At Hootsuite, we perform penetration tests to ensure that our software and services are secure and compliant. Penetration testing (or “pen testing” for short) is a security process in which the tester attempts to exploit software using security vulnerabilities. The goal of our pen testing is preventative: to find as many security vulnerabilities in our products so that our development team can fix them.

In the field of security, there is more than one type of hacker. A hacker is categorized based on their motivation: Black hat hackers are those who seek to exploit software security vulnerabilities for malicious intent, White hat hackers are those who hack in an ethical way and try to to avoid causing damage the systems they attempt to penetrate. Pen Testers are White Hat hackers. By understanding the mindset of black hat hackers, white hat hackers can give organizations insight on how to further harden and secure the organization’s infrastructure to reduce security threats.

A Bird’s Eye View of Pen Testing

A Bird’s Eye View of Pen Testing

Read More →

At Hootsuite, we have begun to move some of our new services into Docker containers. Among the many benefits of application containerization, the ones that stand out the most are security, high availability, and non-conflicting server configurations for different applications.

During my co-op term at Hootsuite, I worked under Mark Eijsermans and Mark Allen on the Build and Deploy team helping configure the infrastructure for the deployment of containerized applications. Marathon was the framework chosen to schedule containers to a provisioned Mesos cluster. The implementation of a scheduler system is important because it allows developers to quickly get an application up and running in a consistent environment. Furthermore, it allows for efficient resource use and the ability to quickly scale services up and down as needed (allowing for significant cost savings). Marathon provides many benefits such as ease of use and an extensive REST API. Furthermore, it is currently in use at companies such as AirBnB and Shopify (among others), so it has been production tested.

Read More →

What is a code review, you ask? Well, let me tell you! But first, let me give you a little bit of insight into who I am so that you can understand why I find code reviews invaluable.


At the beginning of September, I began my very first (sort of) work term as a co-op software developer here at Hootsuite. I say, “sort of” because I actually have a Bachelor of Science in Chemistry and have work experience in that field. As you can imagine, synthesizing chemicals and developing software are worlds apart, so my prior experiences did not directly help me become a better programmer.


A typical day in the life of a chemist.

Read More →

A Short and Sweet History of Translation at Hootsuite

Hootsuite has been a global company since 2012. As soon as we became global, localizing our products to offer more than English became a priority. We needed our dashboard to support many languages at once, efficiently. How do we keep the Hootsuite dashboard useful and personalized for all of our users across the world? Hootsuite has offices all over the world, from Bucharest to Vancouver, but our users’ global presence far exceeds our office representation. Hootsuite users come from every corner of the globe and speak dozens of different languages. It’s difficult to keep up with translation our constantly-evolving product. Currently, our dashboard is available in over 15 languages, with another 15 on the way! That’s a lot of languages for our developers to manage.

When we first realized that our products needed translating yesterday, there were some ill-fated false starts. One particularly unfortunate event involved a developer translating our iOS app into German, using Google translate. While the intent was genuine, our German customers let us know (strongly) that Google Translate is not yet advanced enough to be a substitute for human translation. After those first attempts to self-solve the problem, we did what Hootsuite does best: we built a better way.

Read More →

Lately, there’s been a giant demand for data and statistics that can be used to help make business decisions. If you’re working as a developer or engineer on a team that’s tasked with gathering this data, you’ve probably noticed that this demand has translated into more information and events being tracked, and more pressure on the systems you use to extract, transfer, and load your data. You may have even run into a situation where your current systems start to buckle  under the increased load, and reliability and stability begin to degrade.

This year, the Datalab Team at Hootsuite ran into this problem and came to the conclusion that using Logstash in our data pipeline wasn’t working – we needed to migrate to something else. This blog post outlines what we did to make our transition smoother, and will hopefully provide some useful tips if your team is looking to change part of your extract-transform-load (ETL) system.

Our DataLab team recorded almost a 40% increase in the amount of events we were tracking in a one year period

Our DataLab team recorded almost a 40% increase in the amount of events we were tracking in a one-year period

Read More →

Updating your app to target the latest version of Android can be tricky – there will always be some new challenges to solve. But when you’re called out by an actual Android architect on Google Plus for a problem with your app, you know that you need to act fast…

Android Marshmallow. © Google

Android Marshmallow. © Google

Being Called Out

After our Marshmallow release, our Product Manager Lars Vedo saw a post on Google Plus about our app. In the post, Phil Nickinson from mentioned how, on Marshmallow, he couldn’t share an image to Instagram through Hootsuite without first giving permission in the Instagram app. Phil’s Google Plus page has 37000 followers so it didn’t take long to get our attention. The post also got the attention of Adam Powell, an Android architect at Google. He responded to the above post saying “This means Hootsuite does sharing data wrong.” … Ouch.

Read More →

Delivering useful software that your customers value is not an easy task. Beyond the technical skills required, you have to have insight into how customers use your product and anticipate their needs. The Elasticsearch-Logstash-Kibana (ELK) technology stack can help you deliver better products, better understand the needs of your customers, and give you an advantage over your competitors by helping you gain new insights into your data.

ELK is an end-to-end stack that delivers actionable insights in real time from almost any type of structured or unstructured data source. In this post, I’ll help you discover how easily it is to create a minimum setup and configuration of the ELK stack.

Read More →

At first glance, technical conferences may seem like a waste of time and money. Why spend hundreds of dollars to fly somewhere to hear the same talks that can be later found on YouTube, or read about same topics that can be found on countless blogs?  If you’ve been to any good conferences, however, you’ll know that it’s about more than just the talks themselves. Where else can you:

  • Talk with the people who write the software you use every day?
  • Discuss the war stories behind the blog posts, and hear about the realities of how the work actually got done behind the scenes?
  • Have those random hallway conversations that introduces you to new technologies or processes that could revolutionize your entire way of working?
  • Make connections with other developers and invite them back to speak at your office?
Conferences are about more than just the talks. They’re about the ability to learn and make connections with fellow developers who are in the same trenches facing the same problems.

During my time at Hootsuite, I have had the privilege of both attending and speaking at conferences, in addition to being an active participant in the Tech Meetups in Vancouver. The number of connections and conversations I have had over the years have been invaluable for my own career development, including my experiences at technical conferences. Read More →

At Hootsuite, we’ve been working on restructuring our front-end architecture using React and Flux. This has given us the opportunity to explore the benefits we gains by structuring the data on the front-end as immutable collections. As part of the Engagement team, a group of us are working on Streams, the part of the product our users directly interact with when they use the Hootsuite dashboard. This is one of the major chunks of the product being migrated over from Backbone and jQuery.


For those who are new to React, it is a JavaScript library for building user interfaces, built by the folks over at Facebook and Instagram to enable them to build large web based application with data that changes over time. It is often valuable to think of React as the view part of the Model-View-Controller pattern. Flux is an architectural pattern that complements React by utilizing a uni-directional data flow. When a user interacts with a React view, the View fires an Action that goes through a Dispatcher to update a Store that holds the application’s data and state, which in turn updates the Views. Uni-directional data flow ensures that a change in application’s state is updated wherever the state is used without forcing the developer to update the code everywhere the state is used.

Source: Flux Overview (

Source: Flux Overview (

You can learn more about React and Flux by reading this in-depth post written by my teammate, Catherine Tan:

Making React Even Faster

As part of building out our new front-end, it was important that performance was a concern that we kept in mind. With customers relying on our product to be highly efficient and robust, this was going to be a primary concern as we moved over to React and Flux. A key improvement metric that can be looked into with regards to React is how often a component re-renders. That’s where immutable data comes into play and provides a better way to optimize the process of re-rendering.

The way React works is by maintaining its own fast implementation of the DOM tree called the virtual DOM. Whenever there is a change in the UI, React makes a new virtual DOM and compares it with the old one, and if they’re different, it updates the actual DOM, minimizing the number of mutations. To improve performance, we need to ensure that only the part affected by the changes in the data is re-rendered. To allow developers to do this, React provides a component lifecycle function called shouldComponentUpdate which runs every time a component is re-rendered. We can couple this function with immutable data structures to ensure that a re-render only happens when the data has actually changed. Read More →

I always enjoy meeting eager prospective candidates and representing my company in public. I love sharing what I do and hearing unfiltered perspectives from real people in my field. When I’m looking at a company, that’s what I want to hear about – not forced enthusiasm about foosball tables or similar perks by an executive or manager, but real stories about the work and the environment. With that in mind, when it was our turn to pitch at Techfest, we wanted the audience to hear directly from someone who’s in a position they’re aiming for.


To me, what always set Hootsuite apart and what makes me love coming to work everyday has always been trust – the trust that our team has in one another.

My Pitch Read More →