Earlier this year, Gmail users across the globe were affected by one of the largest phishing attacks of its kind. Yelp emails were among the many corporate email systems that experienced this Google Docs phishing attack. Fortunately, our security engineers had already prepared for this level of security threat and were able to delete the suspicious emails before impacting employees. As phishing attacks have become more and more prevalent, the need for new tools and countermeasures to protect users has become more important than ever. According to the last IBM X-Force Threat Intelligence Index report, the amount of spam email...

Continue reading

As we’ve discussed in earlier blog posts, Yelp Engineering has been working hard to break down our largest monolithic code base (yelp-main) for the past few years. We’ve made great progress but some of our oldest, most critical code remains within yelp-main. A great example of an older, more established system is our monthly subscription billing cycle. The system is core to how Yelp collects revenue and has proven technically challenging and risky to transition. The Revenue engineering team knows these older systems should be moved into services, but the challenge of extracting tangled, business-critical code has proven expensive and...

Continue reading

We deeply value code review and feel that it’s crucial to being a high-functioning engineering organization. Code review results in higher quality code that is more broadly understood. It also lets engineers learn from their peers, practice mentorship, and engage in open dialog and discussion about what they build. The benefits of code review align well with Yelp’s value Play Well with Others and support our culture of continually teaching and learning. As our organization has continued to grow, there are certain patterns that have made code reviews more beneficial and keep them from becoming a bottleneck. We’ve been following...

Continue reading

Yelp returned to Grace Hopper Celebration once more, this time in Orlando! Let’s take a look at what GHC2017 is all about from the insights of our attendees. Who Neha H.: Android engineer @ Search User Experience team Grace J.: Recruiting manager @ University Recruiting team Tiffany K.: Product manager @ Contributions team Lauren C: Product designer @ Messaging team Xun T.: Software engineer @ Ad Creative team, first time speaker at GHC this year. Favorite sessions during GHC Tiffany: Women Who Build The Product Management Journey. I really appreciated hearing from women leaders who have been successful in the...

Continue reading

Meet Brittany Cheng, a 5-star Product Manager! Learn what she loves about product management and how she has grown over her career here at Yelp. Are you interested in building great products? Do you love working with different teams? Are you motivated by the user experience? Mentorship, ownership, and great people — we’ve got it all. Bring your ideas to life and join our all-star Product Management team! Head to https://www.yelp.com/careers to learn more.

Continue reading

Monitoring the health of our systems is a critical part of maintaining Yelp’s infrastructure. We collect millions of data points that help us observe the performance and status of our services. This data powers visualization and monitoring systems so that we can alert on anomalies and derive actionable insights, especially during on-call procedures. SignalFx is our preferred vendor for metrics visualization and monitoring. They provide a rich UI with many robust analytics capabilities. At Yelp’s scale, we use SignalFx to create hundreds of detectors, charts and dashboards. Managing and finding these resources quickly is a challenge. Our engineering teams need...

Continue reading

What is HTTP Strict Transport Security? HTTP Strict Transport Security, commonly referred to as HSTS, is a Web standard that aims to ensure all web resources off a domain are fetched over a secure transport layer. The core objective of HSTS is to protect users against passive and active network attacks. To this end, it prevents protocol downgrade attacks and blocks insecure click throughs. From a configuration perspective, HSTS is an easy to deploy HTTP header. Its format is: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Unfortunately, many companies who have tried to deploy HSTS have experienced various challenges, some of which resulted...

Continue reading

Starting today, Yelp Events data will be available through our Fusion API and GraphQL API to provide rich, local events data in our API as part of our developer beta program. Since launching Yelp Fusion last September, we’ve seen developers use our business data in unique and interesting ways and are excited to see what our developer community will do with the addition of events data. If you’re not already familiar, Yelp Events is a place where you can create, share and discover upcoming events happening worldwide. Events range from everything from beer festivals to art shows to Shakespeare in...

Continue reading