This story begins someplace familiar to many startups: our monolithic API had become unwieldy, and we wanted to transition towards a microservice architecture. And, like other young, scrappy startups, we couldn’t afford to freeze development while we re-architected the entire system. So, instead, each time we wrote a feature we carved off the related chunk […]

On Tuesday, Wednesday, and Thursday, March 6th-8th, 2018, Clever logins failed for all customers: 1h on Tuesday, 1h15 on Wednesday, and almost 5h on Thursday. This was Clever’s single worst outage ever in length, repeatedness, and impact. This postmortem is the first of many public steps we’ll be taking to ensure Clever is a service […]

Over the past month, Clever worked with CERT to address a vulnerability in our open-source SAML2 library. Clever maintains an open source library implementing the SAML protocol in Node.js known as saml2-js. We use this library internally in our SAML service provider functionality for schools using Clever SSO and the Clever Portal. It is used […]

At Clever, one of our tenets is “Always a Student”, and in that spirit of learning we wanted to share the changes we made to fix memory allocation issues in AWS Elastic Container Service related to swappiness. Swappiness is a Linux Kernel setting that specifies how likely it is for a page in memory to be […]

tl;dr: Try out microplane! It’s a CLI tool to make changes across many repos. The Problem At Clever, we’ve embraced microservices. They promote modularity, which leads to simpler code bases and lets our engineers move quickly and independently. They are easier to deploy, which helps us build towards incremental, frequent deploys and continuous delivery. In […]

At Clever, we chose early on to deliberately define the key principles we wanted our culture to reflect. These tenets are a part of day-to-day vocabulary, and we think they make us a stronger team. About a year ago, we asked ourselves: how do these tenets apply to our engineering team? Are there aspects of […]

Clever Instant Login makes it easy for students to log in to their learning applications, saving valuable instructional time. By using the widely-deployed OAuth 2 protocol, our team tries to save valuable development time and make it easy for our app customers to create integrations. OAuth 2 has been a fairly smooth road, but we […]

Since June 2012, Clever has only had one version of our API: v1.1. We’re now ready to introduce v1.2! In this post, we’ll talk about what the new version means for our customers. Why API versioning? Very few, if any, non-Clever developers saw API v1.0. Early beta versions had this designation, but as we finalized […]

The password is both a ubiquitous and brittle security mechanism. With the emergence of new security trends like post-quantum cryptography and IoT-botnet attacks, it’s easy to overlook attacks that exploit guessable, reused, or coerced passwords. But the wherewithal among users to use strong passwords and keep them safe is rare. Despite decades of practice, managing […]

Clever Badges makes it easy for K-2 students to log into applications. As with any new feature, we wanted to understand and address any potential security risks before we launched Clever Badges to our users. If we built Clever Badges without thinking deeply about security, it would have been easy to introduce a vulnerability and […]