Joe’s Amazing Technicolor Weblog

As promised, I spent yesterday at Organizer’s Collaborative’s Grassroots Use of Technology conference, up in Lowell. I went hoping particularly to pick up tips on donor management and fundraisining tools, and came away with some good leads. It was also fun to reconnect with folks.

Keynote speakers

Nick Jehlen of Action Mill shared his approach to social change projects, and how that approach played out for Turn Your Back on Bush, Winter Soldier, and Enough Fear. His basic premise is to take Ghandi’s idea of being the change that you want to see in the world, and bring it to the commons, so that principled actions have a chance to influence others. In addition to having interesting stuff to say, Nick really put together a handsome presentation, so if you get a chance to catch him speak sometime, go for it.

After lunch, Paul Niwa talked about his Boston Chinatown site, which provides a visualization of the community members’ connectedness. He’s a professor of journalism at Emerson, so his initial goals were mostly based in journalistic concerns, but one of the interesting results of the project is that it may have provided incentive for some people to become more involved in their community, to boost their importance on the visualiztion! It was also interesting how what Paul called his “journalistic arrogance” led him to publish people’s information on the web much more freely than many of us in the nonprofit / activist space would be likely to do.

Sesssions

The first breakout session I went to was horrible. No names, to protect the guilty.

Sura Hart and Katie Winterbottom of Grassroots.org ran a helpful session on SEO. Props to them on running the presentation from Google Apps, on a KDE laptop. As for the content,

• it was helpful to see specifics about keyword research, and the tradeoffs between keyword popularity in searches and the existing presence for that term on the web
• will have to think harder about the working of intrasite hrefs
• hadn’t really thought about using the title attribute on tables, forms, etc.
• Google Grants sounds like an amazing opportunity.

Nate Aune of jazkarta had a ton of useful tool suggestions. He started with the constituent database, as that’s at the core of almost any successful organization. His recommendation is salesforce.com now that they’re giving their service away free to nonprofits. This is significant because it’s a best-of-breed solution, with a thriving ecosystem of parters enabled by its comprehensive API.

From there, Nate went on a whirwind tour of helpful tools. I’ll only note here the ones that I can see looking into in the future:

Online donations

• we already use paypal, but I’m not sure if we’re taking advantage of the fact that they give nonprofits a lower fee than for-profits. Also, all processing can be done via their API - no need to send folks to paypal.com’s ugly pages (which we do now…)
• fundable
• chipin
• for nonprofits, google checkout is totally free through next year. Interesting, I wonder what happens then?

Mass email

• campaign monitor - we’ve just been giving them a try, so it was nice to hear that jazkarta has good luck with them. However:
• VerticalResponse is also supposed to be excellent, and is integrated to salesforce.com

Misc.

• eventbrite sounds very handy for online ticketing
• phone.com’s integration of voice mail and email could be very handy

I spent part of last Wednesday at the Boston Tech-Security Conference, held at lovely UMass Boston. Getting me there was a triumph of email marketing by hosts Data Connectors, as I hadn’t heard of this series and couldn’t really find any 3rd party accounts on the web. That, and it was free. Since I’m newly back in a higher-level IT administrative capacity after years of just focusing on web application security, I decided to give the conference a try.

First impressions (after noting how unfriendly the UMass campus is to bicycles) were of an absence of buzz. Many vendors hanging around in one room, and then a vendor representative giving a traditional one-way presentation in the next room. After attending a few barcamps, it really seems to me that a more interactive format would benefit everyone involved. This conference was clearly driven by the vendors, but it seems to me that it’d be in their best interests to learn more about their potential customers’  interests and concerns, rather than broadcasting a sales message.

Despite the one-to-manyness, the presentations I made it to varied quite a bit. A few did a good survey of some aspect of security, and then tied that discussion into the vendor’s offerings right at the end. Others were basically just sales pitches. Guess which kind lost more of the audience?

new concepts to me

NAC - Network Admission Control. Folks will sell you systems that go beyond requiring just a username / password combo to get on a given network, by combining checks on device MAC / IP, allowed hours of operation, and presence and activity of specified software. Packetfence looks like a promising open source NAC.

IPS - Intrusion Prevention System. If I’m understanding correctly, these go beyond IDSes by taking some action such as updating firewall rules when naughtiness is detected. It looks like Snort has been able to do this sort of thing for a while, also PF has some related capabilities.

notable speakers

Ming Fu of Lumension introduced me to the concept of thumbsucking — apparently the new hotness in social engineering attacks is to leave USB drives with said software lying about in parking lots, expecting that some percentage will be picked up & plugged in… nasty! Lumension’s tie-in is that they have a product that allows strictly defined device access controls for windows boxes, so you could set up rules that would prevent employee accounts from mounting any USB devices, and only allow admins to mount USB devices already encrypted with your organization’s key.

Ken Pappas of Top Layer Networks gave a high-level rundown on the overall tech security situation, and managed to do it with not an ounce of sales pitch. Authentic confidence is an excellent marketing tool, and Ken’s got that. His early remarks included a shout-out to the Boston chapter of the possibly shooting-to-kill InfraGard. He then went on to summarize the state of security in ‘08, which is basically: not that great. Incidence rates are going up, the range of attackers is increasing in professionalism and skill at the top end and becoming even less sophisticated (i.e. lower barrier to entry) on the low-end with easily available point-and-click tools for launching mail bombs, etc. Those of us responsible for computers attached to networks definitely need to be budgeting some of our time to keep up with the evolving threats, regardless of whether we’re aware of any particular adversary that’s out to get us or our data.

takeaway

It’s important to get away from the daily stream of projects periodically, to think about things from a higher level. Vendory as this conference was, it did give me that opportunity, and I did re-prioritize my TODO list at the end of the day.

The downside: I hadn’t thought through how many calls & emails I was setting myself up for receiving from the conference vendors. FYI, I am 100% of the time never going to spend money with someone who calls me out of the blue and interrupts whatever I’m working on. Send me an email, and I’ll file it for processing at an appropriate time.

On my agenda this weekend is the ‘08 edition of the Grassroots Use of Technology conference, happening up in Lowell. I was a volunteer at the conference back in ‘04 and ‘05, but I’ve been out of town for the last couple.

This year I’ll be wearing my IT Manager hat & looking to pick people’s brains particularly about mass emailing, online donations, and fundraisining tools.