Clever Eng Blog — Always a Student

Always a Student is one of Clever's culture tenets: we love to learn, and this blog is where we share what we learn on topics that matter to engineering, from small but critical technical details to how we organize our engineering teams. This blog is cross-published on Medium.

Moving from a single API to multiple API versions

By Amelie Zeng on

Since June 2012, Clever has only had one version of our API: v1.1. We’re now ready to introduce v1.2! In this post, we’ll talk about what the new version means for our customers. Why API versioning? Very few, if any, non-Clever developers saw API v1.0. Early beta versions had this designation, but as we finalized […]

Securing Saved-password Applications

By Alex Smolen on

The password is both a ubiquitous and brittle security mechanism. With the emergence of new security trends like post-quantum cryptography and IoT-botnet attacks, it’s easy to overlook attacks that exploit guessable, reused, or coerced passwords. But the wherewithal among users to use strong passwords and keep them safe is rare. Despite decades of practice, managing […]

Clever Badges & Our Commitment to Security

By Alex Smolen on

Clever Badges makes it easy for K-2 students to log into applications. As with any new feature, we wanted to understand and address any potential security risks before we launched Clever Badges to our users. If we built Clever Badges without thinking deeply about security, it would have been easy to introduce a vulnerability and […]

Open Sourcing our Policies

By Mohit Gupta on

Student Data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal. About five months ago, we were made aware of aspects of our privacy policy […]

Clever Shellshock Recommendations

By wpengine on

CVE-2014-6271 and CVE-2014-7169, also known as “Shellshock”, are high impact vulnerabilities affecting the Born Again Shell (BASH). The vulnerability allows an attacker to trick Bash into running arbitrary commands which could result in unauthorized disclosure of information, unauthorized modification and disruption of service. Because this is such a big threat, and because at Clever we […]

Testing Private Functions in JavaScript Modules

By Jonah Kagan on

As JavaScript has matured as a language, the module has become the primary unit of code organization. However, as with many facets of JS, modules grew organically from the developer ecosystem (as opposed to being designed as part of the language from the beginning), so they have their flaws – one being that you can […]

The Best Tool for the Join: Scaling Node.js with Unix

By Jonah Kagan on

At Clever we help 1 in 6 schools in the country sync data on an hourly basis from their student information systems (SISes) to the ed tech apps that their teachers and students use. These 20,000 schools sync about 50 GB of data in aggregate – that’s over a terabyte of data per day. While […]