February 2011

WordPress + Drupal = World Domination

By Johanna Bates, February 28, 2011

Okay, maybe not world domination. But at least significant progress toward truly usable, community-developed software. Drupal and WordPress are hitting their stride right now. It's getting easier to build sites on a budget that orgs can mostly manage and update themselves. That's a big deal for our sector. These platforms allow our web communications to keep pace, at least somewhat, with the rest of the business world. We have to get our messages out, amid the clamor, just like everyone else, and the playing field is getting more level. Yes, we might be a bit behind in our ability to afford all the bells and whistles, but with a Drupal or WordPress site, we can blog and integrate with email messaging, Facebook and Twitter. If we know our audience and have a clear message, that's all we need in our toolbox right now.

I was working almost exclusively in Drupal for a while, and now I'm diving back into WordPress as well. Sometimes it's simply the best CMS for the job. It had been a few years since I'd last built a WordPress site, and it's come a long way. For small- to medium-sized blogs and simple websites, it's incredibly easy to build in. For content editors and site admins, its back end admin beats Drupal hands down in several areas. Of course Drupal's back end can be completely customized to be more user friendly, but when an org is on a tight budget, WordPress has much of that ease-of-use right out of the box. If all you want to do is manage a fairly simple blog or website via a browser, WordPress is stable and flexible, and more than enough power for many orgs' needs.

One of the best summaries I've ever read of the differences between WordPress and Drupal, and of how to decide which CMS to build in, is WordPress vs. Drupal... Fight! by Michelle Murrain. Here's a snippet:

Kinds of sites probably best done in WordPress:

  • Blogs
  • Community Blogs
  • Simple brochureware websites


Kinds of sites best done in Drupal:

  • Large community sites where you need different kinds of content generated by users (blogs, wikis, job postings, etc.)
  • Complex, document-heavy library sites, or sites that need document management
  • Sites where you want complex control over multiple content types – how they are created and viewed
  • Magazine/Newspaper like sites where you want to control how lists of content are displayed and ordered
  • eCommerce sites
  • Sites with deep integrations to CRM platforms and web services


Kinds of sites where it’s a tossup:

  • Medium or large websites with lots of content, but relatively simple organization
  • Community blogs with many authors and identified, authenticated users

Good stuff.

The Right Tool for the Job

By Colin Pizarek, February 24, 2011

We media creators get seduced by shiny toys, which is why we’re always drooling over the Mac Pro tower and the newest Adobe suite of software. Having worked professionally in video production, I got used to having some awfully nice toys at my disposal. It’s great when you’re not limited by your software.

Idealware is not a media production house, so the multimedia content I produce is done under very different circumstances. One of my current projects is to create a series of 10-minute demonstration videos that show off the features of donor management software. Like many nonprofits, we’re working with limited resources and trying to produce quality content. This requires us to be creative and flexible. For these demonstrations, I am using Adobe Premiere Elements (Techsoup.org, $15) and Camtasia (Techsmith.com, $250 for nonprofits).
 
Originally, I wanted to use Camtasia for the entire process, as it has some great features that streamline the process of making screencast videos. Unfortunately, the software has a serious limitation that makes it very difficult for me to create the videos the way I want to: it doesn’t let me have blank space in the editing timeline. If you’ve ever edited video, you know that being able to insert empty space into your timeline makes rearranging video much easier. These demonstrations have hundreds of edit points, which Camtasia is clearly not designed to handle. I even called Techsmith, who admitted that what I wanted to do was not currently possible.
 
Here’s what I do instead:
 
 
Now, I know there are probably better ways to handle this process. In an ideal world, I’d be using Adobe After Effects to create my motion graphics effects. With pro-level tools, I could have all the precision I need. I don’t think that upgrading to After Effects would be the best decision in my case, though, because I would be sacrificing the speed and convenience of using Camtasia’s pre-built effects.
 
I’m in the interesting position of straddling consumer-level tools with pro-level quality. The consumer-level tools are built to be user-friendly and convenient. They’re also more affordable. Bear in mind, I’m not doing anything complicated in these projects; all of the tasks can be accomplished without pro-level systems. What I get in return, though, is a few headaches from trying to work around the deficiencies of these simpler tools.
 
If your organization is thinking about embarking on a media project, find somebody who really knows what they’re talking about. Sit down and have a long, candid talk about what you really need to accomplish your goal. You want to make sure your staff is properly equipped to do their job, but it’s easy to think you need bigger, better software than is truly necessary.

Cloud Security in the Era of WikiLeaks

By Steve Backman, February 21, 2011

Salesforce helped pioneer the concept of putting confidential organizational data in a "public cloud" system.  Other key vendors offering public cloud data services include Microsoft Azure and Amazon S3 services. "Cloud" has come to mean  many things to many people as far as putting internal office functions up on the Internet. The word “public” is important to understand. This means that all data--every corporate and nonprofit user--sits in one enormous database. This is in fact a reassurance, not a drawback. In a public cloud web service, the vendor focuses its security attentions on one system, top to bottom. 

 

Public Clouds and the Apartment Building Analogy

 
The data system in a public cloud  is "multi-tenant"--tenant as in  big apartment building. Even more than in a condo development, an apartment building provides uniform infrastructure supports distributed across all residents. Apartment building tenants in a well-run building can still personalize a unit yet off-load most all concerns for maintenance and infrastructure. Salesforce, for example, manages its 100,000 customer accounts with something like 20,000 servers. These servers are located in multiple data centers worldwide each with thousands of servers. A typical hosted website may be secured by the Internet Services Provider, yet it resides in one physical place at a time. In a public cloud system, your data is never just on one server in one data center. There is immense redundancy and optimization so you never need to think about where things are stored and where the next page view is coming from. Likewise, you don't have to think about doing a back-up. It just happens. 
 
While it still strikes many as challenging to use a public cloud service for storing confidential donor or client lists, we all trust public cloud environments daily. When you use GMail,  Google Docs, Facebook, Flickr, Twitter, you trust your data to a public cloud. In each of these, your data sits, personal or organizational, sits with everyone else’s in one place. For that matter, specialized email manager services like Constant Contact, on-line donation systems, BaseCamp also are public clouds of sorts. Though you only see your own projects, Basecamp or Central Desktop project information sits in the same database as thousands of other customers.
 
In a cloud environment, everyone logs into one place. Once you log in, you are directed into a compartmentalized set of functions and data and can never see anyone else's.  The privacy is covered by the user name (email address used to log in) and password. It is up to the vendor to make sure other people’s data doesn’t leak through to your account. What they gain, again, is the ability to manage all security and performance issues in one place. 
 
As with modern network managers, cloud systems typically enable an organizational systems administrator to further govern the user list: you can restrict usage by the location (IP address) a user can use, time of day, and other rules. Cloud environments should make these rules --as well as the log in history of each user--visible to the system administrator(s) of the account (including you) at all times. The systems also encourage robust passwords and resetting them periodically. 
 
When someone leaves the company/organization, the administrator should be able to simply deactivate their user name . This immediately locks them out. Deactivated users in some system can remain in your account without counting against licensing. This means that records of work and activity remain even after the user is locked out of the system. A bulk transfer of record ownership from a user who has left to a new user is a handy feature to use once the user is de-activated.
 
Add-on tools to cloud services also need to be secure. Sometimes people ask me if they can “see” their cloud data directly using ODBC, as they might have done with MySQL or SQL Server based traditional websites.  In order to hold things together securely, public cloud services typically ensure that add-ons for email, event registration, as well as your own custom pages use an additional layer of security beyond user name and password. Salesforce, for example, adds a long, apparently random "security token" to encrypted data transfers by add-on tools or pages. 
 

How much security responsibility do you want to have in the era of WIkiLeaks?

 
Another element of cloud-system security has to do with browser standardization. When you create or update your public website, you can still opt to have the developer support older, unsecure browsers like Internet Explorer 6. The developer won’t be happy, but it can be done. Cloud systems typically set standards for secure browser connections, which may frustrate users on older computer that haven’t updated, yet it adds protection and ensures encryption to the organizational data. 
 
Cloud environments also enable centralized treatment. Every week there are new threats to computer systems. These threats could potentially affect cloud systems, but the difference is, it is cloud vendor’s job to make the patches, and when they do, they do it in one play for all customers. Everywhere else, you have to have some concern when patches will be applied, who will do it, and whether it will affect your customizations. Cloud vendors like Salesforce focus on pre-announced major upgrade cycles annually and roll them out in organized fashion, while making security patches regularly. 
 
A different security issue concerns how much can we trust a cloud vendor to maintain the confidentiality and privacy of data you entrust to them. This is a consideration with any software any of us uses these days. We live in an era of WikiLeaks, apparent semi-official Chinese theft of Google and Adobe data, Israeli attacks on Iranian nuclear power system networks, and newly intrusive data mining by US authorities. Yes, you do have to pick who you can trust. An organization that was counselling undocumented immigrants, pregnant teens or anything else confidential needs to consider what their network provider, hosting company or cloud service would do in the event of a government warrant or determined attack by a political or organizational opponent. In a cloud environment, you have to select vendors you can trust based on their size, history with privacy incidents, and leadership and board commitments. Given that we expect more of our desktop or network server software to “check for security updates” regularly, to be fair, we need to make the same determination for all software, not just cloud systems. 
 

Private Clouds

 
In general, using a public cloud environment is like using the electrical or water utility: each month, you use as much or as little as you need, and you pay as you go. Technology managers who speak in terms of "Enterprise" class services also, among other things, seek environments where your software applications are always available,  and the infrastructure can handle any size load reliably.  The various forms of cloud technology make this possible and the birth of public cloud providers makes this economically feasible for small organizations.
 
As I mentioned cloud can mean different things. These days, everyone wants to say they have a "cloud" offering. We also use and have created web applications using Drupal or .Net  that might be called "private cloud" systems. A private cloud does give an organization more unilateral control over its data yet it also leaves more responsibility in the hands of the developer or support provider. You may use a shared web infrastructure which off-loads some responsibilities, while leaving other issues of integrity, up-time, and some of the security features depend on the developer. 
 
Web sites may be hosted on a server that has dozens or more separate sites. They share some things on the physical server and its surrounding network at your Internet Service Provider. They use virtual environments to confine your view to what looks like an entire isolated web server. If you do something bad, your site will go down and no one else’s. While that sounds good, it also means you have more responsibility to make sure that your site doesn't do anything "bad." It is a mixed blessing, and as software gets more complex, a growing burden.
 

What about traditional networked databases and software?

A private cloud is  more reliable than an internal networked database. A networked database (eg, Raisers Edge or Sage) running on Windows server leaves you with complete responsibility for all aspects of the integrity, security, back-up, updates and so on of the software. Larger organizations feel comfortable doing this and they pay for it, either to their network admin team, to software vendor, or a consultant. Smaller organizations cut corners and may be vulnerable.  Yes, you can isolate things by virtue of your network firewall and server security software. One might debate in 2011 whether this is more secure than cloud environments. On the whole, I no longer think it is. Network administrators and server software vendors are fighting at best a stalemate keeping malware outside the door.  Malware on an individual, inadequately protected computer on an organizational network can undermine the entire network.

 
As far as the reliability and responsiveness of the database--a different kind of security: Since in a public cloud database or network environment, everyone uses the same underlying data store, this means that a small nonprofit  with 10-20 users and records in the tens of thousands gets the same treatment as a giant entity with hundreds of users and millions of records.  In an environment you maintain yourself, you have to be concerned with whether the set up of the database (including Access or Microsoft SQL Server) can support the amount of data and number of users. Anticipating growth and scalability in a private or networked system is a big headache. 
 
Organizations that host their own software applications internally have a basic conundrum. The cost of network hardware has dropped considerably. Standard networking software can either free (Linux) or, for nonprofits, subsidized (Microsoft on techsoup). Yet those reduced base costs mask a continuing high cost of maintaining a server year by year. 
 
The conundrum comes from bearing the entire cost of maintaining that server yet most likely hardly ever using its entire capacity. Until a few years ago, organizations found themselves adding multiple servers to separate file and print services from email management, application and database servers and such.   Virtualization technology, a fundamental technology for cloud computing, has allowed the consolidation of servers. This provides a noticeable economic savings as well as environmental benefits.  The simplest analogy is switching from incandescent bulbs to compact florescents or LEDs. This partly mitigates the responsibilities for maintaining local servers, but only partly. 
 

Broadening Safety in 2011

Along with physical security of a local server are issues of data security. Data security is multi-layered and multifaceted.  Here in Massachusetts, the state enacted laws to protect personally identifiable information.  This changes the security model considerably because organizations, including nonprofits, now need to proactively take responsibility for protecting against internal inappropriate data access.  Sensitive data now needs to be encrypted in the data base and users granted specific permission to access that data.  If your organization must provide a security compliance audit, some say that public clouds with their proprietary technology may not pass scrutiny as they don't reveal the internal workings.  At least for now, this is a major rationale in the corporate world for “private cloud” environments, where you get some of the benefits of hosted cloud infrastructure, yet take responsibility for everything you have up there. On the other hand, organizations with their own local servers may lag behind in documenting and keeping up to date a security compliance plan for their network and server infrastructure. 
 
Below private clouds and networked systems lies the security of individual computers and now mobile devices. Here the security picture is even bleaker, with inadequate protection and frequent vulnerabilities. When someone says, they will install their accounting system or other critical data on just one computer and keep it off the network, to be safe, you can ask, how much effort are they putting into back-up, anti-virus, hardware maintenance and all the rest for that one computer? How much does a systems administrator at that organization monitor the complete set-up of that confidential computer? 
 
For a sense of emerging security issues we will likely face in 2011, check out this article from the great technical security resource, http://darkreading.com. 
 
From my point of view, 2011 looks to be the year that no matter your application platform, there is an affordable, secure cloud solution for  you.  Whether you start with simple server virtualization or move to a more complex cloud solution, it’s time to do something about that server in the closet.  From a security point of view, the old internal server looks less like a private fortress than a single point of failure.  Some would call it a “stress box.” The burdens of maintaining private systems have become so great, developers and software publishers feel increasing pressure to move in this direction in order to survive and give their customers good service. Infrastructure specialization is a good thing - it enables organizations to focus on their core mission; reduce operating costs, handle unexpected contingencies, and contribute to a greener world. My sense is that over the next several years, more and more corporate systems will move to the cloud, and to the public cloud, and in their wake, so will nonprofit data. 
 
 
 

 

Another Look at Jumo and Other "Charity Portals"

By Kyle Andrei, February 17, 2011

 Since we’re now a few months out from the beta launch of Jumo, the new social network for nonprofit organizations from Facebook co-founder Chris Hughes, it seems like a good time to talk about what it is, and what other options are already out there.

Jumo is, by design, deeply integrated with Facebook. There’s been a lot of complaints over the requirement to have a Facebook profile in order to join Jumo, and it’s a significant pain for organizations.

Other, better established “social middleware” sites already integrate with Facebook, like Causes.com. Causes already has over 140 million members, and allows them to follow causes that they create, donate to nonprofit organizations through the site, or have friends and family donate to a cause as a “birthday wish.”

But if working with Facebook really isn’t your thing, Idealist just relaunched its website, retooled to function more like a social network, as well as enhancing its existing search features. GreatNonprofits is several years old, and well-established, with over 1.2 million nonprofits in the system. The reviews on GreatNonprofits are all user-submitted, helping potential volunteers and donors not only find an organization, but find out what working with them is like, from the people who already have. To possibly net a greater reach in audience, nonprofits can certainly create articles on Wikipedia, with the added benefit of Wikipedia’s high hits on search engines.

One important complaint with Jumo is that when someone makes a donation, Jumo automatically takes 15% as operating fees, meaning they get a noticeable piece of every donation. Other, better established sites also use this donation model; GlobalGiving.org also takes 15% from each donation made through their service. If you aren’t quite comfortable with this model, Causes.com doesn’t take any money for itself, but their donation service provider, Network for Good, takes only 4.75% to cover processing fees.

So why is Jumo needed at all? Is it all just hype?

Really, the hype is exactly why we need Jumo. Chris Hughes is bringing the kind of publicity that only a founder of Facebook and the Obama campaign’s social media guru can generate. The buzz can only help bring more interested, civic-minded individuals to nonprofits, and isn’t that the point?

Do you use any of these sites?

Accidental Technology

By Peter Campbell, February 11, 2011

 There's been a ton of talk over at the NTEN Blog this month about Accidental Techies.  I had a few thoughts on the phenomenon.

If you don't know, Accidental Techie is an endearing and/or self effacing term for someone who signed up for a clerical, administrative or other general purpose position and wound up doing technical work.  Many full-blown techies start their careers accidentally like this. 

The NTEN discussion has wonderfully run the gamut.  Robert Weiner, a well-known NPTech consultant, started things rolling with "Going From Accidental Techie To Technology Leader", a piece that wonderfully explores the gaps between those who do the tech because nobody else is and those who have the seat at the planning table, providing good advice on how you get to that table.

David Geilhufe then jumped in from an entirely different perspective with "Professionalism in Nonprofit Technology: Should My Techies be Accidental?" -- that of a software grant provider who has seen how difficult it is to deal with organizations that don't have seasoned technology practitioners in place. While his piece wasn't a screed against accidental techies (ATs), it threw a bit of cold water on any org that thinks that technology can be successful without professional input and planning.

Fellow Idealware blogger and nptech consultant Johanna Bates posted "A Rant About Accidental Techies". Her post, based in part on her own AT origins,  is full of insight on how the 'accidental" appellation can be a crutch, She also shines light on the sexual politics of accidental techieism (reflected, unsurprisingly, in NTEN's bloggers, two of whom are male, non-ATs, and two are female former ATs).

And Judi Sohn wrote "An Ode To The Accidental Techie", reflecting on her experience as one (as well as VP of her org!) and reflecting on the attributes that make Accidental Techies great.

I am not, and never was an Accidental Techie, although my career path was very similar.  I started doing tech work in a small law firm where my title was "Mailroom Supervisor" and my duties included everything from database maintenance to filing to reception. We had a part-time tech who had installed a five node, token-ring IBM LAN that the legal secretaries, one attorney and I shared. When he quit, I was offered the Network Admin promotion and  a hefty pay raise.  The difference here is that, like a lot of ATs, I was in a clerical position and I had an aptitude for technology.  But, unlike an AT -- and this is my big point -- I worked for people that anticipated the needs for technology management and support.

There is nothing wrong with Accidental Techies; quite the contrary: they tend to be people who are sharp, versatille, sensitive both to organizational needs and the opportunities to create organizational efficiencies.  Most of all, they're generous with their knowledge and time. But there's something wrong if the technical work they do is unheralded and unpaid.  It's wrong if it isn't in their title and job descriptions.  The circumstances that create accidental techies, instead of promoting people with those traits to tech positions, are routinely those where management doesn't have a clue as to how dependent on technology they actually are, or what resources they need to support it.

And you can bet that, in a business environment that creates the conditions for Accidental Techies to flourish, there's no technology plan.  There's no CIO, IT Director, or person who sits on the planning  and budget committee whose job is to properly fund and deploy computer and software systems. They're winging it with infrastructure that can make or break an organization.  And they're extremely lucky to have proactive people on staff who do see the gap and are breaking their backs to fill it.  

So the NTEN blog quartet is required reading for anyone who even suspects that they might be an Accidental Techie. Read Johanna's first, because she cuts to some core assessments about who you are and why you might be in this role.  Read David's next, because it's harsh but true, and it illustrates well the dangers that your org is facing if they don't have proper IT oversight baked into their system.  Read Judy's third, because she'll remind you that, despite the last two reads, it's still cool -- and you're cool for being someone with heart and talent.  And read Robert's last, because he'll tell you how to get from where you are to where you and your organization should be.

The Wonderful World of Wireless

By Jay Leslie, February 7, 2011

"4G has arrived!," the cellular telecoms cry, and the world's abuzz and salivating over their next mobile phone and what they'll now be able to do with (cue echo effect) 4G! Sure, I too devote a good chunk of my Sunday mornings to scanning the pull-out ads for the latest and greatest in mobiles but I'll be honest with you, I'm not terribly excited about 4G. It's just one of many hi-tech fish in the sea and in the way of techno lust, I'm a serial monogamist. One love at a time for me and right now, my heart's set elsewhere.

Communications speed is the primary benefit of 4G. Smartphones will be able to exchange more data at higher speeds than their 3G cousins. I know many of you at this point are salivating over what you could do with more speed. Streaming video to your iPhone could become feasible. Heck, streaming video from your iPhone might be possible—essentially transforming just about anyone into a one-person television station.

Very nice, indeed, but what I’d really love is for my Android to not crash in the middle of giving me GPS directions while I’m feeling my way around the outskirts of Portland. I’d like to spend more time using my phone and less time worry about the battery indicator as it speeds toward “re-charge now!” half way through a three hour hike.  Communications speed? Eh. Google Maps loads fast enough already and I can already watch movie trailers in Target while my kid obesses over the same Star Wars toys I had when I was his age. Shouldn't have thrown away my Chewbacca. He'd probably be worth a fortune now, but I digress. . .

What I am excited about is WiFi Direct. What’s that, you ask?  WiFi Direct gives you wireless communications with the ease and security of WiFi, without the need for a hotspot.  It’s also fast enough to wireless support streaming high definition video.  So what? So, you could watch a Blu-Ray movie in your bedroom, even if the WiFi Direct-equiped Blu-Ray player is downstairs in the family room. Want to show off your snowboarding videos a friend took with your Droid? Don’t crowd around the Droid’s tiny screen! Stream the video directly to your 50 inch flat panel with WiFi Direct. . .from the couch. . .without messing around with a maze of cables.

I’m a nonprofit ED. Why should I care?

You have a smartphone that lets you surf the web and manage your email, and the documents you work on live increasingly in "the cloud." You basically have a computer in your pocket and yet you feel compelled to travel with your bulky laptop because, let’s face it, doing real work on a smartphone sucks.  A WiFi Direct-enabled monitor and keyboard in your hotel room might let you access the power of your smartphone through a far more comfortable keyboard and full sized screen. Ditch the laptop. The same setup at home and at the office would mean that you're never away from your computer. Nice, right? I can almost see a dumb-terminal revival.

I know, I sound like a smitten pundit in love with some new technology that promises a brave new world just around the corner. I am a little in love, and I realize my zeal for WiFi Direct might be no more grounded than the hype surrounding 4G. And as far as my smartphone example goes, the device bottleneck is just as true of WiFi Direct as with 4G.  So, what are WiFi Direct’s potential downsides? What makes it better than Bluetooth? I don’t know. . .maybe one of you can tell me? Or better yet, just indulge me. Tell me more things you could do with WiFi Direct!

Social Media Workflow: What I Do at Idealware

By Andrea Berry, February 7, 2011

 I was recently asked in a social networking training about my typical workflow for social media posting at Idealware.  Seemed like the class found it interesting, so I thought I would share it with you too!

Here at Idealware I am in charge of our social networking activities on Facebook and Twitter.  This is a task that is both super fun and totally bewildering.  What to post is a daily challenge and how to say things that people will respond to is something I am only just beginning to decode.  

Regarding workflow, overall I typically spend 4 to 6 hours a week on social networking (that time covers both Facebook and Twitter).  Daily, I spend my first 15 or 30 minutes at work reading through blog posts and interesting tweets to determine what I want to post or retweet (an hour and fifteen to two and a half hours per week).  Then I spend about 15 minutes scheduling out many of our tweets for the day (another hour and fifteen).  I aim for 4 to 8 scheduled daily, supplemented by interesting things that catch my interest during the day.  Out of that list of tweets, I pull the most compelling article and post it to Facebook.  For the Facebook post I try to pull out an interesting quote, a key point, or an intriguing question from the post and share that in my comment.  

After my morning routine, I admit that I am subject to a random checking of Facebook and Twitter when I either need a quick break or find myself with a minute to spare (up to another two and a half hours per week).  If I see something worthwhile, I will share it via Twitter and make sure to respond to any Facebook comments (I have just started using Hyper Alerts to get notifications of Facebook posts to reduce the urge to check obsessively).  

When we are working to promote an event, article, report or other Idealware specific things, my posting becomes a bit more structured and strategized, but I pretty much still stay with the same workflow.  

This workflow seems to make sense for me.  It helps me avoid the “social media time suck” that can be so easy to fall into with these constantly updating tools and makes social media a scheduled part of my job.  It is an allocated time in my day that I respect (as do others in the office) and helps me put in enough time to generate a consistent flow of content to engage the Idealware community.  

How do you schedule your social media workflow?  What works for you?