This commit is contained in:
Correl Roush 2021-10-19 17:02:47 -04:00
parent 9800d93a95
commit 38b362dbc8
20 changed files with 160 additions and 13 deletions

View file

@ -23,3 +23,4 @@ screen.
* Tracking things to do
- Capturing /and scheduling/ tasks
- Using the [[id:4d7dffe3-4af4-41d0-85a2-270a20593c8d][Org Mode]] agenda view to plan my day
- [[id:038c58e9-2fe9-495a-8dfb-bc3c1c538ad1][Managing projects]]

View file

@ -0,0 +1,5 @@
:PROPERTIES:
:ID: 65fa9de5-afa9-406c-8576-d94380cc3bec
:ROAM_ALIASES: XSS
:END:
#+title: Cross Site Scripting

View file

@ -0,0 +1,4 @@
:PROPERTIES:
:ID: e4a20390-fecb-46ff-8949-4f456abdbb09
:END:
#+title: SQL Injection

View file

@ -0,0 +1,8 @@
:PROPERTIES:
:ID: 038c58e9-2fe9-495a-8dfb-bc3c1c538ad1
:END:
#+title: How I manage my projects
I keep an [[id:0567a35c-3afb-4ed5-a9ec-47425c5d6f06][Org-roam]] file dedicated to my [[id:207560cc-7700-4d06-918d-cc01ae530146][Projects]]. Each project, once it's
fleshed out as more than just an idea, gets its own file that its heading links
to.

View file

@ -20,7 +20,7 @@
:LOGBOOK:
- State "TODO" from [2021-09-01 Wed 13:42]
:END:
** TODO [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Deploying Bulk Tagging to Kubernetes]]
** DONE [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Deploying Bulk Tagging to Kubernetes]]
:PROPERTIES:
:JIRA_ID: CCPANEL-11615
:END:
@ -41,26 +41,28 @@
:LOGBOOK:
- State "TODO" from [2021-09-01 Wed 13:42]
:END:
** TODO Recipient Service
** TODO Deploying Recipient Service to Kubernetes
:LOGBOOK:
- State "TODO" from [2021-10-13 Wed 16:26]
:END:
** TODO Tagging Service
** TODO Deploying Tagging Service to Kubernetes
:LOGBOOK:
- State "TODO" from [2021-10-13 Wed 16:26]
:END:
* Tracking live vs dead / removed code branches in Sites
* [[id:3cc8bd09-dd02-4950-8c89-a737f92809fd][Tracking progress of moving pages out of Sites]]
* [[id:11edd6c9-b976-403b-a419-b5542ddedaae][Subscriber Search Service]]
* [[id:c45881de-46f2-4f76-9579-063626c5956c][Analytics View Service]]
* Replace CAPI Services
** List API
*** TODO Set EOL date for awlists
* [[id:4df15f2f-d2e1-40f4-8acd-dbfb78fe304f][Deploy CoreAPI to Kubernetes]]
* Replacing CAPI Services
** [[id:619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2][Migrating services to use the new List service]]
*** DONE Set EOL date for awlists
- [2021-08-13 Fri 15:21] :: Discussed this. Also talked about separation of
concerns about account status vs list status. Also discussed how an
entitlements service might fit into our architecture and how we handle state
transitions and reverals (e.g. cancellations).
- [2021-08-17 Tue 16:44] :: Set a one-year time limit? Should the public list
endpoints be in the new service as well, deprecating public api lists?
- [2021-10-18 Mon] :: The expectation is set to be migrated to the new list service exclusively by the end of Q2 2022
** Subscribers API
* Frontend Client Upgrades
** Upgrade Dashboard to React

View file

@ -31,7 +31,7 @@
#+end_src
#+RESULTS:
[[file:controllers-migrated-in-sites.png]]
[[file:None]]
** Controllers in Sites
#+caption: Identifying the total number of public controllers in the CP
@ -51,7 +51,7 @@
#+end_src
#+RESULTS: js-controller-count
: 24
: 25
* Progress over time
@ -77,7 +77,7 @@
#+end_src
#+RESULTS:
[[file:controllers-migrated-in-sites-over-time.png]]
[[file:None]]
#+caption: Identifying the last tagged release each month
#+name: tags

View file

@ -5,7 +5,7 @@
* Sanitizing tag display
** TODO In the autocomplete of the tag input box
** DONE In the autocomplete of the tag input box
Fixes [[https://jira.aweber.io/browse/CCPANEL-11654][CCPANEL-11654]].
https://gitlab.aweber.io/BoFs/FE/libraries/tagbox/-/merge_requests/29
@ -17,5 +17,5 @@ https://gitlab.aweber.io/BoFs/FE/libraries/tagbox/-/merge_requests/29
** TODO [[id:cd4a8a83-be53-4ec9-8cca-b6f34b59ba35][Subscriber Proxy]]
** TODO [[id:321075e7-db53-4676-b785-7c77ed9d1150][Bulk Tagging]]
** TODO [[id:7e503917-646f-4275-aab9-3a125b99cbfd][Tagging]]
*** Remove outbound sanitization
*** Add inbound validation
*** TODO Add inbound validation
*** TODO Remove outbound sanitization

View file

@ -0,0 +1,6 @@
:PROPERTIES:
:ID: 0e5f578f-96a2-47d8-8dd9-d0d7f1e4fc35
:END:
#+title: CP Leads and Product Sync-Up
A weekly discussion on team priorities.

View file

@ -0,0 +1,4 @@
:PROPERTIES:
:ID: 0a1e48ec-e132-4ec4-81a1-124711330b5a
:END:
#+title: Manager one-on-one

View file

@ -0,0 +1,4 @@
:PROPERTIES:
:ID: 619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2
:END:
#+title: Migrating services to use the new List service

View file

@ -0,0 +1,7 @@
:PROPERTIES:
:ID: 4df15f2f-d2e1-40f4-8acd-dbfb78fe304f
:END:
#+title: Deploy CoreAPI to Kubernetes
- Merge the sub-projects into CAPI?
- API Suspenders replacement?

View file

@ -0,0 +1,8 @@
:PROPERTIES:
:ID: b4438e41-42ed-422e-a1f1-0b763da70fe6
:ROAM_REFS: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
:END:
#+title: Cross Site Scripting Prevention - OWASP Cheat Sheet Series
Includes notes on performing [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on HTML output for the prevension
of [[id:65fa9de5-afa9-406c-8576-d94380cc3bec][Cross Site Scripting]] attacks.

20
daily/2021-10-14.org Normal file
View file

@ -0,0 +1,20 @@
:PROPERTIES:
:ID: 4721a3f0-2f1b-446b-8fc4-dd3b7ca56a35
:END:
#+title: 2021-10-14
* Catching up with Ryan M on tag processing
- Ryan is looking into a variety of issues around tags on CC
- CC-2720 (Tag triggered campaign does not trigger for some subscribers)
- CC-6944 (Tag Applied Did Not Trigger Active Campaign)
- Ryan's personal dashboard [[https://grafana.aweber.io/d/kLkwIXv7z/rules-engine-insights?orgId=1][Rules Engine Insights]]
- Rules engine gets slow from time to time
- Rule search endpoint can take up to 10s
- There is definitely some subscriber contention, but it doesn't appear to
be particularly severe
- Slowdowns seem to be best related to rule service slowness
- Rule service will be updated to get more insight into what's happening
- Needs more metrics
- Move into k8s?
- Currently, we still don't know what's going on. Ryan will be spending time in
the coming sprint to continue investigating the rule service.

30
daily/2021-10-19.org Normal file
View file

@ -0,0 +1,30 @@
:PROPERTIES:
:ID: 0a10f78a-1ac5-480c-ba18-ba4b02d99c14
:END:
#+title: 2021-10-19
* [[id:0e5f578f-96a2-47d8-8dd9-d0d7f1e4fc35][CP Leads and Product Sync-Up]]
- Finding a more cohesive strategy for FE work
- Different work between David G and David R
- Need a better understanding of dependencies between projects
- Can I get more involved with the planning around frontend projects? ([[file:~/Nextcloud/org/aweber.org::*Can I get more involved with the planning around frontend projects?][TODO]]
)
- Defining deadlines for BE service work
- Set team goals on when we want to have things done
- Define dates for [[id:c45881de-46f2-4f76-9579-063626c5956c][Analytics View Service]] and [[id:11edd6c9-b976-403b-a419-b5542ddedaae][Subscriber Search Service]] ([[file:~/Nextcloud/org/aweber.org::*Define dates for analytics view and search
service][TODO]])
- Plan an order of attack on larger KTLO [[id:207560cc-7700-4d06-918d-cc01ae530146][Projects]] (goals for end of this year
and next year)
- [[id:e4d00c11-da8a-4c91-8f38-ce939846e5cb][CAPI]]
- [[id:619b6c78-7be9-4ee4-a0b7-9d1a4d7536e2][Migrating services to use the new List service]]
- [[id:4df15f2f-d2e1-40f4-8acd-dbfb78fe304f][Deploy CoreAPI to Kubernetes]]
- API Suspenders replacement
- Remaining services in Chef
- Migrating notification bar
- Remove requirement of LDAP for notification creation?
- Moving services out of AWS
- [[id:6413d680-ee2e-43e6-b7c7-10f14e0873c2][Bulk Tagging]]
- Tagging
- Recipient
- Mapping
- List settings mockup into React

9
daily/2021-10-20.org Normal file
View file

@ -0,0 +1,9 @@
:PROPERTIES:
:ID: 29e51b04-ce89-4934-b17f-1f64bffc2069
:END:
#+title: 2021-10-20
* [[id:0a1e48ec-e132-4ec4-81a1-124711330b5a][Manager one-on-one]]
- Discuss better ways of:
- Capturing new projects
- Transforming old projects as priorities shift
- Keeping the project list and priorities at the forefront

View file

@ -0,0 +1,7 @@
:PROPERTIES:
:ID: 5ca2142d-35b2-4230-9268-7c693cb392a5
:ROAM_REFS: https://benhoyt.com/writings/dont-sanitize-do-escape/
:END:
#+title: Dont try to sanitize input. Escape output.
Promotes the use of [[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] over [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on input data,
advocating that data be sanitized on output only ([[id:05698e38-65b2-496c-b02b-1db376ae734c][Validation vs Sanitization]]).

View file

@ -0,0 +1,7 @@
:PROPERTIES:
:ID: e1e28807-b3fe-4de8-b2e4-443ac604827c
:ROAM_REFS: https://shiflett.org/articles/input-filtering
:END:
#+title: Input Filtering, by Chris Shiflett
Chris defines what he means by "Input Filtering" ([[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]])

View file

@ -0,0 +1,9 @@
:PROPERTIES:
:ID: 1383ec6f-39bb-40c5-8316-6b77d1a25232
:ROAM_REFS: https://kevinsmith.io/sanitize-your-inputs/
:END:
#+title: Sanitize Your Inputs? | Kevin Smith
An article on the viability of using [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on input data versus
[[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] ([[id:05698e38-65b2-496c-b02b-1db376ae734c][Validation vs Sanitization]]). References [[id:4a7f50e1-2f2b-4bf5-b684-151a48af0281][The Basics of Web
Application Security]] and [[id:e1e28807-b3fe-4de8-b2e4-443ac604827c][Input Filtering, by Chris Shiflett]].

View file

@ -0,0 +1,8 @@
:PROPERTIES:
:ID: 2bcfcaa9-2d38-41c4-994d-98f38547b943
:ROAM_REFS: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
:END:
#+title: SQL Injection Prevention - OWASP Cheat Sheet Series
Includes notes on performing [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]] on SQL queries to prevent [[id:e4a20390-fecb-46ff-8949-4f456abdbb09][SQL
Injection]] attacks.

View file

@ -0,0 +1,8 @@
:PROPERTIES:
:ID: 4a7f50e1-2f2b-4bf5-b684-151a48af0281
:ROAM_REFS: https://martinfowler.com/articles/web-security-basics.html
:END:
#+title: The Basics of Web Application Security
Martin Fowler discusses what he considers to be the basics of web application
security, including [[id:9914d09e-99fe-46a6-95be-676c5b78ed90][Input validation]] and [[id:2ba04972-f498-41c2-970e-a64c7f3f1c3b][Data sanitization]].