• Heartbleed, the media, and passwords. I might be annoyed.

    This is a rant. It’s a long one. I’ve not proof-read it much, there’ll be mistakes.

    Opening

    So, unless you’ve been hiding under a rock of late, you’ve heard about Heartbleed. Heartbleed is a bug in one of the core programs used in the open-source world to keep secret those things you need, like credit card details. This particular bug is important, because it can leak information that shouldn’t be leaked, like credit card details. Just click the link above, it gives a really good basic idea as to how it works. It mainly affects those things protected by SSL.

    So, now that everyone knows what it is, why is it important? The information leaked can be anything that the computer (hence -forth called “server”) responsible for keeping the website involved on the internet has in it’s memory. That can include, requests for websites, file transfers, emails, ssl certiticates, ssl keys, credit card numbers and passwords.

    Passwords, memory and maths

    Now that last one, that’s the one the media, and certain people, have been shouting about. This bug has the small potential to leak passwords. However, this is totally not as serious as it sounds. Passwords are only kept in plain text for a short time – normally, as long as it takes to hash them (one-way-encrypt), and check them against a database. So, your passwords aren’t sitting out in the open, for anyone to steal. Additionally, you have to have entered your password within a second (or two at the latest) of someone using this bug to pull information from a server. As problematic as this bug is, it’s limited. It lets you get 64 kilobytes of information from the server memory. That sounds a lot, till you remember that modern servers have up to 16,777,216 kilobytes, or 262,144 blocks of 64KB. Even servers a few years old (and in server terms, that can be really quite old) have 4,194,304 kilobytes, or 65,536 blocks of 64KB. So, someone has to have managed to use this bug, to grab exactly that block at the right time, to get your password. Also, trust me, we would notice if someone started reading that much information out of our servers constantly. It would be obvious something was wrong. Additionally, not every server is vulnerable to this weakness. Those running IIS, or an older (but still patched) version of operating systems used to host websites remain safe. It’s something like 2/3rds of sites, and crucially, only those 2/3rds of servers setup for SSL.

    So, why all the “RESET ALL YOUR PASSWORDS!” screaming? There is a small chance of grabbing an SSL key. Now, due to the way this bug works, this is more likely than other things to have happened. Why is the key important? It’s the set of random numbers that says you ‘own’ a certificate. So in theory, it can be exposed. Why is this a problem? With the key, you can pretend to be the person for whom it was created — if you got google.com’s key, you could pretend to be google.com. Now, this *still* isn’t that easy to use, you basically have to perform a Man In The Middle attack, which is hard, and complex, and will only get you really limited information, depending where you can do it.

    No, this is not as serious as it sounds

    So, why have I been tweeting lots saying you shouldn’t rush out to reset all your passwords? Three reasons. The first; the likelihood of anyone actually getting your password is really, really really small. Remember, there’s that (at best) 65,536 places your password could be, and only 2 seconds to find it before it vanishes. Per affected website. Add that to the fact that these bugs are hard to find, and using them to get information is hard. Using them to get useful information is also hard – all the bug comes back with is a load of data you have to run through conversion routines to get anything out of. Additionally, due to the way this data is stored, there’s no guarantee it’ll be easy to match your password to your username, which is crucial if you don’t want to have to guess usernames.

    My second reason is one of worry about the affect telling those who aren’t used to strong password security will have. You’re going to be telling people to dump every single one of their current passwords and start again. It’s already really bad – the top 2 passwords of last year were “123456” and “password”.  So, though I have no studies on this, I would bet, with hard cash, that forcing those not using good passwords to reset their passwords with fear, will weaken passwords as a whole. I suspect that we’ll find a lot more weak passwords, and a lot more passwords shared amongst websites in the next few batches of password leaks.

    Finally, my third reason. Evidence. We’ve had no evidence of large scale, source-less password leaks recently. Hackers, especially some of the nicer ones have a habit of dumping their finds publicly, and a large-scale capture of passwords would show up in activity around the internet. Additionally, passwords aren’t the only thing heartbleed can expose. It can expose credit card numbers. And the credit card companies do not like sites to whom they’re traced back a hack. In fact, they have a habit of forcing said companies to go through a rigorous, lengthy, and painful auditing process, to find out exactly *how* the passwords leaked. The security community would have heard of these audits turning up nothing, of credit card data vanishing out in any significant quantity, or even the audits would have thrown up the bug.

    Media

    So, this password thing. It’s being pushed by the media, and by the guys who created the ‘heartbleed’ website as a much bigger impacting issue than it really is. Now that the bug is out in the open, script-kiddies will start using the heartbleed website, as will advanced state agencies. I’ve heard some rumours of people seeing internet-wide scans originating from state agencies, shortly after the bug was announced. So, it’s important that it’s patched quickly, it’s a big problem for the tech community, but with the low chance of password exposure, it’s not that important. So, why are the media saying “CHANGE ALL YOUR PASSWORDS”. Two reasons mainly, first is that’s a far better headline than “There was a bug. We’ve fixed it.” The second, is that that’s the response we, the hosting & security community, have ingrained as ‘the’ response to any sort of compromise. Yahoo got hacked? Change your passwords. last.fm got hacked? Change your passwords. So, when they hear about this hack, which they do not understand, they fall back on the thing they know, and since this bug affects ~60-70% of ssl protected servers, they think “ALL” instead of just a limited set.

    Responsible Disclosure – how not to do it

    In my opinion, the heartbleed release is a perfect example of how NOT to do responsible disclosure, no matter what certain lucky parties claim. First, create a website with inflammatory content. Then, get those who have insider access to patch. But crucially, don’t inform operating systems before you make it public. Don’t let anyone know in the security teams of Ubuntu, Debian, RedHat or SUSE. You know, just the people who actually have to *create* and *deploy* the patch to the millions of affected servers. Don’t let big publishers or sites know (Yahoo, BBC, Facebook). Instead, publish your site, and wait for the shitstorm to hit, as the media companies take this up, shout about it, and make customers scared.  Now, in a boon, the debian OpenSSL team got a patch out for this bug, 30 minutes after they had a bug report. But they didn’t have a bug report when heartbleed went public. No, the bug was reported hours later, after the viral-news effect had got around to someone who knew where and how to report a bug in debian’s bug tracking system.

    Other, big bugs

    You know, there’s a package that runs a good 22% of the internet. In the past week, they published a really critical bug, one that allows remote authenticated access to their sites. This package? WordPress. The bug will allow an attacker to gain administrative-level access to any wordpress site. In actual damage terms, this bug will cause me far, far, far more grief, and likely our customers, than the heartbleed ever will. Heartbleed was patched out in our network in the space of a few hours, with some minor services taking maybe a day or so. If we’re not running a vulnerable version of WordPress on our network, this time next year, I’ll eat my hat. If some clever black-hat hasn’t written an automatic compromise bot, to exploit this within the next few months, I’d be very surprised.

    Another package that had a critical security patch in the past week? Just an addon to wordpress, that a good proportion of wordpress sites also use; Jetpack. They found that they had another remote-access, post, and privilege escalation bug in their code. Again, this single bug will cause us far more trouble in the long term, simply because people won’t upgrade.

    Other, easier ways of loosing your password

    Every now and then, someone’s website gets hacked, crap gets uploaded. We trace it back to their computer, using their login details. What happened? Though we’ve never been able to say with 100% certainty, they were probably infected with a keylogging virus, that saw them typing in their (s)ftp login details, and which automatically used said details to deface their site. That has become less common in the last year, but it was almost a weekly occurrence only last year.  How did the keylogger get installed? Simple, our customers either didn’t have anti-virus, weren’t maintaining it, or actively ignored it’s alerts. They click on links in emails they’re not expecting, open files in emails they’re not expecting, and get infected. Just this week, something has been quite determined to infect me – sending me ‘delivery notes’, asking me to ‘print a zip file’. The ‘zip’ file was a Microsoft Excel .xls file, and likely not an xls file, but something quite nasty.

    Internet cafes. Ever used one to pick up your email? There’s a good chance that someone knows your email account password — those computers often have keyloggers installed, or have someone on the same network watching the net traffic, or intercepting it. Use that same password on paypal? Oh well, say goodbye to your money. Ever used a public wifi connection? You know, one of those unencrypted ones on your iPhone? Your iPhone logs into your email accounts without encryption? Say goodbye to your username and password.

    In closing

    Is heartbeat serious? For webhosts, yes. For users, in the brief period after heartbleed.com went live, till our servers were patched? Yes. Now? Not really. It could have been a lot better, and it could have been a lot worse. Hopefully, this will give the OpenSSL guys more resources to stop any future bug like this slipping through the net. Do you need to reset your passwords? Only if you connected to a vulnerable https:// site, in the brief period that the bug was around. Better would just to watch your bank statements, something you should be doing anyway. Use 2-factor authentication if you can. Use a password manager, my favourite is Keepass, with it’s database stored on Dropbox, and a key file stored elsewhere. Use separate passwords for every site, and don’t try to remember them, just auto-generate them using keepass’s algorithms.



  • Android budgeting apps

    So I’m trying to find a decent android application to help me budget and figure out where my cash goes.

    Requirements / what I want it to do:
    Receipt scanner / photo of item bought
    At least the ability to enter in the total for each receipt
    Ability to OCR the scanned receipt to scrape information (again, at least the bill)
    Ability to tag / categorise spends

    So far I have Money Owl:

    image

    And also wave receipts
    image

    wave has the ability to scan and OCR read the totals from receipts . it does this via the cloud, so it does require a data connection. At present it is FREE for personal use.

    Id definitely recommend this app. Most 21st century way of capturing where your money is going. Just what I was looking for!

    Apparently, google drive has the ability to ‘scan’ receipts. I have to try this one out!



  • Linux Beep Music #2

    So I just noticed that our beep music post has become popular enough to have been reddited, and used as a source in a video!

    So thanks for that guys and girls of the interwebs! I almost feel appreciated!

    In recognition, I thought I’d list our referrers, and possibly some beep music. Maybe we can become a repository for this kind of stuff.

     

    #0 So you have a shiny new Raspberry Pi, and you want to make some noise?

    You can in fact make beep music on the raspberry Pi!
    All you need is a Piezo thingy (transducer or beeper or whatever it’s called)
    (Available from Maplin in the UK: 3v ceramic Piezo transducer only £1.29 as of 2/2/14!!)


    Thanks to Kronalias (is that a linux reference there? `alias kron=’crontab’`)?

     

    #1 Here’s a video from smeezekitty on youtube:

    From the comments: running beep music on a 486!

    Yep that’s code from our last post being run!

    Reminds me of this old beastie of JT’s:

    IBM Thinkpad 380z
    Still working in 2014! I am in fact a IBM Thinkpad 380z with a PII processor, 64mb of ram, and most inexplicably a 40GB hard drive. I also have a very loud beeper which will hurt your ear if you are next to me when it goes off. Lucky i have a volume knob.

    I will definetely try all the beep codes that have been submitted in the comments so far on this awesome machine, and I promise to make a video of it if I get three more beep-songs to add to our beep music tracks. (I might even make an Album…on tape cassette [if i can find one haha], or maybe just put it onto a floppy disk if and mail it to you guys [if i can find one that works ROTFL])

    #2 The redditors of the web have heard of us!

    It must be true if there’s a screencap of it!

    Popularity!! and i'm certainly condering repository of beep music. Probably a wiki though.
    Popularity!!
    and i’m certainly condering repository of beep music. Probably a wiki though.

    #3 We were linked to on Stackoverflow

    I can’t be figged to give you that link or clip an image, so here’s a link to another source posted.

    Ubuntuforums: What is your favourite ‘beep’ song?

    #4 Bleep music in the Blogosphere: Blog post: Davidak is playing with beep music

    I have no idea what he’s playing as my laptop speakers are bust! I can’t be held responsible it’s rude, honest!

    Musik mit BEEP (Linux) from davidak on Vimeo.

     

    #5 Axel Foley – Beverly Hills cop

    Credit to ? Øyvind Hvidsten at Bolt Blog for his post - fun with beep
    He has both the Axel Foley theme tune (listed below) and also Beethoven’s Für Elise.

    beep -f 659 -l 460 -n -f 784 -l 340 -n -f 659 -l 230 -n -f 659 -l 110 -n -f 880 -l 230 -n -f 659 -l 230 -n -f 587 -l 230 -n -f 659 -l 460 -n -f 988 -l 340 -n -f 659 -l 230 -n -f 659 -l 110 -n -f 1047-l 230 -n -f 988 -l 230 -n -f 784 -l 230 -n -f 659 -l 230 -n -f 988 -l 230 -n -f 1318 -l 230 -n -f 659 -l 110 -n -f 587 -l 230 -n -f 587 -l 110 -n -f 494 -l 230 -n -f 740 -l 230 -n -f 659 -l 460

     

    #6 And finally, some beep music. From the comments on Linux Beep Music, ‘Easy Mitrontix Billing’

    (I have no idea how that passed the spam filter, but I’m glad it did).
    He submitted the following, including note frequencies – now I can translate any song!!!
    Maybe I’ll write a bash script to automatically do that given the notes interactively.

    “Mission Impossible Song.

    #Note Frequency
    C=261.6
    C1=277.2
    D=293.7
    D1=311.1
    E=329.6
    F=349.2
    F1=370.0
    G=392.0
    G1=415.3
    A=440.0
    A1=466.2
    B=493.9
    C2=523.2

    C22=554.3
    D2=587.33
    D12=622.2
    E2=659.26
    F2=698.46
    F22=739.99
    G2=783.99
    G22=830.61
    A2=880.00
    A22=932.33
    B2=987.77
    C3=1046.50

    #First

    beep -f $G -l 250
    beep -f $G -l 500
    beep -f $G -l 250
    beep -f $G -l 250

    beep -f $A1 -l 250
    beep -f $C -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $F -l 250
    beep -f $F1 -l 250
    beep -f $G -l 500
    beep -f 10 -l 500

    beep -f $G -l 250
    beep -f $G -l 500
    beep -f $G -l 250
    beep -f $G -l 250

    beep -f $A1 -l 250
    beep -f $C -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $G -l 250
    beep -f $F -l 250
    beep -f $F1 -l 250
    beep -f $G -l 500
    beep -f 10 -l 500

    #end”

    Conclusion:

    (i’ve been writing too many technical document recently!)

    I couldn’t find Chop Suey in beep music, but with the work done in #3, it shouldn’t be too hard to translate!

    Next time I’ll have to compose something entirely new!!

     

     



  • Featured Image[UPDATED] G Projects

    My friends Pi, after repairs to the sd card holder.

    [purple means updated on Sunday Feb 2nd 2014]

    My pi in its latest incarnation:
    image

    The other day a good friend and fellow geek of mine acquaintance was reminding me that it’s not possible to do everything we want to do, and actually harmful to try and shoehorn everything in. Someone told him this, and he passed it along.

    It got me thinking (and googling – what doesn’t these days?)
    Are you a Perfectionist? Do you find yourself telling yourself this: ‘I can’t relax till i get it all done’?

    If so we are kindred spirits!

    Anyway, here’s all the projects that I’d like to complete:

    Raspberry Pi

    WebUI

    V2 of the User interface.

    • Prettify
      • Layout does not work in IE9. – Who cares?! No one likes IE9 anyway!
      • Embedd/add link to xively
        • Can we get image of all feeds on one graph?
        • Change layout to 4 column 3 row to add this?
          • enough space?
      • apply css to sockets page
      • get that annoying favicon to work! (maybe it doesn’t like the filetype?
        • save as gif/make it smaller and reupp/change mimetype
    • Test – new squeezeplayer page needs testing
    • Develop ?python? code to allow setting of Home Automation parameters
      • E.g. on/off times per DOW

    Pressure sensor:

    • Write Exponential moving average code to smooth the values. I found the code somewhere…refind and figure out
      how to store the data to be ema’d
      variable – can bash hold arrays?

      rrdtool – effort bruv
      use xively api to read old datapoints – ditto
    • Descriptive weather prediction – e.g. ‘rain coming’ [Just today it rained, so I have worked out the min time resolution needed to predict/try and deduce if it is raining]
    • Absolute Humidity calculations – output moisture density of air to see how much has been added(RH% is not a good measure of the amount of water bc it’s relative to temperature, and I want to find how wet the air is!)
    • Solder to Slice of Pi board

    i2c LCD Screen:

    • Connect to Pi on fly lead (attach to pibox?)
    • Output status – e.g. current sensor data
    • Output interpreted status – e.g. ‘it’s getting hot in here’, Nice weather coming etc
    • Implement a simple UI with pushbuttons ->gpio
      I actually designed the UI while in a meeting!
      functions like shutdown, remote power control, network configuration/join wifi,slimclient/server control?

    RFM12b 433mhz wireless transceiver module:

    • Connect to pi (on fly lead? bad reception has been problematic on the transceiver according to susa.net
    • Implement data decoding from CurrentCost transmitter
    • Control remote sockets ala home automation

    Streaming Music Server – Plug and play, wireless capable – Using Squeezebox/LogitechMediaServer

    Remit: To be able to rock up somewhere, plug in power, and then play music wirelessly from my collection
    (Extra: stream from the internet if connection available)

    • Stream music from Pi
    • Control Music from Nook using Squeezebox Android app
    • Stream music to my Hauppage MediaMVP (wirelessly [using WEP])

    Progress: 

    • Got MediaMVP to boot from Pi when pi was using wired network
      • tftpd-hpa (modify to port 16869)
      • compiled mvprelay.c 
      • wrote init.d script for mvprelay to startup and point to ip address of pi
        • Need to find a way of dynamically setting ip
        • (altho when setup on wifi, up of pi will be statically fixed)
      • downloaded mvpmc image to boot on the MVP
      • wrote a dongle.bin.config file for the MVP to load it’s config at boot and start the squeezebox ‘mclient’
        • this should enable headless playback, so won’t need a tv screen for Video
      • made a dongle.bin.ver file using dd
      • booted it

    Issues/todo: 

    It wouldn’t boot over the network bridge. It talked to mvprelay using UDP; tftpd-hpa gave ‘ACK connection refused, could not read’ weird errors when it tried to download the files.
    My laptop however could suck the files up no problem. Weirdness!

    Todo: investigate settings on Bridge AP looking at what happens to BC packets. And also check DHCP relay settings.
    I think they might be flooding the network somewhat.

    1. Setup Pi hostapd: Configure the dhcpd config file
    2. Repair the wifi dongle: The usb socket is no longer solidly connected!! Need to dremmel the plastic off and resolder, then melt and reattach the plastic, (it’s meltable) but a lot tighter this time!
    3. Get the donle working ok in debian/raspbian. (haha, good luck)

     

    I can’t do it all………………….

    at least not all today!

    Actually, part of me likes it going slowly (certainly a surprise to the rest of me!). Time to mull things over, make decisions, come up with sketched designs and sometimes even pseudocode/real code.

    Seems to have it’s advantages not trying to do everything right now at least haha.

    On that note, bed time! [ 2:03 am this time]



  • [UPDATED]Useful Firefox addons

    2009 vs 2013 Useful Firefox [Browser] Addons

    Originally I wasn’t really into add ins then i got into trying loads of add ins and eventuallyi have whittled it back to the few firm favourites/favorites for the americans.
    [i was going to del fav bit but then I noticed that my firefox dictionary is still set to US because of it (which is what happened back in 2009 too haha)

    ubiquity beta addon for firefox - run, send email, new calendar event, update twitter.
    have not tried this yet. Read about it here:
    http://www.ghacks.net/2008/08/26/mozilla-labs-ubiquity-is-a-firefox-killer-application/
    or at mozzy labs: http://labs.mozilla.com/2008/08/introducing-ubiquity/
    [2014 Ubiquity has died, but you can still install the addon (download using the bitbucket link)]: https://addons.mozilla.org/en-US/firefox/addon/mozilla-labs-ubiquity/

    Favourites/remember this website

    Tag sifter

    Taboo – one click remember this, timeline

    Readitlaterlist.com Now Getpocket.com – my cuurent fav  [2014: Still using it today]

    Foxmarks

    Tabs

    Duplicate tab

    Tab kit [Plus]- organizer of tabs

    [2014 I haven't used this in a while]

    [New for 2013: Firefox: TooManyTabs                                            https://addons.mozilla.org/en-US/firefox/addon/toomanytabs-saves-your-memory]

    Testing this one right now!

    [2014 Tab Manager]

    Awesome enables Tabs of Tabs (another tab bar above so you can group tabs into projects, subjects etc)
    however not available for latest firefox and the other versions are buggy/not working. :(

    [New for 2014: Chrome: OneTab                           http://www.one-tab.com/ ]                           

    There really is one tab to rule them all!Fold all open tabs down to one and free all that memory. Edit what’s ‘open’, leave it just as a single tab, or reopen (one by one or all).

    I NEED to test this one when I switch back to Chrome!

    Session Manager – protector and saver of tabs! [2014: integrated session managers are pretty comprehensive now!]

     

    Download Them All

    [2014:Still very useful last time I used it a few years ago, but internet speeds have increased monumentally since 2009, so much so that download managers are not needed for that anymore. It's still a brilliant tool for downloading all images from a page for example]



  • My life, part 3, 1998-2005

    This is part three of my autobiography so far. Part one is here. Two is here.

    Grin

    So, just before I went to secondary school (age 12+) for the first time, we went to a covie camp. This was important for one main reason. During one of the sermons, we were shown a film, and whilst watching, I had an moment of absolute clarity, and total conviction. Christianity is true, there is a God, and he does love me. You know, typing that will never not be strange.

    I broke down crying. I remember that moment as if it were an hour ago. I became a Christian. So, in a weird sort of way, my parent’s divorce kinda led me to converting to Christianity.

    About year two or three of secondary school, I started going to visit the school counsellor. I remember nothing of those visits, only that they were helpful. During that time, I shunned friends, and mainly stayed in the school libary during my free time, or read books. I used books as an escape, leaving this world for different ones, preferring anything strange or different. I stripped through crime, fantasy and science fiction books rapidly. I also volunteered to help in the school library, putting books away, keeping it tidy and neat.

    At some point, the school counsellor left, and a new one arrived. I didn’t gel with the new counsellor at all, and so didn’t go back. That would be my last counselling session for quite some time. Time passed.

    At some point during this time, I felt snubbed by the librarian, a silly thing, I felt I’d been passed over for some additional responsibility. Additionally, I had a very brief ‘girlfriend’ and a relationship that I wouldn’t really engage at all with. That also led to an embarassing suituation a little while later, which I won’t repeat, which helped solidify my intent to remain a bachelor for some time, and would be the only time I briefly had a girlfriend, or any sort of significant other, to date.

    Watching the solar eclipse at a covie camp
    Watching the solar eclipse at a covie camp

    I switched from volunteering at the school libary, to helping out in the school IT suite, spending any spare time playing with the computers. I was the source of at least two spates of communication tools getting around the IT department’s lockouts to prevent them, since I just continually played with the sandbox I was given. For those geeks, at this point we were running windows XP. I however didn’t keep my mouth shut about the ways to talk to other pcs, and they spread like wildfire around the school, till they were locked down.

    That was the first point I really got interested in computers.

    During all this time, we had an… interesting contact schedule. Dad got us 2 and a half weekends out of every 4, and a weekday evening. We were with mum the rest of the time. Dad was at this point working for Kleeneze, delivering catelogs and taking orders. Since mum and dad didn’t really get on, or talk that much at all, we had basically different responsibilities and rules at each place. To an extent, we just got used to it. Mum and dad took turns to have us christmas, with the other parent having us over new year.

    New year 2000, the milienium, I was at a relatively boring party at my church. I never did really get the whole new year thing, and to this day I still don’t.

    Eventually, I did A-levels. I am the proud bearer of 2 A levels in vocational Information Comunication Technology, or in other words, how to use Microsoft Word. I only got a C in that, mainly because I was bored out of my mind, and the spec was just a bit mad. We did get taught some useful snippets though, I learnt basic binary and database normalisation. That was also the first time I created a website.

    Next up, my first job.. To Be Continued…



  • My life, part 2, 1995-1999

    This is the second part of my autobiography write-up. If you’ve not read this before, start here.

    For James, mainly, I’ve put way more emotional information in here, and stuff about how the divorce affected me, and continues to affect me, than I planned. So, if you’re a potential (or current) employer reading this, know I’ve gotten past all of this, and I’m working really hard to heal the scars my childhood left me. This isn’t really for you, it’s for him.

    Dad reminded me of something that happened during the divorce. We were playing in the garden with some of my cousins, in fact on this climbing frame dad had got us:

    A couple of my cousins. The one on the far right is the one in the story that follows.
    A couple of my cousins. The one on the far right is the one in the story that follows.

    Let’s call her Terri. We were all playing on the frame, and she was hanging like a monkey, from the very top. However, she got stuck, couldn’t find a purchase, or climb off, and her hand was slipping. I got to the top, and grabbed onto her hand, hard, wouldn’t let it slip, and shouted for the others to go get help. Help came, no-one was hurt, although I might have hurt her hand not letting it slip!

    Terri went on to become an *awesome* climber, and is in fact still the strongest climber of the lot of us, so no harm done.

    baby, children, and dogs
    Baby me, with Nanny’s dogs, and some related family on Dad’s side.

    Moving on! Mum and Dad both changed churches (we’re a christian family), related to the divorce. Mum eventually remarried. Dad’s church had a ‘covie camp’, basically a load of us went off with loads of other kids, and we did fun stuff, like go to a Gladiators TV filming, swimming pools and other really awesome things. It was a christian camp, so every night there’d be a sermon and other things going on. As we didn’t have much money at all, neither mum nor dad, church members paid for us to go, something I’ll always be grateful for.

    I guess, if we go offtopic for a second, this is may be an affect of divorce some people don’t realise. Both mum and dad were spending most of their resources trying to bring us up, and give us a good place to stay whilst we were staying with each other. Divorce splits assets, and everyone has to spend more.

    Throughout this period, mum leaned on me more than she should have, and I had a constant want for my parents to get back together. I knew, in my head, that it was impossible, but in my heart I just wanted it like it was before. Looking back, what I really wanted was what I had thought of as a safe place, a safe and stable time before everything changed. I also had a constant want to help my dad, I knew he was unhappy, and wanted to help, but couldn’t do anything. Also, I felt responsible for Garreth, my little brother, though we fought and argued just like most young children. This responsibility would imprint on me, to the point that to an extent I still feel responsible for him, and try to look out for him, when he’s with me.

    Left to right, Garreth, Mum, myself, and a baby B (cousin). Oh, and you can also see my Uncle C's arm on the left.
    Left to right, Garreth, Mum, myself, and a baby B (cousin). Oh, and you can also see my Uncle C’s arm on the left.

    During this period, I had real trouble handling my emotions, loosing control of them now and again. I was basically bottling everything up inside me, till it exploded. The explosions would be anger, and would blow up physically; it would be rare that I wouldn’t damage something or hurt somebody. After an explosion I’d be wracked with intense and overwhelming guilt and sadness.

    During one of these instances, in Junior school, I remember I got into a fight with someone in the playground, and hurt them. I was called into the head-teachers office, and she basically said that there were other kids who were in worse suituations, I should just deal with it. Looking back, I’m just a little angry at that, all it did was make me internalise it all, and try to bottle it more. Just what I needed.

    These spates continued till I was about 13, I eventually hurt a kid quite badly at school, to the point he was hospitalised and had a few stiches, as I’d trapped his thumb in a door. The secondary school of course reacted, but not how you’d think. I was put on a grade of emotional monitoring, having to meet with my tutor and set goals. The teachers also kept an eye on me to an extent. At that point I basically remapped the ‘fight’ explosion instinct to a ‘flight’ instinct, something that would stick with me, to the point if I have a anxiety attack for any reason now, or get into any sort of conflict suituation, I’ll run.

    One last thing that was left in me during this period, was the following:

    argument == conflict == threat == RUN (== being Equal To)

    The covie camps we went to as kids were really fun, and eventually would go on to have a *massive* impact in my life, again changing me. But, I’ll talk about that in the next part: To Be Continued.



  • My Life, part 1, 1987-1996

    A friend asked me to tell him about my life, some of the stuff I’ve gone through. I’m a bit nervous about putting it online, since there’s security implications, and I totally don’t want to sound narcissistic. I’ve changed some facts, and not put some in for aforementioned security reasons. This is of course from my point of view, and has my bias, and will be text, lots and lots of text.

    So, if you’re sitting comfortably, I shall begin.

    I was born in 1987, in a snowy city overseas, in a British Military Hospital, as dad was an army nurse. This has made life a little more interesting than normal, as technically, I’m not English, Welsh, Scottish or (Northen) Irish, but British. My place of birth always makes official people raise an eyebrow. My brother (Garreth) was born around 19 months after me, in a standard english hospital.

    From left to right, Mum, Nanny, me, Great Grandma (dads side), Dad.
    From left to right, Mum, Nanny, me, Great Grandma (dads side, shortly before she passed away) and Dad.

    My first memory was, amusingly, swimming with a plastic lifebelt around me, in a hot sunny cyprus, quite young, thinking “I won’t remember this”.

    I have broken and scattered memories of my childhood until my late teens really. If I dig really hard I can pull out more fragments, but not many. Quite a lot of my early history I mainly know through childhood photos, and the stories my parents told me.

    Dad was posted to Cyprus a couple of times, we went with him and mum when we were quite young, pre-school age. A couple of funny stories I’ve been told; there’s a photo somewhere of me *just* as I bite into a lemon. My face says it all, EWWWW! I did go on to love the taste of lemons and sour things though, so something imprinted ;)

    kirrus holding onto mobility scooter
    Holding onto Nanny’s mobility scooter

    Another story, one time myself and Garreth somehow managed to climb up and grab dad’s car keys from a key hook on a wall. We then managed to open the car, and successfully start the engine. Bear in mind, this was whilst we were in cyprus, so only 5 or so at the time ;)

    Myself and my brother in cyprus, covered in washing up foam
    Myself and Garreth (in that order), in Cyprus

    Dad left the army, relatively soon after we started school, he and mum didn’t want us to grow up as army kids, and he didn’t really fit into the army, from what he told us. Mum at this point was also apparently quite unhappy.

    At age 8, my parents started divorcing, a process that took a few years. I have a few visible memories during this period, of a social worker asking us who we wanted to live with, and mum coming home one day, and telling us it was over. I also remember one or two fights between my parents, and suspect I heard/saw far more that were supressed.

    The most powerful memory I have during that period, was clinging onto my dad, as he was dropping me off in the school playground, not wanting to ever let go, not wanting to leave him, at the start of a Junior school day. I would have been around 8 or 9 at this point. They somehow managed to get me separated, dad left, and me into a quiet office. I fought, hard, wriggling whilst someone held me, trying to calm me. Eventually someone said ‘Johnathon, you hurt me!’, and instantly I calmed. I never wanted to hurt anyone, ever, I just wanted to be with Dad.

    That divorce would go on to shape me, to an extent I’m only now realising.

    Part 2