How do you know _____? I’m not always sure…. it just happens

Every year at SXSW I feel a little older. It doesn’t help that right before SXSW 2015, where it was my privilege to be a speaker for the third time at the Interactive festival, that twitter sent me a notice congratulating me on being on twitter for 8 years.

8 years on twitter. At least I don’t post photos of every piece of sushi I eat. Although I almost posted a photo of the biscuits-and-gravy I ate this morning. (Shut it – it’s called “carb’ing up” for tennis tomorrow.) Anyway it’s all a blur although I know I can blame Erica O’Grady for getting me on twitter for sure.

But the iphone. It was 2007. Kool Aid? Check. And well….. In Adam Tow’s photo I’m the guy with the brown shirt and arm raised on the left hand side at the back. Yup that’s me. I haven’t always had a beard.

When I heard about iphone dev camp, by rss feed of course, I was on an airplane. My first iphone was purchased by proxy by a great friend named Imelda who was willing to get me one on the first day given I was flying someplace else on the day they were released. We registered on a wiki because what could go wrong, right?

iphone dev camp 1 wiki 2007
iphone dev camp 1 wiki 2007

Screen Shot 2015-03-20 at 7.20.15 PM

In the end there I was at iphone dev camp 1 when apple didn’t even have an SDK yet. But I was there in San Francisco in 2007. Right after Adam took his photo I had to run around and take my own photo to post to my flickr set from iphone dev camp 2007.

When I got back to Houston I had a bunch of new friends and wound up presenting at Netsquared Houston on the iphone and the good the bad and the ugly. I’ve left the iphone, come back, left again, came back again and right now I really enjoy the camera on my iphone 6. In 2007 this was my presentation on the iphone at netsquared.

At SXSW this year I saw a lot of these folks, but not enough. It’s a marathon and not a race. Now I’m more excited about hexacopters, remote work environments, how best to give people meaningful work, create a great product, and keep our clients not just happy but evangelists. A lot has changed.

There are too many names to even begin to give credit to for these adventures and the fact that they have resulted in tangible benefits that went right back to our employees in profit sharing and training and benefits over the last 17 years since I started the company in 1997. Yet “I” didn’t start the company, I jumped off the cliff and my family and friends were like “well look what the hell he did now? Guess we gotta help him till he comes around.” And they did.

Here’s to the crazy ones.

Then. And now. Here is a humble thank you to those who keep us alive, pick us up when we fall, put up with us working three days straight without sleep when we get in the zone. And still love us.

Here’s to the ones who love and care for the crazy ones, because we are nothing without you. And I say that with the utmost humility. I am no Steve Jobs. I am not Rosa Parks. I’m a person who is terrified yet at the same time resolutely certain of the outcome.

“Remembering you are going to die, is the best way I know to avoid the trap of thinking you have something to lose. You re already naked. There is no reason not to follow your heart.” – Steve Jobs

“Stay hungry. Stay Foolish.”

Thank you. And thank you Steve for the inspiration….

In closing…. “Tendenci – we just want to change the world. What’s so hard about that?

#peace

Proprietary to Open Source: Giving Away Six Million Is Hard

I have the privilege of speaking at SXSW tomorrow morning at 9:30 AM. I first gave the talk on converting our software from proprietary to open source at SXSW V2V in 2014. While much of the message is the same, I’ve been through more, learned more, made even more mistakes and learned from them, and I’d love to help other leaders AVOID my mistakes.

Proprietary to OS: Giving Away Six Million Is Hard

http://schedule.sxsw.com/2015/events/event_IAP42324

GoingOs

The journey for Tendenci going to Open Source seemed like it was going to be simple. Nothing could be further from the truth. It was very hard, and a cost me a lot of relationships, friendships, employees whose potential I felt we hadn’t even begun to push yet. And as I type this Tendenci is emerging from a crisis with EOL (End of Life) for our old proprietary version – the last cord that needed to be cut. We just thought we would dictate the timeline when in fact that hasn’t been the case.

There is a huge gaping hole in the market for The Open Source Solution for Associations, non-profits and NGOs. Because internationally price is a very real issue and if we want to make change, there has to be a free option that is multi-lingual and multi-cultural and affordable. Yes there is still a TCO to FOSS software, but nothing like the costs of proprietary software. And in my opinion Linux is more secure than the competition which isn’t just a benefit, it is a crucial requirement if you are using the software open source in a different country that snoops on your communications.

You must control your data. And over the last several years we have seen our P&L dip negative for the first time and now slowly come back up into the black. And the trend continues as you simply can’t compete with passionate people working on a solution and sharing resources.

But my talk tomorrow is about the transition. What have I learned that I can help others with. That is my goal. To serve the audience. To help you be smarter than me when it comes to navigating through the transition. Because it isn’t “going open source”. It’s taking a “proprietary mindset” and changing it into an “open mindset” and that can, quite frankly, be terrifying to many of us.

And I’ll leave with a photo from Austin from last night as SXSW is many things, and one of them is beautiful. Hopefully my talk will add to everything that is sxsw as that is my goal. It’s corny, but I really do want to make the world a better place.

#peace

The Internet has Fundamentally Changed – Here’s One Partial Solution

This post is based on the premise that 1) we have a serious security problem on the Internet and 2) money is the only (unnecessary) barrier to solving a large portion of it.

The Problem

The Internet has fundamentally changed. It is so virus and malware infected that a normal human being can’t keep their own PC, Mac or Linux computer from being infected. In other words, the Internet is broken. And our devices don’t work if they aren’t connected to the Internet.

Screen Shot 2015-01-23 at 4.43.01 AMIt’s just not right. Why should you have to become a security expert? And it DOES NOT NEED TO BE THIS WAY. There is no need for this. The powers that be over the Internet are CHOOSING this and you are the victim.

The (Partial) Solution

We can’t fix it all, but what if we could stop the bleeding by even 50%? Or maybe 30%. Or even 10%. It’s a start. These are our neighbors, our family, our friends and they are being victimized by identity theft because, well, because they are human. Well, reduce the crime? WE CAN! We just have to encrypt everything. By doing so, a large portion of the problem goes away.

Will there still be break ins? Of course. Frequency however will be radically less and you are far less likely to be a victim.

Why? Because the weapons of cyber-warfare are now out in the open to be purchased for as little as $500 on the forums. People are desensitized to it all and now just accept it.

As a company that hosts web sites, here is what I know to be true.

  1. Clients will use weak passwords and we can’t audit that because WE encrypt the passwords in the database. So if a client uses “changeme” or “123456” of “washington” as their password we can’t see it, but when you login from the local hotel the wifi isn’t encrypted and bad guys can. We can’t detect or fix this because its encrypted on our side. But if you aren’t using SSL then it’s NOT encrypted when you send it over.
  2. Example top 100 passwords used on Adobe after they were hacked. http://stricture-group.com/files/adobe-top100.txt
  3. Clients and end users are faced with hundreds of passwords so they use the same passwords over and over. If someone gets one of your passwords, they effectively get everything.
  4. With the proliferation of Open Source, as Tendenci is, developers will deploy a site for you, give it to you, and leave it to you to maintain. So are you running your security updates? Because that is your responsibility now.

Why don’t people encrypt their web sites? Because there is a $50 to $500 a year fee. Plus a hidden cost of updating it every year and paying your hosting provider to install your SSL certificate so the real cost is more like $250 to $1,000 a year.

So why?

Generating a certificate takes one (1) line of code. ONE LINE! Hosting servers to verify the certificates does come at a cost, but so does DNS and it isn’t anywhere near as expensive. Generating a key is technically FREE. Here – go do it for yourself.

openssl genrsa -des3 -out server.key 1024

The certificate you just generated is called a self-signed certificate. So if you visit the site from IE you get a scary message that it can’t be verified. BUT if you visit a site with no encryption, oh, then IE is completely cool with that. Onward thus. Proceed into into unencrypted unsafe territory with abandon. Do you see the problem here?

So what’s the motive? Why? Because of the cash machine. The certificate authorities want to charge you for their certificate chain saying that you are legit. But GoDaddy charges $270 for a wildcard SSL? Or Network Solutions can offer the same wildcard ssl for $494 with a 5 year contract.

So I guess if you aren’t rich your voice isn’t as legit as someone else’s voice? The bottom line is the certificate authorities want your money. Now, DNS service providers usually charge 10 to 15 a year to resolve your domain name. Tell me again why an SSL certificate is $50 to $500 or it gives a browser warning that terrifies people? It’s not a new debate, it’s a license to print money that deters security on the Internet globally.

It’s just greed. But the cost is astronomical to the citizens of the world. It’s like a city not repairing roads and ignoring the cost the citizens bear fixing their cars which is so much more than the cost of filling potholes and installing stop signs. It’s pennies for lives. Hence, cities fix the roads (for the most part.)

What if we flipped it? Why don’t you have to pay $100 a year to NOT have your site encrypted? What if security was the default? What if encrypted email was 10$ a month but unencrypted email was 500$ a month? Would that get people attention?

We can self sign web sites and email ourselves. We don’t need no stinkin’ web authority to do it. It’s one line of code.

Oh wait. Stop. Idealistic guy trying to save the world with open source disclaimer. Why not? Because of the “man”.

The browser will give you a terrifying warning about that certificate not being “approved” and IE will flat out block it if you don’t pay up. No, you must pay “the man” which is in this case the Certificate Signing Authorities who are powerful enough to have their codes shipped with all of the web browsers. What would their cost be to include a public domain certificate authority, much like wikipedia is for information be? Um…. nothing. Zero. Nada. They just wouldn’t get a kick back.

It’s generating an “approved” key where the registrars make all of their money. It’s about the money. It’s greed. Even from foundations like Mozilla – they could easily solve this by endorsing a free and open certificate signing authority. They haven’t. I expect more from them. Some leadership in this would be nice. Where is Lessig on this? Why is there no outrage?

I’ll tell you why? Because it’s too geeky. Too technical. People zone out. zOMG, I like to create things. I bore myself talking about this crap. But it matters. Encrypt it all. Now. And do it for free. If my client buys a domain name why do I have to do ANYTHING to encrypt it? Don’t they deserve that? Should encryption be the default. I THINK SO. And I don’t think you should have to pay for it given it is as simple as DNS and could easily be included.

And yet the powers that be continue to be the “Certificate Authorities” and they continue to make money causing only 4 to 5 % of the web to be encrypted. So you and I continue to be the victim.

Please tell me someone out there is a little outraged by this? Not that I/we/you aren’t the problem as well…. read on …

To emphasize the point on weak passwords (again – this is YOUR responsibility, but irrelevant if on an unencrypted connection), these are the actual top 10 passwords used on Adobe logins (mind you this software costs thousands of dollars and this is the key to get it.) 1,911,938 of your fellow citizens chose “123456” as their password. Seriously. Another 345,834 people chose the password of …. wait for it …. “password.”

Rank	Count	Actual (no really) Passwords
---	-------	------------
1	1,911,938	123456
2	446,162	123456789
3	345,834	password
4	211,659	adobe123
5	201,580	12345678
6	130,832	qwerty
7	124,253	1234567
8	113,884	111111
9	83,411	photoshop
10	82,694	123123

One simple solution that would significantly reduce network attacks. Encrypt every site. At no cost beyond the price of the domain name. Make it easy. And free.

Dear non-technical people – please stay with me for a moment. I know I have to use a bit of geek speak but I want to try to explain the ruse that is being played on you. That it isn’t needed. That the cost of certificates is almost non-existent and you are the victims.

Encryption explained in one paragraph (simplified)

If I give you the number 21 and ask you what prime numbers divide into it besides 1, there is only one way to find out and that is to try every prime number. But if I give you 7 (my “public key”) and you can verify very quickly that it divides to a prime. That’s it.

Solution – every web site is encrypted with SSL by default and you have to pay extra to NOT encrypt your website. Done.

Obstacles – the companies that sell SSL certificates don’t want that. I pay $300/year for our wildcard certificate and what I am proposing is that they be given away for FREE TO EVERYONE WHO GETS A DOMAIN NAME.

Seriously, this isn’t a game people. YOU, as an individual need to not use dumb passwords. As programmers say, like it or not, “you can’t fix stupid.” Yet I do have sympathy given the average human has NO IDEA of the cyperwar that isnt pending, it’s happening NOW!
Screen Shot 2015-01-23 at 4.42.20 AM
Thus WE, all of us need to have everything encrypted end to end to avoid the obvious. Occam’s razor.

let us not plot against others….so by benefiting them we benefit ourselves

“Let us not plot against others, lest we injure ourselves. When we supplant the reputation of others, let us consider that we injure ourselves, it is against ourselves that we plot. For perchance with men we do him harm, if we have power, but ourselves in the sight of God, by provoking him against us. Let us not, then, injure ourselves. For as we injure ourselves when we injure our neighbors, so by benefiting them we benefit ourselves” (‘Hom. 14, in Phil.,’ Oxford transl.).

Source: http://biblehub.com/proverbs/26-27.htm

The Year of the Horse

As we approach a critical mass of the open source version of Tendenci, it is very fitting that it is in the Chinese year of the Horse. From http://www.chinesefortunecalendar.com/2014.htm

Horse is one of Chinese favorite animals. Horse provides people quick transportation before automobiles, so people can quickly reach their destinations. Horse even can help people to win the battle. Therefore Horse is a symbol of traveling, competition and victory. That’s why Horse is connected to speedy success in China.

Horses like to compete with others. They pursuit for their freedom, passion and leadership. That implies that people will have busy schedule for their goals in the year of Horse. Horse hour of Chinese Horoscopes is from 11 A.M. to 1 P.M. Sunshine generates lots of heat during the Horse hour. Therefore, horse is connected to heat, fire and red. Horses like the social activities, because horses like show off themselves. Since horse is a social animal and red is also connected to love, therefore. horse is treated as a Romantic Star in Chinese Horoscope.

and

Genghis Khan built the Mongol Empire by horses. The Mongol Horses were a smaller breed, they were bred for endurance, not for speed like stallions. Genghis Khan conquered Eastern Europe so quickly. Because Eastern European countries never realized Mongol cavalry can arrive their territories so fast and they didn’t have enough time to prepare the defense. They said each Mongol cavalryman had three or four horses. They will change another horse when one got tired. So Mongolian horses can take turn and get some rest. Mongol cavalryman even knew how to sleep in the saddle. That’s why they can travel long distances without stopping. We know horses can sleep while standing. Mongolian horses have a better sleeping skill. When they ran in a group, the horse in the center can sleep while running.

Horse is intelligent animal. Horses need to be trained to become useful to human. Human can make Horse famous. Without human’s guide, Horse just a wild animal. It doesn’t know where to go. There is no destination in its life.

Indeed there is destination in life. And it is worth fighting for. I’m in. I’m humbled by my mistakes. That is the past. We live in interesting times and the destination is what makes such a curse irrelevant. The Mongolian Horses know the way. Steady wins the race.

Decline in Crime 43% Since 1990 (yes really – so stop watching advertising shows!)

Serious crime has DROPPED 43% since 1990.

FORTY THREE PERCENT
43 PERCENT
43 PERCENT DROP IN CRIME AND THE MEDIA HAS CONVINCED YOU IT’S UP
BECAUSE THERE IS NO MEDIA, THERE ARE ONLY ADVERTISING COMPANIES. SORRY. #TRUTH

43% Drop in Crime in US Since 1990

See that HUGE decline since 1990. Those are the facts. Please Stop, just stop, stop being a tool to “the man.” Just stop.

I ask people. You should ask people to. “Is crime up or down in the US since 1990? They will say “up”. Then ask “by how much do you think it’s up?” They will say anything from 5 to 50%. They think crime is up. I ask “can you google it for us” (try duckduckgo for search too. Google isn’t God. Really people?) and I get nothing. Blank stares.

They look at the actual crime data and their minds can’t grasp it. The lie is so big we’ve all come to believe it to be true.

STOP IT!

Stop, just stop. Sorry to burst everyone’s paranoid bubble (insert pot-kettle cliche here) with facts. I know, we all hate it when someone drops facts on a good ghost story. Sadly it is true – you are safer now in the US than ever.

With a BS in Political Science (a BS in BS?) I frequently hear people parroting advertising companies that run search engines or web sites or TV shows or Newspapers. Note the first phrase – “ADVERTISING COMPANIES” – they need to sell advertising. Nothing more nothing less.

IF IT BLEEDS IT LEADS

If you sell advertising, how do you make more money? Simple, follow a very old formula and scare the life out of people. It boils down to, what if it bleeds less than before but nobody notices?

Gun Homicide Rates Drop 49% per 1000 people

What’s old is still new again – “If it bleeds, it leads.”

Stop, just stop. No more fear mongering to weak minds. And if you don’t have a weak mind, then educate and empower those around you. Advertising companies make money from page views, not from facts. They do not have your best interests at heart. But you know that. So tell your kids! Tell them! It’s not a conspiracy, it’s the system and it’s YOUR responsibility to educate your children and your community that what is in your best interest is different from what sells the most ads.

It’s all about the money….

Yes…

Example: “OK, yea, we are selling banner ads and we decided to just lie on our rate sheets that 5000 people picked up the paper in the Doctor’s office and it should be a 5000x multiple of subscribers.” (an exaggeration for the sake of drawing eyeballs… and no, the irony is not lost on money, but I don’t sell advertising and I’m not paid for this so wahtev…. )

Insiders Game

For those not in the Advertising Business, which thankfully despite the resolute ethical souls leading the Houston Advertising community (disclaimer: I was formerly a board member of AAF-Houston) the rate sheet dictates the “ad buy” rate. So the more people who view an advertisement the more you can charge. If you can convince people that your business journal is subscribed to once (1) and viewed by an additional twenty (20) people (um.. not on this planet anyway so unless aliens are spiriting it away in the night and buying online then I call BS (zOMG so (recursive(recursive(nerd-humor, *args, *kwargs))) then you can sell advertisements at a higher rates. Thus it sells ads (*cough* chron.com *cough*.)

I know, crazy, right?

Worst headline ever:

CRIME DROPS 40+ PERCENT IN LAST 20 YEARS REGARDLESS OF POLITICAL PARTY IN PWER

Facts and all that “stuff“. Those silly facts get in the way of our preconceived ideology.

Oh, and gun violence is down as well.

wolfram-alpha

It’s not all good news as death by gun is stupid. And a shame. We can continue to do better. One tragic fact not discussed in the media is that more people die from self inflicted gunshot wounds than are victims of homicides involving a gun.
Homicides vs Suicides

http://www.pewsocialtrends.org/2013/05/07/gun-violence-in-america/st_13-05-02_ss_guncrimes_06_suicide/

As a true friend has been reminding me lately:

“When is the best time to plant a tree? 20 years ago. And right now.”

PROGRESS. It’s a journey. It will take time. But these are huge improvements the media has no incentive to tell us about because they don’t sell advertisements.

django can make some weird db schemas. just sayin.

When you have awesome people and less than awesome results, it is usually one of three things

  1. leadership (me),
  2. processes or
  3. design (in the global sense of project design patterns).

I set all three as CEO for our rewrite of Tendenci to the open source software platform for nonprofits. Thus no matter what, I take 100% of the responsibility for delays between 2009 and 2014.

To be clear, I’m pleased with the progress on Tendenci, self hosted or our hosted solutions. Basically the team kicked ass on Tendenci 5.1 and I’m proud of them. It was definitely a cumulative effort from many people, past and present, addressing an incredibly complex problem – people.

Tendenci is about people, it isn’t a shopping cart selling shirts (and shopping carts can be complex, just nothing as complex as human behavior).

Tendenci is designed to be as simple as possible, but no simpler. The “minimum viable product” of 2009 is not something our client base wanted to hear about in 2014, even if the new version of Tendenci does mobile and much more. People don’t like to go backwards from what is now called “agile” development.

Lesson 1 – if you want to get REALLY agile – only build what people fund.

Yes, only build funded modifications. (Or contributed pull requests as time is money.) It’s amazing how many people will suggest a great mod. Everyone uses the web so clearly they are experts sharing their wisdom of how it should be built. As if driving a car makes me qualified to build one. And when you say 4k for the mod suddenly the programming module they desperately need isn’t relevant and they find another way.

Why? Why charge for modifications? Priorities. It tell you what people value. And we did that very well from 2001 to 2009. Resulting in a stress tested solid product. But proprietary because 2001 was a bit too soon to start building open source web apps. We had to start over if we wanted to be open source, so I pulled the trigger.

Then I tried to simplify things a bit too much. Things got a bit too Web 2.0 with blocks and giant fonts losing all data density in the display. Upsetting our power-users and looking clunky on screen. My bad. (the good news is it is mostly fixed now.)

Why is oversimplification such a fail?

Think about your car’s dashboard and controls. Look at them when you next get in your car. Incredibly complex information, right? Vast amounts of it. Presented while you are going 70 mph. Just wow. If what is fundamentally a horse (staying with the horse/car analogy briefly) with no visual controls, has evolved to this level of complexity, then exactly how simple can you make Association Management Software? Well, it isn’t a simple problem. 20,000 users on a web application is much more complicated than a car. Or a shopping cart.

Tendenci – because humans are complex. Groups of humans are even more complex!

So why this post? I’d like to start sharing what I learned along the way. Why this is one step in a long journey. And hopefully our clients and employees and the entire open source community will benefit from it. If not, then those who prefer destruction over creating something, those who laugh at people still tilting at windmills, then they will have won and there will be written documentation of my folly.

All I can do is tell you a bit about the journey. Record it along the way. And schedule blog posts over time.

Disclaimers: For the purpose of this series of posts I make no apologies if I speak Geek or brutalize the English language with poor grammar and typos while using pseudo-code to express programming concepts, all mixed up together with abandon in horrific run-on sentences. It happens. Go read another blog if it isn’t your thing. This one is mine.

As for the database schemas – I’ll cover that in a future post…for now suffice it to say I have had to relearn the primacy of MVC is MODEL-CONTROLLER-VIEW in that order. And it takes discipline to do that with Django. More later….

state

State
Impure functions are often more efficient but also require that the programmer “keep track” of the state of several variables. Keeping track of this state becomes increasingly difficult as programs grow in size. By eschewing state programmers are able to conceptually scale out to solve much larger problems. The loss of performance is often negligible compared to the freedom to trust that your functions work as expected on your inputs.

Maintaining state provides efficiency at the cost of surprises. Pure functions produce no surprises and so lighten the mental load of the programmer.

http://toolz.readthedocs.org/en/latest/purity.html

More Creative Commons Stock Photography

Aspen Colorado
Aspen Colorado

A new set of “Creative Commons Attribution Stock photography” is up on the Tendenci Open Source Software site. Per the request of one of new employees the focus of this gallery is on scenic landscapes.

And of course there are quite a few Tendenci Stock Photo Galleries to make your association or nonprofit website unique. They are all Creative Commons Attribution (check the license on the image individually and attribution and a link back is always appreciated.

Enjoy!

Web Marketing, Sociology, Photography, Programming