DKIM and Mailing Lists

The Problem

DKIM is a standard for digitally signing mail to prove it’s authenticity and prove that it was not modified. In an ideal situation it can be used to reject corrupted or forged messages.

DMARC and ADSP are standards for indicating that mail from a domain should be signed. This prevents hostile parties from removing the DKIM signature and modifying the message. DKIM is only half as useful without them (it can still prove authenticity but it can’t prove that mail was forged and allow rejecting forged mail).

A mailing list is a software system that receives a message from one person and then generates messages to many people with the same content. A common setting of a mailing list is to insert “[listname]” at the start of the subject line of each message that goes through, this breaks the DKIM signature. Another common setting is to append a footer to the message giving information about the list, this breaks the DKIM signature unless the signature uses the “l=” flag (which Gmail doesn’t). When the “l=” flag is used a hostile party can append text to a message without the signature breaking which is often undesired. Mailman (one of the most common mailing list systems) parses and regenerates headers, so it can break DKIM signatures on messages with unexpected header formatting. Mailman also in some situations uses a different MIME encoding for the body which breaks DKIM signatures.

It seems almost impossible to reliably get all mail to go through a Mailman list without something happening to it that breaks DKIM signatures. The problem is that Mailman doesn’t just send the message through, it creates new messages with new headers (created from a parsed copy of the original headers not copying the original headers), and it sometimes parses and re-encodes the body. Even if you don’t choose to use the features for appending a message footer or changing the subject DKIM signatures will often be broken.

Stripping the Signatures

As there is no way to reliably (IE for every message from every sending domain that uses DKIM) pass through messages with DKIM signatures intact the only option is to strip them. To do that with Mailman edit /etc/mailman/, add the directive “REMOVE_DKIM_HEADERS = Yes“, and then restart Mailman. If none of the people who send to your list used DMARC or ADSP then that solves your problem.

However if there are senders who use DMARC or ADSP and recipients who check those features then mail will still be rejected and users will get unsubscribed. When DMARC or ADSP are in use the mailing list can’t send out list mail purporting to be from a list member, it must send out mail from it’s own domain.

A Legitimate From Field

In the web based configuration for Mailman there is a dmarc_moderation_action setting that can munge the From field on messages with a DMARC policy. One thing to note is that when one list uses the dmarc_moderation_action setting it causes DKIM users to configure DMARC which then makes more problems for the people who run lists with no settings for DKIM. Also that doesn’t solve things for ADSP messages or messages that don’t use either DMARC or ADSP. It’s not uncommon for people to have special configuration to prevent forged mail from their own domain, requiring a valid DKIM signature is one way of doing this. Finally many users of DKIM enabled mail servers don’t have the option of enabling DMARC.

If you use the from_is_list setting in the web based configuration for Mailman then all mail will have a From field which shows who the message is from as well as the fact that it came From a list server. This combined with REMOVE_DKIM_HEADERS will allow DKIM signed mail sent to the list to go through correctly in all cases.

If you run many lists then changing them all through the web interface can be tedious. Below is a sample of shell code that will use the Mailman config_list program to change the settings to use from_is_list. NB I haven’t actually run this on a Mailman server with lots of lists so check it before you use it, consider it pseudo-code.

for n in lista listb listc ; do
  config_list -o /tmp/$n $n
  sed -i -e "s/from_is_list = 0/from_is_list = 1/" /tmp/$n
  config_list -i /tmp/$n $n

The from_is_list setting makes a change like the following:
-From: Russell Coker <russell at>
+From: Russell Coker via linux-aus <linux-aus at>


There are similar problems with SPF and other anti-forgery methods. The use of from_is_list solves them too.

Signing List Mail

An ideal list configuration has the list server checking DKIM signatures and DMARC settings before receiving mail. There is normally no reason for a mailing list to send mail to another mailing list so mail that the list server receives should pass all DKIM, DMARC, and ADSP checks. Then the list server should send mail out with it’s own DKIM signature.

When a user receives mail from the list they can verify that the DKIM signature is valid. Then if they know that the sender used DKIM (EG the mail originated from or another domain that’s well known to use DKIM) then they know that it was verified at the list server and therefore as long as the list server was not compromised the message was not altered from what the sender wrote.


The Debian Wiki page about OpenDKIM is worth reading [1]. OpenDKIM is generally regarded as the best free software DKIM verification and signing daemon available. The Debian Wiki only documents how to install it with Postfix but the milter interface is used by other MTAs so it shouldn’t be too hard to get it working with other MTAs. Also the Debian Wiki documents the “relaxed” setting which will in some situations solve some of the problems with Mailman munging messages, but it doesn’t guarantee that they will all be solved. Also in most cases it’s not possible to get every user of your list to change the settings of their DKIM signing to “relaxed” for the convenience of the list admin.

The Mailman Wiki page about DMARC [2] and the Mailman Wiki page about DKIM [3] are both good resources. But this article summarises all you really need to know to get things working.

Here is an example of how to use SpamAssassin to score DKIM signatures and give a negative weight to mail from lists that are known to have problems [4]. Forcing list users to do this means more work overall than just having the list master configure the list server to pass DKIM checks.


Here are the details of some Mon tests I run:


The following tests the local DNS cache. I didn’t use in my real tests, I used the domain of a multi-national corporation that has a very short DNS timeout that seems related to their use of the Akamai CDN. I won’t tell people which company to use, but I’m sure that any company that can afford Akamai can afford a query from my server every 5 minutes. ;)

  service dnscache
    description DNS caching
    interval 5m
    monitor dns.monitor -caching_only -query
    numalerts 1
    alert mailxmpp.alert -x -m
    upalert mailxmpp.alert -x -m

The following section of monitors Google DNS for the validity of domains that I host on my name server. The aim of this is to catch the case where someone forgets to pay for zone renewal so that they can pay while the zone is locked before it becomes available for domain squatters. It uses M4 so it can be generated from the BIND configuration.

  service myzones
    description check Google DNS has my zones
    interval 1h
    monitor dns.monitor -caching_only QUERYDOMAINS
    numalerts 1
    alert mailxmpp.alert -x -m
    upalert mailxmpp.alert -x -m

The following Makefile generates a file from the BIND configuration that monitors the www entries in zones and the first PTR entries in IPv6 reverse zones. Note that the spaces will need to be converted to a TAB if you want to cut/paste this.

all: /etc/bind/named.conf.local Makefile
        m4 -DQUERYDOMAINS="$(shell for n in $$(grep zone /etc/bind/named.conf.local|sed -e s/^zone..// -e s/\"\ .$$//|grep -v ^//| grep -v arpa$$ ; for n in $$(grep zone.* /etc/bind/named.conf.local|sed -e s/^zone..// -e s/\”\ .$$//|grep -v ^//) ; do echo -query$$n:PTR ; done) ; do echo -query www.$$n ; done)" >
        /etc/init.d/mon restart

Debian Repositories

Here is a list of the Debian repositories I maintain. I include sources.list lines both directly and via a TOR Hidden Service (see Petter’s blog post about TOR and APT [1]).

All my repositories support i386 and amd64 architectures. Not all packages will be supported in both architectures. In the past I’ve had to rebuild lots of i386 packages to avoid execmem while amd64 packages needed no changes due in part to amd64 having more registers. But sometimes I just don’t need a package on an architecture for my own systems.

While I aim to make i386 and amd64 equally usable for everyone for SE Linux and WordPress the misc repository is mostly to suit my own needs.


Currently the only repository I have for Stretch is for WordPress. I will probably have a SE Linux repository soon.

I am no longer updating the Jessie repository for WordPress, but I expect that the Stretch packages will work on Jessie without any problems. So you can use the Stretch repository if you are still running Jessie.

deb stretch wordpress

deb http://6kbiotdr2vvb7ftu.onion stretch wordpress


The SE Linux repository has policy and various updates of Jessie packages for better support as well as backports from testing/unstable. The backport of systemd has no support for AppArmor as supporting that was inconvenient and it’s impossible to run both SE Linux and AppArmor at the same time.

The misc repository has random changes that aren’t liked by the Debian maintainer, backports, etc. Currently the only thing in there is a build of Sendmail that uses const more often in Milter headers.

The wordpress repository has lots of things that I haven’t added to Debian because of the difficulty in providing useful security support. Also the Jessie WordPress repository worked with a wheezy system last time I tested, it depends on the latest version of WordPress not on any other package.

deb jessie selinux
deb jessie misc
deb jessie wordpress

deb http://6kbiotdr2vvb7ftu.onion jessie selinux
deb http://6kbiotdr2vvb7ftu.onion jessie misc
deb http://6kbiotdr2vvb7ftu.onion jessie wordpress


The wheezy repositories for SE Linux, misc, and WordPress have much the same aims as the Jessie versions – but I’ve had more time to work on them. Note that I am no longer updating the WordPress repository.

The ZFS repository is only for amd64. I generally don’t recommend that people use it. Install ZFS from I created the wheezy repository before they created their repository. I’m not deleting it because it MIGHT be useful in some situation.

deb wheezy selinux
deb wheezy misc
deb wheezy wordpress
deb wheezy zfs

deb http://6kbiotdr2vvb7ftu.onion wheezy selinux
deb http://6kbiotdr2vvb7ftu.onion wheezy misc
deb http://6kbiotdr2vvb7ftu.onion wheezy wordpress
deb http://6kbiotdr2vvb7ftu.onion wheezy zfs


I’ve got a bunch of old Squeeze repositories. Apart from the SE Linux one I don’t think that any of them provide much benefit at this time. I’m not supporting Squeeze SE Linux nowadays except as a consulting service.

deb squeeze selinux
deb http://6kbiotdr2vvb7ftu.onion squeeze selinux

Free Educational Android Apps

This post has a list of educational apps for Android phones and tablets that I have discovered. I can’t claim that each app is the best for it’s purpose, but I’ve tested out each one and found it to be useful.

I am separating the lists into apps that have full functionality when offline and those which require Internet access. Sometimes it’s handy to be able to load up your phone with apps that you can use later when there’s no net access.

Quick Apps that Don’t Need Internet Access

Here are some apps that can be quickly used without much prior knowledge and without Internet access.

Quick Apps that Need Internet Access

Here are some apps that are easy to use but require Internet access.

More Complex Apps

Classes of Common Apps

There are some educational related categories of apps where there are many apps performing similar tasks, so instead of trying to find one app that could be claimed to be best I’ll just list what you can search for in the Android market. If you know of one particular app in some category that stands out then let me know.

  • “Wikipedia”. There are many apps that read Wikipedia online that work in different ways and none of them really satisfy me. But you need to have one of them.
  • “Conway’s Life” is the classic cellular automata game.
  • “Bridge construction” games are good for teaching some principles of engineering. There are many such games with slightly different features.
  • A “graphing” calculator. In the olden days a graphing calculator cost $100 or more, now there is a range of free apps to do it. Some apps only support a single graph, but apart from that they all seem OK.
  • “Fractal” generating programs can be educational, but only if you have some idea of the maths behind them.
  • “Stop motion” generation programs, also “gif creator” can find some good matches. I haven’t been really satisfied with any of the programs I’ve tried, but some have worked well enough for my needs. Let me know if you find a really good one.

Intellectual Android Games

Here is a list of Android games that involve thinking:

SE Linux Play Machine

Free root access on a SE Linux machine!

To access my Debian play machine ssh to zp7zwyd5t3aju57m.onion as root, the password is “SELINUX“.
I give no-one permission to distribute this password. If you want to share information on this machine you must give the URL to this web site. In some jurisdictions it would be considered a crime to distribute the password without my permission (IE without giving the URL to this web page).

Note that such machines require a lot of skill if you are to run them successfully. If you have to ask whether you should run one then the answer is “no“.

The aim of this is to demonstrate that all necessary security can be provided by SE Linux without any Unix permissions (however it is still recommended that you use Unix permissions as well for real servers). Also it gives you a chance to login to a SE machine and see what it’s like.

When you login to a SE Linux play machine make sure that you use the -x option to disable X11 forwarding or set ForwardX11 no in your /etc/ssh/ssh_config file before you login. Also make sure that you use the -a option to disable ssh agent forwarding or set ForwardAgent no in your /etc/ssh/ssh_config file before you login.

If you don’t correctly disable these settings then logging in to the play machine will put you at risk of being attacked through your SSH client.

There is an IRC channel for discussing this, it is #selinux on


  • Editing thanks.txt_append_only with vi won’t work, use cat or echo to append data to the file. The following commands will work:
    echo something >> thanks.txt_append_only_dont_edit_with_vi
    cat >> thanks.txt_append_only_dont_edit_with_vi
  • There is no harm in letting you see dmesg output for such a machine, security by obscurity isn’t much good anyway. For a serious server you would probably deny dmesg access, but this is a play machine. One of the purposes of the machine is to teach people about SE Linux, and you can learn a lot from the dmesg output.
  • This is not a simulated machine or honeypot. It’s a real Lenovo ThinkCenter desktop PC running Debian/Jessie (pre-release) SE Linux in a Xen DomU. You really have UID==0. The Xen configuration is a default Debian install with a standard Debian kernel. SE Linux does it’s own permission checks in addition to the Unix permission checks. If you don’t believe me you are free to write assembler programs to call getuid() etc. But it would be a lot easier for you to just install a recent version of Debian or Fedora, see how it works, and read the source if you wish.
  • I will provide instructions on installing such machines soon.
  • To administer a SE Linux machine you need to have sysadm_r (the SE Linux administrative role) and UID==0 (the regular Unix admin account). So there needs to be a UID==0 account. As in regular Linux the UID==0 account does not need to be named “root”. In the case of this machine the root account has UID 0, but it has few privs in SE Linux.
  • The default policy in Fedora is known as the targeted policy, it has no restrictions on user login sessions (so can never be used for such a machine). The policy I use for this machine is known as the strict policy. The default configuration of the strict policy does not support running in such a manner and requires some changes.
  • This machine is intentionally more permissive than some other play machines. I let you see the policy files so you can learn how to configure a machine in this way.
  • Regarding core-dumping bash to read the history. That’s nice work, but you could have just used cat, grep, or any of your favourite tools on /root/.bash_history with much less effort.
  • Some people have asked for ping, telnet, etc access. I would like to provide such access (and have provided it in the past). I removed ping access because some people were using ping with large packet sizes to attack machines with small network connections. I removed telnet access because people were running scripts to try and discover (and attack) hosts with broken telnetd’s. As for whether the machine is usable without such access, for it’s intended purpose (demonstrating what SE Linux can do) it is quite useful. As a general shell server it’s not very useful because you share your account with lots of people who may rm your files or kill your processes.
  • Some types of files and directories may not be stat’d by unprivileged users (this includes shadow_t for /etc/shadow). Such files and directories show up in flashing red in the output of “ls -l” because ls can’t even determine whether it’s a file or a directory.

Worthless Questions at Lectures

I’ve previously blogged about the productive length of questions at lectures [1]. But it seems to me that worthless questions can be recognised before the person asking even gets properly started. Here is a list of ways of recognising them:

  1. Appeal to authority. If someone tells you about their job or other qualifications before asking a question then the question is almost certain to be useless. If a question is good then it can be asked by someone with no special qualifications who has 20 seconds to ask.
  2. An introduction that shows that it’s not a question. Anything starting with a statement like “I just want to say” isn’t a question and has no place in a conference lecture hall. After a lecture the speaker will usually hang around and talk to delegates, anyone can make comments then or send email later. In this case it’s not just that statements are inappropriate for “question time” it’s that people who think that they are so important that their statement is more important than genuine questions probably aren’t going to have anything useful to say.
  3. A second question. Anyone who has more than one question wants a conversation – they can do that privately after question time. Again it’s people with an over-inflated opinion of their own importance who do this.
  4. A statement of “fact” that they want the speaker to address. Questions should mostly concern facts referenced by the speaker. “Facts” that are cited by the audience are often the sort of thing that can be easily disproved by Snopes or Wikipedia – but not in the amount of time available during a lecture. While it is possible to ask useful questions regarding facts that weren’t presented in the lecture my observation is that most such questions are worthless and the “facts” are false.

I think that for a serious lecture the MC should cut off such questions when they start. Once enough has been said to make it obvious that the question falls into one of the above categories I believe that the correct thing to do is to say “that’s probably a good thing to discuss after the lecture”, and then move on to the next question.

Please note that the above list isn’t comprehensive. Let me know if you have suggestions for any I missed.

ASD Self-Diagnosis Tests

Here are some online psychological tests that can be used as part of an Autism Spectrum Disorder (ASD) self-diagnosis.

Simon Baron-Cohen is well known for his research into Autism, some of it is quite controversial (particularly the “Extreme Male Brain” theory which is widely rejected in the Autism community). There are some interesting tests based on his work though, has some online tests for Systemising Quotient, Empathy Quotient, Autism Spectrum Quotient, and the Mind in the Eyes test [1]. has an online Aspie Quiz that allows you to create an account and track your results over time [2].

There is an online Alexithymia test, note that the site has no other useful content other than the test [3]. It would be useful if someone would create a better site about Alexithymia. I’d be happy to provide hosting for a forum if someone would do the moderation.

Some Suggestions for Parents of Aspies

I’ve had a couple of parents ask me for advice about children with Asperger Syndrome (AS), in one case a child who was formally diagnosed and in another case a child who is suspected of being an Aspie but who hasn’t been assessed. I don’t claim to be an expert on these things, but based on my own experiences growing up and what I’ve read from others I can at least provide some pointers for further research.

One thing to note is that it’s worth seeking advice from people who are on the Autism Spectrum as well as Neuro-Typical (NT) people in regard to these issues. You should also keep in mind the fact that the experiences of people on the Spectrum vary a lot, in this post I try to represent some people on the Autism Spectrum who are quite different from me to give a broad overview of the issue. But you should read what others write too. There will be some kids on the Spectrum who are in some ways quite different to what I describe, there’s lots of ways to not be average.

Should Your Child be Assessed?

A common issue is whether a child should be assessed for an Autism Spectrum Disorder (ASD).

For a young child there is no reason not to have them assessed. It is expensive but any time a parent thinks that their child is an Aspie they are probably correct (most parents seem to live in denial if at all possible). In most first-world countries a diagnosis of an Autism Spectrum Disorder in a child will result in a moderate amount of government funding so the expense will be repaid. The staff of any medical center can usually provide advice on where to look for information about government funding.

Some parents refuse to have their children assessed because they “don’t want their child to be labelled”. If the child in question attends school the other children will notice that they are different and label them, so this really isn’t an issue.

For a child who is old enough to make their own decisions it’s a really good idea to consult the child first. Doing a covert assessment and then springing the result on them can be taken really badly. There is an Aspie tendency to not appreciate surprises, and “that person you spoke to was a psychologist who diagnosed you with AS” is the type of surprise that can be taken badly. Of course the down-side to giving your child a choice is that they may not choose what you want – it’s something you have to deal with.

Note that the child doesn’t need to be old enough to make decisions that are necessarily good before they need to be consulted. While an 11yo may make grossly ill-informed decisions they will make decisions that they care about and remember it for a long time if you ignore their wishes. Even if you aren’t going to give your child a choice you should at least inform them in general terms of what is happening if they are old enough to understand.

I’ve seen suggestions that informing a child who was diagnosed when very young should be handled in the same way as informing a child that they were adopted. Tell them when they are very young and fill in more details as they get older.

When a child is diagnosed they should be informed. It’s best to inform them of the diagnosis as soon as possible, obviously young children won’t understand it properly but they should have the amount of information that they can handle. I’ve seen this compared to informing adopted children, if you tell them when they are very young and provide more details as they grow up they will never have a shocking realisation. If a child isn’t informed then they will just wonder why the other kids are always mean to them for no apparent reason.

Benefits of Assessment

When a child has been formally diagnosed there may be government funding available to the school (sometimes to the extent of hiring an extra teacher) and the school can arrange a formal support plan. If the management of the school are not willing to arrange such a support plan (which is often a legal requirement – but they may not want to obey the law) then it’s best to find another school.

An assessment for a child should include a document of the details of their case. Any school that has a decent special needs program will need a copy of that to know exactly the issues that they are dealing with, if they just want to know the diagnosis as a one word summary then they aren’t running their special needs program properly. But for an adult a one-word diagnosis is acceptable as adults will generally already know what issues they face.

In some countries the parents of an Aspie child can apply for social security payments.

If the child happens to need to see a psychologist for reasons that aren’t directly related to an ASD then they need to be diagnosed first. The strategies that psychologists use with NTs tend not to work well with Aspies. As the issues related to an ASD can give an increased risk of depression and other psychological problems this is something that’s worth keeping in mind.

Finally it’s good if parents and children can understand each other, and getting everyone diagnosed is an important part of that.

Can it be Cured?

ASDs are the result in differences in brain development and can’t be cured as such. People who are on the Spectrum learn strategies for coping and the environment can be configured to make things easier for them. Trying to cure something that is incurable is not a good strategy, at best it will take resources away from more useful things. There are many reports of parents spending tens of thousands of dollars on quack treatments that do no good.

There has been a lot of medical research into the issue of whether ASDs are caused by vaccines, it all shows that there is no link to vaccination. Anyone who claims otherwise is a liar or a quack and should not be believed.

Chelation doesn’t do any good for anyone unless they are suffering from heavy metal poisoning, the symptoms of which are nothing like an ASD. Any organisation that has anything to do with chelation should be avoided as they will just hurt children.

There are ways of alleviating some of the symptoms, some of the supposed cures (such as certain diets) merely avoid triggers and allow children to emulate NTs more effectively. If you find a diet that makes things better don’t think that you have cured anything.

Emulating an NT

Pretending to be like other people is a useful skill. Children need to be taught how to act like other people when in public places, but they should be allowed (even encouraged) to act in a way that is normal for them when at home. Trying to emulate someone who is Neuro-Typical (an NT) all the time is exhausting and results in a decreased ability to do most of the things that one might want to do.

Don’t try to force Aspie kids to socialise excessively, it’s not going to be fun for them and it’s not going to do any good. Team sports such as cricket and football are probably a bad idea. Golf and other individual sports are better options.

Is it bad to be on the Spectrum?

So far I haven’t found a single report of someone who unconditionally claimed that an ASD made their life suck, although many people report that they have big problems from some of the sensory issues.

It seems that an ASD only makes someone unhappy if they are mistreated by other people because of it.

Sensory Issues

One common factor with AS is Sensory Processing Disorder (SPD), the site [1] has a lot of good information on it.

In most cases these are issues of degree, some things which irritate Neuro-Typical people (NTs) a little bit can irritate an Aspie a lot. But some are severe and require totally avoiding certain things, one example I’ve heard of is Aspies who can’t stand the feel of woolen clothing.

Discovering these things can be difficult as no-one really knows what other people experience. For example I don’t know how much my experience of strong sunlight differs from that of other people, but the fact that I like to stay inside on sunny days while most people don’t suggests that my experience is significantly different from that of others.

When an adult is diagnosed with AS they can usually determine what their sensory issues are by just thinking about what they have been avoiding for decades. Given enough time you can work out what things irritate you and avoid them (sometimes subconsciously). For a child you want a fast result.

For younger children there are companies that specialise in soft clothes which can deal with clothing comfort issues.

Noise cancelling headphones [2] are good for some sound related issues, over-ear headphones are good for people who don’t like things touching their ears and nowadays headphones are better than ear-muffs due to the recent development of wireless headphones and headphones with built-in MP3 players so they don’t seem so unusual. High fidelity ear-plugs [3] and custom made musicians earplugs [4] are two options for anyone who doesn’t have a problem with things being stuck in their ears.

Sunglasses (or prescription glasses with “transition” lenses that go dark in sunlight) can be used to deal with light sensitivity. There is also Scotopic Sensitivity Syndrome (SSS) also known as Irlen Syndrome and Visual Stress Syndrome in which certain colors cause problems and glasses with colored lenses alleviate the problem. Dealing with SSS can alleviate other problems that might seem to be unrelated (such as difficulty in recognising faces).

It’s probably best to try a range of measures and continue with the ones that seem to give a good result. The strategies that are used to determine minor food allergies can be used for minor sensory issues in terms of eliminating a lot of possible things and then reintroducing things one at a time to see what gives a bad result.

One thing to keep in mind is that minor sensory issues don’t cause an immediate obvious problem. They can over the course of hours cause someone to be more likely to become angry or unhappy than usual so some strategic planning is required to avoid problems. Adults can manage these things for themselves, young children need to be managed by their parents.

Selective Mutism

Selective Mutism is the condition of being unable to speak in certain situations. Some forms of it are reasonably common among people on the Autism Spectrum. Mild forms may not be apparent as people tend to avoid situations that trigger such problems.

Face Blindness

There seems to be a correlation between Face Blindness (Prosopagnosia) and ASDs. Face blind children can’t be sent to a regular school, the typical experience for such children is to have the other children take turns hitting them.


Many Aspies have issues with food, one common issue is with food that is messy, for example dishes such as Paella are very unappealing to me. Japanese food is always very appealing to me, I like the way that the different items are separated and the consideration that is given to aesthetic appeal of the food. Also the Bento style of presentation where every type of food has it’s own compartment is appealing. If you serve food that is visually unappealing to an Aspie child then you will have trouble convincing them to eat it and you may convince them to avoid all variations of the food item in question – so make sure that healthy food looks good!

Food that tasted good today will probably taste good tomorrow, and every day for the next year. There’s no real reason not to eat the same food every day (as long as you get the necessary vitamins and proteins). There is a tendency among Aspies to not vary their diet much. So if an Aspie child is in the habit of eating relatively healthy food you really don’t want to break that habit, EG if the habitual meal is peanut butter sandwiches then offering a peanut butter and honey sandwich would be a really bad idea.

Finally sensory differences can have a significant impact on what food is edible, if an Aspie doesn’t like eating Broccoli it might be because they just don’t like it or it might be that Broccoli so horrible that thinking about it makes them nauseous. In the latter case it would be bad to force them to eat it. There are lots of web sites with information on the nutrition content of various foods, so finding acceptable foods that provide all essential amino acids and vitamins shouldn’t be difficult.

Note that minor food allergies can cause stress without showing any obvious symptoms. So a test for food allergies is a really good idea. Food allergies don’t cause Autism, but avoiding bad foods can make it easier to emulate an NT.


Lisa wrote a long article about stimming that is worth reading if you want to learn a lot [5].

But in summary stimming is performing some repetitive action (such as chewing a pen, spinning a coin, or twirling hair) to help manage stress or excessive excitement. Bouncing and spinning are well known stims even though most stimming is less noticeable. Redirecting stimming to actions that are more socially acceptable is OK, but note that it can be extremely difficult or even impossible for someone else to suggest a suitable replacement stim – which is a problem when dealing with kids who are too young to work it out for themselves.

Trying to prevent an Aspie kid from stimming is a really bad idea, that will just result in them being more stressed and therefore more difficulties for everyone else. It’s a good idea to encourage children to stim when they appear to need it or when they have been under stress. Note that things that are fun can be stressful, so don’t assume that allowing a child to do something they enjoy will be a good way of relaxing.

Touching People

It seems that most children have issues with being touched by adults, I’ve heard a few comedians make jokes about being forced to kiss aunties at Christmas and the jokes seem to resonate with the majority of the audience who aren’t on the Autism Spectrum. Aspie kids have more issues with this than NT kids, not only is being touched unwelcome but there are problems with perfume and make-up that can rub off. One of my mother’s friends used to wear plenty of make-up and perfume, I can still remember the happy day when I was tall enough that she couldn’t kiss me unless I bent down – so I stood up straight and avoided getting any make-up and perfume on my cheek.

I suggest advising relatives not to initiate any physical contact with Aspie kids, or if they do initiate it make it optional (EG ask “would you like to shake hands”). It must really suck for Aspie girls having almost 100% of their adult relatives wanting to hug or kiss them – 50% was bad enough in my experience.


Pet cats seem to be quite popular among people on the Spectrum, you can pat a cat when you feel like it and just leave it alone when you don’t want the interaction. Other pets can also work well too.

A recent trend is towards prescribing Assistance Dogs for kids on the Spectrum, Assistance Dogs International [9] has a lot of general information about such working dogs. It’s illegal in Australia to deny entrance to an Assistance Dog but a lot of companies still have written regulations and staff training procedures that specify limited uses for such animals (such as specifically only allowing guide dogs for the blind). They will change such policies if asked.

Home Schooling

Reports of ASD kids being happy at school are few and far between. The vast majority of reports are bad. The special schools for ASD kids that have military-style discipline sound really bad.

Seriously consider home schooling.


Some degree of alexithymia is usually associated with AS. Because of this asking questions like “how do you feel?” will generally get a bad result. In some cases you can substitute questions for a better result, such as asking “do you want to do that again?” instead of “did you enjoy that?“.

It seems that parents are generally advised to tell their children that they love them, that may be good advice regarding an NT child. For an Aspie child that can be a really creepy experience, don’t do it. If you want to show your child how much you love them then make them a jam sandwich!

You will often see references to Aspies lacking Empathy, but they don’t lack Sympathy – I’ve linked to the Wikipedia definitions of the two words. Basically in this context “empathy” means using non-verbal signals to determine someone’s emotional state while “sympathy” means caring about what other people feel. It’s widely regarded that Aspies can be taught to recognise other people’s emotions, but a common experience is to be good (or even significantly better than average) at recognising the emotions of people but be unable to process the data.

Many people on the Spectrum report Affective Flattening (sometimes referred to as “Blank Affect”). This means giving minimal signs of their emotional state. So don’t assume that someone really is calm when they appear to be.


SPD can cause people to act in ways that don’t conform to the most strict gender norms. The most obvious examples are boys who have long hair because short hair feels bad and girls who have really short hair because long hair feels bad. There are lots of other examples such as boys who have a great aversion to dirt and girls who can’t wear cosmetics.

The gender norms are so strict that anyone who generally acts differently to other people is likely to do something that can be interpreted as being outside the range of accepted behavior for their gender.

If your child doesn’t conform well to gender norms you should consider whether it’s a sensory issue and also whether it’s an issue of just failing to emulate an NT well enough. You should also consider whether your ideas of gender norms are reasonable.

Of course there are Transgender and Genderqueer Aspies. If you suspect that your child really doesn’t fit the gender norms then it’s best not to question them about it, alexithymia makes any such conversations unpleasant and creepy.


It seems to be a common belief that parents should talk to their children about sex etc. I think that most Aspie kids would find that extremely creepy. The best thing to do is to just provide them with some books covering the relevant topics. Everything that they might need to know about sex is in a book somewhere.

It’s widely regarded that about 1/3 of the people on the Autism Spectrum are Asexual. Also it seems reasonably common for people on the Spectrum to be psychologically ready for a relationship at a later age than NTs. So if your child doesn’t have a straight relationship when you think they should then don’t assume that they are gay or bisexual and don’t try to force them to have a relationship on your schedule.

Alexithymia makes applying labels more difficult. So don’t focus on whether your child’s close friend is actually a girlfriend or boyfriend and whether that makes them straight, gay, or bisexual. Focus on whether they are with someone who makes them happy and inspires them to do good things.

Because Aspies tend to be literal a statement like “it’s OK to be gay” may be interpreted as “it’s not OK to be anything other than straight or gay“. So it’s best to be aware of the other possibilities, the LGBT Wikipedia page is a good place to start learning about such things.

Executive Function

It seems that ASDs are almost always associated with some degree of executive function disorder. Among other things this makes it difficult to plan things, get things done on time, and avoid playing computer games for an entire day. A written schedule with numbered points can help with this.

Aspies can be diagnosed with ADD or ADHD because of this which among other things can be used to preclude a later AS diagnosis (due to AS only applying to people who have not been diagnosed with anything else). Ritalin has been reported to help some Aspies, and caffeine works for me.

Aspies Need Space

Socialising requires more effort for people on the Spectrum, it’s draining and it’s not something that can be done all the time. You should expect that a typical school day will push an Aspie kid to their limit. When they get home they often won’t want to talk to their parents or anyone else, they will want to read a book, watch TV, or play computer games. Plan to allow them a certain amount of time to unwind after something like school. After school some young Aspie kids want to tell their parents about all the things they thought about during the school day, so there is quite a range of ways of unwinding after socially stressful events – but some way of relaxing and recovering is necessary.

There are reports of Aspies who really hated family holidays. Having their routine broken and being forced to spend a lot more time with their family than usual can be stressful. For a child in their late teenage years it’s a good option to allow them to stay home alone while the rest of the family goes on holiday. A week or two of minimal involvement with other people can be really relaxing and help them prepare for the next semester of school. Aspie kids tend not to have wild parties while their parents are away. :-#

Should the Parents be Assessed?

In most cases ASDs are genetic and inherited from a parent (there is research suggesting that in some cases it’s due to a de novo mutation but they comprise a small minority). Also it seems very rare to have asymptomatic carriers of ASD genes. So it’s best to assume until proven otherwise that at least one parent of an Aspie child is an Aspie.

An Aspie who gets diagnosed is probably going to do a much better job of parenting than one who is in denial, so I believe that geeky parents of Aspie kids really should get assessed.

I put this suggestion at the end because I know that some people will stop reading here.


Lisa wrote an informative post “Ten Things Everyone Should Know About Autism” that is worth reading [6].

Forums such as Aspies For Freedom [7] are good sources of information.

I have an Amazon astore with links to some books related to ASDs [8].

I appreciate suggestions for this document, but please note that I don’t want to write a book. I aim to provide a list of suggestions that allows parents to do a Google search or ask on forums for more information. If you have a suggestion for a significant addition to this then please write it up in a blog post and send me the URL.


Memlockd is a daemon that locks files into memory. Then if a machine starts paging heavily the chance of being able to login successfully is significantly increased. The default configuration will lock all the files needed for login to a Debian GNU/Linux system via the console or via ssh.