December 2008

One of the lesser joys of using open source & free software has been the need to do important security and core feature upgrades manually and sometimes frequently. Although I have been a long time fan of WordPress as a super simple CMS for small sites that need dead easy administration for non-tech types, I have not loved the continual updates it requires. I will admit that this has been known to make me crabby in the past and perhaps not as diligent about keeping all my sites up to date as I should be.

Well, WordPress just released another major upgrade - 2.7 (Coltrain), but this one is clearly worth doing and doing right now. Especially since, from here on out, they are automating the upgrade process and making it available from within the administrative interface. Woo Hoo!

If you are using Word Press and need to upgrade here are a few good reasons to bite the bullet and do it now. These are primarily from the perspective of using WordPress as a lightweight CMS and not as oriented to hardcore blogging, where there are also significant improvements, especially with comment management.

The value adds:

Last manual update ever (almost). As mentioned - they have pretty much automated the upgrade process for future releases. If you have gotten fancy and tweaked core files you will need to save your changes and incorporate them of course but for most users this will make it possible for non technical folks to keep their systems up to date without as much help.

One of my favorite improvements is the integrated plug in browser and installer. This little feature not only lets you see if a plug in exists for what you are trying to do but lets you know if its compatible and automates updates, meaning no more need to download, unzip and FTP. Its very nice, but maybe a bit dangerous since they have made it way too easy to load up your site with a ton of bells and whistles.

Themes also now provide alerts when updates are available but as of yet, no automated one click install.

Most secure version yet. Current WordPress users might remember the onslaught of hacking that occurred last spring and hopefully already had upgraded to at least 2.5 and avoided the pain those of us that had to dig out of a hack experienced. Although more security was introduced with 2.5 and subsequent releases, every new version protects you from more known vulnerabilities, so having the latest is always a good idea.

New and actually improved interface. Through a community wide effort WordPress enlisted some top talent to make the administrative experience so much smoother and shinier and more usable to boot.

The vertical navigation might take a few minutes to get used to but it does make a lot more sense. Another neato but also practical feature is the ability to choose what tools and content display on each administrative screen - if you don't care about the latest theme news you can hide that feed and you won't have to scroll past it anymore.

Faster, easier, writing and editing. Quick edit and bulk editing for pages and posts is really useful for larger sites and much faster than loading individual post editing screen for simple changes to the non-content areas. I'm still waiting for a faster method of ordering pages but this is a big step in the right direction.

And the behind the scenes speed enhancements they have included are a major bonus for those of us on shared bandwidth. The fancy 2.5 "new and improved" editor was a bit buggy and heavy to load but 2.7 seems to have smoothed things out.

The more robust media manager is another nice addition for anyone that wants to offer PDF and zip files for download on their site without the hassle of FTP'ing files to the server.

The downsides.

Lack of plug in or theme compatibility. While I could see clearly that this particular upgrade was a huge step forward and well worth it, I almost decided to wait on one site because it would mean losing a particular plug in what was not compatible. And looking up the author it was clear he wouldn't have time to update it in the near future. In the end I made the leap and will just have to wait for some of my favorite add-ons to catch up. If you use a specific plug in that is very important to your overall site functionality or your theme is heavily customized and you have hacked core files, this can be a tough call.

The good news is that the WordPress community is pretty intent on promoting core improvements to help theme and plug in developers make their work compatible and create new options more easily.

You have already put off upgrades for too long. If you are on an older version of WordPress getting to 2.7 may be a bumpy ride. For anyone using WordPress versions below 2.5 there can be some headaches in making the leap - often around the changes to the way the database works in the newer versions. Making the switch through a series of progressive updates can start to look like shoving a square peg in a round hole. It might be possible to export your existing content and import it into a fresh install of 2.7 but you might lose some information along the way.

Upgrades from later versions (2.5 + 2.6) have been fairly painless but as always, backup before you start making changes, turn off all your plug ins and follow the instructions. I look forward to a pain free upgrade future, let's hope it happens.

Next year, given what is likely to be a grim funding year, nonprofit organizations are going to be hunting for ways to save money on technology. There are, of course, arguments that IT budgets should be, at least, level funded during slim times, but the reality is that organizations are going to reduce budgets across the board. One question that will inevitably be asked: can free and open source software save organizations money?

The answer, of course, is a solid maybe, but also a resounding yes. Confusing, huh? Open source software is both free as in "beer" as well as free as in "kittens." There are no license fees, but it takes care and feeding.

The most important part of the equation is what you are implementing, and whether or not you need to factor in migration costs. Nonprofit organizations that did migrations to open source software from proprietary packages with large license fees during relatively fat economic times are reaping the benefits of that change now, and are in good shape to weather the storm. Organizations that haven't been able to do that migration might find those costs to be prohibitive at this time - which is unfortunate.

But if you have a migration planned anyway, now is absolutely the time to look at open source software. At this point in the maturity of most open source packages that nonprofits would want to use, the implementation cost is very much in line with the implementation costs of proprietary software. So that means that you are saving money - no cost to acquire, and no long term license or maintenance fees.

All of the above adds up to that solid maybe - implementing open source software in your organization might save you money depending on what you are implementing, and what the costs are for migration. Where does the resounding yes come from?

This, if any, is the time for organizations to reject the standard "every organization for themselves" mentality of software acquisition and development. Find a solid open source package (like CiviCRM, for instance,) and help fund extensions to that software with other organizations that help make it what you need. Find 5 organizations that do similar work, and collaborate to build an open source application that can work for your part of the sector. Release it so a community can develop around it, make sure to make it modular so that it can be easily extended. Make it full of APIs so you can hook other software to it. Build it with open standards so the data is readable in perpetuity. Doing this will mean you will get far more application for the money you spend. Of course, it all takes effort and work. But it's worth it - and the entire community benefits by an enriched software ecosystem.

It also ends up not just being about saving money. It also ends up being about building community - and community will be an incredibly important asset in the coming years. There is an appropriate popular culture reference: "live together, die alone."

Ack! Forgot to link to this one! In the Nonprofit Times, I talk through a some steps and tools for Online Fundraising for Year-End Procrastinators. At this point, you've probably procrastinated too long for even this process (which is likely to take about two weeks to get up and running), but maybe you can get some good tips for next year.

A recent conversation on a nonprofit technology mailing list got me thinking about what people know about where they want to put their data, and what the risks are of having data in one place or another. Particularly, what are the pros and cons and risks and benefits of software as a service, and cloud computing when it comes to the control and security of your data.

You can think about this on three axes: security, access, and control. First, security; to get it out of the way, I'm going to assume, for the purposes of this post, that the person administering the application and/or the company hosting your data have done everything right to secure the data. If this is true, the security difference boils down to a somewhat increased risk due to increased exposure of your data outside of the firewall, vs. a somewhat decreased risk inside the firewall. These are important considerations, and, really pretty straightforward.

Second: access. What do I mean by access? On one level, it means physical access - can you physically access the data? Ultimately, it really means the ability for you to look at, manipulate, download, remix, integrate, back up, or in any way handle your data as you please. The spectrum goes from the most access in an open source application hosted locally in a box physically in your sight at the moment, to the least access in proprietary applications hosted offsite. Why does the location as well as the license of the software matter? As many of you have noticed with many proprietary applications, it can be very hard to get your data out of them. Open source applications are generally based on open standards, and since the source code is available, it is always possible to get your data out. Of course, it is critical to make sure that any application you choose gives you the level of access that you need at a cost that you can afford. However, there are some interesting examples inside those extremes. If you compare many on-site proprietary fundrasing packages to externally hosted Salesforce.com, Salesforce.com will come out way ahead on data access, because most proprietary fundraising packages make it hard to easily access your data (and many times, you have to pay for APIs and the like,) and Salesforce's basic strategy is to be a completely open platform. As well, some open source applications don't have as mature APIs as some proprietary applications.

Lots of software services don't really give you easy ways to, for instance, create a backup of all of the data that is recreatable in a useful manner. For instance, there is no easy way to backup your google apps data - you need to use third party tools to back up a lot of it, and some of it requires a fair bit of manual labor. If your google account is suspended or deleted by accident (yes, it happens) you are out of luck unless you've taken those precautions.

The third axis is control. By control I mean, to what extent do you actually have control over exactly how your data is used. Again, this ranges from the most control in open source applications in servers hosted physically in your presence, and the least is proprietary applications hosted elsewhere.

There are several aspects to control. One is simply: can the service/company use my data as it pleases? Read the Terms of Service. You'd be surprised how many online services (especially Web 2.0 services) basically say that by using the service, you agree to give them license to use your content as they please.

Another aspect of control has to do with what a service can do with your data under certain situations. You know if the activities of your organization might raise suspicions, or might risk skirting the line of the terms of service (this is true of many activist and human rights organizations.) Companies care way more about their bottom lines than they do about any one particular client's data. Be sure that they will happily close your account, or hand your data over to the authorities if it looks to be in their best interest to do so. And you will be out of luck if that happens.

Another aspect of control is what might happen to the company holding your data. Is it a startup? How's the financial situation? Has the hosting company been around a while? In the current climate, where startups are bleeding staff left and right, and venture capital is drying up, it's even more important than ever to make sure that the company hosting your data is going to be around for a while.

There are lots of benefits to software-as-a-service and "cloud computing." But they are not without risks. Think about security, access and control of your data when you are evaluating your options.