hey there if you don't know me my name,is maria and i like to make technology,videos on the internet,and today i thought it would be nice to,sit down and tell you about the time,that i up,so basically what inspired this was that,i,i started my internship in january as a,data engineering intern at shopify,and in my second week i kind of,did something that wasn't great and i,learned from it and it was actually a,positive experience so that's why i,wanted to share it,and then a few weeks after that i had,attended an event specifically made for,interns,that was called like my up story or,something like that,where it was a bunch of full-time,employees at shopify even like the,vp of engineering sharing the times that,they up,and what they learned from it so that,was really cool and i wanted to share,with you what i did,obviously more vaguely because i can't,say specific things because it's like,internal information but i think it's,still interesting to share,and of course i'm wearing my umbaka,earrings so that means idiot in japanese,because the thing i did was pretty,stupid so yeah,starting with the story what happened in,my first week was obviously onboarding,getting started with things,and as you saw in my like first week of,a data engineering intern video i,started this thing called a code lab at,the end of the week,which is basically a tutorial so it,would help people learn how to set up a,pipeline like a data pipeline,in shopify learning some of the,technologies that we use,and things like that so that was,something i was working on i started it,at that end of the day on friday and i,continued it into my second week,but what happened was that since i only,work a few days a week,my certificate that i had created became,expired,so this this certificate that you needed,which is just like to authenticate,that you are who you say you are so this,is where the problem stems because,essentially when i was doing the code,lab you create the certificate,but it there's like a command that you,type in the terminal and it creates it,and adds it to a file like a an e json,file so it's like,encrypted json and then you would upload,that to github,and then you can like deploy your,pipeline and all this stuff so,you have to like get it encrypted but,okay what happened was that,i had done this i think on like tuesday,or something and i don't work on,wednesdays i work on tuesday thursday,friday,so by the time i had come back on,thursday my stuff was expired,so i had to do a new certificate,but i don't remember what i was doing on,thursday but somehow i ended up doing,this on friday or like i couldn't figure,out or something but,end of day friday is when i was doing,this like i have such a bad memory,but i was doing this every day on friday,and i was like to my mentor we were pair,programming for this because i was like,i can't figure out why this isn't,working i'm trying to run,the thing again because i have the file,i can see it in front of my face,i see it's the the two old things like,it has,a certificate and i think like maybe a,key or something like,two different things two different,secrets that it will create,and then what happened was that i was,like okay i'm running this command that,i did before,why isn't it changing these files all,it's saying is that these two files are,being created on my computer,and i was like oh what if i just open,those two files and then copy and paste,that information,into my thing i didn't tell this to my,mentor because he was like oh i have to,go,work on something else so i was like,okay i'll do this and i'll tell you how,it goes,like like i'll continue working on it i,didn't tell him what i was gonna do,because i don't think he assumed that i,was gonna do this thing even though i,think now,he you know thinks a few steps ahead of,what i might be doing,so then what i did was like okay,i'm going to do that i did that i was,like oh this is,like these are pretty big whatever like,i'll just put it i'll just push up on,github,see if it fixes things because like the,whole thing was that,i couldn't deploy my the reason why i,found out that my certificate was,expired was because i couldn't deploy my,pipeline like it wasn't working,because the certificate was expired,because it only lasts for 24 hours,so i was like okay then i have to fix it,so then i'm like okay maybe i can deploy,my pipeline but no things weren't,working i was like i sent,my recent commit to my mentor and i was,like what's wrong,like why isn't this working he was like,what what did you just do maria can you,explain and,that was pretty funny because basically,i didn't encrypt anything,and the thing that i missed like i was,trying to go super fast i tried to rush,myself because i was very impatient,because,maybe what you don't know is that in my,first internship at shopify like i've,done three,so far and my first one i felt like i,was doing pretty well,and by the end of it i was like a big,contributor to what we were working on,in my second team i felt like i just,fell off and like i didn't have a mentor,i was just like i didn't feel like i was,contributing that much i didn't,i don't know if i learned as much as i,wanted to learn and i kind of like lost,the skills i had gained in my first,internship,and then this is my third one and i was,like okay i need to come back,and like get things done really quickly,so i can be,really good on this team and learn a lot,and then i was just pushing myself too,much because i want to finish onboarding,i want to start getting tasks done,and like getting issues assigned to me,so,that's why i was trying to rush myself,and that was a bad idea because i had,missed a step because there were,actually not just one command they had,to run in the terminal there was a,second command,and i didn't look back at the tutorial,to see that there was that second,command,so that was pretty bad of me and i had,just like randomly thought of this,stupid idea to,put these unencrypted certificate and,key into a file and upload it on github,which is not safe,and essentially okay what actually,happened after that was,what the more interesting part of the,story so what my mentor first did was in,a slack channel which has a bunch of,people in the data org he wrote a,message saying that we,did something and this is what happened,here's the branch on github to look at,it,and then a bunch of people started a,huge thread in that slack channel and,they started more threads and more,threads and more threads because they're,all trying to figure out,okay look what do we do because why is,this a whole problem it's because,i pushed up the stuff that you're,supposed to keep actually secret,because that stuff uh like the,actual key and everything that is being,used across,all other apps that use this like,certificate,so then they would all need to rotate,their certificate because this is being,put on github even though it's a private,repository okay this is private,repository,not deployed at all but it's still on,github,and github is now owned by microsoft and,even before it was,just another company so it's like,another company can access,your secret keys and it's obviously you,we did and,uh you can't email github and say hey,can we delete this stuff like fully,delete it so,you don't have access to it and they did,email them but,it's like still an extra level of safety,is to rotate all of your,certificates and keys and everything so,that's that was a plan,and then they had this one guy who was,like kind of leading the discussion but,then he had to go and also the worst,part of this was was again it was,the end of the day on friday so this is,like 6 p.m 7 p.m 8 p.m,people were supposed to be going on,their weekends and relaxing and then i,had calls this whole issue that roped in,like 30 different people and then a,bunch of people who didn't realize that,this was gonna affect them,because we took a few like a few hours,to figure out like okay,how do we actually rotate this stuff and,i was just like watching they even made,their own slack channel,to talk about this and like 20 something,people joined and it was,they're so smart and i was just like,sitting at my computer like,for a few hours just looking at it and,i'm like what did i just do,what have i done because i felt so bad,that i had kind of ruined these people's,friday evenings and i don't know and,then this other guy took over like an,actual person like the security team,and he was leading the discussion and,trying to like okay,decide what are the next steps that we,need to do like a few different things,like contact github,take it down rotate certificates and,what's the plan for that because they're,like okay,this isn't a big deal we can leave it,until monday to,ask all the teams that use this stuff to,rotate and they were like okay is there,good documentation for doing this,and they're also trying to figure out,what was the root cause of this problem,like why was i even able to push up this,information to github,because in theory you're not supposed to,be able to do that because we have a,check for that,so then there was obviously a bug in,that like hook that checks for things,and my mentor later found it it was,because like i had created my,files before i had created my branch and,apparently that that,that special hook only checks if you,create a branch and then make those,files,and that is so random but like i i guess,i found a bug in the system and,essentially i don't know we did have,that root cause analysis meeting like a,week or two after,and it was really interesting because we,talked about okay what went well,what didn't go so well what did we learn,and,why did this happen like actually asking,like the five,why's or whatever that it's like where,was the actual problem,or multiple problems that came out of it,because obviously it's like okay,was there good documentation some people,didn't know how to do this because,usually like they they do this every few,months or something and then there's a,whole plan and there's no,real there wasn't an easy way to do this,because there's no like lever that you,just pull and it just changes everything,for every single app,so they had to do it manually like each,team had to be like okay we're gonna do,this,and like take time out of their days on,monday to do this,which i felt really bad about of course,and i don't know i think,i did learn a lot to be more careful and,i recently had to do this thing again,and i did it properly this time okay,so i learned from my mistake which is,like the most important part of this,and essentially the reason why i wanted,to share the story was because,you know you can mess up all the time,like i i never actually had the,experience when i was on my front end or,back end team where i had completely,like messed things up,i know a lot of my friends have but i,never had that experience,and having this experience now is,actually pretty good,just to see what happens see the whole,process and learn,like okay it's they don't blame you like,no at any point didn't anyone blame me,for doing this and also something i,forgot to mention was that,it was really funny because a lot of,these senior developers and,leads and all this stuff they saw who,did it which was me,and they would dm me on slack and be,like don't worry maria we're not,mad at you and i was like oh my god are,they mad at me,and they were super nice and a lot of,them shared stories about times that,they had messed up so that made me feel,better because,i had not ever experienced this before,so that was really nice to,like get that connection with them and a,lot of them told me like they had done,the exact same thing like last year,or in their first year of their job,yeah i just wanted to say that it's it's,never a bad thing,to you know make a mistake of course,obviously i learned from it which is the,most important part,you'll never have a system that you,can't break like even at a big company,you can break things especially i didn't,have any malicious intent,for doing this kind of stuff so they're,nothing bad,i guess i thought maybe oh i could get,fired but you can't really get fired and,i know that's the shopify culture of,like okay,you what does it like build things and,break things,but anyways i just wanted to say that,don't worry if you're ever in this,situation,i doubt you'll get fired because there,was obviously like you're,you weren't the cause of this bug and,people also learned from it,you learn from it and once i looked into,the calendar of one of my teammates and,i saw that they always go to all these,root cause analysis meetings so i'm like,okay these things happen often enough,that it's not such a big deal and it's,it's fine like i had,actually been to one on my previous team,and yeah it was actually pretty,interesting like you learned so much,from seeing like a bug or a security,threat or something happen,and you obviously grow from it and your,system becomes stronger from it,and obviously like the team becomes,stronger the trust becomes stronger,because you're not blaming it on a,specific person and,that's really like a sigh of relief,you know because then it takes off the,pressure,overall i learned a lot and i hope you,enjoyed this story time,and remember to like the video if you,liked the video comment your, stories because i'd like to hear,them and don't forget to subscribe,so i'll see you next time bye
Congratulation! You bave finally finished reading how much do shopify interns make and believe you bave enougb understending how much do shopify interns make
Come on and read the rest of the article!