Tag: Leonard Cohen

Sisters of Mercy

Yes, you who must leave everything that you cannot control
It begins with your family, but soon it comes around to your soul
Well, I’ve been where you’re hanging, I think I can see how you’re pinned
When you’re not feeling holy, your loneliness says that you’ve sinned


It might be Friday but because I’ve taken the day off work, it feels a bit more like a Saturday. For some reason I’ve taken to having very vivid dreams which are waking me early in the morning; like all dreams they fade quickly but there’s a faint feeling of unease that doesn’t pass easily.

Spent the day doing various jobs around the house that have been outstanding a little longer than they should have and trying not to be too grumpy at the kids, which I mostly succeeded at.


Urgh. The dreams aren’t going away. This time I’m woken by the terror of running away from an explosion in some kind of office block, which I’d set up myself through some kind of sabotage.

If it hadn’t before, the weather has properly turned now. Had a day at home with the kids; we went out for a walk in the morning while J did her usual Zumba class. The rain mostly held off except for a few spots halfway around our route, though not long after we got home it started raining properly. The miserable weather made for a movie afternoon – Sleeper Jr.’s pick was The Sword In The Stone on Disney+; the kids are getting decent mileage out of the subscription at least, and it reminded me that I never seem to get around to reading The Once and Future King. Will maybe order it on Kindle soon. Finished up the day making what was supposed to be a ragu, served with much more expensive fusilli than I’d usually buy. To my surprise the pasta tasted much better, probably due to the much tighter spiral foundation giving it a more interesting texture. Maybe I won’t buy the cheapest supermarket-brand pasta in future; we’ll see.

The kids were in bed fairly early even given the weekly Doctor Who viewing; there was plenty of time for a movie; we’re pretty Marvel-ed out so settled on Contact, which I hadn’t seen in about twenty years. It still held up, though Rob Lowe looked alarmingly young even compared to his West Wing days.


Woke early and got up to breakfast before heading out on the bike, choosing a new route this time – up through Mitcham to Tooting, then Wandsworth, Putney, past Richmond Park to Kingston, a trip to the Hampton Court Palace main gate, then back the same way to Kingston followed by Norbiton, Worcester Park and Cheam. A decent ride of , and the weather held out for me.

I fried onions for hot dogs for lunch while J was out on a run, and then lounged about the house for much of the afternoon, getting little done apart from cooking roast lamb with new potatoes and honey-glazed carrots.

Finished up the evening pottering around and attempting to half-heartedly play LA Noire while J caught up with friends on Zoom; I didn’t really have the mental energy though and gave up after two interrogations and a car chase. Aimed for an early night but something stopped me from getting to sleep until nearly the normal time. Oh well.


Yet another weird dream; that one passed quickly from memory leaving me to get up and face sitting down to work, which I wasn’t looking forward to having enjoyed my days off. Today was an extremely meeting heavy day, even worse than usual and I didn’t really feel like I’d had much time to just stop and think.

Eventually finished work, then cooked a stir fry for dinner before going out on a ride with Sleeper Jr. Over an hour and a seven mile ride later, partly offroad, we packed him off to bed and chilled out.

I Can’t Forget

I stumbled out of bed,
I got ready for the struggle.
I smoked a cigarette
And I tightened up my gut.
I said this can’t be me-
Must be my double.

And I can’t forget, I can’t forget.
I can’t forget, but I don’t remember what.


Last week, I was waiting for a day when nothing went right, seems like I didn’t have to hang around for too long. Woke about 7am from a full night’s sleep feeling groggy. I don’t remember any nightmares this time, but definitely didn’t feel rested. Made my first mistake of the day waking Sleeper Jr. – having let him stay up late, he really wasn’t ready to get up and I should have left him be rather than ask him to come and get breakfast. As a result he was needy and upset for most of the morning.

Second mistake was, while frustrated at someone who wouldn’t let me get a word in edgeways in a conference call about something I’d delivered, raising my voice to the point of almost shouting to try to get my point across. Sincere apologies were forthcoming immediately, both to the subject of my frustration and my boss for making the rest of the team look bad, but it put my own mood into an intense downer for the rest of the day, being incredibly angry with myself.

I didn’t calm down over lunch; J suggested I go for a walk to clear my head, so I stomped around the neighbourhood for a half hour. Not sure it helped all that much if I’m honest, other than reminding me that my winter jacket is way too warm for the weather now. Also unhelpful for my mood was the rumour finding its way back to me that I’d been involved in a full-on, three way, shouting match. Nope.

Having prepared for a bunch of calls over the afternoon, it turned out that I can’t even read a calendar properly and the vast majority were tomorrow, which I only realised after pinging the organiser of one of them. Argh. Eventually stopped work about 5:30 after discussing the plan of attack for tonight’s go-live and getting some minor auditability improvements done to a bunch of our infrastructure stacks, my brain feeling like it was melting. Watched the daily government briefing and correctly surmised that the prime minister was a lot more ill than anyone was willing to say out loud.

Spent most of the evening yawning, so headed to bed early hoping for some decent rest, but didn’t manage to sleep until much later. Early start in the morning, supporting the go-live process that others were going to start at midnight.


In some ways a better day, in others, not so much. Got up at 6:45, at my desk for 7 to take over from my boss who’d been working the midnight to 7 shift for the big rollout. Joined the war room call, and sat and kept an eye on various metrics and logs. Breakfast was at my desk, though shortly afterwards I dropped from the call leaving one of my team to field any questions, with instruction to grab me if anything needed my attention. Which it did at 11:50, just as I was about to take lunch. Ninety minutes later, I’d missed lunch with the family, eating it at my desk, and conclusively proved this was a problem somewhere outside of our control.

Eventually stopped working at about 5, after nearly 10 hours of sitting in the same place, set my out of office and shut off the laptop. I might mot be allowed to go anywhere but I’m still going to take my booked time off. I want to spend a few days not caring about work. Had a pleasant dinner and got the kids into bed remarkably early, giving me plenty of time to talk to J before a FaceTime beers session into the evening. We finished, not so many beers down as last time, and not quite so late as last time, but still plenty late enough. I’m ready for a rest.

Light as the Breeze

So I knelt there at the delta,
At the alpha and the omega,
At the cradle of the river and the seas.
And like a blessing come from heaven
For something like a second
I was healed and my heart was at ease


Still haven’t got the hang of this sleeping in late thing. Up early, working a little before the kids disturbed me too much. So much for my meeting-light Fridays; I sit down at the kitchen table with them at about 9am and didn’t have a chance to take my headset off until gone 12, by which time one child was getting frustrated with his home learning, stuck trying to work out how to get his chromebook to do what he wants, and the other had long since run out of colouring.

The state of the house is getting to me; it’s a tip. I’ve resolved to try to give it a good tidy this weekend but we’ll see how well that works out. For the afternoon I attempt last-minute bug fixes for the big switch over at the weekend, not helped by vagueness of bug reports and complaints that something doesn’t work being greeted with silence when I ask for more details. Eventually we get the green light, and on Sunday night our hard work will be live. I’ll have to be online at 7am to take the second shift of handling any fallout, but that’s a small thing. This is a project that 6 weeks ago, when I joined, was predicted to fail and fail hard. Had a brief interlude for a “pub quiz” with colleagues around 4pm; was a bit of fun, and manage to get dinner on the table for a reasonable time. Kids in bed, had plenty of time to kick back and watch the finale of Star Trek: Picard and drink beer. My supplies are running low. The Kölsch in the fermenter will need a bit of lagering time before it’s ready to drink. Hopefully my monthly Northern Monk delivery will be here soon; even with that I might have to start drinking beer from the supermarket soon. Bah.


Awoke only slightly less early, after a restless night. I was expecting after the staying-up-late-to-make-beer shenanigans that I might get a better night’s rest; no such luck. Ocado order arrives with a bunch of substitutions, one of which I have to send back as it’s unsuitable due to ingredients. The most annoying part was the substitution of things for smaller sizes; can’t make dinner for four with only ingredients for two. On the other hand, it’s not a massive problem. Next week I’ll have to actually go out grocery shopping, our next delivery isn’t until two weeks’ time (and we only got that due to having priority over non-Smart Pass customers).

Went out for a bike ride. The roads were mostly quiet, and I didn’t see anyone taking liberties with the speed limit like I’ve heard of happening. Most people seemed to be being sensible and following the guidance, apart from one group of six adults who obviously weren’t all from the same household and had taken it upon themselves to go for a meander in a tight-knit group. Top idiot-of-the-day points, however, go to the runner who got way too close while I was going through a staggered gate on the Wandle Trail and yelled at me to get out of his way.

“Dad, when can we have picnic in the park?” Social distancing rules mean we can’t, so we had a picnic in the garden. If was cold, but also fun. Nice to have these little moments of not a care in the world. Had flashbacks to eating sandwiches under a tree in the pouring rain outside York Castle Museum last year, that had the same “We’re going to have fun regardless” vibe.

Took the kids out for a short walk around the block later in the afternoon, to count rainbows in the windows. Technically that’s twice for exercise in one day but walking (or indeed, cycling) with them isn’t exercise for me, and they needed to get out of the house if only for ten minutes, plus I hadn’t managed to get out at all since Sunday. Fisherman’s pie for dinner, then got them ready for bed at some semblance of a sensible hour. Had our usual family episode of Doctor Who – this week it was Vincent and The Doctor, in which an invisible threat is killing people. Sounded a little familiar.

Kids in bed, I collapsed on the sofa in front of Altered Carbon. Hopefully we’ll get more tidying done tomorrow.

The Future

Give me back my broken night,
My mirrored room, my secret life.
It’s lonely here, there’s no one left to torture.
Give me absolute control over every living soul
And lie beside me, baby – that’s an order!

This is an unashamedly technical post. I’ve been playing with internet filtering for a few days and thought that it might be useful to others. If you’re not interested in deep-level home network and server configuration, you probably don’t want to read this; I’ve mostly written this down so I don’t forget it.

The UK government have recently started to pressure ISPs to filter their content by default, so that little Johnny might not see any naked ladies and be upset by it, or somesuch. Of course the filters that have been installed are laughably easy to get around at best (SSL, proxies, VPN, etc, etc). No doubt there will come a time when I’d like to restrict the internet access given to certain members of my own family. I thought I’d have a go at seeing how easy it might be to do. And it turns out it’s really not all that difficult.

I’m using a Linksys E4200 router running Toastman’s custom firmware, including the VLAN support, along with a home server running a Linux installation (currently KnoppMyth, but if I were doing this again it’d be either CentOS or an Ubuntu LSB release).

I want to maintain an unfiltered connection for the grown-ups in the house, too. So the first thing to do is to create a separate network allocation, under the Basic / Network section of the router: is the unfiltered area; is for filtered / guest traffic only.

We then need to associate this new network (br1) with a new VLAN (VLAN1) under the Advanced settings page:

Once this is done, we can add a new virtual network (with a new SSID) for the filtered network, on wl0.1 and wl1.1 (ie, both B and G wireless):

Make sure to go into the network settings for the existing SSID and set the broadcast flag to be off. This will prevent the network showing up when anyone searches for open networks. There’s one last thing to do, which is to allow the hosts on the filtered network to reach the proxy, under Advanced / LAN access:

Now, install Squid and Dansguardian on the server. There should be some OS packages available in your usual repositories. We want to look at what’s inside the SSL connections too so we’ll need to generate an SSL certificate for squid to present:

Generate key:

openssl genrsa -des3 -out server.key 1024 
openssl req -new -key server.key  -out server.csr 
openssl rsa -in server.key -out server.key # strip passphrase from key 
openssl x509 -req -days 3650 -in server.csr -sign server.key -out server.crt 
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Leave the CN for the certificate blank. Fill in the rest of the details with whatever seems reasonable.

We need to configure squid (in /etc/squid/squid.conf) to listen on both HTTP and HTTPS ports, and to use the certificate we just generated as its SSL certificate, so add two lines:

http_port 3129
https_port 3130 cert=/etc/squid/dentrassi.crt key=/etc/squid/dentrassi.key accel

The https_port runs in “accel” mode because we want squid to behave as if it is these websites, with the exception that it can’t talk QUIC and SPDY (experimental protocols used by Facebook and Google among others), so we remove any references to switching protocols. So we need to add an additional configuration line too:

# Remove QUIC / SPDY header:
reply_header_access Alternate-Protocol deny all

I also don’t want details of my internal network to leak out. So I delete the X-Forwarded-For header:

forwarded_for delete

Configuring Dansguardian to talk to squid is straightforward enough:

# the port that DansGuardian listens to.  
filterport = 3128 
# the ip of the proxy (default is the loopback - i.e. this server)  
proxyip = 
# the port DansGuardian connects to proxy on  
proxyport = 3129

I have left configuration of Dansguardian, Squidguard, ClamAV, etc. is left as an exercise for the reader. Everyone’s requirements are different.

Finally, we need to redirect traffic coming out of the untrusted network. Back on the router, go to Administration / Scripts / Firewall. Add the following lines:

iptables -t nat -A PREROUTING -s -p tcp --dport 80 -j DNAT --to
iptables -t nat -A PREROUTING -s -p tcp --dport 443 -j DNAT --to
iptables -t nat -A PREROUTING -s  -p udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -s  -p tcp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -s  -j DROP

All outbound HTTP and HTTPS connections are redirected to the proxy. DNS connections are allowed so that lookups succeed. Anything at all else coming from the untrusted network is dropped. Of course, for HTTPS connections a certificate error will be displayed. That’s OK; for any computers I control I can add the certificate to the trust store. For others, it’s probably a good thing anyway.

Things to do: There’s a vector of attack here along DNS, which is the only outbound connection I’m allowing. I’ll probably spin up a DNS server that gives the same response for all queries. So long as the response is outside, the request will get bounced to the proxy anyway. Then there’s adding IPv6 support too.


Tower of Song

Now you can say that I’ve grown bitter but of this you may be sure:
The rich have got their channels in the bedrooms of the poor.
And there’s a mighty judgment coming, but I may be wrong.
You see, you hear these funny voices in the Tower of Song.

In my last entry I hinted that I’d be making a complaint about Sleeper Jr.’s treatment in the first few days of his life. To sum things up, Mrs. Sleeper had immense difficulties in breastfeeding our son and as a result was kept cooped up in a hospital bed for five days after his birth, in a ward that had half as many beds again as it had any right to contain. It was excessively cramped and we found the hospital staff to be extremely unhelpful in the main. If I’d known at the time that a self-discharge was an option without getting social services involved, I’d have suggested it.

Anyway, they’ve finally replied to my extensive letter of complaint. In some parts there seems to be an immense difference between what we remember and what the nursing staff claim; however at this point it’s our word against theirs and as a result I can’t be bothered to argue as nothing good will come of it. In some parts they’ve acknowledged that the treatment was less than stellar which is at least something.

One point I am going to argue though. It’s well known that hospital car parks are priced extortionately. Because Mrs. Sleeper and Sleeper Jr. were in hospital for five days, whenever I could I walked or took public transport to the hospital. Except on the Jubilee Monday and Tuesday, because the hospital makes no charge for parking on Bank Holidays. I was charged £12 on the Tuesday, and wasn’t too happy about that so I asked why this was the case. While I can afford the cash, I’m sure that for plenty of other people it’s a lot of money.

The answer? “Tuesday 5th June wasn’t a bank holiday”. Hah. I’ve replied asking them how they were able to rescind the Royal Proclamation of said bank holiday. I wonder how they’ll respond.

Waiting for the Miracle

Baby, I’ve been waiting,
I’ve been waiting night and day.
I didn’t see the time,
I waited half my life away.
There were lots of invitations –
I know you sent me some,
but I was waiting for the miracle,
for the miracle to come.

It’s Thursday morning. A couple of days ago I phoned the solicitor, to mke sure that everything was in place ready for completion, which happens today. Apparently the keys will be released around lunchtime. I’ve got up and I’ve got nothing to do – won’t be going back to work for a week while we move house. The clock ticks on ever more slowly and eventually at quarter to two, I get a phone call from the estate agent telling me I can pick the keys up, followed shortly after by one from the solicitor telling me the same.

Half an hour’s drive later, and after a quick stop-off to get the keys, and we’re there. And it’s mostly as I remembered everything. Without any furniture in it some of the decor looks a little… underwhelming, and whoever wallpapered several of the rooms really has no idea how to line up wallpaper properly (there’s anything up to a half inch overlap!). There’s a certain sadness about empty houses, and this one’s no different, just echoes of the former occupants. Soon, though, the building will be full of our stuff and it’ll feel like home.

So, having taken some measurements for curtains, etc, pictures taken of the place it’s time to leave it alone for now. Plans for redecoration, renovation of the kitchen and the bathroom and so on can wait – initially there’ll be a couple of licks of paint, maybe, while we decide on the rest of the decor.

For now we’ve had trips to buy a fridge and a washing machine and are now trying to decide on curtains.

Pictures of the place, for the interminably curious, are at http://gallery.sleepawaytheafternoon.org.uk/index.php/Moving/New-House


I can’t run no more with that lawless crowd
While the killers in high places say their prayers out loud.
But they’ve summoned, they’ve summoned up a thundercloud
And they’re going to hear from me.

It seems that buying a house is in some respects like a war – long periods of boredom punctuated by moments of sheer terror. We’re in one such period of boredom right now, waiting for someone further up the chain to sort themselves out. In the meantime, plenty of mind space to start thinking of other things.

And the thing that I’ve been mostly thinking about, quite unexpectedly, is a prequel to The Logic Bomb. In that story, I covered the history of one man and the devices he worked with, which inadvertently brought down the economy. This time I’m going to be concentrating more on the actions of the Prime Minister who left office in scandal and brought with him the need for certain safeguards, implemented in TLB.

I’m going for as little of the fantastic as possible. It’ll be an interesting project and I hope I can pull it off.