Home Blog Page 4

Howto: Calibrate Monitor Colour

[vc_tta_tabs active_section=”1″ pagination_style=”outline-square”][vc_tta_section title=”Summary” tab_id=”1483657727692-588765df-8139e50c-cffe668d-da2c”][vc_custom_heading text=”Problem / Outcome Summary”]
  • This article will enable you to match and calibrate your monitor’s colour to other colour profiled devices such as printers and projectors.
  • Please see the ‘Summary Overview’ tab below for a high level view of the objectives this ‘howto’ will achieve.

Why might I want to do this?

  • To ensure consistent colour across multiple devices.
  • To ensure printed photo’s look the same as on screen
  • To prevent photo’s from being too dark or too bright
  • To create colour consistency when working with Video
  • To ensure colour is displayed as intended when watching movies on a projector or TV
[/vc_tta_section][vc_tta_section title=”Foreword” tab_id=”1483656936153-fec58c10-e606e50c-cffe668d-da2c”][vc_custom_heading text=”Foreword”]

To be clear, what does colour calibration do?

Simply put, colour calibration is a way of ensuring consistency of colour (and brightness to a certain extent) across multiple devices. This is absolutely mandatory if you’re working on photo’s professionally, but also is a very nice to have if you have a big projector or fancy TV and enjoy watching movies.

You want to automate this process if you have a public facing web site that you wish to utilise SSL, or if you have many users that will connect to the NAS from the internet. Do note however, that a certificate is not necessary to do the actual encryption of your traffic, however, without a paid certificate, each user will either have to accept a security warning prompt upon initial setup or upon visiting your web site, or alternatively manually add a certificate that you provide in the form of a file. For this reason, it is usually much easier to use a paid certificate authority.

Colour Calibration Products

There are many colour calibration methods and products out there.  Without a doubt the two main brands are X-Rite and Datacolor.  You’ll note from their product pages that there are many things that need to be calibrated if you want total control over consistent colour.  For this article though, we’re focusing entirely on calibration of the screen.  If you’d like a quick and dirty recommendation for which product to buy, I’d buy either the X-Rite i1 Display Pro or the Spyder 5 Elite.  My preference, is for the X-Rite brand as they seem to do their updates more on the software side (meaning your hardware investment lasts longer) whereas Spyder seem to keep upgrading their hardware meaning your product is outdated quicker.  I actually Own the X-Rite ColorMunki Photo, which is now a very very old unit (over 6 years old), but as a testament to X-Rite and to my amazement, X-Rite continue to update the drivers for each new version of Mac-OS that comes out.

Please note: The above products come with their own software for Windows and Mac OS.  If you’re using Linux (or an unsupported version of Windows or Mac OS), please take a look at DisplayCAL and also check the hardware compatibility list for this software before buying here.

[/vc_tta_section][vc_tta_section title=”Pre-Requisites” tab_id=”1483656936239-1facad3b-9216e50c-cffe668d-da2c”][vc_custom_heading text=”Pre-Requisites”]

Software Dependencies

  • ColorMunki, Spyder or DisplaycalGUI
  • Windows, Mac OS or Linux

Hardware Dependencies

  • Compatible Colour Calibration Unit
  • Computer display or equivalent

Tools Required

  • None

Other Dependencies

  • Supported Operating System
[/vc_tta_section][vc_tta_section title=”Summary Steps” tab_id=”1483657008528-9fc62da7-5742e50c-cffe668d-da2c”][vc_custom_heading text=”High Level Summary Steps”]

The below lists the high level summary of steps we’re about to take during this howto.

  • Run the calibration application
  • Calibrate your hardware (X-Rite method)
  • Calibrate the colour of your screen)
  • Check the result
  • Save the Colour Profile
[/vc_tta_section][vc_tta_section title=”Implementation” tab_id=”1483657023013-0e8f9bfb-cd0fe50c-cffe668d-da2c”][vc_custom_heading text=”Implementation”]

Start the calibration Application

In this case, I’m using X-Rite software as I have a ColorMunki Photo.

Application to calibrate ColorMunki Photo
ColorMunki Photo Calibration Application

On your Mac, go to, Applications in the finder, Open the ColorMunki Photo folder, then open the ColorMunki Photo app.  You  will be presented with a screen similar to the image on the right.

  • Click on the ‘Profile My Display’ Button
  • Click the LCD option on the next screen (assuming that’s what you have)
  • Most people will want to click the ‘Easy’ option, however I normally click the ‘advanced’ option so I can get more control.
  • Leave the White Point at D65 for almost every scenario
  • I normally set the ‘White Luminance’ value to 140 cd/m2 however you CAN let the colormunki set this for you by choosing the option to let ColorMunki automatically set your luminance level.  The reason I set this manually as it never seems to quite work as I expect, but go right ahead and choose it if you like as you CAN create multiple display profiles for your computer and jump around between them as you see fit.

It is actually recommended to create a seperate profile for seperate scenarios – in particular a daytime / bright light profile and a night time profile due to the difference in surrounding light colours and brightness.

  • Click next
  • On the Colormunki, turn the dial to the calibration position as per the on screen instructions and press the calibrate button either on the screen or on the actual ColorMunki itself
  • If you chose the ambient light option, you will be prompted to turn the dial to the ambient light measurement position as per on screen instructions.  Note you will need to place the ColorMunki in front of your monitor and outside of it’s case to get an accurate reading.
  • Click the Measure button, you will be advised your rooms current ‘lux’ level and the luminance colormunki will set your monitor to
  • Click Next
  • If you didn’t choose to measure ambient light, your next step starts here
  • Move the ColorMunki Dial to the measurement position as per on screen instructions and put it back in the colormunki case if you have removed it and click next
  • You will be prompted with a window explaining where to place the ColorMunki.  You will need to now hang your ColorMunki over the monitor and ensure the slider door underneath the ColorMunki is opened.  Also please ensure there is no gap between the colormunki and the screen.  If you there is a gap, your result may be tainted by other colours in the room.
  • Once positioned, click Next.
  • The colormunki will now profile your display starting first with brightness calibration.  You screen will first flash a number of grey’s and then a number of basic colours in order to ascertain it’s brightness.  You will then be prompted to adjust your display’s brightness as close as possible with the screens brightness control.  Click Next, when the onscreen instructions say that you’ve chosen the correct brightness.  If you can’t get your display bright or dark enough, the colormunki will adjust that in software later on.  Click Next.
  • Now your display will calibrate it’s colour.  It’ll take about 5 minutes, after which you’ll be presented with a default Profile name to save as.  My recommendation is you name this as something that is relevant to your profiling conditions, e.g. Dell Monitor Profile Daytime-Bright.  Click Save
  • You’ll see as soon as it’s saved the colour changes.  You might think that it looks horrible at first, but wait until one of the next screens before making that decision.
  • It’s a good idea to reprofile the screen every few weeks, if you like you can tick on the option for ColorMunki to remind you.  Click Next.
  • On the next screen you’ll see a before and After comparison.  This is where you can choose if you like the changes or not.  Look at the skin tones and ask yourself which looks the most natural.  If neither one looks good, repeat the process, (it’s possible something went wrong) and often a second attempt will resolve it.  Click Next and you’re done!
[/vc_tta_section][vc_tta_section title=”Final Word” tab_id=”1483657035357-36e2d8d1-b325e50c-cffe668d-da2c”][vc_custom_heading text=”Final Word”]

I’ve been profiling my display for a few years now and one thing I can say is that whenever I think I don’t need to do it, I discover I actually do.  I ran through a profile during writing this article and realised I hadn’t done it since I moved my office into a new room.  Since the room is very bright I turned on the automatic ambience setting and profiled that way.  The result was that I needed to turn my monitor on about double the brightness.  I also noted at the end, my previous profile (which was a calibrated one) was very pink.  Ironically I didn’t think there would be too much difference in the colour quality since I’d profiled it ‘not that long’ ago.  But I was very clearly wrong.  This shows there is a lot of value in doing this regularly.

As always, I welcome your insights and opinions in the comments section below.



Real WordPress hosting prices, a comparison and their misleading pricing


Real WordPress hosting prices, a comparison and their misleading pricing


In this article, we take our first look at hosting companies. If you’ve ever tried to find a good WordPress hosting company, you’ll know that it can be very confusing.   Not only do you have the quality of brand to consider, you also have a lot of technical jargon, the pricing varies from company to company, and you often find the cost comes out much more than advertised.  This makes comparing hosting companies very difficult.

In part one in the series we’ve gone to every shared hosting company we could find and signed up for a shared WordPress hosting plan to see what we got, compared to what was advertised. You’ll see that in some cases this can be extremely different, especially when it comes to actual price vs advertised price.

False / Misleading Advertising

One of the worst attributes of many of these hosting companies is false advertising.  The claim that you can have something for a price, which you find does not exist.  The most common offense here, is claiming a low monthly price which can only be paid for annually, bi-annually, or tri-annually in some cases (that is to say, to get the ‘monthly’ pricing advertised you may find you need to sign up for three years and pay the whole three years in a single payment up front.  So if it was $3.99 per month you may have to pay $3.99×36=$143.64 up front.

Apples with Apples

Another problem is that the plans do not always match.  Of course, it would be normal to expect some variation, however when things like backups and malware protection on varied, (included in some and an extra cost in others) we feel this is not acceptable.  As such all pricing within the below table has been adjusted to include as close to an apple with apples comparison as we can.

How we normalised the pricing and plans

In this comparison, automated backups, online security, anti-hacking and standard WordPress optimised features are considered mandatory, if these are optional extras on the plan, they have been added and the cost accounted for.  If they come with the plan, then the price will reflect this as it will be lower. If the option was not available at all, the hosting company was removed from the comparison altogether.

With regard to some companies requiring a 36month sign up to get cheaper pricing, all plans are normalised to 12 months and in US dollars.  So if it is more expensive to sign up for 12 months, this will again be reflected in the 12 month price.  We believe signing up for more than 12 months in the technology industry is a mistake anyway.

How to read the comparison table

There are a number of sites that are using a template or franchise style of setup.  You can see this when you go to the signup page and see that the site is identical to another in it’s layout, right down to the pictures of the people on the servicedesk.  We’ve noted this in the notes column by the ‘Franchise’ label.

  • Advertised monthly price – The price advertised by the hosting company
  • Actual monthly price – The actual normalised price per month if you took a monthly payment option.  (Where NA is given, no monthly option is available)
  • Actual Monthly Price (Second Month+) – The actual monthly price you pay after the first month.  (The first month often applies extra discounts and sometimes extra setup fees).
  • Actual Annual Price (First year) – Same idea as ‘Actual monthly price’
  • Actual Annual Price (Second year+) – Sasme idea as Actual monthly price (Second Month+)
  • SSL – Some of this information was not available, we will update it as it comes to hand.
  • Notes – Any information that didn’t warrant an entire column for it.

[alert color=”EBA132″ icon=”fa-align-right” title=”Please note:”]To scroll the table to the right, click on the table and use the right arrow key on your keyboard. Alternatively, you may be able to achieve this by right scrolling with your mouse if it supports it.[/alert]


ProviderWeb Site AddressProductPlanHosting TypeAdvertised Monthly PriceActual Monthly Price (First Month)Actual Monthly Price (Second Month+)Setup Fee for monthly planActual Annual Price (First Year)Actual Annual Price (Second Year+)Free DomainFree EmailSSDCDNStatic IPWebsites AllowedSSL First YearSSL Second YearSSL Pricing PageFeatures PageDisk SpaceBandwidthNotes
Bluehostwww.bluehost.comShared HostingStarterShared3.95N/AN/AN/A119.16137.64YesNoNo5N/AN/AN/Ahttps://www.bluehost.com/hosting-features100GBUnlimited
Bluehostwww.bluehost.comShared HostingPlusShared6.95N/AN/AN/A155.16191.64YesIncludedNoUnlimitedN/AN/AN/Ahttps://www.bluehost.com/hosting-featuresUnlimitedUnlimitedExtras $180
Bluehostwww.bluehost.comShared HostingBusiness ProShared14.95N/AN/AN/A$263.28$323.76YesIncludedYesUnlimitedIncludedhttps://my.bluehost.com/cgi/help/pricehttps://www.bluehost.com/hosting-featuresUnlimitedUnlimited
dot5hostingwww.dot5hosting.comHostingIntro OfferShared5.95N/AN/A$0.00$152.30$200.78YesYesUnknownNoNoUnlimitedTBAUnknownhttps://www.dot5hosting.com/dot5/hosting.bmlUnknownUnknownFranchise
dotsterwww.dotster.comLinux HostingBasicShared3.75N/AN/AN/A$100.95$100.95YesYesNoNoNo1N/AN/AN/Ahttps://www.dotster.com/dotster/hosting/UnlimitedUnlimitedNo Support Included
dotsterwww.dotster.comLinux HostingDeluxeShared6.75N/AN/AN/A$136.95$136.95YesYesNoNoNoUnlimitedN/AN/AN/Ahttps://www.dotster.com/dotster/hosting/UnlimitedUnlimitedNo Support Included
dotsterwww.dotster.comLinux HostingUltraShared13.75N/AN/AN/A$220.95$220.95YesYesNoNoNoUnlimitedN/AN/AN/Ahttps://www.dotster.com/dotster/hosting/UnlimitedUnlimitedPremium Support Included
Dreamhostwww.dreamhost.comShared HostingWeb HostingShared3.95$10.95$119.40YesYesYesNo5.95 per monthUnlimited$15.00Unknownhttps://www.dreamhost.com/hosting/shared/UnlimitedUnlimited9.95 for premium support
ehostwww.ehost.comUnix PlatformThe One PlanShared5.959.959.9519.95174.29210YesYesNoNoNo1N/AN/Ahttps://www.ehost.com/product/ssl_certificate.bmlhttp://www.ehost.com/product/onePlan.bmlUnlimitedUnlimitedFranchise
entryhostwww.entryhost.comSame as ehostSame as ehostSame as ehost5.95Same as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostSame as ehostFranchise
Fastcometwww.fastcomet.comWeb HostingSingle WebsiteShared2.952.953.9519.9547.447.4YesYesYesYesNo1N/AN/AN/Ahttp://www.fastcomet.com/compare-shared-package35GB (SSD)UnlimitedOne of the few sites that doesn't require paying for extras to get basics like backups and protection which is reflected quite clearly in the price.
Fastcometwww.fastcomet.comWeb HostingMultiple WebsitesShared5.955.955.9519.9571.471.4YesYesYesYesNoUnlimitedN/AN/AN/Ahttp://www.fastcomet.com/compare-shared-package55GB (SSD)UnlimitedOne of the few sites that doesn't require paying for extras to get basics like backups and protection which is reflected quite clearly in the price.
Fastcometwww.fastcomet.comWeb HostingE-CommerceShared6.956.956.9519.9583.483.4YesYesYesYesYesUnlimitedIncludedUnknownhttp://www.fastcomet.com/compare-ssl-certificateshttp://www.fastcomet.com/compare-shared-packageUnlimited (SSD)UnlimitedOne of the few sites that doesn't require paying for extras to get basics like backups and protection which is reflected quite clearly in the price.
fatcowwww.fatcow.comWordpress BlogWP StarterShared3.75$9.49$15.23$113.90$182.78YesYesNoNoNo1UnknownUnknownhttp://www.fatcow.com/product/ssl_certificate.bmlhttp://www.fatcow.com/wordpress-hosting/UnlimitedUnlimitedFranchise
fatcowwww.fatcow.comWordpress BlogWP EssentialShared6.95$12.69$18.23$152.30$218.78YesYesYesNoNo1UnknownUnknownhttp://www.fatcow.com/product/ssl_certificate.bmlhttp://www.fatcow.com/wordpress-hosting/Unlimited (SSD)UnlimitedFranchise
godaddywww.godaddy.comWordpress Site/BlogBasicShared3.993.99$6.99$0.00$47.88$83.88Yes1 Year Office 365YesNoNo1N/AN/AN/Ahttps://www.godaddy.com/hosting/wordpress-hosting.aspx10GB (SSD)UnlimitedAdvertises honestly – upfront with pricing, ironically the pricing was appeared more expensive and I did not choose this based on that, yet they're the most honest, Managed Solution
godaddywww.godaddy.comWordpress Site/BlogDeluxeShared5.995.99$8.99$0.00$71.88$107.88Yes1 Year Office 365YesNoNo1N/AN/AN/Ahttps://www.godaddy.com/hosting/wordpress-hosting.aspx15GB (SSD)UnlimitedAdvertises honestly – upfront with pricing, ironically the pricing was appeared more expensive and I did not choose this based on that, yet they're the most honest, Managed Solution, One Click Staging
godaddywww.godaddy.comWordpress Site/BlogUltimateShared8.99$8.99$14.99$0.00$107.88$179.88Yes1 Year Office 365YesNoYes2Included$69.99https://www.godaddy.com/ssl/ssl-certificates.aspx?countryview=1https://www.godaddy.com/hosting/wordpress-hosting.aspx30GB (SSD)UnlimitedAdvertises honestly – upfront with pricing, ironically the pricing was appeared more expensive and I did not choose this based on that, yet they're the most honest, Managed Solution, One Click Staging
godaddywww.godaddy.comWordpress Site/BlogDeveloperShared14.99$14.99$24.99$0.00$179.88$299.88Yes1 Year Office 365YesNoYes5Included$69.99https://www.godaddy.com/ssl/ssl-certificates.aspx?countryview=1https://www.godaddy.com/hosting/wordpress-hosting.aspx50GB (SSD)UnlimitedAdvertises honestly – upfront with pricing, ironically the pricing was appeared more expensive and I did not choose this based on that, yet they're the most honest, Managed Solution, One Click Staging
Host Gatorwww.hostgator.comUnlimited Web HostingHatchling PlanShared5.56$7.16$8.9566.7283.4NoYesUnknownNot Free1$20.04UnknownOnly available at signuphttps://www.godaddy.com/hosting/wordpress-hosting.aspxUnlimitedUnlimited
Host Gatorwww.hostgator.comUnlimited Web HostingBaby PlanShared7.96$7.96$9.95$95.52$119.40NoYesUnknown$2 Per MonthUnlimited$20.04UnknownOnly available at signuphttps://www.hostgator.com/sharedUnlimitedUnlimited
Host Gatorwww.hostgator.comUnlimited Web HostingBusiness PlanShared11.96$11.96$14.95$143.52$179.40NoYesUnknownFreeUnlimitedIncludedUnknownOnly available at signuphttps://www.hostgator.com/sharedUnlimitedUnlimited
hostmonsterwww.hostmonster.comHostingBusiness ProShared14.49N/AN/AN/A$173.88$239.40YesYesNoNoYesUnlimitedIncludedUnknownN/Ahttps://www.hostmonster.com/hosting-featuresUnlimitedUnlimited
hubwww.webhostinghub.comN/ASparkShared1.95N/AN/AN/A$71.88UnknownNoYesNoNoNo2N/AN/AN/Ahttp://www.webhostinghub.com/web-hosting-featuresUnlimitedUnlimitedDoesn't have option for site protection, Domain Registration wasn't free – need to check this for all sites.
hubwww.webhostinghub.comN/ANitroShared6.99N/AN/AN/A$119.88UnknownNoYesNoNoNoUnlimitedN/AN/AN/Ahttp://www.webhostinghub.com/web-hosting-featuresUnlimitedUnlimitedDoesn't have option for site protection, Domain Registration wasn't free – need to check this for all sites.
hubwww.webhostinghub.comN/ADynamoShared10.99N/AN/AN/A$167.88UnknownNoYesNoNoYesUnlimitedIncludedUnknownN/Ahttp://www.webhostinghub.com/web-hosting-featuresUnlimitedUnlimitedDoesn't have option for site protection, Domain Registration wasn't free – need to check this for all sites.
inmotionwww.inmotionhosting.comBusiness HostingLaunchShared5.99N/AN/AN/A$83.88$107.88YesYesYesNoNo2N/AN/AN/Ahttp://www.inmotionhosting.com/business-hostingUnlimitedUnlimited
inmotionwww.inmotionhosting.comBusiness HostingPowerShared7.99N/AN/AN/A$107.88$131.88YesYesYesNoNo6N/AN/AN/Ahttp://www.inmotionhosting.com/business-hostingUnlimitedUnlimited
inmotionwww.inmotionhosting.comBusiness HostingProShared13.99$17.99$19.99$40.00$177.87$201.87YesYesYesNoNoUnlimitedN/AN/AN/Ahttp://www.inmotionhosting.com/business-hostingUnlimitedUnlimitedNo Free domain on monthly plan
iPagewww.ipage.comWordpress HostingWP StarterShared3.75$72.65$3.75$0.00$113.90$182.78YesYesYesNoNoUnlimitedN/AN/AN/Ahttps://www.ipage.com/hosting-featuresUnlimitedUnlimitedFranchise
iPagewww.ipage.comWordPress HostingWP EssentialShared6.95$6.95$12.49$0.00$83.40$149.88YesYesYesNoNoUnlimitedN/AN/AN/Ahttps://www.ipage.com/hosting-featuresUnlimitedUnlimitedFranchise
ipowerwww.ipower.comDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageDuplicate of iPageFranchise
justhost.comwww.justhost.comWeb HostingStarterShared2.95$48.45$5.99$0.00$107.16$119.64YesYesNoNoNo1N/AN/Ahttps://my.justhost.com/hosting/help/pricehttp://www.justhost.com/hosting-features100GBUnlimitedThree different prices exist for the same product in the same instance, pricing highly likely to be incorrect
justhost.comwww.justhost.comWeb HostingPlusShared4.95$49.85$14.99$0.00$83.40$119.88YesYesNoYesNoUnlimitedN/AN/Ahttps://my.justhost.com/hosting/help/pricehttp://www.justhost.com/hosting-featuresUnlimitedUnlimitedThree different prices exist for the same product in the same instance, pricing highly likely to be incorrect
justhost.comwww.justhost.comWeb HostingBusiness ProShared9.95$53.87$31.98$0.00$203.28$383.76YesYesNoYesYesUnlimitedIncludedUnknownhttps://my.justhost.com/hosting/help/pricehttp://www.justhost.com/hosting-featuresUnlimitedUnlimitedThree different prices exist for the same product in the same instance, pricing highly likely to be incorrect
netfirmswww.netfirms.comWeb HostingAdvantageShared8.99N/AN/AN/A$188.30Unknown2YesNoNoNoUnlimitedN/AN/AN/Ahttps://www.netfirms.com/netfirms/web-hosting/Renewal pricing inconsistent so left out
netfirmswww.netfirms.comWeb HostingPlusShared4.45N/AN/AN/A$128.30Unknown1YesNoNoNoUnlimitedUnknownN/AN/Ahttps://www.netfirms.com/netfirms/web-hosting/Renewal pricing inconsistent so left out
netfirmswww.netfirms.comWeb HostingBusinessShared12.99N/AN/AN/A$248.30Unknown5YesNoNoYesUnlimitedIncludedUnknownUnknownhttps://www.netfirms.com/netfirms/web-hosting/Renewal pricing inconsistent so left out
Network Solutionswww.networksolutions.comWordpress Blog Hosting1 YearShared3.85N/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/Ahttp://www.networksolutions.com/web-hosting/wordpress/index.jsp50GB500GBDoesn't meet minimum requirements
purehostwww.purehost.comWeb HostingPureBusiness HostingSharedN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/AN/Ahttp://www.purehost.com/purehost/hosting.bmlDoesn' meet minimum requirements
Sitegroundwww.siteground.comWeb HostingStartupShared3.95$54.90Unknown$14.95$83.40UnknownYesYesNoIncluded (Non SSL Only)No1N/AN/AN/Ahttps://www.siteground.com/web-hosting.htm10GBUnlimitedSupercacher
Sitegroundwww.siteground.comWeb HostingGrowBigShared7.95$44.90Unknown$24.95$107.40UnknownYesNoNoIncluded (Non SSL Only)YesUnlimitedIncludedUnknownhttps://www.siteground.com/ssl_certificates.htmhttps://www.siteground.com/web-hosting.htm20GBUnlimitedSupercacher
Sitegroundwww.siteground.comWeb HostingGoGeekShared14.95$51.90Unknown$24.95$191.40UnknownYesNoYesIncluded (Non SSL Only)YesUnlimitedIncludedUnknownhttps://www.siteground.com/ssl_certificates.htmhttps://www.siteground.com/web-hosting.htm30GBUnlimitedSupercacher, One Click Staging

Final Word

So there you have it, a lot of work went into this and there are likely to be errors, if you find one, or have a correction to make, please include your insights and opinions in the comments below.


Howto: Setup VMWare-tools on Sabayon Linux Guest

[vc_tta_tabs active_section=”1″ pagination_style=”outline-square”][vc_tta_section title=”Summary” tab_id=”1483657727692-588765df-8139e50c-cffe60ab-0c6f”][vc_custom_heading text=”Problem / Outcome Summary”]
  • VMWare-tools won’t install properly (or at all) on Sabayon Linux by default
  • VMWare says ‘VMWare Tools is not available for this guest’
  • This article will show you how to get around this problem and have a fully functioning set of VMWare-Tools including copy / paste, screen resizing and other sharing functionality.

Why might I want to do this?

  • To enable copy / paste between the guest and host within VMWare
  • To enable automatic screen sizing and resolution adjustments within the VMWare client
  • Improve movement of the mouse in the guest
  • Make the sound work properly in the guest
  • Improve the colour depth of the guest
  • Synchronise the time between the guest and the host
[/vc_tta_section][vc_tta_section title=”Foreword” tab_id=”1483656936153-fec58c10-e606e50c-cffe60ab-0c6f”][vc_custom_heading text=”Foreword”]

VMWare tools are a small set of drivers and enhancements that are installed in the ‘guest’ OS.  This then enables the guest to communicate more efficiently with the host OS and it’s hardware.

Additional resources

The official VMWare tools information can be found here.

[/vc_tta_section][vc_tta_section title=”Pre-Requisites” tab_id=”1483656936239-1facad3b-9216e50c-cffe60ab-0c6f”][vc_custom_heading text=”Pre-Requisites”]

Software Dependencies

  • A running VMWare host
  • An active VMWare guest with Sabayon Linux
  • A copy of VMWare tools for linux guests

Hardware Dependencies

  • None

Tools Required

  • None

Other Dependencies

  • A working internet connection
[/vc_tta_section][vc_tta_section title=”Summary Steps” tab_id=”1483657008528-9fc62da7-5742e50c-cffe60ab-0c6f”][vc_custom_heading text=”High Level Summary Steps”]

The below lists the high level summary of steps we’re about to take during this howto.

  • Get a copy of the VMWare tools linux drivers from your host
  • Install the pre-requisites for installation
  • Install and configure the VMWare tools script
  • Reboot Sabayon Linux
[/vc_tta_section][vc_tta_section title=”Implementation” tab_id=”1483657023013-0e8f9bfb-cd0fe50c-cffe60ab-0c6f”][vc_custom_heading text=”Implementation”]

Get a copy of the VMWare tools linux drivers from your host

  1. Get this

Install the pre-requisites for installation

  1. Ensure your Sabayon linux is up-to-date
  2. Open a console
  3. Become root (su / password)
  4. Enter the following commands
    1. equo install sabayon-sources gcc  binutils (Installs kernel headers, gcc and binutils)
  5. Create the missing rc directories (enter each command as one whole line)
    1. cd /etc/
    2. mkdir rc0.d rc1.d rc2.d rc3.d rc4.d rc5.d rc6.d

Install and configure the VMWare-Tools script

  1. Copy the VMWare-Tools file you obtained earlier to a directory of your choice
  2. Open a Console
  3. Extract and run the VMWare-Tools file
    1. tar -xvf <vmwaretoolsfile>
    2. cd vmware-tools-distrib
    3. ./vmware-install.pl
    4. Accept all defaults and click yes to create directories as requested
    5. If you get errors regarding vmhgfs modules you can ignore them.

Reboot your system

Now restart your system and VMWare-Tools is now installed and working.

  1. Shutdown -r now

That’s it, all done!

[/vc_tta_section][vc_tta_section title=”Final Word” tab_id=”1483657035357-36e2d8d1-b325e50c-cffe60ab-0c6f”][vc_custom_heading text=”Final Word”]

At time of writing the Sabayon version used was 15.05, this would likely apply to future and previous versions though.

As always, I welcome your insights and opinions in the comments section below.



Howto: Amazon CloudFront CDN with SSL

[vc_tta_tabs active_section=”1″ pagination_style=”outline-square”][vc_tta_section title=”Summary” tab_id=”1483657727692-588765df-8139e50c-cffe1903-e853″][vc_custom_heading text=”Problem / Outcome Summary”]
  • This article will enable you to speed up your website / blog by offloading the loading of images to a dedicated content delivery network (Amazon CloudFront CDN) with SSL, (SSL is optional).
  • Please see the summary overview tab below for a high level view of the objectives this ‘howto’ will achieve.

Why might I want to do this?

  • To reduce the amount of traffic being sent to / from your web site, blog site, web host, or web server.
  • To help increase your search ranking in Google.
  • To speed up the performance of your site when someone views it.
  • To help mitigate against server failure or performance issues should your site or server be hit with an unexpected amount of traffic e.g. an article goes ‘viral’.
  • To help reduce the load on a ‘shared hosting’ site
[/vc_tta_section][vc_tta_section title=”Foreword” tab_id=”1483656936153-fec58c10-e606e50c-cffe1903-e853″][vc_custom_heading text=”Foreword”]

To be clear, how does a CDN work?

Simply put, a CDN network hosts the static files such as images on the CDN systems instead of on your hosts systems so that your host has more capacity to focus on other things. This is especially useful for cheaper hosting plans.

How does this work technically?

A CDN consists of multiple web servers strategically placed around the world, which can then be ‘closer’ to the person viewing your site. When the person viewing your site goes to a page which has CDN hosted content, the CDN knows where the closest (and therefore fastest) server is compared to that person and delivers your static content from that CDN location instead of your host or site.

How does the CDN get the content from my server?

There are a number of ways to do this depending on what kind of software you’re running and what you’re trying to achieve. But in essence, the links on your blog need to have the URL’s updated to reflect the hostname of the CDN. If you’re using a content management system such as WordPress, this can be done automatically using a plugin such as W3 total cache. It simply re-writes the image locations to point to the CDN instead of your server. In the wordpress case, the process is reversable by simply uninstalling the plugin or rewriting the links to point back to the original location again, but really you’re unlikely to want to do this.

Why did you choose to write this article about Amazon Cloudfront instead of another hosting provider?

Amazon has grown a reputation as being extremely reliable, I’m not talking about reliable for small businesses, I’m talking enterprise grade reliability that Amazon have actually built from the ground up using specialised hardware and software designed and written by Amazon and key partners specifically for the purpose of serving reliable cost effective hosting.  This makes Amazon the fastest, most reliable service available with more points of presence, more redundancy not to mention an incredible pricing structure You don’t have to sign up to $200 or even $50 dollars a month and in fact provided you use less than 50GB of traffic or 2 million requests per month, you’re not likely to pay a cent for the first year. I believe this makes it the most compelling CDN on the market today and it’s why people like Netflix, Airbnb and many others serious about performance and reliability are using Amazon.

What isn’t a CDN?

    • It is not a proxy or reverse proxy
    • It does not host your entire site, only the static bits
    • It will not keep your site up if your server goes down (for that you can look at CloudFlare along with CloudFront).

Additional resources

A really nice touch is you can download the manual for CloudFront directly to your kindle if you have one by going to the page here. You’ll note there’s also a PDF and an online version.

[/vc_tta_section][vc_tta_section title=”Pre-Requisites” tab_id=”1483656936239-1facad3b-9216e50c-cffe1903-e853″][vc_custom_heading text=”Pre-Requisites”]

Software Dependencies

  • An Amazon account (free)
  • A web site that hosts content
  • WordPress (can be adapted)

Hardware Dependencies

  • None

Tools Required

  • A recent web browser such as Firefox, Safari or Chrome

Other Dependencies

  • A working internet connection
  • An active Amazon account
[/vc_tta_section][vc_tta_section title=”Summary Steps” tab_id=”1483657008528-9fc62da7-5742e50c-cffe1903-e853″][vc_custom_heading text=”High Level Summary Steps”]

The below lists the high level summary of steps we’re about to take during this howto.

  • Install the W3 Total Cache Plugin
  • Create a new account for Amazon CloudFront (you don’t want to use your root account for this)
  • Set up CloudFront (via W3 Total Cache)
  • Configure AWS for SSL
  • Refresh Hosting System
[/vc_tta_section][vc_tta_section title=”Implementation” tab_id=”1483657023013-0e8f9bfb-cd0fe50c-cffe1903-e853″][vc_custom_heading text=”Implementation”]

Install the W3 Total Cache Plugin

  1. Log in to the wordpress admin by navigating to your wordpress site and appending /wp-admin to the URL.
  2. Click the Plugins menu on the left side of the wordpress admin panel
  3. Click the Add New button at the top left of the plugins screen
  4. In the ‘Search Plugins’ dialog box, enter ‘W3’ and press enter
  5. Click on the ‘Install Now’ button under the W3 Total Cache plugin that comes up
  6. Click the ‘Activate Plugin’ link on the following page that comes up.
    1. The plugin should now be installed and enabled (but not actually active – even though WordPress says it is active).
  7. Click on the General Settings Page and scroll down to CDN. Leave this disabled, but click on CDN Type of Amazon CloudFront and click Save all Settings

Create a new account for amazon cloudfront (you don’t want to use your root account for this)

  1.  Sign into your AWS account console (outside scope of this exercise, but you can create one at https://aws.amazon.com)
  2. Choose the Identity & Access Management Service under the Administration & Security Section
  3. Click ‘Users’ on the left
  4. Click ‘Create New Users’
  5. Enter the User name you would like to add for your new cloudfront only account
  6. Click Create at the bottom right of the screen
  7. Click Show User Security Credentials on the next screen that comes up
  8. Copy and paste the Access Key ID and the Secret Access Key ID into the same field names in W3 Total Cache in WordPress
  9. Click Close at the bottom of the Amazon page
  10. Click Policies on the left of the Amazon AWS screen
  11. In the search box at the top, start typing ‘cloudfront’ without the quotes
  12. Click the checkbox next to CloudFrontFullAccess
  13. Click the Policy Actions drop down box and choose attach
  14. Click the checkbox next to the name of the account you just created and click Attach Policy at the bottom of the screen.

Set Up Cloudfront (via W3 Total Cache)

  1. Click on the new WordPress admin menu on the left hand side entitled, ‘Performance’ (You will note that there are many other settings, this guide does not go over those only the CDN part).
  2. Click the CDN menu on the left hand side.
  3. Scroll down to the configuration section, under which the first line has a blue link entitled, ‘IAM’ – In the configuration section you should now have your previously entered Access key ID, your Secret key AND these would have come from an account you created with limited Amazon permissions.
  4. Click the ‘Create Distribution button’ – if you set up your Amazon account correctly you should now be met with a prompt saying ‘Distribution Created Successfully’

You’ll note there’s still an empty box in the ‘Replace site’s hostname with:’ section. To get the hostname for this do the following:

  1. Go back to Amazon Web Services and choose the CloudFront service under the storage and content delivery or alternatively try this link: # https://console.aws.amazon.com/cloudfront/home?region=eu-central-1
  2. On the page that comes up you will see the distribution you just created.
  3. Click the blue link in the ID column which will be represented by various numbers and letters
  4. Note the Domain Name on the General Page and copy this into the blank section on your WordPress W3 Total Cache plugin.
  5. You will also note in the Amazon Web Service page that the status column reads ‘In Progress’ This will change to ‘Deployed’ when complete. How long this takes depends on how many images and static content you have in your web site as essentially this is copying your content to CDN servers around the globe.
  6. Back in the W3 Total Cache plugin, on the CDN page, go ahead and ensure all the tick boxes are on that can be except for ‘Add cananonical header’ – you shouldn’t need that.
  7. Go back to the Performance / General Settings Page and click enable in the CDN section.

Configure AWS for SSL

  1. If you’re wondering how this all works with SSL, there’s one radio button that you need to change to work with your SSL site.
  2. In the AWS Cloudfront Distributions page, click the blue link in the ID column and then on the Origins Tab.
  3. Under the origins tab click the tick box next to your domain name, then click edit.
  4. Change the Origin Protocol Policy to ‘Match Viewer’.
  5. Then click the ‘Yes, Edit’ button

Refresh Hosting System

One last step is to purge your caches. You would need to purge any caches from any performance tools that your hosting provider has first, then after that purge the cache from the CDN section or at the top of the W3 Total Cache plugin page.

That’s it, all done!

[/vc_tta_section][vc_tta_section title=”Final Word” tab_id=”1483657035357-36e2d8d1-b325e50c-cffe1903-e853″][vc_custom_heading text=”Final Word”]

As at time of writing, this blog is hosted using this method. If you click on an image and copy it’s locationyou should see it’s hosted at cloudfront.net. In this way, this site can currently use a much cheaper hosting plan than it otherwise could.

As always, I welcome your insights and opinions in the comments section below.



Howto: Apply SSL Certificate to QNAP NAS Server

[vc_tta_tabs active_section=”1″ pagination_style=”outline-square”][vc_tta_section title=”Summary” tab_id=”1483657727692-588765df-8139e50c-cffe9e81-43b1″][vc_custom_heading text=”Problem / Outcome Summary”]
  • This article will enable you to communicate securely with your QNAP NAS server over the secure sockets layer protocol by utilising a purchased SSL Certificate.
  • Please see the ‘Summary Overview’ tab below for a high level view of the objectives this ‘howto’ will achieve.

Why might I want to do this?

  • To stop traffic from being read or copied by unknown parties on the internet.
  • To help increase your search engine ranking with google.
  • Because you don’t want to see the message SSL Certificate Not Trusted
  • Because you don’t want to see the message SSL Certificate Error
[/vc_tta_section][vc_tta_section title=”Foreword” tab_id=”1483656936153-fec58c10-e606e50c-cffe9e81-43b1″][vc_custom_heading text=”Foreword”]

To be clear, what does an SSL certificate do?

Simply put, an SSL (Secure Sockets Layer) certificate automates the process of verifying the encrypted information traveling between your web site and the web browser / application of the person viewing or using it.  In the QNAP example, this could be a web site hosted on the NAS or between the QNAP NAS applications – (both apply in this howto).

You want to automate this process if you have a public facing web site that you wish to utilise SSL, or if you have many users that will connect to the NAS from the internet.  Do note however, that a certificate is not necessary to do the actual encryption of your traffic, however, without a paid certificate, each user will either have to accept a security warning prompt upon initial setup or upon visiting your web site, or alternatively manually add a certificate that you provide in the form of a file.  For this reason, it is usually much easier to use a paid certificate authority.

A word about security

Without a doubt, SSL is a very secure protocol employing 2048 bit encryption (optional 4096 bit) which is the only real security solution for web sites existing today. Until very recently, SSL had not been compromised. Through recent events brought to light from the Edward Snowden leaks, it turned out that the NSA had indeed compromised SSL. It is not yet known how this happened, except that it was very suspicious that a National Security Agency employee was co-chairing the very influential cryptography panel that creates these standards for the internet engineering task force (IETF). Keeping to topic, no encryption standard (be it DVD, Blu Ray, Sky TV, the Enigma code or SSL) has remained unbreakable forever and this is a natural part of the encryption lifecycle.  SSL was developed in 1993 with the first publicly secure protocol available in 1996, so it’s a testament to the protocol to still be in use today.

Please note: If you’re using the web site for your own private uses, it is obvious that it can actually be more secure using the above mentioned, self signed certificate since there is no certificate authority knowing part of your SSL key. This was finally acknowledged during the Edward Snowden leaks and is known to be part of the way the NSA were able to break SSL. Obviously, this would be no good for an ecommerce site as your customers would be presented with a warning that you’re an untrusted web site and are unlikely to hand over their money.

Do you REALLY want to self host your own web site?

Ultimately, this web site and other things I’m working on have now been moved away from the QNAP NAS server for various reasons, including that the development team at QNAP simply don’t update their code enough for me to consider it really safe and secure. Other challenges with a self hosted site you might like to consider include: automating your own backup plan, redundancy of hardware in a failure, redundancy of internet connection, fail over during failure (DR), how much effort you put into your rebuild procedures (known as as-builts) and what that might mean for down time to your customers.

There isn’t much capability for BCP (Business Continuity Plan) with a public facing web site other than the above precautions, so before you go rushing off thinking a locally hosted web site is for you, consider how hard it may be to get things up and running again and how much down time for your customers that may end up resulting in, if you can’t bring your site up quickly. In my case with a fairly decent knowledge of IT, I could still find an outage causes days of downtime.  For example: if an outage happens while I’m at my day job, it could be 8 hours before I could even start resolution steps and could require a very long night to complete.  If it were failed hardware, it may even be unavailable for weeks while replacement parts arrive from overseas agents.  And these cases are if you’re good at what you do, or lucky.  In reality, things may take much longer and cost you much more money than a good hosting plan.

A word about hosting

These days you can get some pretty sweet deals on web site hosting that take much of the pain away for you.  One I’ve recently discovered is Site5. US$4.95 per month get’s you Apache, mysql, unlimited disk space and unlimited traffic. I doubt that will be easy to beat.  That said, there seem to be dozens of these shared infrastructure sites now available if you’re prepared to search.   Have a look around and consider your options carefully.  See our review of the ‘real’ price these hosting companies charge here.

SSL Certificate types

Something else to know about before you start is there are most definitely a number of different grades of SSL certificates available. On top of that there are differing brands of SSL certificates that each have their own types and certain brands may be trusted more than others.  I won’t go into brands here, but when you sign up at a certificate authority, they should explain all this to you, so choose carefully for your use type.

The two things you need to know when choosing a certificate type are:

  1. What host or hosts (signified by domain names) will I need to protect?
  2. What kind of validation will I require?

So for point 1, will you be securing www.yourdomain.com, host1.yourdomain.com, mail.yourdomain.com etc, or just one of those?

For point 2, you can choose a higher grade of validation where the certificate authority will phone around and confirm that you are legitimate. It takes up to several weeks in some cases but apart from being the most expensive, this type will present a ‘green seal’ of approval in your customers browser which stands out like a sore thumb (in a positive way).  It has quickly become the golden standard associated with secure browsing.

You can see at the below link, a list of different SSL types from Ssl’s.com which turns out to offer some of the most value in terms of SSL certs on the web. For a single host as low as $4.99 per year. Yes you read that right.


[/vc_tta_section][vc_tta_section title=”Pre-Requisites” tab_id=”1483656936239-1facad3b-9216e50c-cffe9e81-43b1″][vc_custom_heading text=”Pre-Requisites”]

Software Dependencies

  • SSL Certificate
  • A fixed IP address or Dynamic DNS

Hardware Dependencies

  • QNAP NAS Server
  • An internet Modem / Router capable of performing

Tools Required

  • SSH access
  • A recent web browser

Other Dependencies

  • A working internet connection
[/vc_tta_section][vc_tta_section title=”Summary Steps” tab_id=”1483657008528-9fc62da7-5742e50c-cffe9e81-43b1″][vc_custom_heading text=”High Level Summary Steps”]

The below lists the high level summary of steps we’re about to take during this howto.

  • Create a CSR (Certificate Signing Request)
  • Upload the certificate code to SSL provider
  • Apply the certificate to the QNAP NAS Server
  • Configure the QNAP ports so the the certificate and system admin work together
  • Configure the QNAP virtual hosts section
[/vc_tta_section][vc_tta_section title=”Implementation” tab_id=”1483657023013-0e8f9bfb-cd0fe50c-cffe9e81-43b1″][vc_custom_heading text=”Implementation”]

Purchase your certificate

Step 1a – Create your CSR (Certificate Signing Request)

This will generate a code from your NAS server that can be used to ‘unlock’ the partner code from the certificate authority.

Essentially what this does, is create a private key (private as in only your web site knows about it) and a matching CSR that you upload to your SSL provider, which in turn then allocates you a public key and an intermediate key. We’ll be doing this via SSLs.com, but this should map to any chosen provider.https://support.comodo.com/index.php?/Knowledgebase/Article/View/1/19/csr-generation-using-openssl-apache-wmod_ssl-nginx-os-x

  1. Log in to an ssh terminal on your QNAP nas as admin.
  2. Create a new easily accessible directory somewhere on your NAS and call is SSL if you like.
  3. While in that directory, enter the following command: openssl req -nodes -newkey rsa:2048 -keyout your_domain_com.key -out your_domain_com.csr

You will be presented with a bunch of questions which can be a little tricky to understand at first, so we’ll summarise them here.

Country Name (2 letter code) [AU]: NZ
State or Province Name (full name) [Some-State]: NorthIsland
Locality Name (eg, city) []: Auckland
Organization Name (eg, company) [Internet Widgits Pty Ltd]: YourCompany or WebSite Name
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []: hostmaster@yourdomain
Also a challenge password is normally chosen which you will need to write down somewhere.  I'm told this isn't actually needed for web sites, but I do it anyway.

**Remember the above command MUST be run in a session on the NAS, do not get confused if you have a Mac and run it locally on your Mac. It is OK to connect to the ssh terminal on your NAS via the mac though. So you’re going to need to do something like: ssh admin@yournasIP and then enter in your admin password first. If you have windows, you’ll need to download Putty and do it in there.

OK so at this point you have your generated csr and private key in your chosen directory, well done!

Step 1b – Upload to SSL’s.com

This uploads the codes you just generated to your SSL certificate provider

What I do here in Mac is type ‘cat mydomain.csr’ in windows you will need to use a text viewer or something. Copy and paste that with your mouse and upload it to your SSL page for the certificate you just purchased.

SSL’s will ask you for some additional information such as what email address you want it sent to and then you wait for it to arrive.

When the email arrives you will get similar to the following files in a zip file.

Attached to this email you should find a .zip file containing:

  • Root CA Certificate – AddTrustExternalCARoot.crt
  • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate – yourdomain_com.crt

Step 1c – Apply your certificate files to the QNAP

Using the same copy and paste method above (using cat or a similar text viewer) copy these to the NAS. You’ll want to paste them into the Security section, Certificate & Private Key tab as per the table below

COMODORSAAddTrustCA.crt goes into Intermediate Certificate Section

yourdomain_com.crt goes into Certificate Section

and the private key you generated earlier goes into the Private Key section.

That’s it! Well sort of – there are some other general items you need to be aware of before it will actually work.

Make it work with your system

Step 2a – Configure your NAS’s ports

There is actually likely to be a port conflict between your new web site and the admin page of the NAS. To get around this, you need to change the port your admin page uses.

Go to General Settings, System Administration

Change System port to 8080 and if you’re using SSL for the admin page, change that to 8081.

**Note, after this change you will need to do a few more things. Each time you access your admin page you will need to put :8080 or :8081 after your browser URL. So e.g. https://younasIPordomain:8081

In addition, if you use any of the QNAP phone apps, these will also have to have this port manually specified in the app.

If you use any of these apps over the internet, you will also now have to forward these ports in your router’s NAT to your NAS server or they won’t work.

OK, now that’s done, go to applications Web Server.

Ensure that your web server is set to use port 80 (even though you’ve done SSL, there are times when you need good old port 80 open. You don’t have to, it’s your choice.

Here, ensure the HTTPS port is set to 443. Obviously your router has to be set up to forward this too.

Step 2b – Configure your NAS’s Virtual Hosts

If you’re using virtual hosts, this is very simple, the format is:

Host Name: your domain name e.g. www.yourdomain.com

Folder Name: the folder where your entire web site is

Protocol: the HTTP or HTTPS protocol you’re setting up

Port: 80 if you chose HTTP above, or 443 if you chose HTTPS above.

[/vc_tta_section][vc_tta_section title=”Final Word” tab_id=”1483657035357-36e2d8d1-b325e50c-cffe9e81-43b1″][vc_custom_heading text=”Final Word”]

I successfully had all this working with SSL and a virtual host as a wordpress blog on my QNAP, it has now however been moved to a hosting company as I needed something better.

One thing I noticed was on my first attempt the QNAP had a glitch and for some reason broke access to all my hosted web sites. What I found was that the QNAP had simply disabled the virtual hosts and in addition reset the port changes described above back to their defaults. If this happens, you can go back through this guide and double check the steps from 2a. Once I put it all back again I was up and running as per normal.

As always, I welcome your insights and opinions in the comments section below.

**Hosting a web site?  Why not apply and follow our article on how to speed it up with a CDN here!



Howto: Fortinet Port Forwarding


**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.

There are different ways to set up Fortinet port forwarding, (using a DMZ for example), this article covers off the most basic example and can be applied to a DMZ setup later.

  1. Create a VIP first
  2. Go to firewall objects tab, virtual IP / Virtual IP
  3. Click create new
  4. Name: <Name of server you’re forwarding to>
  5. External Interface <Your external interface (in my case Chorus UFB)
  6. Type Static NAT
  7. External IP / Address Range: The IP address of your WAN supplied by your ISP (In both boxes if you only have one IP)
  8. Mapped IP / Address Range: The internal address of the server you’re forwarding to in the first box (the second box should auto populate).
  9. Port Forwarding: Leave unticked
  10. Second create a policy in your firewall
  11. On the policy tab, choose policy / policy
  12. Click Create New
  13. Source Interface / Zone (Your WAN connection) in my case Chorus UFB
  14. Source Address All
  15. Destination Address: <The Name you just gave your VIP connection>
  16. Schedule Always
  17. Service: Any single or multiple service that you wish to be forwarded to this IP address internally.
  18. You must enable NAT (although fortinet says you shouldn’t but I can’t get it to work otherwise).
  19. Do enable any logs, utm, shaping etc as you wish. (suggest a specific UTM profile for the specific ports that are opened in order to improve performance i.e. protect web, protect ssh etc.s

From the fortinet support page:

Test destination NAT by browsing to from the Internet. The session passes through the FortiGate unit to the web server which sends a response. Use the following packet sniffer command to see the results.

diagnose sniffer packet any ‘port 80’ 4 4


filters=[port 80]

6.150356 wan1 in -> syn 15893888

6.150637 internal out -> syn 15893888

6.150803 internal in -> syn 553485227 ack 15893889

6.150974 wan1 out -> syn 553485227 ack 15893889

The first output line shows a packet from a client device with IP address was received by the wan1 interface with destination address and destination port 80.

The second output line shows that when the packet exits the internal interface the destination address is changed to and the destination port is still 80.

The third output line shows the response from the web server.

The fourth output line shows the response from the web server being returned to the client device. The source address has been changed back to

In this example, the source port is not changed.

Go to Policy > Policy > Policy and check the Count column for the security policy you added to verify that it is processing traffic.

Go to Policy > Monitor > Session Monitor to view the sessions being processed by the FortiGate unit. You can also see results by going to Policy > Monitor > Policy Monitor to view a graph of active sessions for each policy. Since there is only one policy, that graph contains only one entry. You can select the bar graph for the policy to view the top sessions by source address, destination address, or destination port/service.

The Top Sessions dashboard widget presents another view of sessions that you can also drill down into to get more info about current sessions. Other dashboard widgets display session history, traffic history, and per-IP bandwidth usage.

Howto: Fortinet NZ Fibre UFB


How to configure an NZ Fibre UFB Connection on a Fortinet Firewall Appliance

**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.**

There has been quite a few misleading pieces of info floating around the various ISP’s in NZ about what you can or can’t do relating to connecting your own ‘modem’ to the New Zelaand Chorus Fibre Broadband network, sometimes referred to as UFB.

This article aims to clear some of these up by way of example, but there are a few basics to clear up first.

  1. Chorus install and provide the physical NZ fibre UFB (in 99% of cases this will be the only way you’ll get it) NOT your ISP.  Your ISP connects to the fibre via the internet, and can request the provisioning of that fibre (if you’re like most people and didn’t have it already).  That is why this article is about connecting to Chorus Fibre not to e.g. Slingshot, Xtra or some other ISP.
  2. Chorus provide the modem (called an ONT), your ISP provides a router.  You cannot change the ONT, but you CAN change the router.  Please don’t call the router a modem – this is why there has been so much confusion as you absolutely cannot change the modem, but you CAN change the router.
  3. ONT stands for ‘Optical Network Terminal’, I know that because it’s written on it, so don’t tell me it isn’t.  Basically it’s what’s known as a transceiver that translates optical data traffic to your typical copper data traffic with some added smarts in it, namely a PPPoE dialer, which is why it is a modem.
  4. Just because you’ve got e.g. a 30Mb down and 10Mb up fibre connection does not mean you would actually get these speeds, this just outlines the maximum performance capability of your particular NZ fibre UFB Plan, the rest is up to your ISP and what particular international and national speeds they have paid for.  You will need to raise performance issues with your ISP if your speeds are slow.
  5. You don’t have to use the in built telephone port in your supplied modem (Slingshot tried to tell me that I did, they also tried to tell me that I couldn’t put my own router on – both not true).  I’m using their already supplied Linksys ATA adapter for this connected to my Fortinet router – so yes it’s the same iTalk account with a couple of new settings – simply replace your old akl.italk.co.nz setting with and you’re all done!

Right, now let’s get started.  I’m using this example on a fortinet, because it’s a relatively common ‘upper end’ device that is super awesome and I wanted to promote it ;).  In reality anyone that didn’t already know points 1-5 above probably wouldn’t want to be installing a fortinet, but I felt like it and somehow hope that it will help someone somewhere even if they don’t understand the next bit.

The below instructions are started from a freshly installed firmware and a completely out of the box default setup.

Log into fortinet admin / blank password

  • Go to network / interface
  • Choose create new / interface
  • Name: – Chorus UFB
  • Type: VLAN
  • Interface wan1
  • VLAN ID 10
  • Addressing mode PPPoE
  • username: your isp login
  • password: your isp password
  • Any other settings you require such as FMG-Access or HTTPS etc.
  • Apply / OK

You should now have a physically working login to your NZ Fibre UFB.

There are a few more steps though – they are:

  • Ensure your LAN IP address is in the correct range
  • Ensure your DHCP server is set up with the correct lan IP address
  • Ensure you have a new firewall rule added

How to change the LAN IP address

  • Go to Network / interface
  • Check internal then click edit
  • Under the addressing mode section, ensure manual is selected and replace with your desired IP address.
  • Note that if you’re changing the subnet range and using DHCP, this will not automatically change the DHCP scope, you will need to connect with a manual IP address and reconfigure the DHCP server seperately.
  • Click Apply / OK.

How to update the DHCP server scope

  • Click Network / DHCP Server
  • Check the internal network and choose edit
  • Under the IP section, update to your appropriate subnet / range.
  • Add any IP reservations you need by using the ‘Add from DHCP client list option or entering manually by choosing create new.

Create a matching firewall rule for NZ Fibre UFB

In it’s most basic form (I won’t go into the complex parts) you need an outgoing allow rule for the new NZ Fibre UFB interface

  • Go to the Policy tab, then choose policy / policy
  • Click Create New
  • Source Interface/Zone: NZ Fibre UFB (or whatever you named your Chorus UFB PPPoE connection)
  • Source Address: All
  • Destination Interface/Zone: Internal
  • Destination Address: All
  • Schedule: always
  • Service: ANY
  • Action: Accept
  • Ensure Enable Nat is ticked on and use destination interface address is selected.

There are other options in there that we won’t worry about at the moment. This will get your basic  NZ Fibre UFB up and running.

You will need to also create one for any other interfaces eg. Wireless – NZ Fibre UFB

Change your admin password

  • System tab, admin, administrators
  • check the tickbox next to admin
  • click edit
  • click change password, follow the onscreen prompts.

That’s it!

Howto: ColorMunki Photo – Yosemite Beta


Howto get X-Rite ColorMunki Photo working in Yosemite Beta

**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.

***Update 16 November 2014***

Official Driver now released from X-Rite, it can be downloaded from their web site directly here.

Have installed and tested and can confirm it works.

**End up Update***

This isn’t full instruction but a bit of a hint…

I was frustrated that X-Rite didn’t work yet in Yosemite (although I have had a personal message from the developer saying an update will be available by the time of the Launch of Apple’s Yosemite for Mac.

I don’t actually understand why they don’t just release a beta quality driver – anyway how I got (most) of it going by doing the following.

I installed the x-rite device services (not the application) for mac – though to be fair I’m not convinced it was neccessary – it’s just what I did. (Available here).

Then I right clicked on the ColorMunkiPhoto.mpkg (clicked show package contents).

I then installed XRiteCore.plg, DefaultFiles.pkg.

After all that I was able to profile my display.  It doesn’t ‘quite’ work like it used to (it doesn’t prompt me for brightness etc, but I think that just times out in the background and then just works.
Note, it seemed to be stuck on a black and some grey screens to begin with, after (a longer than usual) timeframe it calibrated and I could see it was close to my other (already calibrated) monitor from before the upgrade.

You might be able to install some more packages in there to get the menu’s back – no idea and up to you!

Hope this helps someone!

Why you need RAID and NOT a backup



**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.**

This one’s a real wind up – kinda like the politically correct people that say kids can’t play in trees cause’ they might fall out or the overboard PC personalities that say we should put up a shelf next to every door so that when they need to be worked on you don’t have to put your toolkit on the floor – which probably means you’d hit your head on the shelf.

The problem I’ve had with this kind of thinking is it’s very very small minded and they seem to see only one possible outcome for the future – death and injury.  The loudest people make the most noise and the ones that know better can’t be bothered arguing – stink for them as ultimately the loudest people find a way of making it law.  It’s a real shame these types of people are ruining our planet when we have real issues out there like starving children and disease.

Why is a backup not going to be ever done and why you need RAID instead

This article is written for those of you in forums still bleating on about backups being the solution (not RAID), as well as those looking for an answer to this painfully short sighted statement.  I have to laugh because you actually see guys with, “RAID is not a substitute for backup” written in their signatures.  I kind of think these guys got into some kind of low end IT job or something and lost the ability to think outside the square at some point.  However I do realise the reality is they probably get a barrage of people losing data and get asked to restore it and they’re forced to come up with something pretty obvious.

Anyway, nowadays there are plenty of us that have giant disk sets at home for various reasons (mine is photography and music creation), given the size of these usually span Terabytes – where exactly would you expect these backups to be stored? Hard disks? Tape? Optical? If you’re going to talk about backups, I’m going to talk about REAL backups. ie no backup is a backup unless you have multiple copies, usually a GFS (Grandfather, Father, Son) system or similar. Let me do some calculations here (based on 16TB since that’s likely the upper limit right now and note that I’m talking about the average joe here, not a giant corporate (yes average Joe’s do have 16TB these days).

Optical Backup

Probably biggest optical is Blu Ray which you can get in 50GB disk flavours relatively cheaply – That’s about 320 blu-ray discs for each backup on each day for a typical GFS solution. Given that the most basic ones of that need about 18 sets of media, we’re looking at 5760 separate blu-ray discs at about NZ$12 each = $69,000. This option would be slow, unreliable and expensive and you’d spend forever swapping discs! Debunked!!!

Tape Backup

Let’s pick on LTO5 (sorry can’t find a price on LTO6). So we can do up to 3TB Compressed with this puppy, now we’re talking. Let’s see a single drive unit without autoloader NZ$2901, tapes are $57 each x 6 tapes to get to 16tb x 18 sets for a basic GFS setup = $6156 + drive = total $9057.00 (if you can compress all your data to fit and I guarantee you won’t).  Too costly, complicated, large, needs a separate computer and some backup software to go with it! Debunked!!!

Hard Drive Backup

Let’s see, you could do this a few ways but we’re screwed anyway as we would need multiple hard drives to match a good GFS backup solution, which would be difficult to swap out in any form of RAID setup. Probably the best solution would be to buy another NAS with larger drives that can do hard disk GFS with something like rsnapshot. DLink have this built into their firmware, while qnap doesn’t yet. So we would need the biggest QNAP unit and load the biggest supported disks. That would be something like the 869 series (not sure if there’s a bigger than 8 disk unit, to be honest I haven’t looked). You would need 4tb disks, and while there are some cheap Seagate’s now on the compatibility list at 4tb, I’d recommend going for some enterprise drives here. TS 869 = $1800 8x 4tb disk, WD RAID edition $562×8 = $4469 = $6296. This is probably the best solution, rsnapshot will do delta’s to cut down on space etc, but I’d still say it’s debunked due to cost for average Joe!

No average Joe is going to spend this kind of money on backups. So please everyone, stop telling average Joe’s to do backups on storage when you know full well that it’s never going to happen.  I get the feeling the people saying this have no idea what backup is all about really.

So what you can do, is thank them for being bright enough to implement the only affordable option to reduce the likelihood of data loss and discuss sane options like targeting documents and pictures to an external disk and store it in another house or use a secure cloud service like Mega, Amazon etc – now that makes more sense doesn’t it?

To this end a message to the average Joe: Next time someone tells you to do backup, point them at this link and ask them to supply you with the money to implement one!

How to: Mac OS X email Server


How to set up and install a Mac OS X email Server

**This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.**

I’ve decided to post this here in it’s current form, it will need a few tweaks, but you may as well have use of it.  It’s pretty accurate but there will likely be something that I’ve missed.

So not that I have anything to hide, but I decided I didn’t like the idea of the NSA and it’s 5 spider eyes nastiness inspecting all my stuff, so after a few months of weighing it up, I decided to have a look around.

Having become used to ‘the cloud’ like many of us, I was looking for something that wouldn’t require me to while my hours away supporting various issues that crop up, had a relatively simple setup procedure and specifically stored my personal information where I could actually see it. It also needed to be capable of doing a robust backup, be low cost and a relatively simple procedure to restore service if it failed.

Ultimately, the only option that truly stood out for me was Mac OS Server 10.8 with it’s ridiculously cheap price of $19.99 and requires NO client licensing. It is an add on application to the Mac OS already running on your mac and you are entitled to make as many virtualised instances of this as you like including using the Mac OS installation media in the virtual machine that came with your Mac. In Vmware it’s as simple as selecting, install Mac OS from the recovery partition and off you go.

The quick and dirty summary of what I purchased for this is as follows:

The Server

VMWare Fusion v6.0 (About $NZ50

Mac OS Server $US19.99

(This runs on my existing Mac Mini which has a Sandisk SSD and 16GB of Kingston RAM)


Since I am into photography in a large way, I already had a ton of NAS storage. So for backups I configured time machine (from within the server) to backup to my QNAP 669-L and from there it does a real time off site backup to my QNAP 412. The QNAP 412 is configured with rsnapshot so that data can be restored to a point in time. As an extra precaution, VMWare has a handy feature that takes daily snapshots, rotating after a maximum of 3 is reached, in case you’re desperate for a one-click restore.

You would definitely not have to have these QNAP’s, there are plenty of alternative and cheaper backup options that you could use, but that’s another story.


Start with a standard Mac OS 10.8

Ensure you have a fixed IP address so that applications and services know where to talk to

You should ideally have a domain and a fixed IP pointing at your server or alternatively a dynamic domain – out of the scope of this article.

Ensure all updates security etc have been applied to your base OS.

It is preferred that the server is running in a virtual machine such as VMWare or parallels.

You will need a spare 2GB memory to allocate to the server

note there is also a workgroup manager software application to remote manager your server. It is available at the Apple Support downloads section http://support.apple.com/kb/DL1567


Install the Mac OS X email Server Application from the Mac App Store (it’s part of the main OSX Server application here – (161MB at time of writing)

Double Click and Run the server Application from the Applications folder. (A good idea at this time is to right click the server icon in the taskbar and choose ‘Options, Keep In Dock’

Click Continue in the Set Up Your Server Window

Click Agree to Agree to the software licence agreement

Enter the local server machine password that allows you to install software, then click continue

Choose the third option ‘Domain Name’ and click Continue

Enter the name of the server in the top box (this will show up in finder and other applications when browsing the network

Enter the fully internet registered hostname in the host name box i.e. servername.yourdomain.com

In the network address field click edit.

Change the ‘Using DHCP’ drop down box to ‘Manually’

enter a fixed IP address that will not be used by any other device on the network (you may need to poke around in your internet router to see what range of addresses can be assigned via DHCP and ensure your address is outside of this. i.e. or similar. You will manually forward certain services to this address later.

Ensure Subnet Mask is and that the router and DNS servers are pointing to your internet router (we will change these later).

Click Apply

Mac Server will apply these settings, then click continue.

Enter in your apple ID and password for push alerts, click continue

Mac now goes away and sets up the remaining settings for network etc and some sensible defaults to start with. Upon completion you will see a ‘Congratulations’ Screen and a Finish button.

Click the finish button and you have now fully completed the ‘Installation’ section of the Server HowTo.


Network – DHCP / DNS

The very first thing you need to configure is a multi-homed network. This will fool the devices into redirecting traffic on your internal network bound for the internet, to your server instead of the internet. This is required when you connect to services from on the same network as your server is on. If your router supports it, it can be preferable to do this on the router, or do part of it on the router, it’s up to you. My router does not support it, so I’ll show you how to do it on the Mac Server here.


You need to set up DHCP on the Mac Server.

It is best to assign a DHCP ‘Scope’ that leaves room at one end of the IP addressing pool for static addresses. I suggest setting the scope to be something like – You’re not likely to need 100 addresses in a home network.

  1. Click the DHCP Icon under the Services section in the Server Admin Tool
  2. Change the lease duration to something more than 1 hour, 1 hour is ridiculously unnecessary. I set mine to 7 days.
  3. Ensure you are connected by Ethernet if possible (by the way, if you are using VMWare you need to be using Bridged Ethernet mode).
  4. Enter your preferred starting and ending IP addresses.
  5. Leave the router as your actual router.
  6. Just below this there is a DNS server. We need to change this to your local server address. By default the DNS server is setup correctly automatically, so just enter in your Server IP Address in the DNS field.
  7. Click Done
  8. Now, so you don’t disconnect yourself and cause all sorts of grief, a second device to connect here is handy. You need to DISABLE the DHCP server on your router and ENABLE the DHCP server on your Mac Server. You enable the DHCP server on Mac Server by sliding the OFF-ON switch at the top to the on position. You CANNOT have more than one DHCP server running.
  9. Once you have turned your original DHCP server off and enabled the new one, try disabling the WIFI on for example your iphone / android etc and see if it get’s an address. Do NOT reboot your computer until you have confirmed this is working or you will not be able to reconnect to your network properly.


Click the first edit button next to, “Provide mail for:” and choose your registered email domain

Turn on the Mail service by sliding the Off-On slider to On.

Surprisingly that’s it for the email service! The rest is done in the user accounts section.

User Account

Click the Users item under Accounts.

Your account should already exist, or if not, create one with the + button.

(I have found if you don’t right click the actual user and choose edit the app crashes. This is the only way to edit the user at this time.)

Enter in the email address you wish to assign to the user and click Done.

And again surprisingly, that’s it!