Using Wagtail to Fight for Press Freedom

Transcript

1. USING WAGTAIL TO FIGHT FOR PRESS FREEDOM Harris Lapiroff •

   he/him Freedom of the Press Foundation

2. FOTPF FOPF FPF FTPF FOTP FTP SFTP

3. Photo: Trevor Paglen Freedom of the Press Foundation protects and

   defends adversarial journalism in the 21st century. We use crowdfunding, digital security, and internet advocacy to support journalists and whistleblowers worldwide.
4. None
5. None

6. Find out more about all these projects: https://freedom.press/

7. None
8. None
9. None
10. None

11. FREEDOM.PRESS http://freedom.press

12. None
13. None
14. None

15. BundlePage • Stripe Checkout • React form • Models to

    track donations: Donation, DonationSplit • But mostly it’s a Wagtail Page!
16. None
17. None

18. wagtail_hooks.py @hooks.register('register_page_listing_buttons') def add_stats_button(page, page_perms, is_parent=False): if page.live and isinstance(page,

    BundlePage): yield ButtonWithDropdownFromHook( 'Stats', hook_name='add_bundle_stats_button', page=page, page_perms=page_perms, is_parent=is_parent, priority=35 ) @hooks.register('add_bundle_stats_button') def add_stats_view_buttons(page, page_perms, is_parent=False): return [ Button( 'View Stats', reverse('bundle_stats', args=(page.pk,)), priority=10, ), Button( 'Download CSV', reverse('bundle_stats_export_redirect', args=(page.pk,)), priority=20, ) ] class BundleStatsView(DetailView): template_name = 'bundles/admin/stats.html' // … stats display logic
19. None
20. None

21. SECUREDROP.ORG https://securedrop.org

22. AUDIENCES 1. Media organization admins 2. Whistleblowers

23. None
24. None

25. TOR https://torproject.org • Relay network • Tor Browser blocks javascript,

    SVG, web fonts, and more

26. THREE LEVELS 1. Javascript is disabled (assume Tor) 2. Javascript

    detects Tor Browser 3. Javascript detects non-Tor Browser

27. OPTIMIZING FOR TOR BROWSER Graceful degradation for: • Javascript •

    Web fonts • SVG
28. None
29. None
30. None

31. SECURE THE NEWS https://securethe.news

32. None

33. PSHTT • Pronounced “pushed” • Anagram of HTTPS • Developed

    by US GSA’s 18F team • Scans domains for best HTTPS practices

34. SECURE THE NEWS DJANGO

35. python manage.py scan class Command(BaseCommand): help = 'Rescan all sites

    and store the results in the database' def add_arguments(self, parser): parser.add_argument('sites', nargs='*', type=str, default='', help=( "Specify one or more domain names of sites" " to scan. If unspecified, scan all sites.")) def handle(self, *args, **options): # Support targeting a specific site to scan. if options['sites']: sites = [] for domain_name in options['sites']: try: site = Site.objects.get(domain=domain_name) sites.append(site) except Site.DoesNotExist: msg = "Site with domain '{}' does not exist".format( domain_name) raise CommandError(msg) else: sites = Site.objects.all() with transaction.atomic(): for site in sites: self.stdout.write('Scanning: {}'.format(site.domain)) scan(site)
36. None
37. None

38. THE STORY SO FAR November 2016 Now Sites offering HTTPS

    37% 74% Sites defaulting to HTTPS 22% 66% Sites using HSTS 9% 29%

39. U.S. PRESS FREEDOM TRACKER https://pressfreedomtracker.us

40. None
41. None
42. None
43. None
44. None

45. DYNAMIC CONTENT USING TEMPLATE TAGS

46. templatetags/render_as_template.py @register.simple_tag def render_as_template(template_content): return Template(template_content).render(Context()) templatetags/statistics.py @statistics.number @register.simple_tag def

    num_incidents( **kwargs): """ Return the count of incidents matching the given filter parameters """ incident_filter = IncidentFilter(kwargs) try: incident_filter.clean(strict=True) except ValidationError: # Don't return an incorrect number if params are invalid. return '' return incident_filter.get_queryset().count()

47. <li class="quickfacts __item"> {% filter richtext_inline|typogrify %} {% render_as_template fact.body

    %} {% endfilter %} </li> templates/common/category_page.html
48. None

49. FINAL NOTES

50. FPF OPEN SOURCE • Secure the News is open-source! •

    We’re working on Press Freedom Tracker • The others will come too

51. OTHER LESSONS & CHALLENGES • Deployment and development environments •

    How to manage shared code

52. SHOUTOUTS • Mike Sheinberg, FPF • Conor Schaefer, FPF •

    Rachel Stevens • Naomi Morduch Toubman • All of you! ✨

53. THANK YOU! @harrislapiroff [email protected] PGP Fingerprint: https://freedom.press https://securedrop.org https://securethe.news https://pressfreedomtracker.us

    DBA5 3322 225D 93E9 5760 AD2F 43E9 1916 5763 5D6F