Engineering's Log
--L❤☮🤚
Update D.4
2022.01.28
12:00
, we set up SSO for GitHub and Google Workspace, which should enhance security and prepare us for our SOC2 audit.
14:00
, we created a script to go through our repository and protect their main branch massively.
2022.01.27
12:00
, we are looking at IAB content classification for the SaaS monitoring tool: standards/content-taxonomy
16:00
, we migrated our pg database from Hasura to GCP.
2022.01.26
12:00
, we started our SOC2 journey.
2022.01.25
12:00
, we are thinking about making a SaaS inventory from the reporter dashboard.
Update C.3
2022.01.23
12:00
, we deployed the reporter dashboard.
2022.01.22
12:00
, we are adding Auth0 to our dashboard, which shares its auth state with the reporter extension.
2022.01.21
12:00
, we learned about the WECG web ext group meeting notes
Restrictions of MV3:
- Background service worker are not persistent; they get killed by chrome after 5 minutes: w3c/webextensions/issues/44
- Missing APIs: w3c/webextensions/issues/72, w3c/webextensions/issues/134, w3c/webextensions/issues/82 -> prevent phising blocking
2022.01.20
12:00
, we are adding a more extensive set of SaaS to track within reporter.
It seems having customers and case studies helps sales a lot - "Look at how much we helped these people. we can help you like that, as well!"
2022.01.19
12:00
, we added GitHub webhook to send alerts to Discord. We're also researching dbir
2022.01.18
12:00
, we extracted the SaaS app via the origin host and included it in the report sent to our realtime database.
Update B.2
2022.01.17
12:00
, we set up an email-catchall route to test out reporter bug digress. We tested out DataDog's plain-text email ingestion API. One issue we found is that DataDog does not include the origin email sender.
14:00
, we are investigating the implementation of a phishing simulator targetting LinkedIn.
2022.01.16
12:00
, we are testing out message fishing simulation and XML injection to a website data payload. We're also reading more about pricing: p/when-is-a-dollar-not-a-dollar.
A dollar of cost savings is worth one dollar to the customer, but a dollar of extra revenue is usually worth dimes or pennies (depending on the customer’s profit margin).
2022.01.15
12:00
, we found an issue with our robot.txt
. It seems that for SEO purposes, we should create a sitemap and allow the robot to crawl these pages.
2022.01.14
12:00
, we're adding screenshotting to the reporter. We also implemented CI deployment script that fetches key from our secure, shared storage.
Update A.1
2022.01.11
12:00
, we released legal/privacy and legal/tos
2022.01.10
12:00
, we worked on our win32 setup:
- Install powershell latest
- Install windows terminal
- Install git, make sure to use the integrated option
- Install oh-my-posh: make sure to fork a theme and add
"pwd": "osc99"
- Install posh-git and posh-sshell:
PowerShellGet\Install-Module posh-sshell -Scope CurrentUser
PowerShellGet\Install-Module posh-git -Scope CurrentUser
- Install gluons/powershell-git-aliases
- Install Windows openssh: Since Windows integrates SSH in its recent build, that integrated version has a cached secret store to remember your
ssh-add
private key's password. So you won't need to re-enter your password after reboot the machine
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name $OpenSSHClient.Name
- Swap git's ssh client:
git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"
- Open terminal with Admin perm: The commands below starts the ssh-agent each boot
Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
Start-Service ssh-agent
- Improve pwsh profile with
vim $profile
:
New-Alias open ii
New-Alias vim nvim
# Shows navigable menu of all options when hitting Tab
Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete
# Autocompletion for arrow keys
Set-PSReadlineKeyHandler -Key UpArrow -Function HistorySearchBackward
Set-PSReadlineKeyHandler -Key DownArrow -Function HistorySearchForward
function prompt
{
$loc = Get-Location
$prompt = & $GitPromptScriptBlock
$prompt += "$([char]27)]9;12$([char]7)"
if ($loc.Provider.Name -eq "FileSystem")
{
$prompt += "$([char]27)]9;9;`"$($loc.Path)`"$([char]7)"
}
$prompt
}
oh-my-posh init pwsh --config "~/posh-theme.omp.json" | Invoke-Expression
Import-Module posh-git
Import-Module posh-sshell
Import-Module -Name Terminal-Icons
Clear-Host
- Get VSCode
2022.01.09
12:00
, we're investigating potential customer market segment.
14:00
, we started watching learn/wharton-accounting to learn more about corporate finance.
${plasmo:universe}/U64eCftcNBXxHZRu3