Friday, February 27, 2015

Blind spot elimination side mirror adjustment

There is a newer side mirror adjustment to eliminate blind spot for a decade now. There is one guy who is very vocal against it. I'm sure if he is still that much against it or he just don't want to withdraw the articles he submitted to the internet.

I have this renewed interest because ... I'm horrified about the smallness of the new cars! Those two seaters shorter than a Mini! Horrible! And often those drivers have insufficient confidence who use others as a speedometer, by following you synchronously for miles at your traditional blind spot!

First, that guy assume that if you flip left and right, there is all that is to it. No. I have to go home daily on a 8 lane freeway / motorway after dust, in a traffic jam moving at over 80 miles per hour. I have to cut from the outermost lane 8 (carpool) to exit the freeway in about a mile. And many of the other "cars" are humv sized SUV's with bright LED's glaring into your side mirror. And they don't signal if they don't see the need to. When they signal, it means move over, I'm coming.

I drove on several continents and I experienced all the international aggressive, incompetent driving styles on my way home.

That guy is not comparing apple to apple, and piles up all the reasons he can think of to support himself. This is obvious when he's talking about backup! WTF! Now if somebody created an accident on the freeway, it's not just a bump on the door, but a pile up of biblical proportions at 80 MPH. Honestly, I didn't do parallel parking and not even reverse parking for so long that I think I will fail any test. If you really need the side mirror for perfect parking, fine, but who cares. The car is mostly stationary and you have all the time to look around 360 without the side mirror. If you hit anything, it will be just a scratch.

I don't think he got the geometry right. I was looking for more scientific and geometric explanations so as to set the side mirrors perfectly. But youtube users seemed to have done a better job. Anyway, the new blind spot is a narrow triangle with your side back door on one side and extruding to the other lane. In theory, a short motorbike can hide in that zone. But practically, being in that zone at high speed is a dead wish - extreme tail gating - and it doesn't depend on how your side mirrors are adjusted. If you want to pass right at the lane marking line, you would not stay on the dead zone and suddenly accelerate. 

If he wants to talk about human nature, I tell you what, my wife never use the side mirrors! And it's not just her. When driving tests are easy, the side effect is that you can pretend to check the blind spot without understanding what to look for. If you look over your shoulder without seeing anything the examiner will give you a tick.

I can assure you that many drivers turn their heads to make sure that they don't create an accident during lane change. That's not bad when there's plenty of space ahead. But the problem is that people don't signal when they see the lane is free to take. So when you do everything that's right, and in the middle of changing over, you will find that somebody in front of you is also moving over to the same lane from the other side, without signalling.

The traditional way isn't fool proof if you do everything right. There is the pillar blind spot between the rear and front side windows. Practically, you can only see clearly cars that pass your side rear door. Small cars can still hide in the blind spot without being detected.

The guy talked about different cars, trucks, vans. This is rubbish. I don't even see if the traditional way claims to be one size fit all. I can't say about trucks, but it is your responsibility to see if it works for your vehicle.

Yes, there are cheap blind spot elimination mirrors as add-ons. But the problem is, if you don't know how to set the side mirrors in any methodology, you are not going to be able to set these aids correctly, or even buy the right mirrors.

My wife will never let me see how she drives, to avoid me telling her what is the correct, safe way. She never adjust the side mirrors - she don't know how to and she don't use them anyway. You may wonder what her driving instructor taught her. I think if your student is a total failure, you may want to teach her something that she feels her money spent is worthwhile. She talked about how to claim the lane for herself out maneuvering other drivers, when she don't even know how to use the mirrors, admen.

Some people obviously don't really understanding the newer adjustments or they didn't even try. Basically, for the traditional method, looking over the shoulder is vague. How far back an angle you need? The newer method didn't claim that you don't need to look. A comfortable side glance over the shoulders guarantee that you won't miss anything. It makes the obvious more obvious. Hopefully my wife will notice something there even if she doesn't adjust the mirrors herself.

You can't change lanes using the side-mirror alone. But that's not wrong on the method itself, it's transitional.

I saw a cyclist who is very much against it because they are often hit by car doors. I would say it's a already problem with the old method. For the newer method, if you bother to look, and you can't see your side door, you will find a way like turning your head when the car is stationary. I don't see how you will want to over take a parked car along the curb. Any passenger may hit you. For the driver side doors, I always make sure they are not opened to the on coming traffic. Cars and cyclists are not any different. If you don't open the door all of a sudden, you should be able to catch anything moving with any proper adjustments.

That comes to the point of awareness all the time. The fact is, people often drive 4 hours or more at weekends, and over 7 hours on vacation. It's a good point but you can't expect everybody to do it all the time. And also the drivers who follow you at the blind spot so if the cops are catching speeders, they will not be the first.

As for motorists who can sneak around your car close at high speed, they already have a solution. 10 out of 10 have a exhaust louder than a siren. You just can't miss them.

Sunday, February 1, 2015

Parental control using DD-WRT

As I have told you last time, I switched back to DD-WRT. The reason is that it is easier to go back to, and you can flash other 3rd-party from there.

Before I went to another firmware, I thought over it carefully because ... DD-WRT just doesn't work for MAC filtering. I went back to the stock firmware but the IP phone went dead! I'm not going to waste my time.

Also I have a rather complicated (and cheap) setup, with a client bridge to increase range, a powerline network to penetrate the walls into the garage, and a 2nd old router to serve the corner rooms and use twice the bandwidth!

If I flash another firmware the IP phone may not work again so I linger on DD-WRT a bit. The main problem is that the officially recommended version for my router isn't recommended by the community. This is well known but I don't know. How can I know? This is horrible. There's no update all these years. Of course there's no motivation for the few guys in charge to update things several years old.

I flashed the community recommended version and the MAC worked. Then I looked a bit more if I can do parental control effectively. The stock firmware and all the others like Tomato have easier to use GUI I suppose. DD-WRT is basically a complicated list of things it can do.

But how do I know what to do? I only knows what I want - parental control. There are a lot of tutorials on the DD-WRT site but I guess no parental control. That's the problem. Parental control is actually complicated and open ended, so you have to know exactly what you want in order to have a chance of finding the tutorials you need.

First, everybody have a few devices. I thought of adding host names to MAC's before starting to manage them. But it can't be done, so I didn't even try to control anything for a long time. The stock firmware gave me the idea - to add hostname you need to do static IP address. In DD-WRT, I never got the idea of linking static IP to adding host name to MAC's.

I have a few static IP's but all are setup on the host side. It's rather different on the router side. Basically it can be still automatic (DHCP) but you can assign a static IP to any host MAC and label the host your way. You can mix the static and dynamic IP ranges. So if you just change the dynamic assigned IP to a static one, you got your host labelled. But this is not under the initial DHCP setup but under Services - DHCP Server - Static Leases. This should be under newbie tutorial otherwise how do I know? Depending on your browser, you just need to cut and paste around the MAC. It is easy to guess the few unknown IP's remaining by eliminating once host at a time. Before that, the fastest way seems to be looking at the MAC at the host, and type the full digits into the access control box. Terrible.

Now since you have static IP, so it is just easier to use static IP access control rather than the MAC.

Now parental control starts but never easy. You want kids to use OpenDNS and such, while parents have no limitations. But Google made it very simple to change DNS on Chromebooks. You can ban other servers but then it's very inconvenient when you want superuser global access on that machine, to download and install something for example. Also if kids know how to change DNS then they might know how to change IP's etc.

The basic need is to have one SSID for restricted access and another for non-restricted access. I saw this need time and time again but it's not a simple switch in DD-WRT. May be it should be.

Also, if kids suddenly finds that they suddenly need a banned website for homework, there should be a simple way to grant temporary access all by themselves over the phone, without needing someone to login to the router and run some commands. OpenDNS used to take forever for the rules to update. Now it says a few minutes but I doubt that. Immediate is better.

Interestingly, my stock firmware has one SSID and one extra for guest. DD-WRT can have as many virtual access point (SSID's) as you want.

Unfortunately for multiple SSID to work with different DNS, you need the terrible horrible iptable commands. They seldom work, particularly if the poster says "something like this".

The tutorial that works is called "Multiple WLAN" in the DD-WRT tutorials. Each SSID is a WLAN (or sort of), and if you don't install multiple of them, all the SSID's will be bundled on the same WLAN with the same DNS of course.

For DD-WRT, the interface vlan1 represents all the LAN sockets at the back of the router. (For older routers it may be called vlan0.) The eth1 interface is the physical access point (phyiscal SSID). Each additional virtual access point (additional SSID's) is given interfaces wl0.1, wl0.2, etc.

By default everything should be on the same network so vlan1 and eth1 are bridged into br0 interface. You can see this on Setup>Networking. So iptables won't work on individual interfaces since perhaps they are already bridged. Only the bridged interfaces will work. And when you separate the WLAN's (or the SSID's), the only easy way I see is using the DD-WRT GUI building new bridges. So everything will be bridged and there's no reason not to work on the bridged interfaces only.

The instructions for adding bridges are good and working. So I'll will skip and talk about the things you may need to do differently.  By default you have

192.168.1.1 (network)      br0 (bridged ) = vlan1 (ethernet connections ) + eth1 (wifi)

If you add more VAPs (SSIDs), it will be
192.168.1.1    br0 = vlan1 + eth1 + wl0.1 + wl0.2 + ...

For me all the shits already setup, with static IP's and such, went through wifi eth1. (Powerline adaptors, client bridge and repeater.) So for me it's easier to separate the only LAN connection, the PC. So the 1st bridge I created is:

192.168.2.1  br1 = vlan1
You can only take out one interface at a time unless perhaps using the commands. All the other interfaces will be left on br0.

I need one wifi VAP for adults, so
192.168.3.1 br2 = wl0.1

You may need another VAP for guests with different settings.

The iptable commands for forcing DNS works. You just need to pick the DNS address and bridge number. By default, hosts in different bridges (WLAN) cannot access each other. So I need to set br1 (my PC) to be able to access br0 (my router and all the shits). The iptable commands work, but cannot penetrate deep into the subnet br0 when I have client bridges, repeaters, and such.

Now when I need to give somebody unrestricted access, I can give them the password for a VAP without OpenDNS. I can take it back by simply changing the password, the SSID or deleting it.

Now for more parental control, I can restrict the host IP's with a time table, say no messaging on the phone after light out.

One more thing I wanted to do is to setup VPN on just one VAP. So I can switch VAP to get VPN instead of connecting and disconnecting the VPN server, that takes time. However, I find out that OpenVPN will be slow on the router just because the clock rate is a lot lower on the router. So it's not worth it.

But I wanted to protect my IP on the guest VAP. I can use a simple VPN as a proxy or full openvpn because speed is not important. Openvpn is always a little tricky. The servers may want to do it one way but the clients may do it differently. For example chromebook is seldom supported. Servers in the world are fairly standard but clients behave differently - Linux clients and Window clients are slightly but critically different on at least one point. It took me a while to figure out that servers push some options on clients but only works for Window clients.

DD-WRT is differently tricky so the instructions never works. Basically if the config files for Linux works it should work for DD-WRT. However, since you cannot store or edit the config files at will so you need DD-WRT to help write the config files. But DD-WRT's help is not direct edit at all. You can't add more options (in my newer version) or delete options that DD-WRT force you to. For example most servers use (and DD-WRT setup) key files to login but some use username and password. So everybody goes their own half way but do not meet up. It's a hindrance. If OPENVPN works with the right options, then there is the dreadful iptables that may or may not work.