Operation: Red Flag

President-elect Trump has started naming his potential appointees and, if you’re a thinking man with a half a brain, they’re terrifying.  It’s like a clown car opened up behind the White House and he’s just taking them in the order they’re getting out.  The one that this missive touches on is his CIA appointee who has stated that using encryption “may itself be a red flag.”  Seriously, Mr. Pompeo?  Or, using encryption is because those of us using it prefer to keep the government out of our business as our founding fathers intended and not this Orwellian ridiculousness we’re being asked to pretend is the new normal.  Hell no.  Using encryption doesn’t make me a terrorist any more than buying Sudaphed makes me a criminal drug user.

 Clipart - Waving Red Flag

So, without further ado, may I present my plan.  Well, less of a plan and more of an idea that I hope takes off because….well…screw Mr. Pompeo. 

red flagRed Flags | Baer Law Firm

Basic Network Connection


Basically, if you’re running internet from Time Warner, Comcast or any of the large providers, you’re compromised.  Sorry – it’s just how it is.  Thankfully, there are things you can do about this.  There are VPNs, proxies and other variations on that theme.  I’ve used a LOT of these and I have some recommendations.

First and foremost VPNs.  VPN stands for Virtual Private Network and the simplest explanation is you are logging to their network and using their network to navigate the web and it sends the data back to you.  The theory, there, is that the only IP address visible is the one assigned when you log into the VPN – your own network IP address is not exposed.  So, think of it as a tunnel under a lake.  The only thing the world knows about it the opening from the other side of the lake from where you entered the tunnel.  So, there is some debate as to which are better and if there are any good free ones. 

I currently have four installed on my system that I use.  Each has its own set of pros and cons.

SecurityKISS

Let’s start with the one I use the least – SecurityKISS.  I’ve used it off and on for over a year and it’s pretty solid.  I get slightly reduced bandwidth speeds, but that’s to be expected.  The only real downside to this particular VPN is that it has a bandwidth usage limitation of 300MB, if I remember correctly, and that’s per day, I believe, and resets every 24 hours.  Now, it looks like they’ve simplified it since I started using and that’s not necessarily a bad thing.  It uses a client you can download and have pricing options that range from free to just under 90 euros a year. Of course, each price tier opens up more possible server connections as well as features. 

SoftEther / VPNGate

Another one that I use that is a little more complicated to set up is VPNGate / SoftEther VPN. The one thing I like about this is that once you get it set up, you load a list of potential servers and it displays the uptime, bandwidth and how many users are currently connected.

image

There are four ways to connect, each with their pros and cons and the VPNGate website has instructions to set up each method including one to use the OpenVPN client if you already have that in order to use other VPNs.  It’s also open source, so you won’t be restricted in your usage for using the “free” option, as they’re all free.

Windscribe

I started using Windscribe after I was doing research and really liked what I saw.  I liked it even more when I didn’t notice any discernable slowdown when using the VPN – even running a speedtest confirmed it.  Now, what’s interesting about this VPN is that there are ways, free ways, to increase your monthly usage cap. 

image

My current cap is at 15GB per month and, thus far, when I am going back and forth between VPNs, this has been more than enough.  There are two pricing options and they’re basically free and paying the yearly charge of ~$90 all at once or monthly.  I like the free option and was willing to do things like tweet a micro-testimonial to get an addition 5GB per month.

One of the interesting things to note is that not only can you use this on your Windows or MacOS system, but also your android device or even your router if it has been DD-WRT or Tomato flashed.

VPNBook

I’ve started using VPNBook a lot more, of late.  About the only things it disallows are pop connections and torrenting (except for, it would seem, the European servers).  It does pretty much everything else, is fast and pretty easy.

image As you see in the graphic, there, it supports a number of servers in a number of locations.  It tend to use the US1 and US2, though I’ll use the Canadian ones if I’m feeling frisky.  The only “inconvenience” is that the password to log into the VPN is provided by VPNBook on the web site.  I pinned the page in my browser, so it’s not too bad.  It’s pretty simple to set up and the instructions are clear and concise. VPNBook supports OpenVPN so is usable on Windows, MacOS, Linux, iPad and Android devices.  It also supports PPTP, but recommends the OpenVPN method.

TOR

“The Onion Router” or TOR can fall under “browser” as well, and that’s where I will discuss it more.  At this point, you just need to know that it is a distributed network designed to provide anonymity.  For the most part, it does, but my recommendation is to fire up a VPN and then load your TOR browser.

E-Mail


E-Mail is the most easily siphoned window into your personal lives.  There are some ways to mitigate this – webmail is, in theory one way, though it’s not any more or less secure than a standalone client if it’s not set up properly.  So – what do I use?  I’ve tried a ton of email clients over the years and the one I’ve settled on isn’t necessarily the one I’d recommend for end-to-end encrypted emails.

Confidant Mail

Confidant Mail might be a hard sell because it’s basically uprooting your existing emails (even though you keep your old email address) and putting them into a completely encrypted system. It’s not simplest to set up and seems to rely on you convincing everyone you communicate with to install and use Confidant Mail, as well.  Since it’s a standalone application it doesn’t run the same risks as do webmail or even standard pop/smtp-based email clients that employ message encryption.  It had a page dedicated to why it’s better than normal or even encrypted email.  It generates a public key via GPG when you set up the program, initially, and once that’s done you can upload the key to the servers so that people who are subsequently installing the program will be able to search for, find, and add you to their contact list.  I recommend checking it out, but something that I’ve had a bit of a problem over the 20 years I’ve tried using PGP is convincing my friends and family to also use PGP. 

Sigaint.org

Anything with “Making the three-letter agencies cry” in the tag-line is something worth looking into.  The only thing with Sigaint is that you really need to access it through your TOR browser. They have a clearnet address, as well, but it mainly serves to tell you to seek them out via TOR.  It’s a webmail client, so there are inherent risks, but they are quite open and honest, telling you not to trust them and to encrypt your emails.  Now, there is a “pro” option, as well, that for $32 for life, will allow you to use multiple protocols (pop3s, smtps, imaps), upgrade your email storage from 50MB to 1GB, full disk encryption, and a slew of other things to ensure your anonymity.  With the pro upgrade, you can also use an external email client – it says it’s been tested with Thunderbird, Claws and K9 Mail.  The free version is still very usable, though they recommend PGP-encrypting your emails before you send them, and I’ve had nary a hitch using it.  You basically get two email addresses – the clearnet version and the onion-specific version.  They both go to the same place, it just depends on the origin.  If you want no one to know who your are, this is the way to go.

ProtonMail

A fairly new service arrived earlier this year.  Basically, ProtonMail provides end-to-end encryption, a two-step authentication method (log into Proton Mail, then log into your mailbox), as well as the ability to send emails that will, in essence, self-destruct after a set amount of time.  It’s hosted in Switzerland and their servers never see plaintext anything – all the emails stored on the server are encrypted.  This has three cost/service plans where the free service provides you with a single address, a limit of 150 messages per day and 500MB storage.  The Plus tier is 48 euros per year and gives you a bit more while the Visionary tier gives you 20GB storage, 10 custom domains with 50 unique emails addresses and no limit on sending/receiving emails.  It’s 288 euros per year.  One interesting feature is that you can enable authentication logs which will tell you when your mailbox was accessed and from what IP address.  This is a solid choice and I’ve not had a problem with ProtonMail – and you can download the android app to access it from your phone or tablet, as well.

Trend Micro – Encrypted Email solution

I’m not sure what to do with this, since it’s more or less a service solution rather than a product solution, so you have several choices as to how it protects your email.  It looks decent enough, but also, to me, looks like there are several holes along the chain that could be problematic, but that’s just me worrying about anything that is not encrypted leaving your system and relying on something “out there” to do it for you.  It also looks geared towards small business, with a subscription system, so I’m not sure how useful it will be to an end user who wishes to employ it.  So, there you go – another option. 

Web Browsers


image

I have many browsers.  I want to try them all, see which ones work the best for my needs.  I will touch on them and let you decide for yourself if they will work for you, your privacy, your security.

Chrome

Yes, Chrome.  Mostly, this is because of the pile of extensions you can plug into it to give you whatever level of protection you wish.  I use the following plugins to great success:

    • AdBlock Plus (ad blocker…)
    • Anonymous Communication (secure chat client)
    • BitDefender Quickscan (real-time antivirus checking of web pages)
    • Block Site (offending site?  “Welcome to my kill filter, sucker.”)
    • Do Not Track (cuts down on sites abilities to track you)
    • DotVPN (VPN internal to the browser)
    • Ghostery (makes it easy to see who’s trying to track you)
    • Javascript Popup Blocker (popup blocker that handles most of the javascript-based ones)
    • NetCraft Extension (site information and phishing protection)
    • OneTab (not security, but bloody useful – collapses all tabs to a list on one page)
    • Performance Analyzer (measures the performance of web pages/sites)
    • Poper Blocker (my favorite popup blocker)
    • Request Maker (Log, edit and send HTTP requests)
    • Rubber Glove (removes common browser tracking ‘fingerprints.’)

Now, these come at the expense of performance, occasionally, and RAM usage, most of the time, but I haven’t been hit by any drive-by malware for a LONG time.  When used with a VPN (one of the ones listed above or just the DotVPN), it offers reasonable protection from snooping.

FireFox

After I spent a large amount of time getting the beta of FireFox up and running and customized to my liking, it decided to update to a newer version and wiped out not only all of my bookmarks, but my extensions, as well.  As you can imagine, that made me a touch salty, which is why I don’t use FireFox as often as I used to.  That said, I have a couple of addons/extensions that make FireFox more usable for me.

    • AdBlock Plus (ad blocker…)
    • uBlock Origin (an efficient blocker that is pretty customizable)

As I mentioned, though, I don’t use it much, anymore.  So, these two are by no means the extent of the addons or extensions out there, but they’re the only ones I’ve put back since being forced to start from scratch.

Epic Privacy Browser

image

They feel that your privacy is yours and yours alone.  It’s a solid browser and does just about everything I need.  The big things to take into consideration, here, are that

    • Private Browsing is *always on*
    • it automatically sends the “do not track” message to websites
    • it blocks all third party trackers and cookies
    • one-click on/off proxying which hides your IP address and encrypts your data (gets REALLY slow, sometimes, especially when inside a VPN tunnel)
    • it searches through its own proxy when obscures your searches from outside “eyes”

So, basically, it has just about everything you need, right out of the gate, to be private and mostly safe out there in the wilds of the internet.  I mentioned that it gets slow inside of a VPN.  A lot of things get slow inside a VPN tunnel, so it’s not a condemnation as much as a factual statement – in this case, however, you know why and can appreciate why your data is taking a bit of time to find its way back to you.  It does break some sites, of course, but has a “Quick compatibility umbrella” which expands and lets you pick and choose which safety mechanisms you are using in an attempt to return compatibility.  I use this browser a lot.

Opera

Opera was my first “go-to” browser after my FireFox kerfuffle.  It’s a solid browser and one that I’ve used off and on since it was initially released back in the land before webkit.  The one thing I miss is the ability to set how many data connections you wanted to hammer a site with to improve performance.  I think it’s still in there, but the bottom line is that, really, most connections are fast enough that it’s really fairly unnecessary unless you want to inadvertently instigate your own miniature Denial of Service attack which, by the way, web masters love. 

I only have a few extensions and they are “the usual subjects,” AdBlock Plus, and that’s pretty much the only ones for security. “Why,” you may ask.  Well, it has a nifty feature whereby you can toggle, on a tab-to-tab basis, the built-in VPN connectivity, which is through SurfEasy.  For the most part, it’s fast and can be routed through numerous countries for added protection.

Brave

It’s main goal is to limit the trackers and ads that slow down your browsing while at the same time protecting your private data.  It’s a good browser and I actually do find it faster when going to normally ad-laden sites.  Of course, part of that, too, is that I use a custom hosts file that nips most of that in the bud, but still, you can tell the difference.  It defaults to trying to run everything through https-everywhere, which is good.

image

The bottom line, for me, with this browser is that it’s in its infancy and each release makes it better.  It’s a solid browser, now, but doesn’t have everything to keep you off the grid…yet.

Vivaldi

After the big three (Chrome, FireFox and Opera) all flaked out in their own ways, I spent a lot of time looking for a browser that didn’t drive me nuts.  I test drove this for a few days and those days have turned into months.  I like it because it’s fast, does everything I want, and doesn’t do dumb stuff.  One of the selling points is that almost every aspect of the browser, and therefore your browsing experience, is customizable.  It’s not as secure as the others, but can take extensions to fix that, I’ve just been too lazy to, recently.  Well…when I want secure, I’ve got how many other browsers to choose from?

OWASP Mantra

“Elegant, clean and completely open source,” this browser is build with the security / penetration tester in mind.  The landing page has a slew of links ranging from your everyday to the Hackery section and a link directly to Shodan.  One of the things that stands out about this browser is the number of tools built in.  There are a lot.  I suppose I could list them out, but that’s pretty much what their web site is for – it discusses each one and does a better job than I could.  Honestly, it’s more for site testing than security, but as it takes FireFox extensions, you can add whatever you need, in this regard.  It is, nice, however, to have the ability to see what headers are being passed on to you and allowing you to edit them on the fly.  That’s good stuff, right there.

Maxthon Cloud Browser

This browser actually kind of tries to be a one-stop shop for you, providing a browser with many interesting security features like an encrypted password manager, right-click re-enabler, a cloud-based note/document storage area (1GB/free), and a provider of anonymous emailboxes.  All this translates to a web browser that is pretty solid for information gathering while you’re browsing the web.  It also defaults to duckduckgo as its search engine which, while it doesn’t return 1.5 zillion results like Google, it also returns mainly those things that have something to do with what you’ve searched for and not a bunch of ad placement crap.  I haven’t used it a huge amount because, well…nine browsers makes “equal time” hard.  That said, it seems to do well with ridiculously pop-up ridden sites like firstrowsports.eu, on which I watch hockey from the Ukraine and rugby from New Zealand and it plays the video with no fuss, no muss.  Not a security related feature, to be sure, but one that’s welcome, nonetheless.

Pale Moon

Developed by the save folks who develop FossaMail (which is what I use), this browser just received an overhaul.  This overhaul brought it up to “today’s browser standards” and in the process broke a couple of the nice security extensions it had going for it.  This will probably be fixed, in the near future, but fear not – important security extensions remain: AdBlock Latitude, Encrypted Web, and Secret Agent.  What this means is that you’re not going to see the majority of the ads out there, you’re going to be in HTTPS as much as possible and it will rotate the “User Agent” as not to leave a reliable fingerprint of the browser you’re using.  This is a good thing.  It will also alert you if a site tries to hijack requests and tries to redirect it to a different web site.  It will tell you the how, the who and the potential why: “Your web surfing may be subject to surveillance.” It’s a solid browser with a highly customizable landing page which is nice.  Check it out, but also check out the FireFox-based extensions that you can add to make it as secure as your paranoia desires.  Is it paranoia if you know it’s happening?  At any rate…

TOR Browser

As discussed, previously, this is the browser that works with the TOR network and will allow you to see deep/dark web sites and those sites with the .onion suffix.  It allows you to switch TOR circuits – or paths through the TOR network – in order to maintain anonymity if you feel that the current route/path/exit node has been compromised. Do remember that while the TOR model allows your data to be encrypted inside the TOR network, once your data leaves an exit node and goes to a site, the data in between the exit node and site is not encrypted by the TOR network, so continuing to use an extension like HTTPS Everywhere is always a good idea.  Now, what I do, for what it’s worth, is to fire up a VPN and then launch the TOR browser.  This way the TOR network connections are working within an already obfuscated network tunnel.  While not foolproof, it does increase the challenge for prying eyes/agencies.  While navigating through Onion-land is a bit more arduous and a bit slower, it is still a much safer alternative to bopping around in clearweb land.  There is also a “hardened” version that may be a version or so behind the currently available TOR browser, but has been modified to provide a lot more security.  I use this one almost exclusively.

….

You’ll notice there a browser missing.  Most folks in the IT world understand why it’s missing.  Perhaps you don’t.  Perhaps you love IE Edge.  Here’s the thing – it’s a screen door on a submarine, security-wise.  That’s pretty much what you need to know.  Any of the browsers above would be a much better choice when it comes to keep your data from “the man.”  In the interest of fairness, I will say, simply, that when I tried to “harden” IE, it broke.  I can no longer use it to browse the internet and it has become, inexplicably, the default PDF reader despite Acrobat Reader being installed.  It now, like Hodor, can only say one thing:

image

Encryption


This is where Pomeo is poking the bear.  I’m a firm believer in 1st, 4th and 5th Amendment rights as well as a strong heaping helping of “nunya.”  What’s “nunya,” you say?  If you grew up in the south, you know this is a rather sassy way of saying, “None of your business.”  Really, that’s how I feel about all aspects of my digital life.  I used to have an attitude of “fine, look around – I’ve got nothing to hide!”  What changed?  Well, for one thing, the Patriot Act.  Almost completely unconstitutional in its reach and just a wake up call that it doesn’t matter what the laws say, the government will find a way to wiggle around them.  Then came the hoo-hah about the iPhone in the San Bernadino terrorist case where some dunderhead tried to brute force *guess* the password to the iCloud and iPhone accounts and effectively wiped both clean.  Somehow, this was seen as Apple’s fault and so there was the huge floofle about how Apple should create a backdoor for law enforcement and Apple basically said, “Up yours,” as well they should.  What killed me about this, tangentially, was that if you search for “iPhone 5 unlocking/decrypting,” there are enough links that the FBI could have had it done in under 5 business days and for right around $150.  At any rate, as soon as that story hit the news, I hopped into my Android settings menu and encrypted the heck out of my phone.  You want anything?  You’re going to have to work for it, or at least lay out some cash.  Even though I’m not doing anything “wrong,” I’m not in any way shape or form going to make this easy for anyone who wants my data without a fight…or encryption key.

Drive Encryption

I absolutely encourage drive encryption.  Every Virtual Machine I create is encrypted and has to be decrypted, using the proper password, to even mount.  Once past that, the drive is encrypted and, finally, the user directories are encrypted with a different password for each user.  Seems like it could be considered overkill, doesn’t it?  Well, so what?  I think I mentioned not making it easy.

VeraCrypt

This is a very useful – and free – encryption program geared towards drive encryption, whether it is full disc encryption, partial disk, containers (encrypted files that act like drives but aren’t outwardly visible as such) and can even hide these encrypted volumes.  It’s free, actively maintained and based off of the TrueCrypt software package that was used by a multitude of corporate entities, including mine (TrueCrypt, not VeraCrypt) – and it (VeraCrypt) is SO much faster and less flaky than McAffee’s “Endpoint” software, in my experience.  You can select many encryption protocols and – and this is a wonderful “and” – you can even wrap them three deep, meaning your volume will first be encrypted with AES-256, then it will be encrypted with Blowfish, or TwoFish, and finally, on top of these two encryptions, it will encrypt a third time using Serpent, for example.  That’s my personal choice, but there are several combinations from which to choose.  This flexibility makes it exceedingly useful and, more importantly, pretty intuitive to use.  I recommend this to the moon and back for keeping your sensitive bits protected.

McAffee Endpoint Solutions

My experience with this product has been largely negative, but that might have to do with how it was implemented, so I’m disinclined to just dismiss it out of hand.  It’s only one of two in the list that costs anything, so you’ll need to take that into consideration.  I do know some folks who feel safer purchasing a commercial product – especially an expensive one – because they feel it’s more secure.  This could be.  I couldn’t tell you.  I just know that post-encryption, I’ve had better luck with VeraCrypt.  Honestly, the only trouble I have had with Endpoint is that it will suddenly and out of the blue simply disavow any knowledge of my passcode to decrypt the drive in order to use it.  This is frustrating in itself, but the process to recover it is not only a titanic pain, but – here’s the thing that throws giant red flags for me – with the recovery software, you are given a long series of numbers that will allow you to reset the password and, therefore, decrypt the drive.  Now, in a corporate environment – and one thing I do actually appreciate about the seemingly overly complex method for doing this that my employer uses – you can only access this recovery module after logging into the web portal, going to the “recover endpoint encryption” link and clicking it, then entering your credentials in, again, including a secret question, and only after satisfying this step will it allow you to embark on the rest of the journey.   Now, on the plus side, the price isn’t a deterrent.  Ranging from ~$20 for individual users to ~$5K for an enterprise license, it’s really not all that bad, comparatively.  That said, I trust VeraCrypt more.  Why?  Just because, really.  While the aforementioned folks feel more comfortable with a for-profit product, I prefer a product written by someone(s) whose only skin in the game is reputation.

Microsoft Bitlocker

I’ve never used Bitlocker.  It used to be only available on the Ultimate editions of Windows7 and, I believe 8.  I think it’s standard, now.  If it’s not, it should be.  At any rate, it functions very much like the above two solutions when it comes to encrypting entire drives.  You can encrypt your system (boot) drive with relative ease and, at this point in the game, I recommend that course of action. 

Symantec Endpoint Encryption

Now, I am pretty sure I haven’t used this, but I might have in a previous incarnation – I honestly don’t remember.  That said, from reading the literature and implementation documents, it seems like it’s on par with McAffee’s offering and does allow full-disk encryption.  I also boasts using PGP (Pretty Good Privacy) for it’s encryption of choice.  The company seems to be positioning this solution towards the enterprise customer, but you can get the Endpoint Encryption in a single license for $189.  So, again, I’ve not worked with it, so I can’t say one way or another if it’s the right product for you or your needs.  I’m just letting you know it’s out there and, frankly, the more encryption the better.

On-the-Fly / Individual file / Text Encryption

There are a long ton of solutions, here.  I’m going to focus on ones I’ve used and/or recommend.

Pretty Good Privacy (PGP)

The granddaddy of all public key encryption, this has going through a slew of changes, purchases, open source projects and version.  It’s been entertaining to watch, if not a little frustrating to keep up with.  Basically, the majority of things I’ll be discussing fall under this category, in some way or another.

Symantec

PGP, Inc. was purchases by Symantec, and so is included in the aforementioned Endpoint security package.  I’m mainly putting this here for completeness’ sake.  This isn’t to be confused with PGP Corporation.  Oh, wait…yes it is.  This is PGP if you want to pay for it.

OpenPGP

Standardized in the mists of history (1997), OpenPGP is available for all platforms, including iOS and Android.  This is pretty much the standard and everything derives from this.  It’s free.  It’s mostly easy to set up – the hardest part is thinking of a suitably secure password.  Their site has email encryption solutions, keyservers, and even a section for developers discussing signing their projects.  The email section provides a long ton of options/solutions.  Check them out.

PGPi

For historical purposes, only, I include the “international” version of the original PGP software and should be considered exceedingly outdated – it supports Windows 3.1/95/98/NT as well as the Amiga and OS/2.  So, why would I include it?  Because it’s fascinating to see how far we’ve come, really.  I love digging around in this stuff, so, I figured I’d share.

GnuPG (GPG)

This is what I use.  Take that for what it’s worth…I use it.  That doesn’t mean you need to use it or should use it.  I just like the setup of GPG4Win and it’s easy for me to work with.  The binary releases, should you not feel like downloading the code and compiling (./configure ./make ./make install), support Windows, Linux, MacOS, Android, OpenVMS, and RISC OS.  Integrated into the Windows shell, it makes encrypting/signing/decrypting documents, other files, directories and even drives painfully simple.  I recommend it.

Diplomat OpenPGP

I’m including this not just because they have their own OpenPGP solution for you, but a they also offer secure file transfer, which is nothing to sneeze at.  Now, while the OpenPGP product is free, the Diplomat File Transfer product is not.  It’s pricey, but when you look at what it does – securing file transfers, either P2P, FTP, FTPS and SFTP, as well as encrypting those files that are transferred with the private keys, meaning only the sender and the recipient can open the file(s) sent.  That’s pretty hoss.  This service will cost you, with the “basic” version *starting at* $595, the “standard edition” starting at $2,995 all the way up to the Enterprise version with the terrifying “Call for pricing.”  Still – if you’re worried about industrial espionage, how much is your data worth to you?

Again…make these folks work for it, where “these folks” can be, basically, anyone who wants to access your drive who isn’t you and, especially, without permission.  There are more solutions out there, but this should provide a good starting point. 

Cloud Storage


I know a lot of people that use either their own server or services like Dropbox to store files “in the cloud.”  There’s Dropbox, Mega.nz, and a whole slew of others, but they all share one thing: they’re searchable by the companies that set them up and in that light, anything subversive or  plain illegal in your file storage area can be found and you can endure anything from irritation all the way to outright pain.  That doesn’t sound fun.  So, let me recommend a few.  I’ve been using Keep2Share, of late.  It functions much like Dropbox, but I haven’t read any missives, recently, talking about k2c routinely scrubbing through user accounts looking for violations.  Let’s look at some other options, shall we?

Boxcryptor

This is a product that looks a LOT like what were talking about with Diplomat.  There are differences, of course, but as you get into the paid subscription versions, one of the big selling points is the end-to-end encrypted file transfer.  That said, the free version offers this, as well, just without as many bells, whistles and safeguards.  The free version features the ability to secure one cloud account, up to two devices from which to upload and save data, and Whisply integration which, for those who don’t speak weird corporate software naming practices, is their end-to-end file transfer encryption which will allow you to send out an unlimited number of links to the files you store there and these other folks don’t have to be boxcryptor users.  It also has a portable installation if you’re not wanting to, or can’t, install it one your system.

Tresorit

Aiming to not be a full service, encrypted cloud storage provider, it’s not free, but offers a lot of features.  Their claim, also, is that it would take 1,000 years to crack the encryption they use. I wonder if that will change with quantum computing?  At any rate, they offer a couple of tiers of service, with the personal level providing a terabyte of storage, access from 10 devices, password protected links and extensive file permission settings for file sharing.  The personal subscription is $30 per month, so $360 per year.  For small business and enterprise, it’s considerably more outlay, but is less per user.  Again, the enterprise model has the scary “Custom pricing,” which probably just means customizable for your business, but I still like seeing everything out in front of me.  One interesting thing that I like a lot is that it has a section for developers, offering a SDK to allow the end-to-end encryption to be integrated into your application.  The tagline, “No more data breaches” sounds good to me.  You have to request access, but I’m thinking that a software development company could benefit greatly from being able to tell clients/customers how secure their data will be.

Waula

LaCie’s solution was one I was going to discuss, but upon hopping to the site for more information, I got this:

<h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>Ref A: C544C6B0F1F84F22A420DB3DC53148B5 Ref B: F4B412192C8F55313E7D91E98DB04966 Ref C: Fri Nov 25 08:03:07 2016 PST”

so…you know.

nCrypted Cloud

This looks like another encrypted cloud service, though, it’s positioning itself more as a security layer on top of cloud storage.  Honestly, if the files are encrypted, I’m not sure I care how you get them there.  Well, that’s not entirely true, but you get the picture.  The personal version is free and for non-commercial use.  You get roughly the same features as on the company/enterprise-centric models, but without the longer audit trail, Active Directory integration and collaboration tools.  Now, there’s free, then there is the per-user cost for each level: $10.  The only difference is the number of users, at a minimum, that you are required to have: 25 for small business, 250 for medium business and 2,500 for enterprise-level. 

Honestly, I’m running out of steam.  For cloud storage alternatives beyond what I’ve laid out, here, I recommend this article.  It goes into greater depth than I have been and gives you pros and cons in a concise manner.  Concision has never been my strong suit.

Summary


Long story short, if you want to keep the government/hackers/pranking friends/ex-spouses out of your data/email/what-have-you, you need to secure it.  There are also ways to secure what you already have, for example, in Yahoo or Gmail. 

There’s an option for most webmail services to use two-factor authentication.  Use it.  You’ll be glad you did, especially when reports come out stating that Yahoo knew about data breaches as early as 2014 (and didn’t do anything until much later), and the recent Gmail breach. If it’s difficult for YOU, it’s going to be that much more difficult for anyone else.

Also, don’t use fingerprint or simple-pattern unlocking on your phones.  While a long PIN is a pain in the butt for you, just think how much of a pain it will be for someone who doesn’t *know* the PIN.

Stop using common passwords. While “ihatemyjob” is funny in ads, it’s horribly insecure and will take even an average computer a few minutes, if that, to crack.  Even throwing in a “!” at the end will delay the “crackening.”  That said, I’m a big fan of using symbols and numbers.  “Ih4t3myj0b!” will be that much more difficult to crack.

Above all, just don’t make it easy.  The more layers of security, the better.  The heftier the encryption, the better.  It doesn’t make you a terrorist, it makes you a pragmatist. Remember – This isn’t about hackers, anymore.  It’s about our government.

Metallica – “Hardwired … To Self-Destruct”

The last time Metallica released a studio album, George W. Bush was still in office.  This release will precede President Donald J. Trump by mere weeks.  So what, right?  Well…it is *8* years.  We were given “Death Magnetic” and we, the Metallica faithful, were mostly sated.  There were production (*mastering*) problems that squashed dynamics and prompted several versions of “remixed/mastered/EQ’d” from the Guitar Hero III stems.  Much better.  So, we come back to today – the official release and while the vinyl hasn’t arrived at the door, the videos links have arrived in the email box.  I did a song-by-song deconstruction of “St. Anger” when it came out, but, sadly, it’s been lost to the mists of history – even archive.org can’t find it.  So, I thought I’d do that with this one, the new one, the shiny one, the one where the first three singles gave Metallica fans around the world hope that there might be a return to their thrash roots.  Let’s do this.

The Songs

01 – “Hardwired”

Churning.  A snare that sounds like a snare – that’s a positive.  Very punky vibe, but with enough chugging to make a metalhead happy.  Nice delay on the vocal – well placed and not overbearing.  Nice chorus. The solo breakdown feels like a solo and the post-solo section is solid.  I dig it.  I’m also digging the double-bass.  *Finally.* This has a good vibe to it.  I’m enjoying it a lot.  The slowdown at the end is really nice.  Good song.

02 – “Atlas, Rise”

Decent enough intro. It’s reminding me of the punk-infused stuff we used to get in the early-80s.  Decent riffing.  The vocals are good.  Pre-chorus is a not bad, but serves it’s purpose – it feeds naturally into the chorus.  Chugging is pretty good, lead fill keeps from getting overly repetitive sounding.  This feels NWOBHM-ish and I’m digging it.  The solo starts off like something from “Load.” OK – better movement but pretty wah’d up. However, the harmonized solo is really nice – reminds me of 7th Son-era Iron Maiden.  The ending is solid.  Good song. I can dig it.

03 – “Now That We’re Dead”

Mid-tempo chugging.  I can dig it. Even the drum fills seem to work.  Slow to build, though.  Reminiscent of mid-80s hard rock.  Very simple verse – it works.  Wow – the pre-chorus feels so very 1987.  Nice.  I’m trying to think of who this reminds me of.  Kind of like some of the mid-tempo stuff Armored Saint did around that time.  This isn’t a bad thing.  The chorus is a bit creepy, but nice riff underneath.  It’s keeping things very simple, and it’s working.  The song is growing on me.  The solo is pretty solid – not TOO wah-y with good movement.  Ooh – interesting post-solo crunch.  It’s like what would have happened if “Outlaw Torn” had more bite.  The ending…hmmm…pretty solid.  Another good song.  Cool.

04 – “Moth Into Flame”

Nice intro into fantastic chuggy riffing.  Where’s this been the last couple of albums?  Nice movement under the verse which is also pretty solid.  Pre-chorus bliss!  Really enjoying the riffing. Now that’s a catchy as hell chorus! The guitars are constantly moving.  Nice!  Back to the verse and it’s just got good chunky riffing.  Man.  Well structured song.  It’s funny how it almost *feels* mid-tempo, but sure as hell isn’t.  Oooh, nice breakdown.  Down picking heaven.  Solid bridge that feeds into the solo.  Not a bad solo, either – THIS sounds like KRK.  Nice re-entry riff and double-bass thunder.  Easily my favorite song, so far.  Just beastly riffing riding you off into a crescendo ending.  Excellent song.

05 – “Dream No More”

Doom-y.  Sluggish, but not plodding.  Meaty doom riffs.  Verse…interesting harmony.  Sounds like “The Cure” but is a boatload more listenable.  Pre-chorus is pretty decent.  Oooh.  The chorus *chugs*.  There’s no other way to describe it. So far, the chorus is the the best part.  Still doomy.  Huge sound, though – definitely a good thing.  Middle is pretty good leading to the solo.  Decent solo – interesting slower section, gaining nice harmonization.  Building to something – the sludgy, sloggy chugging.  Cthulhu imagery throughout is always a good thing.  This song will probably grow on me. Right now, it’s a good song.

06 – “Halo on Fire”

Nice harmonized intro.  Harkening back to 1987, it feels like.  Pulling back into a light acoustic trot.  Verse is sung nicely and builds.  The chorus is a little jarring, but gets bigger and is pretty good.  Nice break.  Good tone on the solo – fits the vocals.  The pre/chorus is growing on me.  Middle breakdown riff is nice and chunky.  The bridge is pretty good even with two parts; they work, I think.  Nice chunky riffing after the 2nd bridge.  This sends us into the solo, which starts with some nice harmonization and then pulls to the middle and isn’t too bad.  With the solo over, we riff and then back to a short acoustic break.  Solo 2 – almost sounds like Het’s tone. Nice movement into what was bridge 2 and now a slowly building solo that is over a nice galloping riff.  The ending is really taking off – I like it.  The song ends…and it’s a good one.  I like the movement within the song.

07 – “Confusion”

Marching – which I think is the point.  Crunchy.  It is nice to have a snare that sounds like a snare, again.  Ooooh – fun riffing going on, here.  Slows down to a mid-tempo.  Nice vocals in the verse, and gives way to the chugging which, in turn, gives way to the chorus.  Interesting. Nice transition back to the chugging.  Nice little solo before a solid bridge. Really touching on the PTSD aspect – heavy.  Good transition back to the chorus.  Bridge 2 is driving home the PTSD with a frenetic staccato bit of riffing.  Moves into a neat section that finishes off and drops us into the solo.  It’s not a bad solo – it really conveys a “barely in control” vibe that works.  That is just a sick riff.  Ending  on the marching.  Solid song.  I like it a lot.

08 – “Manunkind”

Acoustic meandering – nice bass working underneath.  Aaaand – heavy!  Mid-tempo?  Slogger?  It’s kind of giving a vibe of both.  Nice groove.  Sort of disjointed riff under the vocals which have a sort of urgency going on.  Feels southern rock-ish, but with a heaver touch.  I like the harmonization – I’m a sucker for a good harmonized vocal line.  Breakdown time.  The bridge is even more urgent, the exaggerated delay helps it out.  Not too bad.  Do we call this bridge 2?  It’s decent enough and leads to the solo which, after started kind of slowly, becomes a sort of wah assault.  It reigns it in to feed back to the bridge 2 thingo.  Very southern groove.  Reminds me a bit of “Ronnie.”  The ending is a repetition of “Faith in man-un-kind,” until it ends.  Not too bad.  This feels like one I’ll have to listen to more to get into.

09 – “Here Comes Revenge”

Definitely setting up a mood, here.  Feels dirty and sludgy.  Gives way to a pretty solid riff.  The solid riff becomes riffier and has a decent hook to it.  Dirty drums, slightly dirty guitar, interesting verse, leads into the what I’m assuming is the pre-chorus which makes good use of riff #3.  Decent chorus with a sort of stop and go thing that ends nicely enough.  Back to the verse.  I like the transitions.  Decent movement in the song.  It’s not dragging.  The hook-y riff gives way to a mid-tempo crescendo that leads into the solo.  Nice riffing underneath.  A more restrained solo that works well.  Galloping towards the end with the hook-y riff with some nice double-bass work underneath with the dirty, wah-soaked guitars we heard in the intro.  A solid song.  I dig it.

10 – “Am I Savage?”

Starting slow with clean tone and understated bass and drums.  Gets dirty quick.  Not bad – building towards a really sludgy riif.  This feels like something Sabbath – mid ‘90s Sabbath – would churn out.  And we now just hopped into an interesting off-tempo walking/talking part.  The chorus is decent.  Returning to the doomy, sludgy riff.  Definitely a sloggy feel, but not draggy.  The off-kilter pre-chorus is disconcerting which, I’m fairly certain was the point. Honestly, it has a “Loverman” vibe to it but, thankfully, is a vastly more interesting song.  Oooh – sludge.  The breakdown leading to the solo is chewy as hell.  Nice solo work – it’s a nice counterpart to the riffing underneath.  As it heads to the end, it chugs along, and I do mean chugs.  Pretty good – I definitely to listen to it more.

11 – “Murder One”

Nice clean tone interrupted by a fairly urgent heavy interruption.  Main riff is pretty fluid and gritty.  Interesting – the verse and vocals are pretty solid.  Pre-chorus? Bridge? Chorus?  Not sure.  Leads back to the verse. This takes me back to 1989.  It’s got a good vibe.  We’ll call that the pre-chorus – it compliments the chorus well.  Oh, my.  Well, hello, Kirk. A jarring solo, with very little transition.  It settles down and then feeds back into the pre-/chorus.  A decent hard rock groove feel.  I’ll have to listen to this more to get more of a feel for it.  It doesn’t feel as strong as most of the songs, but it’s not bad. We shall see!

12 – “Spit Out The Bone”

Frenetic intro – drums, bass and guitars chugging along and after a brief pause uses that riff to take us to a bit of machine gun-ish riffing.  Interesting melody interspersed.  Now it’s a homogenized, sick riff.  Hello, angry verse!  Barked lyrics with speed chugging underneath.  I really dig that main riff.  Need to harmonize it, though.  Man, this is moving.  There is a definite urgency, but not haphazard.  Breakdown to Rob’s solo. Cool.  Leads back to some more gymnastic riffing.  Digging the bridge and here we go into KRK land – the first part of the solo is kind of like the rest in terms of wah, but churns down to a nice slower, melodic solo.  The middle section is really nice.  New riff – solid.  Slowing down a touch with some chugging. I can dig it.  Slower still chugging.  What’s it building up to?  ‘cause it’s building!  Ooooh – channeling some of the Kill ‘em All energy, this solo is much more satisfying to me.  Enough old and new Kirk working together to make for a solo that works.  Frantic chugging and barking vocals – angry Metallica is good Metallica.

Oy.

Wow.  I’m a bit drained.  That was a killer ending to a solid effort that had many more high points than low.  Actually, come to think of it, I don’t really recall there being anything that could be considered a “low.”  To be completely honest, “Am I Savage” might be the weak track on the album, but even there – if that’s your “weak one,” I’d say that’s not too shabby, at all.

The riffing

There is plenty of riffing to be had.  Wow.  From open to close, there’s no shortage of chunky, chewy, ripping riffs that all work well with the songs and don’t feel forced.  What I mean is that some of the “speed riffing” on “St. Anger” seems like it was put in with the intent of showing us they were still heavy.  It felt like they were trying too hard.  This?  This sounds like a natural, organic album where there riffs don’t feel forced.  Even some of the riffing on “Death Magnetic” felt a little shoehorned.  Not here.

Review / Summary

I’ve been having a hard time NOT jamming to this album.  From the opening notes of “Hardwired” to the last shimmer of reverb at the end of “Spit Out The Bone,” it’s nonstop.  It’s funny – I read some comments, somewhere (I can’t remember where…) that the album had four ballads.  I’ll have to check my impressions of the songs, above, but I’m pretty sure there’s not a single ballad on this album.  There’s a dynamic that offers a good balance of “acoustic-y intro” to “all out thrashing,” so that might have been what they were talking about.  I don’t know.  What I do know is that this is the most consistent and solid album since, if I’m to be completely honest, “The Black Album.”

What about production?  I gave Metallica endless amounts of crap for something that wasn’t their fault, last album.  “Death Magnetic” was butchered in mastering to a point where all dynamism was flattened out and it was a wall of sound with no nuance.  What do we have this time around?  Well, it’s not mastered to death, thankfully.  Now, when the first three singles hit, I noticed there wasn’t much by way of “air.”  I had hoped that it was like the “The Day That Never Comes” where the album version was much more alive than the single/video release that just seemed dry and brittle.  Well, “Hardwired…To Self-Destruct” is much, much better sonically.  My only complaint is the aforementioned “air.”  It’s still pushed pretty hard and you can hear the compressors groaning under the might of the riffs.  That said – it’s so much better.

So?!  Was it worth the wait?  Eight years is a darned long time.  I’ll admit that really pushed the expectations high.  I wasn’t thrilled with “Lords of Summer,” but it wasn’t bad, so there was hope.  Then the date getting pushed back and pushed back.  But, it’s here. It’s tight.  It’s solid.  It’s a *Metallica* album.  It’s not “Master II” nor should it be.  This is a more mature thrash but there is thrash to be had.  So, I’ll say it’s worth the wait, but implore the fellas not to make us wait this long, next time around.

“17 Rules for Governing My Country”

Well, Big Don.  You did it.  You won the big chair.  It’s time to put on some big boy pants and act like an adult who understands the situation you’re now in.  You’ve just become my President Elect, soon to actually be my President.  That’s right – *my* President. I’m not happy about it.  It’s a lot like getting Cruella DeVille as your new adoptive mother.  Still, he’s been elected and, so, here we are. 

That said, there are some conditions you should know about that might give me, and possibly other Americans, some glimmer of hope rather than wishing for a giant meteor to destroy the Earth.  These are not in any particular order ’cause I’m really tired and my thinker is wibbly.

1) Humanity over corporations. Period.  If this doesn’t make sense to you, then just peel back the fake human mask and reveal the Lizard Person that people have started to say you are. I didn’t say *I* thought you were a lizard person.  Your eyes don’t blink in the correct direction.

2) America has always been great, even if you were too myopic to notice — don’t try to fix what isn’t broken.  Just…ease off the accelerator, Sparky. There ARE things that are wrong, but your 100 day “plan” looks like a recipe for civil war, so, um…let’s not, yeah? Bring in your big thinky advisors and look at the big picture rather than telling your new constituency what you think they want to hear.

3)  Fix what’s broken.  And, no, that’s not the ACA. It’s not immigration. It’s not gay marriage. If you can’t figure out what it is, when I’m not dead tired, I’ll fill you in. If you fly me in, we can discuss it, in person.  I’m down for that.  You in?

4) Treat people with respect.  You’re in a position where people are watching you — a lot of people, some of whom have nuclear arsenals.  Let’s not say something off-the-cuff to get us wiped off the globe, ‘k?

5) Women matter. Reproductive health matters. Access to Planned Parenthood really is a good thing.  Just ask Mr. Pence what the elimination of Planned Parenthood did for Indiana.  Hint — it involved a dramatic rise in HIV cases and LOT of STDs.  Yay, Gonorrhea!

6) Hell, let’s be frank — your plans to repeal gay marriage and the ACA will destroy so many American lives it’s almost unfathomable.  Is THAT how an American leader leads? If you promise to bring America together, then let’s start by not immediately tearing it apart. No good will come of this.

7) You’re going to have to sit on your hands when you give speeches.  I’m getting more dizzy than with Herbert Walker. (This is more or less tongue-in-cheek, but really…reign it in a little, please.)

8) For the love of all that’s holy in this world, *stick to the script.*  You’re going to have speech writers who will get paid a LOT of money to make sure you say all the right things.  You know why people poked fun at W? When he went off-script, well, it was kinda train-wrecky, at times.  Oh, and keep the swearing to a minimum.  While the 12-15 year-old white male demographic thinks it’s cool and funny to drop the “F-bomb” on something that will be seen by billions, those of us with a higher than 6th grade education (since studies show your speeches were delivered at a 6th grade level…just going with the stats, man) think it’s a bit crass for the leader of the free world.

9) Stop spreading fear. Just forget about your wall.  Forget about the idea that it’s the undocumented that are making the problems in the US.  Remember, they paid more in Federal Taxes than you did.

10) Eschew the associations with the KKK and neo-Nazi groups.  Now.  Before people start asking a lot of hard questions like, “Does this mean you support these domestic terror groups?”  You know…those kinda questions.  Just do everyone a favor and tell David Duke to shove it where the sun don’t shine.  It’ll be easier to not be labeled “racist,” “Hitler,” whatever the kids are calling you, these days. Remember – unifying the country, not tearing it apart.

11) If you’re itching to repeal something, repeal the Patriot Act. Since most of it has been deigned unconstitutional by various and sundry courts, I’m not sure anyone would be terribly sad to see it go.  All the gee-whizzery from the NSA existed before, it just wasn’t put into law to legitimize the complete disregard for our citizenry or the constitution.  The time and energy would be MUCH better spend shoring up the absolutely porous governmental computing systems.  You wouldn’t have had 1/2 the ammo for this campaign if people knew how to set up proper intrusion countermeasures and were given the budget to implement it. So, you know…before someone gets into *your* emails.

12) Don’t make the mistake of galvanizing *all* the terror groups outside the US by trying something as foolish as deporting “all the Muslims” from the US.  You want to know why certain segments of the world’s population hate the US? Do that and you won’t have to wonder, anymore. Again – and you may sense a theme – UNIFY the country, don’t tear it apart.

13) Don’t keep stoking the xenophobic fires.  Aside from San Bernadino, you know how many of the acts of terror on US soil were actually perpetuated by actual Muslims and not freak-pie, radicalized pretend Muslims? Hey – I said *aside* from San Bernadino (bearing in mind they were US citizens…). One, and he probably qualifies as “freak-pie” and/or “radicalized.” In the *history of terror attacks on US soil,* only one.  And that was the Florida night club, last year.  So how’s about this – worry about our domestic terror groups (you know, the ones you’ve not distanced yourself from) and stop putting into every easily influenced American’s mind that Muslim == terrorist. If the logic is that “it could be any one of ‘them’,” then, by all means, let’s deport all the domestic terror threats starting with the KKK, the Aryan Brotherhood, oh, wait – does that mean any white American could be a terrorist.  Damn it.  And here I was thinking we were supposed to feel safer.  So, see – we need to unify our country, be a little less panicky and judgey and lot more in tune with what the underlying causes of the unrest are, motives for terror attacks are and all that jazz and start working on THOSE problems rather than causing more by just being weirdly focused on one group.  Oh, and I don’t want to hear “most terror attacks ARE carried out by Muslims!” Why not?  Because they’re carried out in bloody Iraq, or Afghanistan, you know…countries where Islam is the primary religion.  We’re not condemning the Jewish people in the US based on the actions of Isreal and Palestine, are we?  Are we?  

14) Nuclear war is not something to joke about. Ever.  It’s not something to even consider.  Ever.  It’s the global equivalent of saying “BOMB!” in an airport, nowadays.  You may have a death wish, but I do not and I’d prefer you not make THAT decision for me.  Okeydoke?  The Cold War sucked.  Big time.  Let’s not fire that up, again.  Oh, wait —

15) Putin is NOT your friend.  Remember that.  You, at this point, my good sir, are his puppet.  He played this election like a “harp from hell” to borrow a phrase from our favorite unhinged denizen of the cold and dark, Oswald Cobblepot.  So, just remember, when he says he’s looking to “renew relations with the US” after you take office, that’s a clever euphemism for “test the waters and see how easily you can be manipulated.”  Trust me.  Who do you think paid the hackers who gave you the emails that submarined HRC?  So.  Does this mean that as soon as you start to look like a strong leader, you’re going to get torpedoed, too? If I were a betting man, I’d almost guarantee it.  Don’t let that happen.  We already have relations with Putin and his pals. There’s no need to give him the keys to the White House.

16) I mentioned that ACA above.  Despite what you and far too many people with not enough Google skills believe, the ACA isn’t what’s driving up insurance premiums.  It’s a two-pronged attack on American healthcare being perpetrated by Big Pharma and douche canoes like Pharma Bro who think that’s it’s just good business to price an important drug out of the range of those who need it most – and that’s not capitalism, it’s being a shithead. The other side of this two-pronged attack comes from the other unregulated entity, the insurance companies.  With a CEO pulling down $66K A FREAKING HOUR, I’m pretty sure keeping the premiums a little lower won’t hurt the insurance companies more than the drain of their CEO’s greed. Americans want to know why their premiums went up – well, you need to tell them, “Because of the insurance industry’s unmitigated greed.”  So, instead of repealing the ACA, how’s about looking into regulating the insurance industry and their routine fucking over of the common citizen and come up with ways to modify and massage the ACA into something both good for the people and acceptable to the people who think that everything’s Obama’s fault.

17) Alternative energy sources are your friends, and not the invisible ones that throw tea parties in the attic at night.  Instead of promising the coal industry a return to black-lunged glory, why not invest that same money in not only green(er) energy, but workplace training for those workers who could then work in the green energy industry and, perhaps, not die of black lung, and pensions for those old enough that workplace training really isn’t an option who will, odds are good, need to look into what the ACA offers.  You know, take care of Americans AND not completely hose up the environment. If you keep insisting on this Fracking crap, that Midwest that helped you carry the vote is going to sink into the crust of the earth just because Big Oil has its claws so deep into our political system – the one you said you’re going to completely turn on its ear.  So, seriously, dude.  Call up Elon Musk, have a sit down, and come to understand that Big Oil is only in it for themselves and don’t give two shits about you or our country.  

There are more.  I am too tired to come up with them.  Bottom line?  Don’t fuck this up. I know…I got on you for “strong language.”  But, seriously…as much as I want to, I can’t hope for you to fail, utterly, because that would take down the country I love and believe in.  I can, however, hope that you come to understand what it *really* means to be President of the United States and look at it with the seriousness it deserves.

Recent Production Trends

So here we sit at the cusp of something we, the Metallica faithful, have waited for, patiently-ish, for 8, yes *eight* long years.  So, what’s the first thing I do?  I complain.  I know – I’m trying not to because, well, honestly?  The first three singles represent the best metal Metallica has put out for decades.  So, then, why be a whiny, complain-y guy?  Well, let me preface it by saying it’s not directed at Metallica, specifically.  They just happen to be the most recent band whose album is mixed with something missing – the high end.

Now, there’s high end.  I know that.  The cymbals are crisp and the guitar solos have bite.  That said, what they don’t have is “air” or “breathing room.”  What?!  What am I talking about?  I’m talking about that lift in the upper frequencies that actually allows *everything* to have a little more room to shine.  I’ll have to demonstrate because I’m not sure my brain is equipped to parse it all out intelligibly, right now.  So – let’s look at things that will help me explain.

Hardwired

This is where I noticed it, first.  So, here’s a sonogram of how it is without the little tweaks I give it to give it air and more – in my opinion – life.

image

You’ll notice there is a lot of blue at the top.  That’s where the “air” lives.  It seems like a small thing.  I guess that’s where my frustration came in.  It was obvious to *my* ears – why was it not obvious to the mixer, producer, mastering engineer OR anyone of the fellas in Metallica?  My second frustration came from the fix taking, literally, under a minute of fiddling with my standard Mastering Bus plugs.  How much of a difference could it make?  This is what it looks like when I kick in the plugins:

image

You’ll notice there’s a TON more in the “air” frequencies.  You’ll also notice that there are more hotspots within the other frequencies, as well, meaning they’re getting more space and you’re able to hear them.

I have taken both versions – the original mix and my re-EQing and intertwined them.  You can hear when the blanket is lifted and then is there, again.

[Hardwired — Comparison]

As you can hear, there’s a marked difference.  Now, I tried to match volumes as closely as I could, but there are a couple spots where they’re crossing over where it gets a bit louder.  The thing is, it’s not rocket science.  That’s what is frustrating to me.  On the track, itself, I just hit it with an EQ that took out some resonant points that became obvious when opening up the top end.

image

Then, on the master bus, I used FabFilter’s Pro-L and Pro-G, Slate’s Virtual Mix Rack and T West’s “After” which, if I may say so, is one of the handiest little filters out there.  Here are the settings:

image  image

image

and image

So, as you can see – there’s no voodoo involved.  It’s just tweaking here and there to expose more of the depth.  It’s not just this track, though.  Of the three singles released, “Atlas, Rise” needed the least amount of high-end massaging.  So, I’ll go on record saying to Metallica – Hey! I’ll fix those for you! and then move on to the song that really started me listening more critically to new releases.

Mirror.  Neat band, good talent, good producer (I mean it – he’s got a great pedigree), but muted and muffled production.  I had a little row with someone about it and their point was that the band *wanted* it that way and that it sounded “retro.”  I guess he could be right, if by “retro” he meant demo tapes from the mid-70s.  I can understand a band wanting a warmer sound than the almost sterilized, clinical mixes that have been coming around, as well.  I can.  I appreciate the warmth and tone of older recordings.  What I have a hard time getting past is when there’s *no* high end, no opening up and it all sounds muddy.  Now, this isn’t perfect – it’s re-EQing for demonstration purposes.  Obviously, I could make a better comparison with the actual stems and remixing it, that way.

[Mirror – Galleaon Comparison]

So, I guess my real question is *why?*  Why have so many good albums been mixed/mastered with no “air” to them?  I mean, I’m listening to Anthrax’s “All of Them Thieves,” and Jay Ruston did a great job capturing the music *and* giving it room to breathe.  So, what is the decision making process?  I have a hard time believing that a band would listen to something with dampened high end and decide that’s how they wanted their hard work to be presented.  I could be wrong.  There could be something charming about it.  It just all feels to me like when Nevermore sent “Enemies of Reality” to Andy Sneap to have him re-mix/master the album because the high-end clarity was missing.  Their hard work wasn’t showcased, completely, and with some love – and air – “Enemies 2.0” was sent out from Century Media and all was well.

In conclusion, I guess it melts my mind a little when we have hard work put in by musicians, hard work put in by the mixing engineer, hard work put in by the producer and hard work put in by the mastering engineer – but it still sounds like it’s buried under a layer of silt.