On this day, on Martin Luther King Jr. day 2020, we encourage everyone to read Dr. King’s speech.
Don’t read the news “about” it. Read the docs! https://www.archives.gov/files/press/exhibits/dream-speech.pdf
On this day, on Martin Luther King Jr. day 2020, we encourage everyone to read Dr. King’s speech.
Don’t read the news “about” it. Read the docs! https://www.archives.gov/files/press/exhibits/dream-speech.pdf
Data lake – it’s a big, partially structured and differently structured set of data from your association that you can use to answer interesting questions. Think of it like throwing everything in your pantry into one magical cauldron and it comes back with answers. Of course be careful what you ask, as SECURITY IS ALWAYS JOB 1! But it’s cool.
This is how AWS visualizes it:
Having been personally involved in politics, analytics, electrical engineering, programming, robotics, public relations and media strategy not to mention the whole entrepreneurship thing, I must to start with a warning; do NOT go overboard.
Luckily Tendenci as your AMS makes this a whole lot easier with all of the ways to import and export data (or your whole database.) And pretty much every report has a structured export as well, from custom forms, donations, event registrations, memberships, you name it. You have FULL ACCESS to YOUR DATA in both flat files and in the actual database schema. For example:
I like this quote from wipro:
If the data in a lake is not well curated, then it may turn into a data swamp, flooding an organization with information.https://www.wipro.com/en-US/analytics/five-best-practices-to-keep-your-data-lake-healthy/
You can see more screen shots of the built in reporting within Tendenci. Yet let’s be realistic, you are integrating data from many sources and a Data Lake including but not limited to your data on Tendenci might be just the thing. Contact us for more, because we LOVE DATA!
And we’ve got over 20+ years of experience to back it up.
Why not make 2020 the banner year to grow your membership and donations? Because that’s what we THRIVE ON! YOUR SUCCESS!
To stop the spread of misinformation, you need actual information, intelligence, subject matter expertise combined with critical thinking. Do that and the result in knowledge. Hence it makes our team happy, not taking a position either way, but to see that our software can facilitate dialog about tech from silicon valley to human rights issues in Hong Kong.
We are the paper the newspaper gets printed on. Some stories need to be talked about in a safe place without the influence of Facebook or Google or Twitter, etc. One of those clients is The James Baker Institute for Public Policy. This post was automatically blocked by our firewalls for a number of IP addresses, I can only assume because of it being a hot topic.
All super users / admins on all Tendenci hosted sites will need to reset your passwords today. This can be done at <your site> /accounts/password/reset/
Why? People reuse passwords. You shouldn’t, and you know that, but you probably do. Therefore, in an overabundance of caution given the large number of data breaches on the Internet this year, we are resetting all superuser passwords to a long randomized string unique to each. I’d also like to emphasize that:
A quick visit to https://haveibeenpwned.com/ will show you how pervasive the problem is.
Next step: go to your login page and click “reset password” and pick a unique password hopefully with a space ” ” in it. Tendenci accepts spaces in passwords so USE THEM!
To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.From: https://www.it.ucsb.edu/password-best-practices
Security is our top priority. Security is an inconvenience. Security best-practices are far better than the alternative. We apologize for the inconvenience but it is, after all, what we are paid to do.
This decision was made by me, Ed Schipul, the founder and CEO. And it was done without advance notice specifically to prevent bad-actors from knowing about it in advance and sending phishing emails to you. The Internet is unfortunately a rough place right now. Stay safe out there!
The European Union’s General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci “the Company” does not engage in cross site monitoring. It creeps us out a bit.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.
Keystroke loggers record every virtual keystroke you make. Have you run your security updates. (And Mac people? Windows people? I’m looking at you.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ******************************************************************** Microsoft Security Update Summary for April 10, 2018 Issued: April 10, 2018 ******************************************************************** This summary lists security updates released for April 10, 2018. Complete information for the April 2018 security update release can Be found at <https://portal.msrc.microsoft.com/en-us/security-guidance>. Critical Security Updates ============================ ChakraCore Microsoft Edge Internet Explorer 9 Internet Explorer 11 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 version 1709 for 32-bit Systems Windows 10 version 1709 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server, version 1709 (Server Core Installation) Important Security Updates ============================ Excel Services Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Excel 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft Wireless Keyboard 850 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Word Automation Services Moderate Security Updates ============================ Internet Explorer 10 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security information, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwi zard.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlrL6acACgkQEEiO2re1 8ugDURAArw0n30Pv02dQJfwqf1VYnPG6BYdURT3TYf5QMMQweIG9y8aKnhCHJn55 JHmlNKsGcOOaEIid6On+ihUw0uHjx/Ct6XKtl/QDnZTt5AKt8Whj/8+LjPSQgPmF +utXhqZBW/IeNgvtVaPLM55XXgao6IFt/UH0WKydV1AWdZ3/PuMR4hOIAwVHUBj9 z1MigLNkfWGUXZi02T7W4E/3Ea3nEdQnECvHsk/j2nF+k85FMPf1T3TOUE/sdNQI F0m1za2FAU9E+GNLIyQ3hVdx/Zw2sI8WeqtL+48IZ1UNZ1XcwYUmZ/aN3x9hvqSj MLbQXFTSmsXdV97eQYQmVEnkqC/KtYMnupXWULfTn6LnqqT17R10Zk94xVRFtMWo ed1abogGO2x+UMulcrwrEjReQ3vhT1rJSvk7o/YbhbWo/D2o67oOzGx+Cz2ROXWt CbLOie9q+UOXDjPBuTzPeG24f4AVKiIPr2VwTWY4IGjysENpSr+L1JPhL4KdO/yy mLalrJmChPWuRR9y3sn3/hS9Blk7qMZEVWGGhizPbF68tXhnrTdz4lLj5d/gnWus HXgm92RftfEjMEDp9SlWZZAMbKNzihMB8sgXJl52N8emhD4wsRqmh4E13TBHrBxk h54mC77b1aWJqcIqo5b0RAyNW0BTmaikL3enEEriFtZQiZZzq5k= =Dn1R -----END PGP SIGNATURE-----
In Tendenci – the Open Source AMS’ latest transparency report, yup, nothing has changed. Yea!
What other MAJOR AMS can you self deploy on the servers of your choice? In the data center of your choice? In the country of your choice? With the encryption and firewall restrictions of YOUR CHOICE. That’s the beauty of open source.
And the price starts at zero. It. Is. Fully. Open. Source.
What is Wild Apricot’s transparency report? After all, they are recently touted as the new kid on the block. Welcome! Yet what is their position on transparency?
Disclaimer in defense of Wild Apricot – in all fairness, AMS systems take a solid 10 years to write. They really are doing a great job catching up, I’m only addressing transparency in this post. Plus at Tendenci, we love a good strong new competitor adding value for NPOs/NGOs and Associations. We love that they are leveling up. All we’re saying is, let’s see their transparency reports? Why not be open source?
And yes, that is a challenge. Step up people!
Regarding Open Source – hey, why not support local: Tendenci pricing starts at ZERO ($0.00). Many people host in the Tendenci Cloud at AWS because we’re a good fit. Yet, our hosting pricing might not work for you in your country, right?
If so, then why not support a local developer in your community? Help build your home country’s tech sector by supporting your local developers!
Back to the business stuff – we have updated our latest transparency report. No changes. (check mark in the “no changes=good” column folks!)
Even though the competition is (mostly) NOT truly free and open source, that doesn’t mean they can’t be responsible and tell you if they have turned over your data. It does mean that any proprietary vendor offering free services is selling your data.
Is your AMS handing over, or monitoring, all of your data? Perhaps to the highest bidder or to the country of origin? You have a right to know.
Seriously, if any sector in the world needs responsible disclosure, it’s the association and non-profit/NGO sector.
Yes, we understand that warrant canaries aren’t completely cut and dried. But at least a good faith effort? Why are other AMS systems not posting transparency reports?
If the FBI stated that NGOs/NPOs/Associations were the first target of the Russian propaganda campaign to influence the US elections, then I personally take issue with this.
NOTE: Propaganda and motives of foreign countries does NOT mean collusion. Collusion, and hopefully there wasn’t any, is not a topic we are addressing at all. (That’s for the politicians and the courts to figure out. We’re just programmers trying to do good.)
Really, we call on all of the alternatives to Tendenci to adopt a transparency reporting policy.
Why not? Even proprietary companies can be transparent, right?
Why hide anything from your clients, open source or not? We don’t get it. End users don’t have to, and shouldn’t, tolerate hidden data disclosure.
Transparency reporting is just one more reason we’re passionate about helping associations and non-profits with their causes! We try to take the high road. Yet now, it’s not just about data collection, data mining, cross site tracking, Russian to popular AMS systems, it’s about just having integrity to tell people what is going on.
Yes, stay with your trusted local developer. Just please fast check them and demand access to your code, access to all of your data, demand access to your rights. And yes, demand transparency.
That’s how we roll at Tendenci – brutally open and honest, full access, association management. You know, kind of like WordPress is for blogs and CMS. Open!
At Tendenci, we recognize the value of the work you do. And we believe you deserve OPEN. In fact, we think open is baseline.
We hope you do too. Because Associations matter. You matter. #rockon #demandTransparency #ams #associationmanagement #asae #associationchat
March 16, 2018: Russia is targeting our critical energy infrastructure. This security bulletin is regarding Russia targeting Energy is a TLP white.
We appreciate the assistance from the agencies allowing us to share this with our clients promptly. (Notes below **** )
Russia is targeting our critical infrastructure. The US InfoSec has partially enabled this by allowing the NSA code to be hacked and the OPM database to be breached. Not to mention facebook, equifax, chase, target, linkedin, etc.
… This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks.
NOTE: please note we have no evidence of anyone specifically targeting a client beyond those we have contacted directly by email or phone call.
All of those incidents, some of which are on-going, pre-date the incidents as described in the bulletin above. Internally we monitor and address individual incidents directly.
If we (Tendenci) detect a direct threat with our security infrastructure at AWS and redundant logging and monitoring. Know that we will contact your team. If it is more global in scope monitor our social media (this blog, tendenci twitter. Further we recognize the importance of protecting your data. And the importance of your privacy.
I will add that there is little doubt in my mind that the InfoWars don’t also extend to purchasing advertising, perhaps through a third party, on mainstream sites like Netflix, Youtube, CNN, FOX, Telemundo, etc…. they just haven’t reported it yet.
We get it. Just please, tell us that you understand it as well? This is a huge expense for us internally and it has the intended result – less innovation and more defense. More resources get tied up to maintain what the client sees as “the normal state of affairs.”
These are the facts of our current reality. We do not have the privilege to ignore reality.
Today is International Women’s Day. It is great to see the support of so many different companies behind International Women’s Day. Tendenci, which has historically had far more women in the role of Programming Manager, and which currently has far more women than men on our team, we obviously agree.
Google has a great video worth watching on International Women’s Day:
On a personal note (this is Ed typing) it’s hard to believe it’s been over a year since I photographed the Women’s March in San Francisco in late 2016. Y’all just keep rocking. Please!?
For more on The Open Source AMS integration via API visit our AMS API Helpfile
Tendenci – the Open Source AMS is unique in that it is fully open source. However at times people would prefer to use an API to pull specific information. For that Django has several API integrations for your Association Management System such as:
django-tasty-pie is a REST based API to your AMS
The Django Rest Framework is also something the Tendenci community has been discussing switching to it as well.
API’s aren’t mutually exclusive after all, right? You have options.
Tendenci doesn’t meet all of the functional requirements for everyone by design. Instead we work with great technology like machine learning. The open AMS community isn’t focused on reinventing the wheel. It just doesn’t make economic sense for a non-profit, or even a for profit company, to reinvent Amazon.com or Ebay.com. This is particularly true if you are causes-based association or non-profit given the expense.
Non profits don’t have money to waste. Therefore we aligned our product to major industry supported technology.
Our technology stack as of 2018 is:
For more on The Open Source AMS integration via API visit our AMS API Helpfile or read up on everything Tendenci Works With. Or if you aren’t into open source, there are definitely alternatives to Tendenci.
If you do pick an alternative, we suggest you consider Security FIRST and go from there.