benvcutilli/rogger
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
Repository files navigation
THIS PROJECT'S REFERENCES ARE INCOMPLETE! I am currently busy with other things, so I haven't cited everything yet. Take what you see here with a grain of salt and don't fork this. I plan on redoing the site in the relatively near future; you can fork off that if you please. Rogger is a website built on HTML [87] (reference recommended by [88, top of page]), CSS [90], Javascript [91], Python [93], Django [94] (recommended by [95]), CodeMirror [96] (via [95]), jQuery [97] (recommended by [95]), and other technologies that hopefully are cited throughout this code base. Rogger is hosted on Linode [260] using Ubuntu [165]. Pip [168], through the Django[94]-recommended Virtualenv [169], does package management. Resources used to make this project can be found in this README (citations can be found in the code base as well, using the common [#, locator] notation to index each source found on this page; for any reference to the original version of Rogger, you can find information on how to find that under the "ACKNOWLEDGEMENTS" section), BUT NOT ALL CITATIONS ARE HERE! SOME ARE ALSO JUST SOMEWHERE ELSE IN THIS REPOSITORY! Some may also be on just the server of the website itself, and so you can't see the files, though I tried to be diligent about putting those citations here. I also may have missed a few by accident. The code for the old version of this site can be found at bitbucket.org/roggerlogger/rog under the "refactor" and "master" branches (both master and refactor have citations that may differ from each other, so look at both of them) Term(s) used in this file and their references: "PDF": https://www.iso.org/standard/63534.html Document management -- Portable document format -- Part 2: PDF 2.0 iso code - 32000-2:2017 published - 2017.7 via - https://en.wikipedia.org/wiki/PDF PDF - Wikipedia retrieved - 2020.3.25 published - 2020.3.25 section - right-side information box at top of page via - google.com; searched for "pdf" (the acronym for the standard outlined in the reference that encapsulates this reference) PRIVACY POLICY According to [62], [63], and [50], the GDPR [64] may be enforceable for this site. So, this privacy policy addresses the GDPR (it's possible that [50], [57], and/or [64] state that the existence of this privacy policy may be a requirement of GDPR; however, I think I really added this because around the time of the launch of GDPR (2018.5.25, I think, according to unknown references) so many other companies were announcing new versions of their privacy policy). Who has access to your data (each point addressed here is from [57, Responsibility and accountability][50])? Your data is almost completely kept on the web site's server and other Amazon Web services utilities [65], and no one has access to it other than those viewing the site (and depending on what you've set your privacy to). One exception is that, when you create an account, Google [52] provides the reCAPTCHA [53] that filters out the bots from the non-bots. I don't know exactly what it sends to Google. Requests to the server go through the Domain Name Service (which "History" of [56] says is defined by [54] and [55]), so that could be a source of information leakage. The server is hosted by Linode [260], but everything should be, in theory, pretty locked down with them. An administrator has full access to all data, but I consider myself a benevolent dictator. For GDPR [64]-specific regulation, almost everything is not held within the European Union. How can I fix a problem in my data, delete my account, or get my data in a downloaded form? (these subjects are from [57, Reponsibility and accountability], [57, Right of access], [57, Right to erasure], [58], [59], [60], [61]) Contact ben@rogger.co with any issues you have. Account deletion is provided through the "Settings" webpage on the site; click on "Data Management". Why are YOU allowed to touch my data? (from [57, Reponsibility and accountability], [57, Lawful basis for processing], [50]) So that the site can function. You store my data for HOW MUCH TIME? ([57, Reponsibility and accountability][50] provided some version of this question) Eternity, except for when you request account deletion, in which case at time of the actual deletion, all of your data should be removed (unless part of the deletion process fails or is not thorough enough by accident). What does the program do with my data? (question origin: [57, Responsibility and accountability][50]) Nothing crazy. The craziest it gets is just an algorithm to perform a search in the search bar you can see at the top of the page. SOME CITATIONS (using the number-in-square-brackets format commonly found; the positioning of locators in those square brackets (as well as the comma that separates the number from the locator) is also from some citation style as well): [1] http://stackoverflow.com/questions/4571686/django-include-template-from-another-app [2] http://www.w3schools.com/colors/colors_picker.asp for picking colors [3] Google Fonts (fonts.google.com, Google, Inc.), from which you will find various fonts that were used throughout this site, loaded from the server fonts.googleapis.com [4] Padding seems to add width to at least divs, so the solution to this problem was found here: http://stackoverflow.com/a/23692739/4722104 [5] For centering; this technique seems like common practice, and source is unknown [6] http://stackoverflow.com/a/3942399/4722104 for setting CSS to all elements of page [7] How to hide scroll bars: http://stackoverflow.com/a/23771140/4722104 [8] Bullet points as information separators idea taken from Google Play Music (where they are used to separate album stats like time) [9] <br>s used in this div for line breaks is an idea from http://stackoverflow.com/q/12694110/4722104 [10] Used the table display trick from here for vertical alignment of text: https://css-tricks.com/vertically-center-multi-lined-text/ [11] Profile picture overlapping banner in the center of the banner idea from some unknown source [12] Whitespace can cause gaps between divs. Reduced font size to 0px to solve this problem. Source is unknown. [13] Removing drop down arrow for selects: http://stackoverflow.com/questions/16603979/select-removing-dropdown-arrow [14] Using OneToOneField to mimic additional information added to built-in User model from Django documentation and unknown source (was used in previous project) [15] Passing csrfmiddlewaretoken into POST dictionary to fix the header thing not working is from and unknown source, but used in the previous iteration of Rogger [16] Used model reference from string found at this location http://stackoverflow.com/a/39712086 to resolve circular dependencies on imports [17] Differentiating between different button presses in form submission from http://stackoverflow.com/questions/1395807/proper-way-to-handle-multiple-forms-on-one-page-in-django [18] Help with putting string in raw format for javascript safety: http://stackoverflow.com/a/15392758 (used this answer and the comments on the answer for help) [19] Probably a commonly-used way to wrap a counter to mimic a ring buffer, but this code was at least sanity checked by, but possibly derived from, my knowledge that "Operating System Design: The Xinu Approach (Second Edition)" by Douglas Comer uses this technique [20] related_name naming scheme from https://docs.djangoproject.com/en/1.10/topics/db/queries/#following-relationships-backward (the FOO_set explanation part); also, I think I did this using-related_name-thing-to-resolve-migration-conflicts thing in the original Rogger project, suggested by a citation that I don't have on me right now, but this modification was recommended anyway by the django library when i tried to run the site, and I just followed those instructions, so citing the other resource may not be necessary [21] Using scrollIntoView() to scroll parent element to the element calling scrollIntoView() from unknown source. A span is used in the month that we want to scroll to as an element to target when telling the browser to scroll to it using scrollIntoView(...) (scrollIntoView defined by [106, 4.2.4]) [22] This conditional, for calculating if scrolling has reached the bottom, from multiple sources that are unknown [23] noMoreUpdates variable for keeping track of if we received notice that no more updates were available is from the previous version of Rogger (codebase at bitbucket.org/roggerlogger), can't remember if I got this technique from an outside source [24] <br/> usage to break lines in ReportLab from unknown source [25] The strategy of allowing both approved and unapproved followers see user data if the privacy setting is set to public but then showing all follows that have occurred but still need to be approved when the privacy setting is public or more secure is from the previous version of Rogger; I don't think there are any resources that I used to get that strategy, but I can't remember everything that I used, so to be safe I will say that there is a possibility an outside resource helped. The "approved" attribute in the Follow model keeps track of whether a follow is approved, and, again, is only looked at if the user-who-is-being-followed's profile is not on the public setting. [26] This technique of a hidden form to be triggered from a remote button from unknown source(s). [27] Not sure if I used this kind of variable in the last version of Rogger and if there is a citation for it. [28] Using a presigned URL to control access to files in buckets is an idea from an unknown source. [29] Using middleware to remember when the user was last active from unknown source. [30] I was told by some unknown source that using the .dataset property in javascript isn't backwards compatible, so there was an alternate method discussed, which I believe was .getAttribute(), which https://developer.mozilla.org/en-US/docs/Learn/HTML/Howto/Use_data_attributes suggested. [31] Having display names is inspired by Twitter (and probably inspired by others as well) [32] http://stackoverflow.com/questions/4571686/django-include-template-from-another-app [33] MIT License from https://opensource.org/licenses/MIT via https://en.wikipedia.org/wiki/MIT_License [34] These types are from and/or inspired by the original Rogger (see url for the original Rogger below in the "ACKNOWLEDGEMENTS" section), and they were inspired by merv.stanford.edu, so they were not my own creation [35] These types are definitely from the original Rogger (see url for the original Rogger below in the "ACKNOWLEDGEMENTS" section), and they were from merv.stanford.edu, so they were not my own creation. [36] To seek to the 0 position in a BytesIO before sending the file with boto3 from https://stackoverflow.com/questions/36274868/saving-an-image-to-bytes-and-uploading-to-boto3-returning-content-md5-mismatch [37] Properly setting up the form for picture upload from https://www.cs.tut.fi/~jkorpela/forms/file.html [38] Using a table, tr, and td (and whatever tags show up that the browser puts in itself automatically) is an idea derivative to the answer(s) found here: https://stackoverflow.com/questions/8468066/child-inside-parent-with-min-height-100-not-inheriting-height [39] Using height instead of min-height to specify a minimum height and learning that I have to use it on a <td> element is from https://stackoverflow.com/questions/19432092/can-i-use-a-min-height-for-table-tr-or-td [40] Suggestion to use CodeMirror as a syntax highlighter is from https://stackoverflow.com/questions/1619167/textarea-that-can-do-syntax-highlighting-on-the-fly [41] Confirming that escapejs is safe for use in Javascript strings that are within HTML files is from https://stackoverflow.com/questions/23331988/djangos-escapejs-filter-and-xss [42] I am not sure if this filter method to remove zeros from end of number is from someone else's idea. I feel like there is a chance it is, but I can't remember [43] merv.stanford.edu [44] This function name inspired by the name of Django's send_mail() function [45] Using the time.sleep() (or any time.sleep()-like function) function to rate-limit the emails being sent out is an idea from an unknown source. [46] The idea of creating this function is from the old Rogger, which also had a similar function [47] Chrome was complaining about how the CSRF cookie was not valid, so adding CSRF_COOKIE_SECURE and setting it to "True" to the settings file (which you can't see in this repository) is an idea from https://groups.google.com/d/topic/wagtail/opM27Qnj_NU/discussion and (an)other unknown resource(s). Adding SESSION_COOKIE_SECURE to the site's settings.py file is a suggestion from the Django documentation and probably from https://stackoverflow.com/questions/40616115/django-403-csrf-verification-failed as well. (https://docs.djangoproject.com/en/1.11/topics/security/) and was inspired by the aforementioned source as well. [48] Explanation of what I need to say to users to abide by the the EU Cookie law(s) is from https://www.cookielaw.org/the-cookie-law/ and http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm [49] https://stackoverflow.com/questions/41787263/different-value-of-csrf-token-in-response-header-and-browser-cookies-csrf-verif [50] The page at https://www.gdpreu.org/ ("GDPR EU.org - Web learning resources for the EU General Data Protection Regulation"; retrieved likely around May 2018) or subpages of that page, and/or https://en.wikipedia.org/wiki/General_Data_Protection_Regulation ("General Data Protection Regulation - Wikipedia"; also retrieved somewhere near May 2018) [51] Boto3 saying that it has the wrong "signature version", https://forums.aws.amazon.com/message.jspa?messageID=681392 (which said that I can use the "config" parameter with the value stated there), boto/botocore#377 - jamesls (the string in the Config object call also from here) [52] Google google.com [53] ReCAPTCHA https://www.google.com/recaptcha/ [54] https://tools.ietf.org/html/rfc1034 Domain Names - Concepts and Facilities author - P. Mockapetris retrieved - 2019.11.22 published - 1987.11 via - [56], History [55] https://tools.ietf.org/html/rfc1035 Domain Names - Implementation and Specification author - P. Mockapetris published - 1987.11 retrieved - 2019.11.22 via - [56], "History" [56] https://en.wikipedia.org/wiki/Domain_Name_System Domain Name System - Wikipedia published - 2019.9.30 retrieved - 2019.11.22 via - google.com search; searched for "DNS rfc", which is derived from the acronym for Domain Name System "DNS", and the acronym for Request for Comments, "RFC". DNS is from [54] and [55] according to "History" of [56]; [66] is the reference for RFCs. [57] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation [58] https://www.gdpreu.org/ [59] https://www.gdpreu.org/the-regulation/list-of-data-rights/right-to-rectification/ [60] https://www.gdpreu.org/the-regulation/list-of-data-rights/right-to-erasure/ [61] https://www.gdpreu.org/the-regulation/list-of-data-rights/right-to-data-portability/ [62] https://www.gdpreu.org/the-regulation/who-must-comply/ [63] https://www.gdpreu.org/faq/ [64] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN Official Journal of the European Union author - European Union published - 2016.5.4 via - could be from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504&qid=1567786393726&from=EN but is also definitely from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504&from=EN; [65] Amazon Web Services aws.amazon.com author - Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) [66] https://ietf.org/standards/rfcs/ IETF | RFCs author - Internet Engineering Task Force retrieved - 2019.12.13 via - searching for "rfc" using google.com, the acronym for Request for Comments, a concept from [66] [67] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html Amazon Elastic Block Store (Amazon EBS) - Amazon Elastic Compute Cloud author - Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) [68] https://docs.aws.amazon.com/s3/index.html?nc2=h_ql_doc_s3-b Amazon Simple Storage Service Documentation author - Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) [69] If you've been directed to this citation point, it means that the feature cited helps to create this environment similar to iPhone OS (by Apple, Inc.) Table Views, where data that belongs above or below the data currently in-view is loaded at the time it is needed instead of ahead-of-time. In this case, the calendar can scroll up and down, but since time is virtually infinite in both the past and future directions, we can't load the calendar of all time at page load, so instead when the user scrolls up or down enough along the months in the calendar, the site will load in new calendar data as it is needed. [70] merv.stanford.edu Merv's RUNNING author - Mark Crimmins comment - Website title from page title of [101] [71] Many different apps use this strategy of confirming the password to prevent, I think, someone from changing important settings of another user who somehow has inadvertently given access to their account to the malicious actor. [72] https://stackoverflow.com/questions/19037664/how-do-i-have-an-s3-bucket-return-404-instead-of-403-for-a-key-that-does-not-e amazon s3 - How do I have an s3 bucket return 404 (instead of 403) for a key that does not exist in the bucket/ - Stack Overflow author - users Tim Gautier and feroze retrieved - 2020.3.27 published - 2013.9.26 via - search for "s3 404 instead of 403" on google.com ("s3" refers to [77], while "404" and "403" refer to [76, 10.4.5] and [76, 10.4.4], respectively) [73] https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html Authenticating Requests: Using Query Parameters (AWS Signature Version 4) - Amazon Simple Storage Service author - Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) retrieved - 2020.3.27 [74] https://tools.ietf.org/html/rfc1738 Uniform Resource Locators author - T. Berners-Lee, L. Masinter, M. McCahill; using the author order from the reference published - 1994.12 retrieved - 2019.11.29 via - [75, History] [75] https://en.wikipedia.org/wiki/URL URL - Wikipedia published - 2019.10.16 retrieved - 2019.11.30 via - search for "URL" on google.com ("URL" is the acronym for the thing defined by [74]) [76] https://www.ietf.org/rfc/rfc2616.txt Hypertext Transfer Protocol -- HTTP/1.1 authors - R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Manister, P. Leach, T. Berners-Lee; using the author order from the reference published - 1999.6 retrieved - before 2020.3.27 or 28 as well as on one of those two dates; 2020.4.21; 2020.8.10 rfc # - 2616 via - some forgotten resource recommended https://www.w3.org/Protocols/rfc2616/rfc2616.html, which recommended this reference [77] https://aws.amazon.com/s3/ Cloud Object Storage | Store & Retrieve Data Anywhere | Amazon Simple Storage Service (S3) author - Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) [78] https://www.mozilla.org/en-US/firefox/new/ Firefox author - Mozilla version - 68.0.1 on macOS [79] https://docs.djangoproject.com/en/1.11/ref/django-admin/ django-admin and manage.py | Django documentation | Django author - Django Software Foundation retrieved - 2020.3.28 [80] python.org Python 3.5.2 author - Python Software Foundation [81] https://docs.djangoproject.com/en/1.11/topics/auth/default/ Using the Django authentication system | Django documentation | Django author - Django Software Foundation retrieved - 2020.3.28 [82] https://docs.djangoproject.com/en/1.11/topics/db/models/ Models | Django documentation | Django author - Django Software Foundation retrieved - 2020.3.28 [83] https://www.w3.org/TR/REC-xml/ Extensible Markup Language (XML) 1.0 (Fifth Edition) author - W3C published - 2008.11.26 retrieved - 2020.3.28 via - [84, "Extensible Markup Language (XML)" right-side box] [84] https://en.wikipedia.org/wiki/XML XML - Wikipedia published - 2020.3.11 retrieved - 2020.3.28 via - search for "xml" on google.com ("xml" comes from XML, defined in [83] according to [84, "Extensible Markup Language (XML)" right-side box]) [85] https://docs.djangoproject.com/en/1.11/ref/settings/ Settings | Django Documentation | Django author - Django Software Foundation retrieved - 2020.3.28 [86] https://docs.djangoproject.com/en/1.11/topics/settings/ Django settings | Django documentation | Django author - Django Software Foundation retrieved - 2020.3.28 [87] https://html.spec.whatwg.org/ HTML Standard author - WHATWG via - [88, top of page] [88] https://www.w3.org/html/ W3C HTML author - W3C via - W3C [89]'s website was found by searching for "w3c" on google.com. I navigated that site to find this page. [89] https://www.w3.org/ author - W3C retrieved - 2020.3.29 via - search for "w3c" on google.com ("w3c" refers to W3C, reference [89]) [90] https://www.w3.org/TR/css-2018/ CSS Snapshot 2018 author - W3C Working Group published - 2019.1.22 retrieved - 2020.3.29 [91] https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf ECMAScript 2019 Language Specfication (ECMA-262) author - ECMA International published - 2019.6 edition - 10 retrieved - 2020.3.29 via - Forgotten reference. The "ECMA-262" standard number was confirmed by a google.com [92] search for "ecmascript", which refers to this reference, and I learned this term from some unknown reference. [92] google.com Google author - Google, Inc. [93] python.org Python (programming language) author - The Python Software Foundation [94] djangoproject.com Django (web framework) author - Django Software Foundation via - I forget where [95] Catch-all for references I can't recall [96] https://codemirror.net/ CodeMirror via - search for "codemirror" on google.com ("codemirror" refers to [96]) [97] https://jquery.com/ jQuery author - The jQuery Foundation via - search for "jquery" on google.com ("jquery" refers to the name of this software) [98] https://docs.djangoproject.com/en/1.10/intro/tutorial01/ Writing your first Django app, part 1 | Django documentation | Django author - Django Software Foundation retrieved - most likely around Fall of 2016 [99] https://www.opengroup.org/membership/forums/platform/unix Unix authors - The Open Group via - [100, info box on right] [100] https://en.wikipedia.org/wiki/Unix Unix - Wikipedia published - 2020.3.17 retrieved - 2020.4.3 via - search for "unix" on google.com ("unix" is the name of [99]) [101] https://web.archive.org/web/20170328042657/http://merv.stanford.edu/ Merv's RUNNING author - Internet Archive Wayback Machine [102] It may have been suggested that I include a feature, when creating a week's PDF (see "GENERAL CITATIONS" below) to allow the user to put custom name on the PDF. I don't remember who, if anyone, suggested this. [103] https://docs.python.org/3/library/datetime.html datetime -- Basic date and time types -- Python 3.8.2 documentation author - The Python Software Foundation [104] I have seen many calendars that include, within the days listed in a month, days that are not actually in the month so that there are no empty spaces leading up to the first day of the month or trailing the last day of the month. This cited area takes care of that functionality. [105] Searching for users may have been a suggestion from someone. Or it may have been inspired by some service doing such a thing. I don't know. The method of comparing the histogram of bigram occurrences between two phrases to determine how close they are (using the sum-squared difference between respective bigram's counts) may have been at least inspired by some sort of reference, but I can't remember what it was if that was the case. [106] https://dom.spec.whatwg.org/ DOM Standard author - WHATWG retrieved - 2020.4.9 published - 2020.4.6 [107] Showing, on their user profile, the total mileage that someone has logged may have been a recommendation from someone [108] twitter.com Twitter author - Twitter, Inc. [109] https://docs.djangoproject.com/en/3.0/topics/templates/ Templates | Django documentation | Django author - Django Software Foundation [110] I think someone may have asked for the feature where the website generated a PDF from the workouts for a given week, or at least they asked for the ability to print the entries from that week. If no one actually requested that and I came up with it by myself, then the week timespan is based on the fact that Tom Donnelly, the coach of the Haverford College (in Haverford, PA, USA) would ask his athletes for their weekly running logs, at least when he was coaching the cross country and indoor/outdoor track teams from Fall 2008 to Spring 2012. [111] Forgotten/unknown reference. This is not a single reference, as anything that uses an unknown or forgotten reference is directed here. [112] https://docs.djangoproject.com/en/1.11/topics/http/sessions/ How to use sessions | Django documentation | Django author - Django Software Foundation [113] This was a bug found by Ben which was triggered by a (currently kept anonymous) user. [114] https://gist.github.com/dhh/360f4dc7ddbce786f8e82b97cdad9d20 Current list of spy pixels named'n'shamed in HEY, as of April 23rd, 2020 • GitHub author - user "dhh" (user info is from https://gist.github.com/dhh/360f4dc7ddbce786f8e82b97cdad9d20/revisions) published - 14:22 (EDT) on 2020.4.23 (date confirmed by https://gist.github.com/dhh/360f4dc7ddbce786f8e82b97cdad9d20/revisions) via - https://twitter.com/dhh/status/1253389224516005889?s=21 [115] https://arstechnica.com/information-technology/2020/05/thunderspy-what-is-is-why-its-not-scary-and-what-to-do-about-it/ Thunderspy - What it is, why it's not scary, and what to do about it | Ars Technica author - Dan Goodin retrieved - around the date that this article was published, 2020.5.12 published - 2020.5.12 [116] https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf Breaking Thunderbolt Protocol Security: Vulnerability Report author - Björn Ruytenberg published - 2020 via - [115, Accessing Memory Lane] comment - the fields to include from this reference (and the information contained in those fields) is from https://thunderspy.io/ in the section "Who discovered Thunderspy?" [117] https://docs.djangoproject.com/en/1.11/ Django documentation | Django documentation | Django author - Django Software Foundation retrieved - early 2020 [118] https://twitter.com/jacobian/status/1235305179332964352?s=20 author - user "jacobian" published - 2020.3.4 [119] https://twitter.com/djangoproject/status/1145603374169108480?s=20 author - user "djangoproject" published - 2019.7.1 [120] https://twitter.com/djangoproject/status/1094938257756962816?s=20 author - user "djangoproject" published - 2019.2.11 [121] https://daringfireball.net/linked/2020/05/20/hide-ui-grayshift Daring Fireball: 'Hide UI' -- New Grayshift Feature Plants Hidden Passcode Monitoring Software on iPhones author - John Gruber published - 2020.5.20 retrieved - around 2020.5.20 [122] https://www.apple.com/iphone/ iPhone author - Apple, Inc. [123] https://apps.apple.com/us/app/microsoft-outlook/id951937596 Microsoft Outlook author - Microsoft Corporation via - search for "outlook ios" on google.com (this reference is the reference for the word "outlook", while [124] is "ios"'s reference) [124] https://www.apple.com/ios/ iOS author - Apple, Inc. [125] https://www.name.com/email Professional Email Accounts for Your Business | Name.com author - Name.com [126] No central standard according to introduction of https://en.wikipedia.org/wiki/Email Email - Wikipedia published - 8:53 UTC, 2020.6.15 (previous accesses to this site have different publication dates and times) retrieved - 2020.6.17 via - searching for "email" on google.com ("email": [126]) as well as (possibly) a reference/references I've lost track of [127] https://opensource.org/licenses/BSD-3-Clause The 3-Clause BSD License | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - a search (google.com) for "software licenses" recommended another google.com search for "BSD licenses", and that search led to this reference [128] https://opensource.org/licenses/Python-2.0 Python License (Python-2.0) | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [129] https://opensource.org/licenses/Apache-2.0 Apache License, Version 2.0 | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [130] https://opensource.org/licenses/OSL-3.0 The Open Software License 3.0 (OSL-3.0) | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [131] https://opensource.org/licenses/alphabetical Licenses by Name | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - a search (google.com) for "software licenses" recommended another google.com search for "BSD licenses", and that search led to this reference [132] https://opensource.org/licenses/unlicense The Unlicense | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [133] https://opensource.org/licenses/Intel The Intel Open Source License (Intel) | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [134] https://opensource.org/licenses/Apache-1.1 Apache Software License, version 1.1 (Apache-1.1) | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.18 via - [131, license links section] [135] https://opensource.org/BSD-3-Clause-LBNL Lawrence Berkeley National Labs BSD Variant License (BSD-3-Clause-LBNL) | Open Source Initiative author - Open Source Initiative retrieved - 2020.6.21 via - [131, license links section] [136] [137] [138] [139] [140] [141] Git Linus Torvalds git-scm.com [142] GitHub github.com GitHub, Inc. [143] https://github.com/benvcutilli/rogger/branches and/or https://github.com/benvcutilli/rogger/branches/all Branches • benvcutilli/rogger author - GitHub, Inc. retrieved - 2020.7.5 or 6 [144] https://twitter.com/mislav/status/1270388510684598272 author - @mislav retrieved - 2020.6.9 published - 2020.6.9 (12:13 pm Eastern) via - unknown (probably suggested by Twitter through trending) [145] https://twitter.com/raganwald/status/1270434947933728768 author - @raganwald retrieved - 2020.6.10 published - 2020.6.9 (3:17 pm Eastern) via - unknown (probably suggested by Twitter through trending) [146] https://twitter.com/raganwald/status/1270435748316151808 author - @raganwald retrieved - 2020.6.10 published - 2020.6.9 (3:21 pm Eastern) via - unknown (probably suggested by Twitter through trending) [147] https://arstechnica.com/tech-policy/2020/06/openzfs-removed-master-slave-terminology-from-its-codebase/ OpenZFS removed offensive terminology from its code | Ars Technica author - Jim Salter published - 2020.6.11 (9:18 pm Eastern) retrieved - 2020.6.13 [148] https://twitter.com/eviltrout/status/1272633530368118784 author - @eviltrout retrieved - 2020.6.15 published - 2020.6.15 via - "Software Development" in the search pane on the iOS app [149] https://twitter.com/mitsuhiko/status/1272911085834813440 author - @mitsuhiko retrieved - 2020.6.16 published - 2020.6.16 (11:17 am Eastern) via - "Software Development" in the search pane on the iOS app [150] http://nginx.org/ NGINX author - Igor Sysoev, anyone else via - unknown [151] https://github.com/leev/ngx_http_geoip2_module GitHub - leev/ngx_http_geoip2_module: Nginx GeoIP2 module author - user "leev" via - https://serverfault.com/questions/865990/nginx-and-geolite2-not-working [152] https://docs.djangoproject.com/en/1.11/ref/settings/ Settings | Django documentation | Django author - Django Software Foundation [153] https://docs.djangoproject.com/en/1.11/ref/request-response/ Request and response objects | Django documentation | Django author - Django Software Foundation [154] https://www.openssh.com/ OpenSSH author - OpenBSD Project via - search for "openssh" on google.com (the choice of search term should be self-explanatory) [155] "man ssh-keygen" command ("man" refers to [156]) SSH-KEYGEN(1) [156] command named "man" version - 1.6c authors - Federico Lucifredi, John W. Eaton, Andries Brouwer, Zeyd M. Ben-Halim (authors from "man man" command) [157] https://www.ssh.com/ssh/config/ SSH config file for OpenSSH client author - SSH.com retrieval - either 2020.8.9 or 2020.8.10 via - search for "ssh certificatefile" on google.com [158] "man ssh" command ("man" refers to [156]) SSH(1) [159] "man 5 ssh_config" command ("man" refers to [156]) SSH_CONFIG(5) [160] https://scottbarnham.com/blog/2008/12/04/get-user-from-session-key-in-django/index.html Get User from session key in Django Scott Barnham 2008.12.4 date of publication via Googling (most likely) [161] https://docs.djangoproject.com/en/1.11/topics/http/sessions/ How to use sessions | Django documentation | Django Django Software Foundation Retrieved Eastern Standard Time on 2020.9.15 [162] latimes.com The LA Times [163] "man ssh-keygen" command ("man" refers to [156]) SSH-KEYGEN(1) [164] https://us-west-1.console.aws.amazon.com/ec2/v2/home?region=us-west-1#Volumes Volumes | EC2 Management Console Amazon Web Services, Inc. (or it could additionally/instead be their affiliates) Retrieval of 2020.9.25 [165] Ubuntu Canoncial ubuntu.com [166] Linux kernel.org Linus Torvalds (and any other contributors) [167] https://docs.djangoproject.com/en/3.1/ref/urls/ django.urls functions for use in URLConfs | Django documentation | Django Django Software Foundation Retrieval of 2020.11.17 [168] Pip https://pip.pypa.io/en/stable/ PyPa Page found by googling "pip" [169] Virtualenv https://virtualenv.pypa.io/en/latest/ Package recommended by djangoproject.com, google.com search for "virtualenv" for finding the page [170] Certbot - Ubuntufocal other https://certbot.eff.org/lets-encrypt/ubuntufocal-other Electronic Frontier Foundation Retrieval of 2020.12.3 [171] Installing snapd | Snapcraft documentation https://snapcraft.io/docs/installing-snapd Canonical Ltd. Most likely retrieved around 2020.12.4 Via [170, "2. Install snapd"] [172] Ubuntu 20.04.1 LTS (Focal Fossa) https://releases.ubuntu.com/20.04/ Canonical Ltd. Approximately 2020.12.4 date of retrieval Via [171, "Distributions with snap pre-installed"] [173] Email from noreply@zohoaccounts.com 2020.9.10 arrival [174] Zoho Mail https://www.zoho.com/mail/ Zoho Corporation [175] Settings - Zoho Mail (ben@rogger.co) https://mail.zoho.com/zm/#settings/all/importexport Zoho Corporation Retrieval of 2020.12.7 [176] Installation — NGINX Unit https://unit.nginx.org/installation/ NGINX, Inc. Retrieval of 2020.11 or 2020.12, 2021.2.12 EST [177] Configuration — NGINX Unit https://unit.nginx.org/configuration/ NGINX, Inc. Retrieval of late 2020 EST; earlier may have been possible as well; 2021.2 EST; 2021.3.24 EDT [178] User Guide — Certbot 1.11.0.dev0 documentation https://certbot.eff.org/docs/using.html Electronic Frontier Foundation Retrieval of probably 2020.12.6 EST [179] Domain Names - Register Domains & more with Name.com Donuts Inc. https://www.name.com [180] Domain name search results - Hover Hover https://www.hover.com/domains [181] Buy domain name - Cheap domain names from $1.37 - Namecheap Namecheap, Inc. https://www.namecheap.com [182] FrequentlyAskedQuestions · Wiki · cryptsetup / cryptsetup · GitLab The GitLab "group" cryptsetup https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions Fetched late in 2020 EST [183] Ubuntu package named "python3-virtualenv" Ubuntu MOTU Developers, Debian Python Modules Team, Carl Chenet, Stefano Rivera, Barry Warsaw, Scott Kitterman (order of everyone except "Ubuntu MOTU Developers" taken from https://packages.ubuntu.com/focal/python3-virtualenv) https://packages.ubuntu.com/focal/python3-virtualenv [184] Ubuntu package named "git" Ubuntu Developers, Jonathan Nieder, Anders Kaseorg (last two authors are in order of appearance on page) https://packages.ubuntu.com/focal/git Looked up "git" on https://packages.ubuntu.com [185] Loop device - Wikipedia https://en.wikipedia.org/wiki/Loop_device Retrieval of around the new year of 2020/2021 Found with Google [186] Ubuntu ubuntu.com Canonical [187] Linode linode.com [188] Unit https://unit.nginx.org/ NGINX, Inc. [189] Certbot certbot.eff.org Electronic Frontier Foundation [190] Snap Snapcraft - Snaps are universal Linux packages Canonical Ltd. [191] ReportLab https://www.reportlab.com/opensource/ ReportLab, Inc. [192] https://bitbucket.org/rptlab/reportlab [193] Configuration — NGINX Unit NGINX, Inc. https://unit.nginx.org/configuration/ Retrieval of 2020.11.15-ish [194] https://docs.djangoproject.com/en/3.1/ref/settings/ Settings | Django documentation | Django Django Software Foundation [195] Boto 3 Amazon Web Services https://boto3.amazonaws.com/v1/documentation/api/latest/index.html [196] Botocore https://botocore.amazonaws.com/v1/documentation/api/latest/index.html [197] Request and response objects | Django documentation | Django Django Software Foundation https://docs.djangoproject.com/en/3.1/ref/request-response/ Retrieval of February or March of 2021, don't remember which [198] time — Time access and conversions — Python 3.9.2 documentation Python Software Foundation https://docs.python.org/3/library/time.html [199] datetime — Basic date and time types — Python 3.9.2 documentation Python Software Foundation https://docs.python.org/3/library/datetime.html Retrieval of around 2021.3.12 EST [200] Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content Internet Engineering Task Force https://tools.ietf.org/html/rfc7231 Retrieval of 2021.3.8 EST Version date: 2014.6 Via header bar at https://www.w3.org/Protocols/rfc2616/rfc2616.html [201] Hypertext Transfer Protocol -- HTTP/1.1 R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee (took order from page) https://www.ietf.org/rfc/rfc2616.txt Retrieval of 2021, probably the beginning of March Version date: 1999.6 [202] Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests Internet Engineering Task Force https://www.rfc-editor.org/rfc/rfc7232.html Retrieval of early March (roughly) 2021 Version date: 2014.6 Via top of https://www.w3.org/Protocols/rfc2616/rfc2616.html [203] Requirements for Internet Hosts -- Applications and Support Internet Engineering Task Force https://www.rfc-editor.org/rfc/rfc1123.html Version date: 1989.10 Via [201, 3.3.1] [204] macOS Apple, Inc. https://www.apple.com/macos/ [205] pathlib Python Software Foundation https://docs.python.org/3/library/pathlib.html [206] Hypertext Transfer Protocol (HTTP/1.1): Caching Internet Engineering Task Force https://www.rfc-editor.org/rfc/rfc7234#section-5.2 Version date: 2014.6 [207] How to make Safari send if-modified-since header? - Stack Overflow User vadim and others https://stackoverflow.com/questions/5616015/how-to-make-safari-send-if-modified-since-header Retrieval of 2021.3.17 EDT Version date: 2011.4.11 - 2017.8.17 Via a Google search for "safari not sending if-modified-since" [208] Name.com Recommendations https://www.name.com/account/recommendations Name.com Retrieval of 2021.3.20 EDT [209] python - NGINX Unit + Flask = not found among the available application modules - Stack Overflow https://stackoverflow.com/questions/61512505/nginx-unit-flask-not-found-among-the-available-application-modules Users "i4k", "mrvol", "user13384117" Retrieval of 2021.3.23 EDT Created and answered/commented on on 2020.4.29 EDT Via Google (see more via information in point A of ubuntusetup/script) [210] Django — NGINX Unit http://unit.nginx.org/howto/django/ NGINX, Inc. Retrieval of 2021.3.24 EDT Via [177, "Python"] [211] Django : attempt to write a readonly database · Issue #163 · nginx/unit nginx/unit#163 Users "ghostinushanka", "mfoacs" Retrieval of 2021.3.26 EDT Posted on 2018.9.4 EDT and 2021.1.15 EST [212] Lost reference [213] logging - How to disable Django's invalid HTTP_HOST error? - Stack Overflow https://stackoverflow.com/questions/18220519/how-to-disable-djangos-invalid-http-host-error Mark Levin, Nathan Osman Retrieval of sometime after approximately the start of 2015 Almost certainly googled to find this [214] AWS Developer Forums: Access denied for S3 Bucket ... User "aduty" https://forums.aws.amazon.com/thread.jspa?messageID=773968 Retrieval of 2021.3.3 EDT Via Google searching for "An error occurred (AccessDenied) when calling the GetObject operation: Access Denied" (the error message that was displayed for this relevant problem) [215] Amazon S3 REST API Introduction - Amazon Simple Storage Service Written by either Amazon Web Services or those who work with them https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html Retrieval of 2021.3.3 EDT [216] Amazon Web Services Command Line Interface Amazon Web Services https://aws.amazon.com/cli/ [217] "awscli" package Amazon Web Services https://pypi.org/project/awscli/ Retrieval of 2021.3.3 EDT Probably version 1.19.44 [218] AWS Key Management Service concepts - AWS Key Management Service Written by either Amazon Web Services or those who work with them https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html [219] Overview of AWS identity management: Users - AWS Identity and Access Management Written by either Amazon Web Services or those who work with them https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html [220] User Guide — Certbot 1.11.0.dev0 documentation Electronic Frontier Foundation https://certbot.eff.org/docs/using.html Retrieval of 2021.4.5 EDT [221] DiG Internet Systems Consortium, Inc. 9.10.6 (version) Provided with [204] Found this program by doing a Google search for "dns manpage", which turned up https://linux.die.net/man/1/dig [222] Domain Names | Buy Domains & Email At Hover.com Hover hover.com Via an ATP (atp.fm) podcast episode(s); at least that's the most likely source [223] Domain Names - Implementation and Specification P. Mockapetris Version date: 1987.11 https://tools.ietf.org/html/rfc1035 Via "RFC documents" of https://en.wikipedia.org/wiki/Domain_Name_System [224] Accidental Tech Podcast Marco Arment, Casey Liss, John Siracusa atp.fm Some episode during 2020/2021, approximately [225] By email on 2021.4.4 EDT [226] postfix Wietse Venema, Ubuntu Developers, LaMont Jones, Scott Kitterman (last two in order that they are in on the page) https://packages.ubuntu.com/focal/postfix [227] Gmail Google, Inc. mail.google.com [228] Prevent mail to Gmail users from being blocked or sent to spam - Gmail Help Google, Inc. https://support.google.com/mail/answer/81126?p=IPv6AuthError Retrieval of 2021.4.14 EDT Via [232] [230] Internet Protocol, Version 6 (IPv6) Specification S. Deering, R. Hinden (in that order according to top of page -- assuming that page's order means anything, of course) https://tools.ietf.org/html/rfc8200 Version date: 2017.7 Via a Google search for "ipv6 rfc" [231] Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 S. Kitterman https://tools.ietf.org/html/rfc7208 Version date: 2014.4 Via "Sender Policy Framework" Google search [232] Error email sent by gmail-smtp-in.l.google.com on 2021.4.14 EDT Google, Inc. [233] Ensure mail delivery & prevent spoofing (SPF) - Google Workspace Admin Help Google, Inc. Retrieval of 2021.4.14 EDT Via [228] [234] This reference: Name.com - Domain Name Registration Name.com https://www.name.com/account/domain/details/<domain name here>#dns Retrieval of 2021.4 EDT and before or prior versions of it [235] Manage Domains - Hover Hover https://www.hover.com/control_panel/domain/<domain name here>/dns Retrieval of 2021.4 EDT [236] OpenDKIM David Bürgin, Ubuntu MOTU Developers https://packages.ubuntu.com/focal/mail/opendkim [237] Configuration — NGINX Unit NGINX, Inc. https://unit.nginx.org/configuration/ 2021.2.1 EST navigation date [238] When doing very consequential things, services often ask the user to type something just to make sure they aren't mindlessly performing the action (for example, this is what happens when deleting a Linode bucket (linode.com)). Our method is different because it re-samples the key, even if the page is refreshed. [239] https://docs.python.org/3/library/random.html random — Generate pseudo-random numbers — Python 3.10.5 documentation Python Software Foundation [240] https://docs.djangoproject.com/en/4.0/ref/contrib/auth/ django.contrib.auth | Django documentation | Django The Django Project [241] https://docs.python.org/3/library/os.html os — Miscellaneous operating system interfaces — Python 3.10.5 documentation Python Software Foundation [242] https://docs.djangoproject.com/en/4.0/ref/django-admin/ django-admin and manage.py | Django documentation | Django The Django Project [243] https://docs.python.org/3/library/pathlib.html pathlib — Object-oriented filesystem paths — Python 3.10.5 documentation Python Software Foundation [244] Requiring the ability of the user to delete their data (with this level of ease) is one of[247] the rules of GDPR[246]. The user will (and should according to GDPR[246], this fact according to [248]) also be able to fetch their data with this function. [245] https://docs.djangoproject.com/en/3.2/_modules/django/core/mail/ django.core.mail | Django documentation | Django The Django Software Foundation [246] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) European Parliament [247] https://www.gdpreu.org/the-regulation/list-of-data-rights/right-to-erasure/ Fetched near 2018.5 [248] https://www.gdpreu.org/the-regulation/list-of-data-rights/right-to-data-portability/ This site was seen sometime around May of 2018 [249] https://github.com/django/django/blob/main/django/contrib/auth/decorators.py decorators.py Django Software Foundation [250] https://github.com/django/django/blob/0dd29209091280ccf34e07c9468746c396b7778e/docs/releases/2.0.txt 2.0.txt Various authors Found this in late July/early August of 2022 [251] https://sqlite.org/download.html Hwaci Version 3.39.2 [252] https://stackoverflow.com/questions/2716702/no-such-file-or-directory-error-when-executing-a-binary linux - "No such file or directory" error when executing a binary - Stack Overflow "Lorin Hochstein" Retrieved 2022.8.9 Last updated 2010.4.26 Via Google [253] https://packages.ubuntu.com/focal/libc6-i386 libc-i386 Ubuntu Developers [254] https://docs.djangoproject.com/en/4.1/ref/request-response/ Django Software Foundation [255] Making it possible to just delete a picture in case it is not enough for GDPR [64][60] to delete the picture by deleting the whole account [256] I think I have to be able to give the option to users to choose which emails they get. Not sure where I heard this from or what law it pertains to. Further, I need to do this for AWS[65] as well, but not sure I remember where I heard that from; it could have been stated in an email. [257] https://stackoverflow.com/questions/29760817/how-can-i-resolve-django-content-type-already-exists python - How can I resolve 'django_content_type already exists'? - Stack Overflow April 21, 2015 (fetched May 27, 2023) Dan O'Boyle and others Found by Googling around [258] tutanota.com/business Secure business email: encrypted & GDPR-compliant Unknown publication date (fetched sometime during 2021 or something) Tutanota [259] https://www.makeuseof.com/best-protonmail-alternatives-email-security/?newsletter_popup=1 The 8 Best Proton Mail Alternatives for Your Email Security Raul Mercado April 4, 2021 (fetched maybe a few weeks or months later) Google likely found this for me [260] linode.com Akamai GENERAL CITATIONS: This site has a lot of influence from Mark Crimmins' "Merv's RUNNING" (https://web.archive.org/web/20170328042657/http://merv.stanford.edu/ provided the title) at merv.standford.edu (now mervsrunning.com, also titled "Merv's RUNNING"). Some major ideas from there (but possibly not all of them if my memory is failing me): - Creating shoes and tracking mileage on them in logs/adding them to log entries - Using a calendar layout (probably most influential is the ability to click on a date on the calendar to make a new entry for that date) (also, a lot of people hated Rogger's old calendar layout, so the new one is also in response to them), and Merv may have also inspired the idea of the current month displayed being controlled by drop-downs - Workout creation layout - Custom workout types (also a suggestion from a user) - Allowing users' profiles to go completely private with no or close to no hint of the account existing - The hidden profile (as in the user's page 404s) privacy mode, which was requested by Flora Berklein in person in March of 2016 (I think that's the correct date) - Instagram for inspiring the cursive "rogger" that you will see throughout the site (like on the navigation bar, about page, maybe others I am forgetting). - The purplish-grey and white-ish color set used around the site is derivative of the greyish-purple and white that Slack, the collaboration app, uses, and I probably have seen similar colors to Rogger's purplish-grey and whiteish color set elsewhere around the web as well, so Rogger's purplish-grey and whiteish color set could be derivate of those, too. Further, I may have used more that just one purplish-grey and/or whiteish color in Rogger, so these citations apply to those as well. I also had the side bar on the home page vs. most of the rest of the site be the same color scheme as Slack (the side bar was the purplish-grey while most of the other backgrounds/empty spaces were white or close to white, at least in the default theme of Slack as of 10:37 PM Eastern, not daylight savings, on 2017.11.11). Seeing as I took design choices like that from Slack, Slack could have also influenced the site in other ways besides the sidebar-other-spaces thing and the general color set. I don't remember anything specific, but I am just putting this here to make sure I am "covering my bases" when it comes to citing. - Also, as I think I have stated elsewhere in this file, this site uses a lot of common features found around web - Evan Hamilton and Joel Christian to their tiny-but-appreciated direct and indirect contributions to the old project (bitbucket.org/roggerlogger) of which they were part of the coding team, and their probably ongoing indirect contributions to this one. - Everyday users of the site add their data to the site, so this data was useful when checking the correct operation of the site. - This repository's/this project's version control is managed by Git [141] (git-scm.com) - See [110] for another feature potentially requested by someone - Allowing people to follow others is an idea from social media, such as [108] - Protected but partially visible accounts, and blocking accounts, are ideas from the internet, such as [108] - [114]'s list of sites that track users through tracking images in emails was helpful to at least reduce the concern that Amazon SES [115] was tracking emails sent out for Rogger. DEBUG: Thanks to everyone that submitted bug reports. Safari, the web browser, was very important in debugging, and less important but still important were other browser(s) probably including (but there may be others I am forgetting) Firefox, Chrome, Internet Explorer (unknown release number(s) like 6, 7, 8, 9, 10, 11, etc), Edge, mobile versions of these browsers or their derivatives (like the browser used in the Google bar in Android and the iOS Google App). SUGGESTIONS: Thanks to everyone who suggested things to make the site better. This site is built on the Django web development framework. How to set up NGINX (the web server) to serve this Django app is from https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04, http://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html, https://www.digitalocean.com/community/tutorials/understanding-the-nginx-configuration-file-structure-and-configuration-contexts (for telling me where to put the Rogger server configuration (somewhere in /etc/nginx/nginx.conf)), and probably other unknown resources as well. (SEE OTHER CITATIONS BELOW, THEY TAKE PRECEDENCE) Thanks to https://www.whatsmydns.net, http://www.inmotionhosting.com/support/tools/visual-domain-routing, and other unknown sources, for helping debug the server. Using json.loads() to convert strings with surrogate pairs into proper unicode for data import from a json file (for transferring between the old Rogger's "python manage.py dumpdata --indent <# of spaces indent>" output to the new database) is from https://stackoverflow.com/questions/38147259/how-to-work-with-surrogate-pairs-in-python and possibly others as well. Being able to transfer the data between two different databases via just Django models, which is the idea that allowed me to generate the pseudocode that got the ordering of how to move the old data to the new site (in the end though, I didn't use the old database's data with just models; I just used the pseudocode ordering), is from https://rlskoeser.github.io/2016/03/31/migrating-data-between-databases-with-django/. That site also may have pointed out to me that I could use dumpdata to get the old data out of the old site. I suppose it is possible that that site outlines the entire original method I was going to use to transfer the data over, now that I think about it, I just can't remember and if it was, I have modified it so that my data transfer code directly reads the output of "python manage.py dumpdata --indent <# of spaces to indent>". Thanks to https://community.letsencrypt.org/t/are-they-limitations-on-who-can-use-lets-encrypt/687 for clearing up whether or not I can use Certbot and Let's Encrypt on my site and still stay compliant by licensing the site code under the MIT License (below). Thanks to https://stackoverflow.com/questions/44892085/letsencrypt-certbot-timeout-error for helping me debug using Certbot and Let's Encrypt. Thanks to https://lifehacker.com/5683682/five-best-domain-name-registrars for suggesting Name.com to use as a domain name registrar. Using a virtualenv'd folder to house a Django project is an idea from (an) unknown resource(s) (high probability that is is from the Django's team's own django tutorials at djangoproject.com, and maybe other resources as well). Checking sqlite3 database for corruption using the PRAGMA integrity_check command is from https://serverfault.com/questions/8048/how-can-i-verify-that-a-sqlite-db3-file-is-valid-consistent Deleting all Django sessions technique I used is from http://blog.sashalaundy.com/blog/2014/08/26/howto-force-all-django-users-to-log-out-with-the-django-orm/ How to install sqlite3 for Ubuntu (as the sqlite3 Linux download didn't work) is from https://askubuntu.com/questions/150347/sqlite-binary-file-does-not-work-on-my-ubuntu Explanation of what I need to worry about regarding the EU Cookie law(s) is from https://www.cookielaw.org/the-cookie-law/ and http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm https://apple.stackexchange.com/questions/209572/how-to-use-pip-after-the-os-x-el-capitan-upgrade I think resolved the issue on my Mac where pip couldn't install anything into the SIP-protected MacOS folder where Python is installed systemd-uwsgi-DAEMON-DEFINTION-FILE-SPECIFIC CITATIONS ------------------------------------------------------- It is probable that using systemd to start up (and coordinate) the uwsgi server for Rogger is a suggestion from https://serverfault.com/questions/785502/create-daemon-on-ubuntu-16-04. Also, the structure of this file is based off an example found at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Unit_Files.html and possibly elsewhere. ExecStart command is a derivative of those found at http://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html, and possibly from https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04, https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/uwsgi/, and maybe other resources Setting Type to forking is a suggestion from (an) unknown resource(s) WantedBy usage (from unknown resource(s) and https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files), seems to be the best way to get this service running at boot, and possibly recognized by any systemd command. Using the --home option for uwsgi is a suggestion from an unknown resource and discussed in https://docs.djangoproject.com/en/1.11/howto/deployment/wsgi/uwsgi/ -------------------------------------------------------- END systemd-uwsgi-DAEMON-DEFINTION-FILE-SPECIFIC CITATIONS /etc/nginx/nginx.conf rogger SERVER DEFINITION CITATION SECTION -------------------------------------------------------- THIS SERVER DEFINTION IS A DERIVATIVE OF THE SERVER DEFINTIONS FOUND AT https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04, http://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html, AND PROBABLY OTHERS. Putting this server definition here (/etc/nginx/nginx.conf) is from https://www.digitalocean.com/community/tutorials/understanding-the-nginx-configuration-file-structure-and-configuration-contexts All sections in the server configuration section talking about how Certbot is its manager were created and/or modified by Certbot, not me (basically, for those without access to the file, this is the code that redirects non-HTTPS connections to HTTPS connections, and and certificate setup) Method of redirecting non-HTTPS requests in the nginx rogger server config (The "if ($scheme != "https")" if clause) was made by Certbot, and https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx confirmed for me that this was a way to do that and also pointed out that I can still listen on port 80 in the same server definition to allow those non-HTTPS connections to come in and get redirected to the HTTPS site. Thanks to https://serverfault.com/questions/814767/413-request-entity-too-large-in-nginx-with-client-max-body-size-set for telling me what the variable is in the nginx configuration that controls how big a request is allowed through the server. Limiting the request size using the web server instead of Django or something else is a suggestion from an unknown source. This has been put in the nginx.conf file, and explanation for it is with it, along with its citations: # This server definition is used to reject requests that aren't for the domains processed by the server definition below. # The "return" usage is from http://nginx.org/en/docs/http/server_names.html (retrieved 2017.12.18) in the code under # 'In catch-all server examples the strange name "_" can be seen'. Putting this as the first server to make it "default" # so that other domains are processed here and not in the other server is probably from the same page and/or # https://serverfault.com/a/525011. Making sure that these requests stop here and not at Django so that I don't # get spammed with error emails is an idea from https://stackoverflow.com/questions/18220519/how-to-disable-djangos # -invalid-http-host-error. Even though this version of the site uses Nginx (and I think that site talks about Apache, # there might be some configuration used there that was directly, or more likely indirectly, relevant to what I wrote # for this server definition. Using two different listens for each port is an idea from Certbot which did this for # the server defition for Rogger. server { listen 80; listen 443; return 403; } -------------------------------------------------------- END /etc/nginx/nginx.conf rogger SERVER DEFINITION CITATION SECTION THE ROGGER SERVER'S /etc/apt/sources.list FILE ADDITIONS THAT I MADE ARE BELOW -------------------------------------------------------------------------------- # NEXT TWO LINES FROM https://www.nginx.com/resources/wiki/start/topics/tutorials/install/ # + ADDING THE KEY for the nginx repository AFTER THE KEY ERROR DESCRIBED BY THAT PAGE, # THE sudo apt-get update, AND THE sudo apt-get install nginx COMMANDS I RAN ARE ALSO FROM THERE deb http://nginx.org/packages/ubuntu xenial nginx deb-src http://nginx.org/packages/ubuntu xenial nginx -------------------------------------------------------------------------------- END OF STUFF THAT I ADDED TO /etc/apt/sources.list DEPLOYMENT SERVER'S ROGGER INSTALLATION's settings.py citations (in addition to those that may have already been mentioned): See citation [47] Installation instructions I used for the production server (plus some other outside knowledge that I don't remember where it is from) were found here: virtualenv: With pip (not sure about source for this method of installation) Django: With pip (not sure where I got this from; may be recommended by the Django team themselves) nginx: https://www.nginx.com/resources/wiki/start/topics/tutorials/install/ (they talk about modifying the /etc/apt/sources.list file, which I did) pip: https://pip.pypa.io/en/stable/installing/ (with the get-pip method + python3 instead of python) ReportLab: https://bitbucket.org/rptlab/reportlab (the README, with pip) Boto 3: https://github.com/boto/boto3 (with pip) Pillow: http://pillow.readthedocs.io/en/3.0.x/installation.html (with pip, although ReportLab had already installed it as a dependency) uWSGI: https://uwsgi-docs.readthedocs.io/en/latest/Install.html (with pip + "sudo apt-get install gcc" + "sudo apt-get install python3-dev") Certbot: https://certbot.eff.org/#ubuntuxenial-nginx Thanks to https://www.sqlite.org/onefile.html for mentioning that a SQLite 3 file is cross-platform (and I think cross architecture), which saved me a ton of headache. This site uses Django, JQuery, ReportLab, Pillow, Boto3, Let's Encrypt (a GREAT GREAT GREAT initiative) + Certbot (also FANTASTIC), nginx, Ubuntu 16.04 (the AWS variant), virtualenv, pip, CodeMirror, Amazon Web Services, and probably other things I'm forgetting to mention as well. Thanks to Atom (developed by Github, I think) for being a (relatively) great text editor. It was used for the majority of the code that I wrote for this site. ACKNOWLEDGEMENTS: The design of this site is inspired by all my experience using the web. The navigation bar at the top, the search bar, the Material-design(by Google)-inspired layout and encapsulation of objects, the reverse-chronological feeds, etc. are not my own creation; in fact, you will find very few things that *are* my complete original ideas when it comes to design and aesthetics. Also, a ton of this site is based on experience with merv.standford.edu, which is a running log site whose users' exported data I support for importing. CITATIONS FOR FEATURES OF THIS SITE (KNOWN CONTRIBUTORS, ASSUME THAT THERE MAY BE FORGOTTEN CONTRIBUTORS FOR EACH FEATURE): ----------------------------------------------------------------------- Entry textbox (when writing the entry) expands to fit all typed content: Kristina Kronauer Back button (mostly) does not reset the calendar in the user view: Amelia Keyser-Gibson Charlie Hale Custom units for types when displayed as totals for weeks, etc.: Nora Weathers Sam Fujimori Amelia Keyser-Gibson Shoe mileage: merv.standford.edu Kristina Kronauer Merv test dataset(s) (used for both import testing and general site testing): Eric Arnold Differentiating between new workout entries and updated workout entries: Nora Weathers Letting workout titles in calendar show completely instead of being truncated: Henri Drake Importing Merv data/Exporting Rogger data: Eric Arnold (import only) Joel Christian Kristina Kronauer Having an updates feed: Eric Arnold Using a more traditional calendar in the user profile: merv.standford.edu Allowing underscores in usernames: Eric Chesterton Pace calculation of entries if distance and time length of workout are given: merv.stanford.edu Greg Morgan Kristina Kronauer (I think) French Localization Possibly Charlotte Lellman Asking for Rogger "swag", which I responded to by making a fundraiser because people also wanted to give money to keep the site running Somebody/Multiple somebodies Giving positive feedback about the panel on the left for follows, and "new fonts" (though I think this was for the old site, bitbucket.org/roggerlogger/rog, for a git commit that occurred near 2017.10.30) Charlotte Lellman Pointing out that the profile page of a user scrolls and the calendar does as well (in the old site, bitbucket.org/roggerlogger/rog); this was remedied in this version of the site Charlotte Lellman For every other feature, you should also assume that there is a good chance it was a result of me getting feedback from users. ----------------------------------------------------------------------- People who helped debug (for the things discussed below that were debugged, there may be other people who contributed to debugging them as well): -Tyler Fong -Joseph Boyle -Charlie Hale -Brian Sokas -Katie Pokorny -Amelia Keyser-Gibson -Kristina Kronauer -Lukasz Tyler Olenginski -Kelley Riffenburgh -Evan Hamilton -Flora Berklein -Nora Weathers -Sam Fujimori -Greg Morgan -Eric Arnold -Charlie Marquardt -Allison Guindon -Nicholas Reynolds -Zachary Gabor, Griffin Kaulbach, users "alphdollie" and "hdoll" (Issue: error gets thrown when no workout type is specified in new workout because they have not made any types, and the "Unknown" type has not been created for them) -this page: https://stackoverflow.com/questions/41787263/different-value-of-csrf-token-in-response-header-and-browser-cookies-csrf-verif, Greg Morgan, Allison Guindon, Nick Reynolds, Lukasz Tyler Olenginski, Lincoln Satterthwaite, Kristina Kronauer: for helping me debug that the browser will automatically look for a favicon, and will get a CSRF cookie if Django handles the request (as in not going to the static file URL) and returns a 200 status. -Bernie Jones (for the above problem and also for debugging that usernames with spaces in them can get by the account maker), Zach Needell for the same usernames with spaces bug (calling django's reverse url lookup functionality failed with the URL regex I specified for getting the url to a user's profile page) -user "thale" for automatic bug report suggesting that I had not done a make migration and/or migration when the backupType field was added to the "Workout" model in workoutLogging.models -users that tried to make a new log entry but failed because they didn't know they were logged out (the new entry page allowed users through even though they weren't logged in) -- automatic bug reports were sent for those people's errors -users "Ellie" and "nosbigibson" for their automatic bug reports that showed I had an index error for "pretty printing" python's Decimal type (I assumed that all Decimals would have a decimal point when converted to some string, which caused indexing problems) -Matt Cohen for his automatic bug report for not importing django.contrib.auth.model's User model; that model is used to check to see if the user tagged in an entry actually exists -the automatic bug report generated when some unknown person tried to access the "/search" resource without actually putting in something to search for -the automatic bug report that an unknown person generated that triggered, in shared.tools.getErrorString(), an error that "creationForm" could not be found, which was an artifact of me moving code; I never changed that back to the real form's name (which is not creationForm) once I moved that code over -an unknown user's automatic bug report that I think I had not imported shared.languageLocalization's "baseLocalization" variable into some place, but I forget where that import was -unknown users' automatic bug report for helping me figure out why the 404 error template I created was not being found at the /hello resource -Charlie Marquardt, Eric Arnold, maybe others for pointing out browsers not working with both www.rogger(beta).co(m) and rogger(beta).co(m) -Lena Edelstein for pointing out that the date and time of comments were not local to the front-end's location -Charlie Marquardt and Eric Arnold for helping to, I think, debug the fact that I had not made an A entry for my domain to route the domain to an IP -Eric Arnold for pointing out that, for migrated workouts (from old to new site), some distances had too many decimals numbers -Eric Arnold for checking that emails were being sent out properly (for some mechanism(s) that I can't remember, involved at least entry comments) -Charlie Marquardt for pointing out that distances on the updates feed page were showing unnecessary 0s in the decimal portion (or just an unnecessary decimal portion) of the distance of workouts -Charlie Marquardt for pointing out that scientific notation (a*eb, where a and b are numbers) was showing up for workouts on workout pages -Charlie Marquardt for pointing out that PDF generation was throwing a server error (can't remember what that error was specifically related to, I think it had something to do with the fact that WorkoutWeek's getStats() function changed and the new version returned tuples instead of strings, so the tuple was passed to Reportlab (for PDF generation) instead of the a string, which caused an error) -Mali Axinn for pointing out that logging in wasn't working for new users. Super weird bug. I haven't gotten a complaint about this until now, which is very confusing. -Charlie Marquardt and Charlie Hale for pointing out that the domain wasn't routing to the old Rogger server when (I think) I was switching domain name service providers. -Charlie Marquardt pointed out that the calendar would initialize to (I think) showing an adjacent or near-adjacent month to the current month in the old Rogger. This issue was resolved in this new version of Rogger. -Joel Christian (and possibly others) who pointed out that IE support (I think primarily, if not completely, for older version of IE) for the old Rogger was bad. I made at least some of this site compatible with older versions of IE as a result, though honestly I stopped testing for IE a while ago. -Joel Christian, and Sam Fujimori let me know that the site looked good. Eric Arnold said it is better-looking than the old version. -Eric Arnold and others said that when writing the text of a log entry in the old version of Rogger, each press of the keyboard would make the cursor in the entry area to return to the start of the entry's text. So, for this project, I abandoned what was causing it (a hacked-up TinyMCE editor) for CodeMirror, which seems to have solved this issue. -Mali Axinn (approximately 2017.9.26) and someone else (unsure of date when this occurred, sometime late summer 2017, I think): Mali's accounts needed to be deleted, so that helped me test that account deletion actually deletes everything related to that account, and that someone else had a bug that I created at least one account for to test out, so when I deleted those accounts, that helped to test that the account's data was being deleted. However, now that I think about it, it doesn't delete all the information, yet, so I have to address that at some point. -Those (currently unknown who) who trigged the old site's bug where the antivirus would go down, so images couldn't be scanned for viruses on banner and profile picture uploads, and the server would error out, which would send me an email with a bug report. That's how I found out about these situations, and the bug is sort of fixed in this site (there is no antivirus running, so the same error can't occur). -Eric Arnold said that the site was freaking out (it probably was with regard to Nginx complaining about the gateway; see two points down for further explanation of this issue), and it turned out that UWSGI hadn't been started. He probably mentioned this to me around 2019.2.17. -I checked to make sure the TLS encryption (refrence for TLS unknown) was still working as Let's Encrypt (https://letsencrypt.org/, Internet Security Research Group, site found by searching for "letsencrypt" on google.com) emailed me something that made me think it wasn't. I tested the encryption with Mobile Safari (https://www.apple.com/safari/, Apple Inc., site found by searching for "mobile safari" on google.com) -Eric Arnold -- Besides previous time(s), he pointed out via text on 2020.3.6, call on 2020.8.10 (and a text on the same day in a separate instance of this problem) that he was getting a 502 code (defined by https://www.ietf.org/rfc/rfc2616.txt Hypertext Transfer Protocol -- HTTP/1.1 author - R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Manister, P. Leach, T. Berners-Lee (order taken from reference) rfc # - 2616 published - 1999.6 via - https://www.w3.org/Protocols/rfc2616/rfc2616.html, which was via something else in section 10.5.3) from his web browser. I knew that this was likely NGINX http://nginx.org/ giving him the code, and that I had to fix this by starting up uWSGI https://uwsgi-docs.readthedocs.io/en/latest/ and others whose names I don't know, and almost certainly others that I cannot think of. Beta Testers: Charlie Marquardt -Creating workouts, trying out the updates feed on the home page, probably other things too Eric Arnold -Creating workouts, commenting, probably other things too Kelley Riffenburgh Matt Cohen Jossi Fritz-Mauer Lena Edelstein Rich Marisco + some others maybe My mom (Carolyn Cutilli), dad (Bruce Cutilli), and Eric Arnold helped with suggestions on how to cite things and just also with my stress management (and probably other things as well that I can't remember), so thanks to them. Eric suggested that I can email all the users of the site to ask them to reply telling me how they had helped out with the site, and then I can add them to the list of citations. Also, Eric Arnold told me that I was getting questions on runnerunner.com's message boards relating to Rogger and said that I should chime in to help address them and address the fact that merv.stanford.edu was losing users due to spottiness of the site or other issues, and that I should encourage them to use Rogger as a replacement. He also might have answered questions on runnerunner.com in representation of me as I did not want to log onto runnerunner.com to do so. -------------------------------------------------------------------------------- Setting up blocking any traffic outside of the US because of GDPR (GDPR is from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN Official Journal of the European Union published - 2016.5.4 author - European Union via - could have been via https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504&qid=1567786393726&from=EN, but definitely was via https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504&from=EN ) details follow: I use the MaxMind GeoLite 2 database https://dev.maxmind.com/geoip/geoip2/geolite2/ GeoLite2 author - Maximind via - http://nginx.org/en/docs/http/ngx_http_geoip_module.html Module ngx_http_geoip_module relevant section - introductory section via - unknown I read about its license here: https://creativecommons.org/licenses/by-sa/4.0/ Creative Commons -- Attribution-Sharealike 4.0 International -- CC BY-SA 4.0 author - Creative Commons retrieved - 2019.11.5 and https://dev.maxmind.com/geoip/geoip2/geolite2/ GeoLite 2 Free Downloadable Databases << MaxMind Developer Site retrieved - around 2019.11 author - MaxMind via - http://nginx.org/en/docs/http/ngx_http_geoip_module.html Module ngx_http_geoip_module via - unknown relevant section - introduction in the "License" referred me to that license. In order to keep the database updated (as it is downloaded locally), I use geoipupdate (reference H) which was recommended by the "Updating Downloadable Databases" section of reference I. To make sure the database was updating properly, I used the command ls -l which told me the date the file was updated, or something like that. "ls" is a program distributed with reference K. Making sure that this non-US blocking technique worked comprised of using TunnelBear https://www.tunnelbear.com/ TunnelBear author - TunnelBear LLC to connect to a VPN in Ireland, and trying to connect to rogger.co while expecting failure to do so as an indicator that the blocking code works. MaxMind changed its database download process so that you need to have an account to download its GeoLite2 databases (reference A). As a result, as instructed in reference A's "Steps for Migration", I - created an account at reference B (the confirmation page, reference E, that shows after signing up in reference B said to look for reference C sent to my email address; I followed the instructions saying to set a password for that account, using reference D suggested in that email to set the password) - went to reference F, and clicked on "Generate new license key", which lead to reference G. I named the key "Rogger Blocking", said the key was going to be used by GeoIP Update (reference H), and then said that the version I was using for GeoIP Update was equal to or higher than 3.1.1 (I determined this was the case by running geoipupdate --version on the server running GeoIP Update). I then clicked "Confirm", which brought up reference J. I took the "Account/User ID" value and "License Key" value and put them into the GeoIP Update configuration file which you can find at serverfiles/geoipupdateconfig in this repository. After following those instructions, I used geoipupdate -f <path to the GeoIP Update configruation file> to test that the database actually updates, and checked the database file's modification date (to see if the update succeeded) using "ls -l" ("ls" is a command from reference K) in the directory where the database is saved. References: (A) https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ Significant Changes to Accessing and Using GeoLite2 Databases | MaxMind Blog author - Miguel Atienza retrieved - 2020.1.17 published - 2019.12.18 via - https://dev.maxmind.com/geoip/geoip2/geolite2/ (B) https://www.maxmind.com/en/geolite2/signup GeoLite2 Sign Up | MaxMind author - MaxMind retrieved - 2020.1.17 via - reference A, "Steps for Migration" section (C) Email titled: "Welcome to MaxMind" sender - support@maxmind.com sent - 2020.1.17 (D) https://www.maxmind.com/en/account/set-password Set Password | MaxMind author - MaxMind retrieved - 2020.1.17 via - reference C (E) probably some resource found on the webserver(s) hosting maxmind.com retrieved - 2020.1.17 author - MaxMind via - reference B (F) https://www.maxmind.com/en/accounts/172704/license-key License Keys | MaxMind author - MaxMind retrieved - 2020.1.18 via - "Steps for Migration" section of reference A (G) https://www.maxmind.com/en/accounts/172704/license-key/confirm-creation Confirm generation of new license key | MaxMind author - MaxMind retrieved - 2020.1.18 via - reference F (H) https://github.com/maxmind/geoipupdate geoipupdate author - maxmind via - https://dev.maxmind.com/geoip/geoipupdate/ (I) https://dev.maxmind.com/geoip/geoip2/downloadable/ GeoIP2 Downloadable Database << MaxMind Developer Site author - MaxMind retrieved - 2019.11, approximately (J) https://www.maxmind.com/en/accounts/172704/license-key/created/ New license key successfully created | MaxMind author - MaxMind retrieved - 2020.1.18 via - reference G (K) GNU coreutils version - 8.25 (output of "ls --version") authors - Richard M. Stallman, David MacKenzie (using the author order presented by "ls --version") -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- The tweet https://twitter.com/arstechnica/status/1234884504755605510 Ars Technica on Twitter: "Let's Encrypt discovers CAA bug, must revoke customer certificates https://t.co/mZPS9QEsDu by @jrssnet" / Twitter author - user @arstechnica published - 2020.3.3 retrieved - 2020.3.3 said that there was a problem with Let's Encrypt certificates. The reference that the tweet linked to: Let's Encrypt discovers CAA bug, must revoke customer certificates | Ars Technica https://arstechnica.com/information-technology/2020/03/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug/ retrieved - 2020.3.3 published - 2020.3.3 author - Jim Salter said that I would need to renew my SSL Certificate (and explained why), and that I could do it with certbot renew --force-renewal SSL Certificates are defined by (an) unknown reference(s) and the "certbot" command is a program is from https://certbot.eff.org/docs/ Certbot author - Electronic Frontier Foundation I restarted the machine, and checked the renewal date of the certificate (to make sure the new certificate was in use) by using Firefox https://www.mozilla.org/en-US/firefox/new/ author - Mozilla version - 68.0.1 platform - macOS 10.14.6 by going to rogger.co, clicking on the lock icon in the URL bar, clicking on the right arrow next to "Connection", then "More Information" at the bottom of that pop-up, and finally "View Certificate" in the window that pops up. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- External motivations for keeping the Rogger server up-to-date: The article at https://arstechnica.com/information-technology/2020/02/serious-flaw-that-lurked-in-sudo-for-9-years-finally-gets-a-patch/ Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica author - Dan Goodin published - 2020.2.4 retrieved - 2020.2.5 which states that sudo https://www.sudo.ws/ (URL from bottom of page produced by "man sudo") may need to be upgraded. The processor vulnerabilities that have been discovered recently, possibly including those discussed at 7:30 (this time according to the table-of-contents in the video) of https://youtu.be/qgy9v8p5OJY HW News - Apple's Malware Problem, 10700K 5.3 GHz Rumors, & Sony PS5 Pricing - YouTube author - Gamers Nexus published - 2020.2.17 retrieved - 2020.2 The server update process was accomplished with these two commands: sudo apt-get update sudo apt-get upgrade "sudo" is from https://www.sudo.ws/ (URL from bottom of page produced by "man sudo") and "apt-get" is distributed with Ubuntu ubuntu.com -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ENCRYPTION This site uses encryption in order to be in (somewhat of) compliance with GDPR [64]. Previously, the data on the server was encrypted using EC2 volumes [67] that were encrypted by AWS [65], and the images that users upload were hosted on an encrypted S3 bucket [68], also encrypted by AWS. However, as required by GDPR according to an unknown reference, the encryption keys in both the EC2 volume and S3 bucket scenarios should be handled by me, which they aren't. This was the motivation for me to move this storage to an encrypted device on the server. See "script" in the "ubuntusetup" folder for details about the encryption. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Concerns about devices being secure: [115] brought to my attention an attack known as "Thunderspy" [116]. Besides describing the attack, the article stated in its introduction that "99 percent" of people don't need to worry about the attack (this thought process concluded in [115, What's a user to do?] by stating that such attacks really only in the reach of entities like nation-states), and this "99 percent" idea was followed, I believe relatedly, with the fact that this attack was patched out of macOS long enough ago that my laptop is secure from that kind of attack [115, "Accessing Memory Lane" and "Intel assurances torn asunder"]. Other things discussed throughout the article relevant to the security of this site include 1. the idea that if someone can get to your computer in person, they can probably figure out a way to hack you [115, "Intel assurances torn asunder", "Accessing Memory Lane", "Sabotage ain't hacking"], 2. Kenn White's quote which says that Thunderbolt can no longer be considered secure [115, Intel assurances torn asunder] 3. Highlighting other attacks and saying that they were patched [115, Sabotage ain't hacking] -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [118] stated that Django 1.11's [94] security support will end, and [117, red page header bar] confirmed this, so this told me that I need to upgrade to a newer major release version of Django. This idea of needing to upgrade to make the site secure is also probably from [119] and maybe [120]; further, in the past, I may have been encouraged to upgrade to Django 1.11.19 by [120] because of security. To be more specific, [119] and [120] announced new versions of Django being released; they didn't specifically say to upgrade). -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [121] makes it clear that iPhones [122] that have been confiscated by authorities should no longer be considered secure. I've never encountered such a situation, but if in some insane scenario I do, this is good to know for the sake of Rogger's security. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (No longer true) Email [126] for this website is hosted by Name.com's email service [125]. I read that email mostly with the iOS [124] Outlook app [123]. Outlook is very good at determining which emails are important (through its "Prioritaire" -- from the French mode of the app -- section of its inbox), so that is one reason why I used it. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- It has been pointed out to me (I think initially) by [144], with [145], [146], and [147, first picture, its caption, title, subtitle, and URL] (in that order to the best of my knowledge) further encouraging that I should rename the "master" Git [141] branch to something that at least avoids the master/slave nomenclature ([147, first picture, its caption, title, subtitle, and URL] helped indirectly through reporting that someone else removed the terminology). [148] indicated that this wouldn't be a time-consuming process. [149] was talking about a different repository circumstance, but it still helped (I didn't look at the screenshot that came with it) to defeat the notion that changing branch names would be difficult. After renaming it to "main", both git push --prune and git push --prune origin spat out fatal: The upstream branch of your current branch does not match the name of your current branch. To push to the upstream branch on the remote, use git push origin HEAD:master To push to the branch of the same name on the remote, use git push origin HEAD To choose either option permanently, see push.default in 'git help config'. indicating that the "main" branch was still tracking "master" on GitHub. I fixed this problem. This was not the end of the issues, however. Running git branch -a warned me with this warning: ignoring broken ref refs/remotes/origin/HEAD I think this was the result of the HEAD shortcut trying to point to the last commit of master (or something like that if my terminology is off). Running git remote set-head origin main hopefully has fixed this (trying git push origin HEAD didn't complain, at least). Fixing HEAD was attempted (unsuccessfully) as a solution to GitHub [142] not seeing "main" as the default branch; I thought that removal of "master" through the "git" command line tool was held back by the fact that GitHub had the "master" branch as default, in addition to there being a trash can next to "main" but not next to "master" [143, "Overview" or "All Branches" pane]. However, attempting to change the GitHub default branch with the previous command git remote set-head origin main followed by git push --prune origin git push origin was not a solution. I just deleted the branch through one of the five panes (one of which is "Overview") at [143], resulting in its deletion, but without removing it from the list of branches. Going to the "All Branches" pane made it disappear; this was to make sure that as much (as I could tell) of the word "master" was removed. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- When NGINX [150] fails to start (as determined by testing out the site with Firefox [78]), it can be due to ngx_http_geoip2_module [151] not being compiled for a new version of NGINX that was just installed (prior to upgrading NGINX, reliable receipt of emails from Django's watchdog [152, ALLOWED_HOSTS] about requests -- which have to go first through NGINX -- setting HTTP_HOST [153, HttpRequest.META documentation] to something the website doesn't handle suggested that the upgrade itself broke NGINX, not something previously which would have prevented those emails from being sent). See serverfiles/geoipmoduleupdate for how this issue is fixed. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Accessing the server via a terminal is done through "ssh" (command) from OpenSSH [154]. AWS [65] recommended somewhere to use the -i option like so ssh -i <key given to me by AWS> <user>@<host> in conjunction with the AWS-created key to do this. Recently (2020.8) I realized that I didn't know exactly what "-i" did. [158]'s documentation for -i discusses "CertificateFile", which I thought could be the certificates that the person signing into the server presents to log in via an alternate protocol which we'll call "AP" (an explanation of this method was read from [158, Authentication]). However, this was not clear. It was recommended by the "-o" documentation of that same man page that I could find out more about CertificateFile by looking at [159]. The "CertificateFile" section in [159] didn't provide any more information other than it further hinted with "Specifies a file from which a user's certificate is read" that CertificateFile is used for AP. [158, Authentication] told me to look at [163]'s "CERTIFICATES" section for more information on how this works, which it did, but it didn't clarify what CertificateFile was. <Where to put the citation stuff back in> -------------------------------------------------------------------------------- I prefer to acknowledge those who got the site to freak out and put in a bug report for said freak out. However, those bug reports often don't contain the username of the person so that I know who to credit. Instead, they might contain a "session cookie" [], and I found out from [160, Finding the user from the session] (using the verbatim Python code from there, below), that I can get the User object [] for that user (which contains information about that user) from that session cookie's value: from django.contrib.sessions.models import Session from django.contrib.auth.models import User s = Session.objects.get(session_key=<value of session cookie in string format>) uid = s.get_decoded().get("_auth_user_id") user = User.objects.get(pk=uid) -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- At the request of an anonymous user, they wanted to delete their account. I had a method that I wanted to use, but it needed to be tested (testing on production is generally not recommended, but in this case I was very sure I was in the clear and took precautions). Deleting their account confirmed that these objects (settings.models.WorkoutType, shared.models.UserInfo), when deleting that user's respective django.contrib.auth.models.User (provided by Django), did indeed get deleted. Loading my account through a web browser [78] showed that other things in the database (created by the general Rogger community) were not deleted as a result. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- As recommended by [161, Clearing the session store], I try, at least on occasion (although I believe they imply to do it often), to use the "python manage.py clearsessions" command Django provides. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [151] was used to block users from outside the US (because I suck at GDPR [64] compliance and someone/something said that this is what the LA Times [162] did as a temporary measure on the date of GDPR being active). serverfiles/settingupgeoip contains the steps took to do this and serverfiles/geoipmoduleupdate is how I install new verisons of [151]. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Firefox version when using IP address as (allegedly) host: 68.0.1 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- To be (as it turns out -- according to either [50], [64], or both -- partially) compliant with GDPR's option to encrypt data instead of anonymizing it ([64], probably [50] as well), I created a separate volume to hold the database, and that database is encrypted using AWS-controlled keys (the reason for the aforementioned "partially"). [164], when right-clicking on a volume, clicking on "Attach Volume", then choosing the VM to attach to, let me know that the device path to mount can be unusual, and told me what it may be (/dev/xvdf, an Ubuntu [165] and/or Linux [166] path), which I ended up using. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- I had two errant Django migrations causing problems with Django's manage.py's "makemigrations". Pip [168] told me via the command "pip uninstall Django" that it " Would not remove (might be manually added)" those migrations. This implies that those migrations didn't come with the Django package when it was installed, so I felt safe deleting them myself. -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Currently not a fan of the below license for the all-caps line (because someone likely copied from someone else as that line is very similar to what you will find in [127], [128] (Not just for Python [93] 2.0, as clarified by [131, Python license link comments]), [129] (implied to be recommended over [134], in the manners discussed below), and [130, points 7 and 8] (also implied to be the best version of the license [131, license links section; "superseded" tag]), implying a trend in the license-writing world of plagiarism). This was brought to my attention by []. I tried looking at those licenses and others ([132], [133], [134]), but they all had the same (alleged) plagiarism issues, in addition to these problems: [132]: Its insistence on weak copyright, public domain and other potential liberal stances may conflict with other licenses agreed to by our project [133]: The text in red [133, under the license name] appears to question if the license is useful [134]: Another license that may be broken as the page says "This license has been superseded by the Apache License, Version 2.0" [134, comment preceding the license text] and [131, license links section] states in a comment next to the link to this license that its status is "superseded". I also considered [135], but [131, license links section] suggested it had something in common with [127] (the mention of "BSD"), so I avoided it because, as previously discussed, [127] had plagiarism-probable issues. -------------------------------------------------------------------------------- Looking for alternate domains, so [181], [179], [180] etc have been useful in determining which domains I can buy. -------------------------------------------------------------------------------- My domain that I use for testing was recommended by [208, one of the two horizontal scrolling things] ---------------------------------------------------------------------------------------------------- Moving server over to Linode I wanted to figure out a way to (mostly) directly move the old server data over to the new server. One thing I needed to move was the files from the AWS S3 bucket that hosts the images to the server itself. I was reminded[215] of the AWS CLI[216] being able to do such things, so I attempted to do that using the awscli[217] package on a testing server that had almost all the same properties as the production server (this was done mostly to comply with GDPR's encryption requirement as the test server had an encrypted volume, as can be seen in ubuntusetup/script). However, I kept getting told that I wasn't permitted to fetch the images. [214, aduty's post] pointed out that I needed to grant access to the KMS encryption key[218, "Customer managed CMKs"] for the IAM user[219, "IAM users"] performing the download before I could move the files (I didn't quite understand their directions on how to do that, but ended up figuring it out myself and then realizing later that my method was what they were trying to say, less the fact that they weren't adding the permission for a user, specifically). This worked. ---------------------------------------------------------------------------------------------------- I moved my domain name (rogger.co) from Name.com[179] to Hover[222], the latter of which was recommended by ATP during an advertisement [224]. When Name.com was used, I think I used the default value for TTL[55, 3.2.1] for every record or almost every record when managing records with [235], and same goes for Hover's equivalent[236], except I think the "Host" field for on of the A[55, 3.4.1] records was, by default, "@". I wasn't able to delete accounts because of a constraint violation in SQLite 3. A search on GitHub turned up [250, "Foreign key constraints are now enabled on SQLite"], which stated that the solution to this problem is "tables may need to be rebuilt to recreate foreign keys with the new definition". I decided to use the "sqlite3" tool [251] to fix this problem, but it wouldn't run. Turns out that [252, "Loren Hochstein"'s response] I needed to install [253]. Doing so resolved the issue, and allowed me to proceed with implementing the constraint issue solution. Security breaches were reported to users as required by [246]. Rogger wouldn't modify the database using "python manage.py migrate", stating or suggesting that tables or whatever already had the stuff that would have been added via the migrations. I didn't understand why that was the case, but it became clear after reading [257, response from Dan O'Boyle] that every migration from the beginning was being run. This became clear when they discussed "faking" the migrations with "fake-initial". I realized then that it may be that the database keeps track of which migrations have been run, and that something wiped out that record for my table. I therefore used combinations of "python manage.py --fake" and "python manage.py --fake-initial" to get everything back in sync. I needed an email host that could store email in a GDPR-compliant manner. It wasn't clear if Tutanota legally fulfilled that need, but according to [258], you can enter into a contract with them to do this as long as you get the plan that was meant for commercial purposes. Therefore, that's what I did. I heard of Tutanota from [259] LICENSE (MIT, from citation [33] except my name is put where the placeholder is): Copyright 2017 Benjamin Cutilli Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
About
Rogger, the Run Logger
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published