Jan 09

Install Adobe Flash Player Firefox Plugin

Flash Player on Ubuntu

Since I upgraded one box to Ubuntu 8.04 (Hardy Heron), and another box to Ubuntu 8.10 (Intrepid Ibex), it was quite irritating for some time to watch youtube videos with no or flaky sound along with skipping videos.

In Firefox, when I went to “Tools -> Add-ons -> Plugins”, or just typed “about:plugins” in the address bar, I saw that I do have “Shockwave Flash 9.0 r124″, however it just dis not want to work smoothly. The same was true for “”Shockwave Flash 9.0 r100″.

So you would think that the right thing to do was to go to the Adobe website: ““, choose “get the one for Ubuntu 8.04+” option, and download the latest (v10 / v11 / v12 / v13 / v14 / whatever…) flash player, right? Well, not really. After I did that, I saw both “Shockwave Flash 9.0 r124″ and “Shockwave Flash 10.0 r15″, so I disabled 9.0 one, and enabled 10.0 – should be good right? NOPE.

What appeared to be the solution for this mess of flash plugins was to do some “sudo apt-cache search flash…” searches, and figure out what needed to go from both systems.

There were two culprits that overruled the only enabled “Shockwave Flash 10.0 vr15″ plugin: “swfdec-mozilla” and “mozilla-plugin-gnash”. And hence they are going to be removed with all other potential inconsistencies:

sudo apt-get remove -y --purge flashplugin-nonfree gnash gnash-common mozilla-plugin-gnash swfdec-mozilla libflashsupport nspluginwrapper
sudo rm -f /usr/lib/mozilla/plugins/*flash*
sudo rm -f ~/.mozilla/plugins/*flash*
sudo rm -f /usr/lib/firefox/plugins/*flash*
sudo rm -f /usr/lib/firefox-addons/plugins/*flash*
sudo rm -rfd /usr/lib/nspluginwrapper

After this, I had a good feeling and went to again, chose “get the one for Ubuntu 8.04+”, saved “install_flash_player_version_linux.deb” locally, and install it with my bare hands:

sudo dpkg -i install_flash_player_10_linux.deb

Restarted Firefox, and let me tell you – Quality of my Ubuntu life has improved significantly since then!
Want to improve the quality of your life significantly? Follow the two steps above :)

Jan 09

Find USB flash drive device in Linux

Find USB drive in Linux / Unix

Recently I have written a quick “how to” on restoring, formatting a USB flash drive. The “how to” had a lot of hits from different places since then, mostly from GOOGLE, of course, but some from independent bloggers, like my blogging self.

One of such places was Although the guide “saved them” (welcome :)) they had a very constructive critique that one thing the guide missed was how to actually find which device to restore / format.

Hence I decided to write a new little 2 step “how to” that will teach you just that.

Step 1. System Log is your friend, listen to what it has to say…

Imagine you close your eyes, and someone puts an apple in your mouth – would you be able to identify what the heck was put into your mouth? For most people the answer would be “yes”. ( If you’d like to experiment, feel free :). The thing is once you bite on that apple, your brain goes through many lines of code (given that we are written in C), finds that match, and reports:

"The object in your mouth was identified as an Apple - we've had that before.
  I just talked to the stomach, it knows how to digest it."

You would think that your Linux/Unix system is any different? Well, not really.

Right after you insert a USB device into a slot, Linux/Unix will try to read, and identify it. While doing that, it will also assign it to a particular device as “/dev/particular-device”. This device is exactly the information we need, so we can talk to it, and mount it.

Although most people would approach it with running a dmesg, and look at the output, I prefer a more natural OS way to look at things – we’ll look directly in the eye of a System Log!

Let’s use “tail -f”, so we can see real time system log updates:

tail -f /var/log/messages

Now insert your USB drive into a slot and you should see the output similar to:

Dec  5 14:53:19 your-hostname kernel: [81585.308993] usb 4-1: new full speed USB device using uhci_hcd and address 3
Dec  5 14:53:19 your-hostname kernel: [81585.456757] usb 4-1: not running at top speed; connect to a high speed hub
Dec  5 14:53:19 your-hostname kernel: [81585.484884] usb 4-1: configuration #1 chosen from 1 choice
Dec  5 14:53:19 your-hostname kernel: [81585.498817] scsi6 : SCSI emulation for USB Mass Storage devices
Dec  5 14:53:24 your-hostname kernel: [81590.514870] scsi 6:0:0:0: Direct-Access     USB 2.0  USB Flash Drive  0.00 PQ: 0 ANSI: 2
Dec  5 14:53:24 your-hostname kernel: [81590.519874] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)
Dec  5 14:53:24 your-hostname kernel: [81590.522834] sd 6:0:0:0: [sdb] Write Protect is off
Dec  5 14:53:24 your-hostname kernel: [81590.534817] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)
Dec  5 14:53:24 your-hostname kernel: [81590.537814] sd 6:0:0:0: [sdb] Write Protect is off
>>>>  Dec  5 14:53:25 your-hostname kernel: [81590.537888]  sdb: sdb1  <---- GOT YOU!
Dec  5 14:53:25 your-hostname kernel: [81590.654848] sd 6:0:0:0: [sdb] Attached SCSI removable disk

Note that the USB drive was “connected”, or associated with sdb device

[81590.654848] sd 6:0:0:0: [sdb] 15794175 512-byte hardware sectors (8087 MB)

and more precisely, with sdb1 device

[81590.537888]  sdb: sdb1

And that means we can talk to it! The full name of the guy would be “/dev/sdb1″.

Now let’s greet our friend. Say: “Hi /dev/sdb1″! :)

Step 2. Mount USB drive’s device to the File System.

Just an extra step, in case you need to mount it. If you can’t, and would like to format it, so you can mount it afterwards, read this.

To mount the drive enter this:

sudo mount -t vfat /dev/sdb1 /media/usbdrive/

where “/dev/sdb1″ is the name of the device, we found in the step above. “/media/usbdrive/” is the directory that we are going to mount it to. Make sure this directory exists (otherwise create it “sudo mkdir /media/usbdrive/”). And “-t vfat” is asking your Linux/Unix OS to mount this device as a “vfat” (FAT16, FAT32) device.

Many, if not most, USB devices are VFAT, however if you have an NTFS USB hard drive, for example, you can mount it by entering:

sudo mount -t ntfs-3g /dev/sdb1 /media/usbdrive/ -o force

“sudo” in above couple commands comes from mostly Ubuntu way to “run command as a super user”. If you have any other flavor of Linux/Unix, you may want to just run it as a “root” user.

Eat more apples, and good luck!

Nov 08

Configure iwl3945 Driver on Ubuntu

It is quite frustrating when you have a wireless card built in, but you cannot use it – don’t you agree? That seems to be the case for wifi cards that are served by “iwl3945” driver. One of such examples can be “Intel Corporation PRO/Wireless 3945ABG” card.

Before, ( e.g. Feisty and earlier ) “ipw3945” driver was used instead, and worked beautifully with Intel cards. However the active development of this driver has stopped a couple of years ago, which means that security risks that were identified in the last couple of years were not patched. Therefore Ubuntu community switched to a more recent and supported “iwl3945” driver.

However that created a problem with NetworkManager that is used as a default network user interface in (Gnome) Ubuntu. It appears that in order “to be compatible with NetworkManager, a wireless driver must support both hardware and software scanning. Currently, hardware scanning is faster and more reliable and so is recommended for use with NetworkManager“. But unfortunately “iwl3945″ driver does not support hardware scanning very well, however it is a default behaviour that NetworkManager expects.

But usually, and that is what I love Ubuntu for, if there is a problem, there is 99.9999% a solution to this problem. So this how to will help you solve it, and enjoy your Intel Wireless card with Ubuntu, despite of inconsiderate (in this case) NetworkManager.

1. Remove the bad guy

sudo apt-get remove network-manager

2. Disable “iwl3945″ hardware scan

sudo vi /etc/modrobe.d/iwl3945


	alias wlan0 iwl3945
	options iwl3945 disable_hw_scan=1   # <-- enables software scanning

and save it (:wq).

At this you might want to restart or (optinal) just re-insert the module like this:

sudo modprobe -r iwl3945
sudo modprobe iwl3945

3. Install the good guy

Here you’ll install “the good guy” – his/her name is WICD:

Add wicd’s repository to Ubuntu sources:

sudo vi /etc/apt/sources.list
	 deb intrepid extras

(if you have Hardy Heron, then add “deb hardy extras” instead)

Update repositories

   sudo apt-get update

Install wicd “the normal Ubuntu way”:

   sudo apt-get install wicd

4. Run the good guy


or restart, it should run automatically.

Happy wifying!

Nov 08

Configure Simp Server to Encrypt IM clients in Linux

Recently many companies started to inject their security policies with securing IM communication. It makes sense, since everything you type in that chat window to your buddy flies over the network in a clear text. That does not sound to bad, you think, but what it really means, is if anybody wanted to see what you are talking to your colleague, or even to your wife, about, s/he can see it easily by reading your network packets – which is a very easy thing to do now days.

Another example could be the client whose policy is to monitor all the incoming/outgoing network request, and you want to talk over IM to your colleague about something that you do not want your client to see.

Below I’ll show you how to secure you IM communication with SimpServer: on Unix client/server boxes. I am going to use Ubuntu here as an example, but it should work for most if not for all Unix flavours.

1. Get the SimpServer.

According to the liink above “SimpServer is currently beta software and is free for any use”, hence let’s get it for free from here:


2. Install the SimpServer.

Before untarring it, let’s make sure the standard C++ libraries that SimpServer uses are installed:

sudo apt-get install libstdc++5

Now let’s untar it and move to “/usr/local” – that is where it will search for its binary files, so make sure you do that:

tar -xvzf simpserver-2.1.5c-linux-x86.tgz
sudo mv simp/ /usr/local/

Go to “/usr/local/simp/bin/”, and run the SimpServer:

cd /usr/local/simp/bin/
SimpServer Linux - (c) Copyright Secway 2000-2005
All rights reserved
Visit for updates.
Visit for support.
MSN Service on, mode 1
MSN Service on, mode 0
AIM Service on, mode 1
ICQ Service on, mode 1
YAHOO Service on, mode 1
Admin Service on, mode 0

If there are any problems, grab the simpserver version that is offered here:

3. Configure the SimpServer.

While SimpServer is running, telnet to it (port 10023). Default “username/password” are “admin/admin”:

$ telnet localhost 10023
Connected to localhost.
Escape character is '^]'.
SimpServer Linux - (c) Copyright Secway 2000-2005
All rights reserved
Visit for updates.
Visit for support.
Login: admin
Password: admin

Let’s see what it is capable of by asking for “help”:

> help
SimpServer Linux - (c) Copyright Secway 2000-2005
All rights reserved
Visit for updates.
Visit for support.
 ?,        help                  print this help
 list,     list_keys             [all, public, private]
 generate, generate_private_key  [-e<account>] [-s<service>] [-c<cipher>] [-b<size>] [-n<name>] [-p
 load,     load_private_key      -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-p
 unload,   unload_private_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 change,   change_password       -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-o
<old_password>] [-p<new_password>]
 delete,   delete_key            -i<keyid> [-e<account>] [-s<service>] [-c<cipher>] [-force] [-pendinf]
 accept,   accept_pending_key    -i<keyid> [-e<account>] [-s<service>] [-c<cipher>]
 quit,     exit                  exit

4. Create private/public certificates.

Notice that the “list” command, from the above help, shows all/public/private keys, including your public/private key, and all your IM buddies that you are talking to.

Let’s try to see what keys we have right away (without doing anything yet):

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name

As you can see, we have no keys – because for now we have neither “secure/encrypted” IM buddies, nor our public/private key pair.

Hence start by by running a “generate” command that would create your the key pair (link to certificates article) that will be used:

> generate
generating the new key pair, please wait... done!
new key: 278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16  RSA-2048  [admin] KeyPair

Now let’s “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair

Perfect – you have your own “KeyPair”, that will be used to authenticate and encrypt communication from your IM buddies.

5. Connect IM clients to the SimpServer.

Next, let’s connect to our SimpPro / SimpLight / etc.. IM buddies. Here is an example on how to configure “Pidgin” to use a SimpServer:

For example you’d like your work AIM account to “follow the company standards” and use encryption via simp server. Here is what you should do

Go to "Accounts" -> (Choose your AIM account) "Edit Account" -> "Advanced"
Choose "SOCKS4" in "Proxy Options"
type "" in Host
type "15191" in Port

Pidgin SOCKS4 settings

Why “”? Because you have started the SimpServer on your local box. By the way, you can start the server on one box, and use it from many other PCs by entering IP address of that box to the “host” field for the proxy settings of the account in your IM client.

Why “15191”? Let’s look at the server output once again:

MSN Service on, mode 1
MSN Service on, mode 0
AIM Service on, mode 1
ICQ Service on, mode 1
YAHOO Service on, mode 1
Admin Service on, mode 0

We see that “AIM Service” listens on the port “15191”.

6. Start using the SimpServer with your IM client(s).

Now when you send an IM to anybody who runs SimpPro / SimpLight / or just a Simp Server, they would get a pop up asking them to accept your message. After they do accept it, your public key ( one of the keys that was generated by the “generate” command ) will be added to their Simp database. Same thing will happen when they ping you or respond to your IM encrypted message – their public key will be added to the simpserver:

Here is an example of what happens initially, when there is a new “Simp-Oriented” buddy pings you:

(2008-10-16 15:16:09) BuddyName: *** (*) SimpServer Linux - Encrypted and Authenticated (*) ***
(2008-10-16 15:16:09) BuddyName: Hey, that is cool - so now our messages are encrypted...!

And now you can go back to your “telnet” session and “list” the keys again:

> list
Prv  Loaded KeyId             SHA-1 fingerprint                                   Date        Type         Srv  Name
Yes  Yes    278dc025d92cdbc4  b14e 7b16 6415 e88f 2a67 2fe6 2e31 579b 580e 1a89   2008-10-16     RSA-2048    *  [admin] KeyPair
 No  N/A    0f2292a9d40c2f90  ab1d 6f78 6bff a03e 892a 34df 2b3a 26e7 16ff cbb9   2008-10-16     RSA-2048  AIM   <buddy1Name>
 No  N/A    62f02d7e858e0139  c315 616f 8518 d9c8 9827 e4c4 d8b4 2448 06f7 4278   2008-10-16     RSA-2048  AIM   <buddy2Name>

Notice that now you have your own “KeyPair”, a public key for “Buddy1Name”, and a public key for “Buddy2Name”.

Happy Secure IMing, and don’t abuse your secrecy :)

Oct 08

Getting Return Code from ANT in SHELL

This short tutorial shows how to get an exit code from Ant and act upon it. This can be useful when building a massive application that requires several Ant scripts/targets and a collection of shell scripts.

The rule of thumb when building the system is “when it should fail -> it should fail”. Sounds weird, but it is really true.

If the whole build of the application takes 15-20 minutes, and one of the libraries failed to build (for example), the whole build should fail. Otherwise, if the build master inspects the logs, and sees something went wrong (in case it is logged), s/he would have to spend another 20 minutes to rebuild it. Or what is even worse, the application could end up in an inconsistent state, without anybody raising a flag, and that would be very dangerous, especially if the current release goes beyond integration builds, for example to quality assurance or even worse – to production.

So, above are the reasons, below is an ultra simple example with a solution:

Let’s say we have an Ant script (build.xml) that checks for duplicate jars in a directory. The target name that does that is “check-duplicate-jars”:


    <target name="check-duplicate-jars" depends="some-other-task">
        <!-- does its magic here -->

Let’s say we also have a simple shell script that calls “ant “. If this shell script is in the same directory as the “build.xml”, we can call it like this “./ check-duplicate-jars”, and it should check if there are any duplicate jars. Let’s run the shell script:

[user@host]$ ./ check-duplicate-jars
ANT: Running check-duplicate-jars task...
Buildfile: build.xml
     [echo] Checking for duplicate jars......
     [exec] ***********    NO DUPLICATE JARS FOUND IN LIB!    ***********
Total time: 3 seconds
ANT: Return code is: "0"
GREAT SUCCESS: Niiice - I liiike!

This is an expected behavior. However what would be nice is to have this shell script “fail hard”, in case the Ant script (build.xml) fails.

Let’s try to misspell the target name “check-duplicate-jar” (should be plural: “check-duplicate-jars”) and run it:

[user@host]$ ./ check-duplicate-jar
ANT: Running check-duplicate-jar task...
Buildfile: build.xml
Target `check-duplicate-jar' does not exist in this project.
Total time: 1 second
ANT: Return code is: "1"
BUILD ERROR: I am failing hard...

Wonderful – it failed! That is an expected behavior. And here is a sneak peek to the magic box – the “” shell script:

echo "ANT: Running $tname task..."
ant $tname
echo "ANT: Return code is: \""$antReturnCode"\""
if [ $antReturnCode -ne 0 ];then
    echo "BUILD ERROR: I am failing hard..."
    exit 1;
    echo "GREAT SUCCESS: Niiice - I liiike!"
    exit 0;

Hence the whole magic is here:


In general, “$?” will return an exist code of any executable run within the shell script.
Well, now you ready for the massive build process. Get to work, and may the build force be with you! :)

Oct 08

Use HSQLDB Functions with Hibernate Mapping Files

Let’s say you need to do a “local integration” test, where you code does not depend on external systems (queues/external servers/DB/etc..). Creating unit tests, mocking/stubbing everything out is all good, but sometimes you need to be able to run tests that are as close as possible to the “real world” deal, while you are in “local mode” – e.g. plane, subway, basically somewhere without access to the real external systems.

One of ways you can approach it with databases is to load schemas you need in memory, and work (test) against those schemas. This is relatively easy to do with HSQLDB, and there are many “googlable” guides on how to do it. However in this little howto, I want to show you how you can define your own HSQLDB functions, and use them as either “stubs” (or even “real deal”).

Here is an example on why you may need it. Consider this Hibernate mapping file that is used in your application:

<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC
    "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
	<class name="CustomerCreditCardSearchResultDto" table="CR_CREDIT_CARD">
		<id name="id" column="CR_CREDIT_CARD_ID">
			<generator class="native">
                                 <param name="sequence">SQ_CR_CREDIT_CARD</param>
                <property name="accountNumber" formula="some_pkg.decode( ACCOUNT_NUMBER )" />
                <property name="secretNumber" formula="some_pkg.decode( SECRET_NUMBER )" />
                <property name="expirationDate" column="EXPIRATION_DATE" type="date" />
                <property name="zipCode" column="ZIP_CODE" />

Let’s say you created a CR_CREDIT_CARD table in in-memory DB, populated it, started your test. Now when you try to read a “CustomerCreditCardSearchResultDto” object somewhere in your test, Hibernate will construct an SQL query from the mapping file above, and execute it on the in-memory DB.

However there is a problem – it is going to fail with a similar Exception:

Caused by: java.sql.SQLException: Unexpected token: DECODE in statement [select <query here> .... ]
	at org.hsqldb.jdbc.Util.throwError(Unknown Source)
	at org.hsqldb.jdbc.jdbcPreparedStatement.<init>(Unknown Source)
	at org.hsqldb.jdbc.jdbcConnection.prepareStatement(Unknown Source)
	at org.apache.commons.dbcp.DelegatingConnection.prepareStatement(
	at org.apache.commons.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.prepareStatement(
	at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(
	at org.hibernate.jdbc.AbstractBatcher.getPreparedStatement(
	at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(
	at org.hibernate.loader.Loader.prepareQueryStatement(
	at org.hibernate.loader.Loader.doQuery(
	at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(
	at org.hibernate.loader.Loader.loadEntity(
	... 60 more

If there is an Exception – there is a Reason for it :) Notice these two mappings in the Hibernate mapping file above:

<property name="accountNumber" formula="some_pkg.decode( ACCOUNT_NUMBER )" />
<property name="secretNumber" formula="some_pkg.decode( SECRET_NUMBER )" />

That says Hibernate to construct SQL that uses this “some_pkg.decode()” custom function/store procedure after (in case of SELECT) reading these values from a database. However, in you local testing environment, you do not have this function defined. It is probably defined in the DB (like Oracle/DB2/etc) itself.

But for most, if not for all, technical problems there is a solution, so don’t worry – you can define this function(s) yourself. Since it is a test, the most logical thing, since you want to abstract the code out from the external systems (and their functions) would be to define stubs to these functions.

Let’s create a utility “HsqlFunctions” Java class with static methods to be used by HSQLDB (it can only use static Java methods in its SQL, btw):

package org.project.test.util;
 * HSQL functions to be aliased.
 *    DDL example:
 *    CREATE ALIAS DECODE FOR "org.project.test.util.HsqlFunctions.decodeString"
 * @author
public final class HsqlFunctions
   private HsqlFunctions()
     // static utility class - does not need to be constructed.
     * Stub for the decode function.
     * Usually used to "please" Hibernate Mapping Files.
     * @param value - String value for the column
     * @return - returns the same String value
    public static String decodeString( String value )
        return value;

Now, when creating a test schema, you can ALIAS this static method as HSQLDB function like this:

     CREATE ALIAS DECODE FOR "org.project.test.util.HsqlFunctions.decodeString"

This will tell HSQLDB to call “decodeString” static Java method on the column value, every time it sees “decode( COLUMN )” in SQL.

One thing to notice, though – make sure the type that the Java methods take are exactly the same as defined by DDL (Database Schema). For example, if you pass in column value as an Object:

    public static String decodeString( Object value )
        return String.valueOf (value );

And the column is defined as VARCHAR in schema, HSQLDB will try to pack that String into an Object, and it will fail with a similar exception:

Caused by: java.sql.SQLException: Wrong data type: hexadecimal string with odd number of characters in statement [select ... <query here>]
	at org.hsqldb.jdbc.Util.throwError(Unknown Source)
	at org.hsqldb.jdbc.jdbcPreparedStatement.executeQuery(Unknown Source)
	at org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(
	at org.hibernate.jdbc.AbstractBatcher.getResultSet(
	at org.hibernate.loader.Loader.getResultSet(
	at org.hibernate.loader.Loader.doQuery(
	at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(
	at org.hibernate.loader.Loader.loadEntity(
	... 60 more

Below is just an excerpt on how you would set up the schema to use it with HSQLDB in your test:

    private static final String CREATE_ALIASES =
        "FOR \"org.project.test.util.HsqlFunctions.decodeString\"";
    private static final String CREATE_SEQUENCES =
    private static final String CREATE_TABLES =
        "DROP TABLE cr_credit_card IF EXISTS;" +
        "CREATE TABLE cr_credit_card (" +
            "cr_credit_id NUMERIC(15), " +
            "account_number VARCHAR(48)," +
        //  Creating the schema
        m_jdbcTemplate.execute( CREATE_ALIASES );
        m_jdbcTemplate.execute( CREATE_SEQUENCES );
        m_jdbcTemplate.execute( CREATE_TABLES );
        //  HSQLDB is ready to be populated with data at this point.

You can use DBUnit to create the schema above and populate it with the data. The above is just a straight forward hardcoded example.
Notice how it also creates a sequence “SQ_CR_CREDIT_CARD” to please the Hibernate, and others who might use it in the application.

Happy “local integration” testing!

Feel free to post questions/comments/suggestions, I’ll try to respond when have a free second or two :)

Oct 08

Configure Multiple SSIDs with One Router

One Router Multiple SSIDsA standard “home setup” for the wireless router now days consists of just hosting one Service Set IDentifier – or SSID. And if only a year ago that could seem as a router (firmware) limitation, right now using multiple SSIDs with a single wireless router is just a matter of re-configuration.

Below is a simple guide on how to configure a single affordable (from $25 and up) router, that is available to anybody, to host multiple (up to 16 – at the moment of writing) SSIDs using DD-WRT firmware. In order to install the firmware on the router, follow the official DD-WRT Installation Guide.

Below step-by-step howto is good for any routers that could be found on DD-WRT supported hardware list. Which includes pretty much any “home” router that is out there. Given that DD-WRT is installed, let’s move on to configuring it to host multiple SSIDs.

First let’s look at what we would like to archive as our “end goal”:

Multiple SSIDs by several wireless VLANs served by one router

So what we would like to have is:

  • One router with DD-WRT firmware installed, that hosts 2 (in this example) SSIDs: “Home” and “Guest”

  • Two VLANs where one network (VLAN1) can “see” another (VLAN2), but not other way around.
    What that means is that all “Home” clients (computers that are connected to “Home” SSID) can see (ping/connect to/etc.) “Guest” computers, however none of “Guest” clients can see “Home” computers. (this is a matter of configuration, and can be configured differently, depending on what you need)

Step 1. Setup DHCP server for the “Home” (main) network.

As you can see from the “end goal” diagram above, the “Home” SSID (or VLAN1) has a subnet, and its DHCP client addresses start from Hence that is what needs to be configured on DD-WRT’s “Setup -> Basic Setup” screen (the “Router Local IP” should be set to which would dictate the subnet to be

DD-WRT - DHCP settings

Note that “” is just an example – you would want to use something that is appropriate for your network – e.g. “”

Step 2. Setup wireless networks (SSIDs).

Now we need to create two wireless networks – one main network (e.g. “Home”), and one virtual network (e.g. “Guest”). For that go to DD-WRT “Wireless -> Basic Settings” screen:

configure wireless networks with dd-wrt

Enter a desired name for “Physical Interface’s -> Wireless Network Name(SSID)” (this is going to be the main network). You can also stick to the “end goal” diagram above, and enter “Home”.

After that is done, click “Add” to add a “Virtual Interface” and enter its SSID name as well (e.g. you can enter “Guest”). Make sure that the “Network Configuration” is set to “Bridged” as shown on the screen in this step.

Step 3. Configure wireless network security.

In the previous step we configured two wireless networks, now let’s secure them. We will use 128 bit WEP algorithm for both of them due to the reason described in “Step 5″. To accomplish this go to DD-WRT “Wireless -> Wireless Security” screen:

configure wireless security with dd-wrt

Choose “WEP” for “Security Mode”, 128 bits for “Encryption”, enter “Passphrase” and click “Generate” button.

Do it for both networks (Physical and Virtual Interfaces)

Step 4. Setup a virtual interface, and its DHCP settings.

Now we will set the bridge for the virtual network – “Guest” (or VLAN2) from the “end goal” diagram above. For that go to DD-WRT “Services -> Services” screen:

Configuring DNSMasq and DHCP for virtual network

Find “DNSMasq” section, enable “DNSMasq”, and in “Additional DNSMasq Options” enter:


This would create a DHCP server for the virtual (“Guest”, VLAN2) network.
“” is again – just an example, you can use any subnet that suits your needs.

Step 5. Setup firewall rules and a startup script.

This is the most complex step, that makes many network administrators confused, and regular people to give up on DD-WRT multiple SSID configuration. But don’t worry :) – below is a “copy/paste”, working deal.

Go to the DD-WRT “Administration -> Commands” screen:

Setting up firewall rules and a startup script for multiple SSIDs - DD-WRT

Enter the following firewall rules to the “Firewall” section:

iptables -I INPUT -i br1 -m state --state NEW -j logaccept
iptables -I FORWARD -i br1 -o vlan1 -m state --state NEW -j ACCEPT
#below keeps the two networks from talking
iptables -I FORWARD -i br0 -o br1 -j logdrop

Enter the following commands to the “Startup” (it is a startup script that executes when the router starts up):

brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
ifconfig br1 netmask
ifconfig vlan2 up
brctl addif br1 vlan2
ifconfig br1 up
##FIX NAS. Here NAS is disabled, cause it is NOT used for WEP, and these wifi networks will use WEP (for now)
killall nas
nas -P /tmp/ -H 34954 -l br0 -i eth1
nas -P /tmp/ -H 34954 -l br1 -i wl0.1

Here is where it gets interesting… Remember in “Step 3″, when configuring wireless security, we chose WEP? That was done because the current DD-WRT firmware “v24-sp1 (07/27/08) micro”, that is used at the moment of writing, has a bug in starting NAS, which is a proprietary binary tool that sets up dynamic encryption (WEP/WPA) on wireless devices.

UPDATE (12/22/2008):
           Tried "v24-sp2" (09/26/08 std - build 10431M VINT Eko) for WRTG54GL v1.1 router -
           WPA worked with multiple (tried 2) SSIDs.

In a startup script above, we start NAS in “vanilla” mode for “eth1″ (the main network) and for “wl0.1″ (guest, virtual nework), and therefore we are using WEP for both networks.

The only line from above startup script that you might want to change is:

ifconfig br1 netmask

Here “” is, again, an example, so if you chose a different subnet for the virtual network (br1), you should enter it instead.

Now you can save all the changes and restart the router. You should be good to go!
If you have any questions or comments, you are welcome to address them below in the “comments” section.

Sep 08

Sure Way to Restart a Wireless Network

linux penguin is watching windows fly

While wireless signal is good, the network is dead – why is that? Many reasons, of course. You can spend time to figure out the reason and then try to fix, which is a good approach, but requires some time. Or you can restart the network to see if it resolves the issue, and if it does – forget that the problem ever existed.

However the way to restart a wireless network is not always “black and white”. Sometimes it is possible using GUI, and sometimes by typing something that means “network service restart”. And yes these ways are “clean”, but have a drawback – they rely on operating system to do what it suppose to do and restart the network.

However, OS does not always behave (yes, Linux does not always behave, along with Mac, and Windows, and “any” OS.. ). But here is a sure way to restart it – you would need to get down to the driver level though – to be less OS (or distribution) specific. But I’ll guide you through, don’t worry..

So, the signal is full/good/strong:

wireless signal is good
but there is no network:

$ ping -c 4
ping: unknown host

First thing to do is to see what wireless card you are using:

$ lspci | grep -i network
08:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

In my case it is Intel 3945ABG. Next, check what driver is used for this card. I did a simple google search, and saw that the driver is “ipw”something.

Let’s see what ipw-like modules/drivers are currently running/loaded:

$ modprobe -l | grep ipw

Here it is “ipw3945″. Let’s kill it (-r stands for “remove”):

$ sudo modprobe -r ipw3945

Let’s start it back up:

$ sudo modprobe ipw3945

Checking connectivity:

$ ping -c 4
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=238 time=43.3 ms
64 bytes from ( icmp_seq=2 ttl=238 time=28.9 ms
64 bytes from ( icmp_seq=3 ttl=238 time=27.7 ms
64 bytes from ( icmp_seq=4 ttl=238 time=34.7 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 27.742/33.685/43.323/6.165 ms


Sep 08

Reset Lost Password in Sun Application Server

Sun Application Server Password ResetHappens to the best of us, less with system admins more with developers. But we are all human, and believe it or not we DO forget and loose passwords at least once every so often. Some time ago I wrote a tutorial on how to reset lost root password in mysql, and here is another similar tutorial on how to reset the lost domain password but this time for Sun Application Server.

Before going any further with this article, please first check “.asadminprefs” file:

cat /home/toly/.asadminprefs

the admin password could be there

If it is not there, there are two ways to reset it:

  • Reinstall or recreate the affected domain.
  • Create a new dummy domain and copy its security key file over to the real domain to substitute the password.

Below is an explanation for the second approach (in case when “reinstall or recreate affected domain” is not an option):


 >   Sun App server is installed in                 "/opt/SUNWappserver"
 >   Domain to which the password is lost:   "domain1"

Step 1. Creating a new dummy domain

/opt/SUNWappserver/bin/asadmin create-domain --adminport 7070 --adminuser admin --instanceport 7071 dummy-domain
Please enter the admin password>password
Please enter the admin password again>password
Please enter the master password>password
Please enter the master password again>password
Domain dummy-domain created.

Step 2. Copy dummy-domain’s “admin-keyfile” to domain1’s “admin-keyfile”

cp /opt/SUNWappserver/domains/dummy-domain/config/admin-keyfile  /opt/SUNWappserver/domains/domain1/config/admin-keyfile

now the password for domain1 is “password” – DONE :)

Step 3. Deleting the dummy domain

/opt/SUNWappserver/bin/asadmin delete-domain dummy-domain
Domain dummy-domain deleted.


The above is true for Sun’s Application Server 8.x and later.

For Sun’s Application Server 9.x check out “change-admin-password

Sep 08

Configure Rails and MySQL to Support UTF-8

Rails on MySql

The fact that there are so many different countries, people and languages makes it very interesting to watch all them to use a single tool. Besides the different cultures of programming, there is a definite difference in languages that the tool needs to support in order to become widely used.

Luckily, if the tool is written to support UTF-8 encoding it is guaranteed to support all the modern spoken languages. Since UTF-8 is able to represent any character in the Unicode standard, yet the initial encoding of byte codes and character assignments for UTF-8 is backwards compatible with ASCII, and for these reasons, it is steadily becoming the preferred encoding for e-mail, web pages, and other places where characters are stored or streamed – in our case it is a mySql database.

When working with Rails on mySql, it is most of the time, a good practice to make sure the UTF-8 support is enabled, since even if there is no immediate need, in the future, clients of the Rails application could come from different points of Earth – due to the Earthy nature of the Internet.

Here are 3 simple steps on how to configure a Rails application and mySql database to support UTF-8 encoding:

Step 1. From the Rails side, due to the “convention over configuration” principle, there is only one thing to make sure of. Open the Rails database configuration file:

  vi config/database.yml

(here I used “vi” text editor, but any editor of choice can be used: notepad/textmate/emacs/aptana.. etc)

Notice the “encoding” option, and make sure it is set to “utf-8″:

        adapter: mysql
>>>  encoding: utf8
        database: my_international_db
        username: user
        password: password
        socket: /var/run/mysqld/mysqld.sock

That will conclude this step, since everything from Rails side is configured. Simple? Well, yes – Rails is well designed to keep it simple stupid.

Above is the sample for the Rails development environment, make sure that testing and production environments have the same configuration.

Step 2. Now it is time to configure MySql server. This will be done by editing “my.cnf” – mySQL configuration file:

  vi /etc/mysql/my.cnf

There are several sections in the file. Modify two of them – “client” and “mysqld” as shown below to configure mySql for UTF-8 support:


Step 3. The very last action would be to restart MySql server. Here is an example on how to do it in Linux (Ubuntu):

  sudo /etc/init.d/mysql restart

NOTE: Only databases that are created after the above change will support UTF-8 encoding.

After these three steps Rails application and MySql server are configured, and ready to serve the whole planet!