Software Engineering Daily recently broadcast two episodes about Slack:
Keight Adams spoke about Slack’s architecture with a focus on the “game” like system. Slack’s architecture has technically designed to work in a highly distributed environment that requires managing the latency, connectivity, cache coherency, and cache capacity. Similar to the concerns in a massively multiplayer online game (MMOG). In fact Slack as a product/company was a pivot from a game company.
Ryan Huber works on the small team (~4 SecOps) at Slack and highlighted a few important aspects of managing security. He noted the importance of managing authentication/authorization since it is a broad and often attacked means of creating a breach. He brought attention to the defenders advantage in knowing where the critical infrstructure/data is located and that that knowledge is critical in defense. Additionally, he emphasized the importance of log monitoring and the awesome usefulness of “auditd”, which is built into the Linux kernel and can capture information about syscalls. From Ryan’s twitter feed is this helphful link allowing the searching of syscalls. Building tools and automating their usage so as to contribute to DevSecOps was also focused on.