Defecting from Samsung (Android) to an Apple iPhone

The longest time I have been a happy Samsung phone user, currently with the S4 mini, and liked the ability to flash custom ROM’s like CyanogenMod and it’s sucessor LineageOS. However, having a hard time to find a small (4”-screen) phone with a good camera, I am considering the Apple iPhone SE.

Will I be punished for leaving the Android ecosystem?

This article on gave me hope. Read on how it went for me…

Step 1: Find replacements for my favourite apps in the Apple Store

OwnCloud client app: $0.99
PodKickerPro: not available. There is a preinstalled app and some alternatives.
Barcode Scanner +:  not available, but there are many alternatives
GoogleContacts: not available as app. TechRepublic has an article.
GoogleCalendar: not available as app, but Google has a note on how to sync with the device’s Apple Calendar. Some restrictions apply.
Threema: $2.99
GoogleAuthenticator: free, from Google
GarminConnect: free, from Garmin
Scanbot: freemium, $4.99 for the lite version

But hey, is there (a) Llama….?

Which, by luck and a hint, I did not forget to look up.

Sad thing is, the Apple App store does not have an app for automated task execution. Neither Llama, nor Tasker is available.  IFTTT will not be of help either, because it can not control local settings.

This is a show-stopper to me and too much of a punishment. No iPhone for me this time.

Step 2

WordPress for Kids

How to simplify and secure a WordPress installation for kid’s use?

This guide focuses on privacy, security and ease of use. Thus secure access is enforced, a login is required and some UI sugar will be set up. Here are some steps to follow, with detailed instructions below:

  • Enforce HTTPS
  • Use WordPress privately, with required login
  • Disable commenting
  • Customize the login page for better recognition

Installation & Configuration

    1. Install it using your preferred way
    2. Create an admin user for you and a kid’s account (with the author role). If you like, also create viewer accounts for read-only access.
    3. Enforce HTTPS and use HSTS
      Create a .htaccess file in the root folder with the following content:
# Redirect to HTTPS 
RewriteEngine On 
RewriteCond %{HTTPS} =off 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301] 

# enable HSTS 
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" 

Install Plugins

  1. Use the Force Login plugin, to restrict usage only to registered users. This will also immediately load the edit mode once your kid has logged in.
  2. Make sure, the Loginizer plugin is installed and activated. It has a harsh retry limit and is a very effective means of keeping bad guys out.
  3. Use the Login customizer plugin, to create a pleasant login screen for your kid.

Commenting Config

In Settings/Discussion

  • Uncheck “Allow people to post comments on new articles”

Just in case you once allow discussion on a specific post:

  • Check “

Tweaking the UI

  • Update the theme: TWENTY SEVENTEEN is a nice theme (currently the default). Use a nice header image in the theme, showing something the kid likes (but probably not a closeup image of themselves)

Tweak the login screen

  • To make your kid feel at home, even at the login screen, use an image there too. Unfortunately you can not just add CSS in the default customization editor to tweak the login screen.
  • However, by using the Login customizer plugin:
    Go to Appearance/Customize, then Login Customizer (new from the installed plugin), then Other/Custom CSS to fully tweak the style. However, you can also just use the CSS below (replace the image URL):
/* This CSS changes the default WordPress login page
 * It uses a custom image as faded background and tweaks the
 * other UI stuff accordingly */

/* use an image from the gallery */
body.login {
    background-image: url(https://yourdomain.tld/wp-content/uploads/2018/03/x.jpg);
    display: block;
    background-size: cover;

/* fade the image to black and keep behind the login form */
body.login::after {
    content: "";
    background: rgba(0, 0, 0, 0.6);
    position: absolute;
    top: 0;
    left: 0;
    right: 0;
    bottom: 0;
    /* Image behind the login form */
    z-index: -1;

/* make the links more readable, by using a white background, as the rest of the login form, in front of the blackish image */
/*body.login div#login,*/
body.login p#backtoblog,
body.login p#nav {
    background-color: white;

/* keep the links visually attached to the form */
body.login p#nav,
body.login p#backtoblog {
    margin-top: 0;
    padding-top: 6px;
    padding-bottom: 6px;

body.login p#backtoblog {
    padding-bottom: 24px;

/* keep the wordpress logo decolorized to not infer with image colors */
body.login #login > h1 > a {
    filter: grayscale(100%) brightness(250%); 

Happy blogging!

WordPress and all plugins mentioned are free (or freemium), so consider donating to the respective authors.

Publishing a CSS User Style as Firefox Extension

To provide the FocusFinder User Style to Firefox users that do not have the Stylish or Stylus browser extension, I want to create a simple Firefox extension that just applies these CSS rules. How easy is this with the new WebExtensions API model? Well…

Very easy!

  1. Create your CSS and provide it as User Style.
  2. Create the extension skeleton using the First Example from the Add-ons topic on MDN docs as Template.
  3. Replace the javascript file from the example with the file obtained via “Install style as userscript” on the user style website.
  4. Try the extension out locally using the Firefox debugging mode.
  5. Package it as a simple ZIP file.
  6. Publish to (AMO), by submitting it through the submission form.
  7. Enjoy!

Here is the Focus Finder Firefox Extension on the official Firefox Add-ons Page!




An embeddable single file QR code generator

As HTML/CSS/JavaScript exercise I created* a QR code generator, which is embeddable into any website. It’s even usable offline, because it’s just a single HTML file.

Try it

And here’s how you embed it, using a cached copy via the RawGit CDN:

<iframe src="" frameborder="0" scrolling="no" style="overflow: hidden;" width="100%" height="400px"></iframe>

You can also change the sizes or the frame border. The displayed QR code will adapt accordingly on page load. However, only one iframe per page is currently supported.

You may also take the qr.frameable.inline.html and host it on your own server, or just download it to your local file system for offline use.


The offered QR code generator supports two request query parameters:

  • text, to allow for a custom preset text. Requires URL encoding of the text.
  • readonly, to disallow text entry. This may be useful when you just want to present a QR code for a given text.

Here’s an example with a link, which uses the (URL encoded) URL of this post:


* To be honest, I just tried to pull the right strings. The QR Code generator page presented here is based on the Javascript QR Encoder by, released under GPLv3. It also uses small bits of Bootstrap, jQuery and AngularJS.

Running NxFilter on a Synology DS115j NAS

To free up my other Raspberry Pi from being a DNS server and to use an already existing NAS on my local LAN, I decided to try to install NxFilter (my favourite DNS filtering solution) to a Synology DS115j NAS device. Here’s how I did it.

The DS115j is one of the more affordable models, running Version 5 of the Synology DiskStation Manager (DSM). Unfortunately it is not able to run Docker containers. Thus I decided to go down the native way with the Java Manager module.

However, to make it safe (that is, not running it as root) was a little more involved as I thought…

You will need to…

  • Install Java (with the Java Manager)
  • (at least temporarily) enable SSH on your NAS.
  • Add kernel modules for port redirection from Port 53 to a non-privileged port, to avoid running the DNS server as root.
  • Modify the Synology firewall to accept traffic for DNS and the NxFilter admin GUI.
  • Use UpStart jobs to start up NxFilter automatically after boot.
  • Use an upstream DNS server, also for queries originating from within the NAS.


  1. Log into your Synology NAS admin GUI as administrator.
  2. Install Java, version 1.7.0, using the Java Manager Package in the Package Center of you Synology NAS.
  3. Enable SSH in Control Panel / Terminal & SNMP / Terminal. Tick Enable SSH Service.
  4. Add firewall rules in Control Panel / Security / Firewall. You must open a port for DNS and one for the admin GUI.
    Since I will later use port redirection for DNS, I use port 8053 instead of the default 53. In the below example I allow all local traffic to the alternative DNS Port 8053 (UDP) as well as the administration GUI port 8443 (TCP).

    Firewall rules for DNS, using alternative ports.

Installing NxFilter

Get the latest NxFilter binaires as ZIP file from their website (

Deploying to a local user

  1. I suggest to create and use a specific local user account for the NxFilter installation on your Synology NAS to keep things separated.
    Creating an “NxFilter” user account

    Name the user “NxFilter” and keep it the “users” System default group. There is no need to add any further access (not even for the FileStation), as this account is only used as a convenient, local container for the NxFilter files.

  2. Log into the created NxFilter account, upload and unzip the binaries in to the home folder.
    Deploying NxFilter

    Config stuff

To avoid avoid the necessity to run as root, you should use an alternative port for the NxFilter admin GUI as well as the DNS service.

To do so, edit the home/conf/cfg.default file and save it as file. (Hint: to use the convenient online text editor, first rename the file to cfg.default.txt)

Editing the NxFilter config file

Edit the port configuration to this, for example (with an added line for the DNS port):

http_port = 8080
https_port = 8443
dns_port = 8053

Run, NxFilter run!

You will need to start Nxfilter via the SSH console, which requires you to log in as root (using the administrator password)

ssh root@192.168.x.z

To have the port forwarding working, add the following kernel modules and add the rule:

insmod /lib/modules/nf_nat.ko 
insmod /lib/modules/iptable_nat.ko 
insmod /lib/modules/ipt_REDIRECT.ko 
iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8053

Then try to run it testwise using the provided startup script


This should produce the following log on the console:

Check the presence of the admin GUI at https://your-ip:8443/admin.jsp

Now let’s shut it down again for the moment.


iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8053

rmmod /lib/modules/ipt_REDIRECT.ko 
rmmod /lib/modules/iptable_nat.ko 
rmmod /lib/modules/nf_nat.ko

Using Upstart to keep it running

To keep the NxFilter DNS server automatically running over NAS reboots, you can create an Upstart job configuration, that will cause a job to run at startup and shutdown of the NAS.

However, the job needs to be split in 3 parts:

  1. Setup the port redirection, with root privileges
  2. Start NxFilter with user privileges
  3. Tear down the port redirection, with root privileges

Create an Upstart script

Create an nxfilter-setup.conf file in /etc/init/ with the following content:

description "Prepares the system to start the NxFilter DNS server on a non-privileged port at NAS startup"
author " (hosted on"
usage "Start NxFilter simply with 'start nxfilter'. The setup and teardown tasks will be invoked automatically."

# output is logged to a file in directory /var/log/upstart/
console log

# Only start this task when the nxfilter service job is starting
start on starting nxfilter


# Note: Running as root (the default) is a bad idea,
# but root is actually required to bind to Port 53 (for DNS)
# on the given Synology DS115j NAS.
# As solution this uses local port redirection
# to let the DNS server use one of the higher, non-privileged ports
# when serving DNS queries.

 # Since Synology DS115j NAS does not support nat tables out of the box we will add this first.
 insmod /lib/modules/nf_nat.ko 
 insmod /lib/modules/iptable_nat.ko 
 insmod /lib/modules/ipt_REDIRECT.ko 
 # Add port redirection to serve DNS queries on one of the non-privileged ports
 iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8053
end script

Create an nxfilter.conf file in /etc/init/ with the following content:

description "Starts the NxFilter DNS server on a non-privileged port at NAS startup"
author " (hosted on"
usage "Start NxFilter simply with 'start nxfilter'. The setup and teardown tasks will be invoked automatically."

setuid "NxFilter"

# output is logged to a file in directory /var/log/upstart/
console log

# Starting this service job will also start the nxfilter-setup task job
# Only start this service after the httpd user process has started. It is a safe bet that the DNS is able to run now.
start on started httpd-user

# Stop the service gracefully if the network goes down.
# Stoppping this service job will also start the nxfilter-teardown task job
stop on stopping network-interface IFACE=eth0

 # Start the DNS server
 # Since Upstart does only use a minimalistic environment, provide the necessities here directly to the process
 exec env PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin:/var/packages/JavaManager/target/Java/jre/bin" /volume1/homes/NxFilter/bin/
end script

pre-stop script
 # Shut down the DNS server gracefully (otherwise it will get killed by the stop process)
 # Since Upstart does only use a minimalistic environment, provide the necessities here directly to the process
 exec env PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin:/usr/local/sbin:/usr/local/bin:/var/packages/JavaManager/target/Java/jre/bin" /volume1/homes/NxFilter/bin/
end script

Create an nxfilter-teardown.conf file in /etc/init/ with the following content:

description "Reverts the changes made to the system to start the NxFilter DNS server on a non-privileged port at NAS startup"
author " (hosted on"
usage "Start NxFilter simply with 'start nxfilter'. The setup and teardown tasks will be invoked automatically."

# output is logged to a file in directory /var/log/upstart/
console log

# Only start this task job the nxfilter service job is stopped (and NxFilter is shut down)
start on stopped nxfilter


 # Remove the port redirection
 iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-port 8053

# Remove the NAT kernel modules (in reverse order)
 rmmod /lib/modules/ipt_REDIRECT.ko 
 rmmod /lib/modules/iptable_nat.ko 
 rmmod /lib/modules/nf_nat.ko 
end script

If you created the job configs in the NxFilter user’s home directory for convenience, now copy it in the right place:

cp /volume1/homes/NxFilter/nxfilter-setup.conf /etc/init/nxfilter-setup.conf
cp /volume1/homes/NxFilter/nxfilter.conf /etc/init/nxfilter.conf
cp /volume1/homes/NxFilter/nxfilter-teardown.conf /etc/init/nxfilter-teardown.conf

Reload the job configuration and check the existence of the job

initctl reload-configuration
initctl list | grep nxfilter

Testing the UpStart job

Try to run the job now

start nxfilter

Output must be for a running state like:

nxfilter start/running, process 19499

See the log:

cat /var/log/upstart/nxfilter.log

If everything is OK, this job will start your NxFilter instance after reboot.


About not being root

By default, binding to a lower port, like 53 for DNS, needs root access, which is a good thing. But this also means that the whole NxFilter process (including the whole Java JVM in this case) needs to be run with root permissions, which is considered bad practice.

Better, you set explicit permission for binding, but run it without being root. However, the NAS in question seems not to support any of the conventional ways of doing this, like using authbind or setcap. But there’s another way.

Using iptables & kernel modules

iptables allows for all kind of redirecting and manipulating traffic. The solution here however requires only to change the destination port of an incoming DNS query packet. Thus I use the iptables directive as mentioned above.

However, on a Synology DS115j NAS the required nat table for port forwarding is not loaded by default, thus we also need insmod, as also was shown above.

Resources & Credits


The web, with (your) Style


DeLorean DMC-12 (Credits: Photo by Kevin Abato,, edited by me.

While the web (besides time machines) is styled much nicer than ever, this does not always mean, it’s your style, nor that user experience is much better for you.

Two powerful tools, UserStyles and Greasemonkey (Tampermonkey for Chrome), come to help. They both inject additional functionality (CSS and/or JavaScript) into existing websites, allowing to transform or extend their use.

In my spare time, I have created some (hopefully) handy scripts and styles:

A slimmed down StackExchange

stackwatchersTo get rid of the distracting side bar on some of the StackExchange sites, I have created the StackWatchers user style. This also improves the reading experience on narrow windows.

Better UX with NxFilter

nxfilter_with_colorTo have a better visual distinction for blocked requests by the DNS filtering tool NxFilter, I have created NxFilterColorizer, a user script that colorizes the table row depending on the block indicator text. It also applies a CSS class that allows further styling with a user style.

Find the keyboard focus

Ever got lost in a large input form? FocusFinder comes to the rescue. This is a simple user style, that globally highlights the currently focused or hovered input field or action item. This helps visually navigating and observing the structure of a website.

Upcoming: Header linkify

A user script that prepends clickable links to HTML headers. This allows to share a direct link to any part of a HTML document.

Installing the Samsung C480W printer on Ubuntu Linux

tl;dr; As Linux user, do yourself a favor and consider the Samsung C480W printer.

Update: When scanning after Ubuntu upgrade does not work

I wanted to get rid of my old HP PSC 1215 All-in-One Printer.

HP PSC 1215 All-in-One Printer
HP PSC 1215 All-in-One Printer

It served me well over all these years, both with Windows and Ubuntu Linux. But, getting tired of replacing empty or clogged ink cartridges all too often I considered buying a laser printer. I chose the Samsung Xpress C480W A4 Color Laser Printer.

Samsung Xpress C480W A4 Color Laser Printer
Samsung Xpress C480W A4 Color Laser Printer

Installing a printer on Linux – a nightmare. Or is it?

Not with this one, I can say. The “Easy printer installation” does not promise too much. Here’s what it took me:

  1. Attach the printer to the mains and the local LAN. Switch it on.
  2. Download the appropriate driver package from the Samsung setup page with the Linux box. The website presents the Linux driver package (probably guessed from the User Agent string) right away.
  3. Extract the package.
  4. Run sudo ./

    Installing the printer driver with the bash shell
    Installing the printer driver with the bash shell
  5. Accept the EULA (This is the most inconvenient part as you are required to accept it line by line…)
  6. Install the printer using the Ubuntu printer Dialog. It will automatically get recognized on the network.

    The Ubuntu 14.04 Add printer dialog
    The Ubuntu 14.04 Add printer dialog
  7. Done. Feel the relief and joy of printing and scanning using your favorite OS.

Here’s how my first test page looks – scanned with the same printer again. 🙂

Scanned Document
A scan of the first print test page.

Update: When scanning after Ubuntu upgrade does not work

After upgrading Ubuntu from 14.04 (LTS) to 16.04 (LTS) the scanner portion of the Samsung C480W did not work anymore. I got “Failed to scan” all the time from my beloved SimpleScan application.

SimpleScan refuses to find the scanner

Apparently some configurations did not make it through the Ubuntu upgrade.

My solution was to simply uninstall and reinstall the driver using the official driver package mentioned above:

sudo ./
sudo ./

Voilà – SimpleScan on Ubuntu 16.04 (LTS) found my scanner again.

SimpleScan manages to scan again.

Controlling a Playmobil® crane over ssh

One of my sons recently received this fine, Infrared (IR) remote controlled crane model as a gift. Would it be possible to rebuild the IR remote control with a Raspberry Pi?

Catching the signal

To build the IR-Transmitter I used the well-known LIRC library and this small IR receiver sensor from Adafruit. For emitting back the IR I just recycled an IR-Diode from an old JVC remote control unit and directly attached it to one of the GPIO ports the Raspberry Pi.

Connecting an IR-LED and an IR-Sensor to the Raspberry Pi 2 Model B

To set up LIRC, test the sensor, record the IR signal and emit the code I mainly followed this excellent blog post about setting up LIRC by Alex Bain. I worked through all the relevant steps and finally got a working solution.

Gettin’ the codez

The Playmobil crane remote control seems to use none of the standard protocols like NEC or MD-5. It also has a long sequence, as the output of the raw recording shows.

sudo /etc/init.d/lirc stop
mode2 -d /dev/lirc0

The “Left Turn” button, when using channel “D”, gives:

space	4656873
pulse	5722
space	452
pulse	942
space	473
pulse	947
space	474
pulse	949
space	937
pulse	485
space	964
pulse	459
space	938
pulse	484
space	911
pulse	511
space	473
pulse	959
space	464
pulse	950
space	471
pulse	951
space	471
pulse	952
space	469
pulse	953
space	116727
pulse	5721
space	471
pulse	953
space	469
pulse	952
space	443
pulse	980

A quick analysis using a spreadsheet and a bar chart shows some interesting features. See below. The y-axis shows the numbers from the raw output as values.

Barchart for left turn on channel d
Barchart for left turn on channel D

There are 13 blocks, of which the later 12 are similar. A test showed that the signal consists of a first, single action code, followed by a repeated stop or terminating code. The clock seems to be at a value of about 473, which is the average duration for a pulse of basic width.

Getting a working lircd.conf file

Now the tricky part was creating the lircd.conf file with the irrecord application. The tool resorted to record what it calls a raw format. By following the on-screen instructions, I managed to get a working file, however, only with the action codes for each direction. I then manually created a stop code and added that to the end of the file.

Here’s the final configuration file, for use with channel D, which I contributed to the LIRC project’s sourceforge repository of remotes.

Invoking commands

With the correctly configured and running LIRC service, I now can control the crane using the simple LIRC irsend program.

irsend SEND_ONCE "playmobil" MOVE_LEFT

for a left turn, for example.

When sending the stop command right after the action command, the moves are a little shorter:

irsend SEND_ONCE "playmobil" MOVE_LEFT KEY_STOP

Build your own

Here’s the complete, minimum guide to rebuild the control (sending part only) for yourself.

  • Set the crane’s remote channel switch to position D.
  • Wire up the IR emitter diode between physical pin 15 (WiringPi Pin 3, BCM 22) and Ground.
  • Get the Raspberry Pi connected via ssh and follow the instructions in Paragraph “Setting up LIRC on the RaspberryPi” from Alex Bain’s Blog about setting up LIRC on the Raspberry Pi.
  • Run the following script. This will download and install the configuration file, for use with channel D, plus a simple controller bash script that you can use to control the crane with your keyboard.
    # Stop lirc to free up /dev/lirc0
    sudo /etc/init.d/lirc stop
    # Get the configuration file from sourceforge
    wget -qO- -O large-crane.lircd.conf ''
    # Make a backup of the original lircd.conf file
    sudo mv /etc/lirc/lircd.conf /etc/lirc/lircd_original.conf
    # Copy over your new configuration file
    sudo cp large-crane.lircd.conf /etc/lirc/lircd.conf
    # Start up lirc again
    sudo /etc/init.d/lirc start
    # Show the available codes
    irsend LIST "playmobil" ""
    # Get the bash control script for easy keyboard control
    wget -qO- -O '' &amp;&amp; unzip -o &amp;&amp; rm
    # Start the control script


With the aid of a Raspberry camera module and the RPi-Cam-Web-Interface project, you can even watch your crane while it moves.

Running NxFilter on a headless Raspberry Pi

NxFilter is the best free solution for a self-hosted DNS server/filter I have found so far. Today I got my Raspberry Pi, so how about running NxFilter on a headless Raspberry Pi in a family’s home network?

Note: This article is based on a Raspberry Pi Model 2B and NxFilter Version 3.5.1. Never versions of either product may behave differently.


The current Desktop version of Raspbian, the default Debian-based Operating System for the Raspberry Pi already comes with all required packages (Java, unzip, wget)

  1. Install Raspbian on the Raspberry Pi. You can do this also headless, without an attached Keyboard and Screen, for example by following the official guide on how to install an Operating System on an SD card,  or this more generic guide for a fully automated, configured installation.
  2. Enable SSH
  3. Connect to your Raspberry via SSH, using the default (or configured) Username/Password.
  4. Optional: Update Raspbian to the latest version.
  5. Recommended: Change the default password.
  6. If you used the lite version of Raspian, you need to install JAVA.

Installing NxFilter

Note: This guide roughly follows the  the unix installation instructions from the NxFilter manual:

  1. Download the latest version of NxFilter with wget
  2. Unzip to the installation folder (requires root-access)
    sudo unzip -d /nxfilter
  3. Change to the installation folder
    cd /nxfilter/bin
  4. Make the necessary scripts executable
    sudo chmod +x *.sh

Manual Startup

  1. Run
    sudo ./

Automatic Startup at each Raspberry boot

  1. Add the line /nxfilter/bin/ -d near the end of the file /etc/rc.local
    cd /etc
    sudo nano rc.local
  2. After doing so, the end of the file should look something like
    # NxFilter Autostart
    /nxfilter/bin/ -d
    exit 0
  3. Reboot
    sudo reboot

Configuration of NxFilter

  1. Using another machine with a browser, navigate to http://youripaddress/admin Default Username and Password is admin/admin.
  2. Change default password via “Config/Admin”
  3. See the manual for all configuration options.