Introducing Tendenci All In-One Open Source AMS Software Solution available in AWS Marketplace

This is an exciting time for Tendenci as every developer in the world can now deploy Tendenci software in AWS Marketplace!

Thanks to our relationship with Amazon Web Services AWS, developers can finally launch an instance with one click deployment of a site for your Nonprofit or Association!

Find out more here.

Tendenci Official AMI https://aws.amazon.com/marketplace/pp/B087XX3NLS

Check out Tendenci AMI (Amazon Machine Image) https://aws.amazon.com/marketplace/pp/B087XX3NLS

Learn more about Tendenci – The Open Source Association Management Software.

Tendenci – The Open Source AMS Market Projection is Thriving WorldWide

 

It is great to see again an independent third party rank Association Management Software from a global perspective. As a part of the Tendenci AMS Community, we will let the summary from HTF on market growth and Tendenci’s Global Share speak for itself. 

Tendenci – The Open Source AMS continues to grow globally, we believe, because it is a community much more than anything else. Open Source is the voice of the people – a shared language that brings us together. 

Click here for full story.

BY WILLIAM ANDERSON ON OCTOBER 30, 2019 – HTF

WhatsApp Zero-Day Vulnerability

WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones.

Though the exact number of targeted WhatsApp users is not yet known, WhatsApp engineers did confirm that only a “select number” of users were targeted by the NSO Group spyware using this vulnerability.

Read The Hacker News here.

Photo by pixabay.com

Why Tendenci Chose Python over PHP

Note: this is a repost from the eschipul.com blog and also lives as a help file on Tendenci.

This blog is a WordPress blog written in PHP. And WordPress, which is written in PHP is a great platform when secured properly.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

Python Growing in Academia
Why Python instead of PHP for Tendenci

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure

programming vulnerabilities
Vulnerabilities in each language

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

security-report

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

Addendum: As I post this on the Tendenci Blog. Given we focus on non-profits, associations, memberships, education, medical, religious – basically the do-good cause-based organizations, I believe it is particularly important that the project is as transparent as possible. Sometimes it is healthy to inform everyone of WHY we made a decision seven years ago. Python was the right call.

to use “www” or not to use a hostname and just go to the apex domain?

Stop using URLs without the www or some other prefix. They are not your canonical domain (so sayeth Google) and in fault tolerant networks they aren’t scalable (so sayeth Amazon and every other cloud provider.)

In the old days we had physical servers with specific IP addresses and the server routed a visitor to the correct site. Ah, the good old days. Now everything is flipped. In the cloud we use multiple smaller virtual servers and your web site can literally exist in different places at the same time. That means your IP address can be different at any moment.

So without getting too much into the cloud magic, one thing it does require to help future proof your site is for people to use a “real” URL for their website.

WAIT! Chill out, it’s not the end of the world. It’s not like https://www.tendenci.com doesn’t redirect to https://www.tendenci.com – no need to change your business cards or letterhead. But your “canonical name” includes a hostname (the “www” or “intranet” or “webmail” parts of the name.)

What you do NOT want to do is insist on blah.blah because it will, I promise you, come back to hurt you in the near future. It’s the Internet – things change. So we change with them.

From: https://blogs.akamai.com/2016/01/make-your-infrastructure-vanish.html

Root domain redirects

Let’s assume a user is navigating to your website www.acme.com. However instead of typing www.acme.com, they only type acme.com. Time to get a little technical. Hostnames are connected to a DNS based CDN like Akamai via a CNAME, which is a type of DNS entry that aliases the IP address resolution of one hostname to another hostname. For example www.acme.com could CNAME to webserver.acme.com and when resolving www.acme.com, DNS would follow the resolution chain of webserver.acme.com. For a fully qualified hostname like www.acme.com, you create a CNAME that will resolve to a hostname your CDN controls, which intern directs users to a CDN server that will serve your user. However it’s not possible to create a CNAME for a root domain like acme.com. It must have an A record, which resolves to an IP address. To get around this, many websites resolve their root domain to the IP address of their origin, and then have their origin server perform a HTTP redirect to their www hostname. This is another place your Origin can be revealed.

Can we hack a work around? Yes, in fact many clients still have “A” records that point to an IP address. Just know this is a case of “you’re doing it wrong.” Your registrar should do the redirect to a FQDN like www.tendenci.com and then have a CNAME record for it. It’s the future. And I’m just the messenger.

Google’s article on using canonical URLs also explains it quite well https://support.google.com/webmasters/answer/139066?hl=en

google-canonical-urls

Which goes on to explain:

While these systems make it more convenient to develop and distribute content, they cause some challenges when people use search engines to reach your page. For instance:

  • Consolidating link signals for the duplicate or similar content. It helps search engines to be able to consolidate the information they have for the individual URLs (such as links to them) on a single, preferred URL. This means that links from other sites tohttp://example.com/dresses/cocktail?gclid=ABCD get consolidated with links tohttps://www.example.com/dresses/green/greendress.html.
  • Tracking metrics for a single product/topic. With a variety of URLs, it’s more challenging to get consolidated metrics for a specific piece of content.
  • Determining the URL you want people to see. You prefer people reach your green dresses product page via https://www.example.com/dresses/green/greendress.html rather than https://example.com/dresses/cocktail?gclid=ABCD.
  • Addressing syndicated content. If you syndicate your content for publication on other domains, you want to consolidate page ranking to your preferred URL.

To address these issues, we recommend you define a canonical URL for content (or equivalent content) available through multiple URLs.

The good news? By fixing your DNS to NOT use the apex domain your web site is ready for the future and more fault tolerant today. It’s a good thing.

Tendenci Continues to Win and Retain Business Clients

Businesses That Use Tendenci

Tendenci’s growth makes it a great value for businesses focused on security and ease of use in a very robust open source project.

It is true that Tendenci is a very large open source project focused on the NPO sector, but value is value and businesses love Tendenci as well. How big is Tendenci? Login to the demo site to see for yourself at https://demo.tendenci.com (please remember the demo site resets every hour for spam prevention).

So it’s great to see all of these clients utilizing Tendenci and continuing to benefit from Open Source!

  1. Trendsetter Engineering Showcases Breadth of Services on their Tendenci 7.2 Responsive Site

    trendsetters-pic

  2. Subsea Technologies Inc. Offers Product Sales and Rentals for Underwater Operations using Tendenci Open Source Software

    Open Source for Business
    Subsea Technologies Launches Tendenci 7.2 site
  3. Ann Iverson Upgrades Online Presence with Mobile Tendenci Website

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  4. Brooks Acevedo Attorneys at Law Launch New Site to Educate Home Healthcare Provider

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  5. John Surtevant Launches Mobile Tendenci Site to Expand Market Reach

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  6. Harris Leasing Upgrades to Tendenci 7 to go Mobile Responsive Nationally

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software

Tendenci is flexible enough to let you turn off modules you don’t need, and SEO friendly enough to make it a great alternative to proprietary CMS systems.

  1. No Proprietary Technology Lock In
  2. No Long Term Contracts
  3. No “Named User” pricing to prevents “Knowledge Silos”
  4. Greater Functionality
  5. Open Source and an Open Community

These are all things that forward thinking companies, not just non-profits, are starting to realize. And the wave of technology continues to compound behind large open source projects like ours (the entire Tendenci community’s). So sayeth the data.

which_web_programming_language_is_the_most_secure_

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure