Monthly Archives: February 2007

ONE/Northwest Will Soon Be Hiring

Posted on by
Reply

We’re swamped with demand for database consulting work.  So much so that we’ve decided to expand the team here at ONE/Northwest.  My colleague Steve Andersen, our Database Program Manager, has the scoop:

I’m not so much looking for someone to work for me, but with me. I want these kinds of skills to help us build our program beyond the 10 implementations we’ve done to date. We’re going to be very focused on meeting the needs of the small environmental groups as well and looking at sharing data between groups, as well as sharing data up to coalition efforts. The voter file is an interesting data set that we’ll be working with extensively this year. We’re doing some cutting edge work, things Salesforce.com hasn’t ever done before. It’s really fun.

ONE/Northwest is a great place to work. Salesforce.com is an amazing platform to work on. The Northwest (and Southwest Canadian) environmental movement is a movement that is winning and making change. And because Salesforce.com is web-based, I’m happy to consider remote office arrangements. The only drawback to all of this is you would have to work with me. Drop me a line if you want to chat: steve at onenw.org.

We’ll have an official job announcement out soon, but consider this early notice.

DevSummit Report Out

Posted on by
2

A big love bomb to Gunner, Heather, Tim and the hundred-odd other fellow nonprofit software developers who made last week’s Nonprofit Software Dev Summit a fantastic experience in slightly nontraditional conferencing.

Among the highlights for me were:

  • The unexpected appearance of dear nonprofit tech colleagues such as Amanda Hickman, Laura Quinn, Teresa Crawford — in addition to the great ‘usual suspects’ like David Taylor, Rob Miller, Allen Poole, Leda Dederich and more.  All are amazing people that I don’t get to see nearly often enough, and it’s more than worth the time and effort of travel to get quality face-time with them.

  • A great demonstration from Simon Rowland of DirectLeap of his inexpensive, easy-to-use web-based robo-calling tool.  I can see some pretty powerful uses of this kind of technology, and it’s amazing to think that it is about to become accessible to small organizations. 

  • The first ever nonprofit techie geek trivia contest.  Steve Andersen, David Taylor, Simon and I put up a good fight, made a great attempt at packing our questions into the final round, but were ultimately defeated by a powerhouse team anchored by Eugene Kim and Evan Henshaw-Plath.  (Potentially trivia geeks be warned: there seems to be no bit of Silicon Valley tech trivia that Eugene does not know.)

  • Did I mention the food?  Seattle is a pretty good eating town, but San Francisco is in another league.  (Or maybe I just don’t get out enough at home!)  In four days, I didn’t have a single less-than-excellent thing to eat.  A big thanks to Joel Burton and Rebecca Weaver-Gill for being such gracious hosts. 

Some nice event photos on Flickr.  Not sure that much made it onto the wiki or into blogspace yet, but I suspect many are still recovering from brain (and fun) overload.



Technorati Tags:

Learning From Toyota

Posted on by
1

I don’t usually find a huge amount worthy of remembering in the business section. But in a long New York Times magazine story about Toyota’s corporate culture and business success, the following paragraph jumped out at me:

Toyota is as much a philosophy as a business, a patchwork of traditions, apothegms and precepts that don’t translate easily into the American vernacular. Some have proved incisive (“Build quality into processes”) and some opaque (“Open the window. It’s a big world out there!”).

Ok, there’s more.  Here’s  fantastic summary of audience-centric outreach:

Toyota focused the marketing of the Tundra on what Smith calls five “buckets”: 1) fishers and outdoorsmen; 2) home-improvement types; 3) Nascar fans; 4) motorcycle enthusiasts; and 5) country-music lovers. Anyone wondering why Toyota has become a major booster of Nascar or a sponsor of bass-fishing tournaments can see the logic. It’s also why Toyota is sponsoring Brooks and Dunn, the country-music duo. And dealers are taking new Tundra trucks to Nascar events, country-music concerts, fishing tournaments and the like. “Parking lots tend to be a long ways away from where the events are,” Smith explains, referring to motocross competitions, “so we have our dealers setting up shuttles.” The plan is to pull up in a Tundra, offer visitors a ride but have them drive to the event on a slightly indirect course (laid out by a Toyota dealer). “At the end,” Smith says, “we say, ‘Thank you, you’re guests of Toyota, here’s a bottle of water, take a lanyard.’ ”

Figure out who your target audiences are, then go where they are, do what they do, and find a way to be of service to them.

This is great stuff — really worth a read.

Open Source CMS Security, Part II

Posted on by
11

Last summer, I did a quick count of the number of known security vulnerabilities in common open-source CMS products, and their underlying software stacks. The results were rather eye-opening.

I thought it might be time for an refresh. Once again, my protocol was simple: I searched the MITRE CVE list of known vulnerabilities and counted the number of results.

Here are the most recent results, with last July’s results in parenthesis for comparison, followed by the percentage growth rate:

  • Plone: 3 (3) – 0%
  • Drupal: 55 (22) – 150%
  • Mambo: 91 (31) – 194%
  • Joomla!: 74 (20) – 270%
  • Zope: 16 (15) – 6%
  • MySQL: 129 (99) – 30%
  • Python: 18 (17) – 5%
  • Rails: 2 (0) – infinite
  • PHP: 2271 (1258) – 80%
  • Ruby: 14 (7) – 100%
  • Perl: 105 (97) – 8%

Again, Plone, Zope and Python come out with remarkably low total issue counts and extremely low rates of new issues being found. Perl also seems doing pretty well, with relatively few new issues being found. Rails is also looking pretty good.

The rate of growth in new PHP vulnerabilities is still pretty staggering, both in absolute and percentage terms.

I’m also surprised to see the number of vulnerabilities in Drupal, Mambo and Joolma! continue to soar. (Joomla! 270%! Ouch!) It’s worthwhile to note that many of these vulnerabilities (but not all) are in add-on modules rather than the core products, and so may reflect more on individual module developers than the platform as a whole. Still, the fact that these products’ security exposures are growing considerably faster than that of their underlying PHP/MySQL frameworks is intriguing.

Again, in the end, these data don’t really prove anything, but they certainly are an interesting metric to keep an eye on over time.

I don’t think most folks choosing CMS platforms (or programming languages/frameworks), either as customers or as developers, are really considering the security track records of different tools. Should they?

Tate Stirs The Pot

Posted on by
1

Tate Hausman of dotOrganize, whom I am really looking forward to meeting in person next week in San Francisco, breaks out his reality spoon gives the nonprofit technology pot a good ol’ stirring.

In his article “The Myth of the Bleeding Edge“, Tate draws on the results of dotOrganize’s ground-breaking research into the real-world technology needs and challenges of social change organizers to offer some strong pushback against the nonprofit technology sector’s “Web 2.0″ enthusiasts (emphasis mine):

The vast majority of social change organizations don’t want to and aren’t in a position to use bleeding edge tools…. the more bleeding edge the tool, the less it has perceived value. Today’s technology isn’t meeting social change organization’s basic needs. Nearly 60% of respondents said that their satisfaction level with their tools was somewhere between “frustrated” and “it’s a disaster.” Only one percent of respondents said they were completely satisfied with their tools. Even organizations with large budgets and dedicated technology staff focus on their basic needs, rather than bleeding edge tools. When asked to make open-ended comments about their needs, virtually no one asked for anything bleeding edge. Instead they asked for systems that interoperate and share data freely, better tech support, and better training. In other words, organizations want to get their house in order before pushing the boundaries. They understand that building new additions on a weak foundation is a recipe for frustration and disaster. It’s easy to get wrapped up in the excitement of bleeding edge tools. But what social change organizations really need is enterprise class software that meets their needs at affordable prices. That doesn’t require bleeding edge technology. But delivering that at prices that nonprofits can afford, now that would be bleeding edge.

That’s the kind of tough, contrarian love that many nonprofit technology enthusiasts desperately need. Kudos to Tate for delivering with a smile, and backed up with facts.

Here at ONE/Northwest, we’ve long tried to ground our native technophilia with a strong dose of nonprofit reality. The notes Tate sounds resonate with us. Most of partner organizations, who number among them some of the most innovative, effective environmental groups in the country, couldn’t care less about blogs, wikis, social networking, fundraising widgets, and tagging. Whatever potential those tools have (and they do have potential!), it’s overshadowed by the basic challenges of building, maintaining and operating basic, effective websites, emails and databases.

If we want to remain relevant and credible to our clients, we need to temper our temptation to blind folks with this week’s latest whiz-bang technology with a strong and abiding passion for continuously improving our ability to deliver on the fundamental tools that support basic organizing and advocacy processes.

Donor Management Process Mapping

Posted on by
Reply

One of the best things about working at ONE/Northwest is the fact that I get to sit across the room from brilliant people like Steve Andersen. Over the past few months, Steve has been doing some amazing work helping our small- to mid-sized environmental organization partners build effective relationship management systems.

One of the deep pieces of wisdom Steve brings to the table is the insight that successful database projects aren’t actually about technology — they’re about helping groups understand their business processes. And Steve has developed some amazing techniques for helping groups make process maps of their relationship management processes.

They look something like this:

Why is this helpful? Well, until a group really understands what they’re trying to do, it’s impossible to give them the right tools to support it. Steve has finally started to write up some of the results of this work. The first two maps he shares show how a group we work with work with donors to get them to the point of being ready to ask for money, then how they go about actually executing that ask.

As former ONE/Northwester Dean Ericksen commented on the Salesforce Nonprofit email list, “In a world of nerd-wonkery, this is high-art.”

Great stuff. I can’t wait for Steve to unroll the next couple of installments.

ExxonMobil: $40 billion a year, and still “tacky”

Posted on by
Reply

Matt Stoller lets ExxonMobil VP Ken Cohen have it:

The politics of ExxonMobil are interesting, though expected. Cohen is not only the VP of Public Affairs, but the head of ExxonMobil’s PAC, and the head of the ExxonMobil Foundation that distributes charitable grants. That’s a lot of hats for a PR guy. I basically let him have it. I told him that I think the only reason he’s reaching out to progressive bloggers is because the Democrats control Congress and he’s trying to ward off an excess profits tax. Until Exxon acknowledges error and funds a PR campaign that suggests that gravity of the global climate situation, I told him I would strongly support such a tax because ExxonMobil clearly just won’t engage in ethical corporate behavior. Cohen explained at one point in the discussion that ExxonMobil supports Republicans because ExxonMobil is a business and he can’t find pro-business Democrats. I frankly don’t care and am glad Democrats don’t get oil money; it would be better if he actually convinced Republicans to take global warming seriously. Anyway, I don’t think it’s weird that the PAC director is the foundation director is the PR director of a company that makes $40 billion a year. It is tacky, though, especially when he tried to tell me about how ExxonMobil believes in traditional Jeffersonian principles. Tacky.

links for 2007-02-12

Posted on by
Reply

Burrito

Posted on by
Reply

The staff at ONE/Northwest also thought of this in about 1997, but we lacked the skill/will to implement:

LinuxWorld: And one of the internal commands at SGI was the burrito command. Allison: Oh, I vaguely remember that — yes, yes. You could specify your burrito.

LinuxWorld: You’d type in burrito, and depending on either the command line options you supplied or the contents of your “.burritorc” file, it would generate the appropriate burrito order and send it out with the fax server.

Allison: I do remember that, actually. I never used it. But then again I tend to like eating at home rather than eating on campus. It’s nice to see the family occasionally.


NTEN Open API Summary

Posted on by
2

NTEN recently published a solid little paper by Michelle Murrain and Katrin Verclas that sums up the state of open APIs in the nonprofit CRM sector.  It’s an important read if you believe in the importance of integrating tools.

There’s a lot of good stuff in this short paper, and I particularly appreciate that they make a clear distinction between “same machine” or “internal” APIs, which are only accessible to programs written in the same language running on the same machine, and web services or “externally accessible” APIs that can be used by any program, written in any language, running anywhere. 

Pipes!

Posted on by
1

Yahoo’s new “Pipes” service is going to enable some really cool RSS remixing, I think.

The blogerati are agog.  I am usually skeptical about these kinds of things, but what I think is most intriguing about Pipes is that it is not so much consumer-focused as about providing powerful, easy-to-use tools for building web services.

Very cool, I’m looking forward to exploring and brainstorming.

SocialEdge Relaunches on Plone

Posted on by
Reply

Jason Clark and Victor d’Allant just relaunched SocialEdge.org, now proudly powered by Plone. They’ve got an active community of social entrepreneurs blogging, wiki-ing and discussing away.

It’s really nice to see Plone getting used in high-profile nonprofit collaborative/community sites.

Migrating an active community site to a new platform is no small undertaking, as Jason attests. It looks like they’ve had a pretty successful launch, though, and more refinement is on the way.

SocialEdge looks to be using the following add-on Products:

Update: that was an embarrassing typo in the headline. all better now.

Building Bridges

Posted on by
1

Ryan Ozimek’s piece “Islands and Bridges, the building has begun” is a great hallelujah to the power and importance of integration via open APIs.  It’s clear that PICnet and ONE/Northwest are drinking form the same cup, when Ryan writes:

The power of open source, combined with best of breed proprietary systems with open APIs give organizations the power they need combined with a price point they’re more likely to afford.

Which leads us back to the islands and bridges. The winning solutions at the end of this year won’t be those that try to pack as much under the hood as possible, but rather those that are most flexible and connect most effectively with other systems.

In short, the non-profit sector’s needs demand more choice, and that’s just what open source and open APIs can do.

Amen!

We’re attempting very similar bridge-building work between Salesforce.com and Plone, and we’re looking forward to (finally) releasing our SalesforceConnector for Plone in the next few weeks.  (Got to get through some server migration work first!)

I can’t wait to discuss all of this great integration work at Aspiration’s Nonprofit Software Development Summit in a few weeks.