Security

Summarized using AI

20k MRuby devices in production

Thiago Scalone • May 31, 2018 • Sendai, Miyagi, Japan

In this presentation at RubyKaigi 2018, Thiago Scalone discusses the successful implementation of mRuby across 20,000 terminals in Brazil's payment processing infrastructure, detailing the challenges and benefits of adopting this open-source software. He outlines the critical role of payment processors like his company, called walk, in facilitating secure transactions amidst an inefficient landscape populated by outdated technology. Scalone showcases mRuby's capabilities and its importance in updating runtime environments, enhancing transaction security, and managing hardware communications.

Key points include:

  • Common Misunderstandings About Brazil: Scalone humorously addresses cultural stereotypes and showcases the work ethic and social nature of Brazilians.
  • Payment Processing Infrastructure: He highlights the operational flow of transactions and the challenges faced due to inefficiencies among acquirers.
  • Implementation of mRuby: Describing mRuby as an open ecosystem, Scalone explains how it enables the development of applications for digital transactions. He conducts a demo illustrating runtime updates, communication settings, cryptographic security, concurrency management, and memory handling.
  • CLI Usage: Scalone explains how to use the mRuby Command Line Interface (CLI) for creating, compiling, and deploying applications efficiently, particularly for IoT devices.
  • Communication Protocols: Persistent TCP socket connections, TLS protocols, and the use of WebSockets are discussed in the context of improving communication between devices.
  • Transaction Security: He emphasizes adherence to ISO 8583 standards and robust security measures to ensure PCI compliance and efficient data handling.
  • Code Sharing: Scalone introduces the use of libraries like Bundler for sharing code, thereby enhancing collaboration and functionality across various applications.
  • Results Achieved: He shares impressive metrics, stating that over 40,000 mRuby terminals are in production handling over 1 billion dollars in payment transactions, showcasing the effectiveness of the approach.

In conclusion, the transition to mRuby has marked significant progress in handling digital transactions effectively while maintaining high security standards, flexibility, and improved performance across a broad range of devices, leading to considerable financial success.

20k MRuby devices in production
Thiago Scalone • May 31, 2018 • Sendai, Miyagi, Japan

I've changed an entire solid runtime for mRuby, and for 3 years, even if is not recommend, we've been runnin
g mRuby in production reaching 20k machines and billons of dollars in payment transactions. We faced a lot o
f problems, but even more benefits adopting mRuby. This talk is about those topics, like:

- Runtime and application Update/Upgrade
- Communication configuration and intelligence
- Payment transaction security and cryptography
- Concurrency
- Code sharing between CRuby and mRuby
- Memory management and leaks
- Open Source

RubyKaigi 2018 https://rubykaigi.org/2018/presentations/scalone

RubyKaigi 2018

00:00:01.399 Hello everyone, konnichiwa. My name is Thiago Scalone, and I am a software engineer from Brazil. I'm excited to talk about our case involving 20,000 mRuby terminals in production.
00:00:06.690 Firstly, I want to share some common misunderstandings about Brazilians. We do not speak Spanish. Portuguese is the language we speak. Not everyone in Brazil is a soccer fan, and while some people enjoy hugs and physical contact, others may appreciate personal space. As Brazilians, we love to party and enjoy drinks; we work hard, but we know how to have fun too. We work diligently for everything we achieve.
00:00:46.469 Now, let’s discuss called walk. This is a payment processor that plays a critical role in the infrastructure of payment transactions. The typical transaction flow starts with the issuer, usually a bank, which supplies a credit card to the cardholder. The cardholder can then use this card at various places to purchase goods or services. In Brazil, our largest challenge is that many acquirers are inefficient, often requiring extensive personnel to accomplish basic tasks. Many also rely on outdated technology that is difficult to maintain, leaving them ill-equipped to offer modern digital products.
00:01:29.189 Calling upon better solutions, we established our approach at called walk, which sets us apart from other players in the field. We implemented it as an entry point for payments, allowing flexibility in managing transactions. We can convert transactions into token receipts while adjusting the entire payment flow to apply blockchain technology to enhance security against fraud and ensure settlement.
00:02:28.020 Next, I will delve into mRuby and its capabilities. We are developing an open ecosystem that utilizes Ruby to deliver applications. Anyone interested in creating digital transactions, cashbacks, or any payment types can create their applications using mRuby and deploy them on the terminals. Let's dive into a simple demo application that illustrates the next steps.
00:03:19.480 In this demo, I will be showing you how to update the runtime, configure communications, leverage transaction security with cryptography, share code between CRuby and mRuby, manage concurrency, and handle memory management effectively. At the end of the session, I will also show you a video of a real transaction using two devices in our production environment.
00:05:34.080 To start this demo, we will call our CLI.
00:05:38.160 Using the mRuby CLI, we will create a simple application called 'walk new ruby tiny.' The project structure will be shown in our back-end system and can be compiled when deployed. In this demonstration, I will talk about the mRuby test.
00:07:08.699 The essential workflow for creating a solution comprises compiling code and deploying it to the machines. If you are looking to create a payment solution for any application, this is how you can deliver it. Now, I want to explain the critical parts involved in running mRuby and how they connect.
00:08:50.240 The mRuby CLI enables project creation, compilation, and deployment. We have multiple major solutions working to enable this functionality, including the mRuby CLI framework altered for IoT use. This small environment accommodates cross-compilation, modular development, and simplified executions without needing complex setups.
00:10:10.230 Furthermore, we've established a framework for managing hardware interfaces and implementing compilation packaging tools, making them beneficial to our development workflow. Among the features we focus on are displaying images, generating QR codes, and managing device interactions, all of which are essential for the IoT space.
00:10:53.280 Now let's address how hardware communication occurs. Our terminals primarily use GPRS, 3G, or Wi-Fi connections to facilitate transactions. Persistent TCP socket connections play a vital role in ensuring smooth operations, especially as we implement TLS protocols to bolster security. Our goal is to minimize the drawbacks associated with frequent handshakes and negotiations that can delay transactional efficiency.
00:12:20.000 Using WebSockets as a binary protocol, we've further enhanced our communications systems. Developed as part of the overall architecture, it enables simultaneous notifications for multiple devices, ensuring timely updates on transactions and events like transaction confirmations.
00:14:08.110 For secure transactions, we have adopted ISO 8583 as a payment industry standard. This process is quite complex and challenging to implement successfully across various systems. It requires efficient data handling since the terminals operate with limited memory, often around 2 megabytes a month. Given these constraints, we prefer using lightweight protocols and binary exchanges to optimize performance.
00:15:46.400 Ruby enhances our capabilities significantly. Historically, many features required development directly in C, but now with Ruby running on our terminal, we can maintain simpler interfaces and manage connections more effectively. With the enhanced capabilities of mRuby, communication management has become more streamlined, allowing terminals to switch seamlessly between Wi-Fi and GPRS as necessary.
00:17:28.760 Another vital aspect is ensuring security compliance, particularly regarding transactions processed through PCI PTS terminals. We have established robust security measures, including utilizing libraries for encryption, secure transactions, and standardizing interfaces all managed efficiently through mRuby.
00:19:14.830 We also emphasize the importance of sharing code between our servers and terminals. Using libraries like Bundler simplifies this process, improving efficiency and opening up possibilities for various application developments across our environment.
00:21:30.360 In conclusion, we’ve been running more than 40,000 terminals in production, handling over 1 billion dollars in payments this year. Approximately 50% of our total transaction volume is managed through mRuby, showing great success and reliability in performance. Thank you for your attention, and I am happy to answer questions.
Explore all talks recorded at RubyKaigi 2018
+58