Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.
We are NOT lawyers, Thus it is up to YOU to determine how you manage your data. We do not, nor have we ever, sold client data to third parties.
What other MAJOR AMS can you self deploy on the servers of your choice? In the data center of your choice? In the country of your choice? With the encryption and firewall restrictions of YOUR CHOICE. That’s the beauty of open source.
And the price starts at zero. It. Is. Fully. Open. Source.
What is Wild Apricot’s transparency report? After all, they are recently touted as the new kid on the block. Welcome! Yet what is their position on transparency?
Disclaimer in defense of Wild Apricot – in all fairness, AMS systems take a solid 10 years to write. They really are doing a great job catching up, I’m only addressing transparency in this post. Plus at Tendenci, we love a good strong new competitor adding value for NPOs/NGOs and Associations. We love that they are leveling up. All we’re saying is, let’s see their transparency reports? Why not be open source?
And yes, that is a challenge. Step up people!
Regarding Open Source – hey, why not support local: Tendenci pricing starts at ZERO ($0.00). Many people host in the Tendenci Cloud at AWS because we’re a good fit. Yet, our hosting pricing might not work for you in your country, right?
Even though the competition is (mostly) NOT truly free and open source, that doesn’t mean they can’t be responsible and tell you if they have turned over your data. It does mean that any proprietary vendor offering free services is selling your data.
Is your AMS handing over, or monitoring, all of your data? Perhaps to the highest bidder or to the country of origin? You have a right to know.
Seriously, if any sector in the world needs responsible disclosure, it’s the association and non-profit/NGO sector.
NOTE:Propaganda and motives of foreign countries does NOT mean collusion.Collusion, and hopefully there wasn’t any, is not a topic we are addressing at all. (That’s for the politicians and the courts to figure out. We’re just programmers trying to do good.)
Thus the CHALLENGE to other AMS SaaS providers: Post your Transparency Reports!
Why not? Even proprietary companies can be transparent, right?
Why hide anything from your clients, open source or not? We don’t get it. End users don’t have to, and shouldn’t, tolerate hidden data disclosure.
Transparency reporting is just one more reason we’re passionate about helping associations and non-profits with their causes! We try to take the high road. Yet now, it’s not just about data collection, data mining, cross site tracking, Russian to popular AMS systems, it’s about just having integrity to tell people what is going on.
To our clients. The above graph is a filtered subset of what is a *typical* day of network alerts. As the media has stated, the issue is quite real.
We greatly appreciate you and it is important to us that you remain safe. To further advance that objective in the current geopolitical environment, all hosted Tendenci sites will be encrypted going forward per our CEO.
Why? Because security. The Internet has changed and we must adapt.
Adapt? Remember when that Steve Jobs guy invented the iPhone and suddenly sites that were awesome the week before… well… they weren’t as awesome the next day? The. Next. Day. Technology is like that.
A Longer Explanation for those who like knowing all of the details. Because we like being open and transparent.
Let’s keep it simple. Think about tires. When you buy tires, over time, they wear out. You can’t keep adding tread to them. At some point you have to get new tires or you are in an unsafe vehicle risking your own safety as well as that of everyone that rides with you or is near you on the roads. It’s irresponsible to drive an unsafe vehicle.
Or as Billy Joel explains it:
WHY CAN’T WE JUST KEEP GOING AS IS? YOU KNOW, JUST IGNORE IT?
(Yes, I really got this question recently.) Because software that is outdated can have security holes. Security updates are the most important. Tendenci runs on top of lots of other amazing open source products, which are called “dependencies.” Tendenci’s dependencies are listed here in the code.
Yes you have your own site. But you are sharing email servers, backup servers, email relays, security scanners, proxy servers, firewalls, access control lists, IDS/IPS systems and they are all are part of an environment that is watched very closely.
Going back to the car analogy. Porsche doesn’t make every component or the tires that are installed on their cars. When you wear out the tires, you have to upgrade. Similarly if a component that Tendenci uses is not maintained by the project behind it, then you are in danger of hurting others. A simple example would be if someone found a way to hack your site and sent spam emails, then the shared email server for the server-farm your site is in could get black-listed. That hurts ALL of the clients using that shared resource. Just like when your tire blows and you wreck into another car. It is then fundamentally your fault for not maintaining your vehicle.
Why do I want to upgrade if I just don’t care about security?
This is a bad idea. There is performance, functionality and a ton of new features you are missing out on. For more click the image below to go to the newsletter that highlights a lot of it.
And this is what we now consider baseline – responsive across all devices.
If you are thinking “THIS IS THE FIRST I HAVE HEARD OF THIS!?” .. um…
No. No unfortunately it is not. It’s just the first time it got your attention. We get it given we also miss communication sometimes given the amount of noise in our inboxes. Here are some links below so you can catch up a bit. And Tendenci 7.x is WAY ahead of Tendenci 5 because of industry changes – you really want to upgrade.
But yes, we have communicated this over and over and over. Links:
Your users and the search engines expect you to have an SSL encrypted and mobile responsive website that is ADA compliant. NEW technology that consumers use and new behaviors have emerged and people expect more. Blame Al Gore and Apple and Microsoft. Tech changes fast.
WE LACK THE POWER TO MAKE EXCEPTIONS AS WE DO NOT CONTROL THE FRAMEWORK.
To our open source and our hosted clients, it is imperative that you do NOT ignore the pending “end of life” for the 5.x version of Tendenci. You must upgrade. From December 2015:
If you are not a programmer or developer then you will need to work with one to complete the upgrade. It can be our team or a Django developer of your choice.
Please remember that Tendenci is fully open source and available at https://github.com/tendenci/tendenci/ in addition to the documentation linked above. No gotchas or hold-backs. Just very direct and honest communication of the facts and accountability through code reviews.
Did clients get charged upgrading from Tendenci 6 to Tendenci 7?
No, they did not. The upgrade from Tendenci 6 to Tendenci 7, then 7.1 and now 7.2 was all done automatically. These sites were already responsive and it is the front graphics changes that require human intervention as opposed to scripted updates.
Why are you charging to upgrade from Tendenci 5 then?
Because the layouts used back then were not standardized because there was NO CLEAR STANDARD. Thus every site was a bit different. On Tendenci 6 and 7 they are strictly standardized on the front end on Bootstrap 3+, a front end responsive framework made by Twitter. The appearance of Tendenci 7 sites is very diverse, it’s just the behind the scenes name-spaces that require updates.
Do we have to use your company to upgrade?
Of course not. Tendenci is open source. The whole freedom thing. We are the only membership management software company ranked in the top 20 by Capterra that is open source. You are part of a community with Tendenci, not some locked down solution that holds you hostage.
If we don’t use Tendenci to upgrade, who can we use?
Python and Django are very popular. You are free to use any developer you want, self host or host with us.
The whole point of Tendenci is to enable freedom so you aren’t trapped with a proprietary vendor that locks you in by retaining control over your data, including redirecting links from your events to their domain so when you leave, you lose all of your inbound links and search engine rank. We do not support that practice. Unfortunately many non-profit boards don’t catch it until it’s too late and make the mistake of locking in future boards with no way out.
How easy is it to leave Tendenci? How do we know you won’t make it difficult?
Well first because that would be against our values. We make it easy to leave because folks have a tendency to come back when they experience the alternatives. We have found that the easier you make it to leave, to be free, the less likely people are to leave because the alternatives don’t share our values, particularly when it comes to data ownership. It’s your data. You own it and should have access to it at any point. Period.
I don’t plan to leave WordPress specifically because I know that I can leave if I wanted to take the hassle on myself. I don’t – I have my hands full taking care of our team and clients. I just like knowing that freedom is an option because WordPress is like Tendenci – OPEN SOURCE.
You sound kind of over-the-top about open source and data exports? Prove it!
We can also run backups directly to your own AWS cloud instance for S3. Actions speak loudly.
Type “Tendenci exports” into Google to see the number of options to export your data.
T5 clients – for you it’s not all automated but you have the same rights as everyone else. By that I mean, if you are on T5 not all of these exports were available 5 years agothrough the interface but we will gladly provide a full database export that you can then import into postgres yourself. (Note: The technology simply wasn’t available back then, but the moment it became possible (which happened when we were on T6) we enabled clients to do full database downloads themselves. It’s YOUR DATA.)
Is this “charge to upgrade” going to happen every two years?
This one is a trick question. We have more work than we can do so charging you for updates is not our goal. But you already know that if you use the nav editor and the theme editor so you can make your own updates. Tendenci is about empowerment.
Tendenci is open source so you can work with a different developer and host with them if they are more cost effective for you.
Disruption causes adaptation which comes with a price tag
Disruption happens. That darn iphone. With candor, LTS releases tend to last two years. We didn’t invent the iphone or android so the switch to mobile responsive design was effectively dictated by changes in technology. We do our best to keep your costs down, but when Steve Jobs changes the world, we all get caught up and have to adapt. That isn’t a conspiracy, it’s an opportunity.
Are you sure? Is there ANY way I can upgrade for free?
I so wish I could wave a magic wand and make your entire site bootstrap3 responsive, but I can’t. Our contractors and employees deserve to be compensated just like you do. But you know that. Maybe there is someone your know, or maybe you, can redo your site’s theme in bootstrap3 to control costs. It is an option.
What I do know is YOU will not succeed with a non-encrypted and non-responsive web site. When we chose to make ALL SITES RESPONSIVE for all releases after Tendenci 5, yes, it required us to contract with graphic artists for your upgrade and obviously these talented people deserve to be paid for their work.
What is Tendenci doing to help us control costs?
We already have far greater functionality at a lower price than all of the proprietary vendors. True, we don’t have a sales team to fill out a 5 page excel RFP, but we have a demo site where you can see for yourself at https://demo.tendenci.com admin/admin login (resets every two hours.)
The comparison grids several competitors have on their sites are WILDLY INACCURATE. Our target client wants the additional functionality of Tendenci, to be a part of a community, they understands open-source, they are cause focused more than monetary focused, and knows how to do due diligence.
Tendenci open source means GREATER FUNCTIONALITY. The freedom is a bonus.
But the competition says they have greater functionality?
They don’t. Do a fact check and judge for yourself. Facts are facts. See above. Just for fun, ask to look at their code. #heh Why? Because a community of interested people will add to Tendenci and everyone benefits instead of all of the money going to a proprietary vendor who says they own your data.
Your data is your data.
Do I really need to upgrade my Tendenci site now as it’s been fine the last 11 months since you first told us we had to upgrade? Can’t this wait until next year?
NO! November 30 2016 or you need to self-host or move to a dedicated server. We cannot be responsible if the underlying software is no longer being maintained and therefore may not be secure. That legal burden falls on your board.
Why can’t I get a personal hand written note like in the old days?
Man, I miss those days. Unfortunately, we simply can’t identify every stake-holder inside of every NGO/NPO/Association/Business we work with or who self hosts. By definition there is constant turn over on non-profit boards. And we have no way of tracking open source clients using Tendenci in the wild.
We love our open source clients, but we aren’t “big brother” and don’t currently have a 100% method of tracking or communicating with these awesome developers outside of the blog, facebook, twitter and newsletters.
OK, after we upgrade, what then?
We are working hard to keep upgrades and updates automatic and at little or no cost. The evidence speaks for itself in the no-cost site updates from 6.0 to 7.2x. Judge us by our actions.
Yet, if someone invents another disruptive technology, well, logically there could be a cost for an upgrade once it requires changes that can’t be automated.
If you host with us, contact, budget and schedule your upgrade. If you self host then please read all of the documentation which explains the full process and is posted and available online at https://tendenci.readthedocs.io/en/latest/
So how much does does this cost if we go with Tendenci team to do our upgrade? It scales with the type of upgrade you want to do and they are listed on our site here:
It’s always hard to have a crucial conversation with clients. I strive for candor and fairness as the leader of the company behind the community. We want you happy. Technology changes. We’ve done our best to keep the price as low as possible. Thus in closing, I’ll leave you with another image of a happy puppy because they make us smile, and like Tendenci, they enjoy a community of supporters but also being able to run free every once in a while.
Why? Because all companies that store information, like electric companies, phone companies, email providers, search engines, etc, must respond to requests from the government. That includes us. The solution is transparency reporting because we think you have a right to know.
Why now? The (previous) absence of transparency reporting including a canary clause was brought up at a recent convention. We listened to you. We agree with you. So we fixed it. It’s pretty boring and let’s hope it stays that way.
Thank you to the client who asked about it! Tendenci is a community and we appreciate dialog that helps the community. Y’all rock!
Dear clients – we will be doing some unscheduled maintenance to build out a more redundant infrastructure. Specifically this means the network team is making copies of entire servers to so they can be brought back up in the case of a security issue quickly and easily.
The decision to create the extra server images in addition to the normal site backups was made based on security information we received from official and unofficial sources. We recognize any outage is an inconvenience and will work to keep security as our top priority.
The ETA for outages is approximately 30 minutes per server. Most likely less as our cloud is fairly distributed.
I am typing this at 5:40 PM on Saturday April 16 CST 2016. I will keep updating this same blog post as we get better data on timelines.
The current version of Tendenci (7.x) has significant changes which are not compatible with Tendenci 5. This has prevented us from publishing the new code to make it easier for new users to install.
We will begin publishing Tendenci 7 as a package possibly as soon as October 1, less than two weeks from now. It may not get pushed out on October 1, but people who are using the open source version and are on the 5.x release need to be prepared. The actual date Tendenci 7 will be pushed out as a package is when it is ready. But please plan on October 1.
Well, if you are hosted on tendenci.com’s servers and we manage your web site then you don’t have to change a thing and it will all just happen in the background. Clients on version 5 will remain on version 5 because of the theme changes made between version 5 and 6. Clients on version 6 will be upgraded to Tendenci 7.1
If you have your own developer or you are a developer, maybe jump over to github and the docs and keep an eye on things for the next couple of weeks. Maybe even submit issue requests for features.
Why are you telling us if there is nothing for us to worry about?
Because not everyone hosts with us and we need to try to make sure their IT team knows the upgrades are possible, but will require your technical team to do them. This is important to us even if they aren’t hosting because they are part of the community.
In fact growing the open source community of people using Tendenci is the biggest driver pushing us to refactor Tendenci. We’re geeks and collaborate on github.
Wait, what does “Refactor” mean again?
It means making it easier for programmers to work on the code. Technically from wikipedia they define it as “Code refactoring is the process of restructuring existing computer code – changing the factoring – without changing its external behavior.”
It’s time to refactor so we have more happy programmers. Tendenci is just too hard to install in the wild right now. That isn’t right. Plus Happy programmers means more contributors and it builds on the virtuous cycle that is what makes FOSS (Free Open Source Software) so cool. It truly takes a village.
Can’t you just contact every one who self hosts?
Unfortunately we don’t have a list and Tendenci doesn’t “phone home” so we really don’t know how many people are using it by self installing. But we care about them and we’re doing everything we can to get the word out. Everyone should be backing up their sites of course, but still, if you click “upgrade” and your layout goes wonky that isn’t fun. No data will be lost, but what a hassle.
If you are on Tendenci 5, because of the changes with the django project itself you will need to upgrade from T5 to T6 and then to T7.1. This is all documented at https://tendenci.readthedocs.org
If you need legacy files they are linked at the bottom of this post.
OK, tell me the biggest benefit of refactoring again?
A programmer will be able to type “sudo pip install tendenci” and make a few server configuration changes and they’ll have a site up and running quickly. This matters because ease-of-use changes behavior. If you want to move forward, we have to take care of our programmers first! They care about you, so it is a virtuous cycle.
Wait, this stuff is too technical! (the opposite of above question)
I apologize for the technical stuff, but sometimes when working with software it can be technical. Just know that if you self host, talk to your local programmer and they will take care of you with the documentation we are posting at https://tendenci.readthedocs.org/en/latest/
So if I self host, and my webmaster clicks “update tendenci” and I’m on version 5 my site will break?
What if I don’t wanna upgrade ever and my server is completely isolated on a ship in the middle of the ocean?
OK, well, we like an occasional steak so you have our sympathy for a diet of 100% fish. But secondarily we have all of the historic zip files, that are still on github but will be removed, available for download for some time at https://www.tendenci.com/download/release-archive/
To our Tendenci 5 and 6 clients. We will be applying updates to the sites tonight and tomorrow night. Please expect intermittent outages of up to 30 minutes during the course of the upgrades as we migrate sites and continue our focus on increased security.
Note these will be rolling updates and will not hit every site. While they are preventative in nature, they are critically important to prevent future issues.
Just to be sure. Because we care. We want you to land safely. Sometimes our contact doesn’t relay to the board with the urgency needed. This is a hard deadline and once the servers are shut down on April 21, 2015 and archived there is no easy way to restore them.
We are concerned and want to be sure the right people within your organization know. We have been banging on this drum for some time.
Here is Amazon’s announcement stating the same thing in line with Microsoft’s timelines.
Dear Amazon EC2 Customer,
Microsoft is ending support for Windows Server 2003 on July 14, 2015. If you are running Windows Server 2003, this may put your applications and business at risk, since there may be no security or software updates.
AWS provides you with options, whether you are moving to a modern MicrosoftWindows Server operating system, maintaining 32-bit applications in the AWS Cloud, or rewriting legacy applications.
You can migrate your applications to Amazon Elastic Compute Cloud (EC2) instances running a newer version of Microsoft Windows Server (2008, 2008 R2, 2012 and 2012 R2). Preconfigured Amazon Machine Images (AMIs) with different combinations ofWindows and SQL Server are available. Amazon EC2 running Windows Serverenables you to run any compatible solution on our cost-effective, high-performance, reliable cloud-computing platform.
Sign up to attend the Windows Server 2003 Migration webinar, or visit our WindowsServer 2003 page to learn more.