June 2018 – My Cosmic Journey

A warning from the darkness… (potential trigger warning)

Posted on 2018 Jun 152018 Jun 15 by cinnion

Well, I come to the important post which has been banging around in my head the past couple of weeks or so, prompted this site to get a slight bump in priority, and will explain a reference I made several times in my earlier post regarding SSL certificates. And I will start it with an observation posed as question, coming from as I said in the title, the darkness… and it is this:

The past several weeks, I have seen a number of friends post about being there for those who who need to talk, but when push comes to shove, how many of us are actually willing to act, rather than just saying the words, to truly be there??

Sadly, I personally fear far too many of us would be found of falling way short of the mark of doing what is needed.

Now, please allow me to reassure you, I do not think I am anywhere near being actively suicidal. And by actively suicidal, I mean things like hanging, poisoning, shooting oneself, jumping… you hopefully get the picture of what the “actively”. But then, by that time, it can be too late. And it entirely misses what one could call inactively or passively suicidal… where one stops eating, does not jump back (or ahead) to avoid being hit by a bus (as opposed to actively jumping out in front of one). I sit here and wonder how many suicides are actually written off as “I guess they did not see the bus” or some other form of accidental death, and I fear it is far more than anyone really knows. But more on this later on…

I find myself asking what did people miss these past few weeks with Anthony Bourdain and Kate Spade? Or how about the signs surrounding one of my all-time favorite individuals, Robin Williams, who made us laugh so much even in the days leading up to his own suicide, but was in fact the true image of Pagliacci the clown. Only those closest to them may know for certain, such as Bourdain’s mother, who said he missed But to know what might have been missed, one must know the warning signs, a good list of which you can find listed by the AFSP here. But I read an article this past week, where it mentioned an interview about how he should have been dead, but part of the reason he was not was him feeling he needed to be there for his daughter, who is 11. I also read that he skipped out on dinner the night before, how those who knew him such as the waiter, as well as a chef friend of his he was working with with whom he was to have dined the night before. But it was not until the next morning that they were concerned enough to have his room checked. As for Kate Spade, who I remember seeing some shows about, perhaps waiting someplace, or waiting for a different TV show to come on after it… I have seen far less. But, as I am fond of saying… hindsight is 20/20, often with an electron microscope… and especially in this case, the trick is to turn hindsight into foresight. Maybe, when he was not seen for dinner, if the wait staff and his friend had checked, it might not have made any real difference. Or perhaps they might have found him sitting alone in his room, and during the course of the evening, noticed something which would have told them he was sitting on the edge of his mental precipice. But then, the only ones who know the answer to that are the Creator and Anthony himself.

Now, for those who don’t know me as well as others, allow me to set a stage. There is a general awareness of my being high-functioning Autistic (HFA), dealing with what used to be called Asperger’s Syndrome. Autism goes from one extreme to the other with no real boundary points, instead of being different buckets or different rooms. And with the diagnosis comes a plethora of gifts as well as curses (often termed “comorbidities”), which vary from individual to individual. And so, if you have met one Autie (someone who is autistic), you have met one Autie. Yes, it is common for us to have things like depression, OCD, anxiety…the list goes on, but not everybody has to deal with all of those, and even if we do, what we deal with even at those levels can differ greatly. For me, depression is one of them.

My lifelong journey through the darkness…

[Gaaa… I wish I could find the equivalent to the LJ Cut… but what I am finding seems to not quite match it… wonder if it is an issue with the style/theme…]

Though it may not have seemed like it to those around me, I have never been truly free of the depression… it has been a life-long companion, or perhaps one might call it a shade (of the ghostly variety). I remember when not trying to stay away from the bullies, I was often just sitting or standing by myself, with nobody wanting to play with me, and isolated by an invisible wall built by my autism, a speech impediment, and by roughly Halloween of that year, the tallest of my grade. Sure, at times I was picked to play Red Rover and picked early, since my size meant that I would often break through the lines and take someone back to my original team. But then the opposing teams learned not to call on me, and so I lost my value and like so many other things, ended up also becoming one of the last ones picked. And so, I would often find myself sitting near where the teachers tended to stand, or being someplace looking at the fossils in the sandstone used to build the school, looking at milkweed pods, or just mostly lost in thought. In 2nd and 3rd grades, there was a bit of a break in this routine, as a cute girl moved from Da’Burgh to live a few blocks down, and I was one of the first ones to be friendly towards her. But then, in 4th grade, she had moved away to someplace I did not know, and the bullies which had mostly given me a pass starting in 2nd grade and during the 3rd found that I was less able to defend myself when they worked together. So, by the time 5th grade came around, recess was once again a time of taking a book, finding someplace to “hide” (either sitting near where a teacher would always be close by, or finding a spot away from everyone). It did not help that one of the girls in my 5th grade homeroom was familiar (yep, you guessed it, she was the same girl from Da’Burgh) was somewhat distant, and I only found out indirectly that the fact that I had had my name changed had confused her for awhile. And thus it was through the rest of my school years… school dances spent sitting the entire evening since nobody would dance with me, until I stopped going, nobody going on dates with me, and sometimes setting me up for embarrassment while making me believe they would meet me someplace to see a movie or some such. And so, while classmates were going out on dates, I would often end up throwing myself into spending the night at my telescope or reading, depressed and lonely and trying to divert my mind with that activity. Indeed, it was not until just before my senior prom that I managed to get a date (to the senior prom, no less) with a gal I had met through the Spanish Club. And as for actual friends in high school… there were three with whom I had formed a core of a group, with others around us (I think there might have been a dozen total of us)… mostly the booky nurdish/geekish types with whom we would play chess during lunch (or on the bus heading home for a few of them), took the same classes, belonged to the same clubs, etc. But even the gals in that group seemed unwilling to date me. And this was the pattern even through college, and to a great degree clear up to today, with a level of depression and anxiety always there, not allowing me to really have any joy in life.

It was not until at age 43, while dealing with things from my failing first marriage, along with other issues that I finally sought out a specialist who diagnosed the HFA along with the depression, low self-esteem, and everything else. As I have said, the diagnosis was like being given the key to a door which has a large panel of frosted glass in it, with a mirror behind it in such a way that you can barely make yourself out in the mirror if you look closely. And that diagnosis, and the years of therapy which followed it, have allowed me to recognize so much about myself, and to know that up to that time, I had suffered from at least two episodes of Major Depressive Disorder (more here), one of which was going on at the time of my HFA diagnosis, and that my norm is what is referred to as Persistent Depressive Disorder or Dysthymia (more here)

Now what are the symptoms of Dysthymia? You can take a look at the links in the previous paragraph, but beyond the things such as duration, or not attributable to X, Y or Z, it comes down to two or more of these:

Poor appetite or overeating.
Insomnia or hypersomnia.
Low energy or fatigue.
Low self-esteem.
Poor concentration or difficulty making decisions.
Feelings of hopelessness.

The danger lurking in the darkness…

I can rarely remember days or times where it was not at least two of these, and often it is even more. Unfortunately, as is in the case elsewhere, you start adding in a few other things, and increasing the severity of those above, and you slide from one to the other without recognizing it. And if you look at the pages I linked to, you will hopefully see how this can happen, and how only a few items such as the psychomotor agitation/retardation or the thoughts of death show up in the major depression. Sadly, the combination of the two when both are active puts me in the 3-6% of those who suffer from what is being termed “double depression”. But, you may never recognize that someone you care about has slipped over the fuzzy line, to say nothing of realizing that the person you are talking to is suffering inside (more on this in just a moment).

Thankfully, while I am in that 3-6%, where things feedback like the microphone squeal at a concert, speech or some other presentation, I have had a barrier which has, so far, been between me and being actively suicidal. And so, for me, it is what I term “passive” or “inactive”, where I just stop forgetting to eat. In the past, I have described it as seeming to be trying to jackhammer my way through “hundreds of meters of heavily reinforced, ultra-high performance concrete”, with the point of where I would be actively suicidal being on the other side of that barrier. Indeed, with the episode I was dealing with when I got the HFA diagnosis, the 7 months prior to that after I had lost the closest friend I had ever had, had it not been for several friends, one of whom stands out like a full Moon in the middle of a clear midnight sky in the dead of winter, my daughter would not have been able to get me to eat.

But as I said, you may not realize it when a person is suffering. Again, I think of Robin Williams, who could make us laugh so hard as Mork in our youth, and decades later would have us laughing so hard we would could barely breath and piss ourselves at some point with bits like his Evinrude sketch (which you can see here), or so many others. He was the Pagliacci the clown in the lives of so many. But many can play that role, seeming successful, and yet be on a very dark journey inside. Robin was such an example, as were Kate Spade and Anthony Bourdain. And another is Wil Wheaton, who shared this… You never know who you see on TV or elsewhere might be fighting a battle which can prove to be just as stealthy and deadly as cancer. On the outside, to take a mental picture from the late Randy Pausch… one might see a Tigger, while on the inside, reality makes Eeyore seem chipper. This last bit became even more apparent to me as I was talking to folks, including our (as in VA-06 district) now Democratic party candidate for the US House of Representatives, Jennifer Lewis, who is a mental health professional. People were surprised to find that I was HFA, and suffering from depression… something I felt was important enough to talk to our local newspaper about being a huge reason why Jennifer is going to be getting some of my time and energy between now and the general election, to hopefully have her fighting the fight in Washington, from a district which is so deeply conservative that they have not supported a Democratic presidential candidate in 50+, and in some cases 86 years. Thankfully, I heard somewhere that in the primary, she carried all but two localities. (I am curious, and wondering if I can find the results broken down by the ward/precinct… hmmm).

Some who read this may not be aware of the fact, I was laid off in the Ides of March. The company at which I had been working on a 6 month contract which kept getting renewed since I started in September 2013 went through a merger, and many contractors such as myself were laid off as a result (in part, so that they could better judge things during the post-merger restructuring). And between that (which I had seen as being likely for a couple of months), things going on in the world, and more, I realized with the suicides of those two famous individuals, and things such as the #idontmind movement (thanks to Chris Wood for starting it, Melissa Benoist, Heidi Klum and others who started spreading the word about it to where I heard about it) where with May having been Mental Health Awareness Month, people were opening up and fighting the stigma and shame which has long resulted in families even being unwilling to talk about their family’s history amongst themselves. I have to wonder about my own parents, and whether they dealt with or were diagnosed something such as depression over the course of their lives.

And I have also come to realize… I cannot put my faith in that concrete being thick enough…

Now, for the warning…

And it is a warning for both the depression suffers and those who love them. With all that, during the past two weeks I realized that I was slipping back into double depression. Had the timing been different, I don’t know when/if I would have realized this. And even having realized this, it is a battle. I have to honestly admit, that as I sit here and type, and the microwave runs in the background, I cannot remember when I ate last. Sadly, this puts my metabolism into a mode where I do not lose weight. And while I was supposed to have had an appointment on Monday for meds maintenance, I had to reschedule, since the cost of an appointment was going to be more than a weeks worth of groceries on a budget where my unemployment will be going almost in its entirety to rent, and where even having had insurance, just seeing a therapist was not really affordable, since to meet the personal deductible which the insurance company applied, even at weekly appointments starting at the beginning of the year, I would not meet the deductible until sometime during the summer… and this is for a mid-level plan… roughly half a year with an appointment coming straight out of pocket. But at the heart of the warning is this…

As a sufferer, I look and see not only how it snuck up on me, totally took away my appetite, but has had me withdrawing from friends. And I know, once there, asking for help can be difficult, if not impossible for a multitude of reasons. So if you care about someone who may be or is dealing with depression, sometimes, reaching out to them might be necessary.

There are so many reasons why this may be the case. Especially for those of us who deal with double depression, we might not recognize that things have gotten worse. Then there are the other reasons, such as not want to be a burden, feeling like more of a failure, being afraid of driving off what few folks we have (or perhaps even feeling like we have driven them off, given the right circumstances). We might be afraid or tired of being told things like “think happy thoughts, and you will be over this in no time”. The things we can tell ourselves can seem so true, and yet be totally wrong.

So yea, it has taken me since Tuesday to write this, and rather than keeping up the editing, having it keep growing, etc., I will say to those who care for a friend, or someone even more important, just reaching out to remind them that you are thinking of them and asking “How are you doing?” can mean so much. Who knows, with one simple act, you may open the gates on an emotional dam and keep it from catastrophically failing.

SSL Certificates

Posted on 2018 Jun 112018 Jun 11 by cinnion

As I make this site publicly accessible, it occurred to me that many of you will be getting warnings from your browser about the host SSL certificates not having a recognized certificate authority. Now, before I get into a techie rant (what I will also refer to here as a “Solar Flare”), here is a not so techie “here is how you fix it” post.

So, when you connected to a site such as this, rather than getting a pretty page, you likely got something like this…

Now, if you are going to a site such as for you bank, going shopping at some big-name (or not-so-big-name) company’s site, etc., seeing this screen is like coming to a stop-sign to cross a busy 4 or 6-lane highway, where traffic is doing 65MPH… the mind should go “Danger! Danger! Danger Wil Wheaton!” (Yea, I know… mixed memes, but…I could not resist, as a soon to be written post will tell you why.) The reason is that for your bank, or any reasonably sized company, the primary stumbling block for the certificates should be a non-issue, and that stumbling block is the cost. More on that in a moment, but in this case, how do you fix it for this site? And the answer is simple, and just involves going to another site, clicking on a link, and accepting/trusting a couple of certificates there. And that site is www.cacert.org. On their main page, up at the top, they have a link labeled Root Certificate, where with a few clicks, there is no more warning. They even have a number of Wiki articles about this process, such as ImportRootCert where they go into trusting their certificate, so that mine and others like it don’t give you the warning to begin with.

Now, for those who are interested, please allow me to snag my soap box….

and while I do, let me start out by saying that regardless of what it may sound like, I am a firm believer in SSL and what comes with it. But like I would rather go to say Ohio or even travel around town to get groceries by car rather than by horseback or horse and wagon, just as cars have some massive downsides which could be improved (pollution and cost being the top two), there are some issues, sometimes huge, with SSL certificates.

SSL certificates, if you were not aware, are the high-tech way in which things such as web-sites can present an ID which your browser can look at and say “OK… you are who you claim you are.” It is kinda like presenting your driver’s license when making a big purchase in a store, only maybe a touch better. How many of you would recognize the driver’s licenses for a different state? Myself, even though I lived for much of my adult life in Ohio, could not look at what might be a driver’s license and say for an absolute certainty that it was valid. The same is true for Pennsylvania, even though it was far more recently that I lived there. I wonder how many officers for say CHP, VSP or other state or local agencies could do it visually, which is perhaps part of why they call dispatch with your license info when you get pulled over. But rather than having to contact a central authority, what your browser does is this. The certificate which a web site presents to your browser when they start talking contains a whole wealth of information, such as the hostname or IP address, what uses for which the certificate is valid, an expiration date, a certification “stamp”, and what is known as a public key, which is used for validating the connection and later communications. The public key goes along with a private key which the site works hard to protect, and the certification stamp on the certificate was created with a similar private key which the “certificate authority” (CA) supposedly protects as well, just like your local notary keeps their “stamp” or “embosser” secure. But it all relies on what is known as “Asymmetric” or “Public-key” encryption, where through the use of complicated maths involving huge numbers, I can use one number to either encrypt or sign an electronic document, and you can use a number which matches to decrypt the document or authenticate the signature. Feel free to follow the links or drop me a message if you would like to talk more about it, but the huge question remaining is… how do I get the public key for some site (or even a certificate authority), and know that it can be trusted?

My soap box…

The trick is, with your browser or operating system, somewhere in all the bits and pieces which get installed, you have a list of public keys for the certificate authorities (CAs) I have been mentioning. Think of it as having a booklet with a list of all the stamps and signatures of key notaries out there, with a way to look up and see more pages, with each page itself notarized by one or more individuals in your booklet, either directly or indirectly. But unlike just having a spot on the page where the page is embossed or stamped and signed, and you don’t know if a word was possibly changed or added, here the entire document, made up of a long string of 0’s and 1’s, can be “stamped” in such a way that changing anything in that string will, in near certainty be detected. Indeed, the digital form is like the old style wax seals which were common in the Middle Ages, only more so. (Encryption works in a similar way, but is a bit more complex). And there is quite a bit which goes into determining who ultimately gets into that “booklet”. Part of it is trust… such as, can I trust them to keep their private key secure? Can I trust them to go through all the right procedures to verify the information before they sign the certificate saying that this is the real “Wil Wheaton”? Seems kinda like the 50s-70s game show, To Tell the Truth, doesn’t it?? And therein resides a lovely little industry similar to the military industrial complex President Eisenhower warned us about. How little? Try more than $1 billion (yes, with a B) according to one report in 2016, with projections to exceed $3 billion by 2020. And this is, in part driven by effort’s such as Google’s “HTTPS Everywhere” effort, where more and more, sites without SSL certificates will be “shamed” or worse.

The dirty secrets…

Because many places which will “sign” SSL certificates used to prove a site’s identity can charge $100 or more per year for just a few minutes work to do what amounts to electronically notarizing, the cost of getting an SSL certificate and keeping it up-to-date is more than what some blogger (such as Wil?), or even an IT professional such as myself can justify spending. In a quick check, I found some of the big names such as Verisign and Thawte (both now owned by Symantec) charging nearly $400/yr for a certificate to “protect” a single hostname (such as ‘cinnion.ka8zrt.net’) while not protecting any others even in the same domain. And historic vendors such as Network Associates, now McAfee (yes, as in John McAfee infamy, among others) were as bad or perhaps worse. And while there are places which charge less, it remains a cash cow being milked in a huge way. And yet, what does a company such as Symantec get you for the cost of the certificate? For a blogger and their readers, it is not that big of a deal. It is true even for myself and this web site, though I will likely put up some interesting spots which will go beyond what is in place at the moment. The point where it becomes a thing for me, and hence my awareness of the dirty secrets, is I am a computer professional who has been working with the web since the transition from services such as Gopher in early 1993, and as such, I am supposed to know how to set up secure web sites, and using SSL is a part of that. But for a bank or someplace such as Amazon, they need to know that they and their customers are protected, and the same is true for us as individuals doing business with them. And supposedly, this means that we can TRUST the CA.

There I go again with those TRUST waves (Name that movie!). Does the CA take steps to protect us, such as checking the information for someone requesting a certificate, take the time to do audits of their processes and servers, and the countless other things involved to make sure that things stay secure? And going along with this… can we trust the browsers to do what is needed to validate that a certificate is still valid beyond not having passed its expiration date. At times, this is like walking into the grocery and buying hamburger and lettuce for your weekend cookout, but ending up in the hospital due to E.Coli contamination, such as the multi-state breakout of E. Coli O157:H7 affecting romaine lettuce we are seeing in the news which has resulted in multiple deaths. And like with that, the answer is sometimes no, as seen in a number of incidents such as one where Network Associates/McAfee had their intermediate signing certificate compromised, and the resulting problems it revealed This is why companies sometimes resort to purchasing SSL certificates such as this. Yes, you are seeing almost $1500 per year, and I do not know if they limit the number of servers under that certificate… as they sometimes do. But along with that trust is the fact that the CA is willing to back that up with a warranty, so that if something happens, they can pay out, sometimes in a big way (I have seen warranties for $1M or more for some certs). And aiding all this was how Mozilla (e.g. Firefox), Microsoft and others were controlling how a CA doing everything right could not get on their trusted CA list, while countless others, such as Verisign, Comodo, DigiNotar, GlobalSign and many others remained on the list. Add in some of the other mistakes, such as a CA revoking a certificate which results in tens of thousands of sites with their SSL connections reported as being untrusted, and you start wondering what many a developer has asked himself, sometimes at 3am after finding a bug which needed fixed when they started looking at things at the start of their work day: How did this ever work?? And the answer is, you can have a crowd walk through a field of mines rigged to go off only when a single switch in one spot is stepped on, and sometimes, you could play a major football game on that field, and not have things go BOOM! But even if there was no BOOM! today, there will always be a BOOM! tomorrow.

So given all that, years and years ago, while still living up in Da’Burgh (Pittsburgh for those of you who are not Yinzers out there), I needed to set up things for some in-house testing, and rather than using a self-signed certificate (and creating my own certificate authority, just like how Verisign, Network Associates and all the others did), and then having to add the public root certificate to my browser, I opted to go with CAcert, so that if I had to go through things again, I did not have to setup another personal CA later. It has its limitations… right now, every 6 months, I have to go through and renew and replace all my server certificates, which is a little bit of a hassle given I have roughly a dozen different certificates in use right now, with most being used only within the confines of my home network. But as I get them synchronized, it simply becomes logging in, clicking a checkbox, clicking the “Renew” button, then doing some cutting and pasting. And as soon as I get a new version of the program I use to manage these certificates, xca, compiled, repackaged, and reinstalled on the machine where I manage everything to do with my certificates (private keys, certificate requests, signed certificates, etc.), I will turn things into a mostly automated process. Or, I may just move over to using Let’s Encrypt, since that project, which has major name sponsors such as the EFF, Cisco, Facebook, Google and others, is already in the list of trusted CA’s… I may pretty much just switch over, if things are as good as they are now seeming (they have made much headway in the past two years). Besides, my old not quite friend, more than acquaintance Rich Salz (or as he often signed in those days “Rich $alz” or just “r$alz”, when we were the admins of the two largest USENET news installations around) is a part of their TAB (Technical Advisory Board). And even if they are issuing only 90 day certificates, instead of the ~180 day ones I am currently able to produce (or the 2yr ones I hope to produce if I can ever meet up in person with a couple of certified assurers to get the points I need before I can take the assurer test myself, the use of ACME might offset what was two years ago a problem with a solution awaiting release of the tools.

Well, it is now after midnight here, and even though I was asleep until almost 4pm, it was light when I went to bed (around 7am), and I have an appointment I am either going to have to cancel or pay a nice chunk of $$ to keep, and while there is a bunch of unemployment I have yet to be able to access, due to them sticking it on a pre-paid card instead of direct deposit like I requested, and my not having received the card… as much as I really Really REALLY need to keep this appointment, having to use perhaps 15% of what I have left in the account right at the moment… yea… (gawd, I hope something comes through soon!! No paychecks and no insurance is like having nearly empty air tanks while floating alone in the vacuum of space at the midpoint between here and the Andromeda Galaxy/M31)

Oh… and as for all the Wil Wheaton references… that will become apparent in the next post, which I should have up sometime tomorrow… and will continue that last reference.

A new star in the sky (aka new web site)

Posted on 2018 Jun 102018 Jun 10 by cinnion

So, ages ago, I had my websites hosted on an ancient NetBSD box running Zope and Plone. When we moved to Virginia, the lack of a 120VAC 30A socket for my rackmount UPS meant that I was having to skimp on power due to my only being able to use a 700VA UPS instead of the 3000VA UPS I had used for years. Throw in the fact that it was an Athlon 2500 based machine which maxed out at 4GB of RAM, the small disks it had been built with (I think the largest was 80GB), the changes in Zope and Plone since I had it up, and work, it remained well down on the priority list.

Fast forward to about 18 months ago, having had a couple of my older servers fail, I opted to get a refurbished Dell 2950 III, complete with a DRAC and 32GB RAM (and capable of holding 64GB). Not only that, but unlike all my other machines other than my main workstation, this was a Gen-9 Dell machine, meaning it was 64-bit and capable of hardware virtualization. But again, my schedule was such that I never managed to get time to dedicate towards building the web server. And even after the client I had been working for decided to not renew my 6-month contract for the upteenth time, following a merger… all the things surrounding being unemployed (e.g. searching for jobs, applying, dusting off old skills, etc.) was taking up more than a normal full-time job. But today, wanting to write a couple of blog posts here soon, and not happy with the fact that LiveJournal is now owned by a Russian company and hosted there… I had to do something, and rather than going through the hassles of having to put together a totally new Zope/Plone site, or write my own… I decided to bring up a WordPress site (which I have been seeing listed quite frequently with the PHP developer jobs I have been going through). More details on the site later (and I may even post pics of my rack and such), but for now… it is late, and I am calling it a night. More customization tomorrow…and another blog post.