Celebrating International Women’s Day

Today is International Women’s Day. It is great to see the support of so many different companies behind International Women’s Day. Tendenci, which has historically had far more women in the role of Programming Manager, and which currently has far more women than men on our team, we obviously agree.

Google has a great video worth watching on International Women’s Day:

We love y’all.

On a personal note (this is Ed typing) it’s hard to believe it’s been over a year since I photographed the Women’s March in San Francisco in late 2016. Y’all just keep rocking. Please!?

Photos from the Womens March in SF
Women’s March SF 2017


Tendenci AMS API Integration

Python Rules

For more on The Open Source AMS integration via API visit our AMS API Helpfile

Tendencithe Open Source AMS is unique in that it is fully open source. However at times people would prefer to use an API to pull specific information. For that Django has several API integrations for your Association Management System such as:

django-tasty-pie is a REST based API to your AMS
The Django Rest Framework is also something the Tendenci community has been discussing switching to it as well.

API’s aren’t mutually exclusive after all, right? You have options.

There are legitimate reasons to use an API. Examples include integration between a legacy mainframe system, ecommerce, or a development team that has chosen a different platform such as .NET or PHP.

Tendenci doesn’t meet all of the functional requirements for everyone by design. Instead we work with great technology like machine learningThe open AMS community isn’t focused on reinventing the wheel. It just doesn’t make economic sense for a non-profit, or even a for profit company, to reinvent Amazon.com or Ebay.com. This is particularly true if you are causes-based association or non-profit given the expense.

Does Tendenci AMS work with other providers? Absolutely. Any provider with an API or that supports SSO or RSS or has their own technology like google tag manager.

Non profits don’t have money to waste. Therefore we aligned our product to major industry supported technology.

Our technology stack as of 2018 is:

  1. Tendenci
  2. Django Web Framework
  3. Javascript and jquery
  4. Bootstrap CS
  5. Python Programming Language
  6. Postgres Database with GIS
  7. Docker Containers
  8. Ubuntu

For more on The Open Source AMS integration via API visit our AMS API Helpfile or read up on everything Tendenci Works With. Or if you aren’t into open source, there are definitely alternatives to Tendenci.

If you do pick an alternative, we suggest you consider Security FIRST and go from there.

What a DDoS attack to an Association Looks Like

The following graphs show what a Distributed Denial of Service (DDoS) attack on an association looks like. The names, rates and volume of the association have been blurred for security reasons. We are thankful to AWS for their own defenses in front of ours, which  help us mitigate these issues.

responding to ddos attacks as best we can
active response to mitigate attacks

Note: The  graphic above, is filtered for a 24 hour span for one client. The infrastructure is in place, and highly redundant, so we can monitor and keep our clients safe. For clients in the US or hosted in other countries (we have multiple Tendenci clouds as needed.)

Note 2: Make no mistake – If a bad-actor has the budget – they can and will purchase enough bots to take a site down. This is well documented. Even our resources at AWS are limited in what they can handle. Budget (yes BUDGET) accordingly. 

Equifax Breach via Apache Struts Framework

(This is a cross post from our CEOs personal blog. Note that Tendenci sites do NOT use Apache and the vulnerabilities in Equifax’s implementation of Apache Struts do NOT impact your Tendenci site. Still be aware that nothing is is 100% secure so stay vigilant and be prepared friends!)

As reported last Friday, the 2017 Equifax personal credit reporting agency had a data breach of 143 Million people’s identities. It started in May 2017 and is just now (August 2017) being disclosed. It is going to impact all of us. Sources:

  1. Equifax data leak could involve 143 million consumers
  2. PSA: no matter what, Equifax may tell you you’ve been impacted by the hack
  3. Did Lack of Visibility into Apache Struts Lead to the Equifax Breach?

From the second article on the Equifax breach linked above, this portion really galls me:

… not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.

It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.

Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.

The following phrase alone, if true, combined with Equifax literally trying to monetize their security errors, is what gives capitalism a bad name:

The wording is such that anyone signing up for the product is barred from suing the company after.

I have to believe the Equifax PR team is working for PharmaBro or Putin trying to make them look good in comparison.

Note: Equifax has changed the indemnification, but only under duress imho. Furthermore 30 days free credit monitoring by the company that released your data and then you will have to pay monthly still seems wrong. But to be fair, here is their update:

Questions continue to be raised about the arbitration clause and class action waiver language that was originally in the terms of use for the free credit file monitoring and identity theft protection products that we are offering called TrustedID Premier.
(Editor: well ya, duh!?)

We have removed that language from the TrustedID Premier Terms of Use and it will not apply to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself. The arbitration language will not apply to any consumer who signed up before the language was removed.
(Editor: but did you fire the person who did it in the first place?)

I get it. Nothing is secure. If the NSAs hacking tools get stolen and OPM loses all of the data on security clearance checks on our own people, then truly nothing is safe. I get it.

What I do not understand is a company as large as Equifax not being prepared for something like this. That Equifax did not announce it promptly. That Equifax executives sold stock before announcing it. That Equifax then attempted to indemnify themselves. That Equifax is using the crisis to sell a monitoring service that you have to pay for after 30 days. A service to monitor YOUR data that THEY lost control of!

This boggles the mind of a PR Professional.

The Internet was not built for e-commerce – it was built for knowledge sharing in a “walled garden”. Therefore keeping sites secure is not possible. Any security professional will tell you best practice is to white-list good guys (selective inclusion) as opposed to trying to find every attack and block it. Therefore the difficulty at a high level is primarily in identifying and blocking bad actors.

I hate to say it folks, but we are playing whack-a-mole with your identity and money.  It will always be an uphill battle to maintain security on the Internet and you will never ever be 100% safe.

As reported by Black Duck (awesome people btw), the specifics of the attack on Equifax are currently easily exploitable on similar sites. This is like Hurricane Harvey – it’s not even close to over.

The Incredible Growth of Python – StackOverflow

growth of python programming language

Python, the language used to program TendenciThe Open Source AMS, continues it’s meteoric rise in the world of developers. And where the developers go is where the rest of us go. Thus Python’s rise matters. And it benefits every Tendenci user, self hosted or hosted with our small company (same software either way).

IEEE Spectrum rates the languages by its readers as follows:

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four—Python, CJava, and C++—all remain very close in popularity.

StackOverflow, a go-to site for pretty much every programmer and sysadmin out there, has a new blog post up on the incredible growth of the Python Programming Language. Python is of course the programming language used in Tendenci – The Open Source AMS. From the Stack Overflow post:

June 2017 was the first month that Python was the most visited tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time.

They have numerous charts to back up the data, but these two in particular paint a telling picture.

From Stack Overflow – the current tag questions viewed:

Growth of Python Programming Language
StackOverflow – The Incredible Growth of Python

Perhaps even more impressive is the projection on the continued growth of Python. Just WOW!

growth of python programming language
Python – Incredible growth with developers

The above graphs should give you confidence in your choice of using Tendenci as your AMS as the developers are not only there, but growing. Given Tendenci is fully open source (this is different from “free trial” AMS systems which are NOT actually FOSS (Free and Open Source Software). Wikipedia describes the difference as:

(FOSS means) anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve the design of the software.[3] This is in contrast to proprietary software, where the software is under restrictive copyright and the source code is usually hidden from the users.

Many of our competitors who are NOT Open Source and not true FOSS which can sometimes confuse people. I’ll do a future post on examples of sometimes misleading representations by AMS systems that are not “actually” Free and Open Source (FOSS)  as defined on Wikipedia.

The good news is with the growth of Python, it only make sense that developers will look at and many will join in to help the community improve the software as they join associations themselves.

We’ve written about why we chose Python over PHP to develop Tendenci open source several times. Correctly choosing the open source stack gives us, and everyone in the community, confidence to see the trends predicted correctly. It wasn’t rocket science – we just listened to our team, we listened to younger developers, and most importantly we listened to our clients on what the future was/is going to be.

And associations are kind of a big deal and they can’t use minimum viable products.

Why are associations unwilling to accept apps that meet only minimal requirements? Um… because they started as Guilds and go back to Medieval times. From Britannica on Guilds and Trade Associations:

Guildalso spelled gild , an association of craftsmen or merchants formed for mutual aid and protection and for the furtherance of their professional interests. Guilds flourished in Europe between the 11th and 16th centuries and formed an important part of the economic and social fabric in that era.

and Britannica goes on….

… associations are known to have existed in ancient Rome, however, where they were called collegia. These craft guilds seem to have emerged in the later years of the Roman Republic. They were sanctioned by the central government and were subject to the authority of the magistrates.

This is a huge topic of course. Just know that Tendenci is the ONLY top ranked AMS system that is truly FOSS. Unlimited admins, users, contacts – you can self host or if hosted with us we only charge for processing power. Got 1M users and contacts and 50 admins? No problem. And the growth of Python assures your continued freedom from vendor lock-in no matter what.

#peace and happy (Python) programming y’all!

Why Tendenci Chose Python over PHP

Note: this is a repost from the eschipul.com blog.

This blog is a WordPress blog written in PHP. And WordPress, which is written in PHP is a great platform when secured properly.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

Python Growing in Academia
Why Python instead of PHP for Tendenci

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure

programming vulnerabilities
Vulnerabilities in each language

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf


Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

Addendum: As I post this on the Tendenci Blog. Given we focus on non-profits, associations, memberships, education, medical, religious – basically the do-good cause-based organizations, I believe it is particularly important that the project is as transparent as possible. Sometimes it is healthy to inform everyone of WHY we made a decision seven years ago. Python was the right call.

Tendenci Exports – Plus Easy Ways to Make Static Copies of Your Site

Today’s Tendenci community knowledge share. Here are three very easy free or low cost methods of making a static copy a web site. Use with caution, just know you have the power.

On Windows you can use HTTrack https://www.httrack.com/

Download a static version of a web site to your PC

On a Mac computer you can use sitesucker ($5) http://ricks-apps.com/osx/sitesucker/index.html

SiteSucker to download a static site to your Mac Computer
SiteSucker to download a static site to your Mac Computer

On the go? You can also use sitesucker from the app store to download to your iphone or ipad for $2 http://ricks-apps.com/ios/sitesucker/index.html

Use IOS to download your site for $2
Use IOS to download your site for $2

Of course for structured data in Tendenci, there are TONS of ways to export including exporting a copy of your entire database. There are help files on common exports like How to export your membership . There are too many options to list them all, but I’d encourage you to visit the support center or just google “tendenci exports” for more.

If you are on version 5 and want to “kick the tires” on Tendenci version 7, use https://demo.tendenci.com – you can login here https://demo.tendenci.com/accounts/login/ using “admin/admin” or “user/user”. It does reset every hour or so because of spammers but you can still get a feel for it. A HUGE upgrade from version 5.

Tendenci Admin Default Dashboard
Tendenci Admin Default Dashboard

There is also a previous post on making a static copy of your site here that is a bit more technical as well.

Why do we point out all of the ways to copy your Tendenci site (or most sites really)? Doesn’t that make it easier to leave?

Yes. Yes it does. BUT people rarely leave. Or if they do, they typically stay on Tendenci and self host. They’re still part of the Tendenci community which helps us all.

Another reason we promote exports and offsite backups is because we know the more freedom you have, realizing you have that freedom especially on the Tendenci open source platform, makes it less likely for clients to leave.

Think about it. Why would anyone who actually understands their product is open, does far more than other options, is lower cost, and they can self host if they want… why would that person make the decision to leave? It’s illogical.

I mean, who wants to be the President of an Association that takes it backwards in time to proprietary technology or an older open source software built on an unpopular programming language? That’s not in the best interests of the association long term.

Tendenci is written in Python and uses Java and Javascript libraries. This linked chart says it all.


Popular programming languages means more coders for open source projects written in that language. And more capable people to modify and customize your install if you choose.

One of our goals is FREEDOM from the tyranny of per-user-licensing, proprietary products that want to own YOUR DATA, long term contracts, sites that post your events on THEIR site so if you leave then the history of that event is gone in the blink of an eye. Companies don’t own your data and they shouldn’t trap you.

We think that is unethical and just wrong.

Membership Management Software should be Open Source, Accessible, Responsive, and Search Engine friendly by default. Tendenci does all of those things.

Further we believe that Open Source Membership Management Software should be written in a Modern Programming Language like Python (watch out for bunnies) and the software should documented and open source (free, as in beer.) Even the US Government likes Open Source!

Want to change something? Get involved! Post on the forums at https://ww.tendenci.com/forums or post an issue at https://github.com/tendenci/tendenci/issues . If you are a programmer or into documentation, submit a pull request.

We make it easy to leave because we hope you don’t. Hence Tendenci has an incredibly low churn rate. That creates stability you can count on.


Cloud Server Upgrades in Progress

Clouds from a trip a long time ago...
Clouds from a trip a long time ago…

For the few night owls out there, you may have noticed your sites going offline for 5 to 10 minutes at some point in the middle of the night. Well, some good news! We are in the process of upgrading the Tendenci cloud servers to further increase response time to serve you better.

If you notice anything unusual please contact us at https://helpdesk.tendenci.com

Follow along on this blog, the Tendenci forums or on github. We’d love your input as we set the milestones for Tendenci 8 even while we are still working on Tendenci 7.1.x.  Your voice matters, you are the ones who we are listening to. And it is your input that sets the roadmap for Tendenci.

We appreciate you. And we believe you will appreciate the performance upgrades as we finish the night-shift updates throughout the week and wrapping up next weekend.

Thank You!

Elon Musk on Work Ethic

“Constantly seek criticism. … A well thought out critique of whatever you are doing is as valuable as gold.”- Elon Musk


“If you do the simple math, if somebody else is working 50 hours and you are working 100, you’ll get twice as much done in the course of a year as the other company.”

“Just work like hell. You’ve gotta put in 80, 100 hour work weeks.” – Elon Musk

“Starting a business. Number 1 is having a high pain threshold.” – Elon Musk

“You are always going to buy the trusted brand unless there is a BIG difference.” – Elon Musk

“Constantly seek criticism. … A well thought out critique of whatever you are doing is as valuable as gold.” – Elon Musk

“Usually your friends know what is wrong. They don’t want to tell you because they don’t want to hurt you. … Usually your friends are right. …. You should take the approach that as an entrepreneur you are wrong. You want to be less wrong.” – Elon Musk

#listen #endure #powerthrough #succeed

Tendenci Transformation – The Right Choices for the Future

We’ve had a lot of crucial conversations lately about decisions that we made between 2006 and 2010. Yup, really. We are explaining now about how we are possibly too far ahead of the curve and why if you give it a bit of time, it will make you look like a rock-star.

MobileGeddon being a great example of how our early adopters are benefiting the absolute most!


Python for the Win!

Source: Python is Now the Most Popular Introductory Teaching Language at Top U.S. Universities

We started using Python, the programming language named after Monty Python, in 2004 if not earlier. We first tested Pinax in 2008 if not earlier under J who was running our programming team.

We used Python extensively in our old environment to move files and push out content to our sites. Tasks that are now done by Puppet and Chef and Docker-Compose. We rolled our own using Python on Windows.

So for the curious, that explains why we have this huge depth of knowledge on Python programming dating back to when nobody heard of it. We’ve had to train numerous graduates of Tech, UofH, Aggies, Rice, Penn State, etc, what Python even was!

But that is all ancient history. Why? Because Python is now number 1!


It’s hard to predict the future. We started out writing our own compete web framework in ASP. We were too early in 2001. PHP soon arrived and, being basically identical but open source, the outcome was PHP won. It should have, and did, win. We were too early. But with timing there is also a bit of luck.

I’ll do another post about GIS and mapping and why our move to strictly Postgres with GIS enabled is working out so well. Another post. And I’ll edit this one with links soon. Just needed to get the content out.

Screen Shot 2015-05-12 at 3.28.36 PM

Bootstrap3. – Because we know that we take gambles on technology and they have an impact. On you. And that is serious business. We take it seriously as evidenced by our decision to shut down Windows in line with Microsoft’s EOL policies. These are hard choices. Crucial Conversations. We’re the messenger.

And we CARE about YOU. Our clients. The future is bright. We picked our technology future amazingly well. Too well, so now perhaps our problems is more one of resources. And we’ll work through that.

Thank you. If I can leave you with one thought – it is this. THANK YOU! For those who stuck with us, WOW, um… our position for search and the future is crazy good. Open Source means freedom. Results mean donations and sales. Software means sustainable business models.

We appreciate you. Yes closure for some was hard. We wish you the best. We appreciated your time with us while it lasted longer than a Honda. As some depart and some charge forward, I’m especially excited about those who chose to charge forward.

We, you and us, we didn’t “guess” right. We did our homework and validation came ironically on April 21, the same day mobilegeddon hit and our Tendenci 6 clients jumped up in the search rankings. Luck? Hard work? I don’t know.

What do I know? I know how to serve. I serve y’all.