Monthly Archives: November 2008

Outsourcing commenting on a Plone site

Posted on by
11

I’m eyeballing IntenseDebate.com, recently acquired by WordPress, who offer a hosted third-party blog/website commenting service, and am starting to wonder whether it might be a good idea to write a Plone add-on product that integrated IntenseDebate as a commenting system for Plone.

It seems like there would be some pros and cons.  What do you think?  Worth the effort or a waste of time?

“Chaotic, cacophonous, well meaning efforts that will inevitably add up to nothing”

Posted on by
Reply

Allison Fine throws some common sense on the fire in assessing post-election “crowdsourcing change” efforts.  I’m going to shamelessly quote it at length because the message is worth amplifying and repeating.

Oh, the sacrilege of criticizing well meaning crowd sourcing!! Shouldn’t citizens be allowed, nay encouraged!, to throw do-goody ideas against the wall so that we can then all vote on them and then . . . and then . .. well, somebody should do something, right? These well-meaning, misguided efforts have fallen into two categories: 1. The Confusion of Service Category. The discussion of using a Craigslist approach to scaling up service, as my friend Nancy Scola outlines rightly points out is not very helpful if it’s just more of the same. The notions of increasing voluntary, community service as the solution to government not working right needs to end. I have written about this morphing of public and private service before, most recently here and the basic premise of my argument still holds. Americans have increasingly been volunteering (particularly young people who are required to do so in school and are continuing to do so beyond school), the number of nonprofits has exploded in the past twenty years and yet problems abound. That is because the size of government far overshadows the size of volunteer efforts in terms of resources. Peter Levine compared philanthropic dollars to government dollars for Katrina repair and you will see the difference, $6.5 billion in private philanthropic dollars, nothing to sneeze at, but compared to $120.5 billion in government aid. So, more volunteer databases are not what we need to strengthen the civic infrastructure of the country and overhaul our government. 2. The second category are the idea generating sites that are automatically set up as an “us vs. them” paradigm to help the Obama administration “set priorities”. Ah, yes, we are going to tell you what we think you should do — as if we haven’t just had that conversation over an exhausting marathon of an election — and then we’re going to hold your feet to the fire by stomping our feet and holding our breath until you do. Or just as bad, we, the Obama campaign, are going to “listen” to you as you fill out a survey (oy!) and then we’ll . . . well, we’ll say that we listened to you.

What’s the alternative, then?

This election was about transforming government, not just encouraging people to volunteer more. (Oh, and btw, I don’t buy the idea that because Obama has a large mailing list its the same as a constituency, it’s a mailng list of people who were involved, not a list of people who have signed up for the next phase of the journey – big, big difference that campaigns and nonprofits need to understand much better.) So, here’s my plan of action: 1. The focus has to be on changing government to include citizen participation. [...] The advocacy models of the 1960s were created to protests against government; we need a new model of advocacy that helps us to participate in government. So, the question changes from, “What do we want government to do?” to “How are we going to participate in running our government.” 2. Continue the training. One of the most successful elements of the Obama campaign was training local organizers. Now we need to educate and train people on what government does. [...] We should set a date of say, January 3rd and 4th and use Meetup.com to get everyone go to your local library for a seminar on the fundamentals of government; local, state and federal. How does it work, what does it do, how can we participate? 3. Start local today. One of the dangers of the “throw an idea up against the wall” strategy is that the ideas tend to be too big (“alleviate global poverty”) and too hard for individuals to participate in tackling [...] Let’s make a national to-do list for transforming local government, someplace where we really can make a huge difference right now, today, if we show up and participate. Steve Clift gets us started here. Run for office, go to planning board meetings, ask your town supervisor to start blogging and post the budget online (and keep it updated in real-time!), promote local businesses, revamp the outdated recycling program.

Hat tip to Marnie for flagging this.

Woah. Google SearchWiki

Posted on by
Reply

Google says:

Today we’re launching SearchWiki, a way for you to customize search by re-ranking, deleting, adding, and commenting on search results. With just a single click you can move the results you like to the top or add a new site. You can also write notes attached to a particular site and remove results that you don’t feel belong. These modifications will be shown to you every time you do the same search in the future. SearchWiki is available to signed-in Google users. We store your changes in your Google Account. If you are wondering if you are signed in, you can always check by noting if your username appears in the upper right-hand side of the page.

The changes you make only affect your own searches. But SearchWiki also is a great way to share your insights with other searchers. You can see how the community has collectively edited the search results by clicking on the “See all notes for this SearchWiki” link.

This could be pretty big.  Or a pretty big headache, once people start spamming it.  It will be interesting to see how this rolls.

Musings on ecommerce and PCI compliance for nonprofits

Posted on by
2

I’ve been doing some thinking and planning about how to build some better online donation tools for small to midsize nonprofits.  In the process of doing some of that background research, I’ve come across what I think is a pretty big latent risk to lots of nonprofits (and small businesses) that are doing online transactions.

It has an acronym: PCI, or PCI-DSS.  It’s the set of security standards put in place by the credit card industry over the past few years, in attempt to limit the risk of catastrophic data security breaches that cause criminals to get their hands on credit card information of innocent folks.

What PCI says in a nutshell is this: if your computer systems store, process or transmit credit card information, then there are various security processes and safeguards that you MUST have in place, you must verify that you have these measures in place, and you must submit to periodic testing to make sure you have them in place.

The companies that issue merchant accounts are responsible for verifying the compliance of their small customers.  The self-assessment form for the most common scenarios runs to 40 pages, and you have to be able to answer “YES” to every question in order to pass.

Why is this a problem?  Well, obviously the intention here is good.  Credit card data security is an incredibly important issue.

But there are a ton of nonprofits and others that operate small ecommerce sites using off-the-shelf ecommerce software such as ZenCart or Magento, or extensions to popular open-source CMSes such as Joomla, Drupal or Plone.  These systems, properly configured are quite secure (especially Plone!), and in truth, they are generally not storing or processing credit card data, merely instantaneously retransmitting it to an ecommerce payment gateway such as Authorize.net.

Still, since these systems are “transmiting” credit card data, they clearly fall under the scope of PCI and those systems therefore must be PCI compliant under the rules.  Failure to do this can expose an organization to fines, higher rates from their merchant account provider, or simply being cut off from the credit card system.  Not good.

So, with that setup, here are some questions/observations:

  • I wonder how many small to midsized organizations there are out there that have the technical chops to make it through the 40-page self-assessment.  Probably not too many.

  • What percentage of small merchants are actually achieving PCI compliance?

  • How many small merchants are actually being required by their credit card providers to demonstrate PCI compliance? Is anybody being sanctioned?

  • Are nonprofits who take credit cards offline or via virtual terminals being forced to achieve compliance, too?  (In theory they should be.)

  • Shouldn’t open-source ecommerce developers be paying a bit more attention to this?  I think a lot of them are setting up their users for trouble, by making it easy to set up systems that expose not-very-sophisticated users to these complex requirements.  I suspect there’s a lot of misunderstanding out there.

I am the only one who finds Change.gov disappointing

Posted on by
5

I’m really surprised by the adulation that the Obama transition team’s website, Change.gov, has gotten.  To me, it looks like a pretty design (all of Obama’s design work has been really excellent!), and a few web forms that dump your information into a black hole, never to be seen again (so far).  This is what “listening” looks like?

I applaud the speed with which they’ve gotten the site up, and I suppose I appreciate the symbolism of the gesture.  But unless they actually build some sort of actual conversation on top of this, or somehow reflect back what they’re hearing (“active listening” anyone?) I’m not going to be very impressed.

Great glimpse behind the scenes of the campaigns

Posted on by
1

Newsweek offers convincing evidence that “mainstream media” is still possible and relevant with a fantastic, in-depth look behind the scenes of an epic election campaign.  Their web presentation is a bit choppy, but here are quick links to the seven in-depth chapters.  Well worth a read.

World Plone Day Seattle – A Huge Success

Posted on by
1

The team here at ONE/Northwest hosted Seattle’s World Plone Day event last night, part of a coordinated worldwide Plone “day of outreach” that reached over 22 countries.

Here in Seattle, we had a capacity crowd of about 40 folks, with a great mix of experienced Plone hands, Plone beginners and the “just curious.”  I gave a short “overview of Plone” talk, based heavily on the great slide deck that Constance Wilde put together for WPD, and my colleague Sam Knox did a short “basic training” for end-users.  We finished up with some Q&A, which was an interesting mix of really specific technical questions and general questions about features and capbilities.

All in all, a great event with a lot of positive energy.  Thanks to the entire global World Plone Day team for their tremendous organizing and cat-herding, as well as to the Seattle Plone community!

Happy World Plone Day!

Posted on by
Reply

Today is World Plone Day, a global “day of outreach” for the Plone open-source CMS community.  In a few hours, we’ll be hosting 40+ folks here at ONE/Northwest HQ in Seattle, just one of the dozens of World Plone Day events taking place in over 22 countries around the world.

It’s been a pretty amazing global effort, thanks to some great work from Robert Allende, Gerry Kirk, Constance Wilde, Tim Knapp and many others.  And, judging from the IRC messages, Twitter posts, and live video streams, the various workshops have been well attended, enthusiastic and full of great Plone energy.

I’m really excited to close out the day in style here in Seattle!