?

63. Chime | 63 Curiosity

64. Chime | 64 Limitations

65. Chime | 65 Pull > Push

66. Chime | 66 • Dirty Hands • Two-Way Communication •

    Empty Space • Keep it Moving • Split Ruby + Rails sessions

67. Chime | 67 Front Row Seat?

68. Chime | 68 Gratitude

69. Chime | 69 Ruby Learning Team 󰠘

70. Chime | 70 You

71. Chime | 71 Conclusion

72. Chime | 72 💚 Introduction

73. Chime | 73 Thank You Email: chris.dwan at chime.com @radixhound

74. Chime | 74 Q&A