on marriage

(found on the internet)

While waiting to pick up a friend at the airport in Portland, Oregon, I had one of those life-changing experiences that you hear other people talk about the kind that sneaks up on you unexpectedly.

This one occurred a mere two feet away from me.

Straining to locate my friend among the passengers deplaning through the jetway, I noticed a man coming toward me carrying two light bags. He stopped right next to me to greet his family.

First he motioned to his youngest son (maybe six years old) as he laid down his bags. They gave each other a long, loving hug. As they separated enough to look in each other’s face, I heard the father say, “It’s so good to see you, son. I missed you so much!” His son smiled somewhat shyly, averted his eyes and replied softly, “Me, too, Dad!”

Then the man stood up, gazed in the eyes of his oldest son (maybe nine or ten) and while cupping his son’s face in his hands said, “You’re already quite the young man. I love you very much, Zach!” They too hugged a most loving, tender hug.

While this was happening, a baby girl (perhaps one or one-and-a-half) was squirming excitedly in her mother’s arms, never once taking her little eyes off the wonderful sight of her returning father. The man said, “Hi, baby girl!” as he gently took the child from her mother. He quickly kissed her face all over and then held her close to his chest while rocking her from side to side. The little girl instantly relaxed and simply laid her head on his shoulder, motionless in pure contentment.

After several moments, he handed his daughter to his oldest son and declared, “I’ve saved the best for last!” and proceeded to give his wife the longest, most passionate kiss I ever remember seeing. He gazed into her eyes for several seconds and then silently mouthed. “I love you so much!” They stared at each other’s eyes, beaming big smiles at one another, while holding both hands.

For an instant they reminded me of newlyweds, but I knew by the age of their kids that they couldn’t possibly be. I puzzled about it for a moment then realized how totally engrossed I was in the wonderful display of unconditional love not more than an arm’s length away from me.

I suddenly felt uncomfortable, as if I was invading something sacred, but was amazed to hear my own voice nervously ask, “Wow! How long have you two been married?” “Been together fourteen years total, married twelve of those.” he replied, without breaking his gaze from his lovely wife’s face. “Well then, how long have you been away?” I asked the man finally turned and looked at me, still beaming his joyous smile.“Two whole days!” Two days? I was stunned.

By the intensity of the greeting, I had assumed he’d been gone for at least several weeks – if not months. I know my expression betrayed me, I said almost offhandedly, hoping to end my intrusion with some semblance of grace (and to get back to searching for my friend), “I hope my marriage is still that passionate after twelve years!” The man suddenly stopped smiling.

He looked me straight in the eye, and with forcefulness that burned right into my soul, he told me something that left me a different person. He told me: “Don’t hope, friend… decide!”

on depression

I decided to write a litle stuff together and find out if I can contribute to this community. I found my way out of a severe depression mostly because of my wife and my work, both giving me incredible stability and acting as an anchor to “pull myself” out” – but I couldn’t have done it without the help of medicine bringning my mental balance back to ‘normal’ levels

Experts agree that depression is caused by low serotonine levels but the experts bikeshed about what the best way is to keep these levels back to normal (preventing the body from absorbing them? substituting them? forcing another drug to synthesize them?) – besides that, most antidepressants have a long history of wicked side effects; loss of libido/sex drive being the worst (but then, thinking back, once you are clinically depressed, the last of your worries is sex…)

I have met people who show signs of depression (there are early warning signs but people mostly ignore them or – even worse – they never mention that they have problems because:
a) they fear it will make them susceptible to trolling and jokes
b) society doesn’t accept depression – you are just “too weak”

Jokes – like the all-too-common attack on ones pride in front of others (email/chat/in public) – mostly used by someone to improve his low self-esteem on the expense of anothers who’s self-esteem has to lower for that to work (‘what a loser/weakling, mietje, watje, etc…”)
and even “go kill yourself” is frequently expressed in pseudo-anonymous environments where people just too carelessly say things they would never say if they could see the impact of what they are saying in real life. (missing non-verbal component of a conversation)

Society – the way we live it at the moment – judges people by what they are but by what they achieve – this is expecially dominant in the finance world but also in germany where i come from – your school degree is so incredibly important there because it alone will open the
door to higher education or to a good job. You can just not apply for a job without the right papers, there. A thing the Dutch have solved at a better level (speaking of experience there)
Also look at the German stereotypical “my car has to be better than the neighbors car” – this also works for sales / consultants.
Would you buy a 500K Euro server cluster from a consultant that visits you in a Toyota Aygo? (no offense, Mattronix, just stating facts from sales pitches in our company…)
So, this society.. how does it react to you being depressed? Probably helpful and proactive but the problem is you, you grew up being competitive, being “better than the others” – your school, your
parents and your work all tell you that only achievements count (even video games these days focus on these instead of a good storyline or immersive experience…)

So what do you do when you feel the others all can party on, work harder and achieve more and you can’t even drag your body out of bed or to the social evening at the hackerspace where hugs are free and friends are happy to listen to you?
You are afraid. Afraid to be stigmatized as a “loser” and that is precisely what will happen.
Of course, not publicly, everyone will act helpful and try to comfort you (that dreaded line “everything will be okay” – if you want to see me in hate-rage just say this to me when I feel bad!)
But behind your back they will start to make plans to assign your work to someone else, someone more capable, afraid you will become another number on the ‘long term illness” list, check how they can get rid of you and find someone less of a loser.
Or do they? Maybe you just imagine this because you are depressed and everything is painted black anyway so it will turn out worse?
Once your self esteem suffers it gets worse

The Dutch have a word for this: “piekeren”
- I have yet to find an English and a German word for it but this is the worst of it, this constant thinking, grinding, questioning, judging, asking, rejecting and never having a silent moment for yourself. You can overload yourself with projects and work to make sure you never have a moment for yourself so you don’t start to think in spirals but that works only as long as your energy reserves last – at one point you will fall – and the longer you have postponed it the deeper you will fall.

It is a downward spiral and it feels great to feed it more negative things, something your brain excels at when you are depressed – you perceive everyone who tries to help you as an intruder, an enemy, withdrawing yourself from people even more – eliminating the only thing that can help you get out of it – your friends.
And in the end you are alone with your thoughts… and then the thoughts about suicide start… and they seem like a very good solution the more you think about it…


“suck it up” doesn’t work once you are in there – you have to ask for help, probably take meds for a couple of weeks and – most importantly: Work actively on a plan how to prevent this from happening again
Accept that you are depressed, analyze your life, the last years of your life, what you did, what moved you, what motivated you, what frustrated you – talking to a psychologist helps tremendously to untie this knot that has formed in your brain and changing your lifestyle somewhat is absolutely neccessary – just eating pills won’t get you out of it.
I have started searching for institutions who deal with depression and expecially depression in young people who associate with a tribe, with the internet community, for example hackers and gamers – these people don’t have a social network as someone has who goes dancing every weekend – they have peers all over the world but they might not be able to ask for help because the normal rules of society don’t apply to them. Let’s find them a safe harbor, show them that there is a way out.

No more hacker suicides!

Please contact me if you want to take this further, have other ideas, want a hug or know of someone who had other experiences – please, I would do everything I can to prevent someone from becoming clinically depressed.


and last but not least:

Quote: “I don’t talk about it much, for a variety of reasons. I feel ashamed to have an illness. (It sounds absurd, but there still is an enormous stigma around being sick.) I don’t want to use being ill as an excuse.”

debian startup script skeleton

#! /bin/sh
# /etc/init.d/blah

# Some things that run always
touch /var/lock/blah

# Carry out specific functions when asked to by the system
case “$1″ in
echo “Starting script blah ”
echo “Could do more here”
echo “Stopping script blah”
echo “Could do more here”
echo “Usage: /etc/init.d/blah {start|stop}”
exit 1

exit 0

You should ensure it is runnable and owned by root.

sudo chmod 755 /etc/init.d/blah
sudo chown root:root /etc/init.d/blah

Then you need to register it to run at startup.

sudo update-rc.d blah defaults



!# linux (chrunchbang)

trying out this debian-based distro as ubuntu is getting a bit boring
I expect to learn more using a “proper” debian I thing – openbox is a bit tricky as a window manager (opposed to a desktop manager / environment)

note: apt-get dist-upgrade apparently replaced upgrade

problems/solutions/more nifty ideas:



some thoughts on laptop / sensors:

stuff to add:

apt-get install unace rar unrar p7zip zip unzip p7zip-full p7zip-rar sharutils uudeview mpack arj cabextract file-roller audacious

apt-get install w64codecs libdvdcss2 gstreamer0.10-fluendo-mp3 ffmpeg sox twolame vorbis-tools lame faad gstreamer0.10-ffmpeg gstreamer0.10-plugins-bad

apt-get install ttf-mscorefonts-installer

apt-get install gstreamer0.10-ffmpeg gstreamer0.10-fluendo-mp3 gstreamer0.10-gnonlin gstreamer0.10-plugins-bad gstreamer-tools

apt-get install libxine1-ffmpeg gxine mencoder mpeg2dec vorbis-tools id3v2 mpg321 mpg123 libflac++6 ffmpeg libmp4v2-2 totem-mozilla icedax tagtool easytag id3tool lame libmad0 libjpeg-progs libquicktime2 flac faac faad sox ffmpeg2theora libmpeg2-4 uudeview flac libmpeg3-1 mpeg3-utils mpegdemux liba52-0.7.4-dev

use these repositories for xv (gxine wants it)
deb http://debian.physik.hu-berlin.de/addons wheezy /
#deb-src http://debian.physik.hu-berlin.de/addons wheezy /

now let’s save some power

create /etc/pm/power.d/powersave
thanks to:

# A script to enable laptop power saving features for #! & Debian GNU+linux.
# http://crunchbanglinux.org/forums/topic/11954

# List of modules to unload, space seperated. Edit depending on your hardware and preferences.
# Bus list for runtime pm. Probably shouldn't touch this.
buslist="pci spi i2c"

case "$1" in
# Enable some power saving settings while on battery
# Enable laptop mode
echo 5 > /proc/sys/vm/laptop_mode
# Less VM disk activity. Suggested by powertop
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
# Intel power saving
echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
# Set backlight brightness to 50%
echo 5 > /sys/devices/virtual/backlight/acpi_video0/brightness
# USB powersaving
for i in /sys/bus/usb/devices/*/power/autosuspend; do
echo 1 > $i
# SATA power saving
for i in /sys/class/scsi_host/host*/link_power_management_policy; do
echo min_power > $i
# Disable hardware modules to save power
for mod in $modlist; do
grep $mod /proc/modules >/dev/null || continue
modprobe -r $mod 2>/dev/null
# Enable runtime power management. Suggested by powertop.
for bus in $buslist; do
for i in /sys/bus/$bus/devices/*/power/control; do
echo auto > $i
#Return settings to default on AC power
echo 0 > /proc/sys/vm/laptop_mode
echo 500 > /proc/sys/vm/dirty_writeback_centisecs
echo N > /sys/module/snd_hda_intel/parameters/power_save_controller
echo 0 > /sys/module/snd_hda_intel/parameters/power_save
echo 10 > /sys/devices/virtual/backlight/acpi_video0/brightness
for i in /sys/bus/usb/devices/*/power/autosuspend; do
echo 2 > $i
for i in /sys/class/scsi_host/host*/link_power_management_policy
do echo max_performance > $i
for mod in $modlist; do
if ! lsmod | grep $mod; then
modprobe $mod 2>/dev/null
for bus in $buslist; do
for i in /sys/bus/$bus/devices/*/power/control; do
echo on > $i

exit 0

dont forget to make it executable!

more info on powersaving on linux:

Replace ice weasel with Firefox
install from ubuntuzilla repo
add to sources.list: deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
apt-key adv –recv-keys –keyserver keyserver.ubuntu.com C1289A29
apt-get install firefox, thunderbird, seamonkey
change / create symlink in /usr/bin
ln -s /opt/firefox/firefox /usr/bin/firefox
ln -s /usr/lib/mozilla/plugins /opt/firefox/plugins
(use -f to overwrite if exists in /opt)
update-alternatives –install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 100

install adblockplus, java, flash?
apt-get install default-jre
# apt-cache search sun-java (find oracle-something)

what else… ? see chrunchbang thread for ideas :)



install keyring, GPG keys, SSH keys
.ssh/ needs to be 700, the actual key 600
don’t forget to add it to the system using ‘ssh-add’ – see below for more tips

easier: install ‘keychain’ and tie it to the terminal to unlock ssh key

update your $HOME/.bash_profile file
$ vi $HOME/.bash_profile
Append the following code:

### START-Keychain ###
# Let re-use ssh-agent and/or gpg-agent between logins
/usr/bin/keychain $HOME/.ssh/id_rsa
source $HOME/.keychain/$HOSTNAME-sh
### End-Keychain ###

this will work for shell – add it for “terminator” aswell, the default for !#

next, install mosh,
Apt-get install mosh
open a port on the remote server between 60000 and 61000 and apply it to the raspi as server
take over a screen session using mosh:
$ mosh remotebox — screen -dr

raspberry installation

so I got this raspberry with free transit and hosting so I thought I’d turn it into a chat server, VPN/proxy server and a remote nagios probe

after setting up hostnames and hosts file and manipulating my DNS settings

A-record, AAAA-record set up
/etc/hostname replaced with FQDN (matching DNS)
/etc/hosts amended with:
ip.ad.dr.ess fully.qualified.domain.name fully
[IPv6 address] fully.qualified.domain.name fully
reboot and test ssh to it, etc..

apt-get install nagios-nrpe-server irssi irssi-scripts


set up irssi with screen:
very nice website: http://quadpoint.org/articles/irssi
split-screen notify is nice
the hilight script makes it even better:

To do this, first load the script. The script I use is a modified version of cras’s hilightwin.pl that logs timestamps as well. It is available here: http://static.quadpoint.org/irssi/hilightwin.pl

Put the script in ~/.irssi/scripts/autorun/ and type /run autorun/hilightwin.pl in irssi.

Next, create the split window. This is done with the /window command. See /help window for details on how this works.

/window new split
/window name hilight
/window size 6

another nice idea: auto-away inside screen:

/set screen_away_active ON
/set screen_away_message
/set screen_away_nick <– optional.. Annoys people

Download: scripts.irssi.org/scripts/screen_away.pl

Install mosh


RIPE NCC 25/09/2013 IPv6 for LIRs course

compress IPv6 addresses with double colons from the left to the right

also don’t compress a single quad of 4 zeroes

(read RFCs if wanted)

Status “ASSIGNED PA” becomes “ASSIGNED”

AGGREGATED-BY-LIR is new: put all your /56′s that you assign to customers there
use “assignment-size” switch to show how big the assignments are

sub-allocated-pa becomes “allocated-by-lir”
see: http://www.ripe.net/lir-services/resource-management/faq/sub-allocation


getting PI IPv6 space:

minimum /48

example Fridge6:
4000 fridges – each with internet, security, alerting and wifi router

transition mechanisms
6to4 uses anycast!
6RD > relay operations!
464xlat > fixes the problems NAT64/DNS64 causes
DS-lite – tunnel ipv4 over ipv6

conclusion: DUAL-STACK while you can
it is still possible!

use /64′s for Loopbacks!

network design: Take the router with the most interfaces and prepare for a /64 per interface
don’t assign different sizes for routers
imagine: Nexus 7000 – maximum port density?
256 interfaces per router is assumed so /56 per router
or /52 per router, 4096 x /64 per port
/40 per router/switch that can handle customers > 256 x /48 possible

the number of hosts in a /64 is irrelevant!


flip the bit and use EUI-64
listen to RA’s
a router’s response will contain:
- address of router
- prefixes allowed on link
- SLAAC allowed?

problem: Privacy! – same MAC address
solution: Privacy extensions (random ID)

“managed” flag forces DHCPv6

use RA guard
disable RA’s (cisco)
human error!!!

colo checklist:

set ACLs
set SNMP (and protect)
have DNS working

SLAAC can assign you a subnet “unexpectedly”
not all firewalls support ipv6
be careful with “ipv6 ready”

DSL provider:
/48 per pop
/56 per router
/64 per interface

don’t use EUI-64!
no autoconfig
port number for services > IPv6 addresses!
set gateway manually

in the CORE: USe /64 per link – ::1 and ::2 stuff
easy to remember

RIPE tools:
download RIPE 554 and “what to do with IPv6″

> stars get t-shirt

RIPE NCC 24/09/2013 Routing Security Training


IRR / Internet routing registry (irr.net)
RIPE db is actually a subset of the IRR
some objects are part of both (ROUTE/AS-Numbers)
why all that? Question: “Is this ASN authorized to announce this IP range?”
Problem: Legacy space
Bigger Problems: ISP’s might not ask for ROUTE object and just announce IP address space – who holds them back?
> one way is to use ROUTE objects

the IRR is composed of 43 databases, RIPE is one of them, RPSL and Level3 are others..

the more south/east you go the less requirements you will have to announce a prefix (probably only a bag of money)

Issue/Challenge: Roting and the database are related / not the same
annouce? accept? >> RPSL!
~85% match between RIPE and BGP


primary lookup key for persons:
- handle
- email
primary lookup key for inetnum:
- netname
- ip range

what is a primary lookup?
query: “-v inetnum”

The inetnum class:

An inetnum object contains information on allocations and
assignments of IPv4 address space.

inetnum: [mandatory] [single] [primary/lookup key]
netname: [mandatory] [single] [lookup key]
descr: [mandatory] [multiple] [ ]
country: [mandatory] [multiple] [ ]
geoloc: [optional] [single] [ ]
language: [optional] [multiple] [ ]
org: [optional] [single] [inverse key]

now you have an assignment: which results:
inetnum: -
descr: TelecityGroup customer Services/IS
country: NL
remarks: In case of abuse please email: abuse@telecity.com
admin-c: TA515-RIPE
tech-c: TT556-RIPE
source: RIPE #Filtered

which is an assignment – but what is the allocation?

either: Do -L –no-personal x.x.x.x

or do inverse search!
-i org ORG-TP3-RIPE

shows all assignments for Telecity’s ORG ID

useful: -i person and your company handle!
example: -i person AR10441-RIPE
shows where you are allocated

remember to PROTECT objects and create ROLE OBJECTS
do not assign people to admin-c/tech-c

RIPE will never allow you to be MNT-BY in an inetnum or ASN
only mnt-lower, mnt-routes, mnt-domains (for PTRs)

so if you want to edit a ROUTE(6) object:
you need up to THREE passwords!
AS number

problem: Customer doesn’t want you to have his maintainer passwords
Solution: Create a mnt-routes in the INET(6)num and add the customer’s maintainer object there!
Alternative: customer has to add our maintainer in his AS number as “mnt-routes”
both will work


Chapter 2: BGP/routing

AS-path prevents loops!
protect ASN
protect ROUTE
protect INETNUMs


filtering ideas:
RegExp – exclude idividual ASN’s from the path?

blah.. complicated .. do not want


use them!
> IRRToolset can create configs
IRR powertool
level3 filtergen

and so on


does the same thing than the routing registry – but different
(route object on steroids)
ideal: use both!
is that ASN authorized to announce the IP range
so what makes RPKI easier / better?
- usable toolset
- integrated in routers

Use the certificate from RIPE to create ROA’s (resource origin something)
it states what AS the address range is announced from
and teh max. length

multiples possible, overlap possible

“invalid” comparison only when different ASN announces (or not matching prefix )
invalid ROA != invalid BGP announcement

Validator runs locally at your company
fetches data from RIPE via rsync
router runs the validation software in 7600, ASR9K is in early field trials

more RPKI

RIPE NCC 23/09/2013 LIR training notes

RIPE NCC database lookups TIPS

- use -r (blocks recursive lookups)
or better
- use –no-personal to block searching person objects

failure to do so will get you blocked quickly!

- an ASN without an AUT-NUM can not be announced without a ROUTE object
- an AUT-NUM is for an AS number
- a ROUTE object combines inetnum and aut-num

(more stuff goes here)


want to use PGP key instead? (or x.509 object)
> create key-cert object
> associate the public PGP key with it
> add extra line to MNT object: PGPKEY-id (in single text area edit)
> once PGP is in there you’ll have to update the object and sign it using your private key

adding multiple AUTH objects works (password and PGP and cert)
BUT: adding multiple maintainers to a person object will _not_ make it more secure – just adds more gates to the castle

large companies: need ROLE object!
imagine someone who is in charge of a lot of objects dies…
tech-c / admin-c
associate the handles with the role > done!

DATABASE updates

use webupdates (easiest)
if you want to play > use the sandbox (RIPE test database)

first time registration: Use the “new object” wizard if your organization does not have a maintainer/org object
it will create a person and a maintainer

ROLE objects need to be two words

When asked for a NIC handle while creating the role do NOT use your person’s nic handle
use auto-1 to create one
under “admin-c” add your maintainer

Example Telecity:
Persons (engineers) have objects
they are added to tech-c and (if authorized) to the admin-c role object
the telecity maintainer has members, too
your person NIC should _not_ have the same maintainer
you might leave your organization one day

LIR portal – what do do there?
edit registry data queries and updates
also: ASN resources, ip analyser
lots of API’s available!

LIR portal and RIPE database are protected by different models / mechanisms
the one is public, the other is confidential

Exercise: first day as a LIR: “request resources” should go LAST

a mnt-routes object guards creation of a route/route6 object
a mng-domains object guards the reverse delegation (see PTR’s / mail servers)
– it should contain your nameservers (slide 54)

transfer allocations: allowed between RIPE members – 80% rule applies
> inter-RIR transfers in discussion (proposal 2012-03)

request PI space:
no ipv4 without ipv6!
request org, person and mntner objects!
send request form, end user agreement and registration KvK/company house to RIPE
sponsoring LIR is needed

no LIR? find a new one or become one!
if not? > return space!
see slide 59!!! there is now a fee for P.I. space > include into contract

RPKI digital certificate:
issue certificates with registration
a ROA is a ROUTE object signed by a certificate (by the LIR)
one cert for all allocations
“chain of trust”
AS32 can announce this address range – incorporate into routers
>> BGP origin validation!
important: this is not obligatory

you can group customer assignments (4096 x /48) into one large assignment (like, a /36)
IPv6 status: Aggregated by LIR
assignment-size: 48
mnt-by: MNT-LIR

infrastructure assignments:
P2P links, access points, etc…
grey area: colo locations, hosting, housing

be a (male) ally to women





this post is about how to become aware of sexism that is happening every day…

first we need to understand the “male privilege”
once we are aware of that we can become allies that women don’t have to fear but can live with
I am for improvement but reading this list makes me sad because I recognize a lot of these items – and some even in myself.

Continue reading