Engineering's Log


Update D.4


12:00, we set up SSO for GitHub and Google Workspace, which should enhance security and prepare us for our SOC2 audit.

14:00, we created a script to go through our repository and protect their main branch massively.


12:00, we are looking at IAB content classification for the SaaS monitoring tool: standards/content-taxonomy

16:00, we migrated our pg database from Hasura to GCP.


12:00, we started our SOC2 journey.


12:00, we are thinking about making a SaaS inventory from the reporter dashboard.

Update C.3


12:00, we deployed the reporter dashboard.


12:00, we are adding Auth0 to our dashboard, which shares its auth state with the reporter extension.


12:00, we learned about the WECG web ext group meeting notes

Restrictions of MV3:

  1. Background service worker are not persistent; they get killed by chrome after 5 minutes: w3c/webextensions/issues/44
  2. Missing APIs: w3c/webextensions/issues/72, w3c/webextensions/issues/134, w3c/webextensions/issues/82 -> prevent phising blocking


12:00, we are adding a more extensive set of SaaS to track within reporter.

It seems having customers and case studies helps sales a lot - "Look at how much we helped these people. we can help you like that, as well!"


12:00, we added GitHub webhook to send alerts to Discord. We're also researching dbir


12:00, we extracted the SaaS app via the origin host and included it in the report sent to our realtime database.

Update B.2


12:00, we set up an email-catchall route to test out reporter bug digress. We tested out DataDog's plain-text email ingestion API. One issue we found is that DataDog does not include the origin email sender.

14:00, we are investigating the implementation of a phishing simulator targetting LinkedIn.


12:00, we are testing out message fishing simulation and XML injection to a website data payload. We're also reading more about pricing: p/when-is-a-dollar-not-a-dollar.

A dollar of cost savings is worth one dollar to the customer, but a dollar of extra revenue is usually worth dimes or pennies (depending on the customer’s profit margin).


12:00, we found an issue with our robot.txt. It seems that for SEO purposes, we should create a sitemap and allow the robot to crawl these pages.


12:00, we're adding screenshotting to the reporter. We also implemented CI deployment script that fetches key from our secure, shared storage.

Update A.1


12:00, we released legal/privacy and legal/tos


12:00, we worked on our win32 setup:

PowerShellGet\Install-Module posh-sshell -Scope CurrentUser
PowerShellGet\Install-Module posh-git -Scope CurrentUser
  • Install gluons/powershell-git-aliases
  • Install Windows openssh: Since Windows integrates SSH in its recent build, that integrated version has a cached secret store to remember your ssh-add private key's password. So you won't need to re-enter your password after reboot the machine
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name $OpenSSHClient.Name
  • Swap git's ssh client:
git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"
  • Open terminal with Admin perm: The commands below starts the ssh-agent each boot
Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
Start-Service ssh-agent
  • Improve pwsh profile with vim $profile:
New-Alias open ii
New-Alias vim nvim

# Shows navigable menu of all options when hitting Tab
Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete
# Autocompletion for arrow keys
Set-PSReadlineKeyHandler -Key UpArrow -Function HistorySearchBackward
Set-PSReadlineKeyHandler -Key DownArrow -Function HistorySearchForward

function prompt
  $loc = Get-Location

  $prompt = & $GitPromptScriptBlock

  $prompt += "$([char]27)]9;12$([char]7)"
  if ($loc.Provider.Name -eq "FileSystem")
    $prompt += "$([char]27)]9;9;`"$($loc.Path)`"$([char]7)"


oh-my-posh init pwsh --config "~/posh-theme.omp.json" | Invoke-Expression
Import-Module posh-git
Import-Module posh-sshell
Import-Module -Name Terminal-Icons



12:00, we're investigating potential customer market segment.

14:00, we started watching learn/wharton-accounting to learn more about corporate finance.


Back to Engineering Quarter