May
28
I finally found two Wii games that are 100% playable by my four year old daughter. Dora the Explorer: Dora Saves the Ice Princess and Go Diego Go, Safari Adventure. I can highly recommend them. Big plus is that they run in my native language as well (Dutch). My two year old loves to watch the four year old play, as if she is watching a regular Dora or Diego episode. Totally hilarious to watch (Jump!, Jump!, etc.).
You can tell they use the same engine for both games because they are quite similar. Both are side-scrolling platform games. Don’t get me wrong, they are different enough especially for the kids. There are a lot of fun little treasures, vehicles and actions like: skiing, swimming, hang-gliding, elephant riding, cave exploration, jumping, snowboarding, cable-gliding, etc.The on-screen and spoken instructions are perfectly understandable for the target audience.
I have noticed that there are a number of price differences between shops, so it pays to look around. Personally I think these games are worth about the 30 euro’s I paid for each.
Apr
20
Bash script to find the occurrences of Microsoft KB patch numbers in a file
Filed Under Bash, Scripting, Security, Security Patches | Leave a Comment
The below script can be used to check if certain patches, listed in one column in a file “B” occur in file “A”. This script can be used to process the output of the script in the previous post: Script for scanning Windows Vista to determine which Updates have been installed Now this script can be made more sophisticated by for instance adding some counters to keep track of occurrences. But I plan to re-write it in Perl to make it more cross-platform. I’ve delved into the Windows world of scripting with Vbscript, but I find it lacking in certain area’s.
Anyway, also note that the script can be used as a template for a script that simply looks for occurrences listed in file “B” in file “A”. You will most likely have to adept the grep I’ve done here specifically to look for KB patches.
Usage: ./script-name.sh list-of-KB-numbers.txt file-to-process.txt
#!/bin/bash
processLine(){
line="$@" # get all args
searchresult=$(grep "KB($line)" $FILE)
case "$?" in
0)
installeddate=$(echo "$searchresult" | cut -d"|" -f3 | sed -e 's/./-/g')
echo $line found - installed on $installeddate
;;
1)
echo $line "NOT FOUND"
;;
2)
echo error
;;
esac
}
# Loop
# Store file names
FILE=${1}
LIST=${2}
# Check that files exists and are readable
[ ! -f $FILE ] && { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ] && { echo "$FILE: cannot be read"; exit 2; }
[ ! -f $LIST ] && { echo "$LIST: does not exist"; exit 1; }
[ ! -r $LIST ] && { echo "$LIST: cannot be read"; exit 2; }
#Open list for reading
exec 3< $LIST
#Process list line by line
while read -u 3 line
If everything works out you can generate output like this:
Seb$ ./kb-search.sh installed-patches.csv kb-numbers.txt
952004 NOT FOUND
952069 found - installed on 30-01-2009 15:23:31
953155 found - installed on 04-12-2008 13:14:25
954211 found - installed on 02-12-2008 14:53:12
954430 NOT FOUND
954459 found - installed on 04-12-2008 13:15:02
955069 found - installed on 04-12-2008 13:14:57
956390 found - installed on 02-12-2008 14:55:04
956572 NOT FOUND
956802 found - installed on 30-01-2009 15:24:55
956841 found - installed on 02-12-2008 14:53:32
957095 found - installed on 02-12-2008 14:53:42
957097 found - installed on 04-12-2008 13:15:06
958215 found - installed on 30-01-2009 15:26:06
958623 found - installed on 30-01-2009 15:27:34
958624 found - installed on 30-01-2009 15:26:33
958644 found - installed on 02-12-2008 14:55:27
958687 found - installed on 11-02-2009 16:36:50
958690 NOT FOUND
959426 NOT FOUND
960225 found - installed on 31-03-2009 12:46:42
960714 found - installed on 30-01-2009 15:28:13
960803 NOT FOUND
961260 found - installed on 27-02-2009 08:23:40
963027 NOT FOUND
Apr
20
Script for scanning Windows Vista to determine which Service Packs have been installed
Filed Under Security, Security Patches, Windows Vista | Leave a Comment
I needed a way to check which Security patches were installed on Windows Vista machines. Now on XP I used to use the command wmic qfe list , but the problem with this command is that it was never any good figuring out the installed date of a patch. This field was highly depend on the specific update and was/is usually not filled in. Also, in some cases it didn’t report all the updates. I think wmic qfe queried the registry and this wasn’t that reliable.
Another option I explored is to use the Windows Agent Update API. I’ve been having some troubles with that as well, as it seems that the VB-script I ended up writing doesn’t work on Windows XP SP2 (didn’t test it on SP1. SP3 and SP-less). And in one case it didn’t work in Vista either. For some reason it intHistoryCount = objSearcher.GetTotalHistoryCount returns 0 in these cases. I have to figure out why this is. Is it because it can’t talk to Windows update API?
The script outputs in csv format, except that I use “|” instead of “,”. I also put parenthesis around the text fields. So if you want to import it in Excel, make sure to select the pipe symbol “|” as a seperator. Run the script from a cmd box under Vista with: cscript scriptname.vbs > output-file.csv
I’ll be coming back to this post after I’ve done some testing in the coming weeks.
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher
intHistoryCount = objSearcher.GetTotalHistoryCount
Set colHistory = objSearcher.QueryHistory(1, intHistoryCount)
For Each objEntry in colHistory
Wscript.Echo objEntry.Operation & "|" & objEntry.ResultCode & "|" & objEntry.Date & "|" & Chr(34) & objEntry.Title & Chr(34) & "|" & Chr(34) & objEntry.Description & Chr(34) & "|" & objEntry.ClientApplicationID & "|" & objEntry.ServerSelection & "|" & objEntry.ServiceID & "|" & Chr(34) & objEntry.UninstallationNotes & Chr(34) & "|" & objEntry.SupportURL
Next
Mar
7
Scanning for SSL-hosts and automatic downloading of SSL-certificates
Filed Under Networking, PKI, SSL-certificates, Security | Leave a Comment
Update: I’ve corrected a lot of spellings/gramar mistakes in this post. But it’s likely they are still some/many. I also updated some of the scripts.
Basically this is a fast nmap scan for 443 hosts, of which the results are saved in output.gnmap and then very pragmatically modified and saved into ips-domains.txt. This file is then processed by another script to connect with OpenSSL to the found hosts and then use X509 utility to get a bunch of certificate parameters. You can adjust the script to save the certificates in files, get other parameters etc.
The output is a CSV file with a header row at the top. You can import it in Excel as a text file specifying a comma as a seperator. Some records might require some manual clean-up. Again, it’s all ugly coded, but useful to me, so it might be useful to you.
I also whipped up a little script to clean up the date output you get from OpenSSL. You will need to save the date column from your CSV file into a seperate file and feed it to this script like: re-dater.sh dates.txt. I’ve included it at the bottom, you might to customise it to your needs.
Look here for more info:
http://www.madboa.com/geek/openssl/#cert-retrieve http://www.openssl.org/docs/apps/x509.html
I used Vivek Gite’s Read a File Line By line code to make both scripts. You can find it here:
http://bash.cyberciti.biz/file-management/read-a-file-line-by-line/
I’ll add some explantions later. But you should be able to figure out most of the stuff.
First the nmap scan, followed by some grep, sed and sort to get some descent output (IP, domain namelist):
nmap -PN -p 443 -oG output.gnmap a.b.c.d/24
grep open output.gnmap | cut -f1 |cut -d " " -f2,3 | \
sed -e 's/[)]//'|sed -e 's/[(]//' | \
sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 > ips-domains.txt
Save the below script, for instance as get-cert-info.sh, make it executable and do:
$ ./get-cert-info.sh ips-domains.txt
#!/bin/bash
# By Sebastiaan Mangoentinojo for Yara 2009
# Script reads in a two column file of SSL IP-addresses and host-names, then downloads and processes their certificates
# Output is in CSV
# CSV header ROW
echo "IP-address, Reverse lookup DNS-name, Signing Algorithm, Subject, Issuer, Start-date, End-date, Serial, Return code of certificate check"
# Start of loop
processLine(){
line="$@" # get all args
IP=$(echo "$line" | cut -d" " -f1)
DNSNAME=$(echo "$line" | cut -d" " -f2)
TARGETDOM=$(echo "$line" | cut -d" " -f2)
HOST="$TARGETDOM:443"
# The use of expect here is mainly to improve performance, by sending a quit (q) after the cert is downloaded
# we avoid waiting for the openssl timeout, in any case, a 5 second timeout is set just to be sure (the default is much longer).
RAWCERT=$(expect - << EOF
set timeout 5
# Connect and download certificate
spawn openssl s_client -connect ${HOST}
expect "Verify return code:"
send "q"
)
CERTTEXT=$(echo "$RAWCERT" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p')
SIGALG=$(echo "$CERTTEXT" | openssl x509 -noout -text | grep -m 1 "Signature Algo" | cut -d: -f2)
SUBJECT=$(echo "$CERTTEXT" | openssl x509 -noout -subject | sed -e 's/subject= //')
ISSUER=$(echo "$CERTTEXT" | openssl x509 -noout -issuer | sed -e 's/issuer= //')
START=$(echo "$CERTTEXT" | openssl x509 -noout -startdate | cut -d= -f2)
END=$(echo "$CERTTEXT" | openssl x509 -noout -enddate | cut -d= -f2)
SERIAL=$(echo "$CERTTEXT" | openssl x509 -noout -serial | cut -d= -f2)
RETURNCODE=$(echo "$RAWCERT" | grep "Verify return code:")
# Output CSV
echo $IP, $DNSNAME, $SIGALG, $SUBJECT, $ISSUER, $START, $END, $SERIAL, $RETURNCODE
}
### File line loop ###
# Store file name
FILE=""
# Make sure we get file name as command line argument
FILE=${1?"No file name specified"}
# Check that file exists and is readable
[ ! -f $FILE ] && { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ] && { echo "$FILE: cannot be read"; exit 2; }
#Open file for reading
exec 3< $FILE
#Process file line by line
while read -u 3 line
do
# use $line variable to process line in processLine() function
processLine $line
done
# Close file after reading
exec 3<&-
exit 0
This is the re-dater script, save it, make it executable and do:
$ ./re-dater.sh dates.txt
#!/bin/bash
# Clean up OpenSSL dates output
processLine(){
line="$@" # get all args
line=$(echo "$line" | sed -e 's/GMT//')
line=$(echo "$line" | cut -d" " -f1,2,4)
DAY=$(echo "$line" | cut -d" " -f2)
MONTH=$(echo "$line" | cut -d" " -f1)
YEAR=$(echo "$line" | cut -d" " -f3)
echo $DAY\/$MONTH\/$YEAR
}
### File line loop ###
# Store file name
FILE=""
# Make sure we get file name as command line argument
FILE=${1?"No file name specified"}
# Check that file exists and is readable
[ ! -f $FILE ] && { echo "$FILE: does not exist"; exit 1; }
[ ! -r $FILE ] && { echo "$FILE: cannot be read"; exit 2; }
#Open file for reading
exec 3< $FILE
#Process file line by line
while read -u 3 line
do
# use $line variable to process line in processLine() function
processLine $line
done
# Close file after reading
exec 3<&-
Nov
27
Create encrypted and password protected zip archives on Mac OS X
Filed Under Mac, Security | 2 Comments
Today I wanted to sent a password encrypted file to a Windows user and obviously the first thing that comes to mind is a password protected zip file. So I set out to create such an archive only to discover that OS X natively doesn’t support it. Not the built-in GUI unzipper (Bomarchiver I believe), nor the command-line gzip and zip. Total fail.
Now I knew for sure that zip supports encrypting files with the -e option, so the version installed on my OS X Leopard 10.5.5 wasn’t compiled with the right options.
I looked at purchasing a commercial zip utility, but I found them too expensive. C’mon, Stuffit Standard costs $49.99. A bit much if you ask me.
Anyway I decided to go for to go for the Open Source and command line based zip, except now compiled with encryption. I could have compiled from source, but I went for Macports, which keeps my non-standard binaries organised under /opt.
So these are the commands I ran, to search for zip, see what variants are available and finally to install it. For more info see the Macports website.
MacbookPro$ sudo search zip MacbookPro$ sudo variants zip MacbookPro$ sudo install zip
Then to figure out which zip you are using (read: is in your path first) do:
MacbookPro$ which zip
If it comes up with /usr/bin/zip you are using the standard, non-encryptorator zip. The Macports zip is installed (normally) under /opt/local/bin/zip. You can alter your path or backup the old zip and link to the new zip to solve this. Or just leave it where it is and call it directly. Whatever you fancy.
To password protect a file or files do:
MacbookPro$ zip -e archive.zip file1.doc file2.pdf file3.cap
And you will be prompted for a password. We did it! (I might have watched too much Dora the Explorer with my kids)
Nov
26
Funny Security Frameworks
Filed Under Blogging | Leave a Comment
I did a Google search on Security Frameworks. The first hit I got was to this PDF: Security Frameworks. And since I linked to it here, I’m helping to keep it high on the search list.
Let me just say that, this is about the funniest security document I have read in a while. Don’t get me wrong, it is not meant to be funny. I assume at least. I don’t want to offend the author, but seriously, this is funny stuff. I suspect it’s from 2005 based on the file date, but it doesn’t say in the document itself.
You would expect that a document called “Security Frameworks” would contain subjects like BS 7799, ISO2700x, COBIT, etc. However you won’t find any any of these standards and frameworks in the document.
Instead the author basically comes up with, what I assume, is his own security framework based on the OSI seven layer network model 
He even defines two new layers: layer 8, the financial layer and layer 9 the political layer. I’ll will give you a couple of seconds to think about that.
Have a read through the document. It’s really worth it. For instance, on page 21 he starts mapping the model to what he calls security components. Some examples:
| Security Component | Architecture Layer | Architecture Component Description |
| Managing user accounts on and access to the network | Layers 6 & 7, Presentation and Application Layers | Uses Network NOS, Active Directory, LDAP, etc. to authenticate. |
| Provides an operational framework for regular security checks | Layer 8 – Financial Layer | Security becomes part of the enterprise operations, providing consistent security management in the same fashion as enterprise system management. In the same way, the security framework reduces the total cost of security. |
| Provides a platform to align security with business goals | Layer 9 – Political Layer | Security framework can be used to manage security consistently to meet business goals just as the enterprise system management manages the IT infrastructure to meet the company objectives |
Now I don’t want to go into details, but this is just mind boggling. It seems like the author at least worked with security related products. Does have some basic knowledge of security terminology, seems to have a network security (firewalls, VLANs, etc) background, but does not seem to understand security as a whole and how things fit together. He quotes the cliché:“Security is not something you buy, it is something you do”
. And he certainly did something. Perhaps he should have bought an ISO standard. Ok, that was a lame joke 
On the other hand, he gets an A for effort in my book. Coming up with a security framework is usually something a big group of serious people do. To make your own is impressive, no matter if it makes sense or not. And I do recognise myself (a little) in the struggle to give all these IT and IT security subjects a place in your head, to find some structure for the mesh of abbreviations and abstractions.
None the less it looks like a perfect example of an engineer who grew into a security job somehow, but never stopped and asked himself “What is security?”
.
Nov
26
Use OpenLDAP with RSA SecurID 7.1 and Juniper SA SSL-VPN appliance
Filed Under Networking, Security | Leave a Comment
For a client I had to integrate a Juniper SA SSL-VPN appliance with RSA SecurID 7.1 server for strong authentication. This is pretty straightforward except for the fact that with only these two components you can’t really do any sensible role mapping on the Juniper. You will end up with assigning the SecurID authentication server to a certain URL (limitation: you can only have one SecurID server per SA system) like https://juniper.sa.com/ and then role map everybody that authenticates to this system with if user * then map role roleX. This isn’t what you want in most situations, because all the users will be granted the same role and have the same kind of access. You can’t distinguish between the users.
Ideally you would like the SecurID server to communicate back some identifier like group-name and use this in the role mapping rules. This, however, is not supported by this Juniper SA/RSA SecurID combination. The SecurID server will only communicate authentication failed/success messages to the Juniper SA.
if...then logic to assign Juniper roles to users. Roles give users all kinds of authorizations, security controls, interface settings, etc. For example a user named “Pete” is assigned role “Head of Catering” which allows him access to “Food Inventory” application, displays “Catering” in big fat letters on his sign-in page and allows him to access the “Ordrrz-Milk” application on Sunday between 22:00 hours and 23:00 hours.
Luckily the Juniper SA authentication setup alows to specifiy a Directory server which can be used to lookup additional information after succesfull authentication. Now we need only to arrange such a server and to store some usefull information in there. Ideally I would like to use the user and group information from the SecurID server. This way user admins would only have to manage user and group information on the SecurID server. The SecurID supports LDAP to do just this, however it only supports Sun Java System Directory Server 5.2, SP 3 and Microsoft Active Directory 2003, SP 2. This kind of sucks, why not include OpenLDAP or some schema files?. I’m digressing. Luckily I figured out to get it working with OpenLDAP, which is included in this write-up.
The end result was that we could apply the logic: if the_user is member of SecurID group sX then assign Juniper SA role jX. The advantage of this setup is that we are able to manage users and groups on the SecurID servers via the webgui “Security Console”. The Juniper roles and role mappings need to be managed on the Juniper, but normally these don’t change that much after initial setup. So you do your day-to-day user administration via the web based RSA SecurID Security Console
So let’s setup OpenLDAP, Juniper SA and the SecurID server to build all this.
Jul
31
Wet Floor
Filed Under Blogging | Leave a Comment
Today I had to go to a clients office in Brussels. Outside they had the following Wet Floor sign:
Not sure if water is the primary threat here.
Jul
31
TextMate Blog Bundle behind a proxy
Filed Under Geek, Mac, Networking, Security | 3 Comments
At some of my clients sites I use a SSH port forward to a Squid proxy running on my own server (which is connected to the Net). This way applications can use this proxy by connecting to localhost on TCP port 3128. The Squid proxy supports a bunch of protocols like http, https and ftp.
On my Mac I then use Locations to configure Proxy settings per, well, location
I use the excellent TextMate Blogging Bundle to blog, but TextMate isn’t aware of the global proxy settings in OS X, nor does it seem to pickup on the http_proxy and https_proxy variables I’ve but in my bash profile. So after some googling I’ve found the following:
- Go to TextMate, Preference, Advanced, Shell Variables.
- Now add the following variable: TM_HTTP_PROXY with the value PROXY:PORT, so for me that’s localhost:3128.
By the way, using SSH also protects against someone eavesdropping for your blogs password. I’m currently setting up HTTPS for my blog in cases where I cannot use SSH for some reason (since my SSH daemon listens on port 443, this doesn’t often happen). I’ll test if we can use something like TM_HTTPS_PROXY.
Jul
25
Blogging from my iPhone
Filed Under Geek, Technology | Leave a Comment
Sooo, my first post from my iPhone (1st gen, jailbraked/unlocked, 2.0 OS). I’m officially a douchebag now
Jul
24
RSA SecurID 7.1 on Red Hat Enterprise 4
Filed Under Blogging | 5 Comments
I’ve been working on a remote access (SSL) project where I am going to use RSA SecurID and RSA hardware tokens for strong authentication. Pretty standard stuff, except for the fact that these new 7.x SecurID releases are totally different from the previous versions I worked with (5.x, 6.x). I’m going to list some stuff I came across that might be helpful for anyone thinking about implementing it or currently working on it.
My OS is Red Hat Enterprise 4, 64-bit
- If you are using a 64-bit install, you can’t use the built-in RADIUS-server. I guess they don’t have a 64-bit binary
- You can’t edit sdconf.rec anymore. You can only generate a new one for which you can specify retries and timeouts, and indirectly listening ports, but not IP-addresses
- You can’t really use two network interfaces to separate traffic to the web-based authentication manager (TCP 7002) and the authentication agent (UDP 5500). The authentication manager will bind to the IP-address/hostname the SecurID server is installed on, and the authentication agent will listen on all IP-addresses. The authentication agent will always “answer” connections to the IP-address the server is running on and on any sub-IP that can be configured in the authentication manager. I know… it sounds a bit confusing, but it comes down to that the authentication manager and the authentication agent will always listen (and answer) on the one IP the server is running on. I couldn’t find a way to install both daemons on a different IP. The problem as well is that although you can specify sub-IP’s which might be a workable solution in certain scenario’s, the original IP is configured as the first IP in sdconf.rec, meaning that you will have to wait for a timeout before the sub-IP is tried by the client trying to authenticate against the SecurID server. If anyone has any idea’s how to pull this off let me know
- You can use the tool rsautil with the option update-instance-node to change the SecurID’s IP and hostname if you change any of these on the server. However I had mixed results with this tool. For instance, tt seems to have a bug if your domain-names contain a “-”. When I tried to change name.server.com into name-eth0.server.com, after a number of times I ended up with name-eth0-eth0-eth-eth0.server.com. Furthermore it seems that the tool does some simple find and replace of value’s in the RSA config-files, which is a pain sometimes, because you always have to supply the “old” value first.
I’ll post more information online while I’m working on this. I’m also working on a guide for setting up a Juniper SA (2000 and up) version 6.2 with RSA SecurID 7.1.
Jul
10
Update:
I send a email to www.kinepolis.be, asking if they were going to show Batman in IMAX. Their answer (translated from Dutch):
Sorry, we haven’t been showing movies in our IMAX screen.
Damn, so they actually have a IMAX screen, but they stopped using it. How sad is that? I replied to them that this might be a great opportunity to promote IMAX. I realize that it is probably too late, but still, no harm in trying Looks like I really have to travel to Amsterdam to watch it in IMAX. Who’s up for it?
Update 2:
Talked to a friend and it looks like we are going to London to watch The Dark Knight. Sweet!
Update 3:
Check it out this short Youtube clip showing The Dark Knight IMAX featurette. I didn’t embed it on purpose btw.
The new Batman movie, The Dark Knight (official site, IMDB.com) is released in theaters this month.
The cool thing is that it’s shot in the IMAX format. Know I’ve been really waiting for this movie to come out and I definitly want to watch it in IMAX, but I’m not sure it’s showing in IMAX in Belgium.
I think Kinepolis Brussels has IMAX capabilities, but I’m not sure. I loved watching Beowulf 3D in Kinepolis Leuven btw and I’m generally very satifisfied with the Kinepolis movie experience. Which is generally a lot better then the Dutch Pathe theaters.
Does anyone know?
There is a US/CANADA list of IMAX theaters that show the movie.
I might just have to watch it in Amsterdam at the Pathe theater.
Jul
9
Fox Propaganda
Filed Under Politics | Leave a Comment
Amazing to see an actual real life propaganda machine at work in the States; the Fox “news” Network
Jul
8
iPhone 3G in Belgium: 11-7-2008
Filed Under Geek, Technology | Leave a Comment
I got an email from Mobistar, which announces the iPhone for Belgium Unfortunately they don’t mention a date in the mail yet. They actually seem to use not-mentioning-a-date as a marketing strategy. Brilliant stuff.
On the site that comes with the mail they finally give you the actual date 11-7-2007. Sweet.
I’m probably going to get one. But the price is a bit steep at 525 euro (update: this is for the 8GB version). You have to understand that phone companies can’t subsidize your phone in Belgium. Well they can, but they cannot put a SIM-lock on it. Long story about some ancient law trying to protect customers for bundles sales. I’ll get into that in a future post.
Anyway I registred for the introduction party. I’m such a fanboy, yuck.
Now, who wants to buy my iPhone EDGE?
== Update
So the black one is 8 GB and costs 525 euro The white one is 16 GB and costs 615 euro
Damn, the data-plans aren’t really impressive are BAD:
Jul
8
Update: My first Digg submission
Filed Under Blogging | Leave a Comment
Update:
Someone else posted the same comic and got 1500+ Diggs, while I was stuck at 3. I guess I don’t have enough Digg buddies. http://digg.com/comedy/WereScientists
Check it out: http://digg.com/comicsanimation/AbstruseGooseComicScienceJehovahs
The problem is that I don’t know anyone that actually has a Digg account, besides myself. I have fake geek friends 
Anyway, the comic is funny as hell
Jul
8
Too busy? Sure…
Filed Under Philosophy | 2 Comments
A lot of people are really busy, some seem always busy. I noticed I get annoyed sometimes when I try to plan something with a person, but can’t get a date and/or dates get cancelled because he or she is busy repeatedly. I have a very busy life myself, but me and my wife always seem to be more flexible then others. I guess that’s mostly because my point of view
We have two kids, I’m a freelance IT contractor doing <strike>seventy</strike>60+ hours a week, and all are relatives life in another country. It’s true that you never know what is going on in someone’s life and shouldn’t compare. But then again over a period of a couple of years you start to see trends in peoples behavior.
I gave this problem a little thought while I was taking a shower. Basically I came up with:
Too busy means: I'm investing my time in something else that (to me) has a higher priority then you.
Nothing wrong with that. Makes sense. If we continue with this then:
Too busy, a lot of times means: a lot of stuff in my life has a higher priority then you.
Since it’s not unusual for people to actually be busy with stuff that has legitimately a higher priority in their life then me (go figure), I wouldn’t suggest to dramatically cut too busy people out of your life or start a emotionally argument with them regarding the subject 
. However I do think that when a person is too busy, a lot of times and nothing really serious is going on in their life (sickness, etc), they are not that interested in you (or your family). The whole too busy stuff is just a symptom.
So my approach now is that I basically leave them alone. I’ll be friendly to to them. Life is too short and such. You can’t really maintain hundreds of relationships anyway and everybody is different. Their will be plenty of other opportunities in the future, which might not be taken advantage of, which is sad and beautiful because it’s just the way life is isn’t it?
Jul
7
Awesome Garlic Butter
Filed Under Recipes | 2 Comments
This recipe is partly based on a herb-butter recipe in a Steak House that me and my friends regularly visited when we were 16 - 20 year old. Not just for the food, but also for the company of the owner who was a friend of hours. The Steak House was called Torado and it was located in a town called Emmen in The Netherlands. The owner also sponsered our Dojo and the first cage fight ever in The Netherlands. Those were the days . The main thing I took from their recipe was the use of lemon juice.
This will taste great on most kinds of bread and toast. It’s awesome on a slice of grilled French bread or on steak. Eat it with big shrimps or rub a whole chicken in with this stuff and oven roast it.
The big secret is not so much the butter, although I advise to use real (unsalted) butter, but the use of fresh herbs combined with lemon and the freshly ground pepper. Using store-bought pre-ground pepper and/or dried parsley/celery and/or bottled lemon/lime juice will kill this recipe. So don’t use them. If you plan to… well it’s just bad karma, that’s all
Jul
5
Abstruse Goose Comics
Filed Under Blogging | Leave a Comment
I find these really funny: http://abstrusegoose.com/. Check out this one about dual-booting Ubuntu.
Jul
4
So I went to see the new Hulk movie last monday called The Incredible Hulk.. Based on the imdb.com ratings, it should be a lot better then the “other” Hulk movie made by Ang Lee a couple of years ago. For you who don’t know, the two movies are not related at all.
Although Ang Lee’s movies certainly has his weak spots and is far from perfect (mutant dogs anyone?) , I liked the whole idea of the movie and I actually loved many parts of it. Without wanting to sound like a movie snob, it does have many layers. The new Hulk movie, the Incredible Hulk, is just an action movie. Period. It’s not bad, but it’s not good either. It’s a popcorn flick.
Since many reviews of both movies and even a bunch of “versus” articles can already be found I only wanted to focus on two things that I want to point out: CGI and Comic Hulk versus TV Hulk.
Jul
4
Brains and Humanity
Filed Under Philosophy | Leave a Comment
Very interesting vid from www.ted.com: