Security Diligence Required to Prevent ePub or Mobi Javascript Hacks

Why Tendenci doesn’t support epub uploadS through the standard ui.

We love knowledge and knowledge sharing. And all of us read a lot – more and more on mobile readers. And yet the Tendenci software doesn’t support uploading epub files. First understand you have TONS of options to achieve your business goal and keep your site secure.

Free ebooks? We recommend you upload the epub to a resource like an Amazon S3 bucket or Dropbox and link to it from your site. That immediately solves the problem – you have a link to the resource on your site, just not “in” your site for safety and security.

Selling ebooks? Look at Amazon or Shopify or google it for tons of options. Even if the books are free, “selling them” on shopify will give you analytics and insight into consumers who are interested in your topic because they are being delivered to people next to other books!

As for the upload restrictions in Tendenci, here is why we are cautious:

While knowledge is great, security is more important. YES – TECHNICALLY YOU CAN PUT EPUB FILES ON YOUR TENDENCI SITE. But to do so your network administrator will need to do it for you for security reasons. The reason is that epub and mobi files can contain viruses or malware just like many other file formats (*cough* “Adobe flash” *cough*).

A book can have a code example. Depending on how your browser or e-reader “reads” that code example it may or may not execute the code. And that may or may not be malware. Typically the code itself would not be infected and would pass a virus scanner. Rather it would call another site and download a virus from that alternate location.

For more on the wonderful functionality that makes epubs more accessible, but also a security threat if not carefully vetted, visit http://epubzone.org/news/epub-3-and-interactivity

Two screen shots from the epubzone.org site are pasted below.

epub javascript

And examples:

pop ups from js in epubs

To be sure I love learning sites that have code that I can use to learn with in my web browser. MOOCs are awesome. But Tendenci is not a MOOC. So our current system is not set up to allow uploads of epubs or mobi given the millions of people who log into hundreds of open source tendenci sites hosted or in the wild. We are just cautious.

And again – there are alternatives.

  1. Upload it to a different location and link to it <– RECOMMENDED!
  2. Sell it with a company like Amazon who takes care of all of it for you <– RECOMMENDED!
  3. Have your Network Administrator upload it if you must. But if this is the case, why not just make it a PDF? <– NOT RECOMMENDED

PS – One part of being a hacker is you are frequently accused of being an “Eeyore.” This is tiring. And incorrect. Caution online is really – well – the teamwork of Q and Bond. Aware of current reality. Curious. The ability to think perhaps a bit deviously. To know what is possible – both good and bad – to protect you.

10 Million NGOs Worldwide (who just might want open source multilingual software)

Let’s start 2016 off with some great news. NGOs are growing internationally and their role in our society is becoming more important.  From the post:
https://www.ongood.ngo/portal/facts-and-stats-about-ngos-worldwide

NGO Facts - 10 Million#NGOfacts is an ongoing campaign that highlights statistical data about NGOs, nonprofits and charities worldwide. Committed to building a comprehensive list of facts and stats about the NGO sector, please check back regularly for updates.

1. There are an estimated 10 million (non-governmental organizations) NGOs worldwide.
Source: The Global Journal

2. The number of people worldwide donating money to NGOs increased from 1.2 billion in 2011 to 1.4 billion in 2014. By 2030, the number is expected to grow to 2.5 billion.
Source: Charities Aid Foundation

(those are the first two points of 14 – go read the full post here!)

And yes, we are pretty happy to see greater adoption of Tendenci – an open source software solution for NGOs that is already multilingual. Join us!

Tendenci Transformation – The Right Choices for the Future

We’ve had a lot of crucial conversations lately about decisions that we made between 2006 and 2010. Yup, really. We are explaining now about how we are possibly too far ahead of the curve and why if you give it a bit of time, it will make you look like a rock-star.

MobileGeddon being a great example of how our early adopters are benefiting the absolute most!

 

Top39-Programming-Trends-700.4
Python for the Win!

Source: Python is Now the Most Popular Introductory Teaching Language at Top U.S. Universities

We started using Python, the programming language named after Monty Python, in 2004 if not earlier. We first tested Pinax in 2008 if not earlier under J who was running our programming team.

We used Python extensively in our old environment to move files and push out content to our sites. Tasks that are now done by Puppet and Chef and Docker-Compose. We rolled our own using Python on Windows.

So for the curious, that explains why we have this huge depth of knowledge on Python programming dating back to when nobody heard of it. We’ve had to train numerous graduates of Tech, UofH, Aggies, Rice, Penn State, etc, what Python even was!

But that is all ancient history. Why? Because Python is now number 1!

Top39-Programming-Trends-700.4

It’s hard to predict the future. We started out writing our own compete web framework in ASP. We were too early in 2001. PHP soon arrived and, being basically identical but open source, the outcome was PHP won. It should have, and did, win. We were too early. But with timing there is also a bit of luck.

I’ll do another post about GIS and mapping and why our move to strictly Postgres with GIS enabled is working out so well. Another post. And I’ll edit this one with links soon. Just needed to get the content out.

Screen Shot 2015-05-12 at 3.28.36 PM

Bootstrap3. – Because we know that we take gambles on technology and they have an impact. On you. And that is serious business. We take it seriously as evidenced by our decision to shut down Windows in line with Microsoft’s EOL policies. These are hard choices. Crucial Conversations. We’re the messenger.

And we CARE about YOU. Our clients. The future is bright. We picked our technology future amazingly well. Too well, so now perhaps our problems is more one of resources. And we’ll work through that.

Thank you. If I can leave you with one thought – it is this. THANK YOU! For those who stuck with us, WOW, um… our position for search and the future is crazy good. Open Source means freedom. Results mean donations and sales. Software means sustainable business models.

We appreciate you. Yes closure for some was hard. We wish you the best. We appreciated your time with us while it lasted longer than a Honda. As some depart and some charge forward, I’m especially excited about those who chose to charge forward.

We, you and us, we didn’t “guess” right. We did our homework and validation came ironically on April 21, the same day mobilegeddon hit and our Tendenci 6 clients jumped up in the search rankings. Luck? Hard work? I don’t know.

What do I know? I know how to serve. I serve y’all.

#peace

Ed

 

HOW TO USE DJANGO-SQL-EXPLORER IN TENDENCI MMS

tendenci6megamenu.png

Tendenci 6 ships with the excellent django-sql-explorer from ePantry. This means you can export anything at any time and build any report you want whenever you want. Absolute 100% anytime freedom of access to your data. #JOY #FREEDOM #ROCKS

First a warning. If you choose to use a direct query tool know they are dangerous. You are doing so at your own risk and could possibly corrupt your database beyond repair up to and including requiring a dba to come in and repair it at a cost of thousands of quid. So…. BE CAREFUL.

SQL explorer is a way to directly query your site through the user interface. It is for superusers only and we recommend disabling it by default (see disclaimer above.) But if you are still reading here is the lightning version.

  1. Login to your Tendenci6 site at /accounts/login/
  2. Navigate to /explorer/
  3. Click on playground and test out some queries. For example here are two
    1. “select tablename from pg_tables” – without the quotes to list all 300 tables in your database
    2. “select * from articles_article” – list all articles including expired and inactive etc.
  4. If you like the queries click “new query” and name and describe them and click save.
  5. Click on the SQL explorer icon top left and your back at the dashboard with icons to download the results of your queries.

Visually when you add the URL /explorer/ to the end of your site path you will see something very similar to this.

django-sql-query-dashboard.png

First note the icon on the right to Download CSV so you can download all of whatever that query is for.  If you don’t see any, no worries – that’s what this post is about!

So let’s write a basic sql statement.

django-sql-playground.png

And then when you click “New  Query” you will find this interface and you can carefully name and describe your query so you know what it does later.

creating-new-tendenci-query-for-csv-download.png

 

1) ALL Interactive users:

SELECT  u.first_name, u.last_name, u.email, u.username, u.is_staff,  u.is_superuser, p.salutation, p.company, p.position_title, p.phone,  p.address, p.address2, p.member_number, p.city, p.state, p.zipcode,  p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone,  p.home_phone, p.mobile_phone, p.notes, p.admin_notes FROM auth_user u  INNER JOIN profiles_profile p ON u.id=p.user_id WHERE u.is_active=True  AND p.status=True AND p.status_detail='active'

Copy Paste Version:

SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone, p.notes, p.admin_notes FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id WHERE u.is_active=True AND p.status=True AND p.status_detail=’active’

2) ALL memberships:

SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser,
    p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, 
    p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, 
    p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone,
    m.membership_type_id, m.renewal, m.certifications, m.work_experience,
    m.referer_url, m.referral_source, m.join_dt, m.expire_dt, m.renew_dt,
    m.primary_practice, m.how_long_in_practice, m.application_approved,
    m.application_approved_dt, m.areas_of_expertise, m.home_state,
    m.year_left_native_country, m.network_sectors, m.networking,
    m.government_worker, m.government_agency, m.license_number,
    m.license_state, m.status_detail
FROM auth_user u
INNER JOIN profiles_profile p
ON u.id=p.user_id
INNER JOIN memberships_membershipdefault m
ON m.user_id=u.id
WHERE u.is_active=True
AND p.status=True
AND m.status_detail <> 'archive'

Copy Paste Version:

SELECT u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone, m.membership_type_id, m.renewal, m.certifications, m.work_experience, m.referer_url, m.referral_source, m.join_dt, m.expire_dt, m.renew_dt, m.primary_practice, m.how_long_in_practice, m.application_approved, m.application_approved_dt, m.areas_of_expertise, m.home_state, m.year_left_native_country, m.network_sectors, m.networking, m.government_worker, m.government_agency, m.license_number, m.license_state, m.status_detail FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN memberships_membershipdefault m ON m.user_id=u.id WHERE u.is_active=True AND p.status=True AND m.status_detail <> ‘archive’

3) ALL corporate members:

SELECT cp.name, cp.address, cp.address2, cp.city, cp.state, cp.zip, cp.country,
    cp.phone, cp.email, cp.url, cp.number_employees, cp.chapter, cp.tax_exempt,
    cp.annual_revenue, cp.annual_ad_expenditure, cp.description, cp.expectations,
    cp.notes, cp.referral_source, cp.ud1, cp.ud2, cp.ud3, cp.ud4, cp.ud5, cp.ud6, 
    cp.ud7, cp.ud8, cm.corporate_membership_type_id, cm.renewal, cm.renew_dt,
    cm.join_dt, cm.expiration_dt, cm.approved, cm.admin_notes, cm.status_detail
FROM corporate_memberships_corpprofile cp
INNER JOIN corporate_memberships_corpmembership cm
ON cp.id=cm.corp_profile_id
WHERE cm.status_detail <> 'archive'

Copy Paste Version:

SELECT cp.name, cp.address, cp.address2, cp.city, cp.state, cp.zip, cp.country, cp.phone, cp.email, cp.url, cp.number_employees, cp.chapter, cp.tax_exempt, cp.annual_revenue, cp.annual_ad_expenditure, cp.description, cp.expectations, cp.notes, cp.referral_source, cp.ud1, cp.ud2, cp.ud3, cp.ud4, cp.ud5, cp.ud6, cp.ud7, cp.ud8, cm.corporate_membership_type_id, cm.renewal, cm.renew_dt, cm.join_dt, cm.expiration_dt, cm.approved, cm.admin_notes, cm.status_detail FROM corporate_memberships_corpprofile cp INNER JOIN corporate_memberships_corpmembership cm ON cp.id=cm.corp_profile_id WHERE cm.status_detail <> ‘archive’

4) All users in a specific group (replace <YOUR GROUP ID> with your group id)

SELECT ug.name, u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN user_groups_groupmembership ugm on u.id=ugm.member_id INNER JOIN user_groups_group ug on ug.id=ugm.group_id WHERE ug.id=<YOUR GROUP ID> AND ugm.status=True AND ugm.status_detail='active'

Copy Paste Version:

SELECT ug.name, u.first_name, u.last_name, u.email, u.username, u.is_staff, u.is_superuser, p.salutation, p.company, p.position_title, p.phone, p.address, p.address2, p.member_number, p.city, p.state, p.zipcode, p.country, p.url, p.sex, p.address_type, p.phone2, p.fax, p.work_phone, p.home_phone, p.mobile_phone FROM auth_user u INNER JOIN profiles_profile p ON u.id=p.user_id INNER JOIN user_groups_groupmembership ugm on u.id=ugm.member_id INNER JOIN user_groups_group ug on ug.id=ugm.group_id WHERE ug.id=<YOUR GROUP ID> AND ugm.status=True AND ugm.status_detail=’active’

 

 

 

Contribute back your brilliance to the rest of us? Have you written some good queries for Tendenci using the amazing  django-sql-explorer from ePantry? Post them on the Tendenci Community Site for others to learn and share with!

Please do be careful. Remember the warnings above. Using a live sql tool on a relational database for anything besides SELECT queries is ill-advised. It really is your live data on a live site SO BE CAREFUL!

We believe this level of access to the superusers on Tendenci sites is empowering. We like knowing people can download any of their data when they need it. And perhaps contribute back some suggested new reports to the Tendenci Community as a whole!

Because Tendenci is part of the Django community and we couldn’t have brought this functionality to you without others in the community “giving first.” We may have added it to Tendenci, but that’s ONLY because of the generosity of building and making it available by others. Explorer is brought to you by the power of collaborative open source software (THANK YOU ePantry!)

Note this is a cross post from our help files. See the Help File for the latest accurate info at: https://www.tendenci.com/help-files/how-use-django-sql-explorer-tendenci/

EOL Policy for Tendenci 4 (T4) Software

EOL Policy for Tendenci 4 (T4) Software

Tendenci 6 Interface for Upgraded clients
Tendenci 6 Nav Bar

[EDIT FOR EMPHASIS] April 21, 2015 is End of Life for T4. The Windows servers on the Tendenci hosted network will be shut down and be offline permanently. [END-EDIT] 

Tendenci has always been at the forefront of technology with regard to meeting the needs of associations and nonprofits. When we released Version 5.0 of Tendenci in 2012, the software took a major leap forward by going completely open source, allowing for outside contributions from the development community on software enhancements and bringing a level of transparency and complete control into the hands of all Tendenci users. We are excited about what the future holds for Tendenci as we have Version 6.0 currently in beta and a roadmap for Version 7.0 already underway.

With the focus on the future and what we can achieve with the new technology available, we have made the business decision to formally establish an End-of-Life (EOL) policy. In particular the EOL for Version 4.0 of the Tendenci on the Microsoft software platform is now set for April 21, 2015.

Tendenci was revolutionary when released in 2001. By the time we released Tendenci 4.0 in 2004, it ran seamlessly on the technology that existed at the time. As Microsoft phases out support for its older technology, Tendenci must also adapt to the newer technology options that will provide the best environment for stability and growth.

For those clients still running on the Tendenci 4.0 software, there are two paths for moving forward.

  1. Upgrade to the latest version of Tendenci. T6 is mobile ready using Bootstrap, brings back the newsletter functionality using a client provided smtp relay like Mailgun, and can accommodate a host of pre-built bootstrap 3 templates. Tendenci is open source and runs on Linux, an open source server environment. This means complete freedom for you with regard to customization and hosting. We can migrate you to the new platform, including transfer of existing data and implementation of a mobile-ready theme for $7500.
  2. You can stay on T4 and self host. If you would like to stay on the older technology, we can provide limited assistance to your IT team or an outside vendor with the move to your internal server environment. We will provide a single instance of Tendenci 4.0 for your use (not for resale) and you will need to establish your own security, monitoring, database server, DNS, mail servers, firewall and a VPC (recommended). We estimate the cost of the move at $5000 for the web server portion and this is variable based on the exact hosting environment to be configured.

The last two months have underscored the need to migrate away from the outdated server environment and jump headfirst into the new era of open source hosting options. We all must adapt as we receive new information. I stated previously that we intended to restore the functionality fully of Windows 2003 on Windows 2012 R2 if it could be done securely. After further research, it is clear to me that while you can definitely secure a Windows environment, it can only be done securely on dedicated servers or dedicated virtual machines isolating each client. We cannot bring full functionality back to you securely in a shared hosting environment using classic ASP. On a dedicated server, you can have security parameters that are set by you, for you. There are a number of IT firms that can assist with this and we will extend a single use license in perpetuity if this is the route you choose in the short term.

Effective immediately, there will be no additional changes to the T4 software or hosting environment so that we can focus on the release of T6 and ensuring the migration for our clients is a seamless transition.

The Microsoft sites will be taken offline permanently in 90 days.

For clients wishing to migrate to Tendenci 6.0 on our hosted servers, we will begin migrations on February 16, 2015. We expect the migration to take 30 days and are requiring full payment up front. To achieve this, there will be a need for some compromises on layouts initially, but being upgraded to a responsive design is long overdue and we can continue to work on layouts once we get everything secured and you can edit your sites easily again.

For clients wishing to self host or move to another platform, we will provide a one-time export of your data within the next 90 days. We will be accepting requests for exports starting February 2, 2015. There will be no charge for this export and it will be limited to a one-time event. If this needs to be expedited, we can refer you to an outside trusted contractor although they will charge a fee.

There will be a conference call on Friday, January 23 at 11:00AM CST (details to be emailed separately) to answer any questions about the most recent server issues and to discuss the best course of action for your organization.

We appreciate the support of all of our clients as we have fought to protect and restore your sites during this time. We can all agree that despite our best efforts, the only course of action at this point is to adapt to the changing environment and look forward to what the newer technologies have to offer. Tendenci is a great product and successfully serves websites throughout the world. We look forward to a continued relationship with our clients in the open source world of dynamic software.

[UPDATE: Another option – Generate a Static Sites. You can simply pull the site down in static format using a one line Unix command or a $5 program on the Mac. Then edit it in a product like Dreamweaver. FTP the content to any number of hosting providers. So you CAN download and transfer your site right now to fulfill any obligations. As posted previously there is also simply linking from Dropbox or AWS if that is more convenient. Neither are as convenient as Tendenci, but will keep the sites secure.]

[Update: For developers you can use this script to download. Please be nice to the servers. And scan your files! Several clients had malware on their PC and then uploaded it to the server. All responsibility is on YOU to be sure any files pulled down. This is one of the reasons we are moving away from this older technology. Virus scanners won’t catch it all. IT IS A MANUAL PROCESS TO CLEAN IF FOUND. You must review it carefully by hand. Code snippet below

wget --limit-rate=400k --no-clobber --convert-links --restrict-file-names=windows --random-wait -r -p -E -e robots=off -U mozilla URLHERE

Did I mention scan your files!?

Thanks]

New Helpdesk System in Full Swing

TRANSPARENCY

The new Tendenci helpdesk system has been a real eye opener for us. I fear we have let you down, actually I know we have, and I also know the blame resides squarely on my shoulders as CEO. Nobody else. If you have great people (and we do, and we’ve lost some of them now) and the results aren’t great to stellar then it is a SYSTEMS PROBLEM. And that is a CEO’s job. I can dissect it down to particular leverage points, staffing levels, transparency, lack of integrated systems, a naive belief in accepting suggestions from everyone without stress testing them, etc, but ultimately it falls on me.

So let’s be clear about who is at fault for our turn-over of late. Me. There are many things in hindsight I should have done to prevent it. It has cost me personally, professionally and on every other level. As a CEO you don’t get that luxury. Because it’s not about me, it’s about you. And isn’t that the real issue? It’s how it has impacted everyone else. We all count on Tendenci to just work!

I’m familiar with failure. It hurts more when it is your friends. I won’t sugarcoat that. Nor will I give up as I have an obligation to our clients and rebuilding is the only option, up to and including a few critical conversations to ensure a strong future for all of us. We need you, our clients and open source contributors, more than you need us now that we are open source and I fully get that.

LEARN FROM MY MISTAKES – NO PER USER PRICING

We liked zendesk, but as I have blogged in other places, I still view the per-named-user business model as a failed business model that is inherently unfair to clients and part time employees. The economics incentives of named-user-licensing is to create devastating silos of information to save 70 dollars a month for someone to just check in.

It is particularly harmful for remote workers who need to be able to see more information, not less, to keep up with those in centralized teams. The per-named-user-license model creates an economic incentive to do the opposite. “Does this contractor really need to use the toll road? Nah, let’s just assign them work and they don’t need to know the backstory or inside jokes of the office.” – see? Fundamentally evil.

Why did it take me so long to figure that out? #duh

I’ll grant you that some companies are starting to find a hybrid pricing model.

Racing Horse
Chinese Year of the Horse

Hipchat has a great offering and, then, sure we upgrade for the 2 or 3 dollars per person to get the call functionality. That is reasonable. But we love hipchat internally.

Salesforce? Not reasonable. Long term contracts, integrators that don’t work and nobody held accountable. They aren’t so much “no software” as “software that isn’t as evil as Oracle.” – not a big differentiator IMHO.

Given a choice I prefer to work in the environment we program in – Python/Django/Postgres/Ubuntu and hence we went with Django-Helpdesk to organize and provide transparency and accountability. Drop in Django-Model-Reports and I can actually see the level of support my clients are receiving. And while clearly my responsibility, results are results and they completely unacceptable.

The data and timelines were just hidden. No more. You can’t manage what you can’t see and I can see it now. I will need some help from clients to copy their support email account to keep from reverting to silos again.

SIMPLIFY SIMPLIFY SIMPLIFY

For the helpdesk and ongoing projects in the shop, with candor, it may take a month or longer to dig out and create a refined simplified simplified simplified system. But we’ve done it before and we’ll do it again.

Thank to our clients for your patience. I frustrated a lot of clients and lost some great clients and employees as a result of not having systems in place. I apologize.

IT’S ABOUT CUSTOMER SATISFACTION

Yet as I have said many times –

“Clients don’t want great customer service, they want great customer satisfaction. They want the software to work so they don’t have to call in and get a quick response. They want it to work so they don’t have to call or email in the first place.”

–  we need better systems. This is one of them.

We will be announcing partnerships to fill in and take care of holes made apparent by the extreme transparency of the new helpdesk system.

DIFFERENTIATION

We will start with differentiation. Clients on paid support contracts should and will go straight to the top of the queue. Our old systems didn’t have the ability to filter and prioritize. Now we can. I will announce these partnerships, some with former Schipul/Tendenci employees who already are familiar with our clients and strict security systems.

We will do our best to forge ahead, rebuild the client contact and communication portions of Tendenci the company. Our technical team is still charging forward with long term goals rest assured. Like the return of the newsletter generator.

I thank you for your business, your contributions to the software, for being a part of the global tendenci team, and for not giving up. I won’t either. It’s not me or you, it’s us. #peace

Communications Needs a Town Square

Communication needs a town square. Step 1 was to implement a forum independent from our site. Encrypted (of course) and endorsed, and with it’s own unique karma.

 

Talk to us. Tell us what we can do better. Group listen – a challenge to all of us is to listen as a group. To truly listen.

community-tendenci-comAnd the software needs direction. Our job is to listen to and foster the community of Tendenci users across the globe while respecting that ultimately we, they, you, them, us, are all independent individuals and organizations, cultures and people, nonprofits and companies, we speak different languages, the only thing in common with the global tendenci community is our diversity. Just as the only constant is change.

We wouldn’t be cause related software developers or working at cause related companies that aspire to the #openeverything OSCON type of ethos to begin with.

First – it is to serve.

To achieve our communication goals we are using some amazing open source software based on django and postgres just like tendenci of course – The Misago Open Source Discussion Forums is used to power the new https://community.tendenci.com site to provide a “place” for that dialog to take happen. Developers are welcome to continue posting issues on github of course, clients who prefer to have us (or you!) manage their tendenci hosting will submit billable tendenci support requests, but there is something different about a forum that is toned down and not quite as public. I can’t quite explain why.

Join us?

Ring, Ring. Tendenci is Switching Phone Systems!

Tendenci community!

We are making the jump – phone system in the cloud.

Our new phone system is more dynamic and mobile.  We also love to hear your voices and this system will allow for clearer transmissions.

We’ll be switching over phone systems this weekend.

If you have any trouble reaching us this weekend or early next week, please send us an email at support@tendenci.com

 

 

Have suggestions for new modules?
Have questions on setup?

Check out our new community forum: http://community.tendenci.com/

Connect with Team Tendenci and the Tendenci community.

 

 

What NPO Software Success Really Looks Like

This image came up as a topic of conversation in a meeting we had this morning and I wanted to share it. It is a pretty accurate description of the open source rewrite of Tendenci from the ground up over the last four years. And I’m pretty excited about the software moving away from the squiggly part on the right in this image from Henry Bloget’s blog post.

success
What People Think Success Looks Like Vs. What It Really Looks Like

Oh don’t worry, we’ll attack new challenges and make new squiggles which will make people think we are off track, or losing it, or “freak them out” as we get to the end of a road and go “oooops, that didn’t work.” But now we know that didn’t work.

It also reminded me of some of Hugh’s quotes in his book Not Sucking that I have always liked. For example:

THERE IS NO SECRET SAUCE

WORK HARD. LIVE QUIETLY. BE FRUGAL. SIMPLIFY. NEVER COMPLAIN. CONSTANTLY ELEVATE YOUR CRAFT.

Sure, a bit of talent and good for­tune comes in handy. It’s nice that you could draw bet­ter than any other kid in your small town, or that your parents had the money to afford ten­nis les­sons after class.

But that just gets you to the star­ting line. The actual race is what hap­pens after that, day in, day out, for many years to come.

And the ones who win, the ones who really ele­vate their craft, are gene­rally the ones who work the har­dest. Life is unfair.

People underestimate the power of hard work. I like that he simplifies it all into Creativity, Mastery and Meaning. He doesn’t lie to you about a four hour work week, or tell you you have to wear Gucci to be happy, he doesn’t even list being happy as a goal. Meaning, Mastery and Creativity are how you don’t suck. Being happy is what happens when you don’t suck. But not always, because it’s hard work.

The best way to not suck is to MASTER something use­ful. Obvious, yes?

Then he drops the story of Jiro on me. (my commentary is below this long excerpt from Hugh’s post).

The thing is, I know TONS of super suc­cess­ful peo­ple, but none of them fit this extreme, celeb-lottery-winner-Reality-TV model. Some of them are actually pretty boring, to be honest. But they lead happy, friendly lives and do VERY well career-wise.

THAT is what most suc­cess looks like, if you think about it. The stuff on TV or in the movies just isn’t REAL enough for us to learn that much use­ful stuff.

So I was thin­king about this again, recently, HARD.

What model would work for folk like you and me? A model that didn’t mean you had to sell your soul to Wall Street, Holly­wood, Washing­ton or the tabloids? A suc­cess model that doesn’t rely solely on the unli­ke­lihood of outra­geously good for­tune or acts of evil?

Then quite by chance, I saw a great docu­men­tary recently: “Jiro Dreams of Sushi”, a film about the world’s grea­test sushi mas­ter, and a light ­bulb EXPLODED in my head.

Our man, 85-year-old Jiro Ono is the world’s grea­test sushi chef– the only sushi mas­ter to ever have been awar­ded three Miche­lin stars. He’s also the oldest per­son to have ever been a reci­pient of that award.

The thing is, he doesn’t have a lot of money or own a fleet of trendy res­tau­rants in all the world’s capi­tals, a-la Wolf­gang Puck. No syn­di­ca­ted TV shows, celebrity-chef book deals or TV talk-show cir­cuits, either.

He just has just a small, plain, dull, ordi­nary-looking, low-key sushi bar with ten seats in the base­ment of a Tokyo office buil­ding, near the sub­way, the kind of non­desc­ript place you’d pro­bably just walk by without stop­ping, if you saw it. Ten seats! Yet he REALLY IS the best in the world at what he does.

Jiro works seven days a week, over 350 days a year (he hates taking vaca­tion), ser­ves sushi and sashimi to peo­ple in very small num­bers, and THAT’S IT. Just sushi. No salad, no appe­ti­zers, no deserts.

Like I said, JUST SUSHI. And by stic­king to this mini­ma­list, bare-bones for­mula, he’s become the best in the world.

A tiny little sushi bar in some ran­dom sub­way sta­tion. Yet peo­ple wait in line, peo­ple book a stool at his sushi bar as much as a year in advance, at pri­ces star­ting around $600 a head. Peo­ple have been known to fly all the way from Ame­rica or Europe, just to expe­rience a 30-minute meal. In an office basement!

I read that and felt humbled. And befuddled. And yes perhaps a bit justified.

I’m also really happy to know others are like me. I don’t particularly consider myself successful but I expect it will all work out. I have many blessings and I work with great people. I have a wonderful family. I’ve also had my share of loss and plenty of criticism, which I have learned comes with the role of CEO even for a small company (note: there are no books on how to be a CEO. You just do your damndest to learn fast!)

Hugh MacLeod

Back to Jiro. I get him. For me, I have been obsessing about one single software product called Tendenci built specifically for associations and non-profits for 13 years now. I’ve had a lot of help. I’ve never wavered nor lost the passion to keep improving it. I’m truly obsessed with making software in a way that makes our CLIENTS successful.

I started it in 2001, (the tech bubble had burst) on the premise, after reading hundreds of marketing books that clients who made money off of your software wouldn’t leave you. That they might forgive a missed deadline, but they would not forgive a security breach. That they wanted the freedom to leave at any time. So all of our clients were sold month to month, export your data and leave whenever you want. (this was before open source was an option and before PHP was around.)

What started on the Microsoft platform is now rewritten by a a great team of programmers who work here, and outsourcers, and hopefully more and more by people in the community. It is now Django/Python/Postgres and Ubuntu. We are working hard, and I am obsessing on adding donor management that integrates with Salesforce Foundation’s free licenses for non-profits. I’m completely obsessed with giving NPOs an alternative – that they can succeed on both bottom lines, financial and causes, and put more of their money and time towards the cause instead of spending 10k/user for Raiser’s Edge.

Can a 13 year old product built on Django give NPOs a real alternative to Raiser’s Edge and Blackbaud? And can it be an OPEN SOURCE product that you can integrate, extend, and experience with no vendor lock in at all? The odds are against me. And there are only 10 stools. And my obsession with achieving this success grows stronger every day, and it is not because I know anyone at Blackbaud.

I’m obsessed with collaboratively building Tendenci not because of what the software itself can do. I’m obsessed and seeking mastery because of what global-non-profits can do with the first open source Python software built specifically for them.  That is my passion.