This is the third article about my journey building a HTPC server. If you didn’t follow the whole serie, they are available here: basic & hardware considerations.

I finally received all the hardware required to build my server. I only bought the base: a motherboard which includes CPU plus graphic card (AT5IONT-I), memory (1x1GB + 1x2GB), a case (Lian-Li PC-V354R), and a Blu-Ray reader. I re-used a Antec EarthWatt 500W power supply unit and a old 500G hard drive I had in some server laying at my place.

Installing Ubuntu Server 10.04 « Lucid Lynx »

I had some concerns about the Linux ability to handle all that recent hardware, especially on a server oriented distribution. Luckily, even if the hardware is recent, Intel didn’t design a whole new chipset for those low consumption platforms. The NM10 chipset found on the motherboard is pretty much an equivalent to the old ICH7 designed for Pentium 4 CPUs. Nothing really surprising here: the Atom 5xx series are just dual-core Pentium 4 with HT (Hyper-Threading).

Prior to installing Ubuntu, I flashed the BIOS to the latest revision (316 in this case). This was mostly to add support for the 2GB RAM module I bought, which isn’t supported with the firmware the board was shipped with. After flashing, I went into the BIOS to ensure a few things:

• That the SATA controller was in AHCI mode. I don’t know which kind of SATA controller is onboard, probably an Intel one, but anyway using AHCI avoid risks of missing driver while ensuring decent performance.
• That the onboard soundcard was disabled. I will use an HDMI cable to connect the HTPC to my TV, and thus use the audio capabilities of this protocol. The board expose 2 soundcards: a standard HD-Audio/AC97, and a nVidia HDMI one. I won’t use both so I’d rather disable the Intel card and avoid a ALSA configuration nightmare.

The Ubuntu installation was trivial, I won’t give any details here, its basically « next, next, next, done ». I’m sure you can find thousand guides out there on the Internet on how to install Ubuntu Server 10.04. Plugging my TV using HDMI just worked out of the box, I was able to use it as a screen for the whole installation procedure. I used the 64 bits version of Ubuntu, even if I can’t see any clear advantage for a server running with less than 4GB of RAM, except that I may use ZFS on it which is not available for the 32 bits x86 architecture.

I then updated the Lucid Lynx installation to Maverick (Ubuntu 10.10) using:

# apt-get install update-manager-core

I didn’t check if XBMC was installing fine on Lucid Lynx, but I guess most of the installation instructions given here are working the exact same on the older version.

After the installation finished, I installed an OpenSSH server to be able to perform all the administration tasks from my workstation:

# apt-get install openssh-server

From this point, the server was set up into its final location, plugged to both my TV and my network (using the 1GBits/s onboard network controller).

I knew I had to install both nVidia and VPDAU drivers, plus the VPDAU library from my readings on the subject, mostly the XBMC website.

# apt-get install nvidia-current libvdpau1 vdpau-va-driver

After a quick reboot, I had the nVidia drivers installed and waiting for some kind of X setup.

I also installed a few basic applications, like a decent text-editor (Vim is my choice), and the add-apt-repository helper:

# apt-get install python-software-properties

Installing XBMC

XBMC isn’t available in the official Ubuntu repositories. In order to get the latest version (10.0 Dharma) I had to add the SVN repository:

# add-apt-repository ppa:team-xbmc-svn

You should check prior to installing if you really need the latest build instead of the stable one which is available at:

# add-apt-repository ppa:team-xbmc

I created an user account for XBMC manually. I’m not sure this is required, as the packages may be doing it.

# useradd xbmc -m

Installing XBMC is then really easy:

# apt-get install xbmc xinit

xinit is included in the packages list to ensure we’ll be able to use the startx command.

After this step, XBMC should be installed.

In order to get it to start at boot I had the idea to install nodm, which is the simplest, dependencies-less display manager you can find on Unix. It was made to use on embedded devices and thus lack the ability to restrict access with a login screen: it just start whatever application you’d like using a specified user.

# apt-get install nodm

I then edited /etc/default/nodm like this:

# nodm configuration
# Set NODM_ENABLED to something different than 'false' to enable nodm
NODM_ENABLED=true
# User to autologin for
NODM_USER=xbmc
# xinit program
NODM_XINIT=/usr/bin/xinit
# First vt to try when looking for free VTs
NODM_FIRST_VT='7'
# X session
NODM_XSESSION=/etc/X11/Xsession
# Options for the X server
NODM_X_OPTIONS='vt7 -nolisten tcp'
# If an X session will run for less than this time in seconds, nodm will wait an
# increasing bit of time before restarting the session.
NODM_MIN_SESSION_TIME=60

So the xbmc user will get auto-logged-in at boot. As any standard display manager, nodm will look for .xinitrc/.xsession file in the user’s home directory prior to using the default window manager. I created a .xsession file in the home directory of the xbmc user:

#!/bin/sh
xbmc

Then it needed to be chmoded:

# chmod +x /home/xbmc/.xsession

We now need to allow any user to open an X server:

# dpkg-reconfigure x11-common

When prompted, choose to let anyone launch its own X server.

One reboot later, the system was working: nodm started, which then started XBMC! I only had to go in the System panel, in the System category, Video output, and configure the Video calibration… for the video image to use the whole surface of my TV, and set the sound output channel (check out the next chapter to learn how).

Customization: ASuSTeK AT5IONT-I specific fixes

Getting the sound to work on the HDMI link was a little tricky. In order for this to work, we need to configure a few options for the soundcard driver, as argument to its kernel module.

I first created the /etc/modprobe.d/sound.conf file with the following content:

options snd-hda-intel enable_msi=0 probe_mask=0xfff2

This tells the driver not to use MSI interrupts, and to apply a specific mask when looking for available soundcards. With the 0xfff2 value, only one of the 3 HDMI soundcards will get exposed:

# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: NVidia [HDA NVidia], device 3: NVIDIA HDMI [NVIDIA HDMI]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

The final touch was to create the /etc/asound.conf file to force ALSA to use this soundcard as default:

pcm.!default hdmi:NVidia
pcm:iec958 hdmi:NVidia

After a quick reboot needed for the changes to take effect, I configured XBMC in the System panel, in the System category, Audio output, as follow:

• Audio output: HDMI
• Speaker configuration: 2.0
• Dolby Digital (AC3) capable receiver: Off
• DTS capable receiver: Off
• Audio output device: hdmi
• Passthrough output device: hdmi

This specific configuration suits my TV: its not AC3 nor DTS capable so I need XBMC to convert the audio stream on the fly to standard 2.0 stereo.

Things to come

I now bought a Remote Media Center compatible remote with a USB IR (Infra-Red) receiver, and a 4 ports PCI-Express x1 SATA card. I will make another article as soon as I get them to work.

I will also provide details on how I installed Samba to share my storage folder and access my home directory from my LAN.

I did a few attempts at compiling ZFS for the latest Ubuntu’s kernel version but yet none succeeded. I will post more about this aswell as soon as I can fix all the compile time errors.

Some Chinese website is providing screenshots of both the attack and the source alteration. The 2nd one seems legit, while the first one clearly as no impact on PHP’s security:

PHP.NET compromise: credits.c diff

PHP.NET compromise: PHPHC shell

If the screenshots are real then the source files alterations were benign: they only affect the credits of the application located at src/trunk/ext/standard/credits.c on the PHP’s repository. I didn’t check yet if more files were affected.

There is no information yet on how the hack was achieved, even if the second screenshot clearly shows some kind of Web vulnerability exploitation: a HTTP headers based shell able to execute commands with the rights of the Debian webserver’s Unix user account www-data.

UPDATE: well, after double-checking the PHP’s SVN logs, I found this: http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/credits.c?r1=306409&r2=306411. Nothing really exciting here: the strange patch to credits.c was reverted a few days after is was commited.

So what? Well I guess VUPEN are right: PHP.NET was compromised at some point, or the Wiki wouldn’t be down. Also, the 2nd screenshot doesn’t provide enough information to ensure is credibility.

Let’s wait for more informations from VUPEN which seems to be the only reliable source. The main question here: is the issue fixed? Do we need to rush the PHP 5.3.6 update?

The exploit is most likely functional (ie. « inside the wiki’s PHP code », as opposed to « inside the PHP interpreter’s C code »), and not just a low level implementation error: the wiki.php.net’s server is running a GNU/Linux kernel patched with GRSecurity by the OVH staff (a French hosting company). This specific kernel patch is making exploitation of low level vulnerabilities pretty much a living hell for hackers: ASLR, DEP, NX, etc. are the main keywords here. I really hope to get more informations soon about that particular exploit.

Let’s hope the PHP.NET team communicates as soon as possible regarding the exploited vulnerability & the risk level for the thousands PHP installations out there. I’ll try and keep this news up to date.

If anyone has more informations about this subject, please post ‘em here!

Confirmed !

In an official security notice released yesterday in the evening:
Php team confirmed rumor and explain a little bit :

The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.
We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.

We’re still looking for any news and details about the attack.

This is the second part of my brainstorming which should lead to building a HTPC server. If you missed the first part, its available right here.

After I decided what kind of HTPC I was looking for, I started crawling the Internet trying to figure out what would be the best hardware. This post will try to expose and explain the decisions I made. As of today, I’m waiting for all those parts to be delivered.

CPU and motherboard

I had a look at both AMD and Intel CPUs. It was clear to me that standard desktop CPUs were not gonna fit my needs as all of them need a fan for cooling. Also the power consumption, while pretty low on some models, still one order of magnitude above what I was really looking for: 35W sounds too much for me. I was looking for a laptop grade power consumption: something in the 15-20W range.

And then I remembered my good old Samsung NC10 netbook, running a 1.6GHz Atom CPU. I went to the Intel website and found the Atom line specifications. What a surprise when I realized that the most powerful CPU in the Atom series, the D525, had a maximum TDP of 13W!

All I needed was to find a desktop format motherboard running this Atom D525. Luckily, finding a suitable motherboard was very quick: ASuSTeK AT5IONT-I.

Pro:

• Low power consumption
• Fanless
• nVidia ION2 (supports VDPAU) integrated graphics
• HDMI output
• No onboard DC converter (which is most likely to fail first)

Cons:

• Only 2 SATA channels
• Expensive

Memory

This part was tricky as ASuSTeK is handling the versioning of the motherboard’s documentation very poorly. You can find a RAM modules QVL on the website, in the support section, but this one is not applicable for the shipped motherboards. The QVL is kept up to date with the latest BIOS revision (316 by the time I’m writing this), but the shipped items are running an older version of the firmware (312). This lead to a situation where you have a RAM module which would work with an updated BIOS, but no way to actually update it as you can’t boot without the RAM modules.

I had to look in a few forums to find which kind of RAM modules I should buy: one Kingston KVR1066D3S7/1G and one Kingston KVR1066D3S7/2G. Why not twice the same module? Because the 1GB one is needed to update the BIOS (to version 316) of the motherboard in order to add support for the second one… Anyway, the NM10 chipset doesn’t support dual channel, so there would be no point in having twice the same module, and I feel like 3GB of RAM is enough for this kind of use.

Power supply unit

I don’t have to buy this part as I have a Antec EarthWatt 500W laying around from a previous computer. It should be more than enough to power the motherboard and a few hard disks.

This power supply unit is 80Plus certified, which means it has an energy efficiency around 80%. That’s pretty important to have a good PSU for servers running 24/7, and for me because it will reduce the energy cost a little (that’s what they call « environmentally friendly« , right?).

PS: this picture isn’t mine (was selfishly stolen from Google Image), thus the UK plugs.

Case

Choosing the right case was slightly more complicated. As the HTPC is supposed to lay on the floor of my living room, its design has to be acceptable according to my girlfriend. This specific point is probably the most complex (NP complete I’d say) due to my girlfriend being, well… a girl. I’ll save both your time and mine and avoid describing our numerous talks on this subject.

However I still able to explain the technical details I was interested in. First of all, the case has to be mini-ITX compatible so the motherboard will fit, and be able to handle ATX power supplies. The second requirement is the number of hard disk slots. I want to use my HTPC as a NAS, so I need the case to handle at least 4 storage drives, plus one system drive.

I have to admit that the choice of a case was pretty complicated. Don’t ask me why, but cases for HTPC are very expensive compared to standard cases for workstation computers. As I don’t have to buy a PSU, I figured I could spend a little money in the case, so I went for a Lian-Li one. More precisely, a PC-V354R one. Most of the considerations were purely technical, so I’ll just list the pros and cons here.

Pros:

• Lot of integrated fans (2x12cm on the front + 1x14cm on the top)
• 7×3″1/2 slots + 1×5″1/2 slot
• Anti-vibrations system on the 3″1/3 slots.
• 100% aluminium, implying a decent cooling

Cons:

• Red light on front fans
• Heavy
• Expensive

The future

I’ll start building the HTPC as soon as I receive the shipment from my usual online store. I’ll be using a spare 500GB SATA hard disk as system drive, as I know its very quiet. I also bought a cheap SATA Blu-Ray reader so I’ll be able to borrow some movies or series from friends.

The first thing I’ll do will be to flash the motherboard to the BIOS latest revision. Then I’ll disable the onboard HD audio soundcard as I won’t be using it: I’ll use the nVidia’s HDMI sound output instead. I don’t need 2 soundcards in a HTPC setup.

I won’t buy all the storage drives right now as the current setup is pretty expensive already, plus I’ll need an additional 4 ports SATA card. I’m thinking about getting 4x2TB hard drives and a cheap PCI-Express 1-4x SATA controller. I don’t need any kind of hardware RAID as I’m planning to set up ZFS on those drives.

Software stack

I had a quick look over the different alternatives I could use for an HTPC software. First of all, I don’t want to run Windows. I’m not some kind of open-source freak, but I like to have my servers running GNU/Linux because of the ease of administration (as long as you know what you’re doing). From what I understood, the most widely spread HTPC softwares are:

• XBMC: a nice piece of software specificaly designed to turn any computer into a HTPC. Its available on most platforms and has a good support on most GNU/Linux distributions.
• MythTV: a well-known application designed to build a HTPC with a DVB role. I won’t use any DVB card as I don’t like watching TV.
• GeeXBox: I didn’t give a try to this option as its not just an application, but rather a whole GNU/Linux distribution. I don’t like the idea to have a specific distribution which is likely unable to serve any other role than standard HTPC.
• LinuxMCE: at first, it seems like a decent alternative. But then I realized it was much more than just a HTPC software: LinuxMCE is able to handle complete home automation, including, lights, VoIP, etc. It sounds a little bit too much for me.
• Boxee: this one is based on XBMC. It was my first choice, but I had to disgard it after I found out about the poor support. There is almost no community working on Boxee, and the company behind it seems to be be lacking some manpower.

I decided to use XBMC in combination with Ubuntu Server. Both have decent support, and I know how to handle Debian-based distributions already. In fact, I’m managing GNU/Linux servers for years, especialy Gentoo and Debian distributions, so I won’t need to learn anything to set up the base system.

My previous ISP (Free) provided me with a nice triple-play ADSL set-top box (aka « Freebox »). It has an internal 40GB hard disk drive accessible using FTP and was able to play content streamed through UPnP. I recently switched to a new ISP (Numéricable) because they were offering FTTH (100mbits downstream, 5mbits upstream) in my place, but unfortunately they’re not offering any kind of set-top box. I just got a classic Netgear modem and Netgear DVB device, which is unable to play any video content from the network.

As it turns out, I’m missing the HTPC-kind functionalities a pretty damn lot. Playing my video content on my living room’s TV is important in my eyes. Sadly, my computer is too far from the TV to link both using an HMDI cable. That’s how I decided that I’ll be building an HTPC.

What’s an HTPC?

What is exactly an HTPC (Home Theater Personal Computer or Home Cinéma & Media Center in french):

It’s a standard computer, running a standard operating system, plus all the needed softwares that allow playing video and/or audio content on a TV. Because it’s just a standard computer, it does not have to be limited to a content streaming role, but can instead serve other purposes.

What kind of other purpose? Let’s see:

I’m probably forgetting some possible roles, but I didn’t mean to be exhaustive anyway.

My plans

The HTPC I’m planning to build should just have the HTPC & NAS roles. For now on I’ll be looking for the right hardware, with the following in my mind:

• It must be as quiet as possible. This thing is supposed to lay on the floor of my living room, where I sometimes have people sleeping.
• It must be as energy efficient as possible. I won’t be defining energy efficiency here, but the server will be running 24/7, so you can probably imagine that a 140W CPU isn’t gonna do the trick. Also, I’ll probably go for a 80Plus Bronze PSU, or Silver if I can afford it.
• It should be able to handle at least 4×3,5″ hard disk drives. One for the system, plus three more for a RAID-5 array, or ZFS RAID-Z pool (I’ll see what fits best).

I’ll make another post as soon as I’ll decide which hardware I’m going to buy.