In the beginning of January, I was lucky enough to be able to attend Square Code Camp, a 4-day program created by Square to immerse female engineering students (17 from universities across the US) in startup culture and computer science. Here are some of the highlights of the activities that our awesome organizers, Rachel Constable and Vanessa Slavich, planned for us:
Meeting Jack Dorsey
I’d been curious about Jack, the founder of Twitter and Square and man of many interests, for a while. The morning of the first full day, he gave us the Square talk and walked us through the rumored “Gandhi Walk.” I can’t comment on what he said, but I was impressed by the subtlety and depth of Square’s credo.
Tech Trek: Security Workshop
The motto of this workshop could have been “move fast and break things.” In just two and a half hours, the head of security at Square showed us a simple credit-transferring web app he had built, gave us time to hijack it, taught us how to properly hijack it, and told us awesome security war stories. Now I know to look for any opportunity for user input (username, password, email, file upload, filename, numbers, etc.) and think about breaking out of the environment to inject malicious code, the goal being to run arbitrary code. In one of my favorite hacks, we realized that when the web app uploaded files, it would do so like this:
PATH = (get user-inputted filename)
upload (get user-uploaded file) to ~\somedirectory\PATH
If you named your file starting with arbitrary chars set off by a semicolon or &&, you would break out of the upload command into a shell that could run any commands you wanted:
'(arbitrary chars here); (arbitrary commands here)'
'dfhgfkajsh; ls; rm exampledir.db; ls'
So, as seen above, Leah and I deleted the database and killed the web app. Move fast and break everything.
Imagine that you have little to no experience with web development and Ruby on Rails. Then you’re put on a team with two Code Campers who also don’t have Rails experience, plus one engineer from Square, and asked to build a full-fledged event management Rails app for Square in six hours. Thankfully, Erica Kwan, the lady running Dev Day, had built some of the hard parts for each of the teams already, but we still found it tough (and rewarding). We worked with Square engineers Jack Danger and Sean Sorrell, and you can see what Stephanie, Sumaiya, and I built with their help here. Pair-programming with Sean was awesome. In addition to showing us how Rails and the MVC model worked, he also showed me the CMD+` (Safari) and CTRL+TAB (Chrome) shortcuts, saving me years of Mac tab-switching frustration.
Square’s Design and People
There’s much more I haven’t mentioned, but everything we did and saw was touched by Square’s sense of design. Besides the sleek, crisp site and app, I was impressed by the presentations and workshops. I haven’t met many presenters who follow these unwritten rules: that the slides should consist of as many pictures and as few words as possible (five or less, if possible), that there should be opportunities for participants to guess the answer before presenting the real answer, that the presenter should keep it simple and build a narrative with metaphor. All of the presentations at Square followed these principles, but Jim McKelvey, one of the co-founders of Square, gave a talk on glassblowing that transcended slides.
Also, shout-out to my mentor, Vida Ha! I had great conversations about start-up culture and San Francisco with her, and she gave me invaluable advice.
If you’re a woman in college majoring in CS/EE/math and you’re reading this, I would definitely recommend applying to Square Code Camp. If not, I’d recommend trying Square’s app and reader. They’ve put a lot of care into the design, and it shows.