2017-08: Monetization

Posted on 21 August 2017 by Marc

Location: Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, ON (Look for the building with the Communitech, Google, and Desire To Learn logos, enter at the glass doors.)
Date: 21 August 2017
Time: 7:00-9:00PM

How can a Non-Profit organization raise money from their services? Can a Not-For-Profit organization make a profit? Why do some NonProfit organizations have separate corporate entities for fundraising and their core business? How do NonProfit SysAdmins manage crowdfunding? How does monetization affect NonProfit status? How does monetization affect legislation concerning mailing lists? What does the NonProfit SysAdmin need to know to enable monetization on the Internet? What software exists to enable monetization?

Join us to discuss these and other ideas for monetization.

–Marc Paré & Bob Jonkman

=====

Resources

Which Crowdfunding Platform Is Best for Your Nonprofit? | TechSoup Canada

Canada’s Law on Spam and Other Electronic Threats – Home – Canada’s Anti-Spam Legislation

Meeting Notes

What NonProfit Organizations sell stuff?

  • Publishing companies
  • Food co-ops
  • Musical societies (CDs, services)
  • Event admission for political groups, rallies

Two companies?

  • If activities don’t fit within the mission statement, then CRA may consider it a separate, for-profit company
  • Charitable companies are particularly vulnerable, hassled by CRA

Drawbacks to monetization

  • Need End-of-year reports, tax knowledge
  • Need an audit/auditor over a certain amount (maybe $100K?)
  • Tricky to justify certain kinds of income, esp if there is significant profit
    • Need a budget that justifies certain expenses eg. equipment
  • People don’t have enough knowledge of IT systems to use them properly
    • Using spreadsheets that don’t integrate with financial systems
      • But still better than a Word Document
    • Frustrating for SysAdmins, who need to provide support
    • No user knowledge of version control, journalling, &c.
  • The Treasurer position of a NonProfit has frequent turnover, no continuity
    • Treasurer may be volunteer, unskilled for the task
  • Some NonProfits deal with esoteric financials (book sales, royalties), may not have a system in packaged software
  • Need specific information that the grant agency (that provides funds) wants to see
  • Concerns with transparency, opening the books for the public
  • Who maintains privacy of finances?
    • Need a designated Privacy Officer

Methods of monetization

  • “Legacy Gifts”: Larger groups (orchestras?) are pitching bequeathing estates as donations, triggered by a will.
    • Important to performance groups, as their audience ages
    • In Europe, cities a fraction of the size of KW get government funding for the arts, so fundraising not necessary
    • In Canada there are people hired by NonProfit art and performance organizations to do nothing but acquire funding through donations
  • Integrate small NonProfit groups into the finances of a larger organization, eg. at a University
    • But the reporting needs may not be adequate.
  • Need to know about methods for funding proposals
    • Software? Forms? Documents?
  • http://career.publicoutreachgroup.com/ Facilitates fundraising for non-profits
  • Community Foundations will organize the funding for NonProfits, eg. Kitchener-Waterloo Community Foundation
    • Other arts groups set up their own foundations, eg. KW Symphony
    • Or set up your own foundation, then the KW Community Foundation will provide the administration for it

What does a SysAdmin do to enable monetization?

  • Not too interested in accounting
  • Shopping carts on websites
    • Not done internally, this gets contracted out
  • Point-of-sale systems?
    • Need to combine with sales data from other systems
  • Provide integration to other systems
  • Select and set up Crowdfunding platforms

Crowdfunding

  • Has Crowdfunding passed its peak? It was the big thing two or three years ago.
  • What criteria are used to select a Crowdfunding source?
  • Techsoup: https://www.techsoupcanada.ca/en/community/blog/which-crowdfunding-platform-is-best-for-your-nonprofit
  • Centre for Social Innovation in Toronto:
    • Bring your own audience, your own following, before starting the campaign
    • Pretty much everyone involved already needs to be in place
    • Crowdfunding sites don’t necessarily increase your reach, or attract more contributors
    • Crowdfunding is good for devices, eg. Pebble Watch
  • If you haven’t reached your funding level in three months, it’s not likely to fly
  • There are “Crowdfunding Brokers”
    • providing Consultancy, advocacy,
    • Centre for Social Innovation trying to get social advocacy agencies involved (two or three years ago)
  • City of Waterloo had a program to crowdfund Civic Improvements
    • Had their own website
    • People proposed their own projects, advocated for them, got the funding. Then the City would implement them.
      • Thorough failure… People did not want to give money for things they had already paid for through taxes
  • Education: Raising money for supplies, program was halted by the Ministry of Education: “We already provide funding for that.”

Financial Software

Needs dedicated staff to manage privacy issues, but if your NonProfit Org has enough staff to maintain it, it’s very effective

  • Purchasing financial software also purchases the skills and expertise of building such a system (Lawyers, accountants)
    • A way of recording transactions without requiring the expertise of accountants
    • Avoid bitrot (spreadsheets may not be the same from one year to the next)
  • QuickBooks?
    • Has a non-profit module
    • QuickBooks is common, but doesn’t provide the detail for non-profits
      • eg. selling worldwide through Amazon, QuickBooks doesn’t provide geographic customer data
    • Dedicated software provides more granularity in recording transactions.
    • with QuickBooks you still need other tools to record other data
  • Spreadsheets are prone to user error, eg. changing or deleting a formula
  • Orgs hold fundraisers to pay for events
    • Events themselves may raise funds through admission fees
  • There exists fundraising software
    • Similar to contact management software, eg. CiviCRM, Sales Force Automation, Symantec ACT!
    • CiviCRM provides metrics, eg. number and amount of donations
      • Metrics are really important for donations and ticket sales
    • Good for larger NonProfit orgs, too complicated for small ones
    • And with a list of donors, privacy becomes a concern
    • Some integrates well with financial/accounting software
    • Detects patterns of donations, sends out requests only at the correct intervals, or when donors are ready
    • Coordinates with maturity of investments held by donors, when NonProfits can get a pledge.
    • Good software can snipe other NonProfits looking for donations
  • “Grant Station” (subscription software, available through TechSoup)
    • TechSoup subscription is more flexible (cheaper) than purchasing directly from Grant Station
    • Provides a list of Canadian and American grant agencies
    • helps prepare online pitches for donations
    • Hones your skills in preparing grant applications
  • “Canada Donates” is also useful for NonProfits

Accounting software:

http://www.techsoupcanada.ca/en/taxonomy/term/287

  • Newviews
  • QuickBooks
  • MYOB (Mind Your Own Business) (defunct? Only in Australia?)
  • Microsoft Money
  • GNUcash (Free Software)
  • Scrooge (chequebook model, not really for NonProfits) (FS, KDE)
  • FrontAccounting (ERP)

Tax Software

“If you’re looking to monetize your NonProfit group, joining TechSoup is very beneficial.” (spontaneous endorsement from KWNPSA attendee)

Posted in Monetization, Past Meetings | Leave a comment

2017-07: Mail Management

Posted on 17 July 2017 by BobJonkman

Location: Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, ON (Look for the building with the Communitech, Google, and Desire To Learn logos, enter at the glass doors.)
Date: Monday, 17 July 2017
Time: 7:00-9:00PM

Event Announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/240752492/

Is e-mail obsolete? If not, how can we provide e-mail services to our Non-profit organizations? Do we treat internal, staff e-mail differently from our clients’ e-mail? How do we communicate with large groups? What mailing list services are there? Do we just give all our e-mail to Google and Microsoft? Maybe we can use the e-mail from our ISPs? They advertise “unlimited mailboxes”, right? Do we run our own e-mail servers? But then, how do we deal with spam, blocklists, and e-mail providers that don’t play fair? And, is it “E-mail” or “Email”?

KWNPSA is in the process of setting up our own e-mailing lists, and we have plenty of e-mail system administrators in the group. Looking forward to a lively Round Table discussion!

–Bob Jonkman & Marc Paré

Meeting Notes

Alternatives to E-mail

  • Aren’t we all on Slack by now?
    • Slack has some free options, also paid ones
    • eg. voice and video options
    • E-mail threads have messages and reply text, but slack has just the continuous stream-of-consciousness
    • Bots: “What’s my schedule on Thursday?”, “Bot, book me lunch with Kirk on Tuesday”
      • Regular expression bots, “human in the loop” bots, and “IBM Watson” hyperintelligent bots
      • Bots really made it, turned Slack into a marketable product (opened the platform, API)
    • But whatever happened to Google Wave and Google Buzz?
    • Is there a Slack-to-Email bridge? Maybe on Rocket.Chat
      • Privacy and datamanagment concerns: who stores your chats? streams? e-mail?
    • Spammers on Slack? It’s a closed environment, you know your spammer (unlike e-mail)
    • But there can be public “Talk to a sales rep” windows
  • Kik also opened their platform
  • Rocket.Chat – “Slack-alike”
    • web client & phone apps
    • e-mail gateway, LDAP gateway
    • Drag’n’drop filesharing
    • Self-hosted, on Ubuntu as a Snap
    • Self-hosted, so you have control over your own data
    • kwvoip.ca may set this up…
  • XMPP – Cisco bought Jabber.com (now Cisco Jabber)
  • Matrix / Riot

Ease-of-Use

E-mail is so easy to use, people use it for everything

  • File storage
  • Instant messaging
  • Archival storage
  • Operating System?
    • Heard of people who use git as a mail repository

Difficulty-of-Admin

  • Struggle with Exchange and Outlook
    • Weird problems, eg. indexes
    • Would weird problems like indexing exist on Office365?
  • Large systems are constrained only by the time and effort of the SysAdmin
    • Or sufficient funds to purchase vendor support

Spam Mitigation

  • Large mail providers silently drop some mail, receivers and senders have no idea it’s not delivered
  • Need to bring mail filtering inhouse
    • Opinion that the only effective filters are Bayesian filters on content, not geo-blocks, IP-blocks, or domainname-blocks
  • DMARC and DKIM (both broken for mailing list use)
  • Dealing with blocklists
    • Blocklists are reputation managers
    • Small orgs sending mail are incorrectly identified as spammers
    • Blocklist providers have no incentive to lift blocks based on the requests of senders (otherwise every spammer would make that request)
    • Recipients of failed messages need to contact their mail providers to stop the mail providers from subscribing to bad blocklists
    • Filter provider needs to hold the spam for subsequent retraining (problems with privacy and data control)
  • Organizations block access to external mail providers
Posted in Mail Management, Past Meetings | Leave a comment

2017-06: Malware

Posted on 12 June 2017 by BobJonkman

Location: Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, ON (Look for the building with the Communitech, Google, and Desire To Learn logos, enter at the glass doors.)
Date: Monday, 12 June 2017
Time: 7:00-9:00PM

Event Announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/239940239/

Breaking News: Dozens of countries affected by ransomware cyberattack (CBC News, 12 May 2017)

Are you protected from malware? On your desktop computers? On your servers? Does your staff have malware protection at home? Is anti-virus software enough? What’s “ransomware”? What’s the difference between a virus, a trojan, and a phishing attack? Does it matter? How do you protect yourself from malware? What’s the best way to react to a malware outbreak? How do you recover from a malware attack?

We’ll share our experiences in a round table discussion, and perhaps have a guest from the industry to provide some of the answers.

–Marc Paré and Bob Jonkman

  • Meeting Notes for Malware (2017-06-12)

Guest: Scott Smith

  • Tekkshare demonstration by guest Scott Smith
    • A Goods-and-Services marketplace for technical stuff based on Sharetribe
    • Invitation for KWNPSA members to sign up, will waive commission for first year

Malware experiences

  • from the days of floppy drives

Platforms

  • Apple malware, adware
    • Nothing super malicious, but affects the browser, user libraries inc. user preferences
    • Backup with TimeMachine, but that takes malware with it
    • Free TV websites and proxy sites seem to be sources of malware
    • Manual restore (not Time Machine) to restore each file individually
    • AdAware bought by Malwareytes, good for Apple platform, free for home use: Malwarebytes | Malwarebytes Anti-Malware for Mac
  • Android
    • Large platform, biggest vulnerability
    • Old, refurbished phones may be vulnerable, they don’t get updates
    • Same for routers, security cams
    • Fragmentation in market, but providers (Samsung, Verizon) don’t provide updates after a year or two
    • Reluctance to update phones because it takes too long (10 minutes!)
    • People are more likely to replace a device than upgrade it
      • Both on desktop and mobile devices
    • Change is scary, some people can’t even deal with a moved icon on the desktop
    • SysAdmins are not able to meet the expectations of clients
    • Google is taking heat for lack of Android updates
      • Thought it might have been like GNU/Linux distros (stable, testing, Sid), didn’t work out that way
      • Proprietary applications contribute to this, only Google can upgrade their apps
      • CopperheadOS tried to address this with a secure Android OS, but constantly battles Google and vendors

People believe things are secure because they’ve paid the vendor lots of money, they don’t pay the vendor lots of money because the products are secure.

Best defence: Make our purchasing decisions based on public data of vulnerabilities

Mitigation

  • Treat the end-user as an adversary
    • Focus on recovery instead of avoidance
    • But should we treat people as adversaries? Technical solutions are not a panacea
  • Backups!!!
  • Risk management — given enough time, the probability of being affected approaches one
  • Training is necessary, but not sufficient
Defence in Depth
  • Backups, backup rotation, offsite backup
  • Training
  • Updates
  • Offsite storage (Cloud), store deleted files for 90 days (version control)
    • But privacy issues with out-of-country routing and storage
  • Buy-in from management to provide enough resources (money)
  • Honeypot, canary – let SysAdmin know when certain files are being touched

Staff needs to know this Defence-in-Depth is being done, and when

Recovery

  • Some people don’t care about their data, just re-image the computer
  • Shadowcopy in Window — only Administrator has access, can’t be encrypted by ransomware
    • But malware knows Shadowcopy is a good idea, and will try to bypass
  • How can you tell your files are encrypted?
    • Applications can’t open their data files
    • Some malware leaves messages “This folder is encrypted”
  • Stiller software (c. 1995) to identify modified files with checksum appended to all files; won’t open or execute compromised files

Meeting Administration

  • Time limits? 8:30pm
    • Stay on topic
    • May start at 6:30pm? Consensus, not…
Posted in Malware, Past Meetings | Leave a comment

2017-05: Offsite Hosting

Posted on 7 May 2017 by BobJonkman

Location: Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, ON (Look for the building with the Communitech, Google, and Desire To Learn logos, enter at the glass doors.)
Date: Monday, 8 May 2017
Time: 7:00pm to 9:00pm

Where are your servers? Are you self-hosting? Have you thought about professional hosting? What services does a professional hosting service offer? Do you need shared hosting? Do you need a VPS? What’s a VPS? What’s a colocation site? How much will all this cost?

Come share your experiences with self-hosting, shared hosting, and VPSes. Bob and Marc have the questions, and special guest Mark Steffen from indieServe Networks will have the answers.

See you at the meeting!
–Bob Jonkman and Marc Paré

Introductions

Selecting a hosting provider

  • There’s no “One size fits all”
  • What do you need?
    • Disaster recovery?
    • Microsoft licensing?
    • E-mail hosting?

What kinds of servers for a host?

  • Dell servers at one place
  • Had HPs, didn’t mind them
    • indieServe has some HP servers for colocation
  • Lenovo, but there was BIOS based malware
    • Liked IBM servers, anecdotally liked the reliability
    • indieServe has all Lenovo servers

Offsite Hosting Problems?

  • Shared hosting was OK for a while, but host was asking for more money
  • Another company seemed perfect shared hosting (using WordPress),
    • Works today, but lots of complaints on Facebook, so he no longer trusts
  • Backups?
    • Yes, keeping your own backups in addition to using the hosts’ backups

indieServe Networks

  • indieServe is hosting for KWLUG, KWVoIP, FairvoteWRC, KWPeace, &c.
  • About $10/month for shared host
    • No limits but on the honour system
    • Keep it to one company per shared host
    • Local non-profits may be able to get really good deal — talk to Mark Steffen
  • Also has VPS (Virtual Private Servers)
  • Can do hosted Windows servers or domain
    • Good for small file sharing systems
    • Microsoft has a specific licensing arrangement for hosting providers
    • Cost based on cores and sockets, plus number of customers
    • Not cheap, $100’s /month
    • Similar model to Azure or Amazon AWS

Offsite Backups

  • Some customers use offsite hosting only for data replication (disaster recovery)
    • Do keep offsite backups encrypted
    • For any backup solution check with Legal for PIPEDA legislation
    • Cheap backup? 20¢/GiByte for storage is typical
  • Backup software:
    • Duplicity for Linux
    • Cloud Berry for backup service
    • DupliCaddy for Windows (Open Source, Beta software,supports SQL, kinda slow)
      • For Windows, do full backup, then everything is incremental afterwards
      • But it keeps a synthetic “Full” in the background
    • With S3 or Azure, you can restore to EC2 — get (almost) instant restore on external VPS — really cheap disaster recovery
    • Back Blaze (personal backup for $5/month, also B2 backup storage, .02c/Gibyte?, $10/month for 1 TByte?)
  • indieServe keeps hard backups (USB drives stored offsite)

Backup horror stories

  • Hijacked truck (backups not encrypted, nobody knows who now has access to backup data)
  • Encrypted backups corrupted (physical disk damage corrupted one block of data, cypher block chaining made rest of backup inaccesible)
  • Bulk files corrupted (backup file is OK, but contained invalid data, making rest of the backup invalid)
  • Tape backup is still the most dense storage for immutable backups
  • Mark Steffen has techniques for redundant backup storage (good for ransomware attacks, &c.)
  • How much backup do you need?
    • How much data can you afford to lose?
    • Have at least one automated backup in place

Selfhosting?

  • Run your own service on a VPS or shared host (XMPP, Wiki, Social media) instead of using Facebook, Google, Twitter)
  • Manage your own server, colocated in a datacentre
  • Getting a DSL line (with multi-link support), and running a server on premises
  • Managed hosting – servers in house or colo, but contract out the SysAdmin

Webhosting Management

cPanel
  • Set up WordPress, &c.
  • Handles updates, patch management, backups, email
  • Installatron for managing applications
  • Varnish is a cache in front of Apache, for bursty traffic
  • cPanel is pricey? $20/month for bare metal, less for a VPS
    • Keeping cPanel on a VPS makes it portable, allows cPanel admin to perform maintenance with no downtime
Zenserver
  • A Virtual Machine host
  • The free version is pretty unrestricted
  • Use Zenserver to run cPanel
Cloud Linux
  • uses CageFS,
  • isolates users from each other
Other Panels?
  • CentOS Web Panel
  • ISP Config
  • Ubuntu MAAS
  • WebMin, VirtualMin
  • WHM is the management tool for cPanel
  • WHMCS is a shopping cart / billing system for hosting
    • But these apps may have security issues (PHP doncha know)

Reseller hosting

  • Perhaps for Web developers, who want to manage resources for their customers
  • Can add multiple accounts, lets hosting provider manage growth and resources
  • Could be unlimited accounts, but typically 300 GBytes, good for about 50 accounts

Video Recording of this Meetup (by Gheorghe Curelet-Balan): https://youtu.be/p5o6Cc7Kja8

Posted in Offsite Hosting, Past Meetings | Leave a comment

2017-04: Blockchains

Posted on 10 April 2017 by Marc

Location: Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, ON (Look for the building with the Communitech, Google, and Desire To Learn logos, enter at the glass doors.)
Date: April 10th, 2017
Time: 7:00 PM

What’s a blockchain? Is this all about math? How do I make Bitcoin payments? How can I receive Bitcoin donations on my Website? Are there other blockchain currencies? What services exist for blockchain currency exchange? Is blockchain technology good for more than just Bitcoin? What blockchain tools exist for Non-Profit organizations?

Marc and Bob ask the questions, and we’ll have a guest (or several) to provide the answers!

See you at the meeting!
–Marc and Bob

Meeting Notes for Blockchains (2017-04-10)

  • Today we’re joined by guest Kris Stinson (@StinsonKris on Twitter)
  • Lots of media attention, “blockchain this, blockchain that”, they’re trying to sell you a database
    • Microsoft, IBM, governments (even Canada: Cancoin)
  • Banks are threatened, unregulated currency (scary!)
  • Japan has approved Bitcoin as a currency (legal tender)
  • Legal (tax) ramifications: Capital Gains.

Video

Types of Blockchain Currency

  • CryptoCurrency Market Capitalizations
  • Augur – a “betting” site; deals with contracts
  • Based on Ethereum
  • DAO – Decentralized Autonomous Organization
    • eg. Ethereum
    • A decision by this DAO split Ethereum into Ethereum and Ethereum Classic
    • Now there are miners working on both branches of the blockchain
    • “The mining network” determines whether a fork of the blockchain can happen

How does the blockchain determine “truth”?

    • The longest chain wins
  • “Rolling back the chain”
    • database
    • miners

Quantum computers?

    • Will change the game!
  • Winkelvoss brothers
    • Own over 50% of bitcoin?
    • This is a problem, they can determine the validity of transactions

Wallets

  • Wallets are Public/Private Key encryption containers

Other blockchain technologies

    • Don’t trust The Cloud?
    • Authentication
    • Filesystems

90 minutes was far too short to cover all aspects of Blockchain Technology; we’ll invite Kris Stinson back someday.

Video Recording of this Meetup (by Gheorghe Curelet-Balan): https://youtu.be/6cz-vqDxfyc

 

Posted in Blockchains, Past Meetings | Leave a comment

2017-03: Branding

Posted on 13 March 2017 by Marc

Location:  Steve Izma’s house 35 Locust Street Kitchener, ON
Date: March 13th, 2017
Time: 7:00 PM

What’s your brand? Do you have a brand? How do you choose a brand? Is branding important for NonProfit organizations? What is the value of a good brand? What is the cost of a bad brand? Have you ever changed your branding? How much work was it for the SysAdmins? Did you have re-do the Web site? The e-mail addresses? Business cards? Letterhead? What legal considerations are there for choosing a brand?

Bob and Marc have the questions, together all of us have the answers.
=======

Meeting Notes for Branding (2017-02-13)

This meeting ended up being more about our own re-branding needs, and the business of running KWNPSA as a non-profit organization. We’ll have another session in the future on Branding to discuss the experience and gather the advice of other organizations.

  • We started with a discussion on the different syntaxes used in markup languages, eg. Markdown, Mediawiki, PMWiki, MoinMoin…

Hosting Services

  • Many Non-Profit organizations are migrating from CCj/Clearline (Steph Smith, Cedric Puddy) to IndieServe (Mark Steffen)
  • Marc Paré will take over the hosting for KWNPSA
    • Marc is currently using 123EHost.com
    • This is for the interim, until Marc has his own server set up
    • The hosting OS will be Mageia
  • Mailing Lists
    • Steve Izma will be the Mailing List Manager
    • We currently have our Discussion and Announcements mailing lists on CCj/Clearline
    • Steve will look after the mailing list migrations as soon as Marc has Mailman set up
  • Wiki
    • Mediawiki is being used by everyone at this meeting,
    • Currently being hosted at http://sobac.com/kwnpsa by Bob Jonkman
    • Will be migrated after Marc has set up the Mageia server

Sponsorships

  • CIRA – Has provided $100 for the previous and this meeting.
  • TechSoup – provides low-cost Microsoft licenses to Non-Profit organizations
    • NetSquared (part of TechSoup) is an umbrella group for Non-Profit organizations’ IT staff
      • If we get a venue without A/V facilities, can NetSquared sponsorship provide, say, a projector? Marc to ask Eli…
  • Microsoft
    • We will gladly accept Microsoft sponsorhip and host an evening dedicated to Microsoft products
      • Perhaps have as a guest speaker a product specialist from Microsoft?
    • We will continue to focus on Free Software / Open Source solutions at other meetings
  • Google
    • Apparently Google is a sponsor or a member of NetSquared
      • but we have not seen support from our local Google office, eg. request for a venue

Formalizing the KWNPSA group

  • The formal structure of the group will consist only of a Treasurer
    • Marc Paré will be Treasurer, will take care of any finances received from sponsors, donations, &c.
    • Funds received from sponsorships &c. will be used for venues, hosting costs, domain name costs.
  • Bob Jonkman will ask Eli van Giessen to re-brand the meetup.com group as KWNPSA – Kitchener Waterloo Non-Profit System Administrators — a NetSquared Group

Marketing KWNPSA

  • Business cards?
    • We need someone to design a KWNPSA logo
      • The KW part is important to our geographic locale; highlight or separate KW from NPSA
    • Marc Paré has found with other organizations that business cards are just as effective as posters
  • Let more people know that KWNPSA exists
    • Marc has a list of local KW Non-Profit organizations List he has contacted about 100

Meeting format

  • KWNPSA has a collegial Round Table Discussion format, which suits Non-Profit organizations
    • Contrast this with formal presentations at KWLUG
    • or the social restaurant meetings of KWVoIP

Mailing Lists

  • How do we deal with badly configured MUAs (Mail clients) that try to reply to the Announcements list?
  • Do we need two separate lists?
    • Steve Izma will investigate the use of “child lists” in Mailman
    • “Child lists” will allow “Discussion” to receive “Announcements” so people only have to subscribe to one list
  • DMARC problems
    • Steve will activate “munging” on Mailman so badly configured mail hosts like Yahoo Mail will accept messages
  • We will have KWNPSA branded e-mail addresses

Wiki

Branding

  • Description of group: Resource Group for Information Technology in Non-Profit Organizations
    • Similar to a Mission Statement, if not identical
    • Also the Vision — use one phrase for all
    • We will refine this description on the Discussion List with other members
  • Are we KWNPSA or KW-NPSA?
    • It’s a non-issue, we’ll spell it out in full on posters and whenever we make announcements
    • Let’s see what the Business Card designer does

Venue

  • Marc Paré will pursue Communitech and the Downtown Community Centre for “venue sponsorship”
  • A venue at Google may not be possible (high security facility)

Meeting notes taken by Bob Jonkman.

Posted in Branding, Past Meetings | Leave a comment

2017-02: Social Media

Posted on 13 February 2017 by Marc

Location:  Queen Street Commons Café, 43 Queen St. South, Kitchener
Date: February 13th, 2017
Time: 7:00 PM

How can a Nonprofit organization make use of Social Media? Should a Nonprofit organization even use Social Media? What Social Media platform do you use? What sorts of things do you put on Social Media? Who puts it there? A team of SMEs? One person? Is this a full-time job? How much time does it take to maintain Social Media accounts for a Nonprofit organization? What will you do when your Social Media platform disappears? Or deletes your content? Or delivers your content to only a small set of viewers?

We have all the questions. Maybe we can find some answers together.

Bob and Marc

== Social Media ==

  • Conversation started with employment
    • Headhunters and placement agencies frequently call potential employees or contractors, but rarely result in employment or contracts.
    • Salaries for developers are higher in Waterloo Region, due to competition from other tech firms.
  • Social Media is all about the analytics
    • Using analytics provided by the services, eg. https://analytics.twitter.com
    • Analytics from different sites (Twitter, Facebook) are similar enough that direct comparisons can be made.
    • Use some custom links to identify source of engagement on their own content
      • e.g. use one URL for Twitter, another for Facebook to reach the same content
      • Use Google Analytics for generic information
      • How does Google identify the source of the visitor if the links are all the same? Or the URLs are all the same?
  • Your following:
    • Are your followers passive or engaged?
    • Twitter is good for a large number of followers, but low engagement
    • Facebook is the opposite (few followers, strong engagement)
    • Linkedin is good for Business-To-Business
  • Before starting on social media, ask “What is the organization’s goal for social media?”
    • Distribute information (meetings, info about the cause, eg. environmental tips)
    • Grow the organization
  • Update frequency
    • Twitter: 8-10 time per day
    • Facebook: Once a day
    • Search for ”how to optimize Facebook feed”
    • Have a hashtag strategy (what is a hashtag strategy?)
  • Staffing at one non-profit organization:
    • 1 person for Twitter + Facebook
    • 1 person for Instagram
    • Need more staff (Reddit, other social media forums)
    • Maintaining social media accounts by volunteers
      • Takes lots of time! Split it up between people
      • Automate some tasks (POSSE – Publish Once, Syndicate Self Everywhere)
  • Automate feeds
    • Facebook -> Twitter
    • Blog -> GNUsocial -> Twitter -> Facebook
  • “Twitter will be around forever”
    • Some disagreement about that
    • Whatever organization buys out Twitter will want to keep the eyeballs (users generating advertising revenue)
  • Reddit is a great platform
    • But nobody likes it
  • Having a social media presence on Twitter and Facebook and Instagram will reach 90% of people online.
  • The purpose of one non-profit organization is to change consumer behaviour
    • How can that be measured?
  • Are social media sites trustworthy?
    • Social media sites are bad for your personal mental health
      • Some people remove themselves from social media
  • Twitter is a conversation
    • Really? 140 characters seems too short for meaningful conversation
    • Twitter is (only) good for broadcast announcements
    • A Grade 8 reading level is good for Twitter
    • It takes skill to get more information into 140 characters than in long-form prose
      • But too many abbreviations and leetspeek and others can’t understand
      • “Dracula” by Bram Stoker was written as diary entries, good for syndication on Twitter
        • Books are being replaced by social media
        • so put novels on social media where people will read them
  • How to be effective:
    • ”Go where the people are”
      • But that leaves out Free Software solutions like Friendica (Facebook substitute) or GNUsocial (Twitter substitute)
  • Wouldn’t it be nice
    • if social media didn’t affect reading levels or comprehension
    • people learned more evaluation and critical thinking, not rote memorization
  • Filter bubble
    • Facebook only shows those things you’ve already “liked”
    • reinforces biases
  • Recognize that Social Media is just a tool
    • You can use it well
    • …or you can use it poorly
  • We (Non-profit organizations) are parasitic
    • We’re using social media platforms for our own purposes, fully recognizing they’re not doing this for our benefit.

=== Meeting Closing Discussion ===

  • Discussed CIRA (Canadian Internet Registration Authority)
    • supports the .ca domain extension for Canada
    • most are aware of the organization
    • result of discussion is to obtain the .ca version of the NPSA domain: kwnpsa.ca

=== Future Topics ===

  • Monetization
  • Branding (logos, names)

 

 

Posted in Past Meetings, Social Media | Leave a comment

2017-01: Estimating Time and Resources

Posted on 1 January 2017 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: January 16th, 2017
Time: 7:00 PM

In IT we are often asked to estimate the time and resources assorted tasks will take. Often these time/cost estimates are tied to funding, grants, and resource allocations. Unfortunately, many of us struggle at coming up with estimates more accurate than “it will take longer than expected”. What are some strategies and best practices we can use to come up with better estimates? Under what circumstances does estimating things become easier? Harder? Under what conditions should we spend a lot of effort making estimates, and under what circumstances should we not?

When have you had good experiences making estimates? When have you struggled?

As always, bring your experiences and questions. Also, please spread the word about this meetup so that more people who do nonprofit systems administration will become aware of it.

=====

Estimating Resources
——————–

– Horror story: server installation
+ building a server room that needed dedicated cooling
+ he estimated power consumption of each device
+ UPSes only need to be sized for the running current (they are built to
handle startup current already)
+ He ended up overestimating by three times
+ The air conditioner would freeze the pipes and everything would shut
down
+ He looked up currents instead of measuring them
+ How do you deal with the exhaust heat?
+ The UPSes had meters for measuring electricity draw
+ But then they dismantled the server room for other reasons

– When is it easy?
+ Figuring out spending is easy?
* In the horror story they sized based on existing equipment
* Looking up specs can be difficult
+ Never?
+ When you have done this project before?
* There are differences between software and hardware
* But sometimes you make software similar to the stuff you made before
+ When you can look at projects similar organizations have done?
* How do you get that information?

– Mythical man month comes into play
+ You cannot predict how managers will manage the project

– Example: replacing a network was the single largest line item

– It is harder than you think always

– There is always effort associated with making estimates
+ When is it worth the effort?
+ When projects are expensive
+ When projects are tied to specific grants

– Waterfall vs agile software methodologies
+ Don’t estimate everything at the beginning
+ Can you make estimates a little at a time?
+ But budgets are always waterfall, not agile

– But we tend to overengineer things
+ But then your results are rejected

– Projects always have unanticipated things

– It is expedient to underestimate costs to win contracts and political support
+ What will future maintenence costs be?
+ If you lowball costs then you get approved
+ Who pays for the overage
+ But operational budgets are overestimated so that you get a surplus later
+ End of year rollovers are political
+ Surpluses are seen as weaknesses, not frugality
+ This applies to nonprofits as well
+ Bureaucrats look good when they give large amounts of money
+ There are not good incentives to share funds across departments/projects

– Does that mean IT is always having to convince management for funds?
+ IT is always a cost sink
+ But technologies can reduce labour costs and stop people waste time
+ Workers should enjoy the additional gains from productivity gains

– How do you position yourself so that you get buy-in?
+ Get the people who are affected to talk to management too

– Sometimes estimates are done to argue for funds and sometimes they are used to find projects that should not go ahead

– If you know that you are going to need something then just go and do it
+ But senior management does not trust the estimates, so they hire
consultants, which causes conflicts

– It is less important to estimate when you have projects that can be done in small stages (instead of projects that need to be done all at once).
– If the project is small it makes less sense to make estimates
– Pilot projects can help figure out long term costs

– Projects can be broken down by scope

– Sometimes estimates are not honest, but designed to underbid the competition
+ Who pays for the overruns?
+ There can be penalty clauses in these contracts
+ Getting the lowest contract can be a problem
+ If you incur penalties you get taken off the list of approved contractors, but you just change your name and try again
+ This can result in lawsuits
+ There can be completion bonds, etc
+ As soon as lawyers get involved costs go up dramatically

– It can be a problem when sales team promise things without telling engineering

– Doing estimates can give you a ballpark about the costs
+ but now you may have to have consultants vetting other consultants

– To some extent you can play vendors off against each other
+ Big software companies will have pre-sales engineering teams to help you figure out your costs
+ They can also outbid you if they want

– How do you deal with projects where you have blown the time constraints?
+ You can hire subcontractors
+ Drop parts of the project

– RFPs can tell you what they have to offer
+ They can help you anticipate some of the pitfalls

– Do requirements documents of what you need
+ Talk with the vendors/engineers from the companies
+ But the vendors will not tell you the horror stories

– People’s behaviours can change once the ystem changes
+ eg people beginning to use email as file storage

– Breaking down projects into chunks
+ This shows you things that you are missing
+ Then you can better understand what the project is
+ Start aspects of the project that you can learn from and what different tasks are involved
+ But you cannot do this with monolithic systems

– Fixing technical debt is more work than starting fresh

– Don’t be tempted to give the estimate right away
+ Be prepared to charge extra when the estimates increase

– Sometimes competitive bids boil down to who you know?
+ This is not necessarily bad because of trust
+ But the well-known vendors have more experience winning these bids
+ If you start out at a big vendor and branch out on your own you can receive trust

– Talk to other people who have done the same thing

Posted in Estimating Time & Resources, Past Meetings | Leave a comment

2016-12: Documenting Things

Posted on 1 December 2016 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: December 12th, 2016
Time: 7:00 PM

Much of our September discussion revolved around documentation. How do we ensure it gets written when there are so many other priorities? How is it maintained so it does not go out of date? How do we index it so that it is easy to find the information we need when we need it? What tools have we found most helpful in creating and maintaining documentation? What things are important to document, and what things can be skipped? As always, bring your experiences and questions.

=====

(Notes by Martin Edmonds)

Best Practices:
· Create documentation for users: “How To” & “FAQ” documents on Wiki so it can be self-serve or you can pass on links when users ask questions
· Consider formats for defining requirements:
o Consider: security, auditor controls, speed, backups, file permissions
o Ask client where data coming from
· Weigh balance between: need for documentation versus the effort that it requires to develop
· Don’t document same info in multiple places or it is more work to maintain
o Get data into a structured format that data can be entered once and it will ripple through to every relevant place
· Too much documentation may never be used; Keep it simple with what is most important
· Know your audience
· Videos have advantages, but you can’t scan through or search to find what you want
o Short instructional video on a specific topics can be helpful
· Consider security: are multiple levels of access required to documentation
· Consider paper versus electronic forms of documentation
· Think about what someone would need and how they would find it, if you are not around to show them.
· Keep it in a standard place. Don’t keep documentation on your personal computer or account, because other people won’t be able to find it.
· Keep in a place where you can give access to someone else but is not accessible to people who should not get it
· Include examples in the documentation
· Include why you did something (not just what you did)
· How do we make sure that it is done
o Make it easy to document
o Allocate more time to do documentation
o Set aside time at the end of each day to update documentation based on what you worked on that day
o Document as you do it

What to Document
· Enough to get a person started (in case person with knowledge is no longer available)
· Overview of where documentation is. (big picture view)
· Explanation of what is done on repeated basis at certain times (eg. Holiday posting done each year)
· Document characteristics of users. For example: user expectations, knowledge, tendencies, tolerance for flaws, etc.

Tools:
· Word processor is not ideal since the documentation should be structured so that it can be queried
· Wiki: forces you to think of structure; easy to create new links to new pages; good for collaborative authoring; manages revisions;
o A wiki is not as simple to use as a word processor, but non-programmers can update document using wiki
o Using a wiki may discourage some people from commenting because of learning curve
o Requires a good editor
o Can preview documentation through wiki
o Wiki is not great for multiple security levels of access to documentation

· Tools to consider
o OneNote
o “Remarkable” use on a tablet for taking notes at a meeting
o Data Base: such as Access
o Cloud based: Eg. Google Keep, Google Docs
o Sharepoint
· Video and screen capture: eg. SnagIt or Jing or
· Tools that come with Windows: “Recording Steps” or “Snipping Tool”
· Word processor or spreadsheet are very easy to use, That is what people know how to use. Those are not ideal, but any documentation is better than no documentation
· Ticket system which will capture what you did to resolve issue
· For documenting Network: “Lan Sweeper” or “nmap”

Posted in Documentation, Past Meetings | Leave a comment

2016-11: Regulatory Compliance

Posted on 1 November 2016 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: November 14th, 2016
Time: 7:00 PM

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow?

How do you store compliance documents such as sign-offs, NDAs, and contacts?
What do you use for secure document storage and transmission?
How do the SysAdmins get along with the Lawyers?
When is encryption required? What do you encrypt and when?

=====

Thanks to Martin Edmonds for moderating this month.

Points raised:
• Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
• In addition to govt regulations, must consider industry practices & standards
• Following of the Ont. Non-Profit Corporations Act (ONCA
• Maintenance of email lists:
o use double opt-in
o using email lists only for stated purpose
o offer mechanism for requesting to be removed
• On website for incorporated organization (In Europe, but not yet in North America)
o need to specify if cookies will be saved
o need to specify physical address (required in Europe)
• Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
• Adherence to Copyrights laws when photocopying
• What responsibilities does organization have when providing internet access to public
• Audits from organizations that grant non-profit status or organizations that provide grants
• Software audits (Eg Microsoft ensuring license adherence)
• Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?
• LotusNotes used to route a document and get sign-offs along the way
• Block chain systems (discuss further in future meeting)
• Electronic forms on secure file server or encrypted device
• Encrypted data.
o TrueCrypt
 There are some known vulnerabilities in the Windows version.
 Veracrypt is a fork of TrueCrypt).
o Luks container
o Offsite (using send command)
o ZFS (a file system)
• Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
• Encrypted email systems eg. Enigmail (a thunderbird plug-in)
• Online service to encrypt mail eg. Proton Mail, and Tutanota
• Signal, Telegraph, and WhatsApp for encrypting instant messages

** Potential topics for future meetings
• Block chain systems
o Book: London Review of Books had two stories by the same author Andrew O’Hagen
o Ethereum (a programming environment built on top of Block Chain)
• Accessibility rules
• Document storage formats (ODS, etc.) could be combined with document management systems

Posted in Past Meetings, Regulatory Compliance, Security | Leave a comment