Author Archives: philroche

Xerox DocuMate 3220 scanner on Ubuntu

TLDR; This blog post is confirming that the Xerox DocuMate 3220 does work on Ubuntu and shows how to add permissions for non root users to use it.


I was using my wife’s old printer/scanner all in one for scanning documents and it worked well but it was a pain to scan multiple documents so I decided to get a business scanner with auto feed and duplex scanning.

I went for the Xerox DocuMate 3220 as it stated it was SANE compatible so would work on Linux.


With an RRP of ~€310 I managed to get a refurbished model for €98 delivered from ebay but sadly I didn’t do enough research as the scanner is not SANE supported.

In my research in trying to add the scanner to the xerox_mfp SANE backend config (which didn’t work) I discovered that VueScan was available for Linux and it’s supported scanners did list some of the Xerox DocuMate series. I had used VueScan on my old MacBook Pro and was very happy with so I gave it a shot. Note that VueScan is not Open Source and not free but it is excellent software and well worth the €25 purchase price.

Lo and behold it found the scanner and it supported all of the scanner’s features.

  • Flatbed scanning
  • Auto feed
  • Duplex auto feed

However VueScan would only detect the scanner when run as root due to libusb permissions.

To add permissions for non root users to use the scanner I made the following changes. This guide should also be helpful when changing permissions for any USB device. The following changes were made on an Ubuntu 17.10 machine.

# Add myself to the scanner group. You can do this through the “Users and Groups” GUI too.

philroche@bomek:$ sudo usermod -a -G scanner philroche

# Find the scanner vendor id and product id

Running dmesg we can see the scanner listed with idVendor=04a7 and idProduct=04bf

philroche@bomek$ dmesg
usb 1-2.4.3: new high-speed USB device number 26 using xhci_hcd
usb 1-2.4.3: New USB device found, idVendor=04a7, idProduct=04bf
usb 1-2.4.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-2.4.3: Product: DM3220
usb 1-2.4.3: Manufacturer: Xerox
usb 1-2.4.3: SerialNumber: 3ASDHC0333

Note: The device number will most likley be different on your system.

Running lsusb we can see that the scanner is also listed as “Visioneer”

philroche@bomek:$ lsusb
Bus 001 Device 026: ID 04a7:04bf Visioneer

Note: As with the the device number, the Bus used is likley to be different on your system.

We can see above that the device is on bus 001 as device 026. Using this info we can get full udev (Dynamic device management) info.

philroche@bomek:$ udevadm info -a -p $(udevadm info -q path -n /dev/bus/usb/001/026)
looking at device '/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4.3':
 ATTR{bNumInterfaces}==" 1"
 ATTR{version}==" 2.00"

This is the info we need to create our udev rule

# Add Udev rules allowing non root users access to the scanner

Create a new udev rule

philroche@bomek:$ sudo nano /etc/udev/rules.d/71-xeroxdocument3220.rules

Paste the following text to that new file

SUBSYSTEM=="usb", ATTR{manufacturer}=="Xerox", ATTR{product}=="DM3220", ATTR{idVendor}=="04a7", ATTR{idProduct}=="04bf", MODE="0666", GROUP="scanner"

This adds a rule to allow any user in the “scanner” group (which we added ourselves to earlier) permission to use the usb device with vendor 04a7 and product 04bf.

Note you will have to log out and log in for any group changes to take effect or run su - $USER

# Reload the udev rules

philroche@bomek:$ sudo udevadm control --reload-rules

# Test these new udev rules

philroche@bomek:$ udevadm test $(udevadm info -q path -n /dev/bus/usb/001/026)

You shouldn’t see any permissions related errors.

Now when you run VueScan as a non-root user you should see no permissions errors.

# Start VueScan

philroche@bomek:$ ./vuescan


Creating a VPN server on AWS using PiVPN

One of the streaming services I use called NowTV recently launched an Irish service alongside their UK service which I was using. The Irish service costs _double_  the cost in UK. They have also begun geoblocking all Irish users and also users of VPN Services like ExpressVPN and PrivateInternetAccess from using the UK service.

To get around this I decided to set up my own VPN server on AWS in their London datacenter to get around the geoblocking.

The easiest way I have found to set up a VPN server is to use PiVPN ( which was designed for use on Raspberry Pi but can be installed on any Debian based machine.

There has been a few recent guides on how to install PiVPN but this one focusses on installing on AWS.

A prerequisite for this guide is that you have an AWS account. If this is your first time using AWS then you can avail of their free tier for the first year which means you could have the use of a reliable VPN server free for a whole year. You will also need an SSH keypair.

The steps are as follows:

  1. Start up an instance of Ubuntu Server on AWS in the London region
  2. Install PiVPN
  3. Download VPN configuration files for use locally

1. Start up an instance of Ubuntu Server on AWS in the London region

Log in to your AWS account and select the London region, also referred to as eu-west-1.

Selection_141 (copy).png

Create a new security group for use with your VPN server.


This new group sets up the firewall rules for our server and will allow only access to port 22 for SSH traffic and UDP port 1194 for all VPN traffic.


Launch a server instance


We will choose Ubuntu Server 16.04 as it is a Debian based distro so PiVPN will install.


Choose the t2.micro instance type. This is the instance type that is free tier elligible.


Leave instance details default


Leave storage as the default 8GB SSD


No need to add any tags


Choose the security group we previously created.


Review settings – nothing to change here.


Click Launch and specify either a new SSH keypair or an existing SSH key pair. I have chosen an existing pair which is called “philroche”.


Check the checkbox abount key access and click Launch Instances. Your instance will now launch.


Click View Instances and once state has changed to running note the IPv4 Public IP. You now have an instance on Ubuntu Server running on AWS in their London datacentre.


2. Install PiVPN

SSH in to your new server using the private key from the pair specified when launching the server.

ssh -i ~/.ssh/philroche ubuntu@%IPV4IPAddress%

substituting %IPV4IPAddress% for the IP address of your server


Once logged in update the packages on the server.

sudo apt-get update


Start the PiVPN installer.

curl -L | bash

For more detail on this, see


You are then guided through the process of installing all the required software and configuring the VPN server:





Choose the default ubuntu user.



We do want to enable unattended upgrades of security patches.


Choose UDP as the protocol to use.


Choose the default port 1194.



Create a 2048 bit encryption key.



Choose to use your servers public IP address.


Choose whichever DNS provider you would like to use. I chose Google.


Installation is now complete 🙂


Choose to reboot the server.



Once the server has rebooted, checking the AWS dashboard for it’s status, SSH back in to the server.

Now we need to configure a VPN profile that we can use to connect to the VPN server.

The easiest way to do this is to use the ​​​​pivpn command line utility.

pivpn add


This will guide you through the process of creating a profile. Make sure to use a strong password and note both the profile name and the password as you will need these later.


Set up is now complete so you can logout.


3. Download VPN configuration files for use locally

The only thing left to do is to download the profile you created from the server so that you can use it locally.

scp -i ~/.ssh/philroche ubuntu@%IPV4IPAddress%:/home/ubuntu/ovpns/%PROFILENAME%.ovpn .

substituting %IPV4IPAddress% for the IP address of your server and %PROFILENAME% with the name of the profile you created.

This will download the .ovpn file to your current directory.


Once downloaded you can import this to your VPN client software of choice.

I used the profile on a small Nexx WT3020 I had with OpenWRT installed. I connect this to my NowTV box so I can continue to use NowTV UK instead of the overpriced NowTV Ireland.


I hope this guide was helpful.

The ultimate wifi upgrade

I have been procrastinating for a very long time about whether or not to take the plunge and upgrade my office/home wifisetup. The goal of the upgrade is to have complete high speed wifi coverage throughout my house and seamless hand over between access points.



Today I bit the bullet and decided to buy a five pack of Ubiquiti UniFi AC Lite AP and one Ubiquiti TOUGHSwitch TS‑8‑PRO. I could have gone for the Pro or HD access points but for my use case this was overkill.

All Ubiquiti products seem to be the industry GOTO product and we use them at Canonical sprints where we’ve never had a problem. I also purchased 305m spool of cat6 cable and a Platinum Tools EZ-RJPRO Crimp Tool and connectors to make it easier to properly terminate the connections.

UniFi AC Lite AP

UniFi AC Lite AP

All the access points are (POE) Powered Over Ethernet so will not require power points in the ceiling.

This setup does require using Ubiquiti Unifi controller software but thankfully there is a docker image which sets this up and which I can run on my Freenas box.

All this means I should achieve my goal highspeed wifi throughout the house and seamless handover between access points. It will also hopefully mean that I no longer require any ethernet over powerline adapters.

I plan on taking a few pictures of the setup as it progresses as well as performing speed tests.. watch this space.

Configuring Arduino IDE for use with Autonomo board and RN2483 Lora Shield

Much of the following set up is from the official Autonomo docs at but with a bit more detail and more screenshots.

  • Download the latest version of Arduino IDE (1.6.8 at time of writing) from
  • Extract archive and run the install script which will add an shortcut to the application to your main applications menu.
    Install Arduino IDE shortcuts
    Arduino IDE shortcut
  • If you are using Linux you will need to add yourself to the ‘dialout’ user group and logout and login for the change to take effect. This is so that you have permission to access the COM ports.
    Add user to dialout group
  • We then need to tell the Arduino IDE about our Sodaq Autonomo board. The Autonomo’s board profile is available through the Arduino Boards Manager. In order to install the board files you will need to first add the SODAQ board manager URL ( to File->Preferences->Additional Board Manager URLs:
    Arduino IDE preferences
    Adding Sodaq boards profile
  • Once this is done we need to download the board profile for the Autonomo using Arduino IDE’s board manager.
    Board manager menu entry
  • Search for ‘sodaq’ click install for the latest Sodaq SAMD boards.
    Sodaq boards
  • You will now see the Autonomo board listed
    Autonomo board now listed
  • Now we have the board installed we need to install the Sodaq specific libraries that we are likely to use. We can do this using the library manager:
    Library manager
  • Search for ‘sodaq’ in the library manager and install the libraries you are likely to use
    sodaq libraries

Your Autonomo board is now configured on Arduino IDE and you can continue development as you would with any Arduino board.

Deploying Keys and Certs to a NodeJS app on AWS Opsworks

I have a nodejs app running on AWS deployed using AWS Opsworks. The app relies on an AWS IoT certificate and AWS IoT private key being present and I don’t want to add the key and certificate to my git repo.

The solution I ended with was to use the AWS Opsworks App environment variables to pass in the certificate and key as environment variables and read these from the nodejs app.

App  Environment Variables

Opsworks replaces all new line characters with spaces so in our app we have to reverse this:

var iotcert = process.env.IOTCERT;
var iotkey = process.env.IOTKEY;
iotcert = iotcert.split(" ").join("\n").replace("BEGIN\nCERTIFICATE", "BEGIN CERTIFICATE").replace("END\nCERTIFICATE", "END CERTIFICATE");
iotkey = iotkey.split(" ").join("\n").replace("BEGIN\nRSA\nPRIVATE\nKEY", "BEGIN RSA PRIVATE KEY").replace("END\nRSA\nPRIVATE\nKEY", "END RSA PRIVATE KEY");

…. Problem solved 🙂

I suppose it is a little less secure than the certificate and key being on the file system and with read only access to the nodejs process but it’s a lot more secure than the certificate and key being hosted on github.

Python command history

Obviously iPython is the bee’s kness when it comes to Python shells but if you don’t have iPython installed then getting command history can be a pain. Not any more 🙂

import readline; print '\n'.join([str(readline.get_history_item(i)) for i in range(readline.get_current_history_length())])

This will print all python commands run during that session.

Also as a gist

If you have iPython installed, it’s as simple as


Android must have apps 2015

After a 4+ year hiatus from blog posting. I’m back 🙂 As a first post back I list my ‘must have’ Android apps for 2015.

  1. Airdroid: For copying files (and a lot more) without a cable
  2. QuickPic – very good gallery app
  3. Here Maps – cool GPS that can be used offline
  4. BaconReader – for reddit
  5. File Commander – File browser
  6. MX Player – video player that plays everything
  7. Podcast Addict – for podcasts
  8. Smart AudioBook Player – for playing and managing audiobooks
  9. Impetus – countdown timer for gym
  10. Stopwatch & timer – very good stopwatch
  11. Smart Voice Recorder – neat audio recorder
  12. – for weather
  13. Nova Launcher – very fast launcher for Android