Tag Archives: tendenci

Why Tendenci Chose Python over PHP

This blog is a WordPress blog written in PHP. And WordPress, when secured properly, is a great platform.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

which_web_programming_language_is_the_most_secure_

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure

security-report1

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

security-report

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

setting up vmware fusion 7 for tendenci development

Tendenci install docs – latest version – are in the git repo here: https://github.com/tendenci/tendenci/blob/master/docs/source/installation/installation.txt  Please note that Tendenci is a FAST moving project and you should update your install before submitting issues given the rapid pace of change.

I am adding this as a blog post instead of a help file as things change so quickly it might be outdated in a week. Anyway, part 1 of probably several on setting up vmware fusion with Ubuntu 14.04 to develop Tendenci Open Source Software for Non Profits and NGOs. (disclosure – I work there, blah, disclaimer, blah, etc….)

First – install vmware Fusion 7. They have a 30 day trial so you can start with that.

Second – download ubuntu 14.04 from the official distro. Given Ubuntu appears to be heading towards the dark side lately, you will be fine just using Debian Linux as almost all commands are identical. In fact as one of the lead developers on Tendenci I can tell you I’ll be testing it on Debian, CoreOS in Dockers.

(As an FYI – you can also spin up a demo site of tendenci right now at https://create.tendenci.com if you just want to kick the tires. But I’d much RATHER see you join the community to provide future-tools to change the world.)

Now in pictures setting up vmware with ubuntu (14.04.2 and 14.04.3 are both fine – 14.04.3 will save you time on updates. So do that first after install:

sudo apt-get update && sudo apt-get upgrade -yy

1-vmware-fusion-tendenci

2-vmware-fusion-tendenci

  1. 3-vmware-fusion-tendenci

5-vmware-fusion-tendenci

 

This is mostly a useless graphic saying to install your preferences as you see fit. Other stuff happens before and after this. Carry on.

6-vmware-fusion-tendenci

 

Not a useless graphic. VMware’s console is a pain so you are definitely going to want to have openssh installed. 9-vmware-fusion-tendenci

stuff

7-vmware-fusion-tendenci

more stuff8-vmware-fusion-tendenci

confirm you did stuff

4-vmware-fusion-tendenci

now do more stuff – in this case install vmware tools so you can share the file system and don’t have to suffer through VI/Nano or whatever. Sublime is way better.

10-vmware-fusion-tendenci

In this image it says “reinstall vmware tools” but on yours it will probably say “Install vmware tools” – pick that one.

Next, what SHOULD be simple is definitely NOT simple. You have to configure Ubuntu guest machine to support vmware tools. Vmware exposes the tools into the guest OS but you still have to mount the drive, install, configure. What a pain in the arse. Anyway, Some helpful commands and from there you have to google your way.

Note at this point I’m assuming you are SSH’ed into your VM on the local and have done a “sudo su” so you are operating as root.

In the properties of your virtual machine make sure the CDROM drive is set to “mount”. In the guest OS you should then be able to do this:

sudo mount /dev/cdrom /media/cdrom/

and

cd /mnt/
ls
cdrom hgfs

This mounts your drive from vmware into the host. The fact that you don’t have a cdrom drive on a mac is irrelevant – it still maps it and gives you access to source files for vmware.

Next add your debian package keys or nothing else will work. Again, it is up to YOU to check if the paths are still correct as time changes everything. As I type this today these are correct

wget -qO - http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub | sudo apt-key add -
wget -qO - http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub | sudo apt-key add -

Verify they installed correctly

apt-key list

Add/create your files. Maybe check if they exist first so you don’t overwrite but the basics are:

touch /etc/apt/sources.list.d/vmware-tools.list
nano /etc/apt/sources.list.d/vmware-tools.list

Next edit your vmware-tools.list file to include the repo

deb http://packages.vmware.com/packages/ubuntu precise main

NOTE- if you aren’t on “precise” that won’t work so check your distribution (‘trusty’ etc…). Now install.

apt-get install open-vm-tools-deploypkg
root@tendenci:/# cd ~
root@tendenci:~# ls
vmware-tools-distrib
root@tendenci:~# cd vmware-tools-distrib/
root@tendenci:~/vmware-tools-distrib# ls
bin doc etc FILES INSTALL installer lib vmware-install.pl
root@tendenci:~/vmware-tools-distrib# ./vmware-install.pl

From there I take all of the defaults except for this one which I answer yes (it’s just vm after all.)

Would you like to enable VMware automatic kernel modules?
[no] yes

Check your mount points if needed

ls mount-point

If everything worked, which is unlikely out of the box as vmware has unfortunately not gotten along with Mac’s lately, but hey, if you got lucky you should now have a mounted drive at

cd /mnt/hgfs/ with vmware in it.

NOTE – several points in there, it doesn’t hurt to reboot your vmware host os. I apologize for not being more precise in this post but I know if I get the basics out there google or ddg will solve it for you. That is my only goal – to point you in the right direction if not perfect.

Lastly if the above, or a derivative of the above worked, then you should be close to doing something like this.

Clone the git repo down to your mac. For me I put it on my Mac in ~/Documents/code/webapps/repos/

then inside of the guest machine, assuming the above worked for you (test test test people) then you should be able to FIRST install tendenci the normal way using the instructions here

THEN, and only THEN, move your dist repo on the host (after you can pull up the site in a browser) to a different folder and sym link in your cloned repo.

For my dev environment this is done with:

ln -s /mnt/hgfs/webapps/repos/tendenci/tendenci /usr/local/lib/python2.7/dist-packages/tendenci

I’ll try to tighten these instructions up over time but wanted to get them out there as I honestly lost hours and hours getting just the basics working with VMWare. I get that it is faster than vagrant, but almost not worth the grief with the difficulty of getting the vmware tools working.

Helpful source links used in the creation of this wonderful blog post. Categorize this one as “something is better than nothing” and use your google fu (or is it “foo”?) to fill in the details. I’m only sharing it because my google fu ain’t bad, and it was a challenge for me. So…. helpful further links:

Tendenci issues: https://github.com/tendenci/tendenci/issues

VMWare file sharing: http://hplgit.github.io/teamods/ubuntu/vmware/mac.html

Ask Ubuntu notes: http://askubuntu.com/questions/29284/how-do-i-mount-shared-folders-in-ubuntu-using-vmware-tools

Proprietary to Open Source: Giving Away Six Million Is Hard

I have the privilege of speaking at SXSW tomorrow morning at 9:30 AM. I first gave the talk on converting our software from proprietary to open source at SXSW V2V in 2014. While much of the message is the same, I’ve been through more, learned more, made even more mistakes and learned from them, and I’d love to help other leaders AVOID my mistakes.

Proprietary to OS: Giving Away Six Million Is Hard

http://schedule.sxsw.com/2015/events/event_IAP42324

GoingOs

The journey for Tendenci going to Open Source seemed like it was going to be simple. Nothing could be further from the truth. It was very hard, and a cost me a lot of relationships, friendships, employees whose potential I felt we hadn’t even begun to push yet. And as I type this Tendenci is emerging from a crisis with EOL (End of Life) for our old proprietary version – the last cord that needed to be cut. We just thought we would dictate the timeline when in fact that hasn’t been the case.

There is a huge gaping hole in the market for The Open Source Solution for Associations, non-profits and NGOs. Because internationally price is a very real issue and if we want to make change, there has to be a free option that is multi-lingual and multi-cultural and affordable. Yes there is still a TCO to FOSS software, but nothing like the costs of proprietary software. And in my opinion Linux is more secure than the competition which isn’t just a benefit, it is a crucial requirement if you are using the software open source in a different country that snoops on your communications.

You must control your data. And over the last several years we have seen our P&L dip negative for the first time and now slowly come back up into the black. And the trend continues as you simply can’t compete with passionate people working on a solution and sharing resources.

But my talk tomorrow is about the transition. What have I learned that I can help others with. That is my goal. To serve the audience. To help you be smarter than me when it comes to navigating through the transition. Because it isn’t “going open source”. It’s taking a “proprietary mindset” and changing it into an “open mindset” and that can, quite frankly, be terrifying to many of us.

And I’ll leave with a photo from Austin from last night as SXSW is many things, and one of them is beautiful. Hopefully my talk will add to everything that is sxsw as that is my goal. It’s corny, but I really do want to make the world a better place.

#peace

The Internet has Fundamentally Changed – Here’s One Partial Solution

This post is based on the premise that 1) we have a serious security problem on the Internet and 2) money is the only (unnecessary) barrier to solving a large portion of it.

The Problem

The Internet has fundamentally changed. It is so virus and malware infected that a normal human being can’t keep their own PC, Mac or Linux computer from being infected. In other words, the Internet is broken. And our devices don’t work if they aren’t connected to the Internet.

Screen Shot 2015-01-23 at 4.43.01 AMIt’s just not right. Why should you have to become a security expert? And it DOES NOT NEED TO BE THIS WAY. There is no need for this. The powers that be over the Internet are CHOOSING this and you are the victim.

The (Partial) Solution

We can’t fix it all, but what if we could stop the bleeding by even 50%? Or maybe 30%. Or even 10%. It’s a start. These are our neighbors, our family, our friends and they are being victimized by identity theft because, well, because they are human. Well, reduce the crime? WE CAN! We just have to encrypt everything. By doing so, a large portion of the problem goes away.

Will there still be break ins? Of course. Frequency however will be radically less and you are far less likely to be a victim.

Why? Because the weapons of cyber-warfare are now out in the open to be purchased for as little as $500 on the forums. People are desensitized to it all and now just accept it.

As a company that hosts web sites, here is what I know to be true.

  1. Clients will use weak passwords and we can’t audit that because WE encrypt the passwords in the database. So if a client uses “changeme” or “123456” of “washington” as their password we can’t see it, but when you login from the local hotel the wifi isn’t encrypted and bad guys can. We can’t detect or fix this because its encrypted on our side. But if you aren’t using SSL then it’s NOT encrypted when you send it over.
  2. Example top 100 passwords used on Adobe after they were hacked. http://stricture-group.com/files/adobe-top100.txt
  3. Clients and end users are faced with hundreds of passwords so they use the same passwords over and over. If someone gets one of your passwords, they effectively get everything.
  4. With the proliferation of Open Source, as Tendenci is, developers will deploy a site for you, give it to you, and leave it to you to maintain. So are you running your security updates? Because that is your responsibility now.

Why don’t people encrypt their web sites? Because there is a $50 to $500 a year fee. Plus a hidden cost of updating it every year and paying your hosting provider to install your SSL certificate so the real cost is more like $250 to $1,000 a year.

So why?

Generating a certificate takes one (1) line of code. ONE LINE! Hosting servers to verify the certificates does come at a cost, but so does DNS and it isn’t anywhere near as expensive. Generating a key is technically FREE. Here – go do it for yourself.

openssl genrsa -des3 -out server.key 1024

The certificate you just generated is called a self-signed certificate. So if you visit the site from IE you get a scary message that it can’t be verified. BUT if you visit a site with no encryption, oh, then IE is completely cool with that. Onward thus. Proceed into into unencrypted unsafe territory with abandon. Do you see the problem here?

So what’s the motive? Why? Because of the cash machine. The certificate authorities want to charge you for their certificate chain saying that you are legit. But GoDaddy charges $270 for a wildcard SSL? Or Network Solutions can offer the same wildcard ssl for $494 with a 5 year contract.

So I guess if you aren’t rich your voice isn’t as legit as someone else’s voice? The bottom line is the certificate authorities want your money. Now, DNS service providers usually charge 10 to 15 a year to resolve your domain name. Tell me again why an SSL certificate is $50 to $500 or it gives a browser warning that terrifies people? It’s not a new debate, it’s a license to print money that deters security on the Internet globally.

It’s just greed. But the cost is astronomical to the citizens of the world. It’s like a city not repairing roads and ignoring the cost the citizens bear fixing their cars which is so much more than the cost of filling potholes and installing stop signs. It’s pennies for lives. Hence, cities fix the roads (for the most part.)

What if we flipped it? Why don’t you have to pay $100 a year to NOT have your site encrypted? What if security was the default? What if encrypted email was 10$ a month but unencrypted email was 500$ a month? Would that get people attention?

We can self sign web sites and email ourselves. We don’t need no stinkin’ web authority to do it. It’s one line of code.

Oh wait. Stop. Idealistic guy trying to save the world with open source disclaimer. Why not? Because of the “man”.

The browser will give you a terrifying warning about that certificate not being “approved” and IE will flat out block it if you don’t pay up. No, you must pay “the man” which is in this case the Certificate Signing Authorities who are powerful enough to have their codes shipped with all of the web browsers. What would their cost be to include a public domain certificate authority, much like wikipedia is for information be? Um…. nothing. Zero. Nada. They just wouldn’t get a kick back.

It’s generating an “approved” key where the registrars make all of their money. It’s about the money. It’s greed. Even from foundations like Mozilla – they could easily solve this by endorsing a free and open certificate signing authority. They haven’t. I expect more from them. Some leadership in this would be nice. Where is Lessig on this? Why is there no outrage?

I’ll tell you why? Because it’s too geeky. Too technical. People zone out. zOMG, I like to create things. I bore myself talking about this crap. But it matters. Encrypt it all. Now. And do it for free. If my client buys a domain name why do I have to do ANYTHING to encrypt it? Don’t they deserve that? Should encryption be the default. I THINK SO. And I don’t think you should have to pay for it given it is as simple as DNS and could easily be included.

And yet the powers that be continue to be the “Certificate Authorities” and they continue to make money causing only 4 to 5 % of the web to be encrypted. So you and I continue to be the victim.

Please tell me someone out there is a little outraged by this? Not that I/we/you aren’t the problem as well…. read on …

To emphasize the point on weak passwords (again – this is YOUR responsibility, but irrelevant if on an unencrypted connection), these are the actual top 10 passwords used on Adobe logins (mind you this software costs thousands of dollars and this is the key to get it.) 1,911,938 of your fellow citizens chose “123456” as their password. Seriously. Another 345,834 people chose the password of …. wait for it …. “password.”

Rank	Count	Actual (no really) Passwords
---	-------	------------
1	1,911,938	123456
2	446,162	123456789
3	345,834	password
4	211,659	adobe123
5	201,580	12345678
6	130,832	qwerty
7	124,253	1234567
8	113,884	111111
9	83,411	photoshop
10	82,694	123123

One simple solution that would significantly reduce network attacks. Encrypt every site. At no cost beyond the price of the domain name. Make it easy. And free.

Dear non-technical people – please stay with me for a moment. I know I have to use a bit of geek speak but I want to try to explain the ruse that is being played on you. That it isn’t needed. That the cost of certificates is almost non-existent and you are the victims.

Encryption explained in one paragraph (simplified)

If I give you the number 21 and ask you what prime numbers divide into it besides 1, there is only one way to find out and that is to try every prime number. But if I give you 7 (my “public key”) and you can verify very quickly that it divides to a prime. That’s it.

Solution – every web site is encrypted with SSL by default and you have to pay extra to NOT encrypt your website. Done.

Obstacles – the companies that sell SSL certificates don’t want that. I pay $300/year for our wildcard certificate and what I am proposing is that they be given away for FREE TO EVERYONE WHO GETS A DOMAIN NAME.

Seriously, this isn’t a game people. YOU, as an individual need to not use dumb passwords. As programmers say, like it or not, “you can’t fix stupid.” Yet I do have sympathy given the average human has NO IDEA of the cyperwar that isnt pending, it’s happening NOW!
Screen Shot 2015-01-23 at 4.42.20 AM
Thus WE, all of us need to have everything encrypted end to end to avoid the obvious. Occam’s razor.

django can make some weird db schemas. just sayin.

When you have awesome people and less than awesome results, it is usually one of three things

  1. leadership (me),
  2. processes or
  3. design (in the global sense of project design patterns).

I set all three as CEO for our rewrite of Tendenci to the open source software platform for nonprofits. Thus no matter what, I take 100% of the responsibility for delays between 2009 and 2014.

To be clear, I’m pleased with the progress on Tendenci, self hosted or our hosted solutions. Basically the team kicked ass on Tendenci 5.1 and I’m proud of them. It was definitely a cumulative effort from many people, past and present, addressing an incredibly complex problem – people.

Tendenci is about people, it isn’t a shopping cart selling shirts (and shopping carts can be complex, just nothing as complex as human behavior).

Tendenci is designed to be as simple as possible, but no simpler. The “minimum viable product” of 2009 is not something our client base wanted to hear about in 2014, even if the new version of Tendenci does mobile and much more. People don’t like to go backwards from what is now called “agile” development.

Lesson 1 – if you want to get REALLY agile – only build what people fund.

Yes, only build funded modifications. (Or contributed pull requests as time is money.) It’s amazing how many people will suggest a great mod. Everyone uses the web so clearly they are experts sharing their wisdom of how it should be built. As if driving a car makes me qualified to build one. And when you say 4k for the mod suddenly the programming module they desperately need isn’t relevant and they find another way.

Why? Why charge for modifications? Priorities. It tell you what people value. And we did that very well from 2001 to 2009. Resulting in a stress tested solid product. But proprietary because 2001 was a bit too soon to start building open source web apps. We had to start over if we wanted to be open source, so I pulled the trigger.

Then I tried to simplify things a bit too much. Things got a bit too Web 2.0 with blocks and giant fonts losing all data density in the display. Upsetting our power-users and looking clunky on screen. My bad. (the good news is it is mostly fixed now.)

Why is oversimplification such a fail?

Think about your car’s dashboard and controls. Look at them when you next get in your car. Incredibly complex information, right? Vast amounts of it. Presented while you are going 70 mph. Just wow. If what is fundamentally a horse (staying with the horse/car analogy briefly) with no visual controls, has evolved to this level of complexity, then exactly how simple can you make Association Management Software? Well, it isn’t a simple problem. 20,000 users on a web application is much more complicated than a car. Or a shopping cart.

Tendenci – because humans are complex. Groups of humans are even more complex!

So why this post? I’d like to start sharing what I learned along the way. Why this is one step in a long journey. And hopefully our clients and employees and the entire open source community will benefit from it. If not, then those who prefer destruction over creating something, those who laugh at people still tilting at windmills, then they will have won and there will be written documentation of my folly.

All I can do is tell you a bit about the journey. Record it along the way. And schedule blog posts over time.

Disclaimers: For the purpose of this series of posts I make no apologies if I speak Geek or brutalize the English language with poor grammar and typos while using pseudo-code to express programming concepts, all mixed up together with abandon in horrific run-on sentences. It happens. Go read another blog if it isn’t your thing. This one is mine.

As for the database schemas – I’ll cover that in a future post…for now suffice it to say I have had to relearn the primacy of MVC is MODEL-CONTROLLER-VIEW in that order. And it takes discipline to do that with Django. More later….

SXSW V2V – Proprietary to Open Source: Giving Away $6M is Harder Than You Think

My presentation slides from speaking at SXSW V2V in Las Vegas this week. The official description is below and they are producing a video so I’ll either update this post or add the video as well.

Proprietary to Open Source: Giving Away $6M is Harder Than You Think

After 15 years running a successful business, Ed Schipul released the source code for his proprietary software, Tendenci, to the world. Foreseeing the impact the cloud, mobile, and GIS, Ed knew he had to change his business model or become irrelevant. Open source was the path to future sustainability and innovation.

There were however, seemingly insurmountable challenges. Tendenci 5, the first open source CMS platform for nonprofit organizations, had to be completely rewritten from .Net, ASP and SQL to Python, Django and PostgreSQL. From Github to cloud software, he had to choose all the tools to put in place to support his rewritten product and new architecture.

Lessons learned from the transition include the importance of testing and how to make your application’s architecture more scalable as well as what open source tools have proved to be most valuable. Ed will share his reasons for thinking that all of this is the best choice for both the product and the development community.

See more at: http://schedule.sxswv2v.com/events/event_V2VP29570#sthash.SM08HnZT.dpuf

Apple’s switch to SMB2 with Maverick and Developing with VMWare and Ubuntu

On Tendenci development configuration…. Through one of the thousands of sources of input that hit me in a given week between websites, newsletters, other programmers, employees and random people I talk to, it finally clicked with me the significance of Apple switching to SMB.

OK, to back up for non-geeks. Computers talk to each other and devices like printers using common protocols. Microsoft, going back to modifications to DOS has used SMB. (skipping a bunch of history here.) Fast forward to a few weeks ago when Apple released OSX Maverick for free. In the release of Maverick everyone talked about how it was FREE. They are giving away the software counting on us to buy the hardware. OK, I get that.

Tendenci Open SourceWhat they also did was change from their own network protocol, called Apple Filing Protocol, and switched to Microsoft’s protocol SMB. Wait, what? Why?

Well, first Apple made their OSX Server software $50 in the app store. A comparable server software package from Microsoft is $2500. So I purchased a Mac Mini server. Sadly with even 35 users it wasn’t that fast. AFP is slower that SMB I’m told. But they could have improved AFP. Instead Apple made the switch to SMB. This not only speeds up their server but most importantly it allows MACs to connect to local area networks managed by Microsoft Servers without any extra software or tech support needed.

Apple is moving into corporate America folks.

Apple owns the home/consumer market in my opinion, even if I have an android phone our house is full of mostly Macs. 1 or 2 PCs or Linux but mostly Macs. Our company is already fully switched to Macs and Linux and the Cloud. But a lot of companies have not. I’ll leave predictions of Apple’s strategy to break into the Fortune 500 to reporters far more qualified than me.

What I do know as a programmer is that my life just got a LOT easier.

/back to geek speak/ We program on Linux but use Mac laptops. So we are always connecting back and forth which is a pain. And developing locally, on an airplane for example, I need virtual linux machines that run on my local computer. For that I used to use open source Virtual Box by Oracle, but it’s too slow on a Mac IMHO. I tried VMWare Fusion 6 and apparently they have a deal with Apple allowing direct access to the hardware. All is know is that VMware is MUCH faster than virtual box or vagrant. And I’m impatient so I’ll pay the $70 ish for VMWare Fusion.

Previously to share folders between my local computer (Mac) as the host computer running a virtual Linux computer on VMWare (Guest) required me to set up sharing through VMWare. This gets complicated. Your host folders are mapped to /mnt/hgfs/ inside of linux. If you symlink into a project and install software, given it is a symlink that means your files will still install in the /mnt/hgfs/ folder. For example:

Project folder path to virtualenv inside of Linux 12.04 LTS might be:
/var/www/projects/mydjangoproject/venv/
Linking from VMware Fusion you would create a share perhaps similar to
/mnt/hgfs/shares/projects/mydjangoproject/venv/
that pointed to your virtual environment folder.

Because this is a sym link, if you install a virtualenv for example the path maintains the linux path. So a “which python” gets you something in the /mnt/hgfs/shares/projects/ folder instead of the /var/www/projects/mydjangoproject/venv/. This makes portability a problem.

Samba to the rescue. The above method required configuration of the virtual machine through VMWare fusion, which slows down designers. And doesn’t easily port to VirtualBox or Vagrant. You can make magic happen by using Samba:
https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html

Installed in the guest OS, for me 12.04 Ubuntu, and setting up your /etc/samba/smb.conf file with something similar to this:

[www]
path = /var/www
browsable =yes
writable = yes
guest ok = yes
read only = no

Restart you VM and magically in Apple’s Finder you will now see the local VM in your “shared” portion of finder.

Lastly for the programmers out there, do a bit more research before using anything other than NAT on your local for security. You have to configure file sharing security on the Mac host. Samba sharing security via smb.conf. And chmod/chown security on the folders and files inside the linux guest. While it might be tempting to just blow down the house with 755, remember that whoever takes that image might bridge the adapter and…. well, that would be your fault. So be careful out there kids.

Still, loving the fact that my directory structures can be identical, that I can pass off a vmware image to a colleague and it JUST WORKS. Dreamweaver edits, bash, git, whatever. Between SSH and the adobe suite you are now all powerful to make better looking applications using better software. Rock. On.

it’s value, not time, that matters

theory-practice-yogiFrom the amazing book by the creator of Freshbooks called Breaking the Time Barrier.

Page 18:

“I guess I’m not sure what you mean by value.”

“The value of what I do,” Karen said, “is based on the impact I can have on my client’s business. Impact is how they value my services. So I look at pricing from their point of view. They don’t hire me to design a website for the sake of designing a website. They hire me to design a website that’s going to help them from their perspective—it’s clear I’m not selling time. Instead, I’m selling a solution that is going to make an impact for my client and achieve some business objective.”

Page 20

I’m not a collection of hours,” Karen said. “I’m the accumulation of all my skills and talents. I’m wisdom and creativity. I’ve stopped seeing myself as a punch card. My clients don’t see me that way either. Yes, sometimes, I’ve had to change my client’s mind-set. But it starts with selling time. The best thing you could do for yourself is to get the concept of time out of your head.”

It puts you and the client on opposite sides of the table. If you’re selling hours, it’s in your best interest to take longer, to bill more hours. But your client is interested in getting solutions that work as promptly as possible. What if you work quicker for one client than another but deliver the same value. Should you penalize the client you worked longer for? If you’re slow, it’s not their fault.”

“And if you get quicker at something,” Steve said, “which was happening with me, you should get rewarded, right? But I was charging less if it took me less time.”

Yes, software really is a mission

I quoted what I believe is a great blog post below by Michael Stanton. It relates to our company as well because we work primarily with non-profit organizations. Business or NPO, you work with a company online and it’s a relationship and not a transaction. You share a vision, or it won’t work. Period.

Does your RFP ask what their vision is? What their mission is? Or just for a copy of their financial statements?

Yes, software really is a mission. For our company I call our overarching beliefs and values our vision statement. The reason I look forward to work versus showing up early but only for a paycheck and jetting out the door at 5:51 is the vision. You can’t sustain 15 years for the money. Here is our vision statement:

“To Connect and Organize the World’s People. Do Good.”

When reading the article below replace the word “mission” with “vision” and it is a fair test on if you should do business with us.

If you don’t share that vision, then it won’t work. It just won’t. Sure we will make you money because we are really good at the whole marketing thing after years of study (15 years old, 30+ employees, 400+ clients, there is a reason agencies are constantly trying to steal our people and buy our company! Curious why I say no? Because I don’t believe in THEIR vision. I did the 9 to 5 thing at companies I didn’t believe in. It was hellish.)

Call it a vision. Or a mission. Whichever, yet THAT is why you should or should not do business with a company. Because I promise you as our CEO that the vision drives Tendenci 100%. And we don’t hold much back from the Tendenci open source for non-profits either. Here is the full quote from the article:

Software as a Service is no longer an accurate description of the paradigm of innovation, of the relationship between customer and service provider. We need a more accurate term.

Software as a Mission.

Software can move so fast that customers are not only not buying a static product anymore, they are also not subscribing to a defined service, they are now believers in a mission and hanging on for the ride. And the ride is fast enough to be a bullet train, but can also be a roller coaster. Companies that seem promising can suddenly get acquired, or go down in flames from premature scaling. They can get a strong competitor coming out of left field.

The question is no longer “Do you like the product?” As much as: “Do you believe in the company? Do you believe in their direction? Do you believe in the team?”

And if you bet on the wrong horse, it’s not as big of a deal as it used to be. You just take your credit card to the next one doing the thing you wanted doing. No big deal. The cost of implementation is usually just people hooking up their identities and choosing a password, at most uploading a spreadsheet.

By the way, this also means you won’t just have one vendor for what your communities or teams need. You’ll likely have several, and functionality will overlap. We’re going to have to be Zen about that.

So, let me ask you this question: think about your vendors. Picture them. Do you believe in the company? Do you believe in their mission, their direction, their team? Believing is so important because great teams can ship software really quickly, and what you have next year will not be what you have this year. Believing is important because small teams of people can now produce software that millions of people use. (At one point there were almost 2 Million Twitter users for every Twitter employee, same goes for Instagram.)

(excerpt from )

And I’d like to highlight one part again. Because oddly enough it applies in both directions. We have a sales incentive program that does not discern between clients who share our values and those that don’t. You can look back at every deal that unwound and it is either communication or a lack of aligned values. In the next paragraph, repeated from above, i have replaced the word “vendors” with the word “clients” and changed the audience to our employees, outsourcers, vendor partners and to the extended tribe. To (slightly) misquote Mr. Stanton again:

So, let me ask you this question: think about your vendors. Picture them. Do you believe in the company? Do you believe in their mission, their direction, their team?

While it is a common saying for us to “get to “no” fast if we aren’t a good fit.” I think the same goes for prospects. IBM was the biggest so the saying in the 80s was “nobody ever got fired for buying IBM hardware” even though it cost a premium. Yet that also wasn’t the key to great success. Dell seemed invincible. And right now the only PC company I see that I think “cares” about what I do, that I believe every employee shares the vision with, is Apple. And Steve isn’t there anymore. Yet the vision remains.

Purchase the proprietary market leader for your NPO if you are there for the paycheck and not the vision. And while the message might be self serving given Tendenci was started by our company, it is worth noting that the White House is now powered by Drupal. They believe that the company that powers Drupal, and that Dries himself, believes in the importance of open government from top to bottom. I believe it too. It really is software as a mission as

a user is a user is a user – database design fundamentals for marketers and programmers

Even in the mainframe days we had the golden rule that every user, person, student, teacher, whatever, on the system had a record in one (1) location.

Sure there might be descriptive data in another location. It might be a central table as simple as userid-username-password-role with a one to one relationship to a “role” table that then linked to the appropriate table for that role. Kung Fu Master versus Adjunct Professor. You get the idea. In Django this is the auth_users table with a relationship to the profiles table. But it is sooooo tempting to ignore the intention of the designers of Django, to break away from their DRY principles, and come up with a different system to reduce the number of records in auth_users. Despite lessons learned from Discus, the world’s largest Django application.

I followed that law, that a user is a user is a user, and wish I could credit it to the correct professor from my mainframe days on VAX using FORTRAN 4 and then FORTRAN 77. I was taught as early as the 80s that there was always one (1) place for humans (in a database at least). When Microsoft Access came out and everyone became an amateur DBA they suddenly created tables for “students” and “teachers” and “staff” which required duplication of data all over the place. It became so brittle that if another programmer worked on your file they had to know every field in every table. In other words – it was pathetic. I swore I would never do that again.

But I did forget. My fault. You can’t blame the young guns with two or three years of experience as they haven’t suffered the “mile in shoes over broken glass” of permissions for humans in disparate tables. Which might work, until you hire the next programmer and they go “what the F were you people thinking….?” This one is all on me.

One user. One record….. – so simple and yet so profound. It is the singularity in database design. No exceptions

That rule, “one user, one record” served Schipul.com and our clients well recurring revenue and a nice margin with true database integrity for over 10 years. We all made a profit. And the software? “It just worked.”

As a public post so I don’t do something this stupid again in the future, I am posting these two pages from the book Direct and Database Marketing by Graeme McCorkell. I used it with Tendenci 1,2,3,4.x+ and it served us well for 10 years. And then I forgot. Uuuuuugh. Double+plus+dumb points for me. And unfortunately this is hurting our clients through delays which is what really kills me.

One user. One record.

A user is a user is a user.

Here is to Tendenci 5.1 being pushed out in a few weeks. Major strides in the right direction. Back towards DRY and simplicity. Simplicity is best.

SchipulCon in two days – Oct 45, 16, 2009 at the Houston Zoo

What started in 2007 as the Tendenci User Conference, was canceled in 2008 due to a very unwelcome hurricane, has now morphed into SchipulCon 2009. Planned by @MagsMac, the conference has a great lineup of speakers including Deirdre Breakenridge, the author of PR 2.0.

The full SchipulCon 2009 Agenda is posted on the site. And registration is here.

And of course a HUGE thanks to our sponsors without which this would not be happening!

Southwest Airlines Porch Swing Desserts YouData
Bright Sky Press Coffeegroundz St. Arnold's Brewery
Mashable OneShot Tequila Web Entertainment Guide
Israeli Wine Kolache Factory 1560 The Game
C-47

Social Software is Bigger than Search

"Social Software is Bigger than Search" is something we say around the office a lot when discussing Tendenci.  So I really liked this quote sourced from  Bubble Generation (via Eric "Mr. Snarky" Rice)

Web 2.0 cannot live up to its (enormous) potential to create value that’s
structurally disruptive until and unless technologists understand consumer
dynamics.

Web 2.0 can’t live up to its game-changing potential until and
unless the geeks step outside and think outside their own box of geekery.

and later in the post

…why are these issues so difficult for the geeks to grapple with?

My
answer: because for geeks, marketing, branding, advertising, etc are eeeeevil.

A long time ago I met with a VC on a different project and everything went great.  Until the question of "how are you going to market the product" and my answer was (seriously) "I am going to hire a marketing manager."  Straight faced.  I said that.  For the record – that is officially the WRONG ANSWER.

So ironically if you read the bubble generation post, it was a question by a VC that led me to focus on marketing first.  To obsess on the client’s success.  Using technology yes, but the tech serves the marketing and the sociology.  And the truth is after a while programming isn’t so tough and humans remain interestingly complex creatures worthy of study. So it all works. Sort of.

Distributed Authoring – Vocal Authors and the Silent Majority in Associations

ExampletendenciauthorspiechartsSome eye candy for those interested in Associations and Organizational dynamics. 

First, I firmly believe that successful online organizations can be identified by looking at three primary characteristics:

  1. Distributed Authoring – humans adding content and the wisdom of crowds
  2. Strong Subgroups – meaning active committees under 150 people typically
  3. Transparency – a level playing field must be in place for all with controls

These were first articulated in "Engaging Your Membership: What Are You Doing and What Should You Be Doing?" and the Distributed Authoring bullet was expanded in "The Concept of Distributed Authoring for Membership Associations – Getting Your Association to “Virtualization”.  And of course everything we program in Tendenci is designed to facilitate these three organizational goals.  But at the end of the day it is up to the association to determine the action and policies it will demonstrate.

Some data.  Here is one graphical snapshot from a randomly selected Tendenci client in aggregate.  I changed the numbers a bit, but in a statistically consistent way so the trends are valid.

ExampletendencisitedocumentsaddedalluserThis first graph is almost completely useless.  I am just sharing my initial frustration.  With over 10k users on the site, less than 50 are adding content for others to read. 

I filtered out stuff like editing a profile or registering for an event as those are more data entry in my mind.  Authoring means contributing an article for the newsletter or posting an event on the calendar (again this is subjective and my opinion).

ExampletendencisiteactiveauthorspowerdisOf the members of the sample association adding value to the group as a whole through authoring content, they follow something close to a power curve. 

I did try fitting a logarithmic and an exponential distribution, but the power curve was the closest match despite the divergence as it approaches zero.

This last graph is a pie chart limited to people who actually added content.  Again the data has beenExampletendenciauthorspiecharts changed a bit, but not much, so the trends are consistent with the actual distribution.  Note again that there are two or three super users adding most of the content that is read and absorbed by the entire membership

Specifically the top 5 users are adding almost 85% of the content. 

One possible explanation is that someone is functioning in an administrative role (not the security level but the act of functioning administratively) with others emailing articles and society events to post on the site.  This is likely in my opinion based on observing interactions and I made no effort to correct the data for author versus typist.

Exampletendencitrends_1A possible future post or article should probably look at which articles and events are being read the most.  Something along the lines of what AttentionTrust is interested in as long as it can be done anonymously for the users (nobody likes big brother, especially me!).  Thanks!

Speaking of visualization of web analytics – Visitorville 3D

Vv3dinsidepartysmallFrom an email link from Lauren to http://blog.outer-court.com/archive/2005-11-22-n58.html I visited VisitorVille web statistics for the first time.  Brilliant.  Not sure how it would scale, but what a cool refreshing new look at understanding social patterns.

What it appears to do well is show you the progression over time of traffic.  What is still missing apparently is an easy method of drawing conclusions about motives based on large amounts of aggregate data without walking through every site path.  That problem I will leave to the Web Analytics Association (disclosure: WAA is a Tendenci client of ours so I am biased.)

PRSA Memphis Site Launch October 2005!

Prsamemphis I finally got to visit Memphis for the launch of the new Tendenci organization based web site for the Public Relations Society of America Memphis chapter.  The PRSA Memphis web committee did a great job of launching the site on a tight timeline. 

Shout out to Kim Lange on our team for driving this project.  Definitely in the category of "easier said than done" – not that guiding PR professionals is like herding cats, but there are easier tasks in the world.