Here is a fairly rough checklist of things you should think of when building an email/password authentication system for a fairly sensitive application. This assumes the basics like securely hashing passwords, proper session management, and transmitting data over SSL are already covered. For a more comprehensive list, see the OWASP Cheat Sheet on...
I have been moving a lot of Engage’s architecture to Kafka of late. Even though the monolithic side has been winning the microservice vs monolithic debate in recent times, I am still a big fan of serverless microservices—using PaaS (we use Google Cloud) to host microservices. To be fair, what we do is more of a serverless architecture than a...
A lot of content around data wrangling talks about dealing with structured data—data with a well defined schema. You can clearly define your database columns based on this schema to fit the incoming data. Most apps deal with this kind of data, so I understand. But for the other few, Engage for example, dealing with unstructured data is big work....
2022 was rough. The year started with lots of energy - a new baby, Engage growing, and then new realities started kicking in. I watched Engage’s runway drain as we struggled with reaching product market fit. We tried many ideas from the playbook - inbound sales, community, socials, and ads, but conversion growth was slow. The reasonable choice...
Features like avatars look trivial in products with user profiles, but most times, they are not. (Is anything actually trivial?). It’s even more interesting, as with Engage, when users can’t upload their profile pictures themselves. Where do we get one from? Gravatar! If you are familiar with this, this would be your answer as well. Gravatar is...
“Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock.” (source). Don’t think too much about how it works, you can check out the demo at passkeys.io. I just tested it myself and couldn’t help but comment on the ease. I...
If you give people any tool for engagement, expect it to be used for spam. This is worse for marketing tools. There are always bad actors looking to exploit this to send phishing emails and spam to people. For Engage, the earliest fail-safe we placed was to not provide email sending infrastructure ourselves but allow customers connect their...
The last time I wrote an end of the year review was 3 years ago. I got lazy, bored and disconnected. That feels like a long time ago and missing this year increasingly makes it difficult to connect the dots as the years go by. These writings are more of a personal journal to look back to and see how far I have come. Interestingly, I see a lot of...
Our current pricing is based on two things – MTU (Monthly Tracked Users) and the number of events. There are other fine details like the number of seats, number of customer segments, and number of automation, but it’s majorly those two things. MTU represents the number of unique customers you send a message to through broadcast or automation. If...
When designing Engage’s contact CSV upload, the top thing on my mind was flexibility. Users shouldn’t be forced to create their CSV files in a certain way. Upload your CSV file as it is, select the columns you need from it and map it to customer attributes. It was a good idea. But there were two things we missed that became an issue down the...