CS Unplugged

Working on some lesson plans for teaching introductory computer science concepts to middle and high school students this afternoon – and revisiting the CSunplugged.org website for the first time in a long time.

If you haven’t learned the underlying concepts, have a family member who would like to learn (child _or_ elder), the series of videos on the site (also the participation activities and lesson plans) do a really good job of explaining how binary encoding works, compression, image representation, parity (checksums), as well as explaining the origin of many words.

This is a really good series, which demystifies a lot of the techniques developed over the past sixty years that allow us to program computers effectively. Watch it. Even old school pros will be enlightened.


WordPress Security

I run a couple of WordPress websites.

I started as user seven years ago, progressed to maintaining sites for a few organizations and am now moving into installation and development for others.

WordPress is one of the most popular open source content management systems currently in use. (There is a great summary of it’s history, strengths and weaknesses on Wikipedia). That’s great in that it means that there is a large community focused on ongoing development, security patches and plugin development to extend framework capabilities. It’s bad in that it presents a large target for hacking and malware attacks. Kevin Muldoon’s piece over at the WPMU dev community is a great summary of WordPress’s vulnerabilities and the tools available to fend off attacks. The short version is that no one action will prevent a skilled determined hacker from getting in – but a layered approach will slow him (or her) down and make the effort much less worthwhile.

The following is a list of security practices that I find useful.

  • Use a reputable hosting company. I use Dreamhost. It’s good value for the money, scales (for when a business takes off and needs more server capacity) and has good automation and documentation. It also provides the CloudFlare content distribution network (CDN) to account holders to capture and push out to distribution points static versions of your dynamic pages. CloudFlare provides an additional layer of protection in that hackers hit the static pages, not the dynamically served pages coming from your ISP.
  • Purchase an SSL certificate and use it on your site. SSL (Secure Socket Layer) ensures that all traffic to and from your site is encrypted in both directions, from a user’s machine to the site and from the site back to the user. It ensures that passwords are never sent in the clear, even over unsecured wifi service points, such as those still found in many coffee shops and public work spaces. When a site’s URL starts with https, that site has a security certificate.
  • Set and use your WordPress security keys.
  • Keep your WordPress installation up-to-date. Along with performance improvements, the updates are also released to plug identified vulnerabilities.
  • Only install the themes and plugins you need. If you need to try out a gazillion plugins (we’ve all gone through that phase) please do it on your development server, or locally on your development computer with a LAMPMAMPWAMP, XXAMP or AMPPS stack.
  • Customize your database table prefixes. All WordPress database installations name the installed tables with the initial prefix “wp_”. Hacking tools and scripts look for this prefix. You can alter the table names during installation to a customized table prefix. It’s a simple, but it makes the hacker take some additional steps to correctly ID your database.
  • Don’t use WordPress plugins that aren’t updated regularly. They may not have been patched for recently identified security vulnerabilities.
  • Use plugins from the WordPress plugin repository and themes from the WordPress theme repository, or from reputable vendors. These plugins and themes are tested for code quality as part of the repository approval process.
  • Test your installed plugin code with the Plugin Check plugin to check for security vulnerabilities. Test your installed themes with Theme Check. These plugins examine the customized PHP within your plugin or theme for known security vulnerabilities.
  • Pay for reputable plugins and themes – or throw some cash at the free ones in the repository once your venture has some positive cash flow. Development takes time and money. By paying the developer, you support them in doing better work – and in patching the most recently identified security vulnerabilities promptly!
  • Set appropriate file usage permissions. According to WordPress, you should use the following permissions on a WordPress site:
    • All directories should be 755 or 750
    • All files should be 644 or 640
    • wp-config.php should be 600
  • Use your htaccess files to control access to your site. You can do a lot with this one little file.
  • Use MX Toolbox to check your site and email addresses to see if they are on blacklists.
  • Limit login attempts. The default is 20. I’ve set some of my sites to 10 – and others even lower.

Then there are the basics:

  • Don’t log in over an unsecured network (no encryption).
  • Ensure that no one sees you enter usernames and passwords.
  • Ensure that your machine is free of viruses and malware, through the use of antivirus software.
  • Use a secure file transfer protocol (SFTP) such as FileZilla to upload and download files from your site.

The following are techniques and tools that I plan to explore over the next few weeks.

  • Turn off error reporting.
  • Setting up two-factor authentication.
  • Hiding the login page.
  • Removing the WordPress version number from public view.


Case study – the Red Mountain Makers startup

Have finally summarized the Red Mountain Makers startup into a case study. You can find it here.

Mediawiki – the good, the bad and the ugly

Will be giving a talk on the Mediawiki framework Monday, June 29th at the Birmingham Open Source meeting. Working title is “Mediawiki – the Good, the Bad & the Ugly“. If you’re in the ‘ham – come on out!

Web and HTML refreshers

Web is where I started coding – and the current projects I need to finish fine-tuning and tweaking are all web sites, wiki and CRM-related. So, I’ve been running through Code School’s tutorials to refresh my acquaintance with material I first read and started working with prior to heading back to school. My objective is to write some necessary backend tweaks to the Red Mountain Maker site and work up some portfolio samples.

A code skills to-do list

Parking this here until I can circle back around to it. Swiped from an article about Pop Up Code’s offering in Huntsville. Things to learn for web development:

• Ruby on Rails
• HTML and CSS (first checked off, know the second, just need to work with it more . Edit – as of May 27th, have done a fair amount of review and am ready to start building some little samples and templates.)
• Twitter Bootstrap (yeah…..)
• Domain modeling for database-backed web applications
• Understanding and utilizing APIs (well along on this bit)



Making a makerspace – part 2

I’m one of the founding members at Red Mountain Makers. This series of blog posts details our startup process over the past eighteen months.

We had early media coverage (WBHM and the local paper, the Birmingham News) but other than that, have stayed out of the spotlight while building out  infrastructure.  Establishing our permanent workshop has been delayed because of the requirement for structural repairs to the floor over the old coal cellar at the back of the space. The break our landlord gave us regarding rent also means that the space isn’t high on his priority list for repairs.  It’s a significant handicap – and one which we can’t control easily.

There is pent-up regional demand for kid’s and teen’s tech classes, but we are no where near ready to provide them. In the space we are renting, there is unencased lead paint on doors and trim, and we haven’t yet installed a ventilation system. We don’t consider the space suitable or safe for younger children at this time. We have started building email lists, are looking for grants for a mobile class kit, and we are looking for community partners with whom to schedule local classes.

“Stuff” has been a problem at the space – as in old computers and equipment that need to be repaired or parted out, but which, in the meantime, is taking up too much room. We recently purchased racking and are now holding regular parting out work parties to break down the non-working computer towers and other donated electronics into usable parts. It’s much easier to use the hardware hoard when you can actually find a specific part. 9-volt power supply, anyone?

We’re lagging in detailing our safety protocols – and in doing a formal equipment inventory. Both are big jobs, and not easy to do. We are detailing the individual pieces of equipment with their manuals in the wiki, and as demand rises, are beginning to schedule tool use classes for the shop equipment. So far, we’ve found it easiest to simply train on demand as individual members need to learn to use tools for specific projects. Most members have been very good about only using tools with which they are familiar.

Our long-term intent is to be the fun, helpful and curious part of regional tech education. With that in mind, we are establishing relationships with our local high school and middle school,  the City of Birmingham school system, the University of Alabama at Birmingham’s art department and engineering school, and are establishing sponsored teacher memberships at the space. This is so that area teachers can come, learn and tap into member knowledge as to where to find appropriate inexpensive resources and tools.

Securing 501(c)3 status

Last November, we were _finally_ at a point where we felt ready to start the 501(c)3 application process. The IRS’s documentation requirements for a regular application are extensive – and I was two weeks into preparing them when one of members, John Rhymes, pointed out that the IRS had implemented a simplified process for smaller organizations during July 2014 – and that we qualified. With a great sigh of relief, I filled out the paperwork and popped it in the mail with a check. We were actually provisionally certified as a 501(c)3 last December, but our listing at the IRS website didn’t show up until late February. We requested our authorization letter mid-March and as of last Monday, have it in hand. We’re currently in the middle of updating our information on Guidestar, an independent nonprofit governance evaluation and ranking site.

Preparing for growth

For the next while, we’re focusing on group activities, running classes, and growing membership. We still have quite a bit of infrastructure work to do, but it’s getting easier as our supporting membership grows. We have assembled three movable circuits workstations with parts storage. Smoke detectors are going in this week. We have bio and photo labs due to be completed by May, and as soon as surplus equipment is parted out or racked, a room in which to set up the circuits lab. Next,  sturdier workbenches and storage within the existing temporary workshop will be built in preparation for being moved into the permanent workshop, and we will begin fundraising for CNC (computer numeric controlled) laser cutting and routing equipment, a set of classroom laptops, Arduinos and Raspberry Pis. We will be working with UAB to start a guest lecturer series on DIY computing topics.

We are aiming for 75% growth in membership this year, and the same increase in our operating budget. I personally want to start introductory and short topic-focused programming classes for non-traditional students; these won’t necessarily be held at the space, but they will be under the Red Mountain Makers banner.

Our goal is to attain a makerspace of 100+ makers and members within the next two years.

Making a makerspace – part 1

I’m one of the founding members at Red Mountain Makers. This series of blog posts details our startup process over the past eighteen months.

When I finished my information systems degree a year ago last December, I had planned to take three months to help get the Red Mountain Makers space launched. Fifteen months later, the end of the launch is in sight – it has been a lot of work.

Starting a non-profit (and doing it well) takes as much planning and organization as a for-profit business. Don’t let anyone tell you otherwise.  You need financial reserves to invest in necessary equipment and infrastructure, and if you don’t have cash, you need lots of willing knowledgeable volunteers to get the work done. The core group launching the Red Mountain Makers has been willing to do both, and as a result, while we’ve had a few stumbles along the way, we’re now off to a good start.

A few of us had held leadership positions in non-profits elsewhere, elsewhen and else-country, but none of us had ever started a non-profit from scratch.

The following information is specific to our city, Birmingham AL, within the United States. These were some of the tools we used during the process.


Using sample language from the guide and incorporating some basics from other makerspaces around the United States, we (well, one guy, Seth Lewis, who had purchased the first group copy of the guide) wrote an initial set of bylaws. We then elected our first officers. At the same time, the founding seventeen members agreed to an initial dues payment of $20/month to build up some cash reserves. Our treasurer, Dalorion Johnson, collected and tracked the cash payments. This was Fall 2012, six months after our first coffee shop meeting at Birmingham’s Rogue Tavern. We also had to decide what to call ourselves, and design an initial logo.

Final version of the Red Mountain Makers logo.

Final version of the Red Mountain Makers logo.

As a name, Red Mountain Makers had a reasonable combination of regional sense of place and seeming friendly. (we’re really a hackerspace, but we can’t say that in Alabama, which is a notoriously conservative state.) The logo is meant to reference the region’s mountains and it’s mining history as well as electronics. The circuit diagram is functional.

Once we had a name, I registered domain names for the group, and set up an initial WordPress website and wiki within my DreamHost account. We now had a web presence. We copied our bylaws to the wiki, and set up member and project pages. Since I was one of the members with some business school training, I also agreed to write the business plan.


It took a few months after we selected our first set of officers to work out how to incorporate. None of us had done one before, and we had to read up on the process and discuss how it was going to work with our particular group.

In Alabama, a central registry of all business entities (for-profit and non-profit) is maintained by the Secretary of State. We had to collect addresses and contact information from all of our initial officers and then register our non-profit at the Jefferson County courthouse. Finally, in February 2013, We used first chair’s home address as our mailing address, paid an administrative fee of $150 (plus a bit more to expedite filing), and voila, we were a state-incorporated nonprofit, albeit one with very few assets. As part of our initial standing rules, we specified that we would increase our membership dues when we found a rental location to cover rent and utilities. Three members agreed to cover any shortfalls for the first six months. We considered applying for our 501(c)3 status, but after reading the IRS rules, decided that we needed to file our first 990N (a nonprofit income reporting form) before we could apply. The documentation requirements were also a bit daunting.

Finding a location

Our next step, in between group meetings, was to find a location we could afford to rent. None of us knew what commercial rents were in the city. (We have since learned that most space the size we want lease runs $1,000 – $3,000/month, depending on location and condition.) We thought that we could afford initially afford up to $700/month plus utilities. We preferred less. We toyed around with acquiring a shipping container and making a movable workshop.  We considered subletting basement space from one of our members. One of our members, Trae Watson, spent a lot of time checking out properties.  We looked at one property beside Tom’s Sound that had been flooded, but decided that between limited parking and lack of local flood remediation (at that date) that we didn’t want to be there for the next one.

4023 1st Avenue North, beside Tom's Sound. Busy road, traffic moves fast.

4023 1st Avenue North, beside Tom’s Sound. Busy road, traffic moves fast.

MakeBhm's prospective space in a former factory complex.

MakeBhm’s prospective space in a former factory complex.

We considered sharing a space with another makerspace startup (MakeBhm, incorporated as a for profit, focused on more traditional shop skills). Then, Trae met Andrew Morrow, of Community Properties LLC, who had some space available in Birmingham’s Woodlawn neighborhood, a former medical clinic, available in Woodrow Hall, at a price we could afford. (DISCO, the community non-profit creative writing center, is next door.) Andrew agreed to let us use the space as it was. He gave us a break for the first few months.  We got the keys at the end of September 2013.

View of the former Woodrow Masonic Lodge from the west.

View of the former Woodrow Masonic Lodge from the west.

View of the former Woodrow Masonic Lodge from the east.

View of the former Woodrow Masonic Lodge from the east.

Fixing and adapting the space

There was a lot of work to do. Woodrow Hall was a former Masonic lodge, built in 1914. The construction is solid, but showing it’s age. Most of the first floor was concrete or tile on concrete, with about 10% of the floor being wood on joists over a former coal cellar.

The medical clinic had been built in the late fifties, with drop ceilings to reduce the volume of air that required air-conditioning. There was a four and half foot attic between the false ceiling and the true ceiling, filled with mouse droppings, dust, and some remaining old furniture and files.  The left half of the clinic hadn’t been used for the previous six years – and the lights didn’t work. Nor did the air conditioning. There was a large dead 60’s Westinghouse HVAC unit in the left rear, and former x-ray film darkroom still reeking of film developer. The light fixtures in the right half of the clinic had seen better days. All the electrical outlets were two-prong – and not grounded. There were still some old medical records from the sixties scattered at the back of the space.  On the other hand, the bathrooms were functional, and although we didn’t have hot water (the clinic owner appeared to have removed the hot water heater), the exam room sinks meant that water was available in most of the rooms.

Our first job was to trace and check the wiring in the left half of the clinic, and then if it was good, to replace the old light fixtures with new ones. A few trips to Home Depot later, we had an adequate supply of replacement light fixtures. After two working weekends by five of our members under the supervision of a certified electrician, we had working lights in that side of the space. Next, we reconfigured an office area and three exam rooms into one long room to use as a first workshop. (demolition and reconstruction!) We were careful to preserve materials for reuse.

Our landlord came in with his work crew, took out the old carpet and cleaned up the floors in the front waiting rooms to serve as our first meeting room. One member brought in a fridge and we set up an improvised kitchen in one of the exam rooms. Four members rented out private work spaces from the group to augment our cash flow. That was it for a few months, while we focused on our first group project build, making an LED light matrix to light up the glass blocks above the front windows in the space meeting room.

Group meeting in the front meeting room.

Group meeting in the front meeting room.


As a group, now that we were in a space, and before we started to run classes, we needed to find liability insurance. None of us had done this before. It took a few calls to friends in the insurance business to learn that we needed to talk to a commercial insurer. Most insurance brokers didn’t want to touch us as they had no idea what makerspaces did. As soon as we mentioned “power tools” and “workshop”, they all ran screaming. Eventually, we were directed to commercial insurer, McGriff, Seibel & Williams. It took a few weeks, but our agent, Blake Helveston, eventually found an insurer who had written a few policies and who was familiar with makerspace risk assessment. We obtained not only our policy, but were able to help the Mobile Makerspace and Foomatic in Montgomery obtain their first liability policies. Start to finish, finding an insurer and securing coverage took two and a half months.

We also needed a business plan, to help us prioritize where to spend our energy and resources. Originally, I had planned to write this in the fall of 2013 as part of my capstone class at UAB’s Collat School of Business. But it wasn’t possible within the class format. I did a first round of market research and wrote a first draft during the following January, had a consult with the local Small Business Administration office at the beginning of February, and had a close-to-final draft written by the end of February. Our business plan stayed in that form for most of the following year, until we had more accurate data regarding utilities and who was doing what with regards to shop skills and electronics in the greater Birmingham area. (This information isn’t readily available.) We finally finalized the plan this past February. It currently lays out our plans for the next three years. We will plan to extend that to five years by fall 2015.

We tracked our membership’s dues payments via a spreadsheet and PayPal for most of the first three years. We didn’t have any money to pay for a commercial online CRM (customer relationship management) package — and none of us had experience selecting one for non-profit use. This created a lot of work for the treasurer, and quite a bit of confusion as to how many members we actually had. Neither of our first two treasurers had time for this (our first was managing a new full-time software development job and helping out with a city high school robotics group, our second was writing his PhD thesis) – or to do the research. In August, I designed some paper enrollment forms to standardize the membership information we collected, and to give our volunteers an enrollment checklist to help ensure good new member orientation. Looking back, finding a CRM was of the first things we should have done. We’re resolving that now, and it looks like Wild Apricot will be our final choice. They have a free version with advertising for use by small organizations (less than 50 members), with a website framework, an event management system and calendar, and email list, membership and donor management. The paid version (no advertising) starts at $25/month for up to 50 members, and $50/month for 50 – 200 members, plus access to the API (application programming interface). This is the level we will be paying for, both because of member numbers (a good thing!) and API access. We will use the framework to pull in member information into security access, library loan, and workshop, tool access and training databases. Two of our members are starting the development work later this month.

Building code issues

When we moved into the space and began adapting it to our needs, some of our members were a little lax about finishing renovations completely. They did them sufficiently well for safety and function, but were not thorough about putting switch plates over switches and outlets, patching holes in walls or to trimming out new door frames. It was good enough for their home workshops, why wasn’t it good enough at the makerspace?

This proved to be an issue when we had our required insurance and fire inspections. The local fire code requires that walls be completely finished and gaping holes (such as those where light switches, power outlets and pipes come out) in walls to be completely covered. This is so that if a fire occurs, it is more difficult for the flame to spread into the interior of walls, where it is more difficult for fire fighters to extinguish.

When we had our initial insurance inspection, we were told that we were lacking appropriate exit signage and emergency lighting  (it had never been installed at the medical clinic – they had simply slapped signs on the doors) – and that this would have to be installed in order to maintain the policy. We didn’t have much money to work with. So, once again, volunteers did the work under the supervision of a certified electrician. The signage kits, a new circuit box, conduit and wire came to around $800. The time required was much longer, as two members did the work in and around their day jobs.

We also had to go back through the space, patching walls, reinstalling some trim and installing new switch and electrical outlet plates. We passed our insurance inspection in August, and our city fire inspection in October. Now that we know the reasons for the finishing to this level, it is being done going forward.

In addition, with much enthusiasm, we had started to demolish a portion of the space at the back to open up an area for a larger workshop. Due to finding asbestos (common in old buildings in Birmingham), and needing to remove the Westinghouse HVAC unit, we had to stop for a couple of months, while our landlord’s crew dealt with that between other work assignments. When we were able to resume demolition in May (around our day jobs), we were now working around donated and salvaged equipment that we wanted to keep (that we had stashed into any available space) that made the job more difficult. (Lesson – don’t bring anything not required into your makerspace until you have a place to put it!) During demolition, we realized that we would also need to reroute existing electrical out of where it had been framed over ceilings and in walls up onto structural walls. Again, this took a significant amount of time. The demolition and reconfiguration of the rear space through to what our landlord had requested before his crews came in took nine months.

In order to comply with fire code, this area is now boarded up and isolated from the rest of the space, while we await approval from our landlord on submitted estimates for the cost of finishing the work.

How all this affected membership growth

During this time, we had several waves of enthusiastic new members joining, only to decide that they didn’t want to spend their time building the space instead of their projects. We also had some join who saw the reality, and were willing to accept that it was going to take us time, money and significant effort to build out the group’s infrastructure. Those folks are still with us (we were 38 at the end 2014), and have contributed much time, money and sweat equity.

Making a makerspace – part 2

Call for interest – Women Who Code Birmingham Chapter


If you’re here, you’re interested in forming a chapter of Women Who Code, here in Birmingham.

Women Who Code‘s key initiatives include:

  • Free technical study groups (Ruby, Javascript, iOS, Android, Python, Algorithms)
  • Connecting our community with influential tech experts and investors
  • Career and leadership development
  • Increasing female speakers and judges at conferences and hackathons
  • Increasing participation in the tech community

To join as a founding member, sign-up at Women Who Code BirminghamOnce we hit twenty local women, we’ll set a date for a first organizing meeting.

Edit – Monday May 25th 2015 – local chapter is now live! We’re starting in on Ruby on Rails in June. First Git class running on June 1st.

Hate statistics? Don’t know much about them? Have an hour? Then sit down and watch the best video you’ll ever see that will tell you why statistics are important and how they tell us so very much about our world. Hans Rosling does it again.

« Older posts

© 2015

Theme by Anders NorenUp ↑