2012-04-02
A KRESZ egy jól áttekinthető jogszabály – feltéve, ha autisták vagyunk, fotografikus memóriával. Mert amúgy kissé nehéz itt-ott megtalálni benne valamit.
Időnként felmerül (egy-két rendőr esetén) hogy szeretne valakit gyorshajtásért megbírságolni, viszont adódik egy probléma: a sebességkorlátozó táblák hatályát – emlékeim szerint – feloldja az útkereszteződés, vagyis ha országúton (90) kint van egy 60-as tábla, akkor az útkereszteződéstől a következő 60-as tábláig (ami esetleg lusták voltak a kereszteződés után megismételni) 90 van.
Ezt szerettem volna megkeresni a KRESZ-ben… és eltartott vagy 20 percig. De nem vagyok álnok, így neked is, meg magamnak is kijegyzetelem.

1/1975. (II. 5.) KPM-BM együttes rendelet
a közúti közlekedés szabályairól

14. § (1) A járművek forgalmát tiltó vagy korlátozó jelzőtáblák:

c) „Megfordulni tilos” (29. ábra); a tábla azt jelzi, hogy az úton megfordulni tilos;

d) „Sebességkorlátozás” (30. ábra); a tábla azt jelzi, hogy az úton a táblán megjelöltnél nagyobb sebességgel haladni tilos. A tábla alatt elhelyezett hóesésre (97/a. ábra) vagy esőzésre (97/b. ábra) utaló kiegészítő jelzőtábla azt jelzi, hogy a sebességkorlátozás csak a megjelölt időjárási körülmények vagy nedves útburkolat esetében érvényes. Kiegészítő tábla jelezheti, hogy a sebességkorlátozás meghatározott időszakra vagy bizonyos járműkategóriákra vonatkozik;

e) „Legkisebb követési távolság” (31. ábra); a tábla azt jelzi, hogy az úton a járműveknek egymást a táblán megjelöltnél kisebb távolságban követniök tilos; ha a táblán tehergépkocsik jelképe van, a tilalom az egymást követő járművek közül csak a 3500 kilogrammot meghaladó megengedett legnagyobb össztömegű tehergépkocsikra, valamint a vontatókra, a mezőgazdasági vontatókra és a lassú járművekre vonatkozik;

f) „Előzni tilos” (32. ábra); a tábla azt jelzi, hogy az úton előzni tilos; ez a tilalom nem vonatkozik kétkerekű motorkerékpárnak, segédmotoros kerékpárnak és kerékpárnak, valamint állati erővel vont járműnek és kézikocsinak gépjárművel való előzésére, továbbá az úttest közepén levő vágányon haladó villamos előzésére;

g) „Tehergépkocsival előzni tilos” (33. ábra); a tábla azt jelzi, hogy az úton 3500 kilogrammot meghaladó megengedett legnagyobb össztömegű tehergépkocsival, valamint vontatóval, mezőgazdasági vontatóval és lassú járművel, valamint az ezen járművekből és pótkocsiból álló járműszerelvényekkel előzni tilos; ez a tilalom nem vonatkozik kétkerekű motorkerékpár, kétkerekű segédmotoros kerékpár és kerékpár, valamint állati erővel vont jármű és kézikocsi előzésére, továbbá az úttest közepén levő vágányon haladó villamos előzésére; ha a jelzőtáblán számérték is megjelenik (33/a. ábra), az előzés tilalma csak az ezt az értéket meghaladó megengedett legnagyobb össztömegű tehergépkocsira, vontatóra, mezőgazdasági vontatóra és lassú járműre vonatkozik;

(6)Az (1) bekezdés c)-g) pontjában említett jelzőtábla hatálya a táblánál kezdődik és a következő útkereszteződés kezdetéig tart, kivéve, ha a jelzőtábla alatt elhelyezett kiegészítő tábla ennél rövidebb távolságot jelöl meg, vagy a (7) bekezdésben említett jelzőtábla a tilalmat előbb feloldja.

1. számú függelék az 1/1975. (II. 5.) KPM-BM együttes rendelethez

A rendeletben használt egyes fogalmak meghatározása a következő:
I. Az úttal kapcsolatos fogalmak

k) Útkereszteződés: két vagy több útnak azonos szintben való kereszteződése, egymásba torkollása, illetőleg elágazása.

a) Út: a gyalogosok és a közúti járművek közlekedésére szolgáló közterület (közút), illetőleg magánterület (közforgalom elől el nem zárt magánút).

Abből az következik tehát, hogy bármilyen út, ami gyalogosok és(??) járművek közlekedésére szolgál találkozik egy másik úttal, akkor ott megszűnik a sebességkorlátozás hatálya, méghozzá a találkozás kezdetén (ez monduk egy autópálya leágazásnál lehet fontos, ahol a „csatlakozás” akár több száz méter is lehet). A definíció nem írja elő, hogy burkolt legyen az út, vagy akár útként nyilvántartott terület: elég, ha útként funkcionál.

2012-03-28
Lemondott az ARTISJUS elnöksége. Indoklásukban kifejtették, hogy most, hogy a „másolás” nem „lopás”, hanem „elismert szakmai teljesítmény” nincs többé szükség a maffiamunkájukra, és üdvözölték a kormány bátorságát a szerzői jogok alapvető megváltoztatására. A ProArt megszűnése jövő hét elején várható, a szerzői jogi hivatalok és szervezetek megszűnéséről és végelszámoltatásáról május végéig dönt a Párt központi bizottsága.
Orbán Viktor leiratban értesítette a WIPO-t Magyarország nemzetközi szerzői jogi egyezményből való kilépési szándékáról, egyben rosszallását fejezte ki, hogy a világ még mindig ragaszkodik egy ilyen idejét múlt rendszerhez, ahol nem a valódi szabadságot biztosítják hanem a fejlődést, előrehaladást hátráltatják a legnagyobb gazdasági szereplők érdekei szerint.

Letölthető az Országos Széchenyi Könyvtár teljes digitális anyaga péntektől - jelentette be Giro-Szász András egy sajtótájékoztatón. A kormány elő akarja segíteni a fiatalok diplomához jutását, hogy Magyarország a kilencésfélmillió doktor országa lehessen.

Másolási napot hirdetett a Fidesz és az LMP közös nyilatkozatában. Ezen a napon a Szabadság téren felállított nyilvános számítógépekről és nyílt wifi állomásokról több mint 450 terabyte digitális anyagot lehet szabadon lemásolni, beleértve az elmúlt 50 év filmjeit, az országban az utóbbi 10 évben kiadott könyveket valamint több, mint 120 ezer zeneművet. A rendezvény védnöke Dr. Schmitt Pál köztársasági elnök.

Installing Debian/Linux on Thinkpad Edge E320 Core i5

2012-03-24
Got the new family member. Okay, eventually it was unavoidable that after being computer and network engineer for 20 years I going to buy a laptop. :-P So far I survived with desktop machines (and you know they accumulate pretty nicely), mobile phones (obviously Android, but they're way too small for real work) but now I realised it cannot go on anymore. I've been on the way for days and often I had to fix things and it's just not possibe using that phone...
I've been fighting this for 2 years now. The old Thinkpad T40 I inherited completely died, first the video ram got funnies, then the fan then the cpu went to see the Great Manitou. The next problem was to find something cheap without being sucky-sucky. I realised that if I want to have the best possible solution it'll take about forever. So okay, let's see what is NOW available around. This one is probably old enough to be cheap (as far as I see it's not listed in the current model line anymore) but good enough to be useable. Originally it's been a Toshiba but Lenovo got a more powerful cpu and better features.

Finally I picked a Lenovo Thinkpad Edge E320 129888G, Core i5-2450M @ 2.4GHz, 4G RAM, 320GB (290GiB) hdd and an Intel integrated and an ATI Whistler video card with a Radeon 6600M chipset. It possess a b/g/n wifi (Intel), an SM card reader (RTS5116 from RealTek), DSub and HDMI for ext video and an E-Sata for, well, just because. And 2 usb and the gig ethernet from Atheros closes the line. Not that bad, overall, for 3-6 hours of battery power. I mean, for approx $730 or €545.

Okay, that wasn't what I wanted to talk you about. I wanted to talk about:

Installing Linux on E320

It sucks. No, really, it does suck pretty hard. I mean, I'm doing this shit for 25+ years now and still took me the better half of the day, and a bit of the next. With the help of experience, google and lots of patience. And it's not Linux who's to blame, mind you.

Okay, so this came preloaded with some windows trash, v0.7 or something, for the fun without any install media. Which means that if it gets screwed up then you're probably on your own. Brilliant. Oh, I mean, no problem, windows never gets broken.

So this machine starts up nicely apart from the microsoft trash on it. I remembered that ages ago I've used Partition Magic to shrink it, but it seems it doesn't really exist anymore. But google told me that this kind of windoze can actually do it by itself. Really, it has the disk utility built-in which can actually - amond other things - shrink the partition. And worked pretty well, for a windows program.

So I have shrunk it to ~48 Gigs and the rest to be used. The disk contain 3(!!) partitions, one for thinkpad stuff and other is for some windows driver crap or whatnot, but fortunately one left to be used for logical partitions. (Don't get me started on EFI, that comes soon.)

So there's the partition, let's install it. I have a DVD install but I have no DVD in the machine, but fortunately I have an external USB drive. So lets boot!

Um, it doesn't. Starts windows (and every time either you wait for the crap to finish or have to poweroff it since there ain't to reset buttons on mobile stuff), everytime.

Okay, let's change the BIOS settings. I mean... I ... wtf? No bios prompt at boot. "Press ENTER to abort booting." Very funny fsckers, it goes faster into the bloody windows again.

Let's see F1? No. Ctrl-whatever? F12? Looks weird but no. Okay, the net told me F2, but F12 could be good for it either. So F2, enter the BIOS, and activate that bloody "show enter bios prompt" setting, and move over to boot order.

Boot order looks fine: first usb stick, then cd, then whatever, last hdd. Still, doesn't really care about it, starts hdd everytime.

Here came a longer gap when I have tried to look up what UEFI and EFI is, why and why not, what and whatnot, since this beast supports EFI boot. If you wonder you can look it up in Wikipedia.

No luck. Latest Debian DVD is supposed to boot on EFI as well as USB stick images, but no. I can set EFI only, no. I have tried Legacy Only and no. It may have been related to the fact that the machine boots faster than the DVD can identify the media. So I have disabled the hdd from boot and this way it was a bit faster to figure it out, without the need to see windows anymore.

Well, some combination of EFI and legacy boot, with efi first if I remember correctly, plus using the F12 boot which was able to delay the booting I was able to start the DVD. (After the mess I figured that newest USB images, which contain everything including the MBR can boot as well, but no way if I try to use my own MBR.)

The install went well, from an older Debian x64, installed grub, and I was kind of realised it won't be that simple.

And it wasn't. Grub didn't boot at all, no operating system. The fscking lame BIOS is made for windoze and if some windoze shit isn't there it thinks there isn't an OS around. No matter MBR signature is ok, the partition table is ok... something is required which isn't just there.

Another bunch of hours passed with several moves of trying to get an EFI boot, no luck, or to try to figure out some combination of partition table which works, without much success. In the meantime I was able to find an USB stick state which was able to boot, containing a new (v1.97) GRUB and the partition table created by grub-mkrescue. So I figured upgrading Debian to latest (sid) may help, because it contains the new GRUB plus it may support EFI, too.

Upgrading obviously requires a working ethernet or wifi, and obviously... none of them were detected. For the record, here are the internals:

00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [8086:0104] (rev 09)
00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port [8086:0101] (rev 09)
00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09)
00:16.0 Communication controller [0780]: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04)
00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d] (rev 04)
00:1b.0 Audio device [0403]: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller [8086:1c20] (rev 04)
00:1c.0 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 [8086:1c10] (rev b4)
00:1c.1 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 [8086:1c12] (rev b4)
00:1c.2 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 3 [8086:1c14] (rev b4)
00:1c.5 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 6 [8086:1c1a] (rev b4)
00:1d.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 [8086:1c26] (rev 04)
00:1f.0 ISA bridge [0601]: Intel Corporation HM65 Express Chipset Family LPC Controller [8086:1c49] (rev 04)
00:1f.2 SATA controller [0106]: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller [8086:1c03] (rev 04)
00:1f.3 SMBus [0c05]: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller [8086:1c22] (rev 04)
01:00.0 VGA compatible controller [0300]: ATI Technologies Inc Whistler [AMD Radeon HD 6600M Series] [1002:6741]
03:00.0 Network controller [0280]: Intel Corporation Centrino Wireless-N 1000 [8086:0084]
04:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
04:00.1 SD Host controller [0805]: Realtek Semiconductor Co., Ltd. RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
09:00.0 Ethernet controller [0200]: Atheros Communications Inc. AR8151 v2.0 Gigabit Ethernet [1969:1083] (rev c0)
So, we have a Centrino Wireless-N 1000, which requires iwlwifi driver and more importantly its firmware images which isn't quite free, so it goes onto the USB stick, into its root specifically. The installer requires to look for missing formware images on external drives, finds the usb and uses it nicely. Still, wifi setup isn't trivial in the installer (especially when using WPA2).

The ethernet... well it's an atheros 8151, using the atl1c driver, which is part of debian, and doesn't even require any external firmware... except it just doesn't get detected.

A nice summary can be read on the Debian wiki which tells the secret:
echo "1969 1083" > /sys/bus/pci/drivers/atl1c/new_id
And after that udev finds the card nicely. A small problem is that when you have to try to reboot many times (to fix the aforementioned boot issues as well as others) this has to typed every time. Bummer, no mouse on console while installing.

Well yes, the upgrade worked, but still no boot. Dammit.

Another round of fiddling started, which resulted a working combination of BIOS (efi then legacy), and MBR (GRUB's code but windoze partition was set as boot media!) and a few twists with encrypted swap (which changed UUID in the meantime and update-initramfs completely screwed up figuring it, so /etc/crypttab had to be edited then initrd had to be completely removed and re-created), and after all I ended up with a working multibooting Debian.

As a closing act I wondered whether windoze 0.7 survived, as people mentioned for windoze 6? xp? whatever? that it dies when MBR changes and require a reinstall media to fix, which I obviously didn't possess (this was the reason for the honorable mention in the first paragraph). Lenovo rescue was beyond rescue: bad media, fix me with the DVD, but what DVD nobody could tell. To my greatest surprise years didn't passed vainly on windoze as this extreme professional version choked on MBR change (but of course, what else to do anyway), but offered to fix itself and lo! it just did. So I have a windoze partition as well as a game console or for those programs which exist only there.

It wasn't that hard. ;-)

Right now Everything Works™, even the SD card reader. I have tested with dual monitors and it works nicely. I didn't test eSata but everything else looks fine. Battery time is 3hrs with active use or close to infinity when suspended, real life lies between these two, my guess would be around 4-5 hours. Charger is pretty quick: fully charges around 1 hour.

So far I'm happy.

Why horny people are security risks

2012-03-07
Those websites who serve data to the public but not to data gathering robots (programs), or those who would like to keep people who register there to be humans often try to achieve this goal by using CAPTCHAs: methods conceived tobe able to differentiate between a human and a machine, usually requiring associative and patter recognition skills which relatively easy for humans (well, at least for that approximately 40% possessing enough intelligence anyway) and supposedly hard for computers. You know those distorted, hard to read words you have to recognise and type, sometimes moving letters, sometimes even graphical images and other image recognition tricks. Computers are usually pretty bad to recognise distorted letters, especially if it contains mixed font, handwriting and extreme calligraphy.

However sysadmins know that these methods are not perfect, and while they usually stop the general bunch of lowlife vermins to be able to illegally utilise someone else's resources they often fail to stop the advanced attacker.

Admins answer by using "stronger" CAPTCHAs: they distort the letters more, use colors, use letters not related to the "solvable" problem; but after a while it becomes obvious that the real human users of the site fail more and more percent of the tests while determined attackers seem to be able to get through in much higher precentages.

Some admins just don't understand how. Are the character recognition methods became so good? Are the analyser programs so smart, the dictionaries so perfect? Or maybe... someone's cheating?

Enter porn. You know, those websites which offer naked genitalia for the public. Since genitalia is unfortunately connected to those humans, and offering them on the 'net uses up pretty high resources it's normal that they ask for money. But horny John Doe don't want to pay (maybe can't, either) so they prefer free porn of course. They are not surprised then that the website have to make it sure that porn get digested by the noblest of the noble, the human being, and that they have to checkit by using a captcha: you prove us you're human and we give you pictures of cheap whores. Fair, requires only a few letters to type.

It is not surpising then to mention that these CAPTCHAs are usually the same as those put up by the aforementioned sysadmins who wonder how the machines solve them so easily.

Machines are not getting much smarter but people would do anything for a virtual fsck. :-)

And a sidenote to admins: watermark your CAPTCHAs with the url and name of your site, so the porn guys at least know whose puzzles they're solving to get the material.

Recording the fight won against gnuTLS

2012-02-29
Maybe someone googles for this...

After an upgrade exim TLS barfs on several connection saying
 (gnutls_handshake): Could not negotiate a supported cipher suite.
or maybe
 (gnutls_handshake): An unexpected TLS packet was received.

All these are caused by the fuckin' gnutls update, which completely starts vomiting when fed by OpenSSL generated key files and/or certificates. In my case I had to regenerate the certificate of the key by:
certtool --generate-certificate --load-request host.req  --outfile host.crt --load-ca-certificate CA/cacert.pem   --load-ca-privkey CA/private/cakey.pem
but had to realise that certtol (of GNUTLS) simply cannot handle encrypted key of the CA, and keeps telling completely stupid error messages, like
certtool: importing --load-privkey: (null): Base64 decoding error.
and some may have realised that I did not even use --load-privkey option. Oh well. Turned out it's the encoded CA private key. So first it has to be decoded, not by GNUTLS of course since it chokes on it but openssl:
openssl rsa < ca.key > ca-fsck.key
which is obviosuly a very secure way to handle a CA key. Anyway, now the generate-certificate works and tries to create a new cert. Of course extended fields are a way off unless you go on and check all the possible options of the template.
After all this mess it works with the old host key and the new host certificate. Boo-hoo.




