In my daily life, Git has 2 major advantages: version control and comparison of versions even when I’m not connected to the internet (you have your own actual repository, not just a working copy), and its speed. It takes less time to clone a whole repository of code than it does to check out a working copy using CVS or SVN! It’s really worth checking out.

I imagine Git will become the new CVS – the new standard, until something better comes along to supplant it.

A few months ago, in preparation for a couple of projects, and a big push into this area for our company, I was faced with a strategic choice – go it alone, and build our own integration module for client projects,  or plunge into using and working with the contributed salesforce modules. Truth is, it wasn’t really a choice for me – I’ve got using and contributing back to open source projects in my DNA somehow. Although we certainly could have chosen, like others, to go our own way, we have committed ourselves to using, and contributing to the modules on drupal.org.

What we lose:

• Complete control over development process and direction
• Not having to fix other people’s bugs in order for stuff to work

What we gain:

• Not having to reinvent a number of wheels
• An easier upgrade path
• Build on the work of others
• Collaborate and learn

The work done so far on the modules is really solid – and it’s getting better. There is a great new maintainer, and increasing activity and contributions. There are also a number of other module integrations (like Ubercart, Webform, and FeedAPI) that are moving forward. Integrations with Views and Actions are also moving being considered (it’s instructive to look at the issues queue). This is stuff that would be hard to match, and makes building integrations for different kinds of sites easier.

So beyond just my own personal preference, I think that there is much benefit, both for our clients, and for us as a company, in hitching our wagon to theses contributed modules instead of going it alone.

Of course, mostly, Drupal is only as good as it’s contributed modules (that’s a bit more of a stretch, now, because many of the key contributed modules, like CCK, are now in core Drupal.) So when folks like us, who build sites that depend on Drupal 7 can start using it is a bit up in the air, although there is a movement to get many modules ready for Drupal 7 at it’s release. But some may well not make it. We’re guessing that we’ll start building production sites in Drupal 7 starting in late summer, early fall, depending on requirements.

A note: the standard process for deprecation of old Drupal versions is that when a new version of core comes out, the one two versions back stops being officially supported. So Drupal 5 will no longer get security updates and the like. Already, many module developers have stopped supporting versions of their modules that work on Drupal 5. (The salesforce module maintainers recently made that decision, as have others.) So certainly a site running Drupal 5 won’t stop working, but it will become vulnerable without security updates to core or modules, and it will get increasingly difficult to maintain and add features to. So it might be a good idea to budget the time and money to upgrade as soon as possible if you are on Drupal 5. If you are on Drupal 6, you’ve got a while yet, but Drupal 7 certainly has some great advantages, particularly in user experience, to look at.

The place to find reports on what happend is on the wiki. Also, check out the twitter stream for the #omc09 hashtag.

I was especially interested in the issue of mobile data collection. (I was so interested, I facilitated a session.) And, even more specifically, I’m interested in how to leverage CiviCRM and mobile devices for a range of interesting applications. There are a number of ways to get data from mobile phones into a CRM – and all have advantages and disadvantages, depending on a lot of things.

• Globally, what you can basically depend on is SMS. Smartphones haven’t made it into most of the developing world, nor have 3G networks. So how do you get SMS data into a database system like CiviCRM? You need an SMS gateway, and systems such as RapidSMS to gather data
• Use J2ME to write applications for mobile phones, and send the data via SMS to a central database.
• A tool such as EpiCollect, which is an Android app.
• A slimmed-down, simplified webform to be used on mobile browsers.

One thing that would facilitate this would be a more robust API system in CiviCRM – access to the data via REST or JSON, which would allow CiviCRM to talk with some of the tools out there like Mesh4X.

I learned a ton. Thanks to MobileActive.org and the Open Mobile Consortium for a fabulous event.

There has been, of course, a lot said about the fact that although women make up 20% of the tech field, they only are approximately 1.5% of open source communities. There have been long standing groups that have tried to address this, and new efforts as well. Some open source communities are more diverse than others. In her keynote, Kirrily talks about two open source projects, Archive of Our Own and Dreamwidth that have a majority of women involved, which is rather unusual.

A short twitter conversation I had with a colleague brought up the issue of whether or not this is just an exercise – will this actually lead to any lasting change? That’s a good question.

Kirrily has a set of really good guidelines for open source communities:

• Recruit diversity
• Say it, mean it
• Tools (Tools are easy)
• Transparency
• Don’t Stare
• Value all contributions
• Call people on their crap
• Pay Attention

As a long time open source user and advocate, even though I am someone who rarely finds people like me in open source projects (i.e other women of color), I’ve always seen the open source movement a potential avenue for the greater involvement of people other than white, straight, young men, because theoretically (this is the important part) one’s involvement in a community is pure meritocracy. But so many open source communities have so far to go when it comes to being welcoming. I’m reminded of sitting in Drupalcon in DC and hearing Dries talk about the “beard length” of the developers. And of course there was the huge brou-ha-ha around a presentation at a recent Ruby conference.

And, of course, there are other factors as well. There are far too few places like The Community Software Lab of Lowell, MA, who’s mission is:

We write, administer and maintain open source software to serve the underserved.
We use and improve the skills of people with underused skills
We work to make hacker sub culture values (transparency, meritocracy and generosity) the values of the entire culture and bring about the post scarcity society.
We work toward our mission by trying to achieve our short term goals transparently and generously while accumulating only necessary wealth.

So what will it take? Will this effort in the python community pan out? I think it’s a great start. I think the first step is definitely a focus on community environment. Is it friendly? Is it welcoming? Is it easy for new developers to start, and get deeper in? Are there good mentoring models? All of that makes a huge difference. And having a statement doesn’t at all guarantee anything, but it provides something people can point to and say “this is our goal.” Better than nothing, and a lot better than many open source communities are doing.

We started using Slicehost, which was incredibly easy to set up and use, and was acquired by Rackspace, which is considered the premium dedicated server hosting company. I then soon discovered a service called Cloudkick, which allowed us to monitor all of our slices and our clients slices in one dashboard. That was very cool.

It turns out that in the process of creating Cloudkick, the folks there came up with libcloud – a library that service providers could use to give developers access to the services needed by the servers – list, restart, create, destroy, etc. There are now a number of cloud hosting service providers, such as Rackspace cloud servers (used to be Mosso), Slicehost, and Amazon, that are beginning to support libcloud. Libcloud has become it’s own open source project, and is under active development.

Hopefully, this will provide a plethora of options for folks in terms of being able to monitor and manage the varied cloud servers they’ve got going. It certainly has already made our lives a lot easier.

However, today’s news that Oracle is going to buy Sun Microsystems has some very important implications. Why? It has to do with the fact that many, many nonprofit websites and web applications are built using MySQL, the most popular open source database management system. Sun bought MySQL AB (the company behind MySQL) last year for $1 Billion dollars, and therefore, MySQL AB now becomes a part of Oracle, it’s primary competition.

There is some suspicion that there may be anti-trust challenges because of this, but if it goes through, it raises some huge questions about what happens to MySQL because of this. Of course, since MySQL is open source, there is no danger of MySQL going away, someone can always fork it. And, ultimately there is a great open source database alternative called PostgreSQL, but support for it is not universal. However, the future of ongoing support and development for MySQL is certainly in question. Most nonprofits don’t get any support from MySQL AB directly, but larger organizations that might have been getting some support might see changes down the road.

It’s something that those of us who depend on MySQL for our web development projects will be watching quite closely.

• Introduction to Free and Open Source Software
• Fundraising with all free software
• Free And Open Source Online Advocacy: Tools And Best Practices
• Making sense of Free and Open Source Content Management Systems
• Introduction to Blogging with Wordpress
• Intro and Advanced sessions on Joomla! and Drupal
• CiviCRM vs Salesforce.com: What Are the Differences?
• Mobile Volunteering: The ExtraOrdinaries Project
• Creative Commons And Open Content
• And many more…

You can register at Penguinday.org. Thanks to the generosity of Google, we’re delighted to grant fee waivers to anyone who needs one!

I look forward to seeing folks there.

The thing that is prompting this post is the little storm about the security metric that we used to try and get a handle on the security of the 4 different systems we reviewed. More on that in a bit.

You might think that comparing four different open source packages that, in essence, do pretty the same thing (in a broad sense) would be a cakc walk. In fact, nothing could be farther from the truth. The developers of each project have completely different sets of assumptions about what the right way to do things is, and completely different philosophies and ethos when it comes to building interfaces and functionality. Making apples-to-apples comparisons of these systems was one of the most difficult analytical tasks I’ve taken on in a while (and, actually much of the heavy lifting of designing the analysis was done by Laura Quinn), and until you attempt such a thing, please be somewhat tempered in your complaints about it.

Now the security issue. One of the 12 different aspects we are comparing is “Scalability and security”. The report isn’t about security, it’s a very, very broad comparison of the systems, with security as a very small component. That’s just the context. Two (yes, just two) questions out of many relate to security.  First, a simple metric relating to security reports, and second, what processes are in place in the communities to deal with security. This wasn’t designed to be an in-dept, complex analysis of security. If it had been, we would have done a lot more work on how to measure security. On the Four Kitchens blog, they say, “While both reports above seem to identify Drupal (and Joomla! and WordPress, to be fair) as having notably bad [emphasis mine] security, they’re also both based on one superficial metric: self-reported vulnerabilities.” Now I can’t speak about the IBM report (I haven’t even read it yet), but our report says no such thing. Drupal gets a “Solid” on Scalability and security. Solid, which is only one step below Excellent. And you know why it got a “Solid”? Because, indeed, it does have more reported security vulnerabilities than Plone (as do Joomla and WordPress.)

David Geilhufe, who also takes issue with the security metric, has some good points. Yes, sheer numbers of vulnerabilities are not anywhere near the best metric of whether or not a system is secure or not. As a quick comparative look between a small number of open source systems, it’s hard to argue that it contributes no information. Four Kitchens seems to suggest that part of the reason for more vulnerabilities in Drupal compared to Plone is that it’s more popular. But, if you’ve been an observer to the Linux/Windows FUD wars, you’ll remember that Microsoft has that exact same argument about why there are more security vulnerabilities in Windows as compared to Linux. And the Linux folks say, in response, “It’s not popularity, it’s design.” I’m sure  that Four Kitchens, and most open source software developers agree with that perspective. In reviewing Plone, and talking with people who develop for Plone, I was convinced that the reason that Plone had fewer reported vulnerabilities was not just because it was less popular – it’s because it (and Python and Zope) was more secure by design.

I am completely happy with Drupal’s security (otherwise, it wouldn’t have gotten a “Solid.”) I think the Drupal community takes security extremely seriously, and if they didn’t, I wouldn’t have chosen it as a platform for development. I also think that the Joomla and WordPress communities take security seriously. In our estimation, they were all really good. But Plone was just that much better.

We had a fabulous (and quite large) nptech/progressive exchange/community organizing BoF. There was a show-and-tell session for nonprofit websites (which I didn’t make it to). I went to some interesting sessions on Ubercart, Organic Groups, and a BoF on Drupal in churches (where I wondered about the theological spectrum, and guessed was populated mostly by evangelicals.)  I met lots of great people, and saw old and new friends.

I think, also, I’ve completely drunk the Drupal koolaid. I’m psyched to be working with Drupal more intensely (I’ve got 4 Drupal projects going at the present moment.) There’s lots of new things to learn, and challenges to face, but I’m excited about digging in a lot deeper. I’m sure I’ll have more to say as time goes on. And I’m looking for good excuses to go to Paris for Drupalcon Paris!

There were lots of great talks, and the videos are up!