Feast your pies on this—we're giving away 314 Raspberry Pis in celebration of Pi Day.
Simply like and RT for your chance to win!
Unlike pi, this giveaway ends on 3/14. Open to pi lovers in CAN/US (exclusions apply). Rules:
#giveaway
#shopiday
2021 was our biggest Black Friday Cyber Monday ever! Together with our friends at
@GoogleCloud
we achieved near-perfect uptime while averaging ~30TB/min of egress traffic across our infrastructure. That’s a massive ~43PB/day!
Here are some of the most interesting stats 🧵👇
Another Black Friday Cyber Monday (BFCM) weekend done and dusted!
We achieved 99.999+% uptime while averaging 3 Terabytes per minute of egress traffic across our infrastructure.
That’s 4.3 Petabytes per day! 🤯
Check out the thread for more awesome performance stats 🧵👇
⚡️ Today we're open sourcing FlashList — a faster, more performant library for lists in
#ReactNative
.
FlashList delivers:
🔥 60 FPS scrolling on low-end devices.
😶 No more blank spaces.
👌 Ridiculously easy implementation.
Get FlashList 👇
That's a wrap on another incredible BFCM! You got a nerdy preview from
@tobi
, and we're back with the final stats. Let’s go!🧵👇
We achieved 99.999+% uptime, handling 29.7 PB of data served from across our infrastructure over the entire event! That’s over 5 TB/min.
Nerd BFCM stats:
Shopify’s egress processed 145 billion requests on Friday. App servers handled peak of ~60 million requests per minute. Increase of 38%. Total GMV was $4.1b, up by 22% from last year.
But Rails doesn't scale so what are we even doing 🤷♂️
🚀 Congratulations to the React Native Skia team for launching React Native Web and Expo Go support! GPU powered shaders, written in React Native, running on <canvas>. 🤯
👋 Hey Hackers.
We're looking for 10.0s!
The Shopify
@Hacker0x01
bug bounty program max payout has doubled. Starting today reports that achieve a CVSS Score of 10.0 will receive $200,000!
The application window for
@Shopify
's Summer 2020
#intern
program is open until Jan 20, 2020 at 9 a.m. Check out the career page to see the available opportunities.
If you have questions please reach out to internprogram
@shopify
.com.
#internship
#jobs
Language VMs aren’t the most intuitive but don't let that stop you.
@nirvdrum
put together this great guide demystifying Ruby's “code ranges”, a concept for efficiently supporting string operations in a language w/ mutable strings & 100+ string encodings.
We're building a world-class shopping app that's hell-bent on redefining the shopping experience across the world, and we need incredible engineers to make it happen. Check out our current opportunities over on our brand new Shop careers site 👉
⏪ Rewinding for a moment — preparing for an event of this scale doesn't happen overnight. In anticipation of BFCM 2021 we began load testing back in July! To better simulate real global traffic we spread out our load generation across
@GoogleCloud
's global network.
It was a busy weekend, but all of this work supported:
💰 $6.3B in global sales from Shopify merchants.
🕒 $3.1M/minute at peak on Friday.
Want to see how our work with
@GoogleCloud
helps us scale commerce? Check out the new post on their blog today 👇
Building a new framework on cutting-edge new technology isn't without its own unique challenges, wins, and plenty of learning — much more than we can cover in just one thread.
We have a new post on our blog today exploring how we built Hydrogen 👇
Shopify continues to bet BIG on Rails at scale and as we've grown we have an even bigger responsibility to support the future of this field.
@ChrisGSeaton
published a new post on some of our work w/ academics 👉
🧵 More on what we're supporting & why 👇
2021 was our biggest Black Friday Cyber Monday ever! Together with our friends at
@GoogleCloud
we achieved near-perfect uptime while averaging ~30TB/min of egress traffic across our infrastructure. That’s a massive ~43PB/day!
Here are some of the most interesting stats 🧵👇
Merlin, our new machine learning platform is based on an open source stack and tooling end-to-end. In this new post on our blog
@kazuarous
shares a deeper look at the process, architecture, and how Merlin is helping us scale our ML work 👉
While Rails provides the frameworks that most developers need, most of the time, we've developed our own patterns at Shopify that help us keep our massive Rails monolith maintainable.
Should you use utilize threads in your Ruby application? In this new post,
@_byroot
took a look at the tradeoffs to consider between forking and threaded Ruby servers, plus a look at future improvements coming to the ecosystem 👇
To assess the viability of building an App Clip with React Native, we had to:
🛠 Build a Hello World App Clip.
⚙️ Build a non-functional Clip with all code & dependencies to determine size.
✅ Clean up the code to make it work.
Here's how it went 👉
To avoid inconsistency and keep teams from duplicating work as they build new data experiences, our Insights team has been working on Polaris Viz, a React data visualization library. Here's a look behind-the-scenes of this soon to be open-sourced work 👉
We want to make Shopify development just like web development. To that end, we launched a new default template at
#ShopifyEditions
that uses
@remix_run
and our brand new App Bridge client 🔥
@DasSurma
tells you more in this engineering blog post 👇
Together with
@ShopifyUX
, we put a lot of effort into Polaris to make it easy to build consistent experiences both on Shopify & apps built on our platform. In this tutorial, Joe demonstrates how you can use Polaris React components to build a form 👉
📇 At peak this weekend we were indexing >8GiB/s of data of logs.
We use
@Splunk
to monitor second-to-second data on how production systems are performing. Beyond engineering this is important to our support team for real-time visibility into what's happening on the platform.
🎉 React Native Skia had 90 releases over the past twelve months 🎉
As we close down the year,
@wcandillon
reflects on React Natives Skia’s progress in 2022. The team when from alpha release to a fully-tailored and performant declarative architecture.
Shopify is standardizing on
@rustlang
for systems programming, and joining the
@rust_foundation
.
@shaver
explains why Rust makes sense for the lowest levels of our stack:
★ The
@remix_run
team has joined Shopify!
Win-win as we put the power of Shopify behind
#Remix
allowing them to accelerate their roadmap & focus on pushing the web forward & they will help deliver next-generation web experiences for our merchants & devs.
📣 Announcement for all of our AppSec aficionados: we're doubling our maximum
@Hacker0x01
bug bounty payouts to $100,000 in 2022!
Read even more in our latest Bug Bounty program updates and 2021 year-in-review 👉
1,200 pull requests and 3,000 commits later — we shipped Hydrogen 1.0 this week! 🎉
ICYMI: This brand new post on our blog explores how we built it together with the community over the last 14 months 👉
📜 To keep our system responsive under heavy load this weekend we processed over 24 Billion (yes, with a B) asynchronous tasks using Resque. The median queue time for those billions of jobs was 16ms.
ShopifyQL isn't just for external devs — we also built it to help us build our own data experiences in the admin. This new post explores why & how we built this new data querying language 👇
⚡ We have a strong belief in the role of flash sales in the future of commerce and our platform is built to withstand these huge floods of traffic. In one of the largest holiday shopping events, one merchant generated enough load to use over 20% of our TOTAL computing capacity.
🔌 We can’t do it all alone, we have a lot of friends — over this weekend we answered 42B API calls and delivered 11.67B webhooks to support the thousands of apps in the
@ShopifyDevs
ecosystem.
🚀 Shopify App is now much faster. App launch & screen load times reduced by 44% & 59% respectively 🔥. In our latest blog by
@naqvitalha
, we talk about how we did it. Read about it here:
🚢 Helping us stay on top of the traffic over BFCM, our MySQL fleet performed over 14 Million queries per second (QPS) at peak, averaging over 8.5 Million QPS throughout BFCM.
Shopify + Ruby on Rails = 💚
Our Ruby & Rails Infrastructure team joined us in the studio to discuss Rails, why they're invested in this community, and what's next.
Watch the full video on YouTube 👇
🔔Calling all hackers!🔔
Did you know that we doubled our maximum
@Hacker0x01
bug bounty payout 🔥 🔥 🔥!
Reports that achieve a CVSS Score of 10.0 are now worth $200,000! 💵💵💵
👀 More about our program:
Want to know how we build performant
#ReactNative
apps at Shopify? We sat down with the developers setting our React Native Standards in this episode of ShipIt! for a deeper look. Read the recap or watch the full episode 👉
ICYMI, we've officially open-sourced FlashList for
#ReactNative
!
What does FlashList deliver?
🔥 60 FPS scrolling on low-end devices.
😶 No more blank spaces.
👌 Ridiculously easy implementation.
⚡️ Get FlashList now 👇
Ruby 3.2 is out. 🎉
In our latest post,
@peterzhu2118
introduces Variable Width Allocation. It’s a new feature in 3.2 that introduces APIs to allocate dynamic sized objects and add support for variable sized slots inside the Ruby garbage collector.
#Rails
frameworks provide the infrastructure that most devs need, most of the time but to make the largest Rails monolithic application maintainable we had to create some of our own patterns. In this post on the blog, Ioana shares a look at how we do this.
🚨 Do you need to measure
@reactnative
rending times for your apps?
react-native-performance is an open source project which measures rendering times in React Native apps. Learn how the library works and to get started 👇
In 2020, we received bug bounty reports from hundreds of hackers but 3 stood out. As a thank you, we awarded
@ngalongc
,
@hxh13_
and
@fbeaudoin_
a $1K bonus, recorded personal Thank Yous and are sending swag. We can't wait to see what the new year brings.
ICYMI 👀
👋 Hey Hackers.
We're looking for 10.0s!
The Shopify
@Hacker0x01
bug bounty program max payout has doubled. Starting today reports that achieve a CVSS Score of 10.0 will receive $200,000!
We’re so excited to partner with
@RubyCentralOrg
for Ruby Shield as a way to better support this community that we’re so proud to be a part of.
Why is Shopify partnering & investing in this work? Let's talk about it. 🧵
1/6
Today we’re excited to announce Ruby Shield 🛡️
This new initiative in partnership with
@ShopifyEng
will support open-source and enable us to take on new security-focused projects to better protect our communities.
What is this & why are we doing it?
1/🧵
When App Clips were introduced in iOS 14 we saw opportunities for the
@Shop
app. But as one of the first to build one in React Native it wouldn’t be easy. Here's how we approached the experiment and what we learned along the way 👉
Big thanks to
@tenderlove
for sharing his 2022 Ruby and Rails reflections and predictions for next year on the blog. Check out the post to find out why Aaron hopes we’ll be spending less time writing code next year.
Over time, small problems and inefficiencies can add up to serious performance regressions. Catching and fixing slow code quickly is incredibly important at Shopify's scale. Here's a look at how we do it 👉
In May, the
@Shopify
Bug Bounty Program on
@Hacker0x01
:
- Closed 30 reports vs 428 in April
- Awarded $56,500 vs $31,250 in April
- Got reports from 133 hackers vs 234 in April
- First responded within 22, triaged within 144, bounty within 326 hours
Since we decided to go all in on React Native in 2020, we’ve been busy migrating all our native mobile apps to RN.
@mauriciom
shares how it’s going for our largest app, Shopify Mobile:
Our platform availability, scalability, and resiliency during BFCM meant our merchants could focus on doing what they do best:
💰 $7.5 Billion in global sales from Shopify merchants.
🕒 $3.5 Million per minute at peak on Friday.
What an amazing few days for Shopify merchants! 🎉
☁️ Meet Spin — Shopify's cloud development environment.
As complexity increased and laptops started melting, here's how we experimented, iterated, and learned in the journey towards making our dev work cloud-native 👇
A report from our
@Hacker0x01
Bounty program found a dependency confusion vulnerability with big implications. Here's how our team not only fixed this vulnerability in 600+ Shopify Ruby applications but also helped to make the whole Ruby community safer.
Live-hacking events bring together our Application Security team and the world’s top hackers. Together we’re proactively discovering potential vulnerabilities to enhance our secure platform.
@hacker0x01
#ShopifyxH1514
#h1514
This week on the Engineering blog,
@kmkwesteinde
talks monoliths, microservices, and modular monoliths. Learn how Shopify adopted a modular monolith architecture when we reached a point where the downsides of the monolith outweighed the benefits.
We celebrate a milestone today. We’re excited to announce that we’ve awarded over $1M USD in bounties through our bug bounty programs. Thank you to everyone who has worked with us to make the Shopify platform stronger!
We discovered a query that could have cost us nearly $1 million USD a month in BigQuery. 👀 👀 👀
In this👇 post we share how we fixed it and other tips for lowering your BigQuery costs.
In April, the
@Shopify
Bug Bounty Program on
@Hacker0x01
:
- Closed 428 reports vs 156 in Mar
- Awarded $31,250 vs $8,000 in Mar
- Got reports from 234 hackers vs 91 in Mar
- First responded within 19, triaged within 57, bounty within 201 hours
In December, the
@Shopify
Bug Bounty Program on
@Hacker0x01
:
- Closed 209 reports vs 259 in Nov
- Awarded $47,600 vs $32,900 in Nov
- Got reports from 110 hackers vs 126 in Nov
- First responded within 21, triaged within 23, bounty within 140 hours
Today is Shopify's annual internal conference, Summit. Can't share anything from the main event but apparently we're allowed to share about the aftershow.
Listening to John Legend perform now!
#LifeAtShopify
⚡️ In our latest blog by
@marekfort
, we talk about FlashList, a faster, more performant library for lists in
#ReactNative
FlashList delivers:
🔥 60 FPS scrolling on low-end devices
😶 No more blank spaces
👌 Effortless implementation
Read about it 👇
🔍To monitor the availability and scalability of our merchants and stay ahead of any potential issues, we collected up to 20 Billion operational metrics per minute and generated 27 Gigabits per second in metrics volume. 😲
Time for the January 2022
@Hacker0x01
bug bounty program update! Let's start this thread. This month at Shopify we:
✅ Responded to 260 reports.
🔀 Triaged 24 reports.
💰 Awarded $53,900K in bounties.
👨💻 Received reports from 158 hackers.
It's that time, here's the latest update on our
@Hacker0x01
bug bounty program!
In June we:
✅ Responded to 161 reports.
🔀 Triaged 7 reports.
💰 Awarded $18,500 in bounties.
👨💻 Received reports from 100 hackers.
Time for the December 2021
@Hacker0x01
bug bounty program update! Let's start this thread. Last month at Shopify we:
✅ Responded to 214 reports.
🔀 Triaged 25 reports.
💰 Awarded $111.8K in bounties.
👨💻 Received reports from 114 hackers.
☁️ Spin is Shopify's cloud development environment. As complexity increased and laptops started melting, here's how we experimented, iterated, and learned in the journey towards making our dev work cloud-native 👇
🚨 Applications for Dev Degree 2023 are open!
Earn a degree in computer science and gain real-world experience while working at Shopify. Even better? We’ll cover your tuition and pay you a salary!
#devdegree
Apply Now 👉
In our latest post,
@yaworsk
talks about how our bug bounty program performed in 2019.
🚨We're also announcing changes to the 2020 program. We now pay bounties in full within 7 days of triage and our max bounty amount has increased to $50K.🚨
In our latest post,
@jarthorne
shares how using composite primary keys unlocked massively more efficient data access for our primary Rails Application. Also, he'll show you how you can use the same trick to optimize your own applications.
We have fundamentally changed the way our employees get paid. "Flex Comp" provides a simple UX where they can see total compensation and choose a mix of Cash/RSU/Stock via simple sliders.
Read more about it 👇
Shopify doesn’t have a QA department by design. In our latest post,
@pepibumur
shares how we make it easier for mobile developers to execute best testing practices on their projects.