Tendenci – The Open Source AMS Blog
Community Blog for Open Source AMS Makers
To our Tendenci 5 and 6 clients. We will be applying updates to the sites tonight and tomorrow night. Please expect intermittent outages of up to 30 minutes during the course of the upgrades as we migrate sites and continue our focus on increased security.
Note these will be rolling updates and will not hit every site. While they are preventative in nature, they are critically important to prevent future issues.
For our Tendenci 5 and Tendenci 6 and Open Source clients in the wild – you’re cool. Move along. None of this applies to you. If you don’t have a “.asp” in your file extensions on your site it doesn’t apply to you.
Seriously, we love you, but off you go. Go check out the source code at https://github.com/tendenci/ or something. None of this blog post applies to those of you in the 95% majority of our clients.
This isn’t to say we don’t think you look great today. You do! And we’re looking forward to being able to focus on YOU more after tomorrow.
A HUGE THANK YOU to all of our former T4 clients who have chosen to stay with us and upgrade to Tendenci 6.
As we’ve communicated to each of you individually, there may be a period where we have a holder page up for a bit and unlike a usual long term project we will be going live and incrementally flushing out the site. It’s a lot of sites. We are going to focus on functionality first, SEO next and then bring more uniqueness of design per the scope of each of your migration projects.
We’re excited for both of the groups above that we will be focused on one technology stack and can accelerate Tendenci’s growth.
For our former clients who were running on Tendenci 4 and are choosing to leave, we’re sorry to see you go. I get it. I hated the idea of giving up my blackberry because “it just worked”. Yet now I can’t imagine not having a smart phone. Software is emotional. It just is.
We have to move forward. Tendenci 4 was never going to able to work on a mobile device because it’s legacy went back too far. Microsoft declaring end of life for Windows 2003 was the final straw. It was time.
[IMPORTANT! If you are pointed at our DNS Servers or Email Servers make sure your new provider makes these updates!]
I believe we have communicated with everyone in person at this point, and the remaining group is small.
This is just a courtesy reminder that you may want to have your new provider make their DNS entries tonight to avoid any downtime. Don’t forget they will need to set up email relays and transfer dns servers so be nice to your new vendor and give them another reminder please as all of us want to see you succeed.
A website is an ecosystem of databases and content and media and email and relays. Be sure your new provider, if you chose to leave, is on top of it.
Please know that we have appreciated your business and wish you the best in the future. You are always welcome back, or even consider using Tendenci Open Source with another company. That’s the point – Freedom!
#peace
Ed
Note: This bulletin is a repeat of the January 22, 2015 EOL announcement, the helpdesk notifications and numerous direct calls to the clients impacted.
Clients still running Tendenci 4 classic.
April 21, 2015 is End of Life for T4. The Windows servers on our network will be shut down and be offline permanently. Original EOL Announcement here.
Just to be sure. Because we care. We want you to land safely. Sometimes our contact doesn’t relay to the board with the urgency needed. This is a hard deadline and once the servers are shut down on April 21, 2015 and archived there is no easy way to restore them.
We are concerned and want to be sure the right people within your organization know. We have been banging on this drum for some time.
April 21, 2015 is End of Life for T4. You have options. Click that link as your options although they are much more limited since we announced it in January.
Here is Amazon’s announcement stating the same thing in line with Microsoft’s timelines.
Dear Amazon EC2 Customer,
Microsoft is ending support for Windows Server 2003 on July 14, 2015. If you are running Windows Server 2003, this may put your applications and business at risk, since there may be no security or software updates.
AWS provides you with options, whether you are moving to a modern MicrosoftWindows Server operating system, maintaining 32-bit applications in the AWS Cloud, or rewriting legacy applications.
You can migrate your applications to Amazon Elastic Compute Cloud (EC2) instances running a newer version of Microsoft Windows Server (2008, 2008 R2, 2012 and 2012 R2). Preconfigured Amazon Machine Images (AMIs) with different combinations ofWindows and SQL Server are available. Amazon EC2 running Windows Serverenables you to run any compatible solution on our cost-effective, high-performance, reliable cloud-computing platform.
Sign up to attend the Windows Server 2003 Migration webinar, or visit our WindowsServer 2003 page to learn more.
Sincerely,
The Amazon EC2 for Windows Team
I’ll be speaking at SXSW on Tuesday morning and I hope to see you there!
A few things have changed since we submitted the original description. It’s been 17 years. The last year has been both our biggest challenge and yet confirms our expectations of the huge potential of open source.
Oh, and we’re working on the Tendenci 6 branch now. Demo at http://t6demo.tendenci.com
First – let’s talk about the NOW. Newsletters are back in Tendenci 6!!
Tendenci’s Open Source Integrated Newsletter Generator
A lot of long time clients have resisted upgrading to the responsive-mobile-first-open-source-version of Tendenci 6, or even the responsive designs in Tendenci 5, because of one killer feature in Tendenci 4 (the old Microsoft version) and that was NEWSLETTERS.
We listened. We heard you. It’s back.
The ability to communicate with your membership by study group, by event attendees, to only the board of directors, etc. We heard you loud and clear and the newsletter generator is back in full force in Tendenci 6. To prevent the tragedy of the commons (e.g. another client blacklisting a shared email server) we are requiring clients to use either their own SES or a product like Mailgun.com for the newsletter. This will offload the sending to the third party and each client can manage their own newsletter statistics for the first time.
This also alleviates another area of pain. If one client out of 500 ish purchased an email list and the bounce rate was too high, well, then EVERYBODY got slammed and nobody could even do a “forgot my password” request because another client blacklisted the mail server. It’s just the way the Internet works. Why can’t we all just get along, right?
If you are on Tendenci 6 (not an automatic upgrade from T4 or T5 because we pushed more of the design to the front end … um…. where it belongs and the designers can do their thing. Rock on you artsy folk who make software look awesome. More freedom for you. (just please no comic sans, ok?)
If you are on T4, which is approaching end of life very quickly as I type this (Microsoft, not Tendenci dictated these dates so please don’t send email asking if we can secure something Microsoft isn’t patching anymore).
Turn a negative into a positive. Now is a great time to consider a mobile first bootstrap 3 theme that integrates with Tendenci 6! They’re smart, mobile first, responsive, and make you a rock start. Check out www.wrapbootstrap.com for bootstrap3 themes. They’re kinda awesome like this:
Just one of the many new functional mobile-first capabilities that have been built into open source tendenci since we started the rewrite in 2009. This is functionality we have been able to bring back with the help of the Tendenci community.
After 17 years we know the functionality the people who use the site to register for events need, as well as the needs of the people on the board-of-directors and the person functioning as Executive Director. It just takes a while to rewrite 10 years of code in a completely different technology. And we’re just getting started!
Check the help file for the Tendenci Association Newsletter Sending Tool for more detail and edits over time.
Tendenci 6 ships with the excellent django-sql-explorer from ePantry. This means you can export anything at any time and build any report you want whenever you want. Absolute 100% anytime freedom of access to your data. #JOY #FREEDOM #ROCKS
First a warning. If you choose to use a direct query tool know they are dangerous. You are doing so at your own risk and could possibly corrupt your database beyond repair up to and including requiring a dba to come in and repair it at a cost of thousands of quid. So…. BE CAREFUL.
SQL explorer is a way to directly query your site through the user interface. It is for superusers only and we recommend disabling it by default (see disclaimer above.) But if you are still reading here is the lightning version.
Visually when you add the URL /explorer/ to the end of your site path you will see something very similar to this.
First note the icon on the right to Download CSV so you can download all of whatever that query is for. If you don’t see any, no worries – that’s what this post is about!
So let’s write a basic sql statement.
And then when you click “New Query” you will find this interface and you can carefully name and describe your query so you know what it does later.
1) ALL Interactive users:
SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone, p.notes, p.admin_notes FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id WHERE u.is_active=True AND p.status=True AND p.status_detail='active'Copy Paste Version:
SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone, p.notes, p.admin_notes FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id WHERE u.is_active=True AND p.status=True AND p.status_detail=’active’
2) ALL memberships:
SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser,
p.salutation, p.company, p.position_title, p.phone, p.address, p.address2,
p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex,
p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone,
m.membership_type_id, m.renewal, m.certifications, m.work_experience,
m.referer_url, m.referral_source, m.join_dt, m.expire_dt, m.renew_dt,
m.primary_practice, m.how_long_in_practice, m.application_approved,
m.application_approved_dt, m.areas_of_expertise, m.home_state,
m.year_left_native_country, m.network_sectors, m.networking,
m.government_worker, m.government_agency, m.license_number,
m.license_state, m.status_detail
FROM auth_user u
INNER JOIN profiles_profile p
ON u.id=p.user_id
INNER JOIN memberships_membershipdefault m
ON m.user_id=u.id
WHERE u.is_active=True
AND p.status=True
AND m.status_detail <> 'archive'Copy Paste Version:
SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone, m.membership_type_id, m.renewal, m.certifications, m.work_experience, m.referer_url, m.referral_source, m.join_dt, m.expire_dt, m.renew_dt, m.primary_practice, m.how_long_in_practice, m.application_approved, m.application_approved_dt, m.areas_of_expertise, m.home_state, m.year_left_native_country, m.network_sectors, m.networking, m.government_worker, m.government_agency, m.license_number, m.license_state, m.status_detail FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN memberships_membershipdefault m ON m.user_id=u.id WHERE u.is_active=True AND p.status=True AND m.status_detail <> ‘archive’
3) ALL corporate members:
SELECT cp.name, cp.address, cp.address2, cp.city, cp.state, cp.zip, cp.country,
cp.phone, cp.email, cp.url, cp.number_employees, cp.chapter, cp.tax_exempt,
cp.annual_revenue, cp.annual_ad_expenditure, cp.description, cp.expectations,
cp.notes, cp.referral_source, cp.ud1, cp.ud2, cp.ud3, cp.ud4, cp.ud5, cp.ud6,
cp.ud7, cp.ud8, cm.corporate_membership_type_id, cm.renewal, cm.renew_dt,
cm.join_dt, cm.expiration_dt, cm.approved, cm.admin_notes, cm.status_detail
FROM corporate_memberships_corpprofile cp
INNER JOIN corporate_memberships_corpmembership cm
ON cp.id=cm.corp_profile_id
WHERE cm.status_detail <> 'archive'Copy Paste Version:
SELECT cp.name, cp.address, cp.address2, cp.city, cp.state, cp.zip, cp.country, cp.phone, cp.email, cp.url, cp.number_employees, cp.chapter, cp.tax_exempt, cp.annual_revenue, cp.annual_ad_expenditure, cp.description, cp.expectations, cp.notes, cp.referral_source, cp.ud1, cp.ud2, cp.ud3, cp.ud4, cp.ud5, cp.ud6, cp.ud7, cp.ud8, cm.corporate_membership_type_id, cm.renewal, cm.renew_dt, cm.join_dt, cm.expiration_dt, cm.approved, cm.admin_notes, cm.status_detail FROM corporate_memberships_corpprofile cp INNER JOIN corporate_memberships_corpmembership cm ON cp.id=cm.corp_profile_id WHERE cm.status_detail <> ‘archive’
4) All users in a specific group (replace <YOUR GROUP ID> with your group id)
SELECT ug.name, u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN user_groups_groupmembership ugm on u.id=ugm.member_id INNER JOIN user_groups_group ug on ug.id=ugm.group_id WHERE ug.id=<YOUR GROUP ID> AND ugm.status=True AND ugm.status_detail='active'Copy Paste Version:
SELECT ug.name, u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN user_groups_groupmembership ugm on u.id=ugm.member_id INNER JOIN user_groups_group ug on ug.id=ugm.group_id WHERE ug.id=<YOUR GROUP ID> AND ugm.status=True AND ugm.status_detail=’active’
Contribute back your brilliance to the rest of us? Have you written some good queries for Tendenci using the amazing django-sql-explorer from ePantry? Post them on the Tendenci Community Site for others to learn and share with!
Please do be careful. Remember the warnings above. Using a live sql tool on a relational database for anything besides SELECT queries is ill-advised. It really is your live data on a live site SO BE CAREFUL!
We believe this level of access to the superusers on Tendenci sites is empowering. We like knowing people can download any of their data when they need it. And perhaps contribute back some suggested new reports to the Tendenci Community as a whole!
Because Tendenci is part of the Django community and we couldn’t have brought this functionality to you without others in the community “giving first.” We may have added it to Tendenci, but that’s ONLY because of the generosity of building and making it available by others. Explorer is brought to you by the power of collaborative open source software (THANK YOU ePantry!)
Note this is a cross post from our help files. See the Help File for the latest accurate info at: https://www.tendenci.com/help-files/how-use-django-sql-explorer-tendenci/
All – there will be a few brief site outages this afternoon as we cycle through the data centers hosting, t4, t5 and t6 sites, installing a few more security updates while y’all are eating chips and watching the pre-game-show. (reboots mostly depending on the OS – some won’t need a reboot at all.)
Security never sleeps, not even on superbowl sunday. So if your site is offline briefly it’s OK. It’ll be right back. We don’t care much about the game but definitely want to see the commercials so hopefully it’ll all happen so fast you won’t notice.
EOL Policy for Tendenci 4 (T4) Software
[EDIT FOR EMPHASIS] April 21, 2015 is End of Life for T4. The Windows servers on the Tendenci hosted network will be shut down and be offline permanently. [END-EDIT]
Tendenci has always been at the forefront of technology with regard to meeting the needs of associations and nonprofits. When we released Version 5.0 of Tendenci in 2012, the software took a major leap forward by going completely open source, allowing for outside contributions from the development community on software enhancements and bringing a level of transparency and complete control into the hands of all Tendenci users. We are excited about what the future holds for Tendenci as we have Version 6.0 currently in beta and a roadmap for Version 7.0 already underway.
With the focus on the future and what we can achieve with the new technology available, we have made the business decision to formally establish an End-of-Life (EOL) policy. In particular the EOL for Version 4.0 of the Tendenci on the Microsoft software platform is now set for April 21, 2015.
Tendenci was revolutionary when released in 2001. By the time we released Tendenci 4.0 in 2004, it ran seamlessly on the technology that existed at the time. As Microsoft phases out support for its older technology, Tendenci must also adapt to the newer technology options that will provide the best environment for stability and growth.
For those clients still running on the Tendenci 4.0 software, there are two paths for moving forward.
The last two months have underscored the need to migrate away from the outdated server environment and jump headfirst into the new era of open source hosting options. We all must adapt as we receive new information. I stated previously that we intended to restore the functionality fully of Windows 2003 on Windows 2012 R2 if it could be done securely. After further research, it is clear to me that while you can definitely secure a Windows environment, it can only be done securely on dedicated servers or dedicated virtual machines isolating each client. We cannot bring full functionality back to you securely in a shared hosting environment using classic ASP. On a dedicated server, you can have security parameters that are set by you, for you. There are a number of IT firms that can assist with this and we will extend a single use license in perpetuity if this is the route you choose in the short term.
Effective immediately, there will be no additional changes to the T4 software or hosting environment so that we can focus on the release of T6 and ensuring the migration for our clients is a seamless transition.
The Microsoft sites will be taken offline permanently in 90 days.
For clients wishing to migrate to Tendenci 6.0 on our hosted servers, we will begin migrations on February 16, 2015. We expect the migration to take 30 days and are requiring full payment up front. To achieve this, there will be a need for some compromises on layouts initially, but being upgraded to a responsive design is long overdue and we can continue to work on layouts once we get everything secured and you can edit your sites easily again.
For clients wishing to self host or move to another platform, we will provide a one-time export of your data within the next 90 days. We will be accepting requests for exports starting February 2, 2015. There will be no charge for this export and it will be limited to a one-time event. If this needs to be expedited, we can refer you to an outside trusted contractor although they will charge a fee.
There will be a conference call on Friday, January 23 at 11:00AM CST (details to be emailed separately) to answer any questions about the most recent server issues and to discuss the best course of action for your organization.
We appreciate the support of all of our clients as we have fought to protect and restore your sites during this time. We can all agree that despite our best efforts, the only course of action at this point is to adapt to the changing environment and look forward to what the newer technologies have to offer. Tendenci is a great product and successfully serves websites throughout the world. We look forward to a continued relationship with our clients in the open source world of dynamic software.
[UPDATE: Another option – Generate a Static Sites. You can simply pull the site down in static format using a one line Unix command or a $5 program on the Mac. Then edit it in a product like Dreamweaver. FTP the content to any number of hosting providers. So you CAN download and transfer your site right now to fulfill any obligations. As posted previously there is also simply linking from Dropbox or AWS if that is more convenient. Neither are as convenient as Tendenci, but will keep the sites secure.]
[Update: For developers you can use this script to download. Please be nice to the servers. And scan your files! Several clients had malware on their PC and then uploaded it to the server. All responsibility is on YOU to be sure any files pulled down. This is one of the reasons we are moving away from this older technology. Virus scanners won’t catch it all. IT IS A MANUAL PROCESS TO CLEAN IF FOUND. You must review it carefully by hand. Code snippet below
wget --limit-rate=400k --no-clobber --convert-links --restrict-file-names=windows --random-wait -r -p -E -e robots=off -U mozilla URLHERE
Did I mention scan your files!?
Thanks]
Update: We will be doing a planned reboot of the Windows servers late this afternoon Wednesday January 21, 2014 to begin the process of restoring two of the remaining clients that are still offline.
Scope: This update applies to Tendenci 4 clients on Windows only. It specifically does NOT apply to Tendenci 5 or Tendenci 6 clients on Linux.
To give you an idea of the scope and velocity of hack attacks that continue, these are attempted crimes mind you, I’ve attached a 15 second video taken several days ago of actual attacks on one of our servers INSIDE the allowed ports.
A further update on the 404 errors that the legacy Tendenci 4 clients have been experiencing intermittently. We have been measuring everything possible and tweaking the configuration settings as we see patterns in the logs. Each day generates over 1GB in security alerts across the data centers. All of these are either known attacks, or zero day attempts.
This is what we are fighting and it is relentless. The fact remains that we have protected the legacy sites by moving them from Windows 2003R2 IIS 6 to Windows 2012R2 IIS 8. But to make ASP classic run in IIS 8 we are running the servers in “compatibility mode” which is not an ideal configuration for any technology. And “secure” does not mean “functional” if your sites locked down to the point of not meeting functional requirements.
We have taken a step back and concluded that a technology platform started in 2001 is not up for the cyberwars of 2015. We will have a further update posted later today on possible paths forward for Tendenci 4 clients.
~ Ed