In our first post we discussed the need for a near real time Safe Deploy system and some of the statistics that power its decisions. In this post we will cover the architecture and engineering choices behind the various components that Safe Deploys comprises.

Designing a near real-time experimentation system required making explicit tradeoffs among speed, precision, cost, and resiliency. An early decision was to limit near real-time results to only the first 24 hours of an experiment — enough time to catch any major issues and transition to using comprehensive results from the batch pipeline. The idea being once batch results were available, experimenters would no longer need real time results. The following sections describe the additional design decisions in each component of the Safe Deploys system.

在本系列文章的第一篇中，我们介绍了数据保护平台（Data Protection Platform，以下简称 DPP），是一个使我们能符合国际法律和安全需求的数据保护平台。我们强调了解我们的数据是保护数据的必要组成部分，可以通过跟踪个人和敏感数据在我们生态系统中的存储位置来实现。在本篇文章中，我们将讨论公司在查找个人和敏感数据的确切位置时经常面临的挑战。许多公司依靠工程师手动追踪个人数据和敏感数据在内部系统如何流转以及流向何处，但依靠手动数据分类会带来不少挑战：

1. 数据在不断迭代。这使工程师很难全面了解数据，及数据如何在公司的基础设施中流动。数据还会复制并存到不同的数据存储中，此外，随着产品的变化和新产品的出现，也会有新类型的数据产生。
2. 手动分类更容易出错。工程师可能会忘记该数据资产是否包含个人数据，或者有些数据是用户自由输入，工程师并不知道里面会包含什么。
3. 安全和个人隐私数据不断增加。对于新隐私法规和安全合规要求的新增数据元素，工程师须再次进行手动数据分类，造成了公司的高成本和低效率。
4. 在代码库和各种数据存储中可能会泄漏密钥。工程师常用密钥包括生产环境API 密钥、供应商密钥和数据库登录凭证等。代码库中泄漏密钥是一个常见的问题，通常由于工程师意外或无意识地提交代码且没有被审批人发现。密钥一旦检入（check in）生产环境，想要找到它们就变成大海捞针，不容易被发现。

为了应对这些挑战，我们构建了数据分类工具来检测数据存储、日志和源代码中的个人和敏感数据。一起来看下我们的数据分类工具架构。具体来说，我们将深入研究 Inspekt 的技术组件，即数据存储和日志数据分类系统，以及 Angmar -- Github 企业版上的代码库的密钥检测和防护系统。

智能客服产品全剖析（下篇）的设计干货分享来也！本文将在用户旅程地图的基础上阐述智能客服产品的交互框架和界面设计心得。

Every engineer knows that security is a never-ending problem. Until we delete all our code and move into a cottage in the woods, we have to accept that there is no such thing as 100% secure software. You could be doing everything perfectly, and a publicly known vulnerability (CVE) could emerge for the most updated version of a third party library in your infrastructure. Things are secure until they are not. Like with Sisyphus, the boulder will never reach the top of the hill.

Rather than eliminating vulnerabilities, the goal of a vulnerability management program should be to quickly and effectively detect and respond to the barrage of threats that surface every day. There are many scanners and vendor tools that purport to solve the problem. But with the scanners comes the problem of a never-ending flood of CVE reports, thus slowing down our ability to remediate in a timely manner.

How Airbnb securely manages permissions for our large team of employees, contractors, and call center staff.

How Airbnb automates incident management in a world of complex, rapidly evolving ensemble of micro services.

作为智能客服产品全剖析（中篇），本文将继续介绍智能客服产品的用户细分。我们将分别从「积极型探索者」和「消极型探索者」的需求视角分析用户痛点和用户旅程地图，从而探索个性化的智能产品策略。

As Airbnb has grown to a company with over 1,200 developers, the number of platforms and channels for pushing changes to our product — and the number of daily changes we push into production — has also grown tremendously. In the face of this growth, we constantly need to scale our ability to detect errors before they reach production. However, errors inevitably slip past pre-production validation, so we also invest heavily in mechanisms to detect errors quickly when they do make it to production. In this blog post we will cover the motivations and foundations for a system for safeguarding changes in production, which we call Safe Deploys. Two following posts will cover the technical architecture in detail for how we applied this to traditional A/B tests, and code deploys respectively.

How we applied qualitative learning, human labeling and machine learning to iteratively develop Airbnb’s Community Support Taxonomy.

Learn how Linaria, Airbnb’s newest choice for web styling, improved both developer experience and web performance.

How Airbnb is leveraging graph neural networks to up-level our machine learning.

How we redesigned payments data read flow to optimize client integrations, while achieving up to 150x performance gains.

"Empower families and groups of friends who travel together in a collaborative way to document, organise, and share their travel experiences and stays with the larger Airbnb community"

The above brief was given during the Airbnb + Adobe Creative Jam held during April 2020 for US, UK and Canadian students. Unfortunately the competition was not open to Australian students, meaning I could not participate. However, I thought it would work as a good practice brief that I could do in my own time as a way to really delve into the UX design process through research, ideation and testing.

An important part of running Airbnb’s infrastructure is ensuring our cloud spending automatically scales with demand, both up and down. Our traffic fluctuates heavily every day, and our cloud footprint should scale dynamically to support this.

To support this scaling, Airbnb utilizes Kubernetes, an open source container orchestration system. We also utilize OneTouch, a service configuration interface built on top of Kubernetes, and is described in more detail in a previous post.

In this post, we’ll talk about how we dynamically size our clusters using the Kubernetes Cluster Autoscaler, and highlight functionality we’ve contributed to the sig-autoscaling community. These improvements add customizability and flexibility to meet Airbnb’s unique business requirements.

How Airbnb migrated from Webpack to Metro and made the development feedback loop nearly instantaneous, the largest production build 50% faster, with marginal end-user runtime improvements.

随着有关数据泄露的新闻报道日益增多，加上国际监管和安全要求的出台，数据监管与保护已成为备受关注且亟待解决的重要议题。

我们的房东和房客社区相信：爱彼迎会保障用户数据安全，同时尊重用户的隐私权利。

在爱彼迎，数据的收集、存储和传输会通过不同的数据存储和基础设施来完成。工程师很难通过手动跟踪来了解用户及敏感数据在技术环境中的流转过程。其实，这反而会让我们的数据保护难上加难。虽然我们现在有从不同维度保障数据安全的供应商，但我们更希望设计一套理想的数据安全工具，既能支持我们生态系统中的数据存储器，又能满足我们在数据开发和自动化数据保护方面的所有需求。

在《爱彼迎数据隐私与安全工程》系列分享中，我们会和各位展开聊聊：如何通过创建和维护数据安全平台来化解上述挑战。

第一篇文章，我们会快速回顾构建数据保护平台（Data Protection Platform, 以下简称 DPP）的背景和技术架构，并深入解读我们的数据清单组件——Madoka。