CSP is Awesome Content Security Policy isn’t new, but it is so powerful that it still feels like the new hotness. The ability to add a header to HTTP responses that tightens user-agent security rules and reports on violations is really powerful. Don’t want to load scripts from third party domain? Set a CSP and don’t.  Trouble with mixed content warnings on your HTTPS domain? Set a CSP and let it warn you when users are seeing mixed content. Realistically, adding new security controls to a website and a codebase as large as Yelp needs to be a gradual process....

Continue reading

It’s been a busy past few years here at Yelp Engineering. With our 10th anniversary this year and our recent launch in Chile, we think it’s safe to say we’re on to something. But it would be foolish of us to stop here. At the end of the day, we’re engineers: we live for the fact that there are still so many challenging problems to solve, features to improve, and datasets to explore. With the size of the projects we’re tackling nowadays, our Engineering and Product Management teams need to be in constant contact to coordinate development, testing, and release....

Continue reading

At Yelp we rely heavily on pre-commit hooks to find and fix common issues before changes are submitted for code review. We run our hooks before every commit to automatically point out issues like missing semicolons, whitespace problems, and testing statements in code. Automatically fixing these issues before posting code reviews allows our code reviewer to pay attention to the architecture of a change and not worry about trivial errors. As we created more libraries and projects we recognized that sharing our pre commit hooks across projects is painful. We copied and pasted bash scripts from project to project and...

Continue reading

Yelp’s engineering team loves Docker. We’re already using it for a growing number of projects internally but there are applications that Docker isn’t a great fit for, such as providing independent (VM like) containers on shared hardware for people to interactively ssh into. You can, of course, run sshd inside a Docker container but you can only run one sshd per port. If you wanted multiple users to be able to ssh into the same server, without having a custom port allocated per user, you’re out of luck. To solve this problem we built dockersh, a user shell for isolated,...

Continue reading

Yelp is celebrating its 10th anniversary this year. That’s right, a decade of marvelous reviews from Yelpers all around the world. What better way to celebrate the big 1-0 than to build a tool that would take a sneak peak into over 61 million reviews from our community and let you discover real world trends in cities all over the globe? Meet Yelp Trends. You might have seen it  hit  the  press  recently. As announced in our official blog, Yelp Trends is a fun way to visualize the review frequency of how often specific words are used in reviews and...

Continue reading

We’ve got a busy month ahead of us with several great events being held at Yelp HQ. We hope everyone was able to catch our security team over at BSides LV this past week where one of our engineers, Ioannis, presented on honeypots and ran a workshop teaching people how to set up one of their own. From panel discussions to hands-on workshops on everything from fashionable tech to Android development and growth hacking, there’s plenty to keep you busy at Yelp HQ. We’ve got six great events this month, and spaces are going fast. Make sure to sign up...

Continue reading

People say that security is hard and that’s exactly why we have a dedicated security team here at Yelp! We place tremendous importance on securing our environment, our employees and the millions of visitors who trust Yelp every month. Information Security is not a solo endeavor. You have to exchange information with fellow security engineers and researchers, get informed of new vulnerabilities and threats and build a “web of trust” containing security practitioners that you can count on. “Community” is the keyword in this case. This is why we are officially sponsoring Security BSides Las Vegas 2014! BSides is a...

Continue reading

The Challenge The Yelp Dataset Challenge provides the academic community with a real-world dataset over which to apply their research. We encourage students to take advantage of this wealth of data to develop and extend their own research in data science and machine learning. Students who submit their research are eligible for cash awards and incentives for publishing and presenting their findings. The most recent Yelp Dataset Challenge (our third round) opened in February 2014, giving students access to our Phoenix Academic Dataset, with reviews and businesses from the greater Phoenix metro area. In the fourth round, open now, we are expanding...

Continue reading