Tendenci – The Open Source AMS Blog
Community Blog for Open Source AMS Makers
Due to electrical maintenance in our offices, there may be short interruptions in accessing your development sites that are hosted in our office today, 4/14/08, between 5:30 PM and 6:00 PM CST.
This will only affect sites with a http://yourdomain.schipul.net URL.
For additional questions, contact support@tendenci.com or 281-497-6567 ext. 411.
Ever wanted to create an event, show it to everyone, but
only give access to a privileged few? Create events and protect the event with a unique password for each one. These events will display as regular events
do but the event can only be registered for and details can only be viewed if
you’re equipped with the super secret password.
We wanted our clients to know that security researchers discovered cross site scripting vulnerabilities in numerous Tendenci modules yesterday. Specifically a munged URL could be used in spam creating a link that looked legitimate. When a user clicked that link it would have then redirected them to a different site as intended by the bad guy.
The vulnerabilities have been patched and our programming team is continuing to test our security functions.
The timeline was we were contacted by security researcher Russ and Secunia yesterday morning. The patches were posted live on the server farm within hours.
Our biggest take away is a sense of gratitude for security researchers who help us keep our products and the Internet secure. It can be a thankless task so to be clear our position is THANK YOU!
FAQ:
Q: Did we lose any data?
A: No.
Q: Did any of our secure content get accessed?
A: No.
Q: Did any spammers take advantage of the cross site scripting vulnerabilities to redirect users?
A: We are researching this. So far we have only seen the safe tests run by the security researchers.
Q: What else do I need to do?
A: Nothing at this time. We have security as our top priority and will continue to do so.
Thanks,
Jennifer Brooks
UPDATE:
We are very pleased to read Russ’ post about our quick response to the Cross Site Scripting vulnerability, entitled ‘Fastest Fix in the West: a vendor’s excellent response’. We are amazingly passionate about Security, our software and our amazing Clients – so this recognition means a lot. Here’s an excerpt of his post:
Rare is the occasion when one who researches and responsibly reports
web application vulnerabilities is met with an open, immediate,
consumer oriented response from a vendor. But so it was when I let the
folks who develop Tendenci, a Schipul offering, know about a few XSS
issues… To Schipul I say well done, extremely well done, and thank you…. (read the rest of the post)
Our current tendenci help files is in the process of being transfered to a new and improved help files module. What does this mean? Question and answer format, easily request a help file, better searching capabilities, new stream-line interface, and the ability to use the module on your own tendenci web site! Here is a screenshot of the new module:
Some features for administrators:
We had a really great Tendenci User Conference this year – thanks to our amazing clients and partners! With around 100 attendees, there was a lot of connecting, knowledge sharing and Tendenci feedback going on.
For those who couldn’t make it this year (we missed you), we have uploaded our presentations from both the Tendenci User Conference and the Web Marketing Bootcamp training sessions. Definitely check them out online!
Also be sure to take a peek at our User Conference photos and Anniversary party photos. We had a really great time – especially as this was the first time that many of us got to meet clients that we spoke to so regularly. Can’t wait to see you all next year!
Great news! We are holding our very first annual Tendenci User Conference on Friday, September 28th (you can register online here).
This will be a great chance for you to connect with other users, learn more about the Tendenci software and help us grow the Tendenci software with your ideas and insights.
The User Conference will give you some face-to-face time with our teams, not to mention provide you with a chance to meet and interact with other Tendenci users. Some topics that will be discussed:
We’ve also got other events going on around the Tendenci User Conference that you should know about (and hopefully attend!):
Web Marketing Bootcamp – A day full of intensive training sessions covering Web marketing, Search Engine Marketing, Social Media and more! These sessions will be a little more advanced than our normal Tendenci training curriculum – so get ready for a great mental workout and come with questions!!
Breakfast With Ed – A pre-conference morning kick-off event with Ed Schipul and team. This will be a laidback breakfast and coffee hour to get yourself revved up for the day’s events and have a little one-on-one with some of our team.
Tendenci 10-Year Anniversary ‘Thank You’ Party!!! – Join the Schipul gang, family and friends for a celebratory ‘Thank You’ party in honor of 10 great years!
Knowledge is power – especially on the Web where a good understanding of your site’s traffic patterns can mean the difference between growing your business and staying stagnant.
Tendenci’s built-in statistical reporting utilities enable you to learn what content is the most popular on your site, see how your email distribution lists have grown, how many contacts you have received through your site and much, much more.
Check out these great help files for more information on your Web site’s event logs:
Thanksgiving has already passed (can you believe it?!?) and we are officially knee-deep in the Holiday season.
As hectic as these weeks may be, we want to be sure that you know how grateful we are for clients like you. We are honored to work with you and wish you a peaceful and prosperous remainder of 2006.
Need help or have any questions during the last few days of 2006? Give us a call at (281) 497.6567.
The earlier distributed denial of service (ddos) attack has been thwarted. To help reduce the chances of web services being affected by such attacks in the future Schipul has added more redundant name servers to the network. If we have access to your registrar we have made these updates for you. If we don’t have access to your registrar please add the new name servers, as primary NS2.DNSPARK.NET, and NS4.DNSPARK.NET as your third name server.
If you are able to list all five the sequence should be NS2.DNSPARK.NET, NS1.DNSPARK.NET, NS4.DNSPARK.NET, NS3.DNSPARK.NET, and NS5.DNSPARK.NET.
Sparklines are one of my favorite additions to Tendenci. Within the "articles search" section of any Tendenci website, you will see a small line graphic that shows the up and down viewing trends of a particular article. Holding your cursor over the graphic will review an "ALT Tag" that shows the highest viewing an article has received since the article was created. (Please refer to the image on the left as an example.)
Edward R. Tufte defines sparklines as: "datawords" – data-intense, design simple, word-sized graphics.
Within a second you can tell if an article is "sporadically viewed", "a growing trend", "steadily viewed", or
"not viewed at all". This also helps to communicate simple interactive relationships. For example, "How much does viewership declines when an article is made member-only view?" I have included an image (click to enlarge) to help demonstrate the effects of an article that requires a "log-in".
The sparkline graphic also includes a "highest reads point (green dot)", a "lowest reads point (blue dot)" and a current position marked by the red dot. The visualization that is produced from the small graphics may help an organization better understand the growing needs of the membership and the hot topics of the day. Thanks to Jenny Qian for her work on integrating sparklines into Tendenci.