Cash App aliens

Square — Cash App: Workterm Report S19


17 Aug 2019


Introduction

This is the second post in my series of reflections from my co-op terms. As I head into my senior years at the University of Guelph School of Computer Science, I want to have experiences that are diverse and impactful. After spending my previous co-op term at a start-up in BC, I felt it was necessary to know what life is like at a larger software company a little closer to home.

Who is Square?

Founded in 2009, Square is a publicly traded financial technology company headquartered in San Francisco, CA. In the 10 years since it was founded, Square has grown into an international presence as one of the top technology companies, having completed several major acquisitions in the past few years.

What is Cash App?

Square has a few arms of its organization — one of which is Cash App, a personal finance application available in the US and UK markets. Formerly known as Square Cash, Cash App allows users to transfer money to peers using its Android and iOS apps.

  • Cash App
  • Cash App
  • Cash App

It’s Friday. You wake up to a $15 Cash App notification. A pal paid you back for that pizza you shared. Your balance now reads $172.30.

You use your new money to get $1 off coffee with your personalized Cash Card. You even hit up the ATM after.

5PM. Direct deposit hits. Do you buy Bitcoin, or do you cash out instantly to another bank? With Cash App, you decide.

For Canadians, it is easiest to think of Cash App as providing a service that is very similar to Interac E-Transfers. Users can link their bank account and make instant deposits to other users and merchants identified by $cashtags. Cash App also offers investing features, Bitcoin trading, and discounts with vendors that participate in the Boost program.

Expectations

I have always stated that technology should be a force for good, and so I was very excited when I received an offer for a four (4) month term at Square Inc., a company that is very clear with its mission statement of empowering people.

Square has an impressive portfolio of open source software that is used by thousands of developers daily, so I was excited to intern under the guidance of worldclass software engineers and contribute to its portfolio of open-source libraries and tools.

What did I do?

The Cash Product Platform team builds high quality microservices which can be used as application building blocks for other teams within the organization. Many of these tools and frameworks are eventually open-sourced, or even start their lives as open source software.

As an intern on the product platform team, my task was to build a tool that can help protect our dependency supply chain. This tool, built on the µisk open-source microservice framework for Kotlin, performs static analysis on JAR artifacts for the purpose of detecting malicious code.

My role this summer consisted of:

  • Contributing code to the µisk framework
  • Designing and building Deputy: a dependency checking service

Open source contributions

Over the past four (4) months, I shipped a few new features to the µisk service framework for Kotlin, namely:

  • New service coordination logic
  • New database pooling features for tests
  • Documentation improvements

Internal tooling

Deputy, the dependency checking service I built, works primarily by performing static analysis. It will consume a JAR file and explore the byte-code found in class files, looking for violations to its policies.

When it finds that an artifact has no violations, it issues a cryptographic signature (approval) which can be verified by a plugin to our build tool. For each dependency in a software, we will require an approval from the web service before builds can be shipped to production.

This tool was created as a defense against supply chain attacks. Supply chain attacks are a category of attack where a malicious party injects bad code into a software dependency, either hidden in source code somewhere downstream, or by publishing an artifact binary which has had bad code injected post-compilation. These compromized artifacts are then consumed by upstream software, placing bad code into the runtime of software in a sensitive production envrionment.

By placing Deputy between our build system and the artifact repositories where we obtain our dependencies, we hope to detect compromized artifacts before they are accidentally consumed and shipped to production.

For now, Deputy is an internal tool at Cash App, but there is hope to open-source it in the future.

Goals

At the beginning of my term, I identified four (4) main goals to track my learnings over the summer. I wanted to take advantage of my time in the Kitchener office, and absorb as much knowledge and experience as possible from my team, and especially from my manager and mentor Jesse Wilson.

These goals were:

  1. Use test driven development to inform API design
  2. Write idiomatic Kotlin on a high-level, and understand JVM byte-code on a low-level
  3. Improve my skills in demo-ing software
  4. Build features to 100% with small iterations

Learnings

Within my first week on the Product Platform team, I observed Jesse "sketch" an API for a new feature in a test file, drafting and documenting elegant interfaces as he created failing test cases. From there, an implementation followed swiftly. Watching this happen was kind of magical, and it gave me a good understanding of the role of unit tests in development. Tests are often an after-thought, but I have learned that they should be first-class tools for defining feature interfaces and scoping parts of problems. As a result of this, approximately half of the code I wrote over the term was testing code. This may seem like a lot, but writing lots of good tests and test objects meant that I had the confidence to develop at a good velocity and make sweeping changes without breaking anything.

On the same theme of building high quality software APIs, it was important for me to write fluent, idiomatic Kotlin code and understand how it compiles down to the JVM byte-code that I was tasked to analyze with Deputy. I found learning and writing Kotlin to be an enjoyable, highly-productive experience, and I have high hopes for the future of JVM development using a more expressive language than Java. Through my term, I came to understand what good, idiomatic Kotlin looks like, and how byte code is structured and interpretted by the JVM. This very much informed the development of my projects over the term.

Cash App engineering is a distributed effort that happens through collaboration in offices around the globe. Every two weeks, our team would sync with the rest of the Cash Cloud team over video conference to stay up to date with each other's development efforts. Feature demos were a really important part of these sync meetings, as they provided something tangible and easy to understand as forward progress for everyone in the team. Historically, I have been hesistant to demo my software — I saw it as stressful, scary, and a waste of time during development, I would only want to demo a polished product. My mental model was wrong though — this term I learned that demos help to increase buy-in and keep relevant people informed in progress. I also learned that a demo can simply be stepping through a test case, walking through the program state to show what it does and how it does it. So for every sprint in July August, I made it a goal to demo at least one feature I worked on, and this helped me build confidence in my work and my place in the team!

Development velocity is an important thing to keep in mind, and in previous work-terms, I have struggled with project scope. In school, we build projects from stratch all at once, with very little sense of what an iteration looks like. These projects are built with a philosophy kind of like "All or nothing, and I don't care how I get there" — very much the anti-thesis to the philosophies that govern how software is constructed in a professional environment. As such, it was important to me to break of these old habits and force myself to work in small iterations to keep my project moving forward. I focused on breaking up problems into small pieces and building powerful, re-usable abstractions to build features up in layers, and as a result, successfully shipped a web service that will be ready for use in the near future.

Takeaways

The most rewarding thing that came from this term was the experience of building and working with high quality abstractions. An emphasis on good APIs and abstractions made development an enjoyable experience, and it is very rewarding to see other people using features you've built.

Working with Kotlin was also very enjoyable, as a language straddling the object-oriented and functional programming paradigms, it made development, fast, expressive, and safe with its immutable types and null safety. The µisk framework added to this experience, as its abstractions and test extensions made development intuitive and easy to bootstrap projects. I very much look forward to when µisk is ready for its 1.0 release.

Big Kudos

My time interning this summer with Cash App engineering was a fantastic experience, which presented new learning opportunities and challenges each day. My successes and learnings this summer can very much be attributed to my peers and mentors from the Product Platform team.

Square has a culture of giving kudos, and so some kudos are well-deserved!

In particular, I would like to thank Jesse Wilson, Jay Estrella, Mario Maccosta, Martin Drashkov, Andrew Alexander, Sye Vanderveen Zhixuan Lai, for their mentorship and support over this term! Collectively we shipped a lot of really awesome features and services that will make software development easier both internal to our organization, and in the open source community. Kudos folks!

Official Cash Product Platform team photo
Official Cash Product Platform team photo

I'd also like to send Amaris Gerson a big kudos for introducing me to Square almost 2 years ago! Her energy and engagement with the community at the University of Guelph School of Computer Science attributes to no small part of why I spent my summer back home in Kitchener-Waterloo this year.

Kudos also go to James Mosley, Amaris, and other fellow Gryphons at the KW office. Thanks for the warm welcome and representation from Guelph!

Another round of kudos goes to Lisa Malleck for keeping the office a fun and friendly place to work; she and Carolyn Choi made sure that the internships this summer went smoothly and could not have done a better job!


All graphics in this article are courtesy of Square Inc.