At Dropbox, we made the switch from testing with unittest to pytest. We love the features, fixtures, plugins, and customizability of pytest. To further improve our experience, we built a couple of tools (pytest-flakefinder, unittest2pytest) for working with pytest and released them as open source.
We developed the pytest-flakefinder plugin to help with a common problem, flaky tests. Tests that involve multiple threads, or that depend on certain ordering can often fail at a fairly low rate. A few flaky tests aren’t a big deal,
Project Schedule Estimation in Software Development
In tech, we spend little time talking about the softer skills like communication, project management, and prioritization. These are the skills that elevate someone from a good programmer to a great software engineer. Today, I’m going to focus on one aspect of project management that we’re famously bad at — the art of estimating a project schedule.
If there’s any doubt that this is a necessary skill, just consider that dreaded but frequently-asked question “How long will it take?” Even if you’re uber-Agile and don’t believe in far-off project deadlines,
Dropbox LAN Sync is a feature that allows you to download files from other computers on your network, saving time and bandwidth compared to downloading them from Dropbox servers. As the number of companies and offices using Dropbox has increased, the use cases for LAN Sync have grown, and the feature was recently rewritten and improved. Here’s a look inside how it works.
This year’s Dropbox Hack Week saw some incredible projects take shape – from the talented team that visited Baltimore to research food deserts, to a project to recreate the fictional Pied Piper algorithm from HBO’s Silicon Valley. One of the most special elements of Hack Week, though, is that often times we’re able to share these exciting projects openly with our users and our community.
At Dropbox, we love and depend on numerous excellent open source projects, and we consider contributing back to the open source community to be vitally important. Popular open source projects that Dropbox has released include the zxcvbn password strength estimator,
This is the fourth of four posts on our experience deploying Content Security Policy at Dropbox. If this sort of work interests you, we are hiring! We will also be at AppSec USA this week. Come say hi!
In previous blog posts, we discussed our experience deploying CSP at Dropbox, with a particular focus on the script-src directive that allows us to control script sources. With a locked down script-src whitelist, a nonce source, and mitigations to unsafe-eval, our CSP policy provided strong mitigations against XSS via injection attacks in our web application.
This is the third of four posts on our experience deploying Content Security Policy at Dropbox. If this sort of work interests you, we are hiring! We will also be at AppSec USA this week. Come say hi!
Previously, we discussed how at Dropbox we have deployed CSP at scale to protect against injection attacks. First, we discussed how we extract signal from violation reports to help create a host whitelist and restrict the sources of code running in our application. We also discussed how nonce sources allow us to mitigate XSS attacks due to content injections.