Bootstrap theming on Tendenci

Yes! You can change the look of your Tendenci website with the replacement of one word in your theme. We are excited to make this a reality for all Tendenci developers.

Tendenci News Feed Using Different Bootswatch Themes
Tendenci News Feed Using Different Bootswatch Themes

Tendenci is built on Bootstrap 3.x for optimal mobile-responsiveness. Use pre-built Bootswatch themes to customize your site.

The power of open source! The freedom to be you!!

knowledge of how to combine is the mother of all other forms of knowledge

If you run an Association, volunteer, join in, help, learn and participate – well – at Tendenci we think you are kind of a BIG DEAL! It’s easy at times to lose sight of the bigger picture when you are on the board of directors and planning the details for a fundraiser.  Please remember – we need you, we appreciate you, and YOUR CAUSE IS WORTH IT.

Alexis de ToquevilleI get asked why Tendenci is Open Source. My reply is to point to the role of associations in society.  The role of associations, your association management system as well, are both too important to survive the conflict of interest with purely commercial solutions. To clarify why this is so important to me, and I believe you, I can only quote those far more educated and eloquent then myself.

Alexis du Tocqueville viewed civil society as the third leg of the stool that allows democracies to function.

Americans of all ages, all stations of life, and all types of disposition are forever forming associations… In democratic countries knowledge of how to combine is the mother of all other forms of knowledge; on its progress depends that of all the others.

and further

Americans combine to give fêtes, found seminaries, build churches, distribute books, and send missionaries to the antipodes. Hospitals, prisons, and schools take shape in that way. Finally, if they want to proclaim a truth or propagate some feeling by the encouragement of a great example, they form an association.

In every case, at the head of any new undertaking, where in France you would find the government or in England some territorial magnate, in the United States you are sure to find an association…. I have often admired the extreme skill they show in proposing a common object for the exertions of very many and in inducing them voluntarily to pursue it.

Alexis du Tocqueville, Democracy in America (source)

Back in 1995 Senator Bill Bradley wrote “Democracy’s Third Leg.” and he described it in a similar manner.

CIVIL society is the place where Americans make their home, sustain their marriages, raise their families, hang out with their friends, meet their neighbors, educate their children, worship their God.

It lies apart from the realms of the market and the government, and possesses a different ethic.

and

Civil society, on the other hand, is the sphere of our most basic humanity — the personal, everyday realm that is governed by values such as responsibility, trust, fraternity, solidarity, and love.

…. There must also be a healthy, robust civic sector — a space in which the bonds of community can flourish. Government and the market are similar to two legs on a three-legged stool. Without the third leg of civil society, the stool is not stable and cannot provide support for a vital America.

Maya Angelou wrote one of my favorite poems which I believe relates. It is “A Brave and Startling Truth.”

Maya Angelou is of course a giant not just of our time, but of all time. She speaks of greatness in the form of unity and love. That is what Civil Society does. Associations, churches, clubs, political movements … all of these things are simply too important to our planet to NOT be open source. And we will come to it. YOU and your AMS software are too important to be locked in or cut off if a proprietary vendor chooses.

Quoting Senator Bill Bradley’s piece again, he states:

The language of the marketplace says, ”Get as much as you can for yourself.” The language of government says, ”Legislate for others what is good for them.” But the language of community, family, and citizenship at its core is about receiving undeserved gifts.

Building the Tendenci AMS community Open Source – giving you control – is how I handle the brutal truth that “we must confess that we are the possible. we are the miraculous.”

#peace

 

Amazon Email Relay Service Outage Resolved Feb 28, 2017

To our clients and end users hosted on the AWS (Amazon Web Services) Cloud – the email outage and partial S3 (storage) outage have been resolved per the Amazon status notification site https://status.aws.amazon.com/

AWS SES Status Update

Visit the AWS status blog at https://status.aws.amazon.com/ and the AWS subreddit at https://www.reddit.com/r/aws/ . AWS’s email outage is described in detail in the reddit post at https://www.reddit.com/r/aws/comments/5wphqj/amazon_s3_and_amazon_ses_are_down/

And as always please keep an eye on this blog for Tendenci updates.

Edit: for more coverage visit: http://www.cbsnews.com/news/amazon-web-services-cloud-outage-internet-crashes/

Mobile is 65% of Digital Time – comScore

Mobile is now 65% of time spent online leaving the Desktop with a paltry 35%.

ComScore has released their report 2016 US Cross-Platform Future in Focus which is summarized on marketingland.

comscore-mobile-vs-desktop-2016
Comscore Mobile App Report Summary

As marketingland states in their article, it’s not that the desktop doesn’t matter given most commerce still happens there. It is just that the buyers or donors started the journey with a search on a mobile device.

For the designers out there it is official that serving the clients means showing them the site on their mobile devices FIRST.

Mobile first design simplifies the information architecture process and focuses the team on outcomes. Focusing on your end users, the people googling your site on their iphone the vast majority of the time, is a success for everyone.

Mobile first changes the question from the ego-driven and outdated mindset of:

“How does my website look on the giant 4k monitor in the conference room?”

to a results oriented view of:

“Does this site reach our audience on their mobile devices effectively?”

Mobile first has been baseline for years. This data just confirms it once again.

Tendenci Responsive Design
Tendenci Mobile First AMS

Note: Tendenci, The Open Source AMS, is fully responsive across all viewports. If you are on an older version of Tendenci (v5 or earlier) we strongly recommend you talk to your developer to upgrade your site.

What is Software and what is a Theme?

New tendenci modules menu

I’ve gotten a few more questions on upgrading from Tendenci 5 to Tendenci 7. It seems we have been overzealous in explaining the changes at https://tendenci.readthedocs.io/en/latest/ and here and here and very extensively here. Perhaps too much info and too technical.

Listening to a client I realized that maybe “geek speak” on my part was part of the challenge. Definitions:

  1. Themes – The “theme” is the visual part of your site that makes you unique. When a major change happens, like the rapid growth in mobile traffic, it is not uncommon to have to purchase or pay to upgrade your theme with WordPress, Drupal or Tendenci.
  2. Software – The “software” stack is all of the functionality below the theme. Open source projects are driven by a community and most modules or add-ons strive to be backwards compatible.
  3. Game changers – sometimes a company like Apple will invent a “game changer” like the iphone. Awesome! Oh, but wait. You can’t write software that works on a device that either didn’t exist or was a tiny fraction of visitors to your site when you first deployed your theme.
  4. LTS Timelines – Who sets the timeline for LTS (Long Term Support) major releases? In Open Source it is driven by the community around a project. Frequently it is a combination of software and “dependencies”.

Examples?

To use a large open source project as an example, WordPress users (like me – my blog is on wordpress) sometimes need to pay to upgrade a premium theme when WordPress does a major release.

WordPress has a theme compatibility checker.
https://codex.wordpress.org/Themes/Theme_Compatibility/

As WordPress makes changes and improvements, sometimes these impact WordPress Themes and their underlying code and use of Template Tags. When a new version is announced, WordPress users are recommended to check the various WordPress Theme Compatibility lists to ensure their WordPress Theme is updated and ready for the new version.

Drupal, another major open source project, lists information on how to upgrade themes to work with each version here:
https://www.drupal.org/docs/8/theming-drupal-8/theming-differences-between-drupal-6-7-8

Tendenci, a much smaller but growing open source project, is doing the same thing for the same reasons. You want a unique brand (your theme) and new functionality (the software) and you’d like it to be as low cost as possible. Hence software updates are “usually” free, it’s just when a “game changer” happens that you need to update your theme.

If you are really curious what is in a theme, there is a great infographic on WordPress themes here.

For more on EOL support on Tendenci 5 you can read this really long blog post. And of course your site will still work if you don’t upgrade, it’s just the Django community has moved on so it’s best to move with them!

Release Process
Django Framework Release Process

Please see this comprehensive blog post for more detail on the Tendenci 5x to 7x upgrade process.

 

NonProfits and Associations Love Tendenci

Tendenci Association Websites

Written specifically for the NPO/Association market, Tendenci has continued to grow and adapt to meet the specific needs of these groups. From building on an open source framework that allows complete freedom  – to mobile responsive software design – to online forums and newsletter features that keep the community involved, Tendenci continues to invest in the NPO sector. And the NPO’s have responded!

We are pleased to continue our relationship with the following organizations that have recently released upgraded websites and extend a warm welcome to those that are new to the Tendenci community.

  1. University and College Designers Association Selects Tendenci for New Membership Website

    UCDA Tendenci Website

  2. Groundwater Resources Association of California Launches Tendenci Membership Management Website

    GRAC Tendenci Website

  3. The Children’s Assessment Center of Houston Releases New Mobile Tendenci Website

    CAC Houston Tendenci Website

  4. American Association of Singapore Launches Upgraded Mobile Tendenci Website For Their Membership

    AA Singapore Tendenci Website

  5. American Citizens Abroad, Inc. Launches Tendenci Membership Management Website

    American Citizens Abroad Tendenci Website

  6. Rice University Energy and Environment Initiative (EEi) Presents Transformative Solutions with New Website

    Rice University EEI Tendenci Website

  7. International Association of Directional Drilling Chooses Tendenci for Fast Launch of Member Website

    IADD Tendenci Website

Why Tendenci Chose Python over PHP

Note: this is a repost from the eschipul.com blog.

This blog is a WordPress blog written in PHP. And WordPress, which is written in PHP is a great platform when secured properly.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

Python Growing in Academia
Why Python instead of PHP for Tendenci

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure

programming vulnerabilities
Vulnerabilities in each language

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

security-report

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

Addendum: As I post this on the Tendenci Blog. Given we focus on non-profits, associations, memberships, education, medical, religious – basically the do-good cause-based organizations, I believe it is particularly important that the project is as transparent as possible. Sometimes it is healthy to inform everyone of WHY we made a decision seven years ago. Python was the right call.

Security Diligence Required to Prevent ePub or Mobi Javascript Hacks

Why Tendenci doesn’t support epub uploadS through the standard ui.

We love knowledge and knowledge sharing. And all of us read a lot – more and more on mobile readers. And yet the Tendenci software doesn’t support uploading epub files. First understand you have TONS of options to achieve your business goal and keep your site secure.

Free ebooks? We recommend you upload the epub to a resource like an Amazon S3 bucket or Dropbox and link to it from your site. That immediately solves the problem – you have a link to the resource on your site, just not “in” your site for safety and security.

Selling ebooks? Look at Amazon or Shopify or google it for tons of options. Even if the books are free, “selling them” on shopify will give you analytics and insight into consumers who are interested in your topic because they are being delivered to people next to other books!

As for the upload restrictions in Tendenci, here is why we are cautious:

While knowledge is great, security is more important. YES – TECHNICALLY YOU CAN PUT EPUB FILES ON YOUR TENDENCI SITE. But to do so your network administrator will need to do it for you for security reasons. The reason is that epub and mobi files can contain viruses or malware just like many other file formats (*cough* “Adobe flash” *cough*).

A book can have a code example. Depending on how your browser or e-reader “reads” that code example it may or may not execute the code. And that may or may not be malware. Typically the code itself would not be infected and would pass a virus scanner. Rather it would call another site and download a virus from that alternate location.

For more on the wonderful functionality that makes epubs more accessible, but also a security threat if not carefully vetted, visit http://epubzone.org/news/epub-3-and-interactivity

Two screen shots from the epubzone.org site are pasted below.

epub javascript

And examples:

pop ups from js in epubs

To be sure I love learning sites that have code that I can use to learn with in my web browser. MOOCs are awesome. But Tendenci is not a MOOC. So our current system is not set up to allow uploads of epubs or mobi given the millions of people who log into hundreds of open source tendenci sites hosted or in the wild. We are just cautious.

And again – there are alternatives.

  1. Upload it to a different location and link to it <– RECOMMENDED!
  2. Sell it with a company like Amazon who takes care of all of it for you <– RECOMMENDED!
  3. Have your Network Administrator upload it if you must. But if this is the case, why not just make it a PDF? <– NOT RECOMMENDED

PS – One part of being a hacker is you are frequently accused of being an “Eeyore.” This is tiring. And incorrect. Caution online is really – well – the teamwork of Q and Bond. Aware of current reality. Curious. The ability to think perhaps a bit deviously. To know what is possible – both good and bad – to protect you.

to use “www” or not to use a hostname and just go to the apex domain?

Stop using URLs without the www or some other prefix. They are not your canonical domain (so sayeth Google) and in fault tolerant networks they aren’t scalable (so sayeth Amazon and every other cloud provider.)

In the old days we had physical servers with specific IP addresses and the server routed a visitor to the correct site. Ah, the good old days. Now everything is flipped. In the cloud we use multiple smaller virtual servers and your web site can literally exist in different places at the same time. That means your IP address can be different at any moment.

So without getting too much into the cloud magic, one thing it does require to help future proof your site is for people to use a “real” URL for their website.

WAIT! Chill out, it’s not the end of the world. It’s not like https://www.tendenci.com doesn’t redirect to https://www.tendenci.com – no need to change your business cards or letterhead. But your “canonical name” includes a hostname (the “www” or “intranet” or “webmail” parts of the name.)

What you do NOT want to do is insist on blah.blah because it will, I promise you, come back to hurt you in the near future. It’s the Internet – things change. So we change with them.

From: https://blogs.akamai.com/2016/01/make-your-infrastructure-vanish.html

Root domain redirects

Let’s assume a user is navigating to your website www.acme.com. However instead of typing www.acme.com, they only type acme.com. Time to get a little technical. Hostnames are connected to a DNS based CDN like Akamai via a CNAME, which is a type of DNS entry that aliases the IP address resolution of one hostname to another hostname. For example www.acme.com could CNAME to webserver.acme.com and when resolving www.acme.com, DNS would follow the resolution chain of webserver.acme.com. For a fully qualified hostname like www.acme.com, you create a CNAME that will resolve to a hostname your CDN controls, which intern directs users to a CDN server that will serve your user. However it’s not possible to create a CNAME for a root domain like acme.com. It must have an A record, which resolves to an IP address. To get around this, many websites resolve their root domain to the IP address of their origin, and then have their origin server perform a HTTP redirect to their www hostname. This is another place your Origin can be revealed.

Can we hack a work around? Yes, in fact many clients still have “A” records that point to an IP address. Just know this is a case of “you’re doing it wrong.” Your registrar should do the redirect to a FQDN like www.tendenci.com and then have a CNAME record for it. It’s the future. And I’m just the messenger.

Google’s article on using canonical URLs also explains it quite well https://support.google.com/webmasters/answer/139066?hl=en

google-canonical-urls

Which goes on to explain:

While these systems make it more convenient to develop and distribute content, they cause some challenges when people use search engines to reach your page. For instance:

  • Consolidating link signals for the duplicate or similar content. It helps search engines to be able to consolidate the information they have for the individual URLs (such as links to them) on a single, preferred URL. This means that links from other sites tohttp://example.com/dresses/cocktail?gclid=ABCD get consolidated with links tohttps://www.example.com/dresses/green/greendress.html.
  • Tracking metrics for a single product/topic. With a variety of URLs, it’s more challenging to get consolidated metrics for a specific piece of content.
  • Determining the URL you want people to see. You prefer people reach your green dresses product page via https://www.example.com/dresses/green/greendress.html rather than https://example.com/dresses/cocktail?gclid=ABCD.
  • Addressing syndicated content. If you syndicate your content for publication on other domains, you want to consolidate page ranking to your preferred URL.

To address these issues, we recommend you define a canonical URL for content (or equivalent content) available through multiple URLs.

The good news? By fixing your DNS to NOT use the apex domain your web site is ready for the future and more fault tolerant today. It’s a good thing.

Tendenci Continues to Win and Retain Business Clients

Businesses That Use Tendenci

Tendenci’s growth makes it a great value for businesses focused on security and ease of use in a very robust open source project.

It is true that Tendenci is a very large open source project focused on the NPO sector, but value is value and businesses love Tendenci as well. How big is Tendenci? Login to the demo site to see for yourself at https://demo.tendenci.com (please remember the demo site resets every hour for spam prevention).

So it’s great to see all of these clients utilizing Tendenci and continuing to benefit from Open Source!

  1. Trendsetter Engineering Showcases Breadth of Services on their Tendenci 7.2 Responsive Site

    trendsetters-pic

  2. Subsea Technologies Inc. Offers Product Sales and Rentals for Underwater Operations using Tendenci Open Source Software

    Open Source for Business
    Subsea Technologies Launches Tendenci 7.2 site
  3. Ann Iverson Upgrades Online Presence with Mobile Tendenci Website

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  4. Brooks Acevedo Attorneys at Law Launch New Site to Educate Home Healthcare Provider

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  5. John Surtevant Launches Mobile Tendenci Site to Expand Market Reach

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software
  6. Harris Leasing Upgrades to Tendenci 7 to go Mobile Responsive Nationally

    Recent Responsive Sites running Tendenci Open Source Software
    Recent Responsive Sites running Tendenci Open Source Software

Tendenci is flexible enough to let you turn off modules you don’t need, and SEO friendly enough to make it a great alternative to proprietary CMS systems.

  1. No Proprietary Technology Lock In
  2. No Long Term Contracts
  3. No “Named User” pricing to prevents “Knowledge Silos”
  4. Greater Functionality
  5. Open Source and an Open Community

These are all things that forward thinking companies, not just non-profits, are starting to realize. And the wave of technology continues to compound behind large open source projects like ours (the entire Tendenci community’s). So sayeth the data.

which_web_programming_language_is_the_most_secure_

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure