First day of Nonprofit Technology Conference
The first day of Nonprofit Technology Conference 2005 started with a breakfast session where Mena Trott of Six Apart was telling about community building with blogging tools. Her examples included Save Karyn and the Star Wars Kid raising money through popularity in the weblog world.
The main idea with weblogs is to capture the personal voice of the author, and to make publishing that as easy as possible. Most blogging tools are either inexpensive or Open Source, and allow easy publication of media rich content. Another important point is that all blogs share some common user interface elements like archives, RSS feeds, comments and posts arranged by date. This makes it easier for readers to use and follow the site. The presentation ended with a demo how Ryan Jacobs from Ungana-Afrika (yes, a familiar organization) created a blog for himself in couple minutes.
The TypePad blog creation UI is quite similar in concept to the Midgard Site Wizard:
- You create an user account (in Midgard, an organization)
- You give a name to the website
- You select a layout from set of templates provided
- You select whether the blog is public or password protected
…and that’s it, then you’re online and ready to publish. Now the challenge for the Midgard Community is to ensure that this all happens out-of-the-box with the upcoming 1.7 release.
Another interesting point regarding blogging would be the usage of moblogs to report the field work of NGOs. For example, my roommate Jacob Patton from Free The Slaves saw this as an interesting opportunity for reporting in real time how freed slaves and human trafficking victims are being rehabilitated.
Data security
The next session of the day was Data Security in High Risk Organizations held by fellow Midgardian, Robert Guerra from Privaterra and Matt Kestian from Microsoft. An important point made in the presentation is that security is not only computer security, but also physical security.
Defense in Depth is the concept of building several layers of security. For example, one layer is the perimeter of an internal network, then comes the security of actual applications, and then things like backups and disaster security. However, data security is still just one layer. For example, one network security company I’ve visited had a very strongly firewalled working environment where online access would’ve been difficult. However, backup tapes containing all the confidential data were just lying on shelves in corridor near the office lobby. It would’ve been childishly easy to walk in, grab a tape, and then examine it in good time.
It is important to know what devices and services run in the network of a company, and to periodically check that they’re present, working and not tampered with. It is also important to scan the network to see that nothing unknown has popped in there. The question to ask about each asset is “Is this a device I can trust?”
All devices should be examined to ensure they have all required protection like automated security patches, antivirus software, host-based firewalls and that they run only services that are really needed. It is also a good idea to keep in mind that it is usually possible to switch insecure or troublesome applications to more secure ones, like switching from Internet Explorer to Firefox.
Email communications can be secured easily by running the email protocols encrypted by SSL. Most email applications support encryption in their preferences. While this secures the communication between the email application and the server from password sniffers, it doesn’t actually protect email transmitted between organizations. Solution to that is to encrypt the actual emails using tools like S/MIME or GPG. For human rights groups there is also a special-purpose email-like bulletin system named Martus.
After lunch
After lunch I helped Robert to set up SSL encryption for his Midgard sites running on Ubuntu. I also briefly met Ben Ramsey who criticized us of making Midgard too hard to install.
In the evening we went to a dinner with some people from EngenderHealth to discuss possibilities of using OpenPSA for project portfolio management in NGOs. Apparently this would require a higher-level tracking of targets and initiatives in a Balanced Scorecard-like fashion. However, as my fortune cookie reminded, “Too much confidence has deceived many a one.”
After the lunch the evening ended in the Microsoft party in House of Blues. A night walk through the center of Chicago showed the old skyscrapers very beautifully.