nptech.info

• Amazon CloudFront Amazon turns their S3 storage service into a full-scale Content Delivery Network. This will be really handy for sites that have big traffic spikes (tags: amazon hosting&colocation websites)

I’ve been doing some thinking and planning about how to build some better online donation tools for small to midsize nonprofits.  In the process of doing some of that background research, I’ve come across what I think is a pretty big latent risk to lots of nonprofits (and small businesses) that are doing online transactions.

It has an acronym: PCI, or PCI-DSS.  It’s the set of security standards put in place by the credit card industry over the past few years, in attempt to limit the risk of catastrophic data security breaches that cause criminals to get their hands on credit card information of innocent folks.

What PCI says in a nutshell is this: if your computer systems store, process or transmit credit card information, then there are various security processes and safeguards that you MUST have in place, you must verify that you have these measures in place, and you must submit to periodic testing to make sure you have them in place.

The companies that issue merchant accounts are responsible for verifying the compliance of their small customers.  The self-assessment form for the most common scenarios runs to 40 pages, and you have to be able to answer “YES” to every question in order to pass.

Why is this a problem?  Well, obviously the intention here is good.  Credit card data security is an incredibly important issue.

But there are a ton of nonprofits and others that operate small ecommerce sites using off-the-shelf ecommerce software such as ZenCart or Magento, or extensions to popular open-source CMSes such as Joomla, Drupal or Plone.  These systems, properly configured are quite secure (especially Plone!), and in truth, they are generally not storing or processing credit card data, merely instantaneously retransmitting it to an ecommerce payment gateway such as Authorize.net.

Still, since these systems are “transmiting” credit card data, they clearly fall under the scope of PCI and those systems therefore must be PCI compliant under the rules.  Failure to do this can expose an organization to fines, higher rates from their merchant account provider, or simply being cut off from the credit card system.  Not good.

So, with that setup, here are some questions/observations:

• I wonder how many small to midsized organizations there are out there that have the technical chops to make it through the 40-page self-assessment.  Probably not too many.

• What percentage of small merchants are actually achieving PCI compliance?

• How many small merchants are actually being required by their credit card providers to demonstrate PCI compliance? Is anybody being sanctioned?

• Are nonprofits who take credit cards offline or via virtual terminals being forced to achieve compliance, too?  (In theory they should be.)

• Shouldn’t open-source ecommerce developers be paying a bit more attention to this?  I think a lot of them are setting up their users for trouble, by making it easy to set up systems that expose not-very-sophisticated users to these complex requirements.  I suspect there’s a lot of misunderstanding out there.

• Crosscut.com exploring nonprofit model Crosscut.com, Seattle's independent journalism startup, is exploring shifting from a .com to a .org. interesting (tags: media journalism seattle)
• How To Tell Your VoteBuilders From Your MyBOs, Your Catalists From Your VANs - Marc Ambinder (tags: politics technology databases)

• Web site collects ideas for Obama's CTO - NYTimes.com nice going, Mike, Matt, Jesse, et al! (tags: politics technology)
• Obama's Win and the Power of Networking it's not the internet, it's the network. but technology helps you execute. great analysis from Duane Raymond (tags: politics strategy technology)

I’m really surprised by the adulation that the Obama transition team’s website, Change.gov, has gotten.  To me, it looks like a pretty design (all of Obama’s design work has been really excellent!), and a few web forms that dump your information into a black hole, never to be seen again (so far).  This is what “listening” looks like?

I applaud the speed with which they’ve gotten the site up, and I suppose I appreciate the symbolism of the gesture.  But unless they actually build some sort of actual conversation on top of this, or somehow reflect back what they’re hearing (”active listening” anyone?) I’m not going to be very impressed.

Newsweek offers convincing evidence that “mainstream media” is still possible and relevant with a fantastic, in-depth look behind the scenes of an epic election campaign.  Their web presentation is a bit choppy, but here are quick links to the seven in-depth chapters.  Well worth a read.

• Ch. 1: Barack Obama: How He Did It
• Ch. 2: John McCain: Back From the Dead?
• Ch. 3: The Long Clinton-Obama Siege
• Ch. 4: McCain Camp Retools, Targets Obama
• Ch. 5: Obama Sweats the Clintons, McCain Gambles on Palin
• Ch. 6: Battling it Out in the Great Debates
• Ch. 7: The Final Days

The team here at ONE/Northwest hosted Seattle’s World Plone Day event last night, part of a coordinated worldwide Plone “day of outreach” that reached over 22 countries.

Here in Seattle, we had a capacity crowd of about 40 folks, with a great mix of experienced Plone hands, Plone beginners and the “just curious.”  I gave a short “overview of Plone” talk, based heavily on the great slide deck that Constance Wilde put together for WPD, and my colleague Sam Knox did a short “basic training” for end-users.  We finished up with some Q&A, which was an interesting mix of really specific technical questions and general questions about features and capbilities.

All in all, a great event with a lot of positive energy.  Thanks to the entire global World Plone Day team for their tremendous organizing and cat-herding, as well as to the Seattle Plone community!

• Online Communities Design Patterns nice overview of the possible feature elements of online community tools (tags: design collaboration websites)

Today is World Plone Day, a global “day of outreach” for the Plone open-source CMS community.  In a few hours, we’ll be hosting 40+ folks here at ONE/Northwest HQ in Seattle, just one of the dozens of World Plone Day events taking place in over 22 countries around the world.

It’s been a pretty amazing global effort, thanks to some great work from Robert Allende, Gerry Kirk, Constance Wilde, Tim Knapp and many others.  And, judging from the IRC messages, Twitter posts, and live video streams, the various workshops have been well attended, enthusiastic and full of great Plone energy.

I’m really excited to close out the day in style here in Seattle!

• A N I M O T O creates animated videos from your images. very neat (tags: video tools slideshow cool)
• Dare Obasanjo aka Carnage4Life - Platform Monetization is a Two Way Street: Lessons from Facebook and Sun Microsystems facebook's platform is turning out to be a revolution that didn't last (tags: strategy social-networking business facebook)

• Stefano’s Linotype » Blog Archive » Why Programmers Suck at CSS Design good tips for novice CSS designers. (tags: css webdesign)

Ballard (and our neighbors in Fremont) get the in-depth treatment from the New York Times travel section.  Very cool to see a photo of Ballard farmer’s market on the homepage of the Gray Lady!

• Hostile takeover of Open Source Project TWiki Very sad. A good object lesson in what can happen to open-source projects that don't have their trademarks and intellectual property secured in a community-governed foundation. (tags: open-source legal)

Chris “cbcunc” Calloway has put together two great video visualizations of Plone’s community activity over the past eight (!) years.

Check out:

Plone core code swarm — a visual representation of the evolution of the Plone core from 2001 to 2008.

Plone collective code swarm — same idea, only this time it analyzes the universe of Plone add-on products

It’s really amazing to see the fireworks that surround major code checkins, and to see the moment in time when legendary Plone contributors like Martin “optilude” Aspeli and Hanno “hannosch” Schlichting (just to name two) first appeared on the scene. 

(Eagle-eyed viewers will spot my name flicker around the edges of the Collective from 2006 onward.)

Plone Code Swarm from Chris Calloway on Vimeo.

• Rough Type: Nicholas Carr's Blog: What Tim O'Reilly gets wrong about the cloud (tags: analysis web2.0 networks)
• How Environmental Activist Van Jones' Book "The Green Collar Economy" Reached The NYT Best Sellers List one way to go viral: lots of allies with big lists who think you're the cat's pajamas. hint: it helps if you are, in fact, the cat's pajamas (tags: marketing environment books)

• Plone Code Swarm amazing visualization of the plone codebase history (tags: plone fun)

• Calliflower fairly nifty phone + web conference calling tool (tags: voip conference-calls collaboration)
• The Bullitt Foundation (tags: plone-site onenorthwest environment)
• Green Guru Gone Wrong: William McDonough Fast Company digs into the less-than-attractive aspects of William McDonough. (tags: environment design sustainability)

• Transactional Email and Confirmation Messages (Jakob Nielsen's Alertbox) (tags: email engagement)
• Why Platforms Are Letting Us Down - And What They Should Do About It good overview of various "platform" efforts like Facebook, Open Social, Flock, Apple's App Store (tags: social-networking analysis)

Obama’s no socialist, but McCain and Palin are acting more and more like fascist demagogues all the time.  I’ll be glad when this election ends in a blowout that sends them both scampering back to their caves with the last remanants of the revanchist right.

Failed authoritarian movements needs scapegoats the way fecal coliform
bacteria need a steady supply of raw sewage, and this one has a lot of
failures that need explaining.