Engineering's Log

--L❤☮🤚

Update D.4

2022.01.28

12:00, we set up SSO for GitHub and Google Workspace, which should enhance security and prepare us for our SOC2 audit.

14:00, we created a script to go through our repository and protect their main branch massively.

2022.01.27

12:00, we are looking at IAB content classification for the SaaS monitoring tool: standards/content-taxonomy

16:00, we migrated our pg database from Hasura to GCP.

2022.01.26

12:00, we started our SOC2 journey.

2022.01.25

12:00, we are thinking about making a SaaS inventory from the reporter dashboard.

---

Update C.3

2022.01.23

12:00, we deployed the reporter dashboard.

2022.01.22

12:00, we are adding Auth0 to our dashboard, which shares its auth state with the reporter extension.

2022.01.21

12:00, we learned about the WECG web ext group meeting notes

Restrictions of MV3:

1. Background service worker are not persistent; they get killed by chrome after 5 minutes: w3c/webextensions/issues/44
2. Missing APIs: w3c/webextensions/issues/72, w3c/webextensions/issues/134, w3c/webextensions/issues/82 -> prevent phising blocking

2022.01.20

12:00, we are adding a more extensive set of SaaS to track within reporter.

It seems having customers and case studies helps sales a lot - "Look at how much we helped these people. we can help you like that, as well!"

2022.01.19

12:00, we added GitHub webhook to send alerts to Discord. We're also researching dbir

2022.01.18

12:00, we extracted the SaaS app via the origin host and included it in the report sent to our realtime database.

---

Update B.2

2022.01.17

12:00, we set up an email-catchall route to test out reporter bug digress. We tested out DataDog's plain-text email ingestion API. One issue we found is that DataDog does not include the origin email sender.

14:00, we are investigating the implementation of a phishing simulator targetting LinkedIn.

2022.01.16

12:00, we are testing out message fishing simulation and XML injection to a website data payload. We're also reading more about pricing: p/when-is-a-dollar-not-a-dollar.

A dollar of cost savings is worth one dollar to the customer, but a dollar of extra revenue is usually worth dimes or pennies (depending on the customer’s profit margin).

2022.01.15

12:00, we found an issue with our robot.txt. It seems that for SEO purposes, we should create a sitemap and allow the robot to crawl these pages.

2022.01.14

12:00, we're adding screenshotting to the reporter. We also implemented CI deployment script that fetches key from our secure, shared storage.

---

Update A.1

2022.01.11

12:00, we released legal/privacy and legal/tos

2022.01.10

12:00, we worked on our win32 setup:

• Install powershell latest
• Install windows terminal
• Install git, make sure to use the integrated option
• Install oh-my-posh: make sure to fork a theme and add "pwd": "osc99"
• Install posh-git and posh-sshell:

PowerShellGet\Install-Module posh-sshell -Scope CurrentUser
PowerShellGet\Install-Module posh-git -Scope CurrentUser

• Install gluons/powershell-git-aliases
• Install Windows openssh: Since Windows integrates SSH in its recent build, that integrated version has a cached secret store to remember your ssh-add private key's password. So you won't need to re-enter your password after reboot the machine

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name $OpenSSHClient.Name

• Swap git's ssh client:

git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

• Open terminal with Admin perm: The commands below starts the ssh-agent each boot

Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
Start-Service ssh-agent

• Improve pwsh profile with vim $profile:

New-Alias open ii
New-Alias vim nvim

# Shows navigable menu of all options when hitting Tab
Set-PSReadlineKeyHandler -Key Tab -Function MenuComplete
# Autocompletion for arrow keys
Set-PSReadlineKeyHandler -Key UpArrow -Function HistorySearchBackward
Set-PSReadlineKeyHandler -Key DownArrow -Function HistorySearchForward

function prompt
{
  $loc = Get-Location

  $prompt = & $GitPromptScriptBlock

  $prompt += "$([char]27)]9;12$([char]7)"
  if ($loc.Provider.Name -eq "FileSystem")
  {
    $prompt += "$([char]27)]9;9;`"$($loc.Path)`"$([char]7)"
  }

  $prompt
}

oh-my-posh init pwsh --config "~/posh-theme.omp.json" | Invoke-Expression
Import-Module posh-git
Import-Module posh-sshell
Import-Module -Name Terminal-Icons

Clear-Host

• Get VSCode

2022.01.09

12:00, we're investigating potential customer market segment.

14:00, we started watching learn/wharton-accounting to learn more about corporate finance.

${plasmo:universe}/U64eCftcNBXxHZRu3

Back to Engineering Quarter