Tendenci Transparency Report – Why isn’t Wild Apricot Posting One?

red bird

Yup, AMS transparency reporting is critically important. And perhaps also equally a bit boring. After all, you are looking for what is MISSING.

In Tendenci – the Open Source AMS’ latest transparency report, yup, nothing has changed. Yea!

And given Tendenci AMS is fully open source and still building for the future , well, it’s pretty clear what our position is. We believe in open source and transparency.

What other MAJOR AMS can you self deploy on the servers of your choice? In the data center of your choice? In the country of your choice? With the encryption and firewall restrictions of YOUR CHOICE. That’s the beauty of open source.

And the price starts at zero. It. Is. Fully. Open. Source.

What is Wild Apricot’s transparency report? After all, they are recently touted as the new kid on the block. Welcome! Yet what is their position on transparency?

Disclaimer in defense of Wild Apricot – in all fairness, AMS systems take a solid 10 years to write. They really are doing a great job catching up, I’m only addressing transparency in this post.  Plus at Tendenci, we love a good strong new competitor adding value for NPOs/NGOs and Associations. We love that they are leveling up. All we’re saying is, let’s see their transparency reports? Why not be open source?

And yes, that is a challenge. Step up people!

Regarding Open Source – hey, why not support local: Tendenci pricing starts at ZERO ($0.00). Many people host in the Tendenci Cloud at AWS because we’re a good fit. Yet, our hosting pricing might not work for you in your country, right?

If so, then why not support a local developer in your community? Help build your home country’s tech sector by supporting your local developers!

Back to the business stuff – we have updated our latest transparency report. No changes. (check mark in the “no changes=good” column folks!)
https://www.tendenci.com/transparencyreporting/

Even though the competition is (mostly) NOT truly free and open source, that doesn’t mean they can’t be responsible and tell you if they have turned over your data. It does mean that any proprietary vendor offering free services is selling your data.

Is your AMS handing over, or monitoring, all of your data? Perhaps to the highest bidder or to the country of origin? You have a right to know.

Seriously, if any sector in the world needs responsible disclosure, it’s the association and non-profit/NGO sector.

Truly AMS (association management systems) / association management software in our opinion. Thus, the small team, and the large community at Tendenci, challenge our competitors to be transparent!

Yes, we understand that warrant canaries aren’t completely cut and dried. But at least a good faith effort? Why are other AMS systems not posting transparency reports?

If the FBI stated that NGOs/NPOs/Associations were the first target of the Russian propaganda campaign to influence the US elections, then I personally take issue with this.

NOTE: Propaganda and motives of foreign countries does NOT mean collusion. Collusion, and hopefully there wasn’t any, is not a topic we are addressing at all. (That’s for the politicians and the courts to figure out. We’re just programmers trying to do good.)

Thus the CHALLENGE to other AMS SaaS providers: Post your Transparency Reports!

Really, we call on all of the alternatives to Tendenci to adopt a transparency reporting policy.

Why not? Even proprietary companies can be transparent, right?

Why hide anything from your clients, open source or not? We don’t get it. End users don’t have to, and shouldn’t, tolerate hidden data disclosure.

Transparency reporting is just one more reason we’re passionate about helping associations and non-profits with their causes! We try to take the high road. Yet now, it’s not just about data collection, data mining, cross site tracking, Russian to popular AMS systems, it’s about just having integrity to tell people what is going on.

Associations, and therefore association management software, is important in every country. That’s why Tendenci is Open Source and currently supports 75 languages!

Yes, stay with your trusted local developer. Just please fast check them and demand access to your code, access to all of your data, demand access to your rights. And yes, demand transparency.

That’s how we roll at Tendenci – brutally open and honest, full access, association management. You know, kind of like WordPress is for blogs and CMS. Open!

At Tendenci, we recognize the value of the work you do. And we believe you deserve OPEN. In fact, we think open is baseline.

We hope you do too. Because Associations matter. You matter. #rockon #demandTransparency #ams #associationmanagement #asae #associationchat

ctop – measure container cpu utilization like htop

Developers and programmers are frequently (ok, almost always) asked to accomplish the impossible yesterday. So this post is for the Tendenci developers and anyone else who uses docker containers, cgroups, jailed name spaces or similar.

Situation: You have a server that is spiking when it previously did not.

Let’s just assume you already have something like OSSEC and the ElasticSearch Stack  (ELK Stack) installed and are using a WAF/IDS/IPS endpoint. You are on top of your game. You see the errors from writing to the file system in dockers using the overlayfs file system (please no aufs, just don’t.) How to diagnose it:

“htop” is very good at showing you the issue. It (htop) is also frequently replaced by malware so double check yourself with “ctop” which most variants of common malware omit. Regardless, in this case, we can clearly see we have a stuck process. Enter “ctop” (open source like Tendenci at https://ctop.sh/ and on github at https://github.com/bcicen/ctop .

Running ctop you can quickly identify the container that is using the resources and then enter that container for further trouble shooting. “ctop” look like this:

The solution to a container over utilizing its resources is up to you and your developers. ctop is however a great way to zero in on at least which container is the problem.

In our case, a quick stop/start of the container removed the load and allowed us to do more debugging to figure out the cause. Tendenci is a mature and large codebase for association management (AMS Software) so it’s an iterative process to zero in on issues. And it can be done with the right tools.

Happy Container Utilization

This is what one of the Tendenci Cloud docker servers looked like after  debugging and killing the process causing the problem. “Yes” of course there is no replacement for “grep”. But with containers the debugging is a new art even for experienced programmers.

Hopefully this is helpful for all of the open source self-hosted Tendenci – the Open Source AMS self install developers using an AMS with 75+ languages out there.

And if you are a Python/Django developer – fork Tendenci open ams on github!

#peace

What a DDoS attack to an Association Looks Like

The following graphs show what a Distributed Denial of Service (DDoS) attack on an association looks like. The names, rates and volume of the association have been blurred for security reasons. We are thankful to AWS for their own defenses in front of ours, which  help us mitigate these issues.

responding to ddos attacks as best we can
active response to mitigate attacks

Note: The  graphic above, is filtered for a 24 hour span for one client. The infrastructure is in place, and highly redundant, so we can monitor and keep our clients safe. For clients in the US or hosted in other countries (we have multiple Tendenci clouds as needed.)

Note 2: Make no mistake – If a bad-actor has the budget – they can and will purchase enough bots to take a site down. This is well documented. Even our resources at AWS are limited in what they can handle. Budget (yes BUDGET) accordingly. 

Why Tendenci Chose Python over PHP

Note: this is a repost from the eschipul.com blog and also lives as a help file on Tendenci.

This blog is a WordPress blog written in PHP. And WordPress, which is written in PHP is a great platform when secured properly.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

Python Growing in Academia
Why Python instead of PHP for Tendenci

Source: https://www.upguard.com/blog/which-web-programming-language-is-the-most-secure

programming vulnerabilities
Vulnerabilities in each language

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

security-report

Source: http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

Addendum: As I post this on the Tendenci Blog. Given we focus on non-profits, associations, memberships, education, medical, religious – basically the do-good cause-based organizations, I believe it is particularly important that the project is as transparent as possible. Sometimes it is healthy to inform everyone of WHY we made a decision seven years ago. Python was the right call.

Communications Needs a Town Square

Communication needs a town square. Step 1 was to implement a forum independent from our site. Encrypted (of course) and endorsed, and with it’s own unique karma.

 

Talk to us. Tell us what we can do better. Group listen – a challenge to all of us is to listen as a group. To truly listen.

community-tendenci-comAnd the software needs direction. Our job is to listen to and foster the community of Tendenci users across the globe while respecting that ultimately we, they, you, them, us, are all independent individuals and organizations, cultures and people, nonprofits and companies, we speak different languages, the only thing in common with the global tendenci community is our diversity. Just as the only constant is change.

We wouldn’t be cause related software developers or working at cause related companies that aspire to the #openeverything OSCON type of ethos to begin with.

First – it is to serve.

To achieve our communication goals we are using some amazing open source software based on django and postgres just like tendenci of course – The Misago Open Source Discussion Forums is used to power the new https://community.tendenci.com site to provide a “place” for that dialog to take happen. Developers are welcome to continue posting issues on github of course, clients who prefer to have us (or you!) manage their tendenci hosting will submit billable tendenci support requests, but there is something different about a forum that is toned down and not quite as public. I can’t quite explain why.

Join us?

What NPO Software Success Really Looks Like

success

This image came up as a topic of conversation in a meeting we had this morning and I wanted to share it. It is a pretty accurate description of the open source rewrite of Tendenci from the ground up over the last four years. And I’m pretty excited about the software moving away from the squiggly part on the right in this image from Henry Bloget’s blog post.

success
What People Think Success Looks Like Vs. What It Really Looks Like

Oh don’t worry, we’ll attack new challenges and make new squiggles which will make people think we are off track, or losing it, or “freak them out” as we get to the end of a road and go “oooops, that didn’t work.” But now we know that didn’t work.

It also reminded me of some of Hugh’s quotes in his book Not Sucking that I have always liked. For example:

THERE IS NO SECRET SAUCE

WORK HARD. LIVE QUIETLY. BE FRUGAL. SIMPLIFY. NEVER COMPLAIN. CONSTANTLY ELEVATE YOUR CRAFT.

Sure, a bit of talent and good for­tune comes in handy. It’s nice that you could draw bet­ter than any other kid in your small town, or that your parents had the money to afford ten­nis les­sons after class.

But that just gets you to the star­ting line. The actual race is what hap­pens after that, day in, day out, for many years to come.

And the ones who win, the ones who really ele­vate their craft, are gene­rally the ones who work the har­dest. Life is unfair.

People underestimate the power of hard work. I like that he simplifies it all into Creativity, Mastery and Meaning. He doesn’t lie to you about a four hour work week, or tell you you have to wear Gucci to be happy, he doesn’t even list being happy as a goal. Meaning, Mastery and Creativity are how you don’t suck. Being happy is what happens when you don’t suck. But not always, because it’s hard work.

The best way to not suck is to MASTER something use­ful. Obvious, yes?

Then he drops the story of Jiro on me. (my commentary is below this long excerpt from Hugh’s post).

The thing is, I know TONS of super suc­cess­ful peo­ple, but none of them fit this extreme, celeb-lottery-winner-Reality-TV model. Some of them are actually pretty boring, to be honest. But they lead happy, friendly lives and do VERY well career-wise.

THAT is what most suc­cess looks like, if you think about it. The stuff on TV or in the movies just isn’t REAL enough for us to learn that much use­ful stuff.

So I was thin­king about this again, recently, HARD.

What model would work for folk like you and me? A model that didn’t mean you had to sell your soul to Wall Street, Holly­wood, Washing­ton or the tabloids? A suc­cess model that doesn’t rely solely on the unli­ke­lihood of outra­geously good for­tune or acts of evil?

Then quite by chance, I saw a great docu­men­tary recently: “Jiro Dreams of Sushi”, a film about the world’s grea­test sushi mas­ter, and a light ­bulb EXPLODED in my head.

Our man, 85-year-old Jiro Ono is the world’s grea­test sushi chef– the only sushi mas­ter to ever have been awar­ded three Miche­lin stars. He’s also the oldest per­son to have ever been a reci­pient of that award.

The thing is, he doesn’t have a lot of money or own a fleet of trendy res­tau­rants in all the world’s capi­tals, a-la Wolf­gang Puck. No syn­di­ca­ted TV shows, celebrity-chef book deals or TV talk-show cir­cuits, either.

He just has just a small, plain, dull, ordi­nary-looking, low-key sushi bar with ten seats in the base­ment of a Tokyo office buil­ding, near the sub­way, the kind of non­desc­ript place you’d pro­bably just walk by without stop­ping, if you saw it. Ten seats! Yet he REALLY IS the best in the world at what he does.

Jiro works seven days a week, over 350 days a year (he hates taking vaca­tion), ser­ves sushi and sashimi to peo­ple in very small num­bers, and THAT’S IT. Just sushi. No salad, no appe­ti­zers, no deserts.

Like I said, JUST SUSHI. And by stic­king to this mini­ma­list, bare-bones for­mula, he’s become the best in the world.

A tiny little sushi bar in some ran­dom sub­way sta­tion. Yet peo­ple wait in line, peo­ple book a stool at his sushi bar as much as a year in advance, at pri­ces star­ting around $600 a head. Peo­ple have been known to fly all the way from Ame­rica or Europe, just to expe­rience a 30-minute meal. In an office basement!

I read that and felt humbled. And befuddled. And yes perhaps a bit justified.

I’m also really happy to know others are like me. I don’t particularly consider myself successful but I expect it will all work out. I have many blessings and I work with great people. I have a wonderful family. I’ve also had my share of loss and plenty of criticism, which I have learned comes with the role of CEO even for a small company (note: there are no books on how to be a CEO. You just do your damndest to learn fast!)

Hugh MacLeod

Back to Jiro. I get him. For me, I have been obsessing about one single software product called Tendenci built specifically for associations and non-profits for 13 years now. I’ve had a lot of help. I’ve never wavered nor lost the passion to keep improving it. I’m truly obsessed with making software in a way that makes our CLIENTS successful.

I started it in 2001, (the tech bubble had burst) on the premise, after reading hundreds of marketing books that clients who made money off of your software wouldn’t leave you. That they might forgive a missed deadline, but they would not forgive a security breach. That they wanted the freedom to leave at any time. So all of our clients were sold month to month, export your data and leave whenever you want. (this was before open source was an option and before PHP was around.)

What started on the Microsoft platform is now rewritten by a a great team of programmers who work here, and outsourcers, and hopefully more and more by people in the community. It is now Django/Python/Postgres and Ubuntu. We are working hard, and I am obsessing on adding donor management that integrates with Salesforce Foundation’s free licenses for non-profits. I’m completely obsessed with giving NPOs an alternative – that they can succeed on both bottom lines, financial and causes, and put more of their money and time towards the cause instead of spending 10k/user for Raiser’s Edge.

Can a 13 year old product built on Django give NPOs a real alternative to Raiser’s Edge and Blackbaud? And can it be an OPEN SOURCE product that you can integrate, extend, and experience with no vendor lock in at all? The odds are against me. And there are only 10 stools. And my obsession with achieving this success grows stronger every day, and it is not because I know anyone at Blackbaud.

I’m obsessed with collaboratively building Tendenci not because of what the software itself can do. I’m obsessed and seeking mastery because of what global-non-profits can do with the first open source Python software built specifically for them.  That is my passion.

 

 

 

 

30 Days of Thanks: MMM bop

I am very thankful for my family for introducing me to good music at such an early age.   Although I can’t play any instruments, I have always loved all types of music.

When I was a kid my Dad used to play a Bob Dylan cassette (John Wesley Harding) in his truck when he would pick my sister and I up from daycare.

I’m sure to say that my love for Dylan came from my Dad, along with love for many other great bands such as the Clash, the New York Dolls and the Rolling Stones.

I am also pretty sure I can attribute most my redneckness now in life (besides going to Texas State) to him playing Texas Country. For example, as a kid I remember listening to Robert Earl Keen when we’d go to the beach. If not not the redneck part, he is certainly responsible for my smart-assness.

There has always been some what of a heated discussion between my parents when talking about music. Dad would always say, “I’ve been listening to so and so since…” but Mom would have to correct him to let him know that she in fact turned him on to the artist, such as Emmylou Harris, Jimmy Dale Gilmore, Willie and Waylon and Guy Clark.

They both introduced me to bands such as Doug Sahm and the Texas Tornadoes, Steve Earle and Joe Ely.

I’d also credit my sister Briana Purser for introducing me to great bands such as the Black Angel’s, Thee Oh Sees and the Night Beats as well as the classics like Neil Young and Donovan.

Without my family, who knows what I’d be listening too. But thanks to them I have discovered such bands as Reckless Kelly, Hayes Carll, Ryan Bingham, Ghostland Observatory, Battles, Four Tet.. I could go on forever. But for that, I am very thankful for having my family in my life and the music they have shared with me. Love you guys, Happy Thanksgiving!