updates

20210218134000-how_i_work.org

@@ -23,3 +23,4 @@ screen.
 * Tracking things to do
 - Capturing /and scheduling/ tasks
 - Using the [[id:4d7dffe3-4af4-41d0-85a2-270a20593c8d][Org Mode]] agenda view to plan my day
+- [[id:038c58e9-2fe9-495a-8dfb-bc3c1c538ad1][Managing projects]]

20211014151652-cross_site_scripting.org

@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       65fa9de5-afa9-406c-8576-d94380cc3bec
+:ROAM_ALIASES: XSS
+:END:
+#+title: Cross Site Scripting

20211014151808-sql_injection.org

@@ -0,0 +1,4 @@
+:PROPERTIES:
+:ID:       e4a20390-fecb-46ff-8949-4f456abdbb09
+:END:
+#+title: SQL Injection

20211019164846-how_i_manage_my_projects.org

@@ -0,0 +1,8 @@
+:PROPERTIES:
+:ID:       038c58e9-2fe9-495a-8dfb-bc3c1c538ad1
+:END:
+#+title: How I manage my projects
+
+I keep an [[id:0567a35c-3afb-4ed5-a9ec-47425c5d6f06][Org-roam]] file dedicated to my [[id:207560cc-7700-4d06-918d-cc01ae530146][Projects]]. Each project, once it's
+fleshed out as more than just an idea, gets its own file that its heading links
+to.

aweber/20210813142844-projects.org

@@ -20,7 +20,7 @@
 :LOGBOOK:
 - State "TODO"       from              [2021-09-01 Wed 13:42]
 :END:
-** TODO [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Deploying Bulk Tagging to Kubernetes]]
+** DONE [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Deploying Bulk Tagging to Kubernetes]]
 :PROPERTIES:
 :JIRA_ID:  CCPANEL-11615
 :END:
@@ -41,26 +41,28 @@
 :LOGBOOK:
 - State "TODO"       from              [2021-09-01 Wed 13:42]
 :END:
-** TODO Recipient Service
+** TODO Deploying Recipient Service to Kubernetes
 :LOGBOOK:
 - State "TODO"       from              [2021-10-13 Wed 16:26]
 :END:
-** TODO Tagging Service
+** TODO Deploying Tagging Service to Kubernetes
 :LOGBOOK:
 - State "TODO"       from              [2021-10-13 Wed 16:26]
 :END:
-* Tracking live vs dead / removed code branches in Sites
+* [[id:3cc8bd09-dd02-4950-8c89-a737f92809fd][Tracking progress of moving pages out of Sites]]
 * [[id:11edd6c9-b976-403b-a419-b5542ddedaae][Subscriber Search Service]]
 * [[id:c45881de-46f2-4f76-9579-063626c5956c][Analytics View Service]]
-* Replace CAPI Services
-** List API
-*** TODO Set EOL date for awlists
+* [[id:4df15f2f-d2e1-40f4-8acd-dbfb78fe304f][Deploy CoreAPI to Kubernetes]]
+* Replacing CAPI Services
+** [[id:619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2][Migrating services to use the new List service]]
+*** DONE Set EOL date for awlists
 - [2021-08-13 Fri 15:21] :: Discussed this. Also talked about separation of
   concerns about account status vs list status. Also discussed how an
   entitlements service might fit into our architecture and how we handle state
   transitions and reverals (e.g. cancellations).
 - [2021-08-17 Tue 16:44] :: Set a one-year time limit? Should the public list
   endpoints be in the new service as well, deprecating public api lists?
+- [2021-10-18 Mon] :: The expectation is set to be migrated to the new list service exclusively by the end of Q2 2022
 ** Subscribers API
 * Frontend Client Upgrades
 ** Upgrade Dashboard to React

aweber/20211001095858-tracking_progress_of_moving_pages_out_of_sites.org

@@ -31,7 +31,7 @@
 #+end_src
 
 #+RESULTS:
-[[file:controllers-migrated-in-sites.png]]
+[[file:None]]
 
 ** Controllers in Sites
 #+caption: Identifying the total number of public controllers in the CP
@@ -51,7 +51,7 @@
 #+end_src
 
 #+RESULTS: js-controller-count
-: 24
+: 25
 
 * Progress over time
 
@@ -77,7 +77,7 @@
 #+end_src
 
 #+RESULTS:
-[[file:controllers-migrated-in-sites-over-time.png]]
+[[file:None]]
 
 #+caption: Identifying the last tagged release each month
 #+name: tags

aweber/20211013161201-validating_and_sanitizing_tags.org

@@ -5,7 +5,7 @@
 
 * Sanitizing tag display
 
-** TODO In the autocomplete of the tag input box
+** DONE In the autocomplete of the tag input box
 Fixes [[https://jira.aweber.io/browse/CCPANEL-11654][CCPANEL-11654]].
 
 https://gitlab.aweber.io/BoFs/FE/libraries/tagbox/-/merge_requests/29
@@ -17,5 +17,5 @@ https://gitlab.aweber.io/BoFs/FE/libraries/tagbox/-/merge_requests/29
 ** TODO [[id:cd4a8a83-be53-4ec9-8cca-b6f34b59ba35][Subscriber Proxy]]
 ** TODO [[id:321075e7-db53-4676-b785-7c77ed9d1150][Bulk Tagging]]
 ** TODO [[id:7e503917-646f-4275-aab9-3a125b99cbfd][Tagging]]
-*** Remove outbound sanitization
-*** Add inbound validation
+*** TODO Add inbound validation
+*** TODO Remove outbound sanitization

aweber/20211019140007-cp_leads_and_product_sync_up.org

@@ -0,0 +1,6 @@
+:PROPERTIES:
+:ID:       0e5f578f-96a2-47d8-8dd9-d0d7f1e4fc35
+:END:
+#+title: CP Leads and Product Sync-Up
+
+A weekly discussion on team priorities.

aweber/20211019142241-manager_one_on_one.org

@@ -0,0 +1,4 @@
+:PROPERTIES:
+:ID:       0a1e48ec-e132-4ec4-81a1-124711330b5a
+:END:
+#+title: Manager one-on-one

aweber/20211019163438-migrating_services_to_use_the_new_list_service.org

@@ -0,0 +1,4 @@
+:PROPERTIES:
+:ID:       619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2
+:END:
+#+title: Migrating services to use the new List service

aweber/20211019163502-deploy_coreapi_to_kubernetes.org

@@ -0,0 +1,7 @@
+:PROPERTIES:
+:ID:       4df15f2f-d2e1-40f4-8acd-dbfb78fe304f
+:END:
+#+title: Deploy CoreAPI to Kubernetes
+
+- Merge the sub-projects into CAPI?
+- API Suspenders replacement?

cross_site_scripting_prevention_owasp_cheat_sheet_series.org

@@ -0,0 +1,8 @@
+:PROPERTIES:
+:ID:       b4438e41-42ed-422e-a1f1-0b763da70fe6
+:ROAM_REFS: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
+:END:
+#+title: Cross Site Scripting Prevention - OWASP Cheat Sheet Series
+
+Includes notes on performing [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on HTML output for the prevension
+of [[id:65fa9de5-afa9-406c-8576-d94380cc3bec][Cross Site Scripting]] attacks.

daily/2021-10-14.org

@@ -0,0 +1,20 @@
+:PROPERTIES:
+:ID:       4721a3f0-2f1b-446b-8fc4-dd3b7ca56a35
+:END:
+#+title: 2021-10-14
+
+* Catching up with Ryan M on tag processing
+- Ryan is looking into a variety of issues around tags on CC
+  - CC-2720 (Tag triggered campaign does not trigger for some subscribers)
+  - CC-6944 (Tag Applied Did Not Trigger Active Campaign)
+  - Ryan's personal dashboard [[https://grafana.aweber.io/d/kLkwIXv7z/rules-engine-insights?orgId=1][Rules Engine Insights]]
+    - Rules engine gets slow from time to time
+      - Rule search endpoint can take up to 10s
+      - There is definitely some subscriber contention, but it doesn't appear to
+        be particularly severe
+      - Slowdowns seem to be best related to rule service slowness
+  - Rule service will be updated to get more insight into what's happening
+    - Needs more metrics
+    - Move into k8s?
+- Currently, we still don't know what's going on. Ryan will be spending time in
+  the coming sprint to continue investigating the rule service.

daily/2021-10-19.org

@@ -0,0 +1,30 @@
+:PROPERTIES:
+:ID:       0a10f78a-1ac5-480c-ba18-ba4b02d99c14
+:END:
+#+title: 2021-10-19
+
+* [[id:0e5f578f-96a2-47d8-8dd9-d0d7f1e4fc35][CP Leads and Product Sync-Up]]
+- Finding a more cohesive strategy for FE work
+  - Different work between David G and David R
+  - Need a better understanding of dependencies between projects
+  - Can I get more involved with the planning around frontend projects? ([[file:~/Nextcloud/org/aweber.org::*Can I get more involved with the planning around frontend projects?][TODO]]
+)
+- Defining deadlines for BE service work
+  - Set team goals on when we want to have things done
+    - Define dates for [[id:c45881de-46f2-4f76-9579-063626c5956c][Analytics View Service]] and [[id:11edd6c9-b976-403b-a419-b5542ddedaae][Subscriber Search Service]] ([[file:~/Nextcloud/org/aweber.org::*Define dates for analytics view and search
+       service][TODO]])
+- Plan an order of attack on larger KTLO [[id:207560cc-7700-4d06-918d-cc01ae530146][Projects]] (goals for end of this year
+  and next year)
+  - [[id:e4d00c11-da8a-4c91-8f38-ce939846e5cb][CAPI]]
+    - [[id:619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2][Migrating services to use the new List service]]
+    - [[id:4df15f2f-d2e1-40f4-8acd-dbfb78fe304f][Deploy CoreAPI to Kubernetes]]
+      - API Suspenders replacement
+  - Remaining services in Chef
+  - Migrating notification bar
+    - Remove requirement of LDAP for notification creation?
+- Moving services out of AWS
+  - [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Bulk Tagging]]
+  - Tagging
+  - Recipient
+  - Mapping
+- List settings mockup into React

daily/2021-10-20.org

@@ -0,0 +1,9 @@
+:PROPERTIES:
+:ID:       29e51b04-ce89-4934-b17f-1f64bffc2069
+:END:
+#+title: 2021-10-20
+* [[id:0a1e48ec-e132-4ec4-81a1-124711330b5a][Manager one-on-one]]
+- Discuss better ways of:
+  - Capturing new projects
+  - Transforming old projects as priorities shift
+  - Keeping the project list and priorities at the forefront

don_t_try_to_sanitize_input_escape_output.org

@@ -0,0 +1,7 @@
+:PROPERTIES:
+:ID:       5ca2142d-35b2-4230-9268-7c693cb392a5
+:ROAM_REFS: https://benhoyt.com/writings/dont-sanitize-do-escape/
+:END:
+#+title: Don’t try to sanitize input. Escape output.
+Promotes the use of [[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] over [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on input data,
+advocating that data be sanitized on output only ([[id:05698e38-65b2-496c-b02b-1db376ae734c][Validation vs Sanitization]]).

input_filtering_by_chris_shiflett.org

@@ -0,0 +1,7 @@
+:PROPERTIES:
+:ID:       e1e28807-b3fe-4de8-b2e4-443ac604827c
+:ROAM_REFS: https://shiflett.org/articles/input-filtering
+:END:
+#+title: Input Filtering, by Chris Shiflett
+
+Chris defines what he means by "Input Filtering" ([[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]])

sanitize_your_inputs_kevin_smith.org

@@ -0,0 +1,9 @@
+:PROPERTIES:
+:ID:       1383ec6f-39bb-40c5-8316-6b77d1a25232
+:ROAM_REFS: https://kevinsmith.io/sanitize-your-inputs/
+:END:
+#+title: Sanitize Your Inputs? | Kevin Smith
+
+An article on the viability of using [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on input data versus
+[[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] ([[id:05698e38-65b2-496c-b02b-1db376ae734c][Validation vs Sanitization]]). References [[id:4a7f50e1-2f2b-4bf5-b684-151a48af0281][The Basics of Web
+Application Security]] and [[id:e1e28807-b3fe-4de8-b2e4-443ac604827c][Input Filtering, by Chris Shiflett]].

sql_injection_prevention_owasp_cheat_sheet_series.org

@@ -0,0 +1,8 @@
+:PROPERTIES:
+:ID:       2bcfcaa9-2d38-41c4-994d-98f38547b943
+:ROAM_REFS: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
+:END:
+#+title: SQL Injection Prevention - OWASP Cheat Sheet Series
+
+Includes notes on performing [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on SQL queries to prevent [[id:e4a20390-fecb-46ff-8949-4f456abdbb09][SQL
+Injection]] attacks.

the_basics_of_web_application_security.org

@@ -0,0 +1,8 @@
+:PROPERTIES:
+:ID:       4a7f50e1-2f2b-4bf5-b684-151a48af0281
+:ROAM_REFS: https://martinfowler.com/articles/web-security-basics.html
+:END:
+#+title: The Basics of Web Application Security
+
+Martin Fowler discusses what he considers to be the basics of web application
+security, including [[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] and [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]].