Eric SeveranceOne geek's random side-projects2015-01-03T22:46:37Zhttp://www.esev.com/blog/feed/atom/WordPressSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleSubscribe with My Yahoo!Subscribe with NewsGatorSubscribe with BloglinesSubscribe with GoogleEric Severancehttp://esev.com/https://esev.com/blog/?p=3712015-01-03T22:46:37Z2015-01-02T09:21:46Z<p>With the new year, I decided it was time to make a new PGP key. I wanted to keep this key on a <a href="https://www.yubico.com/products/yubikey-hardware/yubikey-neo/" title="Yubikey NEO">Yubikey NEO and NEO-n</a> for every day use. By using hardware tokens like the Yubikey, the private PGP keys never need to be stored on my computer. The PGP keys on the Yubikey can also be used for SSH public-key authentication.</p>
<p/>My current PGP key can always be found at <a href="https://www.esev.com/pgp.key">https://www.esev.com/pgp.key</a>.<br />
<span id="more-371"></span></p>
<h3>Master keys, Subkeys, and User IDs</h3>
<p>OpenPGP keys normally have three parts: a single master key, one or more subkeys, and one or more user ids.</p>
<p/>The master key is the most important key. Having the private half of the master key proves that you own the OpenPGP key. The master key is used to add/remove subkeys as well as to sign/certify other people’s keys. You don’t need to have the master key present for everyday signing and encryption. If possible, the master key should be kept offline and only used when adding or revoking subkeys or when certifying another person’s PGP key.</p>
<p/>Subkeys make maintenance of a OpenPGP key easier. Subkeys can be used for signing data, encrypting data, and/or for authentication. The lifetime and purpose (encrypt,sign,authenticate) of a subkey is controlled by the master key. Subkeys can be added and removed from the PGP key at any time by the owner of the master key.</p>
<p/>Subkeys can be installed on a computer that does not have access to the master key. On that computer, the subkeys will be used for encryption/decryption and signing. If the subkeys (or computer) are ever stolen, the master key can then be used to revoke the stolen subkeys and to add new subkeys to the PGP key. This can all be done without generating a new PGP key as long as the master key was not also stolen.</p>
<p/>For more information about subkeys, see the<a href="https://wiki.debian.org/Subkeys"> Debian wiki page about Subkeys</a>.</p>
<p/>User IDs are used to identify the owner of the OpenPGP key. The User ID normally contains the name and email address of the person who owns the PGP key. User IDs are added to a PGP key using the master key. When another person signs your PGP key, they sign both the public master key and the User ID parts of the PGP key.</p>
<h3>Generating the master key:</h3>
<p>Normally, when generating an OpenPGP key with GnuPG, a master key is created and an encryption key is added as a subkey. The master key can sign data and certify (sign) subkeys; and the encryption subkey is used to receive encrypted messages. The example below shows what the key looks like when choosing the defaults when creating the key.</p>
<pre>
pub 2048R/AAAAAAAA expires: 2y usage: SC
sub 2048R/BBBBBBBB expires: 2y usage: E
</pre>
<p>In the example above, AAAAAAAA is the master key. Its usage is set to allow the key to <b>S</b>ign data and <b>C</b>ertify subkeys. BBBBBBBB is a subkey restricted to being used only for <b>E</b>ncryption.</p>
<p>I don’t really want my master key stored on the Yubikey because if the Yubikey is lost, or my laptop stolen, I would have to revoke the master key and recreate a new PGP key. Instead, I’m going to generate and store the master key on a offline USB drive that is kept in a location that only I can access.</p>
<pre>
pub 3072R/AAAAAAAA expires: 1y usage: C
</pre>
<p>I’ve also removed the ability for the master key to sign data. I don’t plan to have the master key available for daily use and only want the master key to be used for certifying/revoking subkeys and for certifying other people’s PGP keys. Generating the key like this requires the use of the –expert flag for GnuPG.</p>
<pre>
# Make sure to store the master key on the USB drive
> mv .gnupg .gnupg.orig
> ln -s /media/USB .gnupg
# Set GnuPG to prefer strong hash and encryption algorithms
echo "cert-digest-algo SHA512" >> .gnupg/gpg.conf
echo "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" >> .gnupg/gpg.conf
> gpg --expert --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Certify
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Your selection? e
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 3072
Requested keysize is 3072 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri 01 Jan 2016 07:15:54 PM PST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Eric Severance
Email address: esev@esev.com
Comment:
You selected this USER-ID:
"Eric Severance <esev@esev.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
public and secret key created and signed.
pub 3072R/B8EFD59D 2015-01-02 [expires: 2016-01-02]
Key fingerprint = 856B 1F1C EAD0 1FE4 5C4C 6E97 961F 708D B8EF D59D
uid Eric Severance <esev@esev.com>
</pre>
<p>Now that you have the master key, it’s good practice to create a revocation certificate. If you ever lose your PGP key, or forget the passphrase, you can use publish the revocation certificate to inform others that your key is no longer in use.</p>
<pre>
> gpg --gen-revoke B8EFD59D > /media/USB/B8EFD59D-revocation-certificate.asc
Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
1 = Key has been compromised
2 = Key is superseded
3 = Key is no longer used
Q = Cancel
(Probably you want to select 1 here)
Your decision? 3
Enter an optional description; end it with an empty line:
> Using revocation certificate that was generated when key B8EFD59D was
> first created. It is very likely that I have lost access to the
> private key.
>
Reason for revocation: Key is no longer used
Using revocation certificate that was generated when key B8EFD59D was
first created. It is very likely that I have lost access to the
private key.
Is this okay? (y/N) y
ASCII armored output forced.
Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable. But have some caution: The print system of
your machine might store the data and make it available to others!
</pre>
<h3>Generating the encryption subkey</h3>
<p>The next step is to create an encryption subkey. I chose to generate the encryption key using GnuPG, rather than with the Yubikey for a couple of reasons.</p>
<ol>
<li>Private keys that are generated on the Yubikey cannot be removed from the Yubikey. This has a benefit that the private key is never physically on the computer, but it also has the disadvantage that access to all encrypted data is lost if the Yubikey is ever stolen or lost or a new key is generated.</li>
<li>I have multiple Yubikeys and I would like them all to share the same encryption key. If each Yubikey had its own encryption key then people would need to choose which key to use when sending encrypted messages (or remember to choose all keys). On the receiving side, I would need to make sure I have the correct Yubikey plugged in when decrypting a message. Having a single encryption key avoids these issues.
</li>
</ol>
<pre>
> gpg --edit-key B8EFD59D
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri 01 Jan 2016 07:23:39 PM PST
Is this correct? (y/N) y
Really create? (y/N) y
pub 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02 usage: C
trust: ultimate validity: ultimate
sub 2048R/EE86E896 created: 2015-01-02 expires: 2016-01-02 usage: E
[ultimate] (1). Eric Severance <esev@esev.com>
gpg> save
</pre>
<h3>Make a backup of the secret keys</h3>
<p>The encryption key was the last key that will be generated with GnuPG. The remaining keys will be generated directly on the Yubikey. Importing the encryption key into the Yubikey is a destructive process. It will remove the secret key from the GnuPG keyring. This is a good time to make a backup of the secret keys.</p>
<pre>
> gpg --export-secret-key B8EFD59D > \
/media/USB/B8EFD59D-2015-01-01-EE86E896-secret.pgp
</pre>
<h3>Generate the signing and authentication subkeys</h3>
<p>The subkeys for signing and authentication will be unique for each Yubikey. This allows the subkeys to be generated directly on the Yubikey, where the private key cannot be accessed from the computer.</p>
<p/>Before using GnuPG with the Yubikey, download the <a href="http://yubico.github.io/yubikey-personalization/releases.html">ykpersonalize</a> tool and make sure the <a href="https://www.yubico.com/2012/12/yubikey-neo-composite-device/">eject flag is set to 82</a> for OTP and CCID compatibility.</p>
<pre>
> ykpersonalize -m82
Firmware version 3.3.0 Touch level 1290 Program sequence 2
The USB mode will be set to: 0x82
Commit? (y/n) [n]: y
</pre>
<p/>I like to delete the GnuPG secret key and reimport it from a backup each time I initialize the Yubikey. This makes sure the master and encryption keys are present in the GnuPG secret keyring.</p>
<pre>
# Refresh the GnuPG secret keyring from the backup
> gpg --delete-secret-key B8EFD59D
> gpg --import < /media/USB/B8EFD59D-2015-01-01-EE86E896-secret.pgp
> gpg --edit-key B8EFD59D
# First, create the signing key
gpg> addcardkey
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select the type of key to generate:
(1) Signature key
(2) Encryption key
(3) Authentication key
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri Jan 1 22:08:14 2016 PST
Is this correct? (y/N) y
Really create? (y/N) y
pub 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02 usage: C
trust: ultimate validity: ultimate
sub 2048R/EE86E896 created: 2015-01-02 expires: 2016-01-02 usage: E
sub 2048R/79BF574F created: 2015-01-02 expires: 2016-01-02 usage: S
[ultimate] (1). Eric Severance <esev@esev.com>
# Do the same for the authentication key
gpg> addcardkey
Signature key ....: 546D 6A7E EB4B 5B07 B3EA 7373 12E2 68AD 79BF 574F
Encryption key....: [none]
Authentication key: [none]
Please select the type of key to generate:
(1) Signature key
(2) Encryption key
(3) Authentication key
Your selection? 3
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri Jan 1 22:09:41 2016 PST
Is this correct? (y/N) y
Really create? (y/N) y
pub 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02 usage: C
trust: ultimate validity: ultimate
sub 2048R/EE86E896 created: 2015-01-02 expires: 2016-01-02 usage: E
sub 2048R/79BF574F created: 2015-01-02 expires: 2016-01-02 usage: S
sub 2048R/934AE2EE created: 2015-01-02 expires: 2016-01-02 usage: A
[ultimate] (1). Eric Severance <esev@esev.com>
# Use toggle and key to select the private encryption key
gpg> toggle
gpg> key 1
sec 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02
ssb* 2048R/EE86E896 created: 2015-01-02 expires: never
ssb 2048R/79BF574F created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
ssb 2048R/934AE2EE created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
(1) Eric Severance <esev@esev.com>
# Then move the encryption key from the GnuPG keyring to the Yubikey
gpg> keytocard
Signature key ....: 546D 6A7E EB4B 5B07 B3EA 7373 12E2 68AD 79BF 574F
Encryption key....: [none]
Authentication key: DCE4 7FEA 4A72 E525 681C 6207 662E 5CA8 934A E2EE
Please select where to store the key:
(2) Encryption key
Your selection? 2
sec 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02
ssb* 2048R/EE86E896 created: 2015-01-02 expires: never
card-no: 0006 12345678
ssb 2048R/79BF574F created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
ssb 2048R/934AE2EE created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
(1) Eric Severance <esev@esev.com>
gpg> save
</pre>
<p>Repeat the same steps for each Yubikey that will be used with this OpenPGP key.</p>
<h3>Save and Distribute the public OpenPGP key</h3>
<p>When the master key was created, and each time a subkey was created, a public and private RSA key was also generated. The private keys should remain on the USB drive and on the Yubikey. </p>
<p/>The public keys should be distributed to a location where others can find it. I’m choosing to upload them to my website, but an alternative would be to upload them to a <a href="http://en.wikipedia.org/wiki/Key_server_(cryptographic)#Keyserver_examples">public keyserver</a>.</p>
<p>Once a location has been chosen, it’s a good idea to embed the location into the PGP key. That way users know where to find the version of the key with the most up-to-date signatures, subkeys, and revocations. GnuPG can also automatically fetch the latest version of the key with –refresh-keys if the location is embedded within the key. The keyserver command embeds a URL to this key within the public PGP key.</p>
<pre>
> gpg --edit-key B8EFD59D
gpg> keyserver
Enter your preferred keyserver URL: https://www.esev.com/static/B8EFD59D.asc
gpg> showpref
[ultimate] (1). Eric Severance <esev@esev.com>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Preferred keyserver: https://www.esev.com/static/B8EFD59D.asc
gpg> save
# Backup the public key
> gpg --armor --export B8EFD59D > B8EFD59D.asc
# Upload it to the website
# > scp B8EFD59D.asc user@server:public_html/static/B8EFD59D.asc
# Or upload it to a keyserver
> gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-key B8EFD59D
</pre>
<h3>Remove the master key and update the Yubikey</h3>
<p>At this point, the USB drive can be disconnected and the original .gnupg directory restored.</p>
<pre>
# Remove the symlink pointing to /media/USB
> rm .gnupg
# Replace the original directory
> mv .gnupg.orig .gnupg
</pre>
<p>The next step is to change the Yubikey PINs and import the public key.</p>
<pre>
> gpg --card-edit
Application ID ...: D2760001240102000006123456780000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 12345678
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 2
Signature key ....: 546D 6A7E EB4B 5B07 B3EA 7373 12E2 68AD 79BF 574F
created ....: 2015-01-02 06:08:04
Encryption key....: 2D45 A494 1428 C03C 45A9 47C0 19C9 D37E EE86 E896
created ....: 2015-01-02 03:23:39
Authentication key: DCE4 7FEA 4A72 E525 681C 6207 662E 5CA8 934A E2EE
created ....: 2015-01-02 06:09:40
General key info..: [none]
gpg/card> admin
Admin commands are allowed
# Change the PIN and Admin PINs
gpg/card> passwd
gpg: OpenPGP card no. D2760001240102000006123456780000 detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 1
PIN changed.
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 3
PIN changed.
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? q
# Make sure the PIN is entered before signing
gpg/card> forcesig
# Set the URL where the OpenPGP public key can be found.
gpg/card> url
URL to retrieve public key: https://www.esev.com/static/B8EFD59D.asc
# Fetch the public key into the local keyring
gpg/card> fetch
gpg/card> quit
# Finally, populate the secret keyring with stub keys that point to the Yubikey
> gpg --card-status
Application ID ...: D2760001240102000006123456780000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 12345678
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : https://www.esev.com/static/B8EFD59D.asc
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 2
Signature key ....: 546D 6A7E EB4B 5B07 B3EA 7373 12E2 68AD 79BF 574F
created ....: 2015-01-02 06:08:04
Encryption key....: 2D45 A494 1428 C03C 45A9 47C0 19C9 D37E EE86 E896
created ....: 2015-01-02 03:23:39
Authentication key: DCE4 7FEA 4A72 E525 681C 6207 662E 5CA8 934A E2EE
created ....: 2015-01-02 06:09:40
General key info..: pub 2048R/79BF574F 2015-01-02 Eric Severance <esev@esev.com>
sec# 3072R/B8EFD59D created: 2015-01-02 expires: 2016-01-02
ssb> 2048R/EE86E896 created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
ssb> 2048R/79BF574F created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
ssb> 2048R/934AE2EE created: 2015-01-02 expires: 2016-01-02
card-no: 0006 12345678
</pre>
<p>Notice how the master key has “sec#”. The “#” at the end means that the private key is not present. It is stored on the USB drive (which should be removed and stored in a safe location now). You can also verify this with gpg -K</p>
<pre>
> gpg -K
sec# 3072R/B8EFD59D 2015-01-02 [expires: 2016-01-02]
uid Eric Severance <esev@esev.com>
ssb> 2048R/EE86E896 2015-01-02
ssb> 2048R/79BF574F 2015-01-02
ssb> 2048R/934AE2EE 2015-01-02
</pre>
<h3>Setup SSH authentication</h3>
<p>You may have noticed that a separate subkey was generated on the Yubikey for authentication. The authentication subkey can be used with OpenSSH to login to a server with public key authentication. The GnuPG gpg-agent has a flag, –enable-ssh-support, that allows it to function as a ssh-agent. </p>
<pre>
> gpg-agent --daemon --enable-ssh-support --write-env-file ~/.gpg-agent-info
GPG_AGENT_INFO=/tmp/gpg-Z74lEJ/S.gpg-agent:25585:1; export GPG_AGENT_INFO;
SSH_AUTH_SOCK=/tmp/gpg-KS5kJr/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
SSH_AGENT_PID=25585; export SSH_AGENT_PID;
</pre>
<p>Copy-and-paste the environment variables into your terminal to enable support for the gpg-agent. The variables are also stored in ~/.gpg-agent-info which can be sourced in .bash_profile when logging in.</p>
<p>OpenPGP public keys can be converted into SSH public keys using gpgkey2ssh. Specify the id of the authentication subkey when running gpgkey2ssh.</p>
<pre>
> gpgkey2ssh 934AE2EE
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA ... oSFl8ZpqJ COMMENT
</pre>
<p>This key can then be added to ~/.ssh/authorized_keys on a remote server. The private key, stored on the Yubikey, will be used when connecting to the remote server.</p>
<h3>Key Sizes and Expirations</h3>
<p>Currently, 2048-bit is the largest key size supported on the Yubikey. According to Digicert, 2048-bit RSA keys are strong enough to last more than a lifetime. Digicert’s “<a href="https://www.digicert.com/TimeTravel/">The Strength of an SSL Certificate page</a>” has a video and a link to the math behind this logic. </p>
<p/>I’m hoping to never have to generate another master key. I’ve increased the key size on the master key to 3072-bits, which is recommended by NIST, in <a href="http://csrc.nist.gov/publications/PubsSPs.html#800-57-part1">SP 800-57 Part 1</a>, for keys that should last beyond the year 2031.</p>
<p/>It is possible to generate 4096-bit RSA keys with GnuPG but <a href="http://lists.gnupg.org/pipermail/gnupg-users/2013-October/047979.html">multiple</a> <a href="http://lists.gnupg.org/pipermail/gnupg-users/2012-May/044233.html">sources</a> on the GnuPG mailing list have suggested RSA keys beyond 3072-bits are not adding much in terms of additional security to justify the additional CPU resources required. Beyond 3072-bits, it is better to use Elliptic Curve (EC/ECC) keys instead of RSA. Unfortunately, today ECC keys aren’t widely supported in OpenGPG. Maybe by 2031 we’ll be using ECC keys in OpenPGP and it will make sense to generate a new key then. </p>
<p/>I’ve chosen a key lifetime of one year based on some <a href="https://help.riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years">best practices for OpenPGP keys</a>. There are others who have <a href="http://madduck.net/blog/2006.06.20:expiring-gpg/">made the argument for non-expiring master keys</a>, but I think setting an expiration on the master key will encourage users to update the key at least once per year to receive new/revoked subkeys.</p>
<h3>Additional Resources</h3>
<ul>
<li>Yubico product website for the <a href="https://www.yubico.com/products/yubikey-hardware/yubikey-neo/">Yubikey NEO and NEO-n</a></li>
<li>Yubico’s page about <a href="https://www.yubico.com/2012/12/yubikey-neo-openpgp/">Yubikey NEO and OpenPGP</a></li>
<li>Yubico forum how-to post about <a href="http://forum.yubico.com/viewtopic.php?f=26&t=1171">Yubikey NEO, OpenPGP, OpenSSH authentication</a> describes more detail on how to set this up on a Mac</li>
<li>Another reference, by <a href="https://blog.habets.se/">Thomas Habets</a>, about <a href="https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO">GPG and SSH with Yubikey NEO</a>.</li>
<li>GnuPG handbook page for OpenPGP <a href="https://www.gnupg.org/gph/en/manual/c235.html">key management</a>.</li>
<li>The <a href="http://g10code.com/p-card.html">OpenPGP Smartcard</a>, an alternative to the Yubikey for storing OpenPGP keys in hardware tokens.</li>
<li><a href="https://wiki.debian.org/Subkeys">Debian wiki for Subkeys</a> has good resources for creating subkeys and using them instead of a master key.</li>
</ul>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2015-01-pgp-ssh-key-on-yubikey-neo%2F&title=PGP%20and%20SSH%20keys%20on%20a%20Yubikey%20NEO" id="wpa2a_2"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/KhgsUDz-wdY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/YKdrwdbw5Go" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kNwiSHSKaAw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9r_52tA96JM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Mkxf7hMGdfs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/O3lVyXtlCLI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/WGVaFYbfmgI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZvK4gLkg6X0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/4DxH0HIOP_A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/inNme4N0qD4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8kuIS6ZKzIs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/W7X6OOzzDVo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/WkFMuRNtYF0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8eLg78h5KSA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vGCdvOjVsyA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PXucIRhsGWE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/T4Xgk7LQ0PI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qP39tyDWpEI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qOiNGpUM65Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JjWMdlhCUSE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zgJ2JxiyhD8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/KSp6xHLv9tw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZD7d4V93CSA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uNo7AaOynQo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/cSEkcxIiKrw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ekCFj2vCWak" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NxaYGcrJ68M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ho77ul2xZNk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/my2CXpvuB0w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9CDk67c7Rn4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0CChXee4dV4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Am2yIqmyWIo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/FcHtlZCdgI0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/w0ly4qiMuPM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hFkXF4tax3Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/93iSvOxIo_Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NvYPbX2LPI4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tHCukb8h7k0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/xOqwNpOVTPo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_XHyHxHHVqk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/KRXV-HL2dE0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OVA0XXRLeWo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XlFWOyxxnXk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_D8ACsd00ik" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Lfd5H6AUzAY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8tm1I3ePdPo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SFpJij2rB7E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/yRdMuwpPXR8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZpFq4P3J9m8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/6SsNy6nLByI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oMKCCIlMzp4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/3FXNvVXYq4I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/u_KTeSFO-NY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DZ9uB2fsCqY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/4ZWcjvZaDZ8" height="1" width="1" alt=""/>0http://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/http://feedproxy.google.com/~r/esev/~3/KhgsUDz-wdY/http://feedproxy.google.com/~r/esev/~3/YKdrwdbw5Go/http://feedproxy.google.com/~r/esev/~3/kNwiSHSKaAw/http://feedproxy.google.com/~r/esev/~3/9r_52tA96JM/http://feedproxy.google.com/~r/esev/~3/Mkxf7hMGdfs/http://feedproxy.google.com/~r/esev/~3/O3lVyXtlCLI/http://feedproxy.google.com/~r/esev/~3/WGVaFYbfmgI/http://feedproxy.google.com/~r/esev/~3/ZvK4gLkg6X0/http://feedproxy.google.com/~r/esev/~3/4DxH0HIOP_A/http://feedproxy.google.com/~r/esev/~3/inNme4N0qD4/http://feedproxy.google.com/~r/esev/~3/8kuIS6ZKzIs/http://feedproxy.google.com/~r/esev/~3/W7X6OOzzDVo/http://feedproxy.google.com/~r/esev/~3/WkFMuRNtYF0/http://feedproxy.google.com/~r/esev/~3/8eLg78h5KSA/http://feedproxy.google.com/~r/esev/~3/vGCdvOjVsyA/http://feedproxy.google.com/~r/esev/~3/PXucIRhsGWE/http://feedproxy.google.com/~r/esev/~3/T4Xgk7LQ0PI/http://feedproxy.google.com/~r/esev/~3/qP39tyDWpEI/http://feedproxy.google.com/~r/esev/~3/qOiNGpUM65Q/http://feedproxy.google.com/~r/esev/~3/JjWMdlhCUSE/http://feedproxy.google.com/~r/esev/~3/zgJ2JxiyhD8/http://feedproxy.google.com/~r/esev/~3/KSp6xHLv9tw/http://feedproxy.google.com/~r/esev/~3/ZD7d4V93CSA/http://feedproxy.google.com/~r/esev/~3/uNo7AaOynQo/http://feedproxy.google.com/~r/esev/~3/cSEkcxIiKrw/http://feedproxy.google.com/~r/esev/~3/ekCFj2vCWak/http://feedproxy.google.com/~r/esev/~3/NxaYGcrJ68M/http://feedproxy.google.com/~r/esev/~3/ho77ul2xZNk/http://feedproxy.google.com/~r/esev/~3/my2CXpvuB0w/http://feedproxy.google.com/~r/esev/~3/9CDk67c7Rn4/http://feedproxy.google.com/~r/esev/~3/0CChXee4dV4/http://feedproxy.google.com/~r/esev/~3/Am2yIqmyWIo/http://feedproxy.google.com/~r/esev/~3/FcHtlZCdgI0/http://feedproxy.google.com/~r/esev/~3/w0ly4qiMuPM/http://feedproxy.google.com/~r/esev/~3/hFkXF4tax3Y/http://feedproxy.google.com/~r/esev/~3/93iSvOxIo_Y/http://feedproxy.google.com/~r/esev/~3/NvYPbX2LPI4/http://feedproxy.google.com/~r/esev/~3/tHCukb8h7k0/http://feedproxy.google.com/~r/esev/~3/xOqwNpOVTPo/http://feedproxy.google.com/~r/esev/~3/_XHyHxHHVqk/http://feedproxy.google.com/~r/esev/~3/KRXV-HL2dE0/http://feedproxy.google.com/~r/esev/~3/OVA0XXRLeWo/http://feedproxy.google.com/~r/esev/~3/XlFWOyxxnXk/http://feedproxy.google.com/~r/esev/~3/_D8ACsd00ik/http://feedproxy.google.com/~r/esev/~3/Lfd5H6AUzAY/http://feedproxy.google.com/~r/esev/~3/8tm1I3ePdPo/http://feedproxy.google.com/~r/esev/~3/SFpJij2rB7E/http://feedproxy.google.com/~r/esev/~3/yRdMuwpPXR8/http://feedproxy.google.com/~r/esev/~3/ZpFq4P3J9m8/http://feedproxy.google.com/~r/esev/~3/6SsNy6nLByI/http://feedproxy.google.com/~r/esev/~3/oMKCCIlMzp4/http://feedproxy.google.com/~r/esev/~3/3FXNvVXYq4I/http://feedproxy.google.com/~r/esev/~3/u_KTeSFO-NY/http://feedproxy.google.com/~r/esev/~3/DZ9uB2fsCqY/Eric Severancehttp://esev.com/https://esev.com/blog/?p=3652013-10-01T05:50:29Z2013-10-01T05:50:29Z<p>I’ve been getting more interested in honeypots recently. This past spring, I setup a honeypot to learn more about what folks do once they successfully brute-force login to an SSH server. The concept was simple, setup a linux VM with common usernames and passwords (i.e. mysql/mysql, user/user, admin/admin, etc.) and wait to see what happens.</p>
<p>I created an isolated bridge network on my linux server, then setup a CentOS VM inside KVM. I used iptables to rate-limit the number of outbound connection to only 2/minute, to prevent anyone who logged into the honeypot from using my VM to do much damage to anyone else on the internet. I also used the iptables NFLOG target to save a copy of all packets to/from the VM so that I could analyze the traffic later.</p>
<p>I needed some way to monitor what happened within the VM without tipping off whoever was logging in to the VM that they were being monitored. So I turned on system call auditing as well as TTY auditing. Normally these log messages would be dumped out to /var/log via syslog, which would alert someone to the fact that everything they were doing was being logged and might cause them to cover their tracks. To prevent any of this logging, I modified the syslog configuration to suppress the audit logs from going to log files in the VM and redirected them to a serial port in the VM that was connected to a log file on the VM server host. This allowed me to monitor all system calls made by software they installed as well as anything they typed on the terminal in their ssh session. I wrote some python scripts to filter through the data and pull out just the details I was interested in.</p>
<p>In addition to all the monitoring within the VM, I also setup sslsplit and a fake certificate authority to capture any HTTPS traffic that left the VM. All TCP 443 traffic exiting the VM was sent to sslsplit, which performed SSL man-in-the-middle to decode the traffic. The fake certificate authority was added to the trusted CAs within the VM, so there wouldn’t be any security warnings.</p>
<p>With most of the setup part of the project complete, I enabled the NAT rules to forward SSH traffic over to the VM. Within 4 hours I had my first login. Over the course of the next week, all of the user accounts I had setup had been brute forced.</p>
<p>It was interesting to see what the folks who logged into my VM were up to, but it wasn’t too surprising. The people who accessed my VM were mainly interested in using the SOCKS proxy built-in to SSH to browse the internet. They did ignore the SSL warnings in their browser and continue to SSL websites. One installed an IRC bot. One installed their SSH brute-force tool and attempted to scan for more victims. Another attempted to run local privilege escalation exploits that did not apply to the version of CentOS my VM was running.</p>
<p>When I get some more time, I’d like to work more on the networking plumbing for the honeypot VM. Currently, I only run this from my home IP address and am limited to only one VM. I’d like to be able to cycle IP addresses more frequently, so my plan is to purchase a few cheap linux VPS systems and add a few IP addresses to them. I wouldn’t run any of the honeypot software on the VPS, but instead install OpenVPN and forward all traffic for the secondary IPs back to a central honeypot router/firewall running on my home network. From the honeypot router, I’d use NAT to forward the traffic to and from the individual VMs, making the OpenVPN connection and honeypot router transparent to anyone interacting with the honeypot.</p>
<div id="attachment_366" style="width: 310px" class="wp-caption aligncenter"><a href="https://www.esev.com/blog/wp-content/uploads/2013/10/honeypotrouter.gif"><img src="https://www.esev.com/blog/wp-content/uploads/2013/10/honeypotrouter-300x155.gif" alt="Honeypot router concept" width="300" height="155" class="size-medium wp-image-366" /></a><p class="wp-caption-text">Honeypot router concept</p></div>
<p>Once that is all setup, I’d like to test Tor exit nodes to see which operators are inspecting traffic. My plan is to setup several IP addresses and VMs, then login to each of them as root, over telnet or FTP, from specific Tor exit nodes and see what happens.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2013-10-fun-with-honeypots%2F&title=Fun%20with%20honeypots" id="wpa2a_4"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/zV4AZpYBTPs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GspmIYCSJz4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kxl8OV_cJRQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0Mh9U4KkxOM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mskHMqj-BUw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/RvJ_RV6YDZA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/z13vtWLdXWs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/3r-RrgV-v5A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uNiftwJdukY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/I52R01xRodo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/jfia9YBOGp4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Y-9ihdWRyUw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qdA2UWGPu0Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Vodz4Kd1P8Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vBGiK2HoQEU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Z7U6Jn9h7LY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/b1UTODEHhLQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Bx499mETYHs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/t0CtGN_zjzk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Vu9Rvncp2bs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/S-sDjHj8ehE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XPrwIuykFuE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Tt1dKLsp4NE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/rA_DZmWK7Zk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/sZOTLxufpTM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-U6H4Ic8FcY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IDSLlC4NT9o" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/U6N-Ep67au4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/VO4cTchv8Ow" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7LG1cOkud_A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/r4oNg5RPnQE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/QkyIIg2Zg8U" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9OXvWNI943I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/awZk59zfjvg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/aUViI-G6U6w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/MFAfYXmii8E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Tar4b69ILHI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8SjBAB6TBN4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vcAcSPyAZJg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Oj0SyumZQAI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Oi6YPchUj6s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/x4NNtF5TJcE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/6HAQFh4P-uE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5zLM1RbkkSo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NbPRxTH_VwI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2wUKEHGq0eE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SYPPiSwwKBU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DhfOr_eT7Fg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZMSwisW-kwI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zG_0qJ7vjyQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9mCStRSGnKU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZVQvAakgs1I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/En87AtcF__0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qQMVQS1Vx94" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hRqCstam0y8" height="1" width="1" alt=""/>1http://www.esev.com/blog/post/2013-10-fun-with-honeypots/http://feedproxy.google.com/~r/esev/~3/zV4AZpYBTPs/http://feedproxy.google.com/~r/esev/~3/GspmIYCSJz4/http://feedproxy.google.com/~r/esev/~3/kxl8OV_cJRQ/http://feedproxy.google.com/~r/esev/~3/0Mh9U4KkxOM/http://feedproxy.google.com/~r/esev/~3/mskHMqj-BUw/http://feedproxy.google.com/~r/esev/~3/RvJ_RV6YDZA/http://feedproxy.google.com/~r/esev/~3/z13vtWLdXWs/http://feedproxy.google.com/~r/esev/~3/3r-RrgV-v5A/http://feedproxy.google.com/~r/esev/~3/uNiftwJdukY/http://feedproxy.google.com/~r/esev/~3/I52R01xRodo/http://feedproxy.google.com/~r/esev/~3/jfia9YBOGp4/http://feedproxy.google.com/~r/esev/~3/Y-9ihdWRyUw/http://feedproxy.google.com/~r/esev/~3/qdA2UWGPu0Q/http://feedproxy.google.com/~r/esev/~3/Vodz4Kd1P8Q/http://feedproxy.google.com/~r/esev/~3/vBGiK2HoQEU/http://feedproxy.google.com/~r/esev/~3/Z7U6Jn9h7LY/http://feedproxy.google.com/~r/esev/~3/b1UTODEHhLQ/http://feedproxy.google.com/~r/esev/~3/Bx499mETYHs/http://feedproxy.google.com/~r/esev/~3/t0CtGN_zjzk/http://feedproxy.google.com/~r/esev/~3/Vu9Rvncp2bs/http://feedproxy.google.com/~r/esev/~3/S-sDjHj8ehE/http://feedproxy.google.com/~r/esev/~3/XPrwIuykFuE/http://feedproxy.google.com/~r/esev/~3/Tt1dKLsp4NE/http://feedproxy.google.com/~r/esev/~3/rA_DZmWK7Zk/http://feedproxy.google.com/~r/esev/~3/sZOTLxufpTM/http://feedproxy.google.com/~r/esev/~3/-U6H4Ic8FcY/http://feedproxy.google.com/~r/esev/~3/IDSLlC4NT9o/http://feedproxy.google.com/~r/esev/~3/U6N-Ep67au4/http://feedproxy.google.com/~r/esev/~3/VO4cTchv8Ow/http://feedproxy.google.com/~r/esev/~3/7LG1cOkud_A/http://feedproxy.google.com/~r/esev/~3/r4oNg5RPnQE/http://feedproxy.google.com/~r/esev/~3/QkyIIg2Zg8U/http://feedproxy.google.com/~r/esev/~3/9OXvWNI943I/http://feedproxy.google.com/~r/esev/~3/awZk59zfjvg/http://feedproxy.google.com/~r/esev/~3/aUViI-G6U6w/http://feedproxy.google.com/~r/esev/~3/MFAfYXmii8E/http://feedproxy.google.com/~r/esev/~3/Tar4b69ILHI/http://feedproxy.google.com/~r/esev/~3/8SjBAB6TBN4/http://feedproxy.google.com/~r/esev/~3/vcAcSPyAZJg/http://feedproxy.google.com/~r/esev/~3/Oj0SyumZQAI/http://feedproxy.google.com/~r/esev/~3/Oi6YPchUj6s/http://feedproxy.google.com/~r/esev/~3/x4NNtF5TJcE/http://feedproxy.google.com/~r/esev/~3/6HAQFh4P-uE/http://feedproxy.google.com/~r/esev/~3/5zLM1RbkkSo/http://feedproxy.google.com/~r/esev/~3/NbPRxTH_VwI/http://feedproxy.google.com/~r/esev/~3/2wUKEHGq0eE/http://feedproxy.google.com/~r/esev/~3/SYPPiSwwKBU/http://feedproxy.google.com/~r/esev/~3/DhfOr_eT7Fg/http://feedproxy.google.com/~r/esev/~3/ZMSwisW-kwI/http://feedproxy.google.com/~r/esev/~3/zG_0qJ7vjyQ/http://feedproxy.google.com/~r/esev/~3/9mCStRSGnKU/http://feedproxy.google.com/~r/esev/~3/ZVQvAakgs1I/http://feedproxy.google.com/~r/esev/~3/En87AtcF__0/http://feedproxy.google.com/~r/esev/~3/qQMVQS1Vx94/Eric Severancehttp://esev.com/https://esev.com/blog/?p=3612013-08-27T01:18:37Z2013-08-27T01:18:37Z<p>I have a solar powered <a href="/solarstats">home</a>. Well, sort of. It is a <a href="https://en.wikipedia.org/wiki/Grid-tie_inverter">grid-tied</a> solar system, meaning when it is sunny outside our solar panels produce more power than we use and we bank that power with our utility company. At night time, we draw from the power we banked during the day.</p>
<p>I have a <a href="http://www.theenergydetective.com/ted5000.html">TED5000</a> energy monitor to keep tabs on how much power we are producing and how much we are consuming. The TED5000 is great, but the interface is a bit lacking for me. It has all the information I need, but it is buried in several different screens. Answering the questions how much solar power did we generate today, or what was our net usage, or did we ever produce more than we used during a day are not immediately visible on the interface.</p>
<p>I had been wanting to teach myself <a href="http://jquery.com">jQuery</a>, so when I found <a href="http://www.jqplot.com/">jqPlot</a> it seemed like the right time to dive in and make a new interface. The result, a real time view into our daily energy production and consumption.</p>
<p><a href="https://www.esev.com/blog/wp-content/uploads/2013/08/tedgraph-v1.gif"><img src="https://www.esev.com/blog/wp-content/uploads/2013/08/tedgraph-v1-300x106.gif" alt="Daily energy graph" width="300" height="106" class="aligncenter size-medium wp-image-362" /></a></p>
<p>The time of day is represented on the X-axis and is updated every 5 minutes with the latest data from the TED5000. The left Y-axis shows the average power during the 5 minute period and is related to the green and red lines on the graph. The right Y-axis shows the total energy produced and is related to the area curves on the graph. Green represents solar production and red represents energy consumption. Finally, the number in the upper-left of the graph is updated every 5 seconds and displays the current net power.</p>
<p>I still use the TED5000 for its monthly estimates, but the new jqPlot powered display is a nice new way to see the data.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2013-08-solar-monitor-with-jqplot-and-ted5000%2F&title=Solar%20monitor%20with%20jqPlot%20and%20TED5000" id="wpa2a_6"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/98CwdwSRASs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/QZxErMDxnT4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/R8ux7dl0LHM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SgJ7FTridnE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oaqr4bSjB1w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7Rbjkimytiw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wamKw0DmjHc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qXj0m6Mwcok" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5f7Yr64_nO4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/U86LZmg1ZQk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tTb5Vq2z_tY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fGQSnDJRGBA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/LgrvFMuUND8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qENMp18a0-0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vwoE630qz84" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/x_pMI3UjZXc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/YsWSRJNMUpM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BWWDZsQ1sRI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/nZGXgAwr1MM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Iy7Pm2d6ZsY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oictXQ52Kz4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qkSsbXWL-5U" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mHR4qS3kMLs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DbxRqQ7e92U" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/yvhibFuit9I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qmYuEFARk_Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wK7y2quuqIU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/O2oLWD8C7gg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zihieIXwm4E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Qdh_QT9dQK0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Tp6Yy61Gnh0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Axf2KUyWR-c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/l-CpQUH-0n0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8AdCn_pB5Zs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bU9s77GH3qc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XpJjBX-4RTg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/e_vB8ur1leM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Z8d9Qpemajo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ahppZ6Krh8M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dgBU5zzYUsM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bR2_xKY-Sdg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/eBB2jbrbtNs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/RsB0O266J2s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mfQfPsCYVKY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2AS4Hx38DWc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/3xminfZA-IY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zZuRlTa7K28" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/WXat3KrKZR4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Id-DdUu9GMY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/k7VJNYoIFLU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Vj7DGvsoCII" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/k9flmxnbzEE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/xpy9Qj-FG7s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TLYW2Ma4GlI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PeTnelNoLsY" height="1" width="1" alt=""/>4http://www.esev.com/blog/post/2013-08-solar-monitor-with-jqplot-and-ted5000/http://feedproxy.google.com/~r/esev/~3/98CwdwSRASs/http://feedproxy.google.com/~r/esev/~3/QZxErMDxnT4/http://feedproxy.google.com/~r/esev/~3/R8ux7dl0LHM/http://feedproxy.google.com/~r/esev/~3/SgJ7FTridnE/http://feedproxy.google.com/~r/esev/~3/oaqr4bSjB1w/http://feedproxy.google.com/~r/esev/~3/7Rbjkimytiw/http://feedproxy.google.com/~r/esev/~3/wamKw0DmjHc/http://feedproxy.google.com/~r/esev/~3/qXj0m6Mwcok/http://feedproxy.google.com/~r/esev/~3/5f7Yr64_nO4/http://feedproxy.google.com/~r/esev/~3/U86LZmg1ZQk/http://feedproxy.google.com/~r/esev/~3/tTb5Vq2z_tY/http://feedproxy.google.com/~r/esev/~3/fGQSnDJRGBA/http://feedproxy.google.com/~r/esev/~3/LgrvFMuUND8/http://feedproxy.google.com/~r/esev/~3/qENMp18a0-0/http://feedproxy.google.com/~r/esev/~3/vwoE630qz84/http://feedproxy.google.com/~r/esev/~3/x_pMI3UjZXc/http://feedproxy.google.com/~r/esev/~3/YsWSRJNMUpM/http://feedproxy.google.com/~r/esev/~3/BWWDZsQ1sRI/http://feedproxy.google.com/~r/esev/~3/nZGXgAwr1MM/http://feedproxy.google.com/~r/esev/~3/Iy7Pm2d6ZsY/http://feedproxy.google.com/~r/esev/~3/oictXQ52Kz4/http://feedproxy.google.com/~r/esev/~3/qkSsbXWL-5U/http://feedproxy.google.com/~r/esev/~3/mHR4qS3kMLs/http://feedproxy.google.com/~r/esev/~3/DbxRqQ7e92U/http://feedproxy.google.com/~r/esev/~3/yvhibFuit9I/http://feedproxy.google.com/~r/esev/~3/qmYuEFARk_Y/http://feedproxy.google.com/~r/esev/~3/wK7y2quuqIU/http://feedproxy.google.com/~r/esev/~3/O2oLWD8C7gg/http://feedproxy.google.com/~r/esev/~3/zihieIXwm4E/http://feedproxy.google.com/~r/esev/~3/Qdh_QT9dQK0/http://feedproxy.google.com/~r/esev/~3/Tp6Yy61Gnh0/http://feedproxy.google.com/~r/esev/~3/Axf2KUyWR-c/http://feedproxy.google.com/~r/esev/~3/l-CpQUH-0n0/http://feedproxy.google.com/~r/esev/~3/8AdCn_pB5Zs/http://feedproxy.google.com/~r/esev/~3/bU9s77GH3qc/http://feedproxy.google.com/~r/esev/~3/XpJjBX-4RTg/http://feedproxy.google.com/~r/esev/~3/e_vB8ur1leM/http://feedproxy.google.com/~r/esev/~3/Z8d9Qpemajo/http://feedproxy.google.com/~r/esev/~3/ahppZ6Krh8M/http://feedproxy.google.com/~r/esev/~3/dgBU5zzYUsM/http://feedproxy.google.com/~r/esev/~3/bR2_xKY-Sdg/http://feedproxy.google.com/~r/esev/~3/eBB2jbrbtNs/http://feedproxy.google.com/~r/esev/~3/RsB0O266J2s/http://feedproxy.google.com/~r/esev/~3/mfQfPsCYVKY/http://feedproxy.google.com/~r/esev/~3/2AS4Hx38DWc/http://feedproxy.google.com/~r/esev/~3/3xminfZA-IY/http://feedproxy.google.com/~r/esev/~3/zZuRlTa7K28/http://feedproxy.google.com/~r/esev/~3/WXat3KrKZR4/http://feedproxy.google.com/~r/esev/~3/Id-DdUu9GMY/http://feedproxy.google.com/~r/esev/~3/k7VJNYoIFLU/http://feedproxy.google.com/~r/esev/~3/Vj7DGvsoCII/http://feedproxy.google.com/~r/esev/~3/k9flmxnbzEE/http://feedproxy.google.com/~r/esev/~3/xpy9Qj-FG7s/http://feedproxy.google.com/~r/esev/~3/TLYW2Ma4GlI/Eric Severancehttp://esev.com/https://esev.com/blog/?p=3482013-08-26T13:44:32Z2013-08-26T02:26:18Z<p>This blog is run using WordPress. <a href="http://www.wordpress.org/" title="Wordpress">WordPress</a> does not have the best record for having bug free software. To make sure esev.com doesn’t get overrun by viruses, I’ve taken a few additional steps to secure the site. All these steps follow the simple idea that, if it isn’t needed for an average viewer of the blog, disable it.</p>
<p><strong>1. Allow only http GET requests</strong><br />
Most of the changes to a WordPress blog happen with POST requests. By limiting the server to only servicing GET requests, very few modifications can be made to the blog. Of course, this means that none of the administration functions work. More on that in a bit.</p>
<p><strong>2. Deny access to the administration pages</strong><br />
Most of the administration pages are stored in the wp-admin directory. These administration pages allow the blog owner to create new blog posts, add plugins, and customize the site. By denying access to the administration pages, nobody can use those pages to make changes to the blog.</p>
<p><strong>3. Deny access to the login page</strong><br />
Again, if nobody can login to the blog, it’ll make it much harder for anyone to make changes to the blog.</p>
<p><strong>4. Use an external comment system</strong><br />
The built-in comment system requires use of http POST requests. Those were disabled by #1. Using the built-in comment system can lead to a lot comment spam to. Use a comment provider, like Discus or IntenseDebate and you’ll be handing off the spam filtering to them.</p>
<p>With the blog locked down tightly using the above recommendations, it becomes hard to make any changes, even for the blog’s administrator. To allow an admin to access the blog, configure the web server to require SSL and http digest authentication for any action that could modify the blog.</p>
<p>To configure this for <a href="http://httpd.apache.org/">Apache</a>, first setup the digest authentication:</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="xml" style="font-family:monospace;"> AuthType Digest
AuthName "esev"
AuthDigestDomain /blog/wp-admin/
AuthDigestProvider file
AuthUserFile /path/to/htdigest.password/file</pre></td></tr></table></div>
<p>Then configure the additional restrictions. To limit the web server to only accepting GET requests add this:</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="xml" style="font-family:monospace;"> <span style="color: #009900;"><span style="color: #000000; font-weight: bold;"><LocationMatch</span> <span style="color: #ff0000;">"^/(?!(blog/(wp-cron|index)\.php))"</span><span style="color: #000000; font-weight: bold;">></span></span>
<span style="color: #009900;"><span style="color: #000000; font-weight: bold;"><LimitExcept</span> GET<span style="color: #000000; font-weight: bold;">></span></span>
Require valid-user
<span style="color: #009900;"><span style="color: #000000; font-weight: bold;"></LimitExcept<span style="color: #000000; font-weight: bold;">></span></span></span>
<span style="color: #009900;"><span style="color: #000000; font-weight: bold;"></LocationMatch<span style="color: #000000; font-weight: bold;">></span></span></span></pre></td></tr></table></div>
<p>If a request for a request, other than a GET, arrives at the web server, the client is presented with a http digest authentication dialog. Without the proper username or password, these requests will be denied.</p>
<p>Access to all of the administration pages should be denied. The following configuration section for Apache takes care of this, and allows the blog administrator to bypass the restrictions by logging in.</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="xml" style="font-family:monospace;"> <span style="color: #009900;"><span style="color: #000000; font-weight: bold;"><LocationMatch</span> <span style="color: #ff0000;">"^/+(blog/+(wp-login\.php|wp-admin)|$))"</span><span style="color: #000000; font-weight: bold;">></span></span>
Require valid-user
<span style="color: #009900;"><span style="color: #000000; font-weight: bold;"></LocationMatch<span style="color: #000000; font-weight: bold;">></span></span></span></pre></td></tr></table></div>
<p>Sure, the http authentication dialog box looks a bit ugly, but it prevents anyone without the proper user and password from accessing any content that isn’t needed. Alternatively, something like <a href="http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/">mod_auth_cookie_mysql</a> could provide a nice login interface for the administrator.</p>
<p>I don’t think this is a bullet-proof way to keep a WordPress site safe, but it should prevent any automated tools from hijacking your blog.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2013-08-hardening-wordpress%2F&title=Hardening%20WordPress" id="wpa2a_8"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/wE-5r87MJ0E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/L3i4gVPk-NA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9KdQvtyPRtM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JX6UPxZPeFk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/FqG7F2x_KnA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kkk_6KNG6qU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2bNQaL-6AWc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Nj6KjT_Qwr4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XzuUxugD8zU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DFTUv6bWG3A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bdvpDBjjLDk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_MchfYfr_3s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-bMkyYa8Qsw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/v7KFBlQLFjM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/sFrz1DCZR8c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BkBWeAZkBbc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vIj_pWUmqRc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Sw7j7geChsM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/88Mv6FNsioY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_lydA1bSAl4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/v2-5trNNW74" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NQMXABquQx8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GaZCERZU-as" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gbXB9oGW_cs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/MF-koPVYpJ0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/j35VI6OvudU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/k9uN82AJur4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_MlnVXbgEqg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Y0Q2xcGqDrY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-_UKi9PCm_A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/aO4krYCI9Vg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BfL6hDBwsYs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0okMTX-PYcA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mgqHF5od0-A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JpbA2UtHeM4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vHukRGB6rH4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Vg82gLHL_Hk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JBDjDF70omY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/x2AaWMhR1-U" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/RQMmIuPHSd0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/H5tlJxCWkeg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/lQ1uq4N206w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/6XHiNWpjLUY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OYVtwsIhsFQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/YPc5SxlrvsE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/q_WcLWUe0TY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uHPZGL6obcc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gAMthx77TxE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GSr6ZisBwQs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zGnRR7FS6f8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1B0s9KQ4jpw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SREknXSxpeQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/plwyWf2CANg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/yzbU_RpekNY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gmvaSSSYjvk" height="1" width="1" alt=""/>0http://www.esev.com/blog/post/2013-08-hardening-wordpress/http://feedproxy.google.com/~r/esev/~3/wE-5r87MJ0E/http://feedproxy.google.com/~r/esev/~3/L3i4gVPk-NA/http://feedproxy.google.com/~r/esev/~3/9KdQvtyPRtM/http://feedproxy.google.com/~r/esev/~3/JX6UPxZPeFk/http://feedproxy.google.com/~r/esev/~3/FqG7F2x_KnA/http://feedproxy.google.com/~r/esev/~3/kkk_6KNG6qU/http://feedproxy.google.com/~r/esev/~3/2bNQaL-6AWc/http://feedproxy.google.com/~r/esev/~3/Nj6KjT_Qwr4/http://feedproxy.google.com/~r/esev/~3/XzuUxugD8zU/http://feedproxy.google.com/~r/esev/~3/DFTUv6bWG3A/http://feedproxy.google.com/~r/esev/~3/bdvpDBjjLDk/http://feedproxy.google.com/~r/esev/~3/_MchfYfr_3s/http://feedproxy.google.com/~r/esev/~3/-bMkyYa8Qsw/http://feedproxy.google.com/~r/esev/~3/v7KFBlQLFjM/http://feedproxy.google.com/~r/esev/~3/sFrz1DCZR8c/http://feedproxy.google.com/~r/esev/~3/BkBWeAZkBbc/http://feedproxy.google.com/~r/esev/~3/vIj_pWUmqRc/http://feedproxy.google.com/~r/esev/~3/Sw7j7geChsM/http://feedproxy.google.com/~r/esev/~3/88Mv6FNsioY/http://feedproxy.google.com/~r/esev/~3/_lydA1bSAl4/http://feedproxy.google.com/~r/esev/~3/v2-5trNNW74/http://feedproxy.google.com/~r/esev/~3/NQMXABquQx8/http://feedproxy.google.com/~r/esev/~3/GaZCERZU-as/http://feedproxy.google.com/~r/esev/~3/gbXB9oGW_cs/http://feedproxy.google.com/~r/esev/~3/MF-koPVYpJ0/http://feedproxy.google.com/~r/esev/~3/j35VI6OvudU/http://feedproxy.google.com/~r/esev/~3/k9uN82AJur4/http://feedproxy.google.com/~r/esev/~3/_MlnVXbgEqg/http://feedproxy.google.com/~r/esev/~3/Y0Q2xcGqDrY/http://feedproxy.google.com/~r/esev/~3/-_UKi9PCm_A/http://feedproxy.google.com/~r/esev/~3/aO4krYCI9Vg/http://feedproxy.google.com/~r/esev/~3/BfL6hDBwsYs/http://feedproxy.google.com/~r/esev/~3/0okMTX-PYcA/http://feedproxy.google.com/~r/esev/~3/mgqHF5od0-A/http://feedproxy.google.com/~r/esev/~3/JpbA2UtHeM4/http://feedproxy.google.com/~r/esev/~3/vHukRGB6rH4/http://feedproxy.google.com/~r/esev/~3/Vg82gLHL_Hk/http://feedproxy.google.com/~r/esev/~3/JBDjDF70omY/http://feedproxy.google.com/~r/esev/~3/x2AaWMhR1-U/http://feedproxy.google.com/~r/esev/~3/RQMmIuPHSd0/http://feedproxy.google.com/~r/esev/~3/H5tlJxCWkeg/http://feedproxy.google.com/~r/esev/~3/lQ1uq4N206w/http://feedproxy.google.com/~r/esev/~3/6XHiNWpjLUY/http://feedproxy.google.com/~r/esev/~3/OYVtwsIhsFQ/http://feedproxy.google.com/~r/esev/~3/YPc5SxlrvsE/http://feedproxy.google.com/~r/esev/~3/q_WcLWUe0TY/http://feedproxy.google.com/~r/esev/~3/uHPZGL6obcc/http://feedproxy.google.com/~r/esev/~3/gAMthx77TxE/http://feedproxy.google.com/~r/esev/~3/GSr6ZisBwQs/http://feedproxy.google.com/~r/esev/~3/zGnRR7FS6f8/http://feedproxy.google.com/~r/esev/~3/1B0s9KQ4jpw/http://feedproxy.google.com/~r/esev/~3/SREknXSxpeQ/http://feedproxy.google.com/~r/esev/~3/plwyWf2CANg/http://feedproxy.google.com/~r/esev/~3/yzbU_RpekNY/Eric Severancehttp://esev.com/https://esev.com/blog/?p=3462013-08-26T02:35:25Z2013-08-26T01:50:52Z<p>The SSL certificate on esev.com was updated today. I get the SSL certificates from StartSSL, mainly because they are free and trusted by most browsers. StartSSL only needs to validate your email address and that you are the owner of the domain, then you’re free to create as many certificates as you need.</p>
<p>So I don’t need to look it up again next year, here is the one-liner for generating the server’s certificate:</p>
<pre>openssl req -new \
-newkey rsa:2048 -nodes -keyout esev.20130825.key \
-out esev.20130825.csr</pre>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2013-08-updating-esev-coms-ssl-certificate%2F&title=Updating%20esev.com%E2%80%99s%20SSL%20certificate" id="wpa2a_10"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/EvT-TblP6Ds" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8hDIp4ILVQ8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uqj3nk5Myb4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GtgGhLblITM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qr17HQ_k0PU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/C0WbSAf7ACc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8lxUkABUuLI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zG0o_M_Aguw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/aMyjRrqtSRc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wS6UX3Lz-ww" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OCL17-xqmEE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/rwXPiDjaUiw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/WkytWW-M86I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/HL2qtIysK4E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/d6bntO1Y3tk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/i4t6Tvyt5Hs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PS7Oy4Ip7MI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Tmvzi3gcoQM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/v0hN15eWcIo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/y_WQ1ksgtjY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kH6JdKoyR3g" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DAZrc8JCyUE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IAv7BXq66S0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IE1QndG66pg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qLAzhzZBSmo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/jkdb2AxWF1E" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/HmPy9375vIc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/O5VkBlTC5ho" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5BVXAIJ1X8Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uhV0ThGf5WE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Son4gsCs8Eo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qY0_l6WIXCs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JzpiJbh827M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/idm4rjAevHM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Rgy2bgCh4YE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/KUm0b9jZcx4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1H37iatTIRw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZhVWLaRHHik" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tAqXu4y4jOI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8d6ykRPPvKA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Zj6IGbv4WII" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ug3JUGa8nsU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IqMHMh-BCRo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8ecYwT4l23M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PV3S2gKUclI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qCE7m4-KeV0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GY22kBPUrDY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Ig3Bd5e3N-c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DtnhNlC4EVc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/a0cE5dtSQt8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oc0tfCGN7f4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7aDJhXrD3nQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PKBNeoFF5no" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/LndhSdH8BX0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oIAOcf1TTdc" height="1" width="1" alt=""/>0http://www.esev.com/blog/post/2013-08-updating-esev-coms-ssl-certificate/http://feedproxy.google.com/~r/esev/~3/EvT-TblP6Ds/http://feedproxy.google.com/~r/esev/~3/8hDIp4ILVQ8/http://feedproxy.google.com/~r/esev/~3/uqj3nk5Myb4/http://feedproxy.google.com/~r/esev/~3/GtgGhLblITM/http://feedproxy.google.com/~r/esev/~3/qr17HQ_k0PU/http://feedproxy.google.com/~r/esev/~3/C0WbSAf7ACc/http://feedproxy.google.com/~r/esev/~3/8lxUkABUuLI/http://feedproxy.google.com/~r/esev/~3/zG0o_M_Aguw/http://feedproxy.google.com/~r/esev/~3/aMyjRrqtSRc/http://feedproxy.google.com/~r/esev/~3/wS6UX3Lz-ww/http://feedproxy.google.com/~r/esev/~3/OCL17-xqmEE/http://feedproxy.google.com/~r/esev/~3/rwXPiDjaUiw/http://feedproxy.google.com/~r/esev/~3/WkytWW-M86I/http://feedproxy.google.com/~r/esev/~3/HL2qtIysK4E/http://feedproxy.google.com/~r/esev/~3/d6bntO1Y3tk/http://feedproxy.google.com/~r/esev/~3/i4t6Tvyt5Hs/http://feedproxy.google.com/~r/esev/~3/PS7Oy4Ip7MI/http://feedproxy.google.com/~r/esev/~3/Tmvzi3gcoQM/http://feedproxy.google.com/~r/esev/~3/v0hN15eWcIo/http://feedproxy.google.com/~r/esev/~3/y_WQ1ksgtjY/http://feedproxy.google.com/~r/esev/~3/kH6JdKoyR3g/http://feedproxy.google.com/~r/esev/~3/DAZrc8JCyUE/http://feedproxy.google.com/~r/esev/~3/IAv7BXq66S0/http://feedproxy.google.com/~r/esev/~3/IE1QndG66pg/http://feedproxy.google.com/~r/esev/~3/qLAzhzZBSmo/http://feedproxy.google.com/~r/esev/~3/jkdb2AxWF1E/http://feedproxy.google.com/~r/esev/~3/HmPy9375vIc/http://feedproxy.google.com/~r/esev/~3/O5VkBlTC5ho/http://feedproxy.google.com/~r/esev/~3/5BVXAIJ1X8Q/http://feedproxy.google.com/~r/esev/~3/uhV0ThGf5WE/http://feedproxy.google.com/~r/esev/~3/Son4gsCs8Eo/http://feedproxy.google.com/~r/esev/~3/qY0_l6WIXCs/http://feedproxy.google.com/~r/esev/~3/JzpiJbh827M/http://feedproxy.google.com/~r/esev/~3/idm4rjAevHM/http://feedproxy.google.com/~r/esev/~3/Rgy2bgCh4YE/http://feedproxy.google.com/~r/esev/~3/KUm0b9jZcx4/http://feedproxy.google.com/~r/esev/~3/1H37iatTIRw/http://feedproxy.google.com/~r/esev/~3/ZhVWLaRHHik/http://feedproxy.google.com/~r/esev/~3/tAqXu4y4jOI/http://feedproxy.google.com/~r/esev/~3/8d6ykRPPvKA/http://feedproxy.google.com/~r/esev/~3/Zj6IGbv4WII/http://feedproxy.google.com/~r/esev/~3/ug3JUGa8nsU/http://feedproxy.google.com/~r/esev/~3/IqMHMh-BCRo/http://feedproxy.google.com/~r/esev/~3/8ecYwT4l23M/http://feedproxy.google.com/~r/esev/~3/PV3S2gKUclI/http://feedproxy.google.com/~r/esev/~3/qCE7m4-KeV0/http://feedproxy.google.com/~r/esev/~3/GY22kBPUrDY/http://feedproxy.google.com/~r/esev/~3/Ig3Bd5e3N-c/http://feedproxy.google.com/~r/esev/~3/DtnhNlC4EVc/http://feedproxy.google.com/~r/esev/~3/a0cE5dtSQt8/http://feedproxy.google.com/~r/esev/~3/oc0tfCGN7f4/http://feedproxy.google.com/~r/esev/~3/7aDJhXrD3nQ/http://feedproxy.google.com/~r/esev/~3/PKBNeoFF5no/http://feedproxy.google.com/~r/esev/~3/LndhSdH8BX0/Eric Severancehttp://esev.com/http://esev.com/blog/?p=3262011-03-03T21:32:58Z2011-03-03T20:47:49Z<p>I’ve been searching for a while for a perfect front-end for my home automation and entertainment system. In my setup, the front-end system needs to do the following</p>
<ol>
<li>display media on the tv over HDMI</li>
<li>send digital audio to the receiver</li>
<li>accept input from a remote control</li>
<li>handle HD content streamed over the network</li>
<li>run quietly and use little power</li>
</ol>
<p>The front-end doesn’t need to have any storage, TV tuners, or DVD/Blu-ray drives. That is all handled elsewhere in my setup. My perfect front-end system would have these features</p>
<p><strong>At least four USB ports</strong><br />
I have two RF remotes and one Bluetooth adapter plugged into each of my front-ends. My primary RF remote is a media-center type remote – with a numeric keypad and play/pause style controls. My secondary remote has a QUERTY keyboard and a touch pad mouse – used when surfing the web. I also have a USB Bluetooth adapter. I’d like to have at least four USB ports to support these devices and anything else I need to add in the future.</p>
<p><strong>Suspend to RAM with USB wake-up</strong><br />
On average, I probably only watch about an hour of TV a day. That means twenty-three hours of the day the front-end system is sitting idle. I’d like to be able to put the computer into a low power mode (<a href="http://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface#Power_States">S3 – suspend to RAM</a>) when it is not being used. I’d also like to be able to wake-up the computer with a remote control rather than needing to push the power button. In my setup, I have an RF remote control with a USB dongle plugged into the front-end. I need the USB port to stay active when the computer is suspended so that it can wake-up when a button is pressed on the remote.</p>
<p><strong>NVIDIA GPU powerful enough to de-interlace at 1080p</strong><br />
My home automation and entertainment system is running Linux. Today, the only graphics card vendor to fully support hardware acceleration under Linux is NVIDIA (see <a href="http://en.wikipedia.org/wiki/VDPAU">VDPAU</a>). Not all NVIDIA GPUs are created equal and I want one that supports <a href="http://www.mythtv.org/wiki/VDPAU#Card_status">de-interlacing</a> at 1080p resolutions.</p>
<p><strong>HDMI and digital audio out</strong><br />
My TVs have HDMI connections for video, but I don’t necessarily want the audio to go to the television. Rather, I’d like the audio to go to my receiver. The front-end system needs to have both an HDMI port and a digital audio out port. I’d prefer a coax audio out over a fiber-optic audio out because I don’t have to worry about pinching and breaking a coax cable.</p>
<p><strong>Network booting and Wake-on-LAN</strong><br />
I don’t want to have hard drives on my front-end systems. I’m not doing any recording on these systems and a hard drive contributes to power use – and it needs to be backed up. The network card in the front-end needs to support PXE booting. This way I can store the OS on the back-end and easily update it and keep proper backups. I’d also like the network card to support wake-on-lan (WoL). If I ever upgrade the software, or lose power, I need my back-end server to start first, then send the wake-on-lan packet to each of the front-end computers.</p>
<p><strong>Gigabit Ethernet</strong><br />
I’m streaming HD content from the front-end and also booting over the network. I don’t want to slow down my wireless network with this traffic or have wireless interference disrupt my media. I’d like to have a Gigabit Ethernet card in the front-end.</p>
<p><strong>At least 4GB of RAM</strong><br />
I’m not putting a hard disk into my front-end system. There will be no swap space and everything will need to be stored in RAM. I’d like to have at least 4GB of RAM in a front-end system.</p>
<p><strong>Bluetooth</strong><br />
I have Bluetooth USB dongles already, but it would be nice to have Bluetooth integrated right on the computer to I don’t have to have yet another USB dongle sticking out of the comptuer.</p>
<p><strong>Serial port(s)</strong><br />
Yes, serial ports are old technology, but my television and receiver can be controlled over a serial interface. In my experience, this is much more reliable than IR. I’d like the front-end to have at least one serial port. Two would be preferred.</p>
<p><strong>IR Output</strong><br />
Several HTPCs come with an IR input and a media center remote. I’d rather use RF for input so the PC can be out of sight. IR output is what I’d really like to see on an HTPC. This is needed to control DVD players/gaming consoles and every other device that cannot be controlled via ethernet or serial.</p>
<p> </p>
<p>I haven’t been able to find any retail HTPC computers that have everything I’d like in a front-end system. The NVIDIA Next Generation ION (aka ION2)based computers from Asus and Zotac come close, but most lack bluetooth, serial ports, and IR Outputs. It is also hard to tell which motherboards support network booting and wake on USB/LAN. Hopefully the next generation of HTPC systems will have more of what I’d like. For now I’ll stick with the Zotac ZBOX HD-ID11 and add a bluetooth dongle and the GC-100 for serial and IR.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2011-03-front-end-htpc-hardware%2F&title=Front-end%20HTPC%20hardware%3A%20No%20perfect%20solutions" id="wpa2a_12"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/zpziFck4zCM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/z1inOGRb-zA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/27WuwnSSEwo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-cCJtYWYnZM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/m-2g_y6BlNk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fqZLAf_BCUc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/sbqo_RTFLCE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/lPItzBkGwrs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_Y5Mc0wxp_0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/UM5XM1hB9wM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Olel0PkfEjQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5ewCZPine38" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/cxbjl3Ab_ik" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/C4UkI0cxtbg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GhMVuqQBEbY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/B-FBCRewX7Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qplOyP2z1VQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fGdLVuMwXi8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wL-gi9rmWbQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9k_taydQ08s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/MKITuXI49XY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OpO77MkseDw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Mz5udZu9yU4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OMEpIrvvOf0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/C03JqXaOmpA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TpMQngs187I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/jo8uPblvCMo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bgXhx2KxIag" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/z3wPkvI_4CA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/w8s9grti8vo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bx7ZhTgFgho" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/MCa9BlVWjX4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hUQGSeUbUiI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/v0-pAvDl7f4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/yZLZDRRmLnY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Zz9qyzGG-sw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BVsiCcB2h70" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XeGmqnliHWo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bT_9VPw8BFc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/rGGn0rEwpsU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OdfwAtoJ_dQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/amliyJ2PgHU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/es5hsfsS1BE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SiGfFSAsQT0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fzAB2qLRAgM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/69w_liTKzAI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7v9SL8ckM9w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fXIBzOXx8oY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/6lIqR6E3irg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/nmrmA8Fnhiw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8BxhJrZuBh0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/C2puIWPTyKI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dSxYutfWzpg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NMBx5GlccpM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uUR1IouGgo0" height="1" width="1" alt=""/>1http://www.esev.com/blog/post/2011-03-front-end-htpc-hardware/http://feedproxy.google.com/~r/esev/~3/zpziFck4zCM/http://feedproxy.google.com/~r/esev/~3/z1inOGRb-zA/http://feedproxy.google.com/~r/esev/~3/27WuwnSSEwo/http://feedproxy.google.com/~r/esev/~3/-cCJtYWYnZM/http://feedproxy.google.com/~r/esev/~3/m-2g_y6BlNk/http://feedproxy.google.com/~r/esev/~3/fqZLAf_BCUc/http://feedproxy.google.com/~r/esev/~3/sbqo_RTFLCE/http://feedproxy.google.com/~r/esev/~3/lPItzBkGwrs/http://feedproxy.google.com/~r/esev/~3/_Y5Mc0wxp_0/http://feedproxy.google.com/~r/esev/~3/UM5XM1hB9wM/http://feedproxy.google.com/~r/esev/~3/Olel0PkfEjQ/http://feedproxy.google.com/~r/esev/~3/5ewCZPine38/http://feedproxy.google.com/~r/esev/~3/cxbjl3Ab_ik/http://feedproxy.google.com/~r/esev/~3/C4UkI0cxtbg/http://feedproxy.google.com/~r/esev/~3/GhMVuqQBEbY/http://feedproxy.google.com/~r/esev/~3/B-FBCRewX7Q/http://feedproxy.google.com/~r/esev/~3/qplOyP2z1VQ/http://feedproxy.google.com/~r/esev/~3/fGdLVuMwXi8/http://feedproxy.google.com/~r/esev/~3/wL-gi9rmWbQ/http://feedproxy.google.com/~r/esev/~3/9k_taydQ08s/http://feedproxy.google.com/~r/esev/~3/MKITuXI49XY/http://feedproxy.google.com/~r/esev/~3/OpO77MkseDw/http://feedproxy.google.com/~r/esev/~3/Mz5udZu9yU4/http://feedproxy.google.com/~r/esev/~3/OMEpIrvvOf0/http://feedproxy.google.com/~r/esev/~3/C03JqXaOmpA/http://feedproxy.google.com/~r/esev/~3/TpMQngs187I/http://feedproxy.google.com/~r/esev/~3/jo8uPblvCMo/http://feedproxy.google.com/~r/esev/~3/bgXhx2KxIag/http://feedproxy.google.com/~r/esev/~3/z3wPkvI_4CA/http://feedproxy.google.com/~r/esev/~3/w8s9grti8vo/http://feedproxy.google.com/~r/esev/~3/bx7ZhTgFgho/http://feedproxy.google.com/~r/esev/~3/MCa9BlVWjX4/http://feedproxy.google.com/~r/esev/~3/hUQGSeUbUiI/http://feedproxy.google.com/~r/esev/~3/v0-pAvDl7f4/http://feedproxy.google.com/~r/esev/~3/yZLZDRRmLnY/http://feedproxy.google.com/~r/esev/~3/Zz9qyzGG-sw/http://feedproxy.google.com/~r/esev/~3/BVsiCcB2h70/http://feedproxy.google.com/~r/esev/~3/XeGmqnliHWo/http://feedproxy.google.com/~r/esev/~3/bT_9VPw8BFc/http://feedproxy.google.com/~r/esev/~3/rGGn0rEwpsU/http://feedproxy.google.com/~r/esev/~3/OdfwAtoJ_dQ/http://feedproxy.google.com/~r/esev/~3/amliyJ2PgHU/http://feedproxy.google.com/~r/esev/~3/es5hsfsS1BE/http://feedproxy.google.com/~r/esev/~3/SiGfFSAsQT0/http://feedproxy.google.com/~r/esev/~3/fzAB2qLRAgM/http://feedproxy.google.com/~r/esev/~3/69w_liTKzAI/http://feedproxy.google.com/~r/esev/~3/7v9SL8ckM9w/http://feedproxy.google.com/~r/esev/~3/fXIBzOXx8oY/http://feedproxy.google.com/~r/esev/~3/6lIqR6E3irg/http://feedproxy.google.com/~r/esev/~3/nmrmA8Fnhiw/http://feedproxy.google.com/~r/esev/~3/8BxhJrZuBh0/http://feedproxy.google.com/~r/esev/~3/C2puIWPTyKI/http://feedproxy.google.com/~r/esev/~3/dSxYutfWzpg/http://feedproxy.google.com/~r/esev/~3/NMBx5GlccpM/Eric Severancehttp://esev.com/http://www.esev.com/blog/?p=2372011-02-25T01:30:09Z2011-02-16T15:05:54Z<p>Using my list of requirements, I set out to find the hardware for my new server. I was building this from scratch so at minimum my purchase list needed to include</p>
<ol>
<li>hard drive storage</li>
<li>server case</li>
<li>motherboard, RAM & CPU</li>
</ol>
<p><strong>Hard drive storage</strong><br />
I decided to focus first on the requirements for the fileserver side of the project. Recall that I was planning for 16TB of storage space. At the time, the largest consumer hard drives were 2 TB. I also wanted to be able to support multiple drive failures and be able to replace the drives without shutting down the system. That meant I needed at least 10 hard drives.</p>
<p>When researching the hardware for this server I came across a good blog post from Adaptec about <a href="http://www.adaptec.com/blog/2005/11/02/actual-reliability-calculations-for-raid/">real life RAID reliability</a>. That article compared the reliability of RAID-5 and RAID-6 arrays and showed that a RAID-6 array should last 172 times longer than a RAID-5 array. Reliability was important to me on this project, so I decided to go with RAID-6. The Adaptec article only considered enterprise grade drives. I planned to build this server with consumer grade drives. Therefore, as a precaution, I chose to add two extra drives as hot spares.</p>
<p>A RAID-6 array with 10 drives was likely to run slow. So I did some more searching and came across <a href="http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_60_.28RAID_6.2B0.29">RAID-60</a>. RAID-60 combines the redundancy of RAID-6 with the speed of striping found in RAID-0. However, to get 16 TB with RAID-60, and have two hot spares, I now needed 14 hard drives. Six drives for each of the two RAID-6 arrays and two hot spares.</p>
<div id="attachment_314" style="width: 310px" class="wp-caption aligncenter"><a href="http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_60_.28RAID_6.2B0.29"><img class="size-medium wp-image-314 " title="RAID_60" src="https://www.esev.com/blog/wp-content/uploads/2011/02/RAID_60-300x121.gif" alt="" width="300" height="121" /></a><p class="wp-caption-text">RAID-60 with 8 drives. Image from Wikipedia</p></div>
<p>I wanted to make sure the fileserver would run quickly so that I could stream video from it while MythTV was also recording new programs and all the virtual machines were also running. I thought running everything off one set of storage drives might be too much, so I decided to split the VM storage from the NAS storage. That meant adding additional drives. I had four 1TB drives from my previous NAS, so I decided to use them for storing the VM images.</p>
<p>That put the total number of hard drives needed at 18. This was shaping up to be quite a storage server! The next task was determining how to fit that many hard drives into a computer case.</p>
<p><strong>Server Case</strong><br />
I wanted the server to be able to stay running while I replaced a failed drive, so I needed a case that accommodated hot swappable drive bays. I considered putting the drives into some six-bay external drive enclosures, but decided that would get too expensive and end up using more power then was needed. Plus, I could just see the cables getting disconnected between the external enclosures and the main CPU.</p>
<p>No tower-style case that I could find would hold that many drives, so I looked for rack mountable cases. To fit 18 drives, a 4U rack mount case was needed.</p>
<p><strong>Motherboard, RAM & CPU</strong><br />
I wanted to be able to expand this system in the future, so when choosing the motherboard I focused on server boards that supported dual CPUs. My plan was to put the system together with one CPU, and if needed, add another CPU later. I also needed to find a motherboard with multiple network interfaces, and plenty of PCI-express slots for adding RAID cards. Since reliability was important to me, I focused only on motherboards that supported ECC RAM. Form factor wasn’t a big issue for this system as it was being placed into a rack mount case with plenty of space.</p>
<p>For the CPU, I needed a processor that supported VT-d. VT-d processors support mapping cards plugged into PCIe slots directly into virtual machines. My goal was to create a virtual machine for the fileserver and map the RAID card directly into that VM.</p>
<p>Another goal of mine was to make the new server easy to administer. I didn’t want to have to find a spare keyboard, mouse, and monitor and plug them all in when there was trouble. The solution, <a href="http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface">IPMI</a>. A motherboard with IPMI would allow me to remotely control the keyboard, mouse, video and even attach a remote DVD-ROM to perform an OS install. It is basically a built-in KVM over IP. I can even remotely reset the computer using IPMI.</p>
<p><strong>Parts list</strong><br />
I ended up purchasing the following components for this system</p>
<ul>
<li>14 x 2 TB hard drives (5 x Hitachi HDS72202, 3 x SAMSUNG HD203WI, 6 x WDC WD20EADS)</li>
<li>Norco RPC-4220 4U rackmount case with 20 hot swappable drive bays</li>
<li>Supermicro X8DTi-F motherboard with 3 PCIe 8x slots and IPMI</li>
<li>24Gb ECC Registered DDR3 1066 RAM</li>
<li>Intel Xeon E5506 Nehalem-EP 2.14 GHz processor</li>
</ul>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2011-02-one-server-researching-the-hardware%2F&title=One%20Server%3A%20Researching%20the%20hardware" id="wpa2a_14"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/71aFprizkTw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/n0FkcnlmKm4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NFuhuixweoE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/smC6fc_NMJQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IA3dD7Eqr10" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/s6HcAcExeH0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/QM4oF7Duo_4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vUJF3ruE3rs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0uPBqvBpJZA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/P6qFa-5Q158" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/swuQB-7sEmg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gdBBrH3Wn-8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wboRK_vNM20" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/U0AlB3bzGmU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Wjc8qMqnnDs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/V2seYjcLlB8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/xD8763W_O7Q" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/iKF7Qr3oQOU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/p9h4DsljRGI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1LGwwy6E3Zk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/phBNxx0myPo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ibzdQpsO4eU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tgNddzGDbkA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wVU1acoHwrg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ES9sWZ0Ex4o" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Af5IvbYBMnA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/CUMegwNeEiA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zBvsMbsE9C4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hL1DqdRnnjs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/G9mscDszPpY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/X7oQ6GH17BY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NW1cTOJU144" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/H8Ub4nHgfZA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/axi-cgK_Zu0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kQkvKlUVzX0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/At6P31tmxZs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fnKDE_noU78" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bw6m8RROyws" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/aA0N7zIToys" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/54mBUUvv3Zk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8pDH1PMBPEk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fQr6kbk0jVg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Ect1AxEMFbE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/UUClk4xFZ3g" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/V0aepgpEgG8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2YPZO6-C-dE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/E4GuXr-bHrw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tyLUawq2KLw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5kyFxEGdyvQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/yuBk2_5rw-k" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/As-orN2a790" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0cevYE2N4oI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/N4PSSza8Qcg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/5IuD8zeuCI8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hSSXsgvAQ8M" height="1" width="1" alt=""/>3http://www.esev.com/blog/post/2011-02-one-server-researching-the-hardware/http://feedproxy.google.com/~r/esev/~3/71aFprizkTw/http://feedproxy.google.com/~r/esev/~3/n0FkcnlmKm4/http://feedproxy.google.com/~r/esev/~3/NFuhuixweoE/http://feedproxy.google.com/~r/esev/~3/smC6fc_NMJQ/http://feedproxy.google.com/~r/esev/~3/IA3dD7Eqr10/http://feedproxy.google.com/~r/esev/~3/s6HcAcExeH0/http://feedproxy.google.com/~r/esev/~3/QM4oF7Duo_4/http://feedproxy.google.com/~r/esev/~3/vUJF3ruE3rs/http://feedproxy.google.com/~r/esev/~3/0uPBqvBpJZA/http://feedproxy.google.com/~r/esev/~3/P6qFa-5Q158/http://feedproxy.google.com/~r/esev/~3/swuQB-7sEmg/http://feedproxy.google.com/~r/esev/~3/gdBBrH3Wn-8/http://feedproxy.google.com/~r/esev/~3/wboRK_vNM20/http://feedproxy.google.com/~r/esev/~3/U0AlB3bzGmU/http://feedproxy.google.com/~r/esev/~3/Wjc8qMqnnDs/http://feedproxy.google.com/~r/esev/~3/V2seYjcLlB8/http://feedproxy.google.com/~r/esev/~3/xD8763W_O7Q/http://feedproxy.google.com/~r/esev/~3/iKF7Qr3oQOU/http://feedproxy.google.com/~r/esev/~3/p9h4DsljRGI/http://feedproxy.google.com/~r/esev/~3/1LGwwy6E3Zk/http://feedproxy.google.com/~r/esev/~3/phBNxx0myPo/http://feedproxy.google.com/~r/esev/~3/ibzdQpsO4eU/http://feedproxy.google.com/~r/esev/~3/tgNddzGDbkA/http://feedproxy.google.com/~r/esev/~3/wVU1acoHwrg/http://feedproxy.google.com/~r/esev/~3/ES9sWZ0Ex4o/http://feedproxy.google.com/~r/esev/~3/Af5IvbYBMnA/http://feedproxy.google.com/~r/esev/~3/CUMegwNeEiA/http://feedproxy.google.com/~r/esev/~3/zBvsMbsE9C4/http://feedproxy.google.com/~r/esev/~3/hL1DqdRnnjs/http://feedproxy.google.com/~r/esev/~3/G9mscDszPpY/http://feedproxy.google.com/~r/esev/~3/X7oQ6GH17BY/http://feedproxy.google.com/~r/esev/~3/NW1cTOJU144/http://feedproxy.google.com/~r/esev/~3/H8Ub4nHgfZA/http://feedproxy.google.com/~r/esev/~3/axi-cgK_Zu0/http://feedproxy.google.com/~r/esev/~3/kQkvKlUVzX0/http://feedproxy.google.com/~r/esev/~3/At6P31tmxZs/http://feedproxy.google.com/~r/esev/~3/fnKDE_noU78/http://feedproxy.google.com/~r/esev/~3/bw6m8RROyws/http://feedproxy.google.com/~r/esev/~3/aA0N7zIToys/http://feedproxy.google.com/~r/esev/~3/54mBUUvv3Zk/http://feedproxy.google.com/~r/esev/~3/8pDH1PMBPEk/http://feedproxy.google.com/~r/esev/~3/fQr6kbk0jVg/http://feedproxy.google.com/~r/esev/~3/Ect1AxEMFbE/http://feedproxy.google.com/~r/esev/~3/UUClk4xFZ3g/http://feedproxy.google.com/~r/esev/~3/V0aepgpEgG8/http://feedproxy.google.com/~r/esev/~3/2YPZO6-C-dE/http://feedproxy.google.com/~r/esev/~3/E4GuXr-bHrw/http://feedproxy.google.com/~r/esev/~3/tyLUawq2KLw/http://feedproxy.google.com/~r/esev/~3/5kyFxEGdyvQ/http://feedproxy.google.com/~r/esev/~3/yuBk2_5rw-k/http://feedproxy.google.com/~r/esev/~3/As-orN2a790/http://feedproxy.google.com/~r/esev/~3/0cevYE2N4oI/http://feedproxy.google.com/~r/esev/~3/N4PSSza8Qcg/http://feedproxy.google.com/~r/esev/~3/5IuD8zeuCI8/Eric Severancehttp://esev.com/http://www.esev.com/blog/?p=2152011-02-25T01:31:32Z2011-02-16T14:50:37Z<p><img class="size-full wp-image-222 alignright" title="Server Case" src="https://www.esev.com/blog/wp-content/uploads/2011/02/rpc4220f.jpg" alt="Server Case" width="166" height="98" />If you are like me, and you like technology, you probably find yourself wanting to try the latest operating systems and software. You also likely have a router for your network, a NAS device for your storage, and maybe a web server for a blog or wiki. After a while, you end up with the situation shown in the picture below, a closet full of servers.</p>
<p>The picture below is of my server closet from 2004. I had a custom Linux router, a NAS box, a VoIP server, and several other computers for trying out operating systems and software.</p>
<p><img class="size-full wp-image-218 alignleft" title="Old Server Closet" src="https://www.esev.com/blog/wp-content/uploads/2011/02/OldServerCloset.jpg" alt="Old Server Closet" width="102" height="190" />My setup continued that way for several years. It took up a lot of space. It was loud. It was hard to upgrade because I needed to physically sit at the computer to reload the operating system. And it used a lot of power.</p>
<p>In 2007 I started to use virtualization to cut down the number of computers and make controlling and upgrading them easier. I was able to get the number of computers down to only two: A NAS for storage, and a Linux computer for running VirtualBox. Everything else I needed could run in a VirtualBox guest.</p>
<p>This worked well until 2009 when I started to run out of storage on my 3 terabyte NAS server. As I was planning to replace it, I decided to try combining the two servers into one. I wanted a server that would have plenty of disk space for my NAS and be able to run any operating system and software that I wanted to try out.</p>
<p>I called this my One Server project. The next several posts will cover this project. These posts describe the hardware behind the server, using VMware ESXi to replace my aging Linux VirtualBox server, setting up a FreeBSD ZFS NAS fileserver under VMware ESXi, and all the issues and solutions I discovered along the way.</p>
<ol>
<li><a href="/blog/post/2011-02-one-server-what-is-needed/">One Server: What is needed?</a></li>
<li><a title="One Server: Researching the hardware" href="http://www.esev.com/blog/post/2011-02-one-server-researching-the-hardware/">One Server: Researching the hardware</a></li>
</ol>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2011-02-home-server-using-esx-and-zfs%2F&title=A%20home%20server%20using%20VMware%20ESX%20and%20ZFS" id="wpa2a_16"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/PeQA0DfARH8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/NtuenQ-9CQI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gOdPFROL3gQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ph8-vjDJ0Wk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/UrpLpr4Qmyc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-QWD5BWArFY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/YCVRGTBIarg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/xHeg14GBNyA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/QofYAAkemg8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/xTbewezjJbE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fwu23dnhw2c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GV_e8cJGpbU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tBgEB_6FUDA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/CIAxwkDAxaU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XcN95lxGFSo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bHcIJ1jUlnM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8OHufOAwsq0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PoJ3JoX1Vmg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/oKb4VgyF_Sc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Le2E0Jrhrp0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wZFMEXlynX4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mEq8uOK6pUs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/UIWr_wCl7FI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0RcDi4P2kFc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/vcMK1pHFFvU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OuLjAImgF2Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/amJdOJJib24" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/47lKaeGdl1o" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/psleDHPL7v0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/S6W6YCDs-Qw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/DCq1-NzyNJ0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1ZIbKH02C28" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0aBMbjvTj2M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ukzWFBSRK4M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/02ftDVNbUQM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/gL2_jhTI-vw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/u_Fs_7eozuM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0bJTYY-vi-c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TJDLvzHGyCo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dO9t4luWC1w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/L82Wc3gW784" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/fB9OHHVBPXw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GOkKtSWJKNM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JyZpKJTAa9s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/zgMTJn59LkA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZN6OnXl8_b0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/eQCPeRVHLZw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/bjNhDKmsGw4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/eIdxqHBSLAQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/pzb4Tb4QGDc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dCfzTVWftfw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TxqpCcG7W2Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BggjS7FozbU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/8XfrlNMVnkA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2lq9jgtELv4" height="1" width="1" alt=""/>10http://www.esev.com/blog/post/2011-02-home-server-using-esx-and-zfs/http://feedproxy.google.com/~r/esev/~3/PeQA0DfARH8/http://feedproxy.google.com/~r/esev/~3/NtuenQ-9CQI/http://feedproxy.google.com/~r/esev/~3/gOdPFROL3gQ/http://feedproxy.google.com/~r/esev/~3/ph8-vjDJ0Wk/http://feedproxy.google.com/~r/esev/~3/UrpLpr4Qmyc/http://feedproxy.google.com/~r/esev/~3/-QWD5BWArFY/http://feedproxy.google.com/~r/esev/~3/YCVRGTBIarg/http://feedproxy.google.com/~r/esev/~3/xHeg14GBNyA/http://feedproxy.google.com/~r/esev/~3/QofYAAkemg8/http://feedproxy.google.com/~r/esev/~3/xTbewezjJbE/http://feedproxy.google.com/~r/esev/~3/fwu23dnhw2c/http://feedproxy.google.com/~r/esev/~3/GV_e8cJGpbU/http://feedproxy.google.com/~r/esev/~3/tBgEB_6FUDA/http://feedproxy.google.com/~r/esev/~3/CIAxwkDAxaU/http://feedproxy.google.com/~r/esev/~3/XcN95lxGFSo/http://feedproxy.google.com/~r/esev/~3/bHcIJ1jUlnM/http://feedproxy.google.com/~r/esev/~3/8OHufOAwsq0/http://feedproxy.google.com/~r/esev/~3/PoJ3JoX1Vmg/http://feedproxy.google.com/~r/esev/~3/oKb4VgyF_Sc/http://feedproxy.google.com/~r/esev/~3/Le2E0Jrhrp0/http://feedproxy.google.com/~r/esev/~3/wZFMEXlynX4/http://feedproxy.google.com/~r/esev/~3/mEq8uOK6pUs/http://feedproxy.google.com/~r/esev/~3/UIWr_wCl7FI/http://feedproxy.google.com/~r/esev/~3/0RcDi4P2kFc/http://feedproxy.google.com/~r/esev/~3/vcMK1pHFFvU/http://feedproxy.google.com/~r/esev/~3/OuLjAImgF2Y/http://feedproxy.google.com/~r/esev/~3/amJdOJJib24/http://feedproxy.google.com/~r/esev/~3/47lKaeGdl1o/http://feedproxy.google.com/~r/esev/~3/psleDHPL7v0/http://feedproxy.google.com/~r/esev/~3/S6W6YCDs-Qw/http://feedproxy.google.com/~r/esev/~3/DCq1-NzyNJ0/http://feedproxy.google.com/~r/esev/~3/1ZIbKH02C28/http://feedproxy.google.com/~r/esev/~3/0aBMbjvTj2M/http://feedproxy.google.com/~r/esev/~3/ukzWFBSRK4M/http://feedproxy.google.com/~r/esev/~3/02ftDVNbUQM/http://feedproxy.google.com/~r/esev/~3/gL2_jhTI-vw/http://feedproxy.google.com/~r/esev/~3/u_Fs_7eozuM/http://feedproxy.google.com/~r/esev/~3/0bJTYY-vi-c/http://feedproxy.google.com/~r/esev/~3/TJDLvzHGyCo/http://feedproxy.google.com/~r/esev/~3/dO9t4luWC1w/http://feedproxy.google.com/~r/esev/~3/L82Wc3gW784/http://feedproxy.google.com/~r/esev/~3/fB9OHHVBPXw/http://feedproxy.google.com/~r/esev/~3/GOkKtSWJKNM/http://feedproxy.google.com/~r/esev/~3/JyZpKJTAa9s/http://feedproxy.google.com/~r/esev/~3/zgMTJn59LkA/http://feedproxy.google.com/~r/esev/~3/ZN6OnXl8_b0/http://feedproxy.google.com/~r/esev/~3/eQCPeRVHLZw/http://feedproxy.google.com/~r/esev/~3/bjNhDKmsGw4/http://feedproxy.google.com/~r/esev/~3/eIdxqHBSLAQ/http://feedproxy.google.com/~r/esev/~3/pzb4Tb4QGDc/http://feedproxy.google.com/~r/esev/~3/dCfzTVWftfw/http://feedproxy.google.com/~r/esev/~3/TxqpCcG7W2Y/http://feedproxy.google.com/~r/esev/~3/BggjS7FozbU/http://feedproxy.google.com/~r/esev/~3/8XfrlNMVnkA/Eric Severancehttp://esev.com/http://www.esev.com/blog/?p=2282011-02-16T18:40:18Z2011-02-16T05:27:15Z<p>To make sure I got the right hardware and software for this server I needed to know what the server was going to be used for. I needed to get an idea of how much computing power I was going to use to run all the virtual machines. And since this project started off as an upgrade to my NAS fileserver I also needed to figure out how much storage space I was going to need.</p>
<p>I knew from my previous VirtualBox server what guest operating systems I was going to run. They were:</p>
<ul>
<li><a href="http://www.astaro.com/">Astaro Security Gateway</a> for the firewall/router</li>
<li>Windows 7 for a “standalone” computer used only for banking</li>
<li>Linux for a web server</li>
<li>Linux for a <a href="http://crashplan.com/">CrashPlan</a> backup server</li>
<li>Linux for a OpenVPN server</li>
</ul>
<p>My previous fileserver had four disks in a RAID-5 setup for a total of three terabytes. It was very slow and I wanted to find a way to speed it up. At the same time I needed to add enough disk space so that I wouldn’t have to think about disk space for a long time. I previously used the file server for:</p>
<ul>
<li>storing backup copies of my iTunes music and video libraries</li>
<li>keeping copies of operating system ISO install images for installing VMs</li>
<li>backing up my wife’s and my own laptop as well as my web server</li>
<li>storing an ever growing 500Gb RAW photos library from my DSLR camera</li>
<li>storing video for my MythTV setup</li>
</ul>
<p>I had also recently gotten a new camera capable of recording HD video. HD video files take up a lot of space and with a new baby daughter I was recording a lot of video.</p>
<p>Doing the math, I decided I needed at least 8 terabytes of storage to comfortably cover my needs. To make sure I wouldn’t have to worry about storage space again, and considering <a href="http://en.wikipedia.org/wiki/Moore%27s_law">Moore’s law</a>, I decided to double that and plan for 16 TB of storage space.</p>
<p>I had the following additional requirements of the server itself</p>
<ol>
<li>be reliable enough to run 24×7 for several years</li>
<li>continue working without data loss if two hard drives fail</li>
<li>allow for hard drives to be replaced without shutting down the system</li>
<li>be easy to backup</li>
<li>report any errors with the drives or the virtual machines so they can be fixed quickly</li>
<li>be compatible with as many guest operating systems as possible</li>
<li>be easy to install, maintain, and configure. Well, easy for a technical person at least</li>
<li>allow for remote maintenance of the host operating system</li>
<li>have room for expansion (cpu/ram/disk/etc upgrades)</li>
<li>be quiet</li>
<li>not use too much electricity</li>
<li>support multiple network interfaces. It is going to be my router and needs to plug into my cable/dsl modem as well as my LAN</li>
</ol>
<p>The reliability of the server was my most important factor. Since I was consolidating everything on this one server, if it ever went down nothing would work. It was also going to store all our family photos and videos. I planned to keep everything backed up, but I wanted to make sure I wasn’t going to lose those memories due to a failed disk or silent bit rot.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2011-02-one-server-what-is-needed%2F&title=One%20Server%3A%20What%20is%20needed%3F" id="wpa2a_18"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/7wrXA4P3usk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/RvWXjt0goUM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Uig17pAKa94" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/KXTMXrp1Ljw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ZGSWtBKmpaI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-bXHMqbm3ZY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/S8cAR6PqlhA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ljci_A4TfX4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qwobpcvRuYo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BPHCmfzHPcY" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1cBlBjML6x8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2Q8kB0uob00" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0VY3nQCqxGc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/wqeaOWMuu8Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/uFU_HRrfGnc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_bCQxVOD4Us" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Q1R5OlMwp1A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/4UUXu4Kv-7M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Cv-JYykVJyg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7R3OfZy0No8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hMIVp6MwZcE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/001rKKdyEUk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/UkHb2b69I1A" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/T0eY3g0Z3Yc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/-r6HzBiCgA4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/CeN1GJzwUuc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/9kfwh_ovnvA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/D36KtzwRTl4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kNMtDvokA98" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ch-T3elOYtg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dP8iY8iTCCA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tDiQn_c-8_k" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/B5GEuzMgWF8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/_85lMrDEr7w" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/OtS9yvWGlqk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ldZv-J9g6UM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/d7Idi6t-oCM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/qOjjBDWgYCU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/0SGXGi2uL88" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/siRH_3iaF4s" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GqkiiRkCFoc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/CaZIzZ_veL4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/O-J7aZFeyEo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XXz-ths5-e8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/JSrXC_t2wSw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BvsQ-5kPHV0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dK4hqYP2IP8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/u9LStOPAb2I" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/AtWvwHUCJSA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Yi_MlxxrVmc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XRHpBoWuVos" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/cEStVu8L-4c" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/sscu1-YKtuc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/PLfpFh-XXFc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/rCirQb74S_Q" height="1" width="1" alt=""/>4http://www.esev.com/blog/post/2011-02-one-server-what-is-needed/http://feedproxy.google.com/~r/esev/~3/7wrXA4P3usk/http://feedproxy.google.com/~r/esev/~3/RvWXjt0goUM/http://feedproxy.google.com/~r/esev/~3/Uig17pAKa94/http://feedproxy.google.com/~r/esev/~3/KXTMXrp1Ljw/http://feedproxy.google.com/~r/esev/~3/ZGSWtBKmpaI/http://feedproxy.google.com/~r/esev/~3/-bXHMqbm3ZY/http://feedproxy.google.com/~r/esev/~3/S8cAR6PqlhA/http://feedproxy.google.com/~r/esev/~3/ljci_A4TfX4/http://feedproxy.google.com/~r/esev/~3/qwobpcvRuYo/http://feedproxy.google.com/~r/esev/~3/BPHCmfzHPcY/http://feedproxy.google.com/~r/esev/~3/1cBlBjML6x8/http://feedproxy.google.com/~r/esev/~3/2Q8kB0uob00/http://feedproxy.google.com/~r/esev/~3/0VY3nQCqxGc/http://feedproxy.google.com/~r/esev/~3/wqeaOWMuu8Y/http://feedproxy.google.com/~r/esev/~3/uFU_HRrfGnc/http://feedproxy.google.com/~r/esev/~3/_bCQxVOD4Us/http://feedproxy.google.com/~r/esev/~3/Q1R5OlMwp1A/http://feedproxy.google.com/~r/esev/~3/4UUXu4Kv-7M/http://feedproxy.google.com/~r/esev/~3/Cv-JYykVJyg/http://feedproxy.google.com/~r/esev/~3/7R3OfZy0No8/http://feedproxy.google.com/~r/esev/~3/hMIVp6MwZcE/http://feedproxy.google.com/~r/esev/~3/001rKKdyEUk/http://feedproxy.google.com/~r/esev/~3/UkHb2b69I1A/http://feedproxy.google.com/~r/esev/~3/T0eY3g0Z3Yc/http://feedproxy.google.com/~r/esev/~3/-r6HzBiCgA4/http://feedproxy.google.com/~r/esev/~3/CeN1GJzwUuc/http://feedproxy.google.com/~r/esev/~3/9kfwh_ovnvA/http://feedproxy.google.com/~r/esev/~3/D36KtzwRTl4/http://feedproxy.google.com/~r/esev/~3/kNMtDvokA98/http://feedproxy.google.com/~r/esev/~3/ch-T3elOYtg/http://feedproxy.google.com/~r/esev/~3/dP8iY8iTCCA/http://feedproxy.google.com/~r/esev/~3/tDiQn_c-8_k/http://feedproxy.google.com/~r/esev/~3/B5GEuzMgWF8/http://feedproxy.google.com/~r/esev/~3/_85lMrDEr7w/http://feedproxy.google.com/~r/esev/~3/OtS9yvWGlqk/http://feedproxy.google.com/~r/esev/~3/ldZv-J9g6UM/http://feedproxy.google.com/~r/esev/~3/d7Idi6t-oCM/http://feedproxy.google.com/~r/esev/~3/qOjjBDWgYCU/http://feedproxy.google.com/~r/esev/~3/0SGXGi2uL88/http://feedproxy.google.com/~r/esev/~3/siRH_3iaF4s/http://feedproxy.google.com/~r/esev/~3/GqkiiRkCFoc/http://feedproxy.google.com/~r/esev/~3/CaZIzZ_veL4/http://feedproxy.google.com/~r/esev/~3/O-J7aZFeyEo/http://feedproxy.google.com/~r/esev/~3/XXz-ths5-e8/http://feedproxy.google.com/~r/esev/~3/JSrXC_t2wSw/http://feedproxy.google.com/~r/esev/~3/BvsQ-5kPHV0/http://feedproxy.google.com/~r/esev/~3/dK4hqYP2IP8/http://feedproxy.google.com/~r/esev/~3/u9LStOPAb2I/http://feedproxy.google.com/~r/esev/~3/AtWvwHUCJSA/http://feedproxy.google.com/~r/esev/~3/Yi_MlxxrVmc/http://feedproxy.google.com/~r/esev/~3/XRHpBoWuVos/http://feedproxy.google.com/~r/esev/~3/cEStVu8L-4c/http://feedproxy.google.com/~r/esev/~3/sscu1-YKtuc/http://feedproxy.google.com/~r/esev/~3/PLfpFh-XXFc/Eric Severancehttp://esev.com/http://esev.com/blog/?p=2452011-02-16T16:10:34Z2011-02-16T04:01:52Z<p>I use <a href="http://intensedebate.com/">IntenseDebate</a> for the comment system on my blog. I also use <a href="http://www.google.com/analytics/">Google Analytics</a> to keep stats on how many people visit my site. To integrate the two, I created a Google Analytics plugin for IntenseDebate. With this plugin, when someone leaves a comment, an event is added in Google Analytics. This event can then be used with advanced segments in Google Analytics to see metrics focusing just on visits that lead to comments.</p>
<p>To see the IntenseDebate events in Google Analytics, browse to <strong>Content</strong> -> <strong>Event Tracking</strong> -> <strong>Categories</strong> -><strong>IntenseDebate</strong></p>
<p>The plugin is not currently in the approved list of IntenseDebate plugins. I’d like to do more testing before submitting it. If you’d like to help test, you can download my <a href="http://www.esev.com/blog/wp-content/uploads/2011/02/id_ganalytics.js">IntenseDebate Google Analytics plugin</a> and add it to your IntenseDebate <a href="http://intensedebate.com/pluginEditor/">custom scripts.</a></p>
<p>The plugin can be customized to create a virtual page view if you’d like to create a goal based on comments. To enable this, add the following to your IntenseDebate <a href="http://intensedebate.com/pluginEditor/">custom scripts</a>.</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="javascript" style="font-family:monospace;"><span style="color: #000066; font-weight: bold;">var</span> id_ganalytics_plugin <span style="color: #339933;">=</span> id_ganalytics_plugin <span style="color: #339933;">||</span> <span style="color: #009900;">{</span><span style="color: #009900;">}</span><span style="color: #339933;">;</span>
id_ganalytics_plugin.<span style="color: #660066;">use_vpage</span> <span style="color: #339933;">=</span> <span style="color: #003366; font-weight: bold;">true</span><span style="color: #339933;">;</span></pre></td></tr></table></div>
<p>With this enabled, a page view for <em>/service/IntenseDebate/CommentPosted</em> will be created each time a comment is posted.</p>
<p>The plugin can further be customized to change the event that is tracked and to change the virtual page. The following options control the event. See the <a href="http://code.google.com/apis/analytics/docs/tracking/eventTrackerOverview.html">event tracking overview</a> page for documentation on category, action, and label.</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="javascript" style="font-family:monospace;"><span style="color: #000066; font-weight: bold;">var</span> id_ganalytics_plugin <span style="color: #339933;">=</span> id_ganalytics_plugin <span style="color: #339933;">||</span> <span style="color: #009900;">{</span><span style="color: #009900;">}</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.use_event to enable/disable event based tracking</span>
id_ganalytics_plugin.<span style="color: #660066;">use_event</span> <span style="color: #339933;">=</span> <span style="color: #003366; font-weight: bold;">true</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.event_category to set the event category</span>
id_ganalytics_plugin.<span style="color: #660066;">event_category</span> <span style="color: #339933;">=</span> <span style="color: #3366CC;">'IntenseDebate'</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.event_action to set the event action</span>
id_ganalytics_plugin.<span style="color: #660066;">event_action</span> <span style="color: #339933;">=</span> <span style="color: #3366CC;">'Comment Posted'</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.event_label to set the event label</span>
id_ganalytics_plugin.<span style="color: #660066;">event_label</span> <span style="color: #339933;">=</span> location.<span style="color: #660066;">href</span></pre></td></tr></table></div>
<p>The following two options control the virtual page views</p>
<div class="wp_syntax"><table><tr><td class="code"><pre class="javascript" style="font-family:monospace;"><span style="color: #000066; font-weight: bold;">var</span> id_ganalytics_plugin <span style="color: #339933;">=</span> id_ganalytics_plugin <span style="color: #339933;">||</span> <span style="color: #009900;">{</span><span style="color: #009900;">}</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.use_vpage to enable/disable virtual page tracking</span>
id_ganalytics_plugin.<span style="color: #660066;">use_vpage</span> <span style="color: #339933;">=</span> <span style="color: #003366; font-weight: bold;">false</span><span style="color: #339933;">;</span>
<span style="color: #006600; font-style: italic;">// Use id_ganalytics_plugin.vpage to set the virtual page to be tracked</span>
id_ganalytics_plugin.<span style="color: #660066;">vpage</span> <span style="color: #339933;">=</span> <span style="color: #3366CC;">'/service/IntenseDebate/CommentPosted'</span><span style="color: #339933;">;</span></pre></td></tr></table></div>
<p>Leave me a comment if you find this useful, or if there is anything you’d like to see chaged.</p>
<p><a class="a2a_dd a2a_target addtoany_share_save" href="https://www.addtoany.com/share_save#url=http%3A%2F%2Fwww.esev.com%2Fblog%2Fpost%2F2011-02-intensedebate-and-google-analytics%2F&title=IntenseDebate%20and%20Google%20Analytics" id="wpa2a_20"><img src="https://www.esev.com/blog/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></p><div class='yarpp-related-rss yarpp-related-none'>
<p>No related posts.</p>
</div>
<img src="http://feeds.feedburner.com/~r/esev/~4/RV0tQ1Fzr9U" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/l3YCSy79TmM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/w5dQqG8JwEM" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/YBDvYxuShFI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kpkhF5YwzCc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/719dwGp8Eh8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/l4zkfagi9KE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mDYN9PYRyGk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/cKY5bRw1dFk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/4zeJPDJhqSw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/SOaUKVUeymQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IPhb-HBvmYI" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/erRGRRTOAps" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Nmd1skhK2CU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/CFkSO9sYGxQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2qX0D2HwssE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Rbr9ehKqaNE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/XLhXKQXkjR0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/i2oTqDbs9l0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/myOq1SaGMP0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/m023_XR9zMc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/3623hinsTZQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/1BQ74wToMfo" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/dsXxT7SOu3o" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/7OzoS__z5dg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/mLJGpMoGTCE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/B57SBMhdidQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ktxFm8syYR4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TGelZKW03A8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/FzwfZxi6yhQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/4PEd7L6gPSs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tmgtFPoWWXE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/FE9BhkJmOWg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/E03pDzJKlmk" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/jvcyb6iMWb0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/hKa1bQJnmF8" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GiH7Hlm2cTE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/RLHWd2Wz98M" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/AjC1nBH8Bs0" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/t9zHyRfJfSQ" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/IxhhOkrFB6Y" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/Ja68K-YMVP4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/22g0YXovXkw" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ucNHewpLtes" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/tl_8VQabc4k" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/b4KHfO7Dzus" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/2t1btAwCJsE" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/GMuxpH5rYUA" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/kuxyE2foUhg" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/l5ouojzxOPs" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/ce9W9j0_jOc" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/BQklnvwFcM4" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/QdJ5fbUjvtU" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/TPdP4pomMww" height="1" width="1" alt=""/><img src="http://feeds.feedburner.com/~r/esev/~4/6nTYBYtgmkA" height="1" width="1" alt=""/>22http://www.esev.com/blog/post/2011-02-intensedebate-and-google-analytics/http://feedproxy.google.com/~r/esev/~3/RV0tQ1Fzr9U/http://feedproxy.google.com/~r/esev/~3/l3YCSy79TmM/http://feedproxy.google.com/~r/esev/~3/w5dQqG8JwEM/http://feedproxy.google.com/~r/esev/~3/YBDvYxuShFI/http://feedproxy.google.com/~r/esev/~3/kpkhF5YwzCc/http://feedproxy.google.com/~r/esev/~3/719dwGp8Eh8/http://feedproxy.google.com/~r/esev/~3/l4zkfagi9KE/http://feedproxy.google.com/~r/esev/~3/mDYN9PYRyGk/http://feedproxy.google.com/~r/esev/~3/cKY5bRw1dFk/http://feedproxy.google.com/~r/esev/~3/4zeJPDJhqSw/http://feedproxy.google.com/~r/esev/~3/SOaUKVUeymQ/http://feedproxy.google.com/~r/esev/~3/IPhb-HBvmYI/http://feedproxy.google.com/~r/esev/~3/erRGRRTOAps/http://feedproxy.google.com/~r/esev/~3/Nmd1skhK2CU/http://feedproxy.google.com/~r/esev/~3/CFkSO9sYGxQ/http://feedproxy.google.com/~r/esev/~3/2qX0D2HwssE/http://feedproxy.google.com/~r/esev/~3/Rbr9ehKqaNE/http://feedproxy.google.com/~r/esev/~3/XLhXKQXkjR0/http://feedproxy.google.com/~r/esev/~3/i2oTqDbs9l0/http://feedproxy.google.com/~r/esev/~3/myOq1SaGMP0/http://feedproxy.google.com/~r/esev/~3/m023_XR9zMc/http://feedproxy.google.com/~r/esev/~3/3623hinsTZQ/http://feedproxy.google.com/~r/esev/~3/1BQ74wToMfo/http://feedproxy.google.com/~r/esev/~3/dsXxT7SOu3o/http://feedproxy.google.com/~r/esev/~3/7OzoS__z5dg/http://feedproxy.google.com/~r/esev/~3/mLJGpMoGTCE/http://feedproxy.google.com/~r/esev/~3/B57SBMhdidQ/http://feedproxy.google.com/~r/esev/~3/ktxFm8syYR4/http://feedproxy.google.com/~r/esev/~3/TGelZKW03A8/http://feedproxy.google.com/~r/esev/~3/FzwfZxi6yhQ/http://feedproxy.google.com/~r/esev/~3/4PEd7L6gPSs/http://feedproxy.google.com/~r/esev/~3/tmgtFPoWWXE/http://feedproxy.google.com/~r/esev/~3/FE9BhkJmOWg/http://feedproxy.google.com/~r/esev/~3/E03pDzJKlmk/http://feedproxy.google.com/~r/esev/~3/jvcyb6iMWb0/http://feedproxy.google.com/~r/esev/~3/hKa1bQJnmF8/http://feedproxy.google.com/~r/esev/~3/GiH7Hlm2cTE/http://feedproxy.google.com/~r/esev/~3/RLHWd2Wz98M/http://feedproxy.google.com/~r/esev/~3/AjC1nBH8Bs0/http://feedproxy.google.com/~r/esev/~3/t9zHyRfJfSQ/http://feedproxy.google.com/~r/esev/~3/IxhhOkrFB6Y/http://feedproxy.google.com/~r/esev/~3/Ja68K-YMVP4/http://feedproxy.google.com/~r/esev/~3/22g0YXovXkw/http://feedproxy.google.com/~r/esev/~3/ucNHewpLtes/http://feedproxy.google.com/~r/esev/~3/tl_8VQabc4k/http://feedproxy.google.com/~r/esev/~3/b4KHfO7Dzus/http://feedproxy.google.com/~r/esev/~3/2t1btAwCJsE/http://feedproxy.google.com/~r/esev/~3/GMuxpH5rYUA/http://feedproxy.google.com/~r/esev/~3/kuxyE2foUhg/http://feedproxy.google.com/~r/esev/~3/l5ouojzxOPs/http://feedproxy.google.com/~r/esev/~3/ce9W9j0_jOc/http://feedproxy.google.com/~r/esev/~3/BQklnvwFcM4/http://feedproxy.google.com/~r/esev/~3/QdJ5fbUjvtU/http://feedproxy.google.com/~r/esev/~3/TPdP4pomMww/