Yesterday I joined my frequent collaborators John Kenyon and Susan Tenby at the Marin Nonprofit Conference, where we presented a 90 minute panel on nptech, from servers to tweets. John deftly dished out the web strategy while Susan flooded us with expert advice on how to avoid social media pitfalls. I opened up the session with my thesis: You have too many servers, even if you have just one”. I made the case that larger orgs can reduce with virtualization tech and smaller orgs should be moving to the cloud. The crowd in Marin was mostly from smaller orgs, so I focused the talk more on the cloud option, and that’s where I got all of the conversation going. My goal with the slides was to do a semi “ignite”, given that I only had 25 minutes and I value the Q&A over the talking head time.Similar Posts:

• Putting The Tech Back In Nonprofit Technology
• The Sky is Calling
• Where I’ll Be At The 10 NTC
• The Evolution Of The NTEN Tech Track
• Both Sides Now

Photo by

First, I feel sorry for the early adopters. I came to Facebook late, long after I had reason to distrust Zukerberg and co, in response to the cajoling of some of my more notorious nptech friends. I never believed that anything I posted there was private, and I had been well trained in online reputation management by my prior years of activity on bulletin boards, Usenet, mailing lists and Twitter. For many of you, all of your early mistakes are about to be unearthed and offered for everyone to see, from new friends that you’ve made since you got your FB voice modulated, to advertisers who are eager to know that, three or four years ago, you were really into SpongeBob.

Second, this new API feature that allows an app to post your activity when it wants strikes me as the epitome of anti-social networking. I really appreciate that I can peruse my wall and see articles, pictures and clips that my friends, co-workers and family thought I might like to see. This is, perhaps, the biggest boon and focus of social networking: curated sharing. It’s not random; it’s not based on a metric; it’s based on someone I like enough to call a friend saying “I found this worthwhile”. But, were I to install the WaPo app, it would decide which articles I want to share with my community for me. So I might click on some very boring report on a White House policy effort, or a review of some TV Show that I’m checking to verify that I was right to ignore it, and WaPo will happily tell my friends that I’m reading about this or that. This sucks the value out of social networking and turns me into a spammer.

Reports came in today that Spotify, the popular online music service, now defaults to posting every song that you listen to to your FB profile. If I have twenty friends who listen to Spotify all day and do this, I’m afraid that I’ll never bother to read my FB feed again. It’s cool if you’re listening to that awesome Gillian Welch cover of Radiohead’s “Black Star” and want to share the occasion; it’s not if you follow it up with the Hall and Oates hit, the Eddie Veder Beatles cover and the Indigo Girls or Beyonce or Five for Fighting song that follows. I’m not THAT interested.

So Facebook is apparently about to take sharing into the realm of spamming, and make all of us the perpetrators. Nice move…Similar Posts:

• Losing Facebook
• Now that Mom’s on Facebook…
• Why I Don’t “Like” Facebook
• Shlock and Oh! Facebook’s social dysfunction
• Google Reader Reaches Out

For the three of you that noticed we were unavailable yesterday, my normally drama free (and wind-powered) hosting service, Canvas Dreams, had a nasty power failure and moved my domains to a new server. Since I follow what I consider to be a best practice of managing my DNS with a separate company from my hosting service (I’ve had to many unreliable hosting service experiences prior to finding Canvas Dreams), my site didn’t survive the transfer without a DNS update and, as usual, this all happened while I was out of town on a business trip. We’re back today.

In the Bay Area and still wrestling with the concepts of cloud computing? NTEN has you covered with a Cloud Computing mega event on Monday, August 29th. I’ll be presenting, along with such luminaries as Holly Ross, Allen Gunn, Donny Shimamoto and more.

And, finally, a bit of bragging about something I’m really excited about: we now have solar panels installed at our home (making this a very green blog indeed). We took a leasing deal from highly-rated Sungevity that should significantly reduce our energy costs along with our carbon footprint. Bill Gates might think home solar is a fad for the wealthy, but, hey, I work at a nonprofit and I not only can afford it, it will save me money. The picture above is our roof with the last panel being installed.Similar Posts:

• Here with the Wind
• NPTech Lineup Details
• The Lean, Green, Virtualized Machine
• The Sky is Calling
• Both Sides Now

Here’s my take on why, after the shininess fades, Google+ will still be an active social network.

First, they’ve learned from mistakes, theirs and others. They learned a lot from the failed Wave and Buzz projects, making privacy front and center; doing uncharacteristically flashy UI design (even stealing one of the Apple guys to do it); and not being too heavy-handed in the rollout. They are leveraging the Google App ecosystem, as Buzz tried to, but this seems like a cleaner and more serious effort—instead of just pasting a social network onto GMail, they’re incorporating apps like Picasa into it. Those of us already drinking the Google Koolaid (and they say that Google Apps is a high priority) will find it very useful (as opposed to redundant, as Buzz largely was).

The biggest lesson they learned was to not let people stream pollute as easily as they could on Buzz. I maintain that Buzz is a great platform for communications. It’s the ultimate cross between a blog and blog comments that could foster great conversations and raise the art of information sharing, if we didn’t have to wade through 20,000 redundant tweets to get to the good stuff. Google opened a floodgate of noise there, and too many users—including very good friends of mine—were happy to add to the din.

Second, they’ve created something compelling. It out-Facebook’s Facebook for interpersonal sharing and it can stretch to Twitter functionality. What’s powerful here is that, unlike Facebook, where targeting subsets of your friends requires advanced knowledge of the platform and a lot of patience, this interface makes it easy to either have an intimate chat or broadcast info widely. It’s easy to follow strangers that I’m not really interested in conversing with, at the same time that I can have deep talks with my close friends. They really got it right with Circles—friend/follower management on FB and Twitter is ridiculously kludgy in comparison. So, unlike Wave, which was too obtuse, and unlike Buzz, which wasn’t compelling, this is elegant and compelling. It wins people over.

Third, they’ve nailed SEO. The early adopters are raving about the hits it’s generating and the great statistics available. That’s going to be a more sticky draw than the shininess.

Most of all, they’ve emulated the cool Facebook stuff while shedding all of the annoyances. You can friend strangers here without over-sharing with them. You can +1 a commercial entity (or NPO) without inviting them to flood your stream with ads. You can tell your best friend something without sharing it with your mom. And that’s all easy; there’s no complicated help screen or multi-level privacy settings to contend with. It just works.Similar Posts:

• Why Google Buzz Should Be Your Blog
• The Buzz Factor
• Why I Don’t “Like” Facebook
• Google’s Creepy Profiles
• Shlock and Oh! Facebook’s social dysfunction

Image courtesy bonkedproducer

If your spam and cold calls haven’t resulted in a business relationship, tracking me down personally on LinkedIn, Twitter or Facebook won’t work either.

Let’s be clear: it’s not a secret that I have purchasing responsibility for IT at my company, and my business contact info is easy to find (or purchase). Mind you, I don’t hire companies based on their ability to locate that information and email or call me. I hire consultants and purchase products based on the recommendations in my communities. So cold contacting me might be inexpensive and easy for you to do, but all it tells me is that you don’t respect my time or privacy and you can’t sustain your business based on quality and word of mouth. Two strikes against you, whereas, before you cold-contacted me, you had none.

But, in failing to spam me into a relationship, taking it to LinkedIn or the contact form here is taking your pathetic and unprofessional approach to marketing into a whole new realm of sleaziness and creepitude. Cold-contacting me at my business email or on my business phone is annoying and pathetic, but far more appropriate that tracking down my personal, non-business addresses and contacting me at those. It’s called stalking.

I’m looking at you, Server Technologies. The fact that you’ve spammed me in the past does not mean that we have an established business relationship, as your LinkedIn invite falsely indicates.

And local IT Recruiters 58 and Foggy—you take the cake. Within two minutes, out of the blue, you cold-called my work number, emailed me personally via this blog, and sent me a LinkedIn invite. That was so over the top annoying that I not only will never do business with you, I’ll make sure that all of my professional acquaintances are warned away.

Because I seriously question what a company that violates my privacy as a means of introduction would do if I actually relied on them and dealt with them financially. Ethical behavior? Not a safe thing to assume. Professionalism? Already in the toilet.

Social networks offer a great avenue for the type of business promotion that works for me—word of mouth. Sincere recommendations from people who think you’re good at what you do because they’ve used your products or services. You can foster my business by doing well enough with your current customers that they will speak well of you online. You can also demonstrate your expertise by publishing materials and distributing them on Slideshare and other public repositories (including your web site, of course). If you put your energy into establishing your credentials, instead of shoving your uncertified opinion that you’re great into every channel that you can reach me through, you’ll get a shot at my business. But using these networks to harass and annoy potential customers is incredibly stupid and short-sighted. Similar Posts:

• Feed Fight
• Losing Facebook
• Microsoft’s Secret Giveaway
• Twitiquette
• The Buzz Factor

As my nptech crowd knows, I just got too busy over the years with other things to properly grow and manage this web site. As much as I love Krazy Kat (and my son’s middle name is Ignatz, no lie!), I have to prioritize my current pursuits. I am blessed with the opportunity to do meaningful work at Earthjustice, to blog, and to help out the nonprofit community where and when I can, as a board member at Idealware, a contributor to Techsoup, and a steadfast supporter of NTEN. There are only so many hours in a day.

Krazy.com had the distinction of being a short, catchy, .com domain name, which means that it’s sale value ain’t hay, and, while my life’s pursuits are pretty rich, I’m not. I got an offer that matched what the domain is professionally valued at, and I couldn’t afford to turn it down. It’s a melancholy moment—one of those decisions that isn’t difficult to make, but is sad all of the same, like trading in a beloved car that will cost too much to keep running.

In the more than 15 years that Krazy.com got steady traffic, from visitors that included Herriman’s great grand-daughter and Krazy Kat book cover artist Chris Ware, I built my career, got married, had a child, built a house, and lived a life that continues to be happy and rewarding. Krazy Kat is fond of singing “There is a heppy lend, fur, fur away”. My heppy lend is right here, and I’m sorry that I have to move away from my beloved Coconino County.

Similar Posts:

• New plan for Content!
• Why blog?
• Message to the Krazy.com Spammer
• Current Projects
• Dealing With Domains – Part 1

Jon Loomer’s career has evolved from overseeing Fantasy Basketball product, content, marketing and promotion for the National Basketball Association to his current position as VP of Strategic Marketing for a non-profit. His focus is on social media strategy, Facebook and mobile development. You can follow him on Twitter @JonLoomer or read his blog focused on the subject of baseball atTippingPitches.blogspot.com. The following opinions are his only and do not reflect those of his affiliations.

It took a few weeks, but internet rage over Facebook’s Like button and latest privacy ramifications is in full swing. Bloggers swinging at Facebook’s knee caps with aluminum bats seem to outnumber those who come to CEO Mark Zuckerberg’s defense 20:1. And if a blogger does post a defense, duck and cover as soon as you hit “publish” because the rage will bubble up from the comments section.

So when Peter asked me if I’d be interested in writing a guest post on his blog in defense of Facebook’s changes, I had mixed emotions. On one hand, I’m absolutely flattered that he’d ask. On the other, I’m uncomfortable taking a hugely unpopular stand. The position is so unpopular that it ventures into “controversial” territory. Can I post anonymously?

I’m not a controversial dude. And any controversial opinions I have, I tend to keep relatively private, restricted to my inner circle.

But here’s the irony: I share these “controversial” opinions on Facebook. And I only share them with a small group of friends by using lists. But to the outer circle, I’m a harmless guy without much flare for the dramatic.

You must be outraged!

I may avoid controversy, but Facebook feeds off of it. Everywhere I turn, I read another blog telling me how angry I should be with Facebook’s dangerous disregard for my privacy. And because of this, a small part of me is trying to convince the rest of me that I, too, need to be outraged. But I can’t conjure up the energy.

The Utility of Facebook
First a little background on me as a Facebook user. I’ve used Facebook since it rolled out to the non-student public in 2006. My company partnered with Facebook on an application for that initial launch. So I’ve been there from “the beginning.”

And I’ve also been there through a multitude of changes, some vertical and some lateral. No matter how major the changes were, they were controversial. And the uproars increased as the Facebook population screamed past 100, 200, 300 and 400 Million.

This undoubtedly has something to do with my lack of rage now. I’ve become numb to the anger. Whether it’s a Facebook change or any other controversial revelation, I try to remain level headed. Before I react negatively to Facebook’s changes in particular, I try them out for a while. Think about the end game and why they’d make the change. And when I read a rumor about how Facebook is going to charge a monthly fee, or that they allow pedophiles to access my profile, I research first.

While I haven’t agreed with every change Facebook has made, I still recognize that they have made gradual improvements over the course of the past four years that have resulted in a much better overall product. The navigation is vastly improved, and I have far greater control now over who sees what and when.

Sure, some things (name, profile photo, gender, current city, networks, friends, pages) are available to the public now. But these are not things that bother me. You could already pull up photos of my handsome mug (here, here, here and here) by running a Google search. I’d hope my gender is obvious. And although I did scale down my pages after they became publicly viewable, I am now comfortable sharing those interests with anyone who cares.

After that, I’ve always used my privacy settings. Status by status, link by link, photo by photo, I pick and choose my audience. There are times when I keep what I share to a small audience of “Good Friends.” There are others when I share with all of my friends, some of whom I don’t know. And still others, I’ll feel the need to share with “Everyone,” as in—shudder—everyone on the Internet.

But I also use Twitter. I maintain a blog. So there are certain things I’m used to sharing with everyone. And when I share with the world, I have a reason for doing so.

It’s because of this control that I find Facebook extremely useful. I can contact just about anyone from my 500+ connections in an instant. I can promote my blog or share my son’s lemonade stand to raise money for childhood cancer research. Or I can simply goof off casually with friends. But it’s all controlled.

I also control what it is that third party developers see and what my friends can share about me. Developers can access everything that is already available to the public (which isn’t a whole lot), and my friends can’t share much more than that about me either. So I leave enough available for most useful applications to work, but without giving away more than I am comfortable.

The New Features
So all that said, Facebook rolled out a few features recently that were said to impact my privacy. I personally found them to be brilliant. I knew there would be backlash (there always is), but I admit I didn’t expect anything at this scale.

The Like Button: This addition has essentially made millions of web pages an extension of Facebook. The collage of my friends’ faces acts as a welcome mat at the front door of sites that are new to me. My friend likes this? Let me check it out. My friend says I should go to this restaurant? Not a bad idea. These are things that I would have otherwise seen on Facebook, but now I see them at the source to provide more relevance.

Not only is the Like button good for me as a user, but it is also good for me from the business side—both on my blog (loosely defined as a business) and my organization’s web pages. I’ve quickly realized that users are much more inclined to click a Like button than go through the process of retweeting or even sharing through Facebook. It’s easy. It’s awesome.

Instant Personalization: Policies aside (we’ll get to this later), I love the idea. I can go to Pandora and immediately access music that I like or my friends like. I can go to Yelp and immediately find a restaurant that they recommend. There is so much to like here. It makes the web a warmer, more social, and more relevant place.

Updated Privacy Settings: This has caused a stir, but it really wasn’t a problem for me. As I mentioned before, I’ve always been on top of my privacy. So when the new privacy settings were rolled out, I took my time to make sure everything was set up the way I wanted. While some may claim that Facebook pulled a fast one on us, it’s not as if this was done discretely without you knowing. You were forced to go through the new settings and verify. Might it have been a bit overwhelming? Maybe. But if you care about your privacy like I do, it’s something you should understand.

Community Pages: This one has been run more on the down low because it is a beta product. Thousands of community pages have been created by Facebook and some general pages have been converted (often to the dismay of the administrator). Unlike the typical Facebook page, there is no admin control (at least for now) of the community page. It is, apparently, intended to be a wiki of some sort, with information fed by people’s content who like the page. It’s not clear yet what value, if any, these pages have, but the usage is likely to evolve.

The Confusion
Part of Facebook’s problem is that this new Facebook-centered web can be a bit startling at first. When you go to another website, you don’t expect to see a list of your Facebook friends who like something. You don’t expect a website you did not previously visit to know what you like and don’t like to make recommendations. But people need to simply look at the web as an extension of Facebook, particularly when using social plug-ins. Instead of viewing that your friend likes an ESPN article in your Facebook feed, you see it on ESPN.com. It’s not as if the world can see this information. What you see is different than what I see. And your privacy settings still apply, which may not be immediately obvious.

There is also confusion because there are very few blogs and articles being written on this subject that equally weigh the issue. Many make it seem as though all of our private content is at risk; that no matter how we adjust our privacy settings, everything is available to the world. They are biased towards negativity and rage because that’s what brings traffic. We are told to either delete our Facebook profiles or simply put them on lock-down, preventing everyone from seeing anything, disallowing instant personalization, and blocking as much information from third parties as possible.

The reality, at least as far as I can tell, is that the latest changes won’t harm you if you are already on top of your privacy settings and careful about what you share. But based on the media coverage, it would be easy for someone to overreact and go with the flock.

Show Me
This is my biggest problem with the outrage over Facebook’s changes: Almost everything I read is in abstract terms. Please, show me the danger of Facebook’s changes. You’ve probably seen this example of Facebook users who have told the world, knowingly or not, that they have cheated on a test. Well, I can do the same with Twitter users. What’s the point?

Maybe I should feel bad for people who unknowingly publish embarrassing information about themselves for the world to see, but I don’t. For many reasons.

First, let’s not fall for the claim that Facebook made this radical change from closed to open overnight. The latest change did allow search engine indexing of your public profile (if you kept the box checked to allow it) or of that information you shared with “everyone,” but keep in mind that the former definition of “everyone” was all users on Facebook. So you went from sharing embarrassing photos and information about yourself to 400 Million people to the entire world. Eh.

And again, Facebook forced us—all of us—to confirm our privacy settings. Did you ignore them? If you did, should I feel bad for you? Eh.

I understand that I don’t represent all Facebook users, and that’s a very good argument for anyone opposed to the changes. Most people do not spend the time refining their privacy. And many may simply be confused by the settings.

Still, if you’re confused, just restrict everything as much as possible. I keep seeing stats on number of settings and options, but if you just set everything to “Friends” (and your friends truly are your friends), you’ll be fine. Assuming, of course, you’re still careful about what you share.

Everyone needs their own global privacy policy, and this goes beyond Facebook. When you share, do so with the understanding that, even with the best possible settings, any friend can simply copy and paste your status; or save and repost your photo; or simply post a photo or story about something you did. No privacy settings can prevent stupid activity from being seen. It will eventually get out.

That said, I am leaving the door open slightly for the possibility that Facebook has given others far more access to my private life than I know. If this is the case, show me. Show me the application that could potentially harm me.

The Policies
While I enjoy using Facebook and am not in the “delete my profile” community, I admit that I’m not all that comfortable with the entire path that Facebook has taken. I enjoy the new features and am fine with the current privacy settings. However, I do think that they need to be better at communicating changes. They need to be better at communicating, from page to page, what is viewable and what isn’t. Go above and beyond to explain the user’s privacy. Smack them in the face with what audience they are sharing. While I do think Facebook has done a better job at communicating changes than they are given credit, they need to do more.

And I also agree that opt-ins instead of opt-outs are the best policy, particularly with a potentially controversial change. If you are so sure someone is going to want something, first make the compelling argument. Encourage them to check it. Show them what they’re missing if they don’t.

Even so, I firmly believe that putting too much focus on Facebook takes away the important focus on the user’s responsibility to do everything they can to protect themselves. As mentioned before, users needed to agree to each change. We need to be vigilant and understand the ramifications. And if you are too lazy to do the research to understand it, at the very least you need to be more careful about what you post.

How Facebook Can Get Out of this Mess
Just as I am not completely in Facebook’s corner on some of their policies, I also see ways for them to get out of this PR firestorm. While I don’t have much sympathy for the ignorant user, Facebook is still responsible for communicating that these are positive changes.

If I were Facebook, I’d do the following:

• Put a My Privacy: Who Sees This? link on Community Page by “Related Posts by Friends”


• Put a My Privacy: Who Sees This? link within social plug-ins, where feasible


• Put a My Privacy: Who Sees This? link on “trusted third party” sites that implement instant personalization


• Provide video and commentary explaining some of the changes, answering the criticisms, showing the user why the changes are good for them, and acknowledging that those changes are not for everyone, providing an easy explanation of how to protect themselves


• Provide regular webinars or tours on features and use of lists to everyone, not just those with the proper page connections


• Make Instant Personalization opt-in

The last item may be the trickiest since users have already technically opted in to instant personalization when they went through their new privacy settings for the first time. But considering this project is technically a pilot, there’s no need to automatically opt everyone in. Do what they did before. Bring up a box explaining what instant personalization is. Provide videos. Explain why it is good for them. Explain potential risks. Shoot down conspiracies. And then force the user to check the box if they want it.

In Conclusion
While I am not surprised by user backlash as a result of the most recent Facebook changes, I did not expect this level of outrage from mainstream media and technically savvy, intelligent people. With that in mind, it is important that we all do the following:

• Research and understand the benefits and risks involved


• Weigh those risks and benefits with the way that each person uses Facebook


• Understand and actively utilize Facebook’s privacy settings


• Establish a global “privacy setting,” understanding that if we are concerned about privacy we should always be careful about what we share

In the end, it’s personal. These changes are likely to affect me differently than they do you. Maybe Facebook is just too much of a hassle for you. Maybe Facebook does not offer enough benefit to you to actively manage a sometimes confusing control panel of privacy settings. Maybe you do have reason to be outraged. But I don’t believe this feeling is universal. We all need to rationally weigh the risks and benefits and decide what is best for us.Similar Posts:

• Why I Don’t “Like” Facebook
• Media and Mediums
• Drupal 101: Navigation
• Why Google+ Will Succeed Where Wave And Buzz Failed
• Things You Might Not Know About…

Photo by nitot/ / CC BY-NC-SA 2.0

Facebook announced dramatic changes in their service at their annual “F8” conference on Wednesday. Facebook used to be a network where you could establish semi-private communities with family, friends and like-minded sets of people. Now it’s an internet-wide info-sharing platform that can keep your friends, and the businesses and advertisers that Facebook partners with, fully briefed on all of your internet-based activities and opinions.

The biggest announcement was the introduction of the Open Graph and the new “Like” buttons for the web at large. Yesterday, you could only “like” or “fan” something that appeared on Facebook’s web site. Now you can “like” things anywhere that the social graph and like buttons are implemented. What you “like” will be shared with Facebook, your Facebook friends, and all of the applications you subscribe to on Facebook, and, depending on your Facebook privacy settings, the world at large.

Also this week, and all of a sudden, despite what you might have confirmed a few months ago when Facebook started this paradigm shift, your likes, interests and job history are now Google searchable. That’s right: even if you went in and flagged them as private, your only way to protect this information, as of yesterday, is to remove it (and wait a month for it to fall out of Google’s cache).

Online privacy is a relative concept

Much of the Facebook privacy that we lost wasn’t real privacy to begin with, because any time you add an application (such as a quiz), that application’s developers have complete access to your entire Facebook profile. Worse, anytime a friend invites you to use an application, that application gets access to your profile. You don’t have to lift a finger to have data that you’ve marked as private shared with strangers; you just have to have friends on Facebook who aren’t thinking that, by inviting you to compare movie favs, they’re telling a complete stranger your gender, age, birthdate, job history, sharing all of your photos and publishing your wall to them.

Why “Love it or leave it” is unfair

I have friends who are somewhat blaze about all of this. After all, nobody put a gun to my head and ordered me to join Facebook. I just got so many requests from friends and family that I caved. And, once I caved, I connected to a bunch of “blast from the past” friends, extended family, former co-workers and current associates. So, now have a real investment in Facebook as a social connector. Sure, if I don’t like these changes, I can just delete my account and be done with it. But I’m throwing away far more than just a social network profile—I’m tossing out my connection to my communities of friends, family and professional associates, who are now expecting me to be on Facebook with them.

I could decide that I don’t like the policies of my local utility company, too, and just cancel my service. But the services they provide enable other services that I want/require as well—such as light, heat, computing, communication. Leaving Facebook wouldn’t be as extreme as canceling power services, but, with 40 million users and climbing, Facebook is like a utility in many people’s lives, and it supports services in such a way that relationships beyond our relationship with the service provider are centered there.

Change Management

This is what is so dishonest about CEO Mark Zuckerberg’s repeated assertion that Facebook is only following the direction of the Internet as an open sharing platform. He is right abut the trend. But this is the equivalent of saying that the trend is now for baggy pants and see-through tops, so all of your clothing has been swapped out in accordance with the trend. The internet is all things to all people, and there are plenty of places on it where privacy and closed community are the norm. Just because the internet is becoming more open, it doesn’t mean that Internet users need to be dragged into this new era.

It all boils into “Opt Out” vs. “Opt In”, and respecting rather than walking all over your customers. Facebook began with an assumption of privacy; changes in that assumption should be acknowledged by each user before they are enacted. Facebook could have easily developed their platform in ways that give users the choice of having open or private profiles. Instead, they’ve simply switched our private data to public without asking if that compromises our security, reputation or preferences. And it doesn’t escape my notice that there’s great money to be made in having more personal info about what I like and who I share that information with.

What you should do if this concerns you

If you went in and verified/altered your Facebook privacy settings a month or two ago, you should make another visit ASAP. Facebook has turned it around. Beth Kanter has a good write-up on what has changed. If you have any custom Facebook Pages, look out there as well—even if you’ve set profile data to private, if you link to any of your profile info from a Facebook page, it will default back to public. Whatever you do with your privacy settings, most of your basic profile data is now public and there is no option to make it private. So review your employment history, “about” and likes sections to make sure that it only has data that you don’t mind sharing with Google searchers and every advertiser on earth.

It all boils down to this

Facebook is now like Twitter and Google, with even less options for privacy than those big public networks offer. This doesn’t have to be a bad thing, it’s just a very different thing, and the crime here is mostly that “F8” and “social graph” are not terms that the vast majority of the 40 million Facebook users are paying any attention to. If you’re reading this, you know better, so you can set your profile up with information that you don’t mind being in the public domain, and you can decide if you’re willing to “like” things on the internet and, thereby, expose yourself and your Facebook community to the demographic analysis and actions that will ensue. I won’t be abandoning Facebook over this, but I’m very restrictive in my use of it, and will continue to approach it with great caution.Similar Posts:

• Now that Mom’s on Facebook…
• Void Rage: Unable to Muster Facebook Anger
• Losing Facebook
• Google’s Creepy Profiles
• Shlock and Oh! Facebook’s social dysfunction

But, enough gushing. One of my (many) rants regards my concern that, although the biggest group of people that we call “nptechies” are the ones who support technology in their organizations, our biggest nptech conferences focus heavily on social media and the web (NTC, Netsquared, and now SXSW). It is true that the advent of social media and the interactive web is spawning a revolution in the way that we do advocacy and fundraising. But there is no less of a revolution in our server rooms, where virtualization, cloud computing and wireless devices are changing the entire way that we manage and deliver applications.

Our System Administrators, Support Specialists and Accidental Techies need to share in the peer support that can inform their efforts and help them feel more connected, both to their missions and the broader community. This year, in deference to a throat getting hoarse from ranting, I took a first stab at addressing this gap.

The Tech Track

The tech track was conceived as a six session “mini” track; five of the proposed sessions made the cut. The topics went from the basics to the broad overview:

• Tech Track 1: Working Without a Wire (But With a Net): Dealing with Wireless Networks, Laptops, and Cell Phones


• Tech Track 2: Proper Plumbing: Virtualization and Networking Technologies


• Tech Track 3: Earth to Cloud: When, Why and How to Outsource Applications


• Tech Track 4: Budget vs Benefits: Providing Top Class Technology in Constrained Resource Environments


• Tech Track 5: Articulating Tech: How to Win Friends and Influence Luddites.

Joining me in these sessions were fellow blogger Johanna Bates of OpenIssue, Matt Eshleman of CITIDC, Tracy Kronzak of Applied Research Center, John Merritt of the San Diego YMCA, Michelle Murrain of OpenIssue, Michael Sola of National Wildlife Federation and Thomas Taylor of the Greater Philadelphia Cultural Alliance.

Subject Matter

Instead of doing the usual Powerpoint presentations and talking to the crowd, we pulled the chairs into circles for these sessions and put the session agenda up for grabs, asking each group what issues, related to the session topic, were foremost in their minds. The conversation was rich, and served as a healthy catalogue of the challenges facing nonprofit technology practitioners. Some highlights:

• Supporting remote laptop use in a western state with very little wireless bandwidth available


• Securing our networks while making network data accessible on mobile devices


• Supporting use of and crafting fair policies to address the boom in mobile devices


• Understanding the risks and benefits of virtualizing servers and desktops


• Knowing how and when to virtualize, and how Storage Area Networks fit in the big picture


• Weighing the risk of cloud computing, which also entails weighing the risks of our non-cloud networks


• Knowing what to ask a cloud provider to insure that data is safe, even in the case of the provider going out of business


• Assessing the cost of owned vs service-provided applications


• Assessing the readiness of Cloud Computing, and moving large, complex server rooms to the cloud


• Chickens and eggs: what to do when IT is asked to budget, but is not part of the planning process prior?


• What strategies can be applied to provide good technology with limited budgets?


• What tools and resources are available to help with the budgeting process?


• How can we engage our users when we roll out new technology?


• How do we get them to attend training?

Next week, I’ll follow this up with some of the answers we came up with for these questions.Similar Posts:

• The Evolution Of The NTEN Tech Track
• The Sky is Calling
• Where I’ll Be At The 10 NTC
• Why I Won’t Be At NTC (And Why You Should Be)
• NTC Wrap-up

The first step in any data migration project is to determine if automating the task will be more work than just doing it by hand. Idealware has about 220 articles published; cutting and pasting the text into Drupal, and then cleaning up the formatting, would be a grueling project for someone. On the other hand, automating the process was not a slam dunk. Database data is easier to write conversion processes for than free form text. HTML is somewhere in the middle, with HTML codes that identify sections, but lots of free form data as well.

Converting HTML Articles with Regular Expressions

My toolkit (of choice) for this project was Sed, the Unix Stream Editor, and a generic installation of Drupal. Sed does regular expression searching and replacing. So I wrote a script that:

1. Deleted lines with HTML tags that we didn’t need;


2. stored data between title and body tags;


3. and converted those items to SQL code that would insert the title and article text into my Drupal database.

This was the best I could do: other standardized information, such as author and publishing date, was not standardized in the text, so I left calling those out for a clean-up phase that the Idealware staff took on. The project was a success, in it that it took less than two days to complete the conversion. It was never going to be an easy one.

Without going too far, the sed command to delete, say, a “META” tag is:

/

That says to search for a literal “less than” bracket (the forward slash implies literal) and the text meta and delete any line that contains it. A tricky part of the cleanup was to make sure that my search phrases weren’t ones that might also match article text.

Once I’d stripped the file down to just the data between the “title” and “body” tags, I issued this command:

s/.*(.*)/insert into articles (title, body) values (‘1’, ‘2’);/

This searches for the text between HTML “title” tags, storing it in variable 1, then the text between “body” tags, storing it in variable 2, then substitutes the variable data into a simple SQL insert statement in the replacement string. Iterating a script with all of the clean-up commands, culminating in that last command, gave me a text file that could be imported into the Drupal database. The remaining cleanup was done in Drupal’s WYSIWYG interface.

Blog Conversion

As I said, there is no such thing as a program or module that converts a Blogger Blog into Drupal format. And our circumstance was further complicated by the fact that the Idealware Blog was in Blogger’s legacy “FTP” format, so the conversion options available were further limited.

There is an excellent module for converting WordPress blogs to Drupal, and there were options for converting a legacy Blogger blog to WordPress. So, then the question was, how well will the blog survive a double conversion? The answer was: very well! I challenge any of you to identify the one post that didn’t come through with every word and picture intact.

I had a good start for this, Matthew Saunders at the Nonprofits and Web 2.0 Blog posted this excellent guide. If you have a current Blogger blog to migrate, every step here will work. My problem was that the Idealware blog was in the old “FTP” format. Google has announced that blogs in their original publishing format must be converted by May 1st. While this fact had little or no relationship to the web site move to Drupal, it’s convenient that we made the move well in advance of that.

To prep, I installed current, vanilla copies of WordPress and Drupal at techcafeteria.com. I tracked down Google’s free blog converters. While there is no WP to Drupal converter, most other formats are covered, and I just used their web-based Blogger to WordPress tool to convert the exported Idealware blog to WP format. The conversion process prompted me to create accounts for each author.

To get from WordPress to Drupal, I installed above-mentioned WordPress-import module. As with the first import, this one also prompted me to create the authors’ Drupal accounts. It also had an option to store all images locally (which required rights to create a public-writeable folder on the Drupal server). Again, this worked very well.

With my test completed, I set about doing it all over again on the new Idealware blog. Here I had a little less flexibility. I had administrative rights in Drupal, but I didn’t have access to the server. Two challenges: The server’s file upload limit (set in both Drupal and PHP’s initialization file) was set to a smaller size than my WordPress import file. I got around this by importing it in by individual blogger, making sure to include all current and former Idealware bloggers. The second issue was in creating a folder for the images, which I asked our host and designer at Digital Loom.com to do for me.

Cleanup!

The final challenge was even stickier—the posts came across, but the URLs were in a different format than the old Blogger URLs This was a problem for the articles as well. How many sites do you think link to Idealware content out there? For this, I begged for enough server access to write and run a PHP script that renamed the current URLs to their former names—a half-successful effort, as Drupal had dramatically renamed a bunch of them. The remainder we manually altered.

All told, about two hours research time, three or four hours conversion (over a number of days) and more for the clean-up, as I wasted a lot of time trying to come up with a pure SQL command to do the URL renaming, only to eventually determine that it couldn’t be done without some scripting. A fun project, though, but I’d call it a success.

I hope this helps you out if you ever find yourself faced with a similar challenge.Similar Posts:

• Regular (Expression) Magic
• More RSS Tools: Sharing Feeds
• Welcome!
• Instant Open API with Rails 2.0
• Wanna play with OpenID?

Long time readers of my ramblings here are aware that I drink the Google kool-aid. And they also know that I’ve been caught tweeting, on occasion. And, despite my disappointment in Google’s last big thing (Wave), I am so appreciative of other work of theirs—GMail, Android, Picasa—that I couldn’t pass up a go with their answer to Facebook and Twitter, Buzz.

Google, perhaps because their revenue model is based on giving people ad-displaying products, as opposed to selling applications, takes more design risks than their software-developing competitors. Freed of legacy design concepts like “the computer is a file cabinet” or “A phone needs a “start” menu“, they often come up with superior information management and communication tools.

What is Buzz?

Buzz, like Twitter and Facebook, and very much like the lesser used Friendfeed, lets you tell people what you’re up to; share links, photos and other content; and respond to other people’s posts and comments. Like Facebook, Friendfeed and Twitter (if you use a third party service like Twitterfeed), you can import streams from other services, like Google Reader, Flicker, and Twitter itself, into your Buzz timeline.

Unlike Twitter, there is no character limit on your posts. And the comment threading works more like Facebook, so it’s easy to keep track of conversations.

How is Buzz Different?

The big distinguishing factor is that Buzz is not an independent service, but an adjunct of GMail. You don’t need a GMail account to use it, but, if you have one, Buzz shows up right below your inbox in the folder list, and, when a comment is posted on a Buzz that you either started or contributed to, the entire Buzz shows up in your inbox with the reply text box included, so that continuing the conversation is almost exactly like replying to an email.

The Gmail integration also feeds into your network on Buzz. Instead of actively seeking out people to follow, Buzz loads you up from day one with people who you communicate regularly with via GMail.

Privacy Concerns

Buzz’s release on Tuesday spawned a Facebook-like privacy invasion meme the day that it was released—valid concerns were raised about the list of these contacts showing up on Buzz-enabled Google Profile pages. A good “get rid of Buzz” tutorial is linked here. To Google’s credit, they responded quickly, with security updates being rolled out two days later. I’m giving Google more of a pass on this than some of my associates, because, while it was a little sloppy, I don’t think it compares to the Facebook “Beacon” scandal. Google didn’t think through the consequences, or the likely reaction to what looked like a worse privacy violation than it actually was (contact lists were only public on your profiles if you had marked your profile “public”, and there was a link to turn the lists off, it just wasn’t prominently placed or obvious that it was necessary). Beacon, in comparison, started telling the world about every purchase you made (whether it was a surprise gift for your significant other or a naughty magazine) and there was no option for the user to turn it off. And it took Facebook two years to start saying “mea culpa”, not two days.

Social Media Interactions for Grownups

Twitter’s “gimmick”—the 140 character limit —defines its personality, and those of us who enjoy Twitter also enjoy the challenge of making that meaningful comment, with links, hashtags, and @ replies, in small, 140 character bursts. It’s understood now that continuing a tweet is cheating.

Facebook doesn’t have such stringent limits, but you wouldn’t necessarily know that to glance at it. It hasn’t shaken it’s dorm room roots; it’s still burdened by all of the childish quizzes and applications; and, maybe more to the point, cursed by a superficiality imposed by everyone having an audience composed of high school buds that they haven’t seen for a decade or two, and who might now be on the other side of the political fence.

But Buzz can sustain a real conversation—I’ve seen this in my day and a half of use. Partially because it doesn’t have Twitters self-imposed limit or Facebooks playful distractions; and largely because you reply in your email, a milieu where actual conversation is the norm. This is significant for NPOs that want to know what’s being said about them in public on the web. I noted from a Twitter post this week that the Tactical Philosophy blog had a few entries discussing the pros and cons of Idealists’ handling of a funding crisis. But Twitter wasn’t a good vehicle for a nuanced conversation on that, and I can’t see that type of dialogue setting in on Facebook. Buzz would be ideal for it.

The Best is Yet to Come

This week, Google rolled out Buzz to GMail. Down the road, they’ll add it to Google Apps for Domains. The day that happens, we’ll see something even more powerful. Enterprise microblogging isn’t a new idea—apps like Yammer and Socialcast have had a lot of success with it. I’m actually a big fan of Socialcast, which has a lot in common with Buzz, but I was stumped as to how I could introduce a new application at my workplace that I believe would be insanely useful, but most of the staff can’t envision a need for at all. What would have sold it, I have no doubt, is the level of email integration that Buzz sports. By making social conversations so seamlessly entwined with the direct communication, Google sells the concept. How many of you are trying hard to explain to your co-workers that Twitter isn’t a meaningless fad, and that there’s business value in casual communication? Buzz will put it in their faces, and, daunting as it might be at first, I think it will win them over.Similar Posts:

• Why Google+ Will Succeed Where Wave And Buzz Failed
• Why Google Buzz Should Be Your Blog
• The Road to Inbox:0
• Google’s Creepy Profiles
• Useful Tools and Tips

Here are a few updates topics I’ve posted on in the last few months:

Nonprofit Assessment

The announcement that GuideStar, Charity Navigator and others would be moving away from the 990 form as their primary source for assessing nonprofit performance raised a lot of interesting questions, such as “How will assessments of outcomes be standardized in a way that is not too subjective?” and “What will be required of nonprofits in order to make those assessments?” We’ll have a chance to get some preliminary answers to those questions on February 4th, when NTEN will sponsor a phone-in panel discussion with representatives of GuideStar and Charity Navigator, as well as members of the nonprofit community. The panel will be hosted by Sean Stannard-Stockton of Tactical Philanthropy, and will include:

• Bob Ottenhoff of Guidestar


• Ken Berger of Charity Navigator


• Lucy Bernholtz of Blueprint R & D


• Christine Egger of Social Actions


• David Geilhufe of NetSuite


• and host Holly Ross of NTEN.

I’ll be participating as well. You can learn more and register for the free event with NTEN.

The Half-Life of Internet Explorer 6

It’s been quite a few weeks as far as headlines go, with a humanitarian crisis in haiti; a dramatic election in Massachusetts; A trial to determine if California gay marriage-banning proposition is, in fact, discriminatory; high profile shakeups in late night television and word of the Snuggie, version 2 all competing for our attention. An additional, fascinating story is unfolding with Google’s announcement that they might pull their business out of China in light of a massive cybercrime against critics of the Chinese regime that, from all appearances, was either performed or sanctioned by the Chinese government. There’s been a lot of speculation about Google’s motives for such a dramatic move, and I fall in the camp that says, whatever their motives, it’s refreshing to see a gigantic U.S. corporation factor ethics into a business decision, even if it’s unclear exactly what the complete motivations are.

As my colleague Steve Backman fully explains here, here’s been some fallout from this story for Microsoft. First, like Google and Yahoo!, Microsoft operates a search engine in China and submits to the Chinese governments censoring filters. They’ve kept mum on their feelings about the cyber-attack. Google’s analysis of that attack reveals that GMail accounts were hacked and other breaches occurred via security holes in Internet Explorer, versions six and up, that allow a hacker to upload programs and take control of a user’s PC. As this information came to light, France and Germany both issued advisories to their citizens that switching to a browser other than Internet Explorer would be prudent. In response, Microsoft has issued a statement recommending that everyone upgrade from Internet Explorer version 6 to version 8, the current release. What Microsoft doesn’t mention is that the security flaw exists in versions seven and eight as well as six, so upgrading won’t protect you from the threat, although they just released a patch that hopefully will.

So, while their reasoning is suspect, it’s nice to see that Microsoft has finally joined the campaign to remove this old, insecure and incompatible with web standards browser.

Google Wave: Still Waters

I have kept Google Wave open in a tab in my browser since the day my account was opened, subscribed to about 15 waves, some of them quite well populated. I haven’t seen an update to any of these waves since January 12th, and it was really only one wave that’s gotten any updates at all in the past month. I can’t give away the invites I have to offer. The conclusion I’m drawing is that, if Google doesn’t do something to make the Wave experience more compelling, it’s going to go the way of a Simply Red B-Side and fade from memory. As I’ve said, there is real potential here for something that puts telecommunication, document creation and data mining on a converged platform, and that would be new. But, in it’s current state, it’s a difficult to use substitute for a sophisticated Wiki. And, while Google was hyping this, Confluence released a new version of their excellent (free for nonprofits) enterprise Wiki that can incorporate (like Wave) Google gadgets. That makes me want to pack up my surfboard.
Similar Posts:

• NPTech Lineup Details
• Is Google Wave a Tidal Wave?
• Wave Impressions
• Won’t You Let me Take You On A Sea Change?
• Swept Up in a Google wave

Now, you might think that’s a crazy idea, but  I think Buzz is about 80% of the way there. Last week, in my Google’s Creepy Profiles post, I made a suggestion (that someone at Google has hopefully already thought of) that it wouldn’t take much to turn a Profile into a full-fledged biography/lifestreaming site.  Just add some user-configurable tabs, that can contain HTML or RSS-fed content, and add some capability to customize the style of the profile.  Since I wrote that, I’ve been using Buzz quite a bit and I’ve really been appreciating the potential it has to deepen conversations around web-published materials.

I think some of my appreciation for Buzz comes from frustration with Google’s previous, half-hearted attempts to make Google Reader more social. If you use Reader heavily, then you know that you can share items via a custom, personal page and the “People You Follow” tab in Reader. You also know that you can comment on items and read others comments in the “Comments View”.  But it’s far from convenient to work with either of these sharing methods.  But, once you link your reader shared items to Buzz, then you aren’t using Reader’s awkward ionterface to communicate; you’re using Buzzes.  And Buzz, for all of Google’s launch-time snafus, is an easy to use and powerful communications tool, merging some of the best things about Twitter and Facebook.

So, how is Buzz suitable for a blog?

• It’s a rich editing environment with simple textile formatting and media embedding, just like a blog.


• Commenting—way built-in.


• RSS-capable – you can subscribe to anyone’s Buzz feed.


• Your Google Profile makes for a decent public Blog homepage, with an “About the Author”, links and contact pages.


• It’s pre-formatted for mobile viewing

What’s missing?

• Better formatting options.  The textile commands available are minimal


• XML-RPC remote publishing


• Plug-ins for the Google Homepage


• As mentioned, more customization and site-building tools for the Google Homepage.

Why is it compelling?

• Because your blog posts are directly inserted into a social networking platform.  No need to post a link to it, hope people will follow, and then deal with whatever commenting system your blog has to respond.


• Your blog’s community grows easily, again fueled by the integrated social network.


• Managing comments – no longer a chore!

This is the inverse of adding Google or Facebook’s Friend Connect features to your blog.  it’s adding your blog to a social network, with far deeper integration that Twitter and Facebook currently provide. Once Google releases the promised API, much of what’s missing will start to become available.  At that point, I’ll have to think about whether I want to move this island of a blog to the mainland, where it will get a lot more traffic.  I’ll definitely be evaluating that possibility.

• Why Google+ Will Succeed Where Wave And Buzz Failed
• Google’s Creepy Profiles
• The Buzz Factor
• Google Reader Reaches Out
• More RSS Tools: Using Google Reader for Research and Sharing

Google unveiled a bold new product last week; one of critical and compelling import to anyone who believes that their online reputation is important.  I’m not talking about Google Buzz.  I’m talking about Google Profiles.  This isn’t a new service—Google introduced the profile pages a few years ago.  But the release of Google Buzz has illuminated how important they are in Google’s plans, and how important they can be for us.  And if this profile is now a major component in my personal branding strategy, I demand better tools to manage it than Google has provided.

About a year ago, Google pointed out that, if you have a populated Google Profile, they will include it below the search results when people google your name. So, for someone like me—who does want to be easily located on the web, but has a reasonably common name, this seemed like a good deal, and I filled out my profile.  As a result, I’m prominently placed in the profile links when you search for my name, even though I’m about the fifth best known “Peter Campbell” on the web.

A Google Profile page contains four important pieces:

• Biographical information about you.


• Links to your important web sites.


• Secured contact information.


• Google Buzz integration.

The bio and links are much like other online profiles, such as Yahoo! and Facebook.  The contact info option is interesting, as you can share it with groups defined in your Google Contacts.  I can’t see a good reason to do this, as any group I’d be willing to share with (such as “family”) already knows how to find me and, if they don’t, they aren’t going to think to look at my Google Profile(!). So I’ve left this blank, as it seems like better security to not publish my address and phone number online if I don’t have a good reason to.

The Buzz integration is particularly worrisome.  First, by default, Buzz publishes your connections to your profile.  It’s easy to turn off, and recommended if you have any concern about anyone in the world knowing who your online friends are.  I turned this right off.

Second, your Buzz stream is published to the profile as well. So consider that—anything you say on Buzz gets added to your profile, which might be prominently placed in search results for your name (whereas your buzzes might not be).  We all know that employers are getting savvy, and searching the web for info about us as part of a candidate review.  But I assume that an employer seeing my Twitter stream on Twitter will bear in mind the context—Twitter, like Buzz, is a conversational medium.  A profile is much more like a resume.  I may well buzz about my favorite Doctor Who episode, but I’m not going to discuss TV shows on my resume…

The furor over Buzz’s privacy violations at rollout were really much more about the profiles—many new Buzz users didn’t even know they had  a Google Profile prior.

So, Google—I hope you’re listening.  If my Google Profile is going to factor more and more into my online identity—and the way that Buzz both highlights it and depends on it suggests so—you need to give me more tools and flexibility about how that profile looks and what information it contains.  Here’s what would make me feel like I have a profile on the web, as opposed to Google having a dossier on me on the web:

• Less structured content.  The “what can’t you find on Google” question is cute, but it’s not a key component of my personal branding.  Get rid of the cute stuff, and give me more options to share the info that I want to share, not that you necessarily want to hear.


• A logo, stylesheet, and other basic web design tools.  I’d like this to look more like this blog, with the black background and the Techcafeteria logo.


• My own tabs, and the ability to remove the extra tabs that you think I should have.  Mostly, the decision to publish my Buzz feed to my profile should be mine, not yours.  Make that optional, but add the ability to add new tabs and link them to other websites or RSS sources.

For an example, look at my home site at http://techcafeteria.com.  That is a profile, with info about me; lifestreaming; shared resources via RSS; and a contact form.  If Google Profiles could do what I ask, I’d scrap the current Techcafeteria site and link this blog, along with my other feeds, directly to my Google Profile, and redirect both techcafeteria.com and peterscampbell.com to it.

Until then, that’s not my profile.  That’s Google’s profile of me, and it’s a bit creepy.Similar Posts:

• Why Google Buzz Should Be Your Blog
• NPTech Update
• The Buzz Factor
• I’ve been busy
• How and Why RSS is Alive and Well

Domain Transfers

Transferring domains is a somewhat complex process that has been designed to minimize the risk of domain hijacking. In order to insure that transfers are performed by the actual owner of the domain, a few important measures are in place:

• Every domain has an authorization (a.k.a. EPP) code associated with it. Transfers can not occur without this code being submitted. If you don’t have this information, your current registrar does. Some registrars have automated functions that will deliver that information to the domain contact; others require that you ask for them via email to the registrar or their support ticket application. Registrars are required to provide you with these codes within five calendar days of your request. If they don’t, your best recourse is to determine who they get their domain authority from (there are only a handful of companies that resell registration services) and appeal to them for assistance.


• Communication is strictly through the registered “whois” email address of the domain owner. You can determine what that is by doing a whois lookup on your domain.
  
  Tip: While most domains can be looked up at http://whois.net. However, whois.net has some trouble with .org domains, so the alternative http://www.pir.org/whois is a more reliable source for most non-profit domains.
  
  
  If the address that your domain is registered with is either non-functional or owned by someone other than you, then you need to update it, via your current registrar’s web interface, before you can successfully transfer the domain.


• Domains can (and should) be locked to prohibit transfers before and after you switch registrars. Locking and unlocking your domains is usually done by you, from your registrar’s web site. If you don’t have options to do that when you log on to the web site, your registrar should do it for you upon request.

Transfer Procedures

To initiate the transfer, go to the web site of the registrar that you want to switch to and follow their instructions. They will have you submit a request and, upon receipt of your domain fees, issue an email to the email address associated with the domain containing a link to a form where you can confirm the request. That form will also ask for the authorization code. Subsequently – and this can take up to seven days – you’ll receive an email from your current registrar asking you to confirm the transfer request. Once that is submitted, the transfer should go through.

Detailed rules about how domains are transferred, as well as what the responsibilities of the registrars are in handling the transfers, are listed at http://www.icann.org/en/transfers/policy-en.htm.

Choosing Registrars

Registrars charge anywhere from $5.00 to $50 dollars for a year’s domain service. The two best known registrars are Network Solutions and GoDaddy. Many people go with Network Solutions because they’re the longest standing of the registrars (for many years, they were the only registrar). GoDaddy has become very popular by dramatically undercutting the cost. Note, though, that both of these registrars have been accused of questionable business practices:

• Network Solutions has engaged in “Front Running“, a questionable practice of locking domains that a potential customer might search for in order to block competitors from making the sale. They will also use subdomains of your domain to advertise, a practice called subdomain hijacking. A decent registrar will not seek to make profits based on your intellectual property.


• GoDaddy famously suspends accounts based on corporate requests. In 2007, they suspended seclists.org, a website that archives internet security mailing lists, per the request of MySpace, with no court order or valid complaint. MySpace was upset that content posted to one of the lists that Seclists archived was inappropriate. But, instead of contacting Seclists to deal with the content in question, GoDaddy closed the site and wouldn’t respond to desperate emails or phone calls regarding the sudden closure. Worse, after the fiasco was resolved, they were unrepentant, and reserve the right to shut down any site for any spurious reason. If your NPO does work that is in the least bit controversial, keep this in mind when considering GoDaddy.

Web Hosting and Registrars

Many registrars supplement their business by providing web hosting services as well. Some will even offered discounted or free domain registration with a hosting plan. While this simplifies things, it can also be a bit risky in the “eggs in one basket” sense. Having a separate registrar and control over your DNS service allows you to be more flexible with switching hosts, should your current host prove themselves unreliable or go out of business. And the web hosting industry is pretty volatile, with companies coming and going pretty quickly. I would suggest a best practice is to keep your host and registrar separate.Similar Posts:

• Dealing With Domains – Part 1
• Administrivia
• The Years Of The Kat
• Here with the Wind
• How to Send an All Staff Technical Email

You have a web site and you have a domain, and as long as the web site is up and running, everything is fine. But what happens if your domain is hijacked? What if you need to make changes to your domain registration, or register a new one, and your registrar is simply disinterested? What if they go out of business? Your domain name is a valuable property, and you should keep it in pro-active and trustworthy hands.

How Domain Registration Works

Domain registrars provide the service of keeping your domain name mapped with current information so that it can be found on the web. Domain names are meaningful aliases for numeric IP addresses, and aren’t technically required in order to host a web site. But, the internet would be hard to navigate if we could only find things by their numeric addresses.

The primary thing that a registrar does is to keep your contact (whois) data maintained; point your domain to the appropriate name servers; and allow you to move your domain to another registrar if you choose to.

Domain Services

In addition to domain registration, most registrars offer additional services, such as:

1. Are they accredited? ICANN, the organization that oversees domain management , accredits registrars. If they aren’t on ICANN’s list, they aren’t trustworthy.


2. Do they add a year to the existing expiration date, or charge you for a full year as of engagement? They should do the former.


3. Do they offer automated access to all functions (via web forms), including locking/unlocking domains, retrieval of authorization (EPP) codes, and modification of all whois records? (Some registrars prefer to list themselves as the technical contact. It should be up to you whether they can have an official name on your domain, not them).


4. Do they list a telephone number, and is it promptly answered during business hours?


5. Do they respond promptly to emails and support requests? The ability to communicate with your registrar is rarely needed, but, when it is, it’s critical – you don’t want them out of the loop if your domain is subject to an attempted hijack.


6. Do they offer the ability to manage DNS for mail servers and subdomains? While this is an added feature, it’s common enough to be worth expecting.


7. Do they have any additional services (examples above)? While these supplemental services are far from critical, they are convenient. More to the point, a company that is engaging in a robust suite of services is more likely to be focused on their business. The truth is that anyone can be a domain registrar, if they make the proper investment, but whether it’s a going concern or a neglected piece of extra income for them is a question you’ll want to ask.

Next week: Safely transferring domains and a word on web hosting completes the topic.Similar Posts:

• Dealing with Domains – Part 2
• The Years Of The Kat
• Wanna play with OpenID?
• What does OpenID mean to Non-Profits?
• Sleazy Sales Tactics and Social Networks

First, you’re looking at the newest Idealware board member. There’s still some paperwork to fill out, but this is a done enough deal that it’s worth mentioning here. I join at an exciting time, with our first book on the way; a new website about to be unleashed,  and the successful rollout of the Idealware Research Fund (which met it’s initial goal!).

Coming up in February is the Green IT Consortium/NTEN virtual conference on Greening your Technology. Matt Eshleman of CITIDC and I will be reprising the Server Virtualization session that we did at NTC last year. Mark down the date of February 10th, and look for details very soon, including after-conference get-togethers in SF and DC..

Also in February, but as yet not fully scheduled, I’ll be participating on an NTEN-sponsored panel with representatives of Guidestar, Charity Navigator, and the NPTech/Philanthropy community to discuss the upcoming changes in how these organizations assess nonprofits. I’ve been blogging about this potentially dramatic change in the way NPOs are assessed, along with the associated concerns, here and here.

April brings the big event: NTEN’s Nonprofit Technology Conference, 4/8 to 10, in Atlanta, Georgia this year.  I have a lot going on—I’m assembling a group of NTEN’s more technical presenters to lead the technology track, five sessions that will focus on the less trendy, but eternally critical tasks that nonprofit techs face daily: keeping the servers running (and virtualizing them); installing wireless; supporting computer use and planning and purchasing with little budget.  Our hope is that this track will not only impart a lot of useful information, but also serve as the introduction of a peer community for the front line NP techs. And I’ll be flying down early enough to participate in Day of Service and this year’s experimental unconference, where we’ll, among many other things, discuss how we standardize on shared outcome measurements and what that might look like.

The biggest challenge? Doing all this without breaking the stride on my work at Earthjustice, where I’m busy developing a case management system, installing email archiving software, deploying videoconferencing systems and prepping for Office 2007 and Document Management roll-outs, among other things; blogging weekly for the aforementioned Idealware; and spending as much quality time as I can get with my wonderful wife and kid. If you have any extra hours in the day to donate, send them here!Similar Posts:

• NPTech Lineup Details
• The Evolution Of The NTEN Tech Track
• My Full NPTech Dance Card
• Why I Won’t Be At NTC (And Why You Should Be)
• What I’ve been up to

Google Search Filtering

Have you ever clicked the “Show Options” link on your results page? Do a search for whatever interests you and try it (it’s located right under the Google logo). This will add a left navigation bar with some very useful filtering options. Of note, you can narrow to a trendy real-time search buy clicking on “Latest” under “Any Time”; choose a date range,filter out the pages that you’ve seen, or haven’t seen yet – how useful is that for finding that page that you googled last week but didn’t save? The funny thing is that Google has an “Advanced Search” screen, which, of course, can do many things that this bar can’t (such as searching for public domain media).

Microsoft Outlook Shortcuts

If you use Outlook, you know how simple it is to find your mail and calendar. Other common folders are conveniently placed in your default view. But if you’re the slightest bit of a power user, or you work in an environment where users share mailbox folders or use Exchange’s Public Folders, than keeping track of all of those folders can get a bit tedious. That’s what the Shortcut view is for. Buried below the Mail, Calendar and Task buttons, you can move it up to the visible button list by right-clicking on the bar area (in the lower-left hand corner of Outlook 2003 or 2007’s screen) and choosing “Navigation Pane Options”. Highlight “Shortcuts” and then click “Move up” enough times to get it in one of the first four positions. Click OK, then click on the “Shortcuts” bar. From here, you can add new shortcuts and, optionally, arrange them in shortcut groups. You can rename the shortcuts with more meaningful titles, so that, if, say, you’re monitoring a norther user’s inbox, you can give it their name instead of having two folders named “Inbox”. One tip: to add shortcuts to a group, right-click on the group title and add from there.

Facebook Friend Lists

Nothing makes Facebook more manageable than Friends Lists, and, with the new security changes, this is more true than ever. If you’re like me, your connections on Facebook span every facet of your life, from family to childhood friends to co-workers. Wouldn’t it be useful to be able to send links and messages to all of your co-workers but not your friends, or vice-versa? Click on “Friends” from the Facebook menu, then all connections. If you’ve become a fan of a page or two, you’ll see that Facebook has already created two lists for you: Friends and Pages. To make more, scroll through your connection list and click to “Add to List” option to the right. You can create new lists from there, and add friends to multiple lists.

When you share a link, note, video or whatever, you can choose which list to send it to by clicking on the lock icon next to the “Share” button and choosing “Customize”.

There Are More

Did you know about these features? Are there other ones that you use that make your use of popular applications and web sites much more manageable? Leave a comment and let us know.Similar Posts:

• Tweaking Twitter
• Useful Tools and Tips
• Google’s Creepy Profiles
• Void Rage: Unable to Muster Facebook Anger
• About that Google Phone

Awkwardness

To put Wave in perspective, I clearly remember my first exposure to email.  I bought my first computer in 1987: a Compaq “portable”. The thing weighed about 60 pounds, sported a tiny green on black screen, and had two 5 and 1/4 inch floppy drives for applications and storage).  Along with the PC, I got a 1200 BPS modem, which allowed me o dial up local bulletin boards.  And, as I poked around, I discovered the 1987 version of email: the line editor.

On those early BBSes, emails were sent by typing one line (80 characters, max) of text and hitting “enter”.  Once “enter” was pressed, that line was sent to the BBS.  No correcting typos, no rewriting the sentence.  It was a lot like early typewriters, before they added the ability to strike out previously submitted text.

But, regardless of the primitive editing capabilities, email was a revelation.  It was a new medium; a form of communication that, while far more awkward than telephone communications, was much more immediate than postal mail.  And it wasn’t long before more sophisticated interfaces and editors made their way to the bulletin boards.

Google Wave is also, at this point, awkward. To use it, you have to be somewhat self-confident right from the start, as others are potentially watching every letter that you type.  And while it’s clear that the ability to co-edit and converse about a document in the same place is powerful, it’s messy.  Even if you get over the sprawling nature of the conversations, which are only minimally better than  what you would get with ten to twenty-five people all conversing in one Word document, the lack of navigational tools within each wave is a real weakness.

Redundant?

I’m particularly aware of these faults because I just installed and began using Confluence, a sophisticated, enterprise Wiki (free for nonprofits) at my organization. While we’ve been told that Wave is the successor to email, Google Docs and, possibly, Sharepoint, I have to say that Confluence does pretty much all of those things and is far more capable.  All wikis, at their heart, offer collaborative editing, but the good ones also allow for conversations, plug-ins and automation, just as Google Wave promises.  But with a wiki, the canvas is large enough and the tools are there to organize and manage the work and conversation.  With Wave, it’s awfully cramped, and somewhat primitive in comparison.

Too early to tell?

Of course, we’re looking at a preview.  The two things that possibly differentiate Wave from a solid wiki are the “inbox” metaphor and the automation capabilities. Waves can come to you, like email, and anyone who has tried to move a group from an email list to a web forum knows how powerful that can be. And Wave’s real potential is in how the “bots”, server-side components that can interact with the people communicating and collaborating, will integrate the development and conversation with existing data sources.  It’s still hard to see all of that in this nascent stage.  Until then, it’s a bit chicken and egg.

Wave starting points

There are lots of good Wave resources popping up, but the best, hands down, is Gina Trapini’s Complete Guide, available online for free and in book form soon. Gina’s blog is a must read for people who find the types of things I write about interesting.

Once you’re on wave, you’ll want to find Waves to join, and exactly how you do that is anything but obvious.  the trick is to search for a term “such as “nonprofit” or “fundraising” and add the phrase “with:public”. A good nonprofit wave to start with is titled, appropriately, “The Nonprofit Technology Wave”.

If you haven’t gotten a Wave invite and want to, now is the time to query your Twitter and Facebook friends, because invites are being offered and we’ve passed the initial “gimme” stage.  In fact, I have ten or more to share (I’m peterscampbell on most social networks and at Google’s email service).Similar Posts:

• Is Google Wave a Tidal Wave?
• More RSS Tools: Managing Content with Pipes
• Swept Up in a Google wave
• Won’t You Let me Take You On A Sea Change?
• Evaluating Wikis

Yes, we do Twitter requests!

To break down that tweet a bit, kanter is the well-known Beth Kanter of Beth’s blog. pearlbear is former Idealware blogger and current contributor Michelle Murrain, and Beth asked us, in the referenced blog post, to dive a bit into internet security and how it contrasts with internet privacy concerns. Michelle’s response, offers excellent and concise definitions of security and privacy as they apply to the web, and then sums up with a key distinction: security is a set of tools for protecting systems and information. The sensitivity of that data (and need for privacy) is a matter of policy. So the next question is, once you have your security systems and policies in place, what happens when the the policies are breached?

Craft a Policy that Minimizes Violations

Social media is casual media. The Web 2.0 approach is to present a true face to the world, one that interacts with the public and allows for individuals, with individual tastes and opinions, to share organizational information online. So a strict rule book and mandated wording for your talking points are not going to work.

Your online constituents expect your staff to have a shared understanding of your organization’s mission and objectives. But they also expect the CEO, the Marketing Assistant and the volunteer Receptionists to have real names (and real pictures on their profiles); their own online voices; and interests they share that go beyond the corporate script. It’s not a matter of venturing too far out of the water—in fact, that could be as much of a problem as staying too close to the prepared scripts. But the tone that works is the one of a human being sharing their commitment and excitement about the work that they (and you) do.

Expect that the message will reflect individual interpretations and biases. Manage the messaging to the key points, and make clear the areas that shouldn’t be discussed in public. Monitor the discussion, and proactively mentor (as opposed to chastising) staff who stray in ways that violate the policy, or seem capable of doing so.

The Case for Transparency

Transparency assumes that multiple voices are being heard; that honest opinions are being shared, and that organizations aren’t sweeping the negative issues under the virtual rug. Admittedly, it’s a scary idea that your staff, your constituents, and your clients should all be free to represent you. The best practice of corporate communications, for many years, was to run all messaging through Marketing/Communications experts and tightly control what was said. I see two big reasons for doing otherwise:

Controlled messaging worked when opening your own TV or Radio Station was prohibitively expensive. Today, YouTube, Yelp and Video Blogs are TV Stations. Twitter and Facebook Status are radio stations. The investment cost to speak your mind to a public audience has just about vanished.

Is the importance of hiding something worth the cost of looking like you have something to hide? At the peak of the dot com boom, I hired someone onto my staff at about $10k more (annually) than current staff in similar roles were making. An HR clerk accidentally sent the offer letter to my entire staff. The fallout was that I had meaningful talks about compensation with each of my staff; made them aware that they were getting market (or better) in a rapidly changing market, and that we were keeping pace on anniversary dates. Prior to the breach, a few of my staff had been wrongly convinced that they were underpaid in their positions. The incident only strengthened the trust between us.

The Good, the Bad, and the Messenger

Your blog should allow comments, and—short of spam, personal attacks and incivility—shouldn’t be censored. A few years ago, a former employee of my (former) org managed to register the .com extension of our domain name and put up a web site criticizing us. While the site didn’t get a lot of hits, he did manage to find other departed staff with axes to grind, and his online forum was about a 50-50 mix of people trashing us and others defending. After about a month, he went in and deleted the 50% of forum messages that spoke up for our organization, leaving the now one-sided, negative conversation intact. And that was the end of his forum; nobody ever posted there again.

There were some interesting lessons here for us. He had a lot of inside knowledge that he shared, with no concern or allegiance to our policy. And he was motivated and well-resourced to use the web to attack us, But, in the end, we didn’t see any negative impact on our organization. The truth was, it was easy to separate his bias from his “inside scoops”, and hard to paint us in a very negative light, because the skeletons that he let out of our closet were a lot like anybody else’s.

What this proves is that message delivery accounts for the messenger. Good and bad tweets and blog posts about your organization will be weighed by the position and credibility of the tweeter or blogger.

Transparency and Constituent Data Breaches

Two years ago, a number of nonprofits were faced with a difficult decision when a popular hosted eCRM service was compromised, and account information for donors was stolen by one or more hackers. Thankfully, this wasn’t credit card information, but it included login details, and I’m sure that we all know people who use the same password for their online giving as they do for other web sites, such as, perhaps, their online banking. This was a serious breach, and there was a certain amount of disclosure from the nonprofits to their constituents that was mandated.

Strident voices in the community called for full disclosure, urging affected nonprofits to put a warning on the home page of their web sites. Many of the organizations settled for alerting every donor that was potentially compromised via phone and/or email, determining that their unaffected constituents might not be clear on how the breach happened or what the risks were, and would simply take the home page warning as a suggestion to not donate online.

To frame this as a black and white issue, demanding that it be treated with no discretion, is extreme. The seriousness and threat that resulted from this particular breach was not a simple thing to quantify or explain. So it boils down to a number of factors:

• Scope: If all or most of your supporters are at risk, or the number at risk is in the six figure range, it’s probably more responsible, in the name of protecting them, to broadcast the alert widely. If, as in the case above, those impacted are the ones donate online, then that’s probably not close to the amount that would fully warrant broad disclosure, as even the strident voice pointed out.

• Risk: Will your constituents understand that the notice is informational, and not an admission of guilt or irresponsibility in handling their sensitive data? Alternatively, if this becomes public knowledge, would your lack of transparency look like an admission of guilt? You should be comfortable with your decision, and able to explain it.
• Consistency: Some nonprofits have more responsibility to model transparency than others. If the Sunlight Foundation was one of the organizations impacted, it’s a no-brainer. Salvation Army? Transparency isn’t referenced on their “Positions” page.
• Courtesy: Some constituencies are more savvy about this type of thing than others. If the affected constituents have all been notified, and they represent a small portion of the donor base, it’s questionable whether scaring your supporters in the name of openness is really warranted.

Since alternate exposure, in the press or community, is likely to occur, the priority is to have a consistent policy about how and when you broadcast information about security breaches. Denying that something has had happened in any public forum would be irresponsible and unethical, and most likely come right back at you. Not being able to explain why you chose not to publicize it on your website could also have damaging consequences. Erring on the side of alerting and protecting those impacted by security breaches is the better way to go, but the final choice has to weigh in all of the risks and factors.

Conclusion

All of my examples assume you’re doing the right things. You have justifiable reasons for doing things that might be considered provocative. Your overall efforts are mission-focused. And the reasons for privacy regarding certain information are that it needs to be private (client medical records, for example); it supports your mission-based objectives by being private, and/or it respects the privacy of people close to the information.

No matter how well we protect our data, the walls are much thinner than they used to be. Any unfortunate tweet can “go viral”. We can’t put a lock on our information that will truly secure it. So it’s important to manage communications with an understanding that information will be shared. Protect your overall reputation, and don’t sweat the minor slips that reveal, mostly, that you’re not a paragon of perfection, maybe, but a group of human beings, struggling to make a difference under the usual conditions.
Similar Posts:

• Why Geeks (like Me) Promote Transparency
• Who owns my content?
• Pop Quiz: PCI Compliance
• Why I Don’t “Like” Facebook
• Complying with Data Security Regulation