Tendenci – The Open Source AMS Blog
Community Blog for Open Source AMS Makers
Houston we have a street painting art festival at Downtown City Hall ! Be a part of this wondering event at 5 PM CST.
Nuwa Connect is the place to meet people in art and culture, to connect, and discover new opportunities. The networking event on July 22, 2019 will be hosted by Little Creatures Brewery who proudly supports a range of arts events across the country.
Tendenci is proud to partner with Nüwa as they continue to connect, support and inspire artists, and affirm their role in their society.
Did you know that The SPE- GCS gives over $100,000 annually in scholarships? On May 23rd, 2019, the annual SPE-GCS Awards Banquet recognizes the high school seniors and college students who have received SPE-GCS, Communities in Schools – Houston, or SPE Auxiliary scholarships for the 2017-18 academic year. This is a fantastic opportunity to welcome outstanding students into the petroleum industry and to make a positive impression on members of the community.
Tendenci is proud to have partnered with SPE-GCS for the last 20 years and support their mission to remain at the forefront of technology, leading the way for other organizations in the industry.
Check out the event details here.
There is a new Ubuntu LTS release. Ubuntu 14.04 LTS ‘Trusty Tahr’ transitions to Extended Security Maintenance (ESM) today on April 30th, 2019. Tendenci is now on Ubuntu 18.04.
Every Tendenci product has a lifecycle as well. Read more here.
Hey New York! Please join LACC and Seth Rao from SecReliant on May 8, 2019 for this breakfast seminar on cybersecurity. Including an overview of the most common forms of cyber threats, the presentation will introduce preventive strategies on how to protect your business and data.
The European Union’s General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci “the Company” does not engage in cross site monitoring. It creeps us out a bit.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.
Yup, AMS transparency reporting is critically important. And perhaps also equally a bit boring. After all, you are looking for what is MISSING.
In Tendenci – the Open Source AMS’ latest transparency report, yup, nothing has changed. Yea!
And given Tendenci AMS is fully open source and still building for the future , well, it’s pretty clear what our position is. We believe in open source and transparency.
What other MAJOR AMS can you self deploy on the servers of your choice? In the data center of your choice? In the country of your choice? With the encryption and firewall restrictions of YOUR CHOICE. That’s the beauty of open source.
And the price starts at zero. It. Is. Fully. Open. Source.
What is Wild Apricot’s transparency report? After all, they are recently touted as the new kid on the block. Welcome! Yet what is their position on transparency?
Disclaimer in defense of Wild Apricot – in all fairness, AMS systems take a solid 10 years to write. They really are doing a great job catching up, I’m only addressing transparency in this post. Plus at Tendenci, we love a good strong new competitor adding value for NPOs/NGOs and Associations. We love that they are leveling up. All we’re saying is, let’s see their transparency reports? Why not be open source?
And yes, that is a challenge. Step up people!
Regarding Open Source – hey, why not support local: Tendenci pricing starts at ZERO ($0.00). Many people host in the Tendenci Cloud at AWS because we’re a good fit. Yet, our hosting pricing might not work for you in your country, right?
If so, then why not support a local developer in your community? Help build your home country’s tech sector by supporting your local developers!
Back to the business stuff – we have updated our latest transparency report. No changes. (check mark in the “no changes=good” column folks!)
https://www.tendenci.com/transparencyreporting/
Even though the competition is (mostly) NOT truly free and open source, that doesn’t mean they can’t be responsible and tell you if they have turned over your data. It does mean that any proprietary vendor offering free services is selling your data.
Is your AMS handing over, or monitoring, all of your data? Perhaps to the highest bidder or to the country of origin? You have a right to know.
Seriously, if any sector in the world needs responsible disclosure, it’s the association and non-profit/NGO sector.
Truly AMS (association management systems) / association management software in our opinion. Thus, the small team, and the large community at Tendenci, challenge our competitors to be transparent!
Yes, we understand that warrant canaries aren’t completely cut and dried. But at least a good faith effort? Why are other AMS systems not posting transparency reports?
If the FBI stated that NGOs/NPOs/Associations were the first target of the Russian propaganda campaign to influence the US elections, then I personally take issue with this.
NOTE: Propaganda and motives of foreign countries does NOT mean collusion. Collusion, and hopefully there wasn’t any, is not a topic we are addressing at all. (That’s for the politicians and the courts to figure out. We’re just programmers trying to do good.)
Really, we call on all of the alternatives to Tendenci to adopt a transparency reporting policy.
Why not? Even proprietary companies can be transparent, right?
Why hide anything from your clients, open source or not? We don’t get it. End users don’t have to, and shouldn’t, tolerate hidden data disclosure.
Transparency reporting is just one more reason we’re passionate about helping associations and non-profits with their causes! We try to take the high road. Yet now, it’s not just about data collection, data mining, cross site tracking, Russian to popular AMS systems, it’s about just having integrity to tell people what is going on.
Associations, and therefore association management software, is important in every country. That’s why Tendenci is Open Source and currently supports 75 languages!
Yes, stay with your trusted local developer. Just please fast check them and demand access to your code, access to all of your data, demand access to your rights. And yes, demand transparency.
That’s how we roll at Tendenci – brutally open and honest, full access, association management. You know, kind of like WordPress is for blogs and CMS. Open!
At Tendenci, we recognize the value of the work you do. And we believe you deserve OPEN. In fact, we think open is baseline.
We hope you do too. Because Associations matter. You matter. #rockon #demandTransparency #ams #associationmanagement #asae #associationchat
NOTE: This is a cross post. The original post is at: https://www.tendenci.com/news/ssl-encrypting-all-tendenci-hosted-sites/
To our clients. The above graph is a filtered subset of what is a *typical* day of network alerts. As the media has stated, the issue is quite real.
We greatly appreciate you and it is important to us that you remain safe. To further advance that objective in the current geopolitical environment, all hosted Tendenci sites will be encrypted going forward per our CEO.
Why? Because security. The Internet has changed and we must adapt.
Adapt? Remember when that Steve Jobs guy invented the iPhone and suddenly sites that were awesome the week before… well… they weren’t as awesome the next day? The. Next. Day. Technology is like that.
FAQs
Continue Reading: https://www.tendenci.com/news/ssl-encrypting-all-tendenci-hosted-sites/
URGENT REMINDER – TENDENCI 5.X IS APPROACHING “END OF LIFE” AND STOPS BEING SUPPORTED IN NOVEMBER 2016.
Mobile and responsive is the new baseline and we need to get everyone updated for security and to be secure and mobile responsive. The timelines are listed on our site at https://www.tendenci.com/tendenci-life-cycle/ .
Upgrade pricing from 5.x to 7.x is a one time cost and we’ve done our best to standardize them and make the process affordable.
https://www.tendenci.com/tendenci-upgrade-options/
A Longer Explanation for those who like knowing all of the details. Because we like being open and transparent.
Let’s keep it simple. Think about tires. When you buy tires, over time, they wear out. You can’t keep adding tread to them. At some point you have to get new tires or you are in an unsafe vehicle risking your own safety as well as that of everyone that rides with you or is near you on the roads. It’s irresponsible to drive an unsafe vehicle.
Or as Billy Joel explains it:
WHY CAN’T WE JUST KEEP GOING AS IS? YOU KNOW, JUST IGNORE IT?
(Yes, I really got this question recently.) Because software that is outdated can have security holes. Security updates are the most important. Tendenci runs on top of lots of other amazing open source products, which are called “dependencies.” Tendenci’s dependencies are listed here in the code.
Yes you have your own site. But you are sharing email servers, backup servers, email relays, security scanners, proxy servers, firewalls, access control lists, IDS/IPS systems and they are all are part of an environment that is watched very closely.
Going back to the car analogy. Porsche doesn’t make every component or the tires that are installed on their cars. When you wear out the tires, you have to upgrade. Similarly if a component that Tendenci uses is not maintained by the project behind it, then you are in danger of hurting others. A simple example would be if someone found a way to hack your site and sent spam emails, then the shared email server for the server-farm your site is in could get black-listed. That hurts ALL of the clients using that shared resource. Just like when your tire blows and you wreck into another car. It is then fundamentally your fault for not maintaining your vehicle.
Why do I want to upgrade if I just don’t care about security?
This is a bad idea. There is performance, functionality and a ton of new features you are missing out on. For more click the image below to go to the newsletter that highlights a lot of it.
And this is what we now consider baseline – responsive across all devices.
If you are thinking “THIS IS THE FIRST I HAVE HEARD OF THIS!?” .. um…
No. No unfortunately it is not. It’s just the first time it got your attention. We get it given we also miss communication sometimes given the amount of noise in our inboxes. Here are some links below so you can catch up a bit. And Tendenci 7.x is WAY ahead of Tendenci 5 because of industry changes – you really want to upgrade.
But yes, we have communicated this over and over and over. Links:
Your users and the search engines expect you to have an SSL encrypted and mobile responsive website that is ADA compliant. NEW technology that consumers use and new behaviors have emerged and people expect more. Blame Al Gore and Apple and Microsoft. Tech changes fast.
WE LACK THE POWER TO MAKE EXCEPTIONS AS WE DO NOT CONTROL THE FRAMEWORK.
To our open source and our hosted clients, it is imperative that you do NOT ignore the pending “end of life” for the 5.x version of Tendenci. You must upgrade. From December 2015:
Django 1.49 EOL drives Tendenci 5 EOL date – time to upgrade
From the DjangoProject website:
And the future is outlined as well:
PLEASE DO NOT IGNORE THIS NOTICE. TENDENCI IS A COMMUNITY. AND OUR COMMUNITY IS PART OF THE DJANGO ECOSYSTEM. WE MUST STAY SAFE.
Is there a charge to upgrade your site from Tendenci 5 to Tendenci 7?
Yes. Why? Because from Tendenci 6 forward we require all sites to be responsive (meaning they work on mobile devices). To achieve this we chose bootstrap as the front end css framework for standardization. Bootstrap 3 is very flexible with many options for low cost templates such as found on wrapbootstrap.com
What is the cost of upgrading from T5 to T7?
If you are a developer, there is no cost besides your time. Just follow the instructions at https://tendenci.readthedocs.io/en/latest/ . If you run into a problem post an issue on github at https://github.com/tendenci/tendenci/issues
If you are not a programmer or developer then you will need to work with one to complete the upgrade. It can be our team or a Django developer of your choice.
Please remember that Tendenci is fully open source and available at https://github.com/tendenci/tendenci/ in addition to the documentation linked above. No gotchas or hold-backs. Just very direct and honest communication of the facts and accountability through code reviews.
Did clients get charged upgrading from Tendenci 6 to Tendenci 7?
No, they did not. The upgrade from Tendenci 6 to Tendenci 7, then 7.1 and now 7.2 was all done automatically. These sites were already responsive and it is the front graphics changes that require human intervention as opposed to scripted updates.
Why are you charging to upgrade from Tendenci 5 then?
Because the layouts used back then were not standardized because there was NO CLEAR STANDARD. Thus every site was a bit different. On Tendenci 6 and 7 they are strictly standardized on the front end on Bootstrap 3+, a front end responsive framework made by Twitter. The appearance of Tendenci 7 sites is very diverse, it’s just the behind the scenes name-spaces that require updates.
Do we have to use your company to upgrade?
Of course not. Tendenci is open source. The whole freedom thing. We are the only membership management software company ranked in the top 20 by Capterra that is open source. You are part of a community with Tendenci, not some locked down solution that holds you hostage.
If we don’t use Tendenci to upgrade, who can we use?
Python and Django are very popular. You are free to use any developer you want, self host or host with us.
The whole point of Tendenci is to enable freedom so you aren’t trapped with a proprietary vendor that locks you in by retaining control over your data, including redirecting links from your events to their domain so when you leave, you lose all of your inbound links and search engine rank. We do not support that practice. Unfortunately many non-profit boards don’t catch it until it’s too late and make the mistake of locking in future boards with no way out.
How easy is it to leave Tendenci? How do we know you won’t make it difficult?
Well first because that would be against our values. We make it easy to leave because folks have a tendency to come back when they experience the alternatives. We have found that the easier you make it to leave, to be free, the less likely people are to leave because the alternatives don’t share our values, particularly when it comes to data ownership. It’s your data. You own it and should have access to it at any point. Period.
An example: I believe (this is Ed typing) that WordPress is the best blogging platform in the world and I also love that it is open source. This blog is on wordpress. Yes we pay for hosting. And no, I don’t plan to leave WordPress. Even my personal blog is on wordpress hosted at another provider.
I don’t plan to leave WordPress specifically because I know that I can leave if I wanted to take the hassle on myself. I don’t – I have my hands full taking care of our team and clients. I just like knowing that freedom is an option because WordPress is like Tendenci – OPEN SOURCE.
You sound kind of over-the-top about open source and data exports? Prove it!
We’ve proven it. Look at our history. Look at our open source project.
Data doesn’t lie. And your site most likely has a repo on https://github.com/tendenci/tendenci/ to which we can provide you access. (they are obviously secured for your protection.)
We can also run backups directly to your own AWS cloud instance for S3. Actions speak loudly.
Type “Tendenci exports” into Google to see the number of options to export your data.
T5 clients – for you it’s not all automated but you have the same rights as everyone else. By that I mean, if you are on T5 not all of these exports were available 5 years ago through the interface but we will gladly provide a full database export that you can then import into postgres yourself. (Note: The technology simply wasn’t available back then, but the moment it became possible (which happened when we were on T6) we enabled clients to do full database downloads themselves. It’s YOUR DATA.)
Is this “charge to upgrade” going to happen every two years?
This one is a trick question. We have more work than we can do so charging you for updates is not our goal. But you already know that if you use the nav editor and the theme editor so you can make your own updates. Tendenci is about empowerment.
Tendenci is open source so you can work with a different developer and host with them if they are more cost effective for you.
Disruption causes adaptation which comes with a price tag
Disruption happens. That darn iphone. With candor, LTS releases tend to last two years. We didn’t invent the iphone or android so the switch to mobile responsive design was effectively dictated by changes in technology. We do our best to keep your costs down, but when Steve Jobs changes the world, we all get caught up and have to adapt. That isn’t a conspiracy, it’s an opportunity.
Are you sure? Is there ANY way I can upgrade for free?
I so wish I could wave a magic wand and make your entire site bootstrap3 responsive, but I can’t. Our contractors and employees deserve to be compensated just like you do. But you know that. Maybe there is someone your know, or maybe you, can redo your site’s theme in bootstrap3 to control costs. It is an option.
What I do know is YOU will not succeed with a non-encrypted and non-responsive web site. When we chose to make ALL SITES RESPONSIVE for all releases after Tendenci 5, yes, it required us to contract with graphic artists for your upgrade and obviously these talented people deserve to be paid for their work.
What is Tendenci doing to help us control costs?
We already have far greater functionality at a lower price than all of the proprietary vendors. True, we don’t have a sales team to fill out a 5 page excel RFP, but we have a demo site where you can see for yourself at https://demo.tendenci.com admin/admin login (resets every two hours.)
The comparison grids several competitors have on their sites are WILDLY INACCURATE. Our target client wants the additional functionality of Tendenci, to be a part of a community, they understands open-source, they are cause focused more than monetary focused, and knows how to do due diligence.
Tendenci open source means GREATER FUNCTIONALITY. The freedom is a bonus.
But the competition says they have greater functionality?
They don’t. Do a fact check and judge for yourself. Facts are facts. See above. Just for fun, ask to look at their code. #heh Why? Because a community of interested people will add to Tendenci and everyone benefits instead of all of the money going to a proprietary vendor who says they own your data.
Your data is your data.
Do I really need to upgrade my Tendenci site now as it’s been fine the last 11 months since you first told us we had to upgrade? Can’t this wait until next year?
NO! November 30 2016 or you need to self-host or move to a dedicated server. We cannot be responsible if the underlying software is no longer being maintained and therefore may not be secure. That legal burden falls on your board.
This is NOT Tendenci making the decision or driving the timeline. We blogged about this last December in particular as soon as we learned of the announcement from Django. See above.
Why can’t I get a personal hand written note like in the old days?
Man, I miss those days. Unfortunately, we simply can’t identify every stake-holder inside of every NGO/NPO/Association/Business we work with or who self hosts. By definition there is constant turn over on non-profit boards. And we have no way of tracking open source clients using Tendenci in the wild.
We love our open source clients, but we aren’t “big brother” and don’t currently have a 100% method of tracking or communicating with these awesome developers outside of the blog, facebook, twitter and newsletters.
OK, after we upgrade, what then?
We are working hard to keep upgrades and updates automatic and at little or no cost. The evidence speaks for itself in the no-cost site updates from 6.0 to 7.2x. Judge us by our actions.
Yet, if someone invents another disruptive technology, well, logically there could be a cost for an upgrade once it requires changes that can’t be automated.
If you host with us, contact, budget and schedule your upgrade. If you self host then please read all of the documentation which explains the full process and is posted and available online at https://tendenci.readthedocs.io/en/latest/
So how much does does this cost if we go with Tendenci team to do our upgrade? It scales with the type of upgrade you want to do and they are listed on our site here:
https://www.tendenci.com/tendenci-upgrade-options/
It’s always hard to have a crucial conversation with clients. I strive for candor and fairness as the leader of the company behind the community. We want you happy. Technology changes. We’ve done our best to keep the price as low as possible. Thus in closing, I’ll leave you with another image of a happy puppy because they make us smile, and like Tendenci, they enjoy a community of supporters but also being able to run free every once in a while.
We just posted the Tendenci government transparency report for January 1 to June 30, 2016 to our site. Nothing to report, but a new process put in place keeping with the values of the Tendenci community.
Why? Because all companies that store information, like electric companies, phone companies, email providers, search engines, etc, must respond to requests from the government. That includes us. The solution is transparency reporting because we think you have a right to know.
Why now? The (previous) absence of transparency reporting including a canary clause was brought up at a recent convention. We listened to you. We agree with you. So we fixed it. It’s pretty boring and let’s hope it stays that way.
Thank you to the client who asked about it! Tendenci is a community and we appreciate dialog that helps the community. Y’all rock!
You can find Tendenci’s transparency reports at https://www.tendenci.com/transparencyreporting/
What’s next? We would love to hear from you about your best practices for data retention. If you are willing to share, please post those in the Tendenci forums.