From the category archives:

Software

Security and Privacy in a Web 2.0 world

October 8, 2009

Security Camera - Photo by Sirius Rust

Security Camera - Photo by Sirius Rust

Beth threw down the gauntlet, and I had to pick it up. I’m sort of surprised I hadn’t written about this before. I think a lot about both of these, not so much for myself, but for organizations that I work with whose work is fairly sensitive.

First off, some definitions – I think that these two terms do get mixed up quite often, and understanding what’s really being meant by them in a technical context is important.

Security, in this context, is the concept that your personal computing resources and data are safe from both prying eyes, as well as hijack by crackers and spammers who will use those resources and data for their nefarious ends. In the case of your computing resources and personal data inside that box you call your laptop, or protecting the whole of your home or office network, security is a matter of using specific tools that prevent unprivileged outsiders from getting in. Wifi passwords, firewalls, password protected fileshares, virus protection software, etc. are the tools of the trade here. Security of your private data that is “in the cloud” is largely at the mercy of the software developers who hold your data. Luckily, most of them take security quite seriously. (That said, your data “in the cloud” can be compromised by lack of security on your network or laptop – someone installs a key logger, for instance, and grabs all of your passwords.)

Privacy, in this context, is that you can control, in a granular sense, what information about you is exposed to whom. Privacy is, as Beth says, primarily a matter of human behavior, but there are very interesting intersections with technology and security. In some instances, services have default privacy settings that are a lot less private than someone might like – and it takes some know-how to figure out how to correct those settings. Privacy is, also, a set of decisions that get made – sometimes in haste, or without much consideration. Your drunken decision to post that picture of you (or a co-worker) dancing in your underwear on a table at a party, the cat is out of the bag, and may never be able to be put back.

Security and privacy in the context of online communities, as Beth points out, are different beasts. The software that drives online communities (such as Drupal, phpBB, and others) have options to allow for varied levels of security. You might need to have a password to see anything. Or you might just need a password to make comments. You might not be able to just register for an account – you might need to go through an admin. These days, most software driving communities have roles you can assign people to, with specific privileges granted per role.

But privacy is made up of policy (the policy of the organization running the community) as well as the behavior of the members – their collective agreement that “what happens in Vegas, stays in Vegas.”

Tagged as: , , ,

{ 3 comments }

Avoiding Trainwrecks

June 3, 2009

I spent a big chunk of my day dealing with a project that is, in no uncertain terms, a trainwreck. The client has sunk a ton of money into a product which is in, its current (first phase supposedly finished) state, unusable (client and vendor shall remain unnamed.) My role in the project has been strategic and as a liason, not technical, which to some extent gives me a bit of a distanced view.

Web development trainwrecks are, sadly, far from isolated cases – they happen all the time, even when all of the parties have good intentions. And as someone who is building a business around doing this sort of work, it is of keen interest to me as to why some projects end up in the state that this project is in, and I want to make sure to avoid these kinds of situations. So how do we avoid trainwrecks? Some trainwrecks we can see coming miles away, but yet we are in complete denial about them. Some trainwrecks are like sudden derailments – it’s not at all clear where it comes from. But I think all trainwreck projects have the seed of the wreck somewhere in the history of the project.

The hallmarks of this particular trainwreck were so clear, that in retrospect, they scream out at me:

  • Lack of transparency about development process
  • Lack of transparency about cost implications of increased scope
  • Waterfall development process (well, the vendor said they practiced Agile, but in practice, it’s been waterfall)

As a practitioner of the Agile development process (we use a somewhat modified form of Scrum, in particular,) I’m beginning to really see the value of this kind of process. It makes visible all sorts of things that are often hidden. It seems like the Agile methodology helps in a number of ways:

  • Once educated, clients have a window into the development process. They know what small chunks of development are going to happen in a given time interval, and they know what they will get at the end of that time interval
  • Things are developed in priority order
  • Clients can critique things early
  • New functionality becomes a part of the “product backlog” and it is easier to have clarity about what is and is not within scope

Of course, it is theoretically possible to be completely transparent in a traditional waterfall methodology, and completely opaque using Agile, but I do think that the Agile methodology makes it way more difficult to be opaque. But it also takes some work and education of clients unfamiliar with the methodology (as well as making mistakes along the way on our part as developers.)

And I’ve been able to watch this process work well, not only with our own projects, but also with a project I was a strategic lead on. I was pretty skeptical a year or so ago, but now I’m sold. And since transparency has always been something of real importance to me, a development process that encourages transparency is a good thing.

Tagged as: , , ,

{ 0 comments }

Why you should care that Oracle is buying Sun

April 20, 2009

In general, the activities of the big tech corporations have somewhat limited and indirect effect on nonprofit technology. For large enterprises, the activities of the big players is a much more immediate and important set of issues to deal with. For us, it’s generally much more removed.

However, today’s news that Oracle is going to buy Sun Microsystems has some very important implications. Why? It has to do with the fact that many, many nonprofit websites and web applications are built using MySQL, the most popular open source database management system. Sun bought MySQL AB (the company behind MySQL) last year for $1 Billion dollars, and therefore, MySQL AB now becomes a part of Oracle, it’s primary competition.

There is some suspicion that there may be anti-trust challenges because of this, but if it goes through, it raises some huge questions about what happens to MySQL because of this. Of course, since MySQL is open source, there is no danger of MySQL going away, someone can always fork it. And, ultimately there is a great open source database alternative called PostgreSQL, but support for it is not universal. However, the future of ongoing support and development for MySQL is certainly in question. Most nonprofits don’t get any support from MySQL AB directly, but larger organizations that might have been getting some support might see changes down the road.

It’s something that those of us who depend on MySQL for our web development projects will be watching quite closely.

Tagged as: , , , ,

{ 2 comments }

My Top 16 tools of 2008

December 26, 2008

These span the range from tools I use every day or every week, to tools use more occasionally, but depend on. They also span the range of proprietary, SaaS, and Open Source. They are on this list because I think they are great, because they have undergone a lot of change or development this year, or because they are game-changing.

Open Source Tools

1. WordPress. I use WP pretty much everyday, between my own blogs, and helping clients maintain theirs. WP as a blogging tool rocks my world, and although I certainly could move blogging to Drupal, since I seem to be becoming somewhat of a Drupalista, it’s just not worth it. WP is clean and easy, and virtually hassle-free. There are lots of really great themes out there, and there just isn’t a reason I can find not to use it.

2. Drupal.  I’m somewhat of a latecomer to Drupal. Having been bogged down with my own open source CMS tool before 2005, then having taken a break from development, I missed out on the prime years of Drupal’s development. But now, here I am, and I’m impressed. It has become arguably the most popular open source CMS, and is a very able platform for creating all sorts of great web applications.

3. Xen. I use this everyday, although I don’t really interact with it much. I am administering and/or responsible for a couple of Virtual Private Servers that use it. Virtualization has really come into it’s own this year, and will continue to be a force to reckon with. I’m betting that in 2009, many folks will move from shared hosting to VPS servers. There are a lot of good reasons to consider this.

4. Songbird. Songbird is a brillant idea: build a music player using the Mozilla framework. Songbird was a buggy mess just a year ago, but with the recent release of 1.0, it’s absolutely an application to get to know.

5. CiviCRM. Oh what a difference a year or so makes. CiviCRM continues to mature, and is providing an interesting and important new model for nonprofit software development. It is becoming more popular, and is also highly recommended by those who use it. I’ve been getting to know it this year, and begun implementing it. I like it more and more.

6. Freemind. This is an awesome cross-platform mind mapping tool. I use it to create sitemaps, mostly, but it’s also great for brainstorming.

7. Elgg. Elgg is the open source social network management system. Install it on your own server, control your own data. Don’t use Ning, use Elgg. It finally looks like a project which will allow me to explore the strength of that platform is coming around the bend. Stay tuned.

8. MAMP. Wanna set up a easy development environment on your Macintosh without struggling with Fink or MacPorts? Use MAMP. Easy, fast, robust, and powerful.

Being a pragmatist, I do use proprietary tools, both the Software-as-a-Service, or basic desktop tool types. I use these tools because I haven’t found open source alternatives for these functions that work as well, or are as user friendly.

SaaS Tools

9. last.fm. I love last.fm. I love discovering new music, seeing what people I know are listening to, and learning more about what I listen to over time.

10. Twitter. This was the year for twitter. This was the year that nonprofits discovered twitter, and the year I integrated twitter into my workflow.

11. Evernote. I haven’t yet become an Evernote devotee, but I might. It’s an online note-saving service, with desktop and iPhone clients. It’s great to be able to take notes on my iPhone on the fly, and know they are saved, and will show up on my desktop when I want them. And it’s great to have my notes wherever I go, without bothering to sync my phone.

12. Intervals. Having tried a variety of project management and time tracking tools over the years, from the open source tools like ProjectPier (used to be ActiveCollab) and GnoTime (abysmal), as well as SaaS tools like BaseCamp, I have finally come across what is, for me, the perfect mix of project management, time tracking, and invoicing. It’s not cheap, but it works well, and saves me so much time invoicing, that it pays for itself several times over every month.

Proprietary Tools

13. Adobe Air, and applications. Adobe Air is an impressive framework for rich internet applications. I use TweetDeck, Twhirl, and the Analytics reporting suite among others.

14. Balsamiq. This Adobe Air application deserves its own entry. (I’ve been meaning to blog about it for a while.) It’s a really great tool for creating very rapid mockups of sites that you are working on. It actually is good enough as a wireframe tool.

15. Coda. Panic software makes really good stuff. Coda is a great editor for developers. I like it better than Textmate, which I know is another popular editor for developers.

16. VMWare Fusion. Even being the semi-religious Mac and Linux desktop user that I am, every once in a while I am forced to use Windows. This makes it tolerable. There’s a nice full-screen view, if I want to really feel the pain. There is also a mode called “unity” which allows you to run a Windows application in a regular Mac window. It’s kinda cool.

So what tools did you come to depend on in 2008?

Tagged as: , , ,

{ 6 comments }

How’s that donor database of yours?

December 2, 2008

In general, although I am sometimes asked, I tend to avoid assisting clients with choosing a donor database package. Mostly because, although I actually know the field pretty well, it’s at the 10,000 foot level, rather than the 50 ft level that clients really need. And I know there are plenty of folks out there who know the field really well at 50 ft, and can step in with the best advice.

As a 10,000 footer, NTEN’s new Donor Management System Survey is of keen interest. There is, of necessity, a lot of overlap betwen CRM systems and Donor Management Systems. Many of the CRMs also show up here, although there are quite a number of packages that did not show up in the earlier survey.

In some ways, it is astonishing how many different donor management packages there are. In most ways, however, this is far from a surprise – donor management is a primary way that money gets funneled into nonprofits, and, unsurprisingly, organizations often spend significant dollars on their donor management packages.

By far the most popular DMS of the ones surveyed was … you guessed … Blackbaud’s Raiser’s Edge. 18% of users surveyed use that one, which also accounted for 35.5% of use in very large organizations. Others I think about: CiviCRM had 4.8%, Organizer’s Database at 3%,  Salesforce was at 2.6%, Democracy in Action at 0.6% and MPower at 0.4%. I  also have to wonder (shudder) how many home grown Access and Filemaker databases fall into the “Other” category of the survey, almost 20% of the total.

So how did people like these? They ranked the percentage of folks who would recommend a package. In a three way tie for first included two proprietary packages I’d never heard of: NEON CRM and Donor Pro. In that trio was Organizer’s Database, the desktop open source DMS. 4th (since there was a 3 way tie) was CiviCRM. Included in the bottom four are 3 properties of Blackbaud: Raiser’s Edge, eTapestry, and Kintera Sphere which was in dead last place. (iMIS rounded out the bottom four.) Salesforce was somewhere in the middle (ranked 9th).

What’s interesting is that they did a size of org and recommendation analysis – to break down recommendations by size of organization. Raiser’s Edge, for instance, did much better among large and very large organizations, and very poorly in small orgs (which probably shouldn’t be using it anyway.) The reverse was true of Salesforce. (The numbers aren’t always quite large enough for these to be solid, but it’s a great indication of what’s going on.)

What can we say about the open source packages? There are only three in this race: CiviCRM (web) Organizer’s Database (desktop) and MPower Open (client/server). CiviCRM and ODB were at the top of the pack in terms of popularity, reccomendations and grading, and MPower had very few respondents who used it, and it wasn’t included in the ones that were ranked. But its safe to say that these are good contenders, and did well.

Last but not least, the grading. Who’s going to get into med school? DonorPro and NEON CRM are at the top of the class, and will, I’m sure, get into Harvard Med. Donor Perfect, CiviCRM and Antharia’s On Deposit have solid A’s, and will for sure get in. There is a large group of packages, like Salesforce, ODB, Giftworks, that will probably make it, but they might have to settle for second tier schools. Raiser’s Edge, eTapestry and iMIS are going to have to get themselves into a special tutoring program, if they have a hope of making it. And Kintera Sphere, I think, is going to open a car repair shop.

{ 0 comments }

Bleary Eyed and geared up

November 20, 2008

I don’t usually title my tech blog entries with quite that sort of title, but that’s how I feel after spending 3 days with one of the most fabulous groups of people I have had the honor of spending time with in recent memory. I was at the Nonprofit Software Development Summit, which was an event full of great sessions, meeting neat people of all sorts, and having lots of geeky fun.

It was a great combination of really detailed tech learning (like I learned a really cool trick using JQuery to generate rounded corners, which is generally not an easy thing to achieve,) and big picture thinking. I got to learn a ton, and contribute a bit.  Sessions I went to included:

There are lots of great notes there if you missed those sessions, and I’m looking forward to reading the notes from other sessions I wanted to go to, but missed. Now, I’m just going to sleep.

{ 0 comments }

Cake vs. Symfony

November 6, 2008

In my new explorations of PHP web application development, it seemed a good idea to get a look at both CakePHP and Symfony. Both of them seem to be PHP’s answer to Ruby on Rails.

The approaches are similar and different to each other. I set up both on my laptop, and tried out some really simple app development. In Cake, the database build is separate from the application building (you do it yourself), whereas in Symfony, you use Symfony to build the database with schema files written in YAML. Then, you build forms and such using the schema as a foundation.

They both use the MVC pattern, and both use object oriented PHP, which is great. I got a lot further with Cake in one evening of playing with both than I did with Symfony. At this point, I really prefer Cake – it feels like it jives with my own coding sensibilities better. I also don’t like the overhead of learning YAML. I can imagine, though, that the Symfony approach can be powerful.

Looking at Ohloh, Cake is more popular than Symfony (on Ohloh, who knows about in general), but Symfony has a lot more developers (81 vs 17). They both have good documentation and active communities.

For now, unless something strange happens, I’ll settle on Cake – although I’ll not be spending too much time on it, since I’m working hard to grok Drupal. But perhaps a cool project will manifest, and I can use it.

Update: I learned that Yahoo and delicious have a huge investment in Symfony (which, I guess, might be why they have so many more developers.)

{ 10 comments }

Firefox add-ons to love

October 23, 2008

I’m in love with Firefox. I’ve actually been in love with Firefox since 3.0, when it seems like a few of the things that plagued it finally got ironed out. More and more websites are designed not only with Firefox in mind, but sometimes even primarily with Firefox.

Here’s a short list of the Firefox Addons that I use all the time:

  • Firebug – it’s a great tool for HTML/CSS/JS development
  • Web Developer – a nice toolbar, also useful for development
  • Google addons, including the toolbar, and Google notebook add on (although I’m beginning to use Evernote more, because I have a copy of notes both on my desktop and online.)
  • Feedly – it’s a really nice tool for making your feeds more readable, and it syncs with google reader, so that when you read something using Feedly, it’s marked as read on Google Reader.
  • Fire.fm – I’m in love with both Pandora and Last.fm. Fire.fm provides a nice toolbar – where you can play stations from, etc. It’s a nice integration.
  • Delicious Bookmarks – this is the official plug in from Yahoo. It’s sweet – a button to easily tag the pages you are visiting, and a nice sidebar to see your bookmarks from.
  • I also use varied greasemonkey scripts to make things more interesting.

There are a gazillion (well a lot) of add-ons for Firefox (and other Mozilla tools as well.) What do you use?

{ 4 comments }

OpenOffice.org goes Aqua!

October 21, 2008

As many of you know, I have been using OpenOffice.org, the free and open source office suite since before it was OpenOffice.org. That would be when it was Star Office. That was a long time ago. So I’ve seen it develop and change (and helped a tiny, tiny little bit along the way by submitting bugs.)

The Apple OS has been the poor stepchild when it comes to OpenOffice.org for a long time. With Windows and Linux, there were native versions that were easy to install and use. With OS X, you had to either use the most recent version of OpenOffice.org with X Windows, which most Apple users don’t use, and didn’t have the nice Aqua window dressing, or you had to use NeoOffice, which was steps behind OOo, and had some serious memory leak problems (it got better over time, but it still was pretty unstable last time I used it.)

But, while I was busy doing other things like moving, OpenOffice.org released version 3.0, and with it, native Aqua versions for Intel and PowerPC Macs. Can you see me doing a happy dance?

OpenOffice.org has been a great alternative to Microsoft Office for Windows users (and really the only full-featured office suite for Linux users.) But now, Mac users don’t need to sacrafice to get the latest OOo goodies.

{ 1 comment }

Next up …

October 2, 2008

I used to spend most of most days hacking (mostly Perl) code. It had its ups and downs, although in retrospect, the downs weren’t really about coding. I haven’t done daily coding now for about 3 years, and I’m missing it, terribly. So … I’m going back to it, slowly but surely.

I also have to admit that my gut tells me that in the coming economic landscape, going back to using my coding skills will likely increase my chance of keeping myself in iPhones, BeagleBoards, and microbrews, as well as the more necessary, but boring things like keeping a roof over my head. Strategic planning is already something that’s somewhat of a hard sell for organizations. Methinks its only going to get harder as grants and donations start to dry up.

In my last post, I was talking about platform choice, and although to some extent, I can appreciate the argument that Python is a better language than PHP (just like in 1999, Perl was a better language than PHP was at the time.) However, PHP is the basis for Drupal, which is inarguably the most popular open source CMS system, and WordPress, inarguably the most popular Blogging platform. It’s also the basis for Joomla, a CMS I appreciate. There are also some very cool PHP development frameworks, like Cake and Symfony, that I’m excited to explore. It’s also the basis for CiviCRM, a project I’d love to be able to contribute code to. I’m psyched to learn jQuery (OK, that’s not PHP, but I figured I’d stick it in there.) And I don’t have to learn a new language (I’ve done a fair bit of PHP some time ago, and it’s not so unlike Perl.) So PHP it is, starting with Drupal.

So my first steps are to find some projects to help out with, volunteer for, etc. and take it from there. Maybe start doing some work with CiviCRM. It’s such a different landscape than it was even 3 years ago. But it’s a landscape that presents itself with all kinds of amazing possibilities for creating totally amazing applications that we couldn’t even dream about a few years ago.

{ 5 comments }

← Previous Entries