• Welcome to FlorianJensen.com

    Welcome to FlorianJensen.com

I recently visited my parents and realised that it would be great to continue to easily access my network at home. Sadly, as a Virgin Media customer, the upload speed is poor, so using the VPN I set up isn’t the answer, as all traffic would always be routed to my home.

Looking around the internet I found the answer to my problem. Even better, it was already available on Tomato Firmware, which I use on my routers. The solution was tinc.

What is tinc

tinc describes themselves as a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. It has a few nifty features, such as encryption, compression, mesh routing and a super simple configuration.

My setup

I am in the fortunate position that both my networks have a Asus RT-N66U, the Asus RT-AC66U is the successor, which both run Tomato Firmware by Shibby. This made the configuration very straightforward. Please make sure that you have the AIO builds, that include tinc as not all builds include it.

Router SetupThe networks were configured with the following IP ranges – for this example we will only look at IPv4, not IPv6:

  • London (LDN): 10.0.0.0/24
  • Luxembourg (LUX): 10.10.0.0/24

As neither side have static IPs, I also have DynDNS hostnames set up for both.

Now that the basics are there, let’s configure tinc.

Configuring tinc on Tomato Firmware

Log in to your first router, we’ll start with LDN, and head to VPN Tunneling -> Tinc Daemon.

I recommend running Tinc in ‘tun’ mode. For tun, each node must use a different subnet. These subnets must fit with the ‘VPN Netmask’ found in the config tab. In our example, as we’re using 10.X.X.X IP addresses for our networks, we can use the full 10.0.0.0/8 space, meaning the netmask value would be 255.0.0.0. Tomato by default uses a /24 netmask for it’s networks. You can then add subnets starting from 10.0.0.0/24 – 10.255.255.0/24 and everything in between.

Once you set the interface type to tun and set your VPN Netmask, you can set the name for your node. We’ll set this to ldn for our first router, and lux for our second one.

Next we’ll go to the Generate Keys tab and press Generate Keys at the bottom. You should end up with a set of keys like the following:

tinc generated keysStarting with tinc1.1pre11, only Ed25519 keys are required. RSA keys are only needed for backwards comparability in order to connect to tinc1.0 nodes.

Copy both Ed25519 Private Key and RSA Private Key (if you want to support tinc 1.0) into the Config tab.

Next we’ll head to the Hosts tab. We must create an entry for the node itself in the Hosts section. This information will be shared with other nodes to create connections. As such, on the router ldn, you would create a host ldn with the keys from the Generate Keys tab for that router. Copy the public keys into the fields.

For the address, use your static public IP address if you have one, or a DynDNS hostname. In the subnet column, enter the network IP range that you want that host to share. In the case of LDN, it would be 10.0.0.0/24, LUX would be 10.10.0.0/24.

Once you have done this on both routers, you need to add them to each other and select the ConnectTo checkbox. The nodes share the hosts’ information to help them connect to each other. As such, it isn’t necessary to define every node in every router. If Node A and Node B are connected, and Node A and Node C are connected, then Node B and Node C will learn about each other through Node A. Node B and Node C should then be able to communicate directly to each other.

The hosts table should look like something like this:

tinc hosts

Now you just need to hit Save and Start on both routers.

The Status area is active when tinc is running, and will give you some information about the mesh.

tinc status

‘Edges’ and ‘Connections’ show nodes for which ConnectTo was defined in one or both Nodes. If you don’t see a connection between two particular nodes, this doesn’t mean they aren’t communicating directly to each other. It means that neither had ConnectTo defined for the other, which is fine. The ‘info’ button will give you more detailed information about a particular node. Sometime it says “Reachability: unknown” if neither of those nodes have attempted communicating to each other yet.

There must be some path of ConnectTo’s among the network so all nodes can learn of each other.

The ‘Scripts’ tab allow you to define scripts to run whenever a subnet or host becomes available or unavailable.

That’s it. Enjoy your connected network.

Read more

If you browse back through my blog, you’ll see that I’ve been a long time fan of Nokia phones. However, after Nokia switching to Windows Phone, and killing a, in my opinion, superb device with the Nokia N9, I decided to switch to Android. So, May 2012 I got myself the Galaxy S3, which I’m still using today.

I quickly realized I wanted more power as well, such as full access to the filesystem, so I rooted my phone and flashed a custom ROM.

Why root your Android?

Looking back over the last 18 months, I still don’t know why I needed my phone to be rooted. I maybe used it once or twice, for stuff like screen sharing in Airdroid, but there wasn’t really any day to day benefit.

Many people will say that they root it to specific applications that require rooting, backing up of your phone, remove carrier stock applications, etc… but to be honest, I’ve never had the need to. Vodafone kept the bloatware to a minimum and it didn’t really stand in my way.

Custom ROM Galaxy S3 detailsCustom ROM?

So, this is the main reason why I had to root my phone. Wanting to improve performance of my Galaxy S3 and increase battery life, I had a look around to see which custom ROMs would be a good fit. Following a recommendation of a friend of mine, I then went with Android Revolution HD. This ROM kept the Samsung specific apps, such as the Camera app, S Voice, AllShare Cast, etc. It basically was exactly the same interface (TouchWiz) but with a lot of tweaks under the hood. My phone instantly became a lot more responsive and battery life increased as well. Great!

However, there are some risks that come with flashing: You void your warranty with most ROMs. And you may encouter some strange issues down the line. In my case, this happened about 1 year after flashing the custom ROM, my phone got stuck in a reboot loop. Some application seems to have broken my phone. So, there were a few options: I could re-flash the same firmware, and potentially encounter the same issue down the line, or I could try something new.

Following another recommendation by a friend of mine, I decided to try an AOSP (Android Open Source Project) ROM. These run none of the Samsung code, and are generally a lot lighter. I took a look around, and not wanting to stick with 4.1.2 (latest version available for the Galaxy S3 supported by Samsung), I went with a ROM that was based on Android 4.3, CarbonROM.

After struggling a bit to install it (note: you’ll have to manually install all Google Apps!), I finally got it running.

All I could say was: Wow. It’s like having a new phone.

The phone was a lot more responsive. Truly worlds apart. I felt like I just bought a Galaxy S4, but it was free, only costing me an hour of tinkering around — if done right the first time, it’ll take you 10 minutes.

So what did I loose by going with a AOSP ROM?

Well, the Samsung apps. The only app I miss is the Camera app, as the stock Android one takes a bit of getting used to. Besides that, I didn’t notice anything that I’m missing. S Voice, well, I use Google Now which is a lot nicer anyway. And the speed boost makes it worth it. Battery life is similar, if not slightly better compared to the custom ROM I had before. Did I mention it’s a lot faster?

My Galaxy S3 homescreenHaving run CarbonROM for the last 3 weeks, there is no way I’m going back to the original Samsung ROM. It took a bit of customizing but it now looks great and I’m back up and running at full speed. There are a few bugs I’ve encountered, but these are mainly related to Android 4.3 itself and are getting fixed on a daily basis.

All in all, if you’re willing to take the risk of rooting your phone, then going with a AOSP Rom like Carbon Nightlies (the 4.3 branch) is definitely worth a try. But be aware that if something goes wrong, the warranty won’t cover it. I may write a small post with some instructions on how to flash CarbonROM onto your phone in the near future.

Read more

Having spent the last 24 hours trying to get Proxmox to play nice with the new VRack 1.5, it looks like it works perfectly, including online live migration of venet based OpenVZ containers, which didn’t work in VRack 1.0.

The configuration makes eth1 the default card for traffic from vmbr0, however allows eth0 to function alongside it so that you don’t loose out on monitoring features. We also route IPv6 traffic through the VRack on vmbr0 and add additional IP ranges for your VM use to vmbr0.

All the configuration that’s needed is done in: /etc/network/interfaces.

Here is my resulting configuration:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# for Routing
auto vmbr1
iface vmbr1 inet manual
    post-up /etc/pve/kvm-networking.sh
    bridge_ports dummy0
    bridge_stp off
    bridge_fd 0

# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
    address 94.23.XXX.10
    netmask 255.255.255.0
    network 94.23.XXX.0
    broadcast 94.23.XXX.255
    gateway 94.23.XXX.254
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0
# A secondary IP subnet used for VMs
    up /sbin/ip route add 178.XXX.YYY.128/26 dev vmbr0
        up /sbin/ip route flush cache

#VRack IPv6
iface vmbr0 inet6 static
        address 2001:41d0:XXXX:6810::10
        netmask 56
        post-up /sbin/ip -f inet6 route add 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f dev vmbr0
        post-up /sbin/ip -f inet6 route add default via 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f
        pre-down /sbin/ip -f inet6 route del default via 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f
        pre-down /sbin/ip -f inet6 route del 2001:41d0:XXXX:68ff:ffff:ffff:ffff:ff7f dev vmbr0

auto eth0
iface eth0 inet static
    address 5.XXX.YYY.25
    netmask 255.255.255.0
    broadcast 5.XXX.YYY.255
    #Setting up the routing
    up /sbin/ip route flush table 80
    up /sbin/ip route add table 80 to 5.XXX.YYY.0/24 dev eth0
    up /sbin/ip route add table 80 to default via 5.XXX.YYY.254 dev eth0
    up /sbin/ip rule add from 5.XXX.YYY.0/24 table 80 priority 80
    up /sbin/ip route flush cache
    post-down /sbin/ip route flush table 80
Read more

I’ve been spending this morning optimizing the Flosoft.biz website in terms of load times in Browsers, and one key element of that is sending the correct expires headers to allow Browsers to cache the data.

Now, as of Plesk 11.5, you can edit nginx settings via the Control Panel, but this isn’t always straight forward, so I thought I’d write a small tutorial.

In the Control Panel:

  1. Select your Domain
  2. Click Web Server Settings
  3. Scroll down to nginx settings
  4. If you have “Serve static files directly by nginx” checked (which I recommend), you’ll need to remove the file extensions you’re going to use below, such as jpg,gif,…
  5. In the text box “Additional nginx directives” copy / paste the following configuration:

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control “public”;
try_files $uri @fallback;
}

That’s it. Just hit OK and enjoy a website that sends the correct headers for your static images and CSS.

 

Read more

One of the legacy systems we still use at Flosoft.biz is Plesk. Over the last few years it has slowly gotten better (don’t worry, it still completely breaks on every version upgrade) and nowadays comes with nginx.

However, I noticed that for some obscure reason, it doesn’t enable GZip compression for the webpages it serves? This is quite odd, having myself worked a lot with nginx over the last few years, it’s a default configuration!

Don’t worry, it’s quite easy to enable it though:

Just edit the following file as root: /etc/nginx/conf.d/gzip.conf

gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
gzip_disable “msie6”;

Then run nginx -t to test the configuration and if that’s all ok, restart nginx by running /etc/init.d/nginx restart.

That’s it. Your webserver will now be serving your pages with GZip compression.

Read more

Cyber threats are not to be taken lightly, but sadly small business owners live under the erroneous impression that no self respected hacker targets small companies. This is absolutely wrong and if you don’t believe it, Google “ransomware stories”. You will find lots of people who lost access to their computer because of a ransomware virus.

In such cases, you have to deposit a certain amount of money in an account if you want to regain access to your computer network. The sums can be huge and can render your business incapacitated if a big part of its activity is based on computers. For example, a computer that has an offline database of clients will be very vulnerable. 

Cyber security solutions

Let’s talk about a couple of pieces of software that can keep your computer safe from all sorts of malware including Trojan horses, bitcoin miners and ransomware viruses.

Comodo is one of the low cost solutions that offers affordable solutions to users from all over the world. Comodo won a lot of awards but the free version is not as potent as the paid one. You could try ESET that lets you make custom packages to protect all devices including phones, USB drives, and servers. They offer several types of products based on company size and industry.

Physical business securityLocksmith trying new key

You might think that if you’re not selling anything valuable there’s no reason why someone would try to break in. Well here are a few situations that business owners with no security measures have to deal with at some point:

  • Former or current employees who want to steel money/merchandise or access files they are not supposed to see
  • Regular thieves who want to steal your products for resale
  • People who want to vandalize your building/offices as retribution or just for fun
  • Thieves who steal expensive equipment like computers, company cars and electric tools

There are a few things you could do to make sure these scenarios don’t come true. For once, you should upgrade your locks. Something as simple as a hard to break lock will keep many people out including low level thieves who use force to break in.

It’s a bad idea to change locks on your own if you know nothing about them. You risk ending up with a broken lock or a poorly installed one. It’s easier and possibly cheaper to call a professional locksmith to take care of that.

Look for locksmiths in advance so that you know who to call when you have an emergency. Here’s the website of a company that’s been in the industry for years and knows how to please clients: https://www.247losangeleslocksmiths.com/your-mobile-locksmith. It’s obviously just for people who live in LA but even those who don’t should visit the website to see how much a locksmith is supposed to charge for quality services.

Apart from upgrading locks, your business will be safer if you install security cameras and an alarm system. You could have a loud alarm or a silent one if you want to prevent the thieves from escaping the scene before the police arrives.

Read more

Cyber threats are not to be taken lightly, but sadly small business owners live under the erroneous impression that no self respected hacker targets small companies. This is absolutely wrong and if you don’t believe it, Google “ransomware stories”. You will find lots of people who lost access to their computer because of a ransomware virus.

In such cases, you have to deposit a certain amount of money in an account if you want to regain access to your computer network. The sums can be huge and can render your business incapacitated if a big part of its activity is based on computers. For example, a computer that has an offline database of clients will be very vulnerable. 

Cyber security solutions

Let’s talk about a couple of pieces of software that can keep your computer safe from all sorts of malware including Trojan horses, bitcoin miners and ransomware viruses.

Comodo is one of the low cost solutions that offers affordable solutions to users from all over the world. Comodo won a lot of awards but the free version is not as potent as the paid one. You could try ESET that lets you make custom packages to protect all devices including phones, USB drives, and servers. They offer several types of products based on company size and industry.

Physical business securityLocksmith trying new key

You might think that if you’re not selling anything valuable there’s no reason why someone would try to break in. Well here are a few situations that business owners with no security measures have to deal with at some point:

  • Former or current employees who want to steel money/merchandise or access files they are not supposed to see
  • Regular thieves who want to steal your products for resale
  • People who want to vandalize your building/offices as retribution or just for fun
  • Thieves who steal expensive equipment like computers, company cars and electric tools

There are a few things you could do to make sure these scenarios don’t come true. For once, you should upgrade your locks. Something as simple as a hard to break lock will keep many people out including low level thieves who use force to break in.

It’s a bad idea to change locks on your own if you know nothing about them. You risk ending up with a broken lock or a poorly installed one. It’s easier and possibly cheaper to call a professional locksmith to take care of that.

Look for locksmiths in advance so that you know who to call when you have an emergency. Here’s the website of a company that’s been in the industry for years and knows how to please clients: https://www.247losangeleslocksmiths.com/your-mobile-locksmith. It’s obviously just for people who live in LA but even those who don’t should visit the website to see how much a locksmith is supposed to charge for quality services.

Apart from upgrading locks, your business will be safer if you install security cameras and an alarm system. You could have a loud alarm or a silent one if you want to prevent the thieves from escaping the scene before the police arrives.

Read more

Hello, and welcome to Floian Jensen's personal blog! I hope you like the different articles I like putting on my site; today, I will focus primarily on the ever curious face of design. In this short article, we will use some good examples of web design – and also how some such principles are used by casinos to help them empty your pockets!

The Web Design Tips

Website is the face of our online business and we put hours andWeb design requires quite an effort and an eye for detail hours of hard work to design and develop it. But for our visitors its just a matter of few seconds, to be precise less than 5 seconds to decide if your website is worth their time or not. A website gets just 2-3 seconds to impress visitors and grow interest in them.

Attracting a potential customer is hard enough. Grabbing their interest and retaining them is even more difficult. It’s important to design your site so that user frustration is kept to a minimum, thereby maximizing customer retention. White space – the empty space in between elements – is an often ignored principle of web design. We have so much to fit into our pages that elements get cramped and confused. Since links are the currency of the internet, it stands to reason that you should make them look important. Your links need to be readable, prominent, and in keeping with the style.

How Do Casinos Do It?

If you've ever been to a casino, you know there's a lot going on. Between the sounds, the lights, and the drinks, it's practically an after-hours theme park. An expensive after-hours theme park. They hide the progression of time – making gamblers lose track of time, such as by not having clocks on the walls, or windows to the outside world of sunsets and sunrises.

A casino is a cacophony of wonderful and alluring stimulation: bells ringing, siren-like lights flashing, change clanging, slot wheels whirring, digital sounds beeping – it’s all captivating. Why is it captivating? Because it’s non-verbal communication saying, “Win! Win! Win!” It gives the impression that everyone is indeed winning when, in reality, most are losing.  It’s such a happy place, how can I lose?!

Many of us realize that at a casino, they stack the deck against you. That's why you avoid gambling. If you're staying at a hotel or event near a casino, you might just "dabble." Even if you don't usually gamble, the bells and whistles of a slot machine might draw you in—but that's where casinos make their money.

The biggest proponent of casino design that we think of as being "classic" comes from former gambling addict Bill Friedman, who became a professor teaching about casino management at the University of Nevada Las Vegas, a casino executive, and a casino consultant. In order to revamp the hotels that he had taken over, he studied over eighty Nevada casinos.

The design of a casino floor is a vital tool in getting people to stay inside a casino. Walking into a casino for the first time can be daunting and overwhelming with tables and machines covering almost every inch of the floor. This is not an accident. This crowded layout is used intentionally so that players will find it more difficult to leave the casino. 

As you can see, casinos are out to get you. The good news? They can't influence you if you're not in casono itself. That is why we recommend that, if you want to gamble but want to be immune to the cheap tricks of casino layout, you go to an online casino games for real money, in the safety of your own home. That is definitely the best way Save and send to approvalto go.

Read more

Lured by the enticing aromas, colors, and bustle of a busy Indian kitchen, as a child, Nalini would often be found perched at the kitchen counter by her mother, enjoying the cook's delightful treats. A vegetarian herself, complemented by her belief in Ayurveda and Ayurvedic cooking, Nalini views food and the cooking process as a means to nurturing the soul. Me, Florian Jansen, am about to embark on a journey of taste. In this short article, we will see some of the India’s most iconic dishes – as well as see how you can use locks to your advantage whenever you’re visiting abroad!

The Indian Dishes You Simply Must Add to Your Bucket List!

Rogan Josh. The literal translation for the name of this dish from KIndian cuisine is very spicy, and for a good reason!ashmir is 'red lamb'. The color comes from the Kashmiri dry red chilies used in it. The name may sound fiery but the dish's heat is toned down by the cream that is added at the end.

Butter Chicken – chicken marinated overnight in yoghurt and spices mixture, cooked with a special Makhani sauce made of Butter, tomato puree and various spices that gives the dish its unique and delicious flavor. It is one of the most popular dishes among non-vegetarians throughout the world. It is the pride of Punjabi cuisine.

Tea is a staple beverage throughout India, since the country is one of the largest producers of tea in the world. The most popular varieties of tea grown in India include Assam tea, Darjeeling tea and Nilgiri tea. It is prepared by boiling the tea leaves in a mix of water, milk, and spices such as cardamom, cloves, cinnamon, and ginger.

Locks to the Rescue During Travel

A luggage lock is a lock used to prevent luggage from opening by accident, usually with little or no security in mind, although they may serve as a deterrent to potential thieves. They may be built into luggage, or may be external locks such as padlocks or lockable straps. They are typically relatively simple low security locks.

Screening officers are not allowed to break locks: they can, however, use special tools to open and re-secure recognized and accepted travel locks. These locks are widely used in the U.S. and other countries and can be purchased at travel stores, airports and retailers in Canada and abroad.

Locking luggage protects your belongings, keeps bThis is luggage safety 101ags closed securely and gives travelers peace of mind. Since the onset of baggage screening at airports, many travelers believe that they are not permitted to lock checked bags. Although you can lock your bags, passengers need to be aware of the regulations enforced by the Transportation Security Administration (TSA).

The bottom line is that TSA luggage locks keep both your belongings save from theft and your bag from damage caused by security inspection when flying, though airline baggage handlers can of course damage your bags, which is another matt

If your luggage needs to be physically inspected, a non-TSA-approved lock will be ripped off your bag at security — it's that simple. Purchase one that's been okayed by the TSA (which means that security officers can open it with a master key); the lock should be advertised as such on the label.

Remember that your lock can be damaged during its stay at the airport. Baggage handling systems (conveyor belts and other automated systems) and manual handling all take a toll on your baggage and your lock. The airlines are responsible for damage that exceeds the definition of "normal wear and tear". File a claim with your airline without delay.

Zip ties (also called cable locks) are something that can be used at the airport. They are long plastic ties that lock. They can't be opened unless cut with a scissor or nail clipper, which are allowed to be packed in a carry-on bag. The ends of the plastic ties fit through the zipper pull tabs. They come in all sorts of sizes.

Remember, always, that in the case of a lock emergency, you’re probably better off at getting a locksmith then trying to fix the issue by yourself. So if the emergency strikes, https://www.247locksmithservice.org/mobile-locksmith is a good place to go for some lock-related first aid.

Read more

I never thought I would write this post. I am truly amazed.

A few weeks ago, we decided to port our main phone line after 35 years from Belgacom to OVH VoIP service.

Now, the tricky thing was, the Internet line we have with EDPnet in the house is run via the same phone line. This worried me, thinking that I’d end up with my parents losing internet and phone and with me far away. But hey… let’s try it.

Just to make sure though, I called up Belgacom to ask them how these things normally go. After being on hold for 38 minutes in a seemingly endless queue, I decided to call OVH. A few seconds later, I was talking to someone explaining me the process, however with the disclaimer that the information is based on french operators. So I decided to give my internet provider, EDPnet, a call. There I was told that it will ‘just work’, Belgacom would terminate the line automatically, and they’ll step in with a ‘raw copper’ service. Sounds great!

So I scheduled the number port for the 21st of January. Letters arrived from OVH and Belgacom, verifying that I wanted to go ahead with this, and the 21st of January came closer.

Emails from OVH confirming the Number Port

Emails from OVH confirming the Number Port

On the day, I got 3 emails from OVH confirming every step of the number port. The phone service just switched over. Even internet didn’t disconnect. Everything went smoothly. Unbelievable right?

Next, I got a nice email from EDPnet confirming that they heard about the number port, and that they’ll provide the raw copper service on the same line without interruption.

Screen Shot 2013-01-21 at 22.24.57Great! To be honest, I did NOT expect this to go smoothly at all. Given my past experiences with major telephony operators and complex setups like this (with 3 operators involved), I expected to loose my number, loose internet connectivity for at least a few months etc. But no. It all works. So I’d like to thank OVH, EDPnet and even Belgacom for making this a very smooth transition. Awesome work guys!

 

Read more