What do I need to start beekeeping?

IMG_1054
So this is a common question I get when I share pictures and videos of my beekeeping experiences. So I figured my first post about beekeeping will be about getting started. Getting started with beekeeping takes a lot more planning and education then most people realize. I’m no pro, but there are a lot of different styles and opinions on how to do it, and where to start. To treat or no to treat, to feed or ot to feed. For this blog post I’ll focus on getting your basic equipment together an finding a local bee association to help mentor you on best practices in your area.

Buying or Building a Hive

Most new beeekeepers will buy their first hive, while others will use their first year to build up gear and build their own and buy frames or sometimes just the foundation. Either way you need to know what part you need to get started. For a basically 10-frame Langstroth hive will have a bottom board, enterance reducer, 1-3 Brood deeper suppers, queen excluder(optional), 1-2 honey medium suppers, inner cover, outer cover, 10 – deep frames per brood supper, and 10 – medium frames per honey supper, and usually a frame feeder to get your bees started or when needed. Speaking of feeding buying or making pollen patties is also a great way to increase your numbers quick. If you wish to build search for DYI 10-frame hive, and you should find plans and videos with all that you need.

To start out you can order a starter hive online for about $130 or so. It will come with the bottom board, entrance reducer, deep brood super, 10-frames, inner cover, and outer cover.

 10-Frame Complete Painted Hive Kit, Assembled, Made In The USA

Although you should probably have a second brood box ready to put on if your bees really take off in the spring. You should add it on when 8-9 frames are full of brood, honey, pollen. You can get by with 2 of these including the starter kit.

10-Frame Assembled Painted Hive Body Kit, Wood Frames, Made in the USA

A Queen (or honey) excluder can also be purchased, it works by keeping the queen laying eggs in the brood boxes with openings like a strainer that only worker bees can fit through. I say honey excluder simple because encouraging some worker bees to go through the excluder can be difficult, not to mention the bur comb that may need clean up. Many beekeepers get by without them by just managing where the queen is laying and get moving her to the bottom brood box. A good queen excluder can’t hurt if you want to keep the eggs out of your honey suppers.

Mann Lake 10 Frame Wood Bound Metal Excluder, Queen

Finally you should have 1 or 2 honey suppers depending on how often you harvest, these are the boxes you will harvest your honey from, leaving the honey in the brood boxes for the bees. They are smaller mainly because they can get heavy when loaded with honey.

10-Frame Assembled Painted Honey Super Kit, Wood Frames, Made in the USA

Bee Suit, Gloves, and protection

Bee suits are also optional but recommended for first time beekeepers, and those sensitive to bee stings. Simply a jacket with a veil and wearing a long pair of paints works fine. This one comes with gloves, hive tool and, a bee brush.

LORJE Beekeeping Bee Keeping Suit Jacket&Gloves& Bee Hive Brush & J Hook Hive Tool Set

If you are worried about getting sung you can go for the full suit for a little more:

New Professional Large / XL Cotton Full Body Beekeeping Bee Keeping Suit, with Veil Hood By VIVO (BEE-V106)

You can also just wear a long sleeve shirt, gloves, and a bee veil/hat as well.
Natural Cotton Medium / Large Professional Beekeeping Beekeepers Hat Veil for Bee Protection During Beehive Maintenance by Goodland Bee Supply
Little Giant Farm & Ag GLVMD Goatskin Gloves with Vented Sleeves, Medium

Note: make sure to size your suit and gloves appropriately.

Basic Hive Tools

There are some basic hive tools every beekeeper should start out with. Some of these may have already beeen included ina kit above.

The first of such tools that is of high important mainly due to how bees tend to glue everything in the hive together with propolis or bee glue. This tool has a hook on the end great for pulling frames out of your hive. This is what I use every day I work on my bees.
KINGLAKE® Steel J-Hook Jhook, Bee Hive Tool Frame Lifter and Scraper,Beekeeping Equipment, 10-1/2-Inch

A smoker is also important for keeping your hive calm while working with them. Some pine needles or smoker chips with a starter is all you should need.
Mann Lake HD554 KwikStart Smoker Pellet
Honey Keeper Bee Hive Smoker Stainless Steel with Heat Shield Beekeeping Equipment
Note: honey extraction is a whole topic of its own, for getting started I would focus o the above and study which extraction method you wish to use, some bee clubs have loaner equipment you can use for free or a small fee.

A bee brush, sometimes you need to gently brush the bees away to avoid smashing too many of them or to get them off your honey frames you plan to extract. Sometimes a good smoker will do the trick. It never hurts to have all your tools ready when you need them.
Little Giant Farm & Ag BKBR14 Beekeeping Brush

Some other items that can come in handy, a large plastic tub with a cover, spray bottle (with sugar water), a six foot ladder, nuc box or any box and a roll of duck tape incase you wish to catch a swarm.

Finding your local beekeeper association

I saved the best for last, but you will want to support and join your local local bee club. They usuallly have monthly meetings, can get you information to register your hive with the state, and offer classes and sometimes rent or loan out equipment. You will find good local mentors here, and possibly some free bees even late in the season.

Spring into Solar

Solar Bees

Setting up our bee hive after a harsh cold winter

This is just a quick update on our Solar status over the first winter. We obviously did not have very much in netmetering credits from September. We did however have an abundance of winter with some colder than normal averages and extra few feet of snow to boot. So by the numbers even with the over sized 14.64 kW of capacity our consumption of over 18 MWh of power was only met with about 11 MWh of generation. However starting April it looks like we will be back to paying the minimum connection fees.

chart

In the month of January, our coldest month. Our all electric home used just over 4MWh of power with .346 MWh of generation for the entire month. We would need at least 10 times the number of panels at $350,000 or more just to power our home off-gride with just solar on the coldest month of the winter. This does not even include the cost for a large battery bank with charging inverter.

So our CEO Mark Reddemann at Energy Northwest hit it on the nose in the last employee meeting, that renewables such as Solar and Wind are capable of generating energy in sufficient quantities when the environment is just right, but they lack the ability to provide capacity. Especially when it is needed most such as during early mornings, cool nights, and cold snowy winter months.  Instead we rely heavily on what is called baseline power, such as Hydro, Nuclear, Natural Gas, and Coal, that is able to keep our power grid adequately powered 24/7.  Of these Nuclear and Hydro play the biggest role in providing clean power in the Northwest.

Don’t get me wrong, Solar still plays a role, but currently cannot replace of compete with other power sources available for less then half the cost of Wind and Solar. Instead Solar is an alternative energy that will help provide relief to over taxed grids, and with research into better grid transports and energy storage.

Just think about it, bee’s have learned how to harvest and store energy in honey for winter ultimately generated by the sun. Which in turn helps them to generate heat through the winter to survive for the next spring. It does however require them to sacrifice ever minute of their short lives to do so. So looking to the future where maybe someday solar will play a bigger role. For now I’m learning towards advanced nuclear reactors which will reduce if not eliminate the nuclear waste and continue to power my home when the Sun is just not able to reach us.

 

 

 

14.6kW Solar Array

So this past summer we decided to take the leap and build a large solar array in our backyard. Nearly 5 months later (after engineer planning, trenching, racking, electrical work, inspections, and new meters) we are now producing more power than we are using.

Inverters: SMA 7000tl-US (x2)

Panels: CSUN305-72P (x48)

Estimate Annual Generation capacity: 22,713 kWh per year

To see how we are currently doing:

Clodfelter Solar Farm on pvoutput.org

https://emoncms.org/vis/multigraph?mid=12110&embed=1

Sprinkler Controller Recommendations in Drought Regions

In much of the Western US, we have been dealing with a drought, and in dessert regions that rely heavily on irrigated water supplies by Irrigation districts. One such district (Kennewick Irrigation District www.kid.org) will be enforcing a Weekly mixed AM/PM schedule to a majority of its customers based on the last digit of the address number.

Here is the Water schedule KID will be enforcing starting May 31st:

The enforcement schedule is as follows:

1.    Enforcement of water availability schedule:
a.    1st and 2nd offense of watering on any day other than assigned, warning issued to property owner;
b.    3rd  offense of watering on any day other than assigned will be charged a $100.00 penalty and valve locked off for seven calendar days;
c.    4th offense of watering on any day other than assigned will be charged a $100.00 penalty to property owner and water locked off for remainder of season;
2.    Tampering with lock:
a.    Removal of lock by any person other than an authorized KID employee will result in a $500.00 charge payable prior to water service being reestablished.
b.    2nd offense will result in the irrigation service being capped for the remainder of the season with the District seeking prosecution with the county prosecutor for tampering with a public facility.
3.    Appeals:
a.    All charges may be appealed during the annual Board of Equalization.
b.    A landowner may appeal a lock off or capping of a turn out to the Board of Directors.

Problem this schedule poses for some automated controllers:

Some of the reasons property/home owners invest in underground sprinkler systems, are to have green lawns, automation, and because it is required by local associations governments. There are a couple issues with the enforced watering schedule, which may require a change of your controller. One some controllers do not allow you to select time of the day (just how many times a day you want to water), and many controllers only allow you to run one schedule per day. If you have a house number that ends with 3,4,6,7,8 or 9 you will want a good controller. You don’t have to break the bank to get one they start at $21, much cheaper then $100 fine and loosing your irrigation water for the season along with your grass.

Rain Bird SST400I/SST600I/SST900I/SST1200I and outdoor versions- (Warning only works with 1, 2, 5, or 8 schedules)  I Do Not Recommend these timers very limited scheduling.

This and similar versions only allow you to schedule the day, first start time, interval, and how many times a day. From personal experience it is easy but not flexible enough to meet the schedule requirements by KID. If you are lucky enough to have either a (house number ending with) 1,2, 5 or 8 watering schedule you can make this work by selecting the required days, set start time in AM or PM time that will finish all zones, 30 minute interval – Important, and only set it to water each zone once. If you select more then once per day to water with this controller you will be violating the scheduled time. This controller will not work for Mixed AM/PM schedules.

Indoor Orbit Controller (Cheapest Option for 4/6 zones $21/$25)

A/B Schedule 8 watering times – weekly schedules – you can run both A and B Schedules. This is perfect for the more advanced 3,4,6,7,8 or 9 watering schedules posted above. I recommend setting A to your AM scheduled day, and B to your PM scheduled day. Make sure your timer is set to auto and both A and B schedules are activated.

4 – Zone – http://www.lowes.com/pd_50605-74985-28954___?productId=3506632&pl=1&Ntt=sprinkler+controllers

6 – Zone – http://www.lowes.com/pd_50606-74985-28956___?productId=3506634&pl=1&Ntt=sprinkler+controllers

Indoor/Outdoor Orbit Controller

A/B Schedule 8 watering times – weekly schedules – you can run both A and B Schedules. This is perfect for the more advanced 3,4,6,7,8 or 9 watering schedules posted above. I recommend setting A to your AM scheduled day, and B to your PM scheduled day. Make sure your timer is set to auto and both A and B schedules are activated. You can purchase here: http://amzn.to/1SxmJPl  (select 4, 6, 9, or 12 zone option)

For those of you with the Lowes Iris Home Automation System:

This one is the same as the 12-Station indoor/outdoor above, only that it can be paired with your Iris Controller and managed from your computer/smartphone/tablet.
http://www.lowes.com/pd_587056-74985-27396___?productId=50134682&pl=1&Ntt=sprinkler+controllers

TLS over SMTP – How to protect your email from prying eyes on the internet

Those who have worked with email servers should know what SMTP is but many do not understand what TLS has to do with it. It is even more amazing how many people don’t realize that e-mail is worse then a postcard written in pencil. It is in clear text easy to read, modify, and pretend to be someone else to get what you want.

My last post on DMARC, SPF, and DKIM would help protect many people from receiving emails pretending to be from your domain, sometimes called email spoofing or phishing. This post will focus on options to keep those prying eyes from seeing emails sent from your domain by encrypting the connections between the receiving and sending domain email gateways using TLS.

Think of TLS to SMTP as what SSl or HTTPS is to HTTP. Except one difference, TLS can happen on the same port as SMTP. So how do we ensure that the receiver does not revert back to cleartext? Well we create policies to cover the receivers we want to send mail to to ensure they are forced to receive using TLS or the email fails.

So the first thing to do is to check if TLS is enabled on your SMTP server. Best and quickest way to do this is to use the SMTP testing tool at mxtoolbox.com. You can check yours and anyone you what to send emails too.

Next if you don’t have TLS, you can generate a self-signed or better yet get a inexpensive Public CA signed SSL certificate from RapidSSL. Then setup your gateway or exchange server to use TLS for its interfaces and mailflows.

Now who do you ensure that mail is sent TLS, and if it can’t be sent TLS and you still want it to get your message through securely? Here is where one could create another smart-host or gateway, that also acts as a secure ad-hoc webmail server as needed. If the server can connect via TLS it send that message through also letting the sender know that it was delivered, and possibly read securely and letting the receiver know that they are receiving a secure mail via TLS.

If for some reason TLS fails the message is hosted on the webmail server, and a registration and seporate notification that a secure email is awaiting the receiver on the senders web server. The user registers somehow and picks up the message. The sender is then notified that the message has been received.

There are probably products out there that do this. They are expensive, but this is not really rocket science. I’ll post back if I find an easy open source solution to this problem.

But if you just enable TLS you are making huge strides to protecting your sensitive emails, and even consumer email such as Google Gmail defaults to TLS.

How to fight SPAM, Phishing and Protect Your Brand Name – beyond blacklists

Sounds a little off topic, but I was amazed at the glazed eyes from Marketing when I tell them their e-mails might be marked as spam by some of the most popular consumer email hosters. Basically when they use try to use an email service and send as a SPF, DKIM, and DMARC configured domain, their e-mails are rejected. At this point some of you might be wondering what I’m talking about. Basically these standards are used to help receiving email gateways verify that the email actually came from the legitimate sending gateway via DNS records and signing keys. It also allows the sender to have some say on how the receiving organization should respond to offending e-mails, such as let them through or to reject them. The topic sounds more complex then it is but I will show you the steps to get started and share some of the tools that helped me to incorporate DMARC, SPF, and DKIM in less then a day.

Lets start with DMARC. You can find more information on DMARC here http://www.dmarc.org. I recommend starting with DMARC in a testing mode as it will tell all receiving domains to send you DMARC reports on al e-mail that appears to be coming from your domain. These reports are mainly XML files but you can also request some of the domains to send you a copy of the actual offedning e-mail. Reading XML files can be fun but these files can be hudge depending on the volume of emails, so I recommend using a service such as http://dmarcian.com which is cheap or free. This service will break these reports down into actionable data. After you create an account with dmarcian, they will give you an e-mail address. You can use this e-mail address in you DNS TXT record. If you want to receive the forensics e-mails be sure to create an e-mail on the domain you are monitoring so you can have these sent to you.

You will need to create a DNS TXT DMARC record for your domain. This record will not be an A record but a TXT one named _dmarc.yourdomain.com. for example in the Godaddy DNS Manager you will create a record _dmarc under the TXT section. in the value your will enter the following

v=DMARC1; p=none; pct=5; rua=mailto:Yourcode@tdf1noj0@ag.dmarcian.com; ruf=mailto:dmarc-ruf@yourdomain.com;

v= is the version
p= tells the receiver to take no action at this time, that this domain is in testing (it is recommended to start here)
pct= the percent of messages to apply the rule to, you can start this number small and work your way up. It is best practice as you change “p=” to a stronger policy that you start pct= to a lower value and work your way up to 100 a week or so at a time. This will help you to lock down your domain emails while still avoiding as many false positives as you can.

rua= the e-mail dmarcian created for you, this will allow them to create reports based on the hundreds and thousands of emails being sent. This is mainly just IP, pass, fail , and domain informaiton no actual emails.

ruf= the mailbox you created this should be on the same domain, unless you create a special third-party record on the receiving agagate domain.

After you set this up wait a week collect data, log into DMARCIAN.com and see who else is sending e-mails as you, what countries they are coming from. Could they be targeting your customers or members? Or is it a vendor that does business on behalf of you. This is the type of informaiton that will protect you from loosing mail and monitoring your efforts along the way.

The next step is to create a simple SPF record. This Sender Polcy Framework DNS record or SPF is used to identify all the IPs that are allow to send e-mails as your domain, and what to do with those that are not on the list. The trick here is the same start with your sending e-mail gateways, if you have just one or two list just their IP addresses. The main limit here is the size of the TXT record and staying under 10 DNS queries. You can have multiple SPF records included and chain them together. You can even include records from another domain. Start simple first.

Before you post your record goto http://www.kitterman.com/spf/validate.html, and in the bottom form called Test an SPF record you will enter in the IP address of the sending email gateway, SPF record, and a test email such as test@yourdomain.com. This e-mail does not need to exist it will just check your record and see if it passes or fails.

The SPF record is also a TXT type DNS record, it has no name. This means in some DNS managers you give it the name of @

If you have a domain that should not send e-mail your should use this spf record:

v=spf1 -all

This tells receivers to reject all e-mails from this domain. Don’t use it on your sending domains instead use:

v=spf1 ip4:123.123.123.11 ip4:123.123.123.10 include:icpbounce.com ~all

You can use ip4 for IPv4 addresses and ip6 for IPv6 addresses, you can also use mx to include all your mx records but recommend using IPs when ever possible to avoid the DNS limitations. includes are handy if you send e-mails through other vendors as your domain. That way their SPF record is simply included into your record. They have to have an SPF record for this to work. Once you have an SPF record wait a little bit and use the SPF surveyor tool in DMARCIAN.com to get some feedback about your record.

Also you can test your record by sending an e-mail from check-auth@verifier.port25.com you should get a reply with the SPF section passing.

You will want to monitor your DMARCIAN account to ensure you are covering your vendors and yourself who send as your domain. This may require some investigation of domains and IPs. I recommend using robtex.com to get all of this in one tool. or just doing a Whois. Sometimes multiple domains will be associated to the same IP.

What you will notice DKIM is failing at this point. So what is DKIM. Well my friend, DKIM builds on domainkey as a way for email gateways to sign e-mail with a private key as it is sent out, then the receiving domain can compair the signature and ensure the email was not modified by checking the public key published in the sending domains DNS. Sounds simple now lets get started.

If you use an e-mail spam appliance that supports DKIM have it create a DKIM key pair I recommend 1024 bit size, I found the larger keys did not work for me. If you don’t have a gateway and just have exchange, I recommend building a linux server to act as your gateway or smarthost. Such as dkimproxy.sourceforge.net. Follow the instructions for creating the key and applying to your mailflow.

At this point when you send your check e-mail it should still fail but you’ll notice that it is signed. You now need to pubish your DKIM public key to your DNS. You will need to copy the “public” key from your gateway. You will create a TXT record called yourselector._domainkey.yourdomain.com. You will have a DKIM key publish for each gateway you are authorizing to send keys as you. in the value you will enter in the DKIM key as produced by your gateway.
Something like: v=DKIM1; p=;

Also be sure to create a TXT DNS record called _domainkey.yourdomain.com with the value of: t=y; this will tell everyone that you are in testing, and to still accept unsigned messages. You can change or remove this value as you are more confident that all email is being signed. Wait a little then check your DKIM key on DMACIAN.com, they have a link to a tool that will make sure the public key is valid. Send a few test e-mails. Kepp in mind it can take some time for DNS records to change or kick in.

Now you should see your messages pass DMARC, SPF, and DKIM. You may see others that need assistance, such as vendors you work with. So the easy part is to slowly rasie your policy until your at 100 percent, and are telling everyone to reject those other spam or phishing e-mails. You will need to ensure that you maintain your records and work with your new vendors. As this is controlled in DNS, you can even change your policies temporarly on the fly just keep in mind DNS propegation.

Thank you for reading hope you find this useful.

_

VBS Script to add Lync Contacts to all users who are a member of a Group

This is based off and extends the LyncAddContacts.vbs script found here: http://www.expta.com/2011/01/introducing-lyncaddcontacts.html

After much searching on the web I was unable to find a script to meet my needs with Lync, so I put this together and cleaned it up a bit. This of course requires the LyncAddContacts script with the dbimpexp.exe tool pulled from the Lync install DVD or iso. You will also need a template user (which can be created with a mailbox, account hidden from exchange addressbook, and account diabled after adding all the contacts and groups to the Lync). You will also need to run and probably schedule task this with an account that has all the permissions needed to pull export and import contacts for your lync users.

To use this script place in same directory as your other scripts on the Lync server and change the 3 const variables located near the top of the script. Enjoy

Update: I changed the script a little, turns out I should not use a @ symbol in a string so I replaced it with chr(64). Also another gottcha I ran into was that run in path needs to be your scripts folder with exe and both vbs scripts if you are using the task scheduler. Also this can be resource intensive as it updates all the users directly through SQL. So ether adjust your resources acordingly or only run this during early morning or late evenings.

'LyncAddContactGroups.vbs
'Script Used to import Contact Groups to all users in Lyncmplate
'Author: Paul Cardelli
'Date last Modified: 3/17/12
'-------------------------------------------------------------------------
 Option Explicit
 Dim objRootDSE, strDomain, objGroup, objUser, WShell, arrMemberOf, strMember, strSIPTemplate

 strSIPTemplate = "LyncTemplateUser" & Chr(64) & "domain.com"
 Const strGroupCN = "LDAP://CN=All Users,ou=User Groups,"
 Const strLyncScriptPath = "d:\Scripts\"

 Set WShell = WScript.CreateObject("Wscript.Shell")

 WShell.Run "cscript " & strLyncScriptPath & "LyncAddContacts.vbs /backup backup.xml", 0, False
 WShell.Run "cscript " & strLyncScriptPath & "LyncAddContacts.vbs " & strTemplateSIP, 0, False

' Retrieve domain information
 Set objRootDSE = GetObject("LDAP://RootDSE")
 strDomain = objRootDSE.Get("DefaultNamingContext")
 Set objGroup = GetObject(strGroupCN & strDomain)
 objGroup.GetInfo
 arrMemberOf = objGroup.GetEx("member")

'Pull all e-mail Addresses into an array, and apply Template to each User
 For Each strMember in arrMemberOf
     Set objUser = GetObject("LDAP://" & strMember)
     WShell.Run "cscript " & strLyncScriptPath & "LyncAddContacts.vbs /import " & objUser.mail, 0, False
 Next

WScript.Quit