Radar 46

[chadwhitacre]

What are you working on this week and why?

last week

[clone1018]

Payday on Thursday!

[chadwhitacre]

Roadmap (what?)

Short Term

Embarrassments:

• can't edit teams (Team Basics)
• not using immutable ids (use id as primary key instead of username gratipay.com#835)
• widgets are broken (Radar 31 #389 (comment))
• escrow imprecision (Radar 31 #389 (comment))
• no payroll! bring back take-what-you-want gratipay.com#3433
• Team and ~user pages are the same Differentiate participants and projects gratipay.com#3852

Long Term

Color code:

• red—external forces that we're under
• yellow—administration
• green—product development
• orange—marketing
• blue—capitalization

[chadwhitacre]

@clone1018 :-)

[chadwhitacre]

Seems that we are getting more HackerOne traffic now that we offer bounties (#369).

[chadwhitacre]

Most of the reports are low-quality and feel like a waste of time. :-(

[chadwhitacre]

@hurlothrumbo has discovered the illustrator of the cover of The Internet (#462, #472).

"Security"

An article for Computer Publishing Group discussed the different ways to keep the data on computers secure.

[chadwhitacre]

Inbox 2, GitHub 2, L2 Support 1, Vendors, etc. 0.

Gosh, now we're getting low-quality security reports on [email protected], which we haven't seen since starting HackerOne (#255). Sup with that?

[chadwhitacre]

Spent some time on grtp.co this morning (gratipay/grtp.co#115, gratipay/grtp.co#116). First French lesson in 20 minutes. Things on my mind after that:

• Team Review 21, especially YAS - MALAWI project-review#156
• @brainwane's CoC feedback: community guidelines - 2 questions #499
• kicking off Uphold compliance for @rohitpaulk (Payin + Payout via Uphold gratipay.com#3870)
• checking on @mattbk's PR: Widgets work with both ~users and Teams grtp.co#112
• L2 Support 1
• Radar 44 #487 (comment)

[chadwhitacre]

Just handed out our first "Not Applicable" on HackerOne (-5 reputation). Not sure how else to discourage junk reports.

[chadwhitacre]

Aaaaaaand now we're looking at splitting Aspen out into a separate org: AspenWeb/pando.py#547. 👀

[chadwhitacre]

https://github.com/AspenWeb!

[mattbk]

L1 Support 0.

[chadwhitacre]

Inbox 2, GitHub 3, L2 Support 0, Vendors, etc. 0.

Security 16.

[chadwhitacre]

Hmmm ... merge commits are a little goofy coming from security (e.g.) since the PR numbers are off in the comment.

@rohitpaulk et al. Should we land security PRs via squash-and-rebase (as currently specified), or are we okay with merge commits? Merge commits are definitely easier under GitHub.

[chadwhitacre]

Merge commits are definitely easier under GitHub.

And they're what we use otherwise.

[chadwhitacre]

PR for merge commits for security: #505.

[chadwhitacre]

Security 14.

[chadwhitacre]

Inbox 3, GitHub 2, L2 Support 0, Vendors, etc. 0.

[chadwhitacre]

Security 18!

[clone1018]

@whit537 is this all just automated hackerone spam?

[chadwhitacre]

No, it's not automated spam. HackerOne doesn't seem to have a listing of our publicly disclosed tickets, but all the ones so far are linked at #506 (comment). This is kind of annoying but ultimately I think it's really healthy for us. Most of this stuff is like shaving and brushing your teeth, but we've seen a couple more serious issues so far, and staying on top of the little stuff is good practice to prevent bigger stuff from cropping up.

[chadwhitacre]

The email will be sent to the customer and will be logged as a ticket without triggering any notifications. Learn more.

Yesssssss! I've wanted this feature. !m @freshdesk

cc: @mattbk

[chadwhitacre]

Email (what?)