Today is International Women’s Day. It is great to see the support of so many different companies behind International Women’s Day. Tendenci, which has historically had far more women in the role of Programming Manager, and which currently has far more women than men on our team, we obviously agree.
Google has a great video worth watching on International Women’s Day:
Non profits don’t have money to waste. Therefore we aligned our product to major industry supported technology.
Our technology stack as of 2018 is:
Django Web Framework
Python Programming Language
Postgres Database with GIS
For more on The Open Source AMS integration via API visit our AMS API Helpfile or read up on everything Tendenci Works With. Or if you aren’t into open source, there are definitely alternatives to Tendenci.
If you do pick an alternative, we suggest you consider Security FIRST and go from there.
The following graphs show what a Distributed Denial of Service (DDoS) attack on an association looks like. The names, rates and volume of the association have been blurred for security reasons. We are thankful to AWS for their own defenses in front of ours, which help us mitigate these issues.
Note: The graphic above, is filtered for a 24 hour span for one client. The infrastructure is in place, and highly redundant, so we can monitor and keep our clients safe. For clients in the US or hosted in other countries (we have multiple Tendenci clouds as needed.)
Note 2: Make no mistake – If a bad-actor has the budget – they can and will purchase enough bots to take a site down. This is well documented. Even our resources at AWS are limited in what they can handle. Budget (yes BUDGET) accordingly.
(This is a cross post from our CEOs personal blog. Note that Tendenci sites do NOT use Apache and the vulnerabilities in Equifax’s implementation of Apache Struts do NOT impact your Tendenci site. Still be aware that nothing is is 100% secure so stay vigilant and be prepared friends!)
From the second article on the Equifax breach linked above, this portion really galls me:
… not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.
It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.
Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.
The following phrase alone, if true, combined with Equifax literally trying to monetize their security errors, is what gives capitalism a bad name:
The wording is such that anyone signing up for the product is barred from suing the company after.
I have to believe the Equifax PR team is working for PharmaBro or Putin trying to make them look good in comparison.
Note: Equifax has changed the indemnification, but only under duress imho. Furthermore 30 days free credit monitoring by the company that released your data and then you will have to pay monthly still seems wrong. But to be fair, here is their update:
(Editor: well ya, duh!?)
(Editor: but did you fire the person who did it in the first place?)
I get it. Nothing is secure. If the NSAs hacking tools get stolen and OPM loses all of the data on security clearance checks on our own people, then truly nothing is safe. I get it.
What I do not understand is a company as large as Equifax not being prepared for something like this. That Equifax did not announce it promptly. That Equifax executives sold stock before announcing it. That Equifax then attempted to indemnify themselves. That Equifax is using the crisis to sell a monitoring service that you have to pay for after 30 days. A service to monitor YOUR data that THEY lost control of!
This boggles the mind of a PR Professional.
The Internet was not built for e-commerce – it was built for knowledge sharing in a “walled garden”. Therefore keeping sites secure is not possible. Any security professional will tell you best practice is to white-list good guys (selective inclusion) as opposed to trying to find every attack and block it. Therefore the difficulty at a high level is primarily in identifying and blocking bad actors.
I hate to say it folks, but we are playing whack-a-mole with your identity and money. It will always be an uphill battle to maintain security on the Internet and you will never ever be 100% safe.
Python, the language used to program Tendenci – The Open Source AMS, continues it’s meteoric rise in the world of developers. And where the developers go is where the rest of us go. Thus Python’s rise matters. And it benefits every Tendenci user, self hosted or hosted with our small company (same software either way).
They have numerous charts to back up the data, but these two in particular paint a telling picture.
From Stack Overflow – the current tag questions viewed:
The above graphs should give you confidence in your choice of using Tendenci as your AMS as the developers are not only there, but growing. Given Tendenci is fully open source (this is different from “free trial” AMS systems which are NOT actually FOSS (Free and Open Source Software). Wikipedia describes the difference as:
(FOSS means) anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve the design of the software. This is in contrast to proprietary software, where the software is under restrictive copyright and the source code is usually hidden from the users.
The good news is with the growth of Python, it only make sense that developers will look at and many will join in to help the community improve the software as they join associations themselves.
We’ve written about why we chose Python over PHP to develop Tendenci open source several times. Correctly choosing the open source stack gives us, and everyone in the community, confidence to see the trends predicted correctly. It wasn’t rocket science – we just listened to our team, we listened to younger developers, and most importantly we listened to our clients on what the future was/is going to be.
Why are associations unwilling to accept apps that meet only minimal requirements? Um… because they started as Guilds and go back to Medieval times. From Britannica on Guilds and Trade Associations:
Guild, also spelled gild , an association of craftsmen or merchants formed for mutual aid and protection and for the furtherance of their professional interests. Guilds flourished in Europe between the 11th and 16th centuries and formed an important part of the economic and social fabric in that era.
and Britannica goes on….
… associations are known to have existed in ancient Rome, however, where they were called collegia. These craft guilds seem to have emerged in the later years of the Roman Republic. They were sanctioned by the central government and were subject to the authority of the magistrates.
This is a huge topic of course. Just know that Tendenci is the ONLY top ranked AMS system that is truly FOSS. Unlimited admins, users, contacts – you can self host or if hosted with us we only charge for processing power. Got 1M users and contacts and 50 admins? No problem. And the growth of Python assures your continued freedom from vendor lock-in no matter what.
So why did our team choose to rewrite TendenciOpen Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.
Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.
To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.
So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!
Addendum: As I post this on the Tendenci Blog. Given we focus on non-profits, associations, memberships, education, medical, religious – basically the do-good cause-based organizations, I believe it is particularly important that the project is as transparent as possible. Sometimes it is healthy to inform everyone of WHY we made a decision seven years ago. Python was the right call.
Why do we point out all of the ways to copy your Tendenci site (or most sites really)? Doesn’t that make it easier to leave?
Yes. Yes it does. BUT people rarely leave. Or if they do, they typically stay on Tendenci and self host. They’re still part of the Tendenci community which helps us all.
Another reason we promote exports and offsite backups is because we know the more freedom you have, realizing you have that freedom especially on the Tendenci open source platform, makes it less likely for clients to leave.
Think about it. Why would anyone who actually understands their product is open, does far more than other options, is lower cost, and they can self host if they want… why would that person make the decision to leave? It’s illogical.
I mean, who wants to be the President of an Association that takes it backwards in time to proprietary technology or an older open source software built on an unpopular programming language? That’s not in the best interests of the association long term.
Popular programming languages means more coders for open source projects written in that language. And more capable people to modify and customize your install if you choose.
One of our goals is FREEDOM from the tyranny of per-user-licensing, proprietary products that want to own YOUR DATA, long term contracts, sites that post your events on THEIR site so if you leave then the history of that event is gone in the blink of an eye. Companies don’t own your data and they shouldn’t trap you.
For the few night owls out there, you may have noticed your sites going offline for 5 to 10 minutes at some point in the middle of the night. Well, some good news! We are in the process of upgrading the Tendenci cloud servers to further increase response time to serve you better.
Follow along on this blog, the Tendenci forums or on github. We’d love your input as we set the milestones for Tendenci 8 even while we are still working on Tendenci 7.1.x. Your voice matters, you are the ones who we are listening to. And it is your input that sets the roadmap for Tendenci.
We appreciate you. And we believe you will appreciate the performance upgrades as we finish the night-shift updates throughout the week and wrapping up next weekend.
“Constantly seek criticism. … A well thought out critique of whatever you are doing is as valuable as gold.”- Elon Musk
“If you do the simple math, if somebody else is working 50 hours and you are working 100, you’ll get twice as much done in the course of a year as the other company.”
“Just work like hell. You’ve gotta put in 80, 100 hour work weeks.” – Elon Musk
“Starting a business. Number 1 is having a high pain threshold.” – Elon Musk
“You are always going to buy the trusted brand unless there is a BIG difference.” – Elon Musk
“Constantly seek criticism. … A well thought out critique of whatever you are doing is as valuable as gold.” – Elon Musk
“Usually your friends know what is wrong. They don’t want to tell you because they don’t want to hurt you. … Usually your friends are right. …. You should take the approach that as an entrepreneur you are wrong. You want to be less wrong.” – Elon Musk
We’ve had a lot of crucial conversations lately about decisions that we made between 2006 and 2010. Yup, really. We are explaining now about how we are possibly too far ahead of the curve and why if you give it a bit of time, it will make you look like a rock-star.
MobileGeddon being a great example of how our early adopters are benefiting the absolute most!
We started using Python, the programming language named after Monty Python, in 2004 if not earlier. We first tested Pinax in 2008 if not earlier under J who was running our programming team.
We used Python extensively in our old environment to move files and push out content to our sites. Tasks that are now done by Puppet and Chef and Docker-Compose. We rolled our own using Python on Windows.
So for the curious, that explains why we have this huge depth of knowledge on Python programming dating back to when nobody heard of it. We’ve had to train numerous graduates of Tech, UofH, Aggies, Rice, Penn State, etc, what Python even was!
But that is all ancient history. Why? Because Python is now number 1!
It’s hard to predict the future. We started out writing our own compete web framework in ASP. We were too early in 2001. PHP soon arrived and, being basically identical but open source, the outcome was PHP won. It should have, and did, win. We were too early. But with timing there is also a bit of luck.
I’ll do another post about GIS and mapping and why our move to strictly Postgres with GIS enabled is working out so well. Another post. And I’ll edit this one with links soon. Just needed to get the content out.
Bootstrap3. – Because we know that we take gambles on technology and they have an impact. On you. And that is serious business. We take it seriously as evidenced by our decision to shut down Windows in line with Microsoft’s EOL policies. These are hard choices. Crucial Conversations. We’re the messenger.
And we CARE about YOU. Our clients. The future is bright. We picked our technology future amazingly well. Too well, so now perhaps our problems is more one of resources. And we’ll work through that.
Thank you. If I can leave you with one thought – it is this. THANK YOU! For those who stuck with us, WOW, um… our position for search and the future is crazy good. Open Source means freedom. Results mean donations and sales. Software means sustainable business models.
We appreciate you. Yes closure for some was hard. We wish you the best. We appreciated your time with us while it lasted longer than a Honda. As some depart and some charge forward, I’m especially excited about those who chose to charge forward.
We, you and us, we didn’t “guess” right. We did our homework and validation came ironically on April 21, the same day mobilegeddon hit and our Tendenci 6 clients jumped up in the search rankings. Luck? Hard work? I don’t know.
What do I know? I know how to serve. I serve y’all.