Nespresso Machine Service Manuals

When buying most things I always like to hold a repair / service manual. I thought some of these manuals may be useful for others so have included them here as it took a lot of googling to find them. Most my family have nespresso machines which is why there are different models below. Hope they are useful.

Krups Cube Nespresso Service Manual

Nespresso U (C and D models) Service Manual

Nespresso Pixie Service Manual

Delonghi Lattissima Plus Service Manual

Quick Tip - Tomato - Creating a Guest Wifi Network

Creating a guest wifi in Tomato is easy. Just follow these screen shots: To begin:

  1. Login to the Tomato Control Panel
  2. Click Network under basic settings and add a new lan connection as the screen shot shows:
    tomato lan
  1. Go to VLAN under advanced and create a new one linking it to the new LAN. You will have to restart the router after this operation.

Tomato vlan

  1. Add a new virtual wifi interface

tomato wifi

Job done!

Norton ConnectSafe

Not many people realise but Norton ConnectSafe is a free service (even if you don't use Norton Security) which works at the DNS level and acts as a first line of defence against cyber threats. It is not a replacement for end point protection but compliments it well. Full details here: https://dns.norton.com/

Norton ConnectSafe

Expanding Varnish to Serve Mutiple Languages

Varnish is often used with PHP or NodeJS. On my server I run both applications simultaneously. Its possible to run NodeJS and PHP applications through Nginx, send them to the same varnish instance by setting different backends. This is done by working with the Varnish configuration language (VCL) and is surprisingly simple. Its also not really talked about much so here is an example. My setup also serves SSL content taking into account not to cache the management interface which includes authentication tokens and the like. I also realise I should call it TLS not SSL. To keep it simple here is a diagram:

Diagram of Nginx, Varnish, PHP and NodeJS on different ports

To make the changes open the following file:

nano /etc/varnish/default.vcl

Below the default backend definition add the following:

backend ghost {
  .host = "127.0.0.1";
  .port = "2368";
}

The above creates a second backend that is getting its content from our Ghost NodeJS app running on port 2363. Our PHP application is served by Nginx which would still be on the default backend.

Finally in the sub_vcl_recv section we need to tell Varnish which backend to use. Many advanced methods can be used but here is a simple example that sends the domain howson.me to the ghost cache and any other sites to the PHP cache:

if (req.http.host ~ "howson.me") {
    set req.backend_hint = ghost;
} else {
    set req.backend_hint = default;
}

There we have it. An easy way to use one varnish instance with multiple languages.

VMware Windows 2000 Virtualisation

I have been virtualising an application that only runs on Windows 2000. I hit a number of problems including missing files when try to install VMware Tools. I tried the VMware KB article but found the links were dead due to Microsoft ending support over 4 years ago. Thankfully I managed to get hold of Windows 2000 SP4 and the KB835732. I have provided individual downloads below. I have also created a premade ISO which can be loaded into the VM. This is handy if you like myself you don't allow any network or file access to keep the unsupported platform segregated.

Download Links:

Download Windows 2000 Professional Service Pack 4 Standalone Installer

Download KB835732 Update Standalone Installer

Prebuilt ISO image containing the files above


Method:

I first realised I had a issue when I tried to install and got the following error:

Screen shot showing it was unable to upgrade the installer

I managed to dig out a copy of SP4 so first installed it as below. See links at the bottom for a copy.

Install of SP4 setup Wizard After trying that I then discovered KB835732, which relates to security vulnerability MS04-011.
Missing install of KB835732 shot I simply installed this update (again link included at the bottom) and then rebooted.
Shot showing KB installed Finally I could install VMware Tools.
Shot showing VMware install starting

Once I had completed the installation the drivers kicked in and I the OS was in true colour.
Shot showing Vmware finished and in true colour

Moving a Nessus 6.x Installation

Nessus Logo Today I had to move a Debian based Nessus installation on a physical Machine to a virtual one. After a bit of head scratching I came up with a method. I could not find much on the internet so here is a guide:

1.Connect to the server you want to copy from. I used Filezilla with secure copy
2. Install Nessus on the new machine but don't start the service
3. Ensure the Nessus instance is stopped
3. Copy the entire /opt/nessus directory and overwrite it
4. Start Nessus
5. If you get a error about global.db being corrupted follow the on screen instructions to fix it
6. Release your activation number if applicable in the Nessus Support Portal.
7. Run the following: /opt/nessus/sbin/nessuscli fix --reset
8. Run the following: /opt/nessus/sbin/nessuscli fix --register activation key here
9. Finally start the Nessus Service
10. Login like normal with the same username and password as you had set previously.

You will find your entire installation will have been copied over and your license restored.

Fixing Disqus comments when using Cloudflare

Most people when they find Disqus does not work with Cloudflare due to rocket loader just turn it off. By default its on automatic. There is a solution though.

Image of Cloudflare Rocket loader

I have managed to get it working by using the handy parameter data-cfasync="false" This tells Rocket loader not to touch these scripts. This allows the rest of the site to get the rocket loader benefit without breaking Disqus. Here is an snipet of the Disqus code with the parameter added:

<div id="disqus_thread"></div> <script data-cfasync="false" type="text/javascript">
/* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ var disqus_config = function () {
this.page.url = '{{@blog.url}}{{url}}'; this.page.identifier = '{{post.id}}'; };

This method should work for any script that causes issues. Flush your cloudflare cache and problem solved!

Mail in a box Setup

I have setup nearly every type of server in my time from cold fusion to a simple LAMP stack. However one I have always ran a mile from is e-mail. Don't get me wrong I like the idea of hosting my own e-mail but never really taken the time to learn about it. I suppose when you can go with something like Google Apps, or Office 365 its a hard offering to beat. You get a lot of features for very little money. When you consider that hosting costs £10 a month then backup servers another £11. Its far cheaper.

The story is starting to change though, iRedMail has been around for a number of years that makes mail server setup easier, there is a new kid of the block called Mail-in-abox which gives you a fully working setup in one command. There is no way I could mess with my production domain so I setup a test one to mess around with. I'm still playing but check back soon for a guide.

Ensuring Cloudflare SSL / TLS is secure

You may have seen online some articles talking about if its secure. Scott Helme wrote a really good article. Here is a easy to follow method to ensure its as secure as possible. We will go through each one but in summary

  • Use SSL in strict mode
  • Use HTTP Strict Transport Security (where full SSL is required)
  • Use TLS 1.2 only (requires business plan)
  • Use TLS origin authentication

When you use SSL / TLS in strict mode you require a valid certificate between the server and cloudflare. There are a number of free certificate authorities including lets encrypt and startcom.

strict ssl

For times when you need full SSL / TLS support use strict transport security.

Strict Transport Security

If you have a business plan its worth turning on the PCI compliant TLS 1.2 ciphers.

Finally use TLS origin authentication. In simple terms this works by Cloudflare presenting a certificate to the back end server which is then validated. This prevents attackers sidestepping the cloudflare protection.

TLS origin Before you turn it on you need to setup your webserver so it will work. There is a very simple guide on setting it up using Nginx here:

https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls