January 2010

Introducing the Field Guide to Software for Nonprofits

By Laura Quinn, January 28, 2010
We're excited to announce the launch of our very first book -- the Idealware Field Guide to Software for Nonprofits: Fundraising, Communications, and Outreach. I'm really proud of it -- it's 84 pages summarizing what we've learned about software over the last four years, as a quick reference as to what software exists and what might make sense for you based on your needs and level of tech savvy. And then it gives a quick summary of what you might pay, what you can get, and some of the key vendors for each of 34 types of software.

Basically, it's like a neutron star of nonprofit software information. Concise but incredibly packed with info. I've had a printed copy on my desk for almost a month now, and let me tell you: I refer to it almost every day to look up something... and I co-wrote the thing.

It's a real paperbook book. Buy it from Lulu for $19.95 and it will be shipped to your door.

Four ways to send a SMS (a mobile text)

By Laura Quinn, January 27, 2010
We're hard at work on a lot of work in regard to mobile texting and and mobile apps (funded in part by the Research Fund... and all of you who donated to it! Thanks you!). I've learned a lot, but among them: the world of SMS (meaning "Short Message Service", the official name for a text message) is a darn complicated one.

As we at Idealware like to break things down, we've broken down the ways to send a text into four categories.
  • SMS as email. It's usually possible to send people a text message simply by emailing it to an email address consisting of their phone number and then their provider's domain (i.e. 6463523431@att.net). This is not actually officially supported, and can lead to problems when doing it in quantity, but can be an easy method for a few quick (or internal) texts. You also have the problem of collecting providers and provider domains, which is a kind of unusual thing to ask supporters for. But it's free.
  • Connecting your phone to your computer. There are software packages -- like Frontline SMS or Microsoft SMS -- which allow you to literally hook your cell phone to your computer and send a bunch of messages out through your own cell phone. This is more common (for reasons we're still investigating) in third world countries than in the US. The software is inexpensive.
  • SMS via programmatic services. If you have a programmer, you can use services like Click-a-Tell that allow you to send messages by communicating via API. For instance, Click-a-Tell is often used in conjunction with Drupal for either one way broadcast texting, or more sophisticated processes like letting people sign up via texting, or providing dynamic info (like the weather). Click-a-Tell is priced by the message, averaging about $0.04/ message. There's also open source software like Kannel and Gammu which we think falls into this category.
  • SMS in a box. Finally, there are vendors like Mobile Commons and Distributive Networks who provide you a nice packaged service, and an interface, very much like a broadcast email interface, that lets non-technical people easily set up texting streams -- to let people signup via text, broadcast texts, setup complex two-way interactions, or donate. We're investigating pricing, but they're not cheap. Perhaps starting at $200- $500/month?
So as you can tell, we've still got a ways to go on our research -- would love to hear your thoughts (either via comment below, or via email) if you can fill in any of our blanks or if you think we've gotten this wrong.

NPO Evaluation, IE6, Still Waters for Wave

By Peter Campbell, January 25, 2010
Here are a few updates topics I've posted on in the last few months:

Nonprofit Assessment

The announcement that GuideStar, Charity Navigator and others would be moving away from the 990 form as their primary source for assessing nonprofit performance raised a lot of interesting questions, such as "How will assessments of outcomes be standardized in a way that is not too subjective?" and "What will be required of nonprofits in order to make those assessments?" We'll have a chance to get some preliminary answers to those questions on February 4th, when NTEN will sponsor a phone-in panel discussion with representatives of GuideStar and Charity Navigator, as well as members of the nonprofit community. The panel will be hosted by Sean Stannard-Stockton of Tactical Philanthropy, and will include:



I'll be participating as well. You can learn more and register for the free event with NTEN.

The Half-Life of Internet Explorer 6

It's been quite a few weeks as far as headlines go, with a humanitarian crisis in haiti; a dramatic election in Massachusetts; A trial to determine if California gay marriage-banning proposition is, in fact, discriminatory; high profile shakeups in late night television and word of the Snuggie, version 2 all competing for our attention. An additional, fascinating story is unfolding with Google's announcement that they might pull their business out of China in light of a massive cybercrime against critics of the Chinese regime that, from all appearances, was either performed or sanctioned by the Chinese government. There's been a lot of speculation about Google's motives for such a dramatic move, and I fall in the camp that says, whatever their motives, it's refreshing to see a gigantic U.S. corporation factor ethics into a business decision, even if it's unclear exactly what the complete motivations are.

As my colleague Steve Backman fully explains here, here's been some fallout from this story for Microsoft. First, like Google and Yahoo!, Microsoft operates a search engine in China and submits to the Chinese governments censoring filters. They've kept mum on their feelings about the cyber-attack. Google's analysis of that attack reveals that GMail accounts were hacked and other breaches occurred via security holes in Internet Explorer, versions six and up, that allow a hacker to upload programs and take control of a user's PC. As this information came to light, France and Germany both issued advisories to their citizens that switching to a browser other than Internet Explorer would be prudent. In response, Microsoft has issued a statement recommending that everyone upgrade from Internet Explorer version 6 to version 8, the current release. What Microsoft doesn't mention is that the security flaw exists in versions seven and eight as well as six, so upgrading won't protect you from the threat, although they just released a patch that hopefully will.

So, while their reasoning is suspect, it's nice to see that Microsoft has finally joined the campaign to remove this old, insecure and incompatible with web standards browser.

Google Wave: Still Waters

I have kept Google Wave open in a tab in my browser since the day my account was opened, subscribed to about 15 waves, some of them quite well populated. I haven't seen an update to any of these waves since January 12th, and it was really only one wave that's gotten any updates at all in the past month. I can't give away the invites I have to offer. The conclusion I'm drawing is that, if Google doesn't do something to make the Wave experience more compelling, it's going to go the way of a Simply Red B-Side and fade from memory. As I've said, there is real potential here for something that puts telecommunication, document creation and data mining on a converged platform, and that would be new. But, in it's current state, it's a difficult to use substitute for a sophisticated Wiki. And, while Google was hyping this, Confluence released a new version of their excellent (free for nonprofits) enterprise Wiki that can incorporate (like Wave) Google gadgets. That makes me want to pack up my surfboard.

Browser Security and Choices

By Steve Backman, January 24, 2010
Browsers have been in the news again lately.
The open conflict between China and Google has brought front page/national news attention to Internet privacy and censorship lately. Google announced that Chinese cyber spies had hacked into Gmail accounts in order to identify human rights activists in China. It turns out that it was not just Google. Other popular web service providers had suffered similar attacks. And now it has become a diplomatic incident, with Sec of State Clinton and Pres Obama now forced to intervene even while presumably engaged by Haiti, growing mess in Afghanistan and more.


Google--somewhat belatedly for many--retaliated by threatening to stop self-censoring searches of its Chinese edition. Web freedom activists have long felt this accommodation to Chinese law violated Google’s philosophy http://www.google.com/intl/en/corporate/tenthings.html. Yahoo, Microsoft, Cisco and others feel pressure to follow suit.

Browser Security Holes the Point of Attack

So what does this have to do with browsers? Turns out that the cyber warfare story behind the story has to do with Chinese teams exploiting yet another point of failure in Microsoft’s Internet Explorer browser. Microsoft has now patched that problem, and web users should get it. According to the BBC and others, Microsoft knew about the vulnerability since September and planned to patch it. Soon. February. For the government of Germany, enough was enough. In the middle of the cyber crisis, they urged web users in their country to stop using IE altogether, as part of their version of domestic homeland security.

To give Microsoft credit, Internet Explorer 8 overall offers more security protection than 7 or 6. (And it looks good, just as Microsoft's bing search site looks good.) You really should have it: http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

Yet, statistics show many users still on IE 6, presumably many because users have older computers and just don’t know what they have. Partly also, some corporate software apparently displays better on IE6. Presumably German authorities felt that an announcement, "please upgrade to IE8 and set your computer to download all your security patches weekly" really would have required way more public information that is practical. Makes sense to me.

And of course, the preference for IE6 has a bitter irony for web developers worldwide. As software moves to richer browser experiences, through Javascript, Flex, JQuery and the rest, it has become harder and harder to ensure cross-browser compatibility when those compatibility tests have to include IE6. We don't do it any more unless this is specifically part of the requirements--say, in school environments with a lot of older computers.

We keep an eye out for who continues to support IE6 compatibility and who does not. Paychex just announced it would end IE6 support as of March 2010 for its payroll software. 37Signals announced way back in the fall of 2008 that it would phase out support for IE6 in Basecamp and its other web services. "Supporting IE 6 means slower progress, less progress, and, in some places, no progress." Good for you, Paychex, 37Signals, web developers no doubt said to themselves. Microsoft itself will pull the plug on IE6 in July 2010.

Of course, the bigger story is that more and more web users have moved away from Internet Explorer altogether, much as in the German announcement. Too confusing and just can't wait. Many folks used to worry that websites developed with Microsoft tools would fall apart outside of Internet Explorer. Not true! In fact, some .Net web pages that test fine in competing browsers need tweaking for IE.

Firefox now has just under a quarter of all web users. With plans underway for it, I suspect Firefox will continue to grow. (For example, soon each Firefox tab will run in its own memory space. This means that if one page causes a problem, it won't freeze other tabs. This also helps with speed. Chrome works this way now.)

What is most intriguing to me is the continuing march forward of Google’s Chrome. In early January 2010, statistics showed it had inched by Safari to become the third most popular browser. It has become my preferred browser. Why? It’s quite fast and has that now familiar clean look of other Google products.

Personal esthetics aside, two things account for Chrome’s surge

Beta Release for Mac and Linux. I have been using the Linux version on my Ubuntu netbook, and it has been fantastic. It may be beta, but like other Google betas, it seems ready to go. In my personal experience, it’s much faster than either Opera or Firefox running on my small Ubuntu notebook. Other reports support this.

On XP, both it and Safari seem significantly faster than either IE or Firefox. The forthcoming release schedule for Firefox includes a lot of focus on performance, so who knows where things will line up.


The other big news in the Chrome department has been growing support for browser extensions. There’s still nothing like the Firefox library. Yet my most essential extensions installed really easily and work just fine—Delicious bookmarks, Lastpass password protection, bitly url shortener, Gmail integrator, and Evernote note and page clipper. Small bonus: unlike Firefox, you don’t have to restart the browser when you install or update the those extensions.
For many folks, all the yak about extensions must seem so nerdy. Yet browser extensions are to web experience what apps are to mobile: we spend so much time in the browser while using our computers, why not make the effort to personalize and enrich our experience? Though this may drive standards-minded IT departments crazy, it seems part of life on the ‘net today.

Why choose one over the other? Security, Speed, Customization, and User Experience

As I mentioned, number one reason for me in crossing over to Chrome on my 1 GB netbook has been speed. It is faster with Gmail a nd all the Google stuff, yet not just. It’s hard to truly compare “fast.” In my case, it means being able to have a lot of tabs open at once and for a long time with limited memory. Apple has steered clear of supporting Linux (no Ubuntu browser, iTunes or anything) so I can’t compare, yet the Windows version is quite fast as well.

I have all of Chrome, Firefox, IE, Safari and Opera on my older Windows XP notebook. I switched from Firefox toChrome there as well my first choice browser. All the browsers now emphasize a modern spare look, which is great, with Safari and Chrome the most refreshing in this regard.

The contradictory thing about Chrome’s speed is that part of the netbook attraction is that it runs well with low memory. On the other hand, on XP at least, its speed seems to come at the price of insatiable memory. I posted some tips about this Chrome issue here.

Why NOT to choose one over the other?

The browser makers compete over the four categories mentioned above. This is good and worth paying attention to. They also compete over internal features, some of which is good and some not. Two features I would recommend steering clear of are bookmark synchronization and password protection.

Each of the browsers now emphasize their features for these everyday requirements. They even have grown in ability to sync across multiple computers. I don’t look anymore and I don’t care. I use delicious to hang on to my bookmarks (supplemented by evernote page grabber). And I use lastpasss for keeping track of passwords. I’m not going to review those products here. I’ve commented on them in earlier posts, and I recognize there are other options in each category.

The point here in a review of browser choices is that those choices seem to be blowing wide open in a product category that a few years ago seemed “solved.” There’s more choices on the desktop and more on mobile phones as well. (My Nokia phone also has, yes, three separate browsers I cycle among.) By storing your critical web experience information independently, you can switch from one browser to another as well as from one computer to another.

I can save a site log-in to my lastpass account from browsing with Windows desktop in Firefox and then the next day, open that same site from Chrome on my Linux netbook—or find the same password from my lastpass app on my cell phone. Likewise with my delicious bookmarks.

By contrast, the syncing each browser offers emphasizes keeping you locked in to that one browser. Browser lock-in does not feel like a good thing for the year ahead for me, and I hope you don’t either.

Dealing With Domains Part 2

By Peter Campbell, January 19, 2010

idealware domain reg.pngLast week, we talked about domain registrar services and what to look for. In today's followup, we'll focus on how to transfer a domain and the accompanying security concerns, then talk a bit about registrars vis a vis hosting services.
 

 


Domain Transfers

Transferring domains is a somewhat complex process that has been designed to minimize the risk of domain hijacking. In order to insure that transfers are performed by the actual owner of the domain, a few important measures are in place:

  • Every domain has an authorization (a.k.a. EPP) code associated with it. Transfers can not occur without this code being submitted. If you don’t have this information, your current registrar does. Some registrars have automated functions that will deliver that information to the domain contact; others require that you ask for them via email to the registrar or their support ticket application. Registrars are required to provide you with these codes within five calendar days of your request. If they don’t, your best recourse is to determine who they get their domain authority from (there are only a handful of companies that resell registration services) and appeal to them for assistance.


  • Communication is strictly through the registered “whois” email address of the domain owner. You can determine what that is by doing a whois lookup on your domain.

    Tip: While most domains can be looked up at http://whois.net. However, whois.net has some trouble with .org domains, so the alternative http://www.pir.org/whois is a more reliable source for most non-profit domains.


    If the address that your domain is registered with is either non-functional or owned by someone other than you, then you need to update it, via your current registrar’s web interface, before you can successfully transfer the domain.


  • Domains can (and should) be locked to prohibit transfers before and after you switch registrars. Locking and unlocking your domains is usually done by you, from your registrar’s web site. If you don’t have options to do that when you log on to the web site, your registrar should do it for you upon request.



Transfer Procedures

To initiate the transfer, go to the web site of the registrar that you want to switch to and follow their instructions. They will have you submit a request and, upon receipt of your domain fees, issue an email to the email address associated with the domain containing a link to a form where you can confirm the request. That form will also ask for the authorization code. Subsequently - and this can take up to seven days - you’ll receive an email from your current registrar asking you to confirm the transfer request. Once that is submitted, the transfer should go through.

Detailed rules about how domains are transferred, as well as what the responsibilities of the registrars are in handling the transfers, are listed at http://www.icann.org/en/transfers/policy-en.htm.

Choosing Registrars

Registrars charge anywhere from $5.00 to $50 dollars for a year’s domain service. The two best known registrars are Network Solutions and GoDaddy. Many people go with Network Solutions because they're the longest standing of the registrars (for many years, they were the only registrar). GoDaddy has become very popular by dramatically undercutting the cost. Note, though, that both of these registrars have been accused of questionable business practices:

  • Network Solutions has engaged in "Front Running", a questionable practice of locking domains that a potential customer might search for in order to block competitors from making the sale. They will also use subdomains of your domain to advertise, a practice called subdomain hijacking. A decent registrar will not seek to make profits based on your intellectual property.


  • GoDaddy famously suspends accounts based on corporate requests. In 2007, they suspended seclists.org, a website that archives internet security mailing lists, per the request of MySpace, with no court order or valid complaint. MySpace was upset that content posted to one of the lists that Seclists archived was inappropriate. But, instead of contacting Seclists to deal with the content in question, GoDaddy closed the site and wouldn't respond to desperate emails or phone calls regarding the sudden closure. Worse, after the fiasco was resolved, they were unrepentant, and reserve the right to shut down any site for any spurious reason. If your NPO does work that is in the least bit controversial, keep this in mind when considering GoDaddy.



Web Hosting and Registrars

Many registrars supplement their business by providing web hosting services as well. Some will even offered discounted or free domain registration with a hosting plan. While this simplifies things, it can also be a bit risky in the “eggs in one basket” sense. Having a separate registrar and control over your DNS service allows you to be more flexible with switching hosts, should your current host prove themselves unreliable or go out of business. And the web hosting industry is pretty volatile, with companies coming and going pretty quickly. I would suggest a best practice is to keep your host and registrar separate.

The Joy of Google Ads

By Laura Quinn, January 19, 2010
Not enough people are taking advantage of Google Ads, in my opinion. They're a really useful tool -- affordable enough for most nonprofits, and in fact free to qualified ones.

How do they work? You create a short text ad, choose the keywords and geographic area you’d like to reach, and Google posts your ad next to searches for them. So for instance, I could choose to show my ad if people from Virginia search with a phrase that includes "food pantry". The cost depends on the popularity of the keywords you choose, but often starts at just a few cents per each user who clicks through to your site—and you can cap the amount you spend per day. Google provides easy-to-use tools to track your results and optimize campaigns, making it straightforward to manage. There's lots more information on their website.

Nonprofits who use Google Ads often get substantial results, making them a high bang-for-the-buck way to reach new constituents. Even better, qualifying nonprofits can get up to $10,000 per month in free Google AdWords advertising through the Google Grants program. The majority of nonprofits are approved (though it appears that those that are religiously or politically affiliated are less likely to be approved). And the application is easy, less than an hour to complete even including getting up to speed on how to write an ad (the application includes a sample of the type ad you would run). So it's worthwhile for almost every nonprofit to apply. The Google Grants site has all the information you'll need.

Dealing With Domains - Part 1

By Peter Campbell, January 11, 2010



created at TagCrowd.com


Domain Name Management: not a very sexy topic. This will be a rare post for me that won't mention popular search engines, the latest "superphone", content management or rumored tablets. But I hope I can provide a good glossary on a geeky subject that anyone with a web site sporting their organization's name has to deal with.

You have a web site and you have a domain, and as long as the web site is up and running, everything is fine. But what happens if your domain is hijacked? What if you need to make changes to your domain registration, or register a new one, and your registrar is simply disinterested? What if they go out of business? Your domain name is a valuable property, and you should keep it in pro-active and trustworthy hands.


How Domain Registration Works

Domain registrars provide the service of keeping your domain name mapped with current information so that it can be found on the web. Domain names are meaningful aliases for numeric IP addresses, and aren’t technically required in order to host a web site. But, the internet would be hard to navigate if we could only find things by their numeric addresses.

The primary thing that a registrar does is to keep your contact (whois) data maintained; point your domain to the appropriate name servers; and allow you to move your domain to another registrar if you choose to.

Domain Services

In addition to domain registration, most registrars offer additional services, such as:

DNS Management (address mapping) for subdomains (which allows you to host your main domain on one server, but, perhaps, an online store called “store.yourdomain.com” on another server),

Aliasing of Addresses (so that both http://yourdomain.com and http://www.yourdomain.com go to the same place),

Backup Mail Handling, so, should your primary mail server go down, messages sent to you will be stored until they come back around;

Web Forwarding, so you can, say, register yourdomain.org, yourdomain,.com and yourdomain.net, but forward all visitors to the .com and .net sites to your website at yourdomain.org.

SSL (Secure Socket Layer) Certificates, to encrypt sensitive data, like online donation forms.


Things to Look For in a New Registrar

  1. Are they accredited? ICANN, the organization that oversees domain management , accredits registrars. If they aren’t on ICANN’s list, they aren’t trustworthy.


  2. Do they add a year to the existing expiration date, or charge you for a full year as of engagement? They should do the former.


  3. Do they offer automated access to all functions (via web forms), including locking/unlocking domains, retrieval of authorization (EPP) codes, and modification of all whois records? (Some registrars prefer to list themselves as the technical contact. It should be up to you whether they can have an official name on your domain, not them).


  4. Do they list a telephone number, and is it promptly answered during business hours?


  5. Do they respond promptly to emails and support requests? The ability to communicate with your registrar is rarely needed, but, when it is, it’s critical - you don’t want them out of the loop if your domain is subject to an attempted hijack.


  6. Do they offer the ability to manage DNS for mail servers and subdomains? While this is an added feature, it’s common enough to be worth expecting.


  7. Do they have any additional services (examples above)? While these supplemental services are far from critical, they are convenient. More to the point, a company that is engaging in a robust suite of services is more likely to be focused on their business. The truth is that anyone can be a domain registrar, if they make the proper investment, but whether it’s a going concern or a neglected piece of extra income for them is a question you’ll want to ask.


Next week: Safely transferring domains and a word on web hosting completes the topic.

Avoiding Technology Ice Dunes

By Laura Quinn, January 4, 2010
This may be a metaphor that doesn't mean a lot to you southern and California people, but Idealware's based in Portland, Maine, and up here we give a fair amount of thought to snow. I was shoveling out the driveway from our first big snow of the season (maybe 6") yesterday, and while I did it, I was giving a fair amount of thought between the overlap in shoveling and technology planning. Bear with me here.

While you're shoveling out your driveway, you plan how much room you'll leave for the cars. Maybe you're feeling lazy, and you shovel out a passageway with just an inch or two to spare. Or maybe it's an easy shoveling job, and you shovel out generous room to turn in from both sides of the street.

It doesn't feel like a decision of much importance, until you've lived somewhere where it's below freezing most of the winter. Here, you build some serious snow dunes with what you've removed from the driveway. And soon those dunes thaw a little, freeze a little, and there's a little rain, and a little more snow on top of them... and within a few days your casually shoveled banks of snow become impenetrable blocks of ice. Which may well be with you until spring, unless you have an unseasonable thaw or invest a lot of backbreaking labor.

Okay, so here's where the metaphor comes in. There's a lot of technology decisions that we as nonprofits approach just as casually. But just as often, our decisions can be with us for much longer than we thought they would. You decide to just throw up a temporary website without a lot of thought to the structure... but then between one thing and another, you're still using it two years later. You decide to use a particular piece of software mostly because you need something in a hurry, but then your staff is used to it, knows how to use it, and doesn't want to change.

Change is hard, whether it's chipping through the ice to widen your driveway, or trying to move off something you've been using for a while. It's worth giving a little extra thought when you're making those "temporary" decisions, to consider whether they're likely to make your life a misery if you need to try to maneuver though between the barricades they've imposed for much longer than you planned.