The Twitter Engineering Blog

Information from Twitter's engineering team about our technology, tools and events.

Login verification on Twitter for iPhone and Android

Topics:

At Twitter, we want to make it easy as possible to secure your account. Designing a secure authentication protocol is tough; designing one that is also simple and intuitive is even harder. We think our new login verification feature is an improvement in both security and usability, and we’re excited to share it with you.Read more…

Announcing Parquet 1.0: Columnar Storage for Hadoop

Topics:

In March we announced the Parquet project, the result of a collaboration between Twitter and Cloudera intended to create an open-source columnar storage format library for Apache Hadoop.Read more…

Mesos Graduates from Apache Incubation

Topics:

The Apache Software Foundation (ASF) has announced the graduation of Apache Mesos, the open source cluster manager that is used and heavily supported by Twitter, from its incubator.Read more…

hRaven and the @HadoopSummit

Topics:

Today marks the start of the Hadoop Summit, and we are thrilled to be a part of it. A few of our engineers will be participating in talks about our Hadoop usage at the summit:Read more…

Zippy Traces with Zipkin in your Browser

Topics:

Last summer, we open-sourced Zipkin, a distributed tracing system that helps us gather timing and dependency data for the many services involved in managing requests to Twitter. As we continually improve Zipkin, today we’re adding a Firefox extension to Zipkin that makes it easy to see trace visualizations in your browser as you navigate your website.Read more…

Libcrunch and CRUSH Maps

When we introduced our in-house photo storage system Blobstore to the world, we discussed a mapping framework called libcrunch for Blobstore that maps virtual buckets to storage nodes. The libcrunch implementation was heavily inspired by the seminal paper on the CRUSH algorithm.Read more…

CSP to the Rescue: Leveraging the Browser for Security

Topics:

Programming is difficult — and difficult things generally don’t have a perfect solution. As an example, cross-site scripting (XSS) is still very much unsolved. It’s very easy to think you’re doing the right thing at the right time, but there are two opportunities to fail here: the fix might not be correct, and it might not be applied correctly. Escaping content (while still the most effective way to mitigate XSS) has a lot of “gotchas” (such as contextual differences and browser quirks) that show up time and time again.Read more…

Mobile app development: Catching crashers

Topics:

Before Twitter for iOS code reaches production, we run it through static analysis, automated testing, code review, manual verification, and employee dogfooding. In this last step, we distribute beta builds to our employees to collect real-world feedback on products and monitor code stability through crash reports.

Detailed crash data has had a huge impact to our development process, and significantly improved mobile app performance and quality. This post describes two types of bugs, and how we used detailed data from Crashlytics to diagnose and fix them.Read more…

Students: Apply now for Summer of Code

Topics:

We are thrilled to have an opportunity again to participate and support the Summer of Code program, especially since we enjoyed being involved so much last year for the first time.Read more…

Drinking from the Streaming API

Topics:

Today we’re open-sourcing the Hosebird Client (hbc) under the ALv2 license to provide a robust Java HTTP library for consuming Twitter’s Streaming API. The client is full featured: it offers support for GZip, OAuth and partitioning; automatic reconnections with appropriate backfill counts; access to raw bytes payload; proper retry schemes, and relevant statistics.Read more…

Pages