Operation: Red Flag

President-elect Trump has started naming his potential appointees and, if you’re a thinking man with a half a brain, they’re terrifying.  It’s like a clown car opened up behind the White House and he’s just taking them in the order they’re getting out.  The one that this missive touches on is his CIA appointee who has stated that using encryption “may itself be a red flag.”  Seriously, Mr. Pompeo?  Or, using encryption is because those of us using it prefer to keep the government out of our business as our founding fathers intended and not this Orwellian ridiculousness we’re being asked to pretend is the new normal.  Hell no.  Using encryption doesn’t make me a terrorist any more than buying Sudaphed makes me a criminal drug user.

 Clipart - Waving Red Flag

So, without further ado, may I present my plan.  Well, less of a plan and more of an idea that I hope takes off because….well…screw Mr. Pompeo. 

red flagRed Flags | Baer Law Firm

Basic Network Connection


Basically, if you’re running internet from Time Warner, Comcast or any of the large providers, you’re compromised.  Sorry – it’s just how it is.  Thankfully, there are things you can do about this.  There are VPNs, proxies and other variations on that theme.  I’ve used a LOT of these and I have some recommendations.

First and foremost VPNs.  VPN stands for Virtual Private Network and the simplest explanation is you are logging to their network and using their network to navigate the web and it sends the data back to you.  The theory, there, is that the only IP address visible is the one assigned when you log into the VPN – your own network IP address is not exposed.  So, think of it as a tunnel under a lake.  The only thing the world knows about it the opening from the other side of the lake from where you entered the tunnel.  So, there is some debate as to which are better and if there are any good free ones. 

I currently have four installed on my system that I use.  Each has its own set of pros and cons.

SecurityKISS

Let’s start with the one I use the least – SecurityKISS.  I’ve used it off and on for over a year and it’s pretty solid.  I get slightly reduced bandwidth speeds, but that’s to be expected.  The only real downside to this particular VPN is that it has a bandwidth usage limitation of 300MB, if I remember correctly, and that’s per day, I believe, and resets every 24 hours.  Now, it looks like they’ve simplified it since I started using and that’s not necessarily a bad thing.  It uses a client you can download and have pricing options that range from free to just under 90 euros a year. Of course, each price tier opens up more possible server connections as well as features. 

SoftEther / VPNGate

Another one that I use that is a little more complicated to set up is VPNGate / SoftEther VPN. The one thing I like about this is that once you get it set up, you load a list of potential servers and it displays the uptime, bandwidth and how many users are currently connected.

image

There are four ways to connect, each with their pros and cons and the VPNGate website has instructions to set up each method including one to use the OpenVPN client if you already have that in order to use other VPNs.  It’s also open source, so you won’t be restricted in your usage for using the “free” option, as they’re all free.

Windscribe

I started using Windscribe after I was doing research and really liked what I saw.  I liked it even more when I didn’t notice any discernable slowdown when using the VPN – even running a speedtest confirmed it.  Now, what’s interesting about this VPN is that there are ways, free ways, to increase your monthly usage cap. 

image

My current cap is at 15GB per month and, thus far, when I am going back and forth between VPNs, this has been more than enough.  There are two pricing options and they’re basically free and paying the yearly charge of ~$90 all at once or monthly.  I like the free option and was willing to do things like tweet a micro-testimonial to get an addition 5GB per month.

One of the interesting things to note is that not only can you use this on your Windows or MacOS system, but also your android device or even your router if it has been DD-WRT or Tomato flashed.

VPNBook

I’ve started using VPNBook a lot more, of late.  About the only things it disallows are pop connections and torrenting (except for, it would seem, the European servers).  It does pretty much everything else, is fast and pretty easy.

image As you see in the graphic, there, it supports a number of servers in a number of locations.  It tend to use the US1 and US2, though I’ll use the Canadian ones if I’m feeling frisky.  The only “inconvenience” is that the password to log into the VPN is provided by VPNBook on the web site.  I pinned the page in my browser, so it’s not too bad.  It’s pretty simple to set up and the instructions are clear and concise. VPNBook supports OpenVPN so is usable on Windows, MacOS, Linux, iPad and Android devices.  It also supports PPTP, but recommends the OpenVPN method.

TOR

“The Onion Router” or TOR can fall under “browser” as well, and that’s where I will discuss it more.  At this point, you just need to know that it is a distributed network designed to provide anonymity.  For the most part, it does, but my recommendation is to fire up a VPN and then load your TOR browser.

E-Mail


E-Mail is the most easily siphoned window into your personal lives.  There are some ways to mitigate this – webmail is, in theory one way, though it’s not any more or less secure than a standalone client if it’s not set up properly.  So – what do I use?  I’ve tried a ton of email clients over the years and the one I’ve settled on isn’t necessarily the one I’d recommend for end-to-end encrypted emails.

Confidant Mail

Confidant Mail might be a hard sell because it’s basically uprooting your existing emails (even though you keep your old email address) and putting them into a completely encrypted system. It’s not simplest to set up and seems to rely on you convincing everyone you communicate with to install and use Confidant Mail, as well.  Since it’s a standalone application it doesn’t run the same risks as do webmail or even standard pop/smtp-based email clients that employ message encryption.  It had a page dedicated to why it’s better than normal or even encrypted email.  It generates a public key via GPG when you set up the program, initially, and once that’s done you can upload the key to the servers so that people who are subsequently installing the program will be able to search for, find, and add you to their contact list.  I recommend checking it out, but something that I’ve had a bit of a problem over the 20 years I’ve tried using PGP is convincing my friends and family to also use PGP. 

Sigaint.org

Anything with “Making the three-letter agencies cry” in the tag-line is something worth looking into.  The only thing with Sigaint is that you really need to access it through your TOR browser. They have a clearnet address, as well, but it mainly serves to tell you to seek them out via TOR.  It’s a webmail client, so there are inherent risks, but they are quite open and honest, telling you not to trust them and to encrypt your emails.  Now, there is a “pro” option, as well, that for $32 for life, will allow you to use multiple protocols (pop3s, smtps, imaps), upgrade your email storage from 50MB to 1GB, full disk encryption, and a slew of other things to ensure your anonymity.  With the pro upgrade, you can also use an external email client – it says it’s been tested with Thunderbird, Claws and K9 Mail.  The free version is still very usable, though they recommend PGP-encrypting your emails before you send them, and I’ve had nary a hitch using it.  You basically get two email addresses – the clearnet version and the onion-specific version.  They both go to the same place, it just depends on the origin.  If you want no one to know who your are, this is the way to go.

ProtonMail

A fairly new service arrived earlier this year.  Basically, ProtonMail provides end-to-end encryption, a two-step authentication method (log into Proton Mail, then log into your mailbox), as well as the ability to send emails that will, in essence, self-destruct after a set amount of time.  It’s hosted in Switzerland and their servers never see plaintext anything – all the emails stored on the server are encrypted.  This has three cost/service plans where the free service provides you with a single address, a limit of 150 messages per day and 500MB storage.  The Plus tier is 48 euros per year and gives you a bit more while the Visionary tier gives you 20GB storage, 10 custom domains with 50 unique emails addresses and no limit on sending/receiving emails.  It’s 288 euros per year.  One interesting feature is that you can enable authentication logs which will tell you when your mailbox was accessed and from what IP address.  This is a solid choice and I’ve not had a problem with ProtonMail – and you can download the android app to access it from your phone or tablet, as well.

Trend Micro – Encrypted Email solution

I’m not sure what to do with this, since it’s more or less a service solution rather than a product solution, so you have several choices as to how it protects your email.  It looks decent enough, but also, to me, looks like there are several holes along the chain that could be problematic, but that’s just me worrying about anything that is not encrypted leaving your system and relying on something “out there” to do it for you.  It also looks geared towards small business, with a subscription system, so I’m not sure how useful it will be to an end user who wishes to employ it.  So, there you go – another option. 

Web Browsers


image

I have many browsers.  I want to try them all, see which ones work the best for my needs.  I will touch on them and let you decide for yourself if they will work for you, your privacy, your security.

Chrome

Yes, Chrome.  Mostly, this is because of the pile of extensions you can plug into it to give you whatever level of protection you wish.  I use the following plugins to great success:

    • AdBlock Plus (ad blocker…)
    • Anonymous Communication (secure chat client)
    • BitDefender Quickscan (real-time antivirus checking of web pages)
    • Block Site (offending site?  “Welcome to my kill filter, sucker.”)
    • Do Not Track (cuts down on sites abilities to track you)
    • DotVPN (VPN internal to the browser)
    • Ghostery (makes it easy to see who’s trying to track you)
    • Javascript Popup Blocker (popup blocker that handles most of the javascript-based ones)
    • NetCraft Extension (site information and phishing protection)
    • OneTab (not security, but bloody useful – collapses all tabs to a list on one page)
    • Performance Analyzer (measures the performance of web pages/sites)
    • Poper Blocker (my favorite popup blocker)
    • Request Maker (Log, edit and send HTTP requests)
    • Rubber Glove (removes common browser tracking ‘fingerprints.’)

Now, these come at the expense of performance, occasionally, and RAM usage, most of the time, but I haven’t been hit by any drive-by malware for a LONG time.  When used with a VPN (one of the ones listed above or just the DotVPN), it offers reasonable protection from snooping.

FireFox

After I spent a large amount of time getting the beta of FireFox up and running and customized to my liking, it decided to update to a newer version and wiped out not only all of my bookmarks, but my extensions, as well.  As you can imagine, that made me a touch salty, which is why I don’t use FireFox as often as I used to.  That said, I have a couple of addons/extensions that make FireFox more usable for me.

    • AdBlock Plus (ad blocker…)
    • uBlock Origin (an efficient blocker that is pretty customizable)

As I mentioned, though, I don’t use it much, anymore.  So, these two are by no means the extent of the addons or extensions out there, but they’re the only ones I’ve put back since being forced to start from scratch.

Epic Privacy Browser

image

They feel that your privacy is yours and yours alone.  It’s a solid browser and does just about everything I need.  The big things to take into consideration, here, are that

    • Private Browsing is *always on*
    • it automatically sends the “do not track” message to websites
    • it blocks all third party trackers and cookies
    • one-click on/off proxying which hides your IP address and encrypts your data (gets REALLY slow, sometimes, especially when inside a VPN tunnel)
    • it searches through its own proxy when obscures your searches from outside “eyes”

So, basically, it has just about everything you need, right out of the gate, to be private and mostly safe out there in the wilds of the internet.  I mentioned that it gets slow inside of a VPN.  A lot of things get slow inside a VPN tunnel, so it’s not a condemnation as much as a factual statement – in this case, however, you know why and can appreciate why your data is taking a bit of time to find its way back to you.  It does break some sites, of course, but has a “Quick compatibility umbrella” which expands and lets you pick and choose which safety mechanisms you are using in an attempt to return compatibility.  I use this browser a lot.

Opera

Opera was my first “go-to” browser after my FireFox kerfuffle.  It’s a solid browser and one that I’ve used off and on since it was initially released back in the land before webkit.  The one thing I miss is the ability to set how many data connections you wanted to hammer a site with to improve performance.  I think it’s still in there, but the bottom line is that, really, most connections are fast enough that it’s really fairly unnecessary unless you want to inadvertently instigate your own miniature Denial of Service attack which, by the way, web masters love. 

I only have a few extensions and they are “the usual subjects,” AdBlock Plus, and that’s pretty much the only ones for security. “Why,” you may ask.  Well, it has a nifty feature whereby you can toggle, on a tab-to-tab basis, the built-in VPN connectivity, which is through SurfEasy.  For the most part, it’s fast and can be routed through numerous countries for added protection.

Brave

It’s main goal is to limit the trackers and ads that slow down your browsing while at the same time protecting your private data.  It’s a good browser and I actually do find it faster when going to normally ad-laden sites.  Of course, part of that, too, is that I use a custom hosts file that nips most of that in the bud, but still, you can tell the difference.  It defaults to trying to run everything through https-everywhere, which is good.

image

The bottom line, for me, with this browser is that it’s in its infancy and each release makes it better.  It’s a solid browser, now, but doesn’t have everything to keep you off the grid…yet.

Vivaldi

After the big three (Chrome, FireFox and Opera) all flaked out in their own ways, I spent a lot of time looking for a browser that didn’t drive me nuts.  I test drove this for a few days and those days have turned into months.  I like it because it’s fast, does everything I want, and doesn’t do dumb stuff.  One of the selling points is that almost every aspect of the browser, and therefore your browsing experience, is customizable.  It’s not as secure as the others, but can take extensions to fix that, I’ve just been too lazy to, recently.  Well…when I want secure, I’ve got how many other browsers to choose from?

OWASP Mantra

“Elegant, clean and completely open source,” this browser is build with the security / penetration tester in mind.  The landing page has a slew of links ranging from your everyday to the Hackery section and a link directly to Shodan.  One of the things that stands out about this browser is the number of tools built in.  There are a lot.  I suppose I could list them out, but that’s pretty much what their web site is for – it discusses each one and does a better job than I could.  Honestly, it’s more for site testing than security, but as it takes FireFox extensions, you can add whatever you need, in this regard.  It is, nice, however, to have the ability to see what headers are being passed on to you and allowing you to edit them on the fly.  That’s good stuff, right there.

Maxthon Cloud Browser

This browser actually kind of tries to be a one-stop shop for you, providing a browser with many interesting security features like an encrypted password manager, right-click re-enabler, a cloud-based note/document storage area (1GB/free), and a provider of anonymous emailboxes.  All this translates to a web browser that is pretty solid for information gathering while you’re browsing the web.  It also defaults to duckduckgo as its search engine which, while it doesn’t return 1.5 zillion results like Google, it also returns mainly those things that have something to do with what you’ve searched for and not a bunch of ad placement crap.  I haven’t used it a huge amount because, well…nine browsers makes “equal time” hard.  That said, it seems to do well with ridiculously pop-up ridden sites like firstrowsports.eu, on which I watch hockey from the Ukraine and rugby from New Zealand and it plays the video with no fuss, no muss.  Not a security related feature, to be sure, but one that’s welcome, nonetheless.

Pale Moon

Developed by the save folks who develop FossaMail (which is what I use), this browser just received an overhaul.  This overhaul brought it up to “today’s browser standards” and in the process broke a couple of the nice security extensions it had going for it.  This will probably be fixed, in the near future, but fear not – important security extensions remain: AdBlock Latitude, Encrypted Web, and Secret Agent.  What this means is that you’re not going to see the majority of the ads out there, you’re going to be in HTTPS as much as possible and it will rotate the “User Agent” as not to leave a reliable fingerprint of the browser you’re using.  This is a good thing.  It will also alert you if a site tries to hijack requests and tries to redirect it to a different web site.  It will tell you the how, the who and the potential why: “Your web surfing may be subject to surveillance.” It’s a solid browser with a highly customizable landing page which is nice.  Check it out, but also check out the FireFox-based extensions that you can add to make it as secure as your paranoia desires.  Is it paranoia if you know it’s happening?  At any rate…

TOR Browser

As discussed, previously, this is the browser that works with the TOR network and will allow you to see deep/dark web sites and those sites with the .onion suffix.  It allows you to switch TOR circuits – or paths through the TOR network – in order to maintain anonymity if you feel that the current route/path/exit node has been compromised. Do remember that while the TOR model allows your data to be encrypted inside the TOR network, once your data leaves an exit node and goes to a site, the data in between the exit node and site is not encrypted by the TOR network, so continuing to use an extension like HTTPS Everywhere is always a good idea.  Now, what I do, for what it’s worth, is to fire up a VPN and then launch the TOR browser.  This way the TOR network connections are working within an already obfuscated network tunnel.  While not foolproof, it does increase the challenge for prying eyes/agencies.  While navigating through Onion-land is a bit more arduous and a bit slower, it is still a much safer alternative to bopping around in clearweb land.  There is also a “hardened” version that may be a version or so behind the currently available TOR browser, but has been modified to provide a lot more security.  I use this one almost exclusively.

….

You’ll notice there a browser missing.  Most folks in the IT world understand why it’s missing.  Perhaps you don’t.  Perhaps you love IE Edge.  Here’s the thing – it’s a screen door on a submarine, security-wise.  That’s pretty much what you need to know.  Any of the browsers above would be a much better choice when it comes to keep your data from “the man.”  In the interest of fairness, I will say, simply, that when I tried to “harden” IE, it broke.  I can no longer use it to browse the internet and it has become, inexplicably, the default PDF reader despite Acrobat Reader being installed.  It now, like Hodor, can only say one thing:

image

Encryption


This is where Pomeo is poking the bear.  I’m a firm believer in 1st, 4th and 5th Amendment rights as well as a strong heaping helping of “nunya.”  What’s “nunya,” you say?  If you grew up in the south, you know this is a rather sassy way of saying, “None of your business.”  Really, that’s how I feel about all aspects of my digital life.  I used to have an attitude of “fine, look around – I’ve got nothing to hide!”  What changed?  Well, for one thing, the Patriot Act.  Almost completely unconstitutional in its reach and just a wake up call that it doesn’t matter what the laws say, the government will find a way to wiggle around them.  Then came the hoo-hah about the iPhone in the San Bernadino terrorist case where some dunderhead tried to brute force *guess* the password to the iCloud and iPhone accounts and effectively wiped both clean.  Somehow, this was seen as Apple’s fault and so there was the huge floofle about how Apple should create a backdoor for law enforcement and Apple basically said, “Up yours,” as well they should.  What killed me about this, tangentially, was that if you search for “iPhone 5 unlocking/decrypting,” there are enough links that the FBI could have had it done in under 5 business days and for right around $150.  At any rate, as soon as that story hit the news, I hopped into my Android settings menu and encrypted the heck out of my phone.  You want anything?  You’re going to have to work for it, or at least lay out some cash.  Even though I’m not doing anything “wrong,” I’m not in any way shape or form going to make this easy for anyone who wants my data without a fight…or encryption key.

Drive Encryption

I absolutely encourage drive encryption.  Every Virtual Machine I create is encrypted and has to be decrypted, using the proper password, to even mount.  Once past that, the drive is encrypted and, finally, the user directories are encrypted with a different password for each user.  Seems like it could be considered overkill, doesn’t it?  Well, so what?  I think I mentioned not making it easy.

VeraCrypt

This is a very useful – and free – encryption program geared towards drive encryption, whether it is full disc encryption, partial disk, containers (encrypted files that act like drives but aren’t outwardly visible as such) and can even hide these encrypted volumes.  It’s free, actively maintained and based off of the TrueCrypt software package that was used by a multitude of corporate entities, including mine (TrueCrypt, not VeraCrypt) – and it (VeraCrypt) is SO much faster and less flaky than McAffee’s “Endpoint” software, in my experience.  You can select many encryption protocols and – and this is a wonderful “and” – you can even wrap them three deep, meaning your volume will first be encrypted with AES-256, then it will be encrypted with Blowfish, or TwoFish, and finally, on top of these two encryptions, it will encrypt a third time using Serpent, for example.  That’s my personal choice, but there are several combinations from which to choose.  This flexibility makes it exceedingly useful and, more importantly, pretty intuitive to use.  I recommend this to the moon and back for keeping your sensitive bits protected.

McAffee Endpoint Solutions

My experience with this product has been largely negative, but that might have to do with how it was implemented, so I’m disinclined to just dismiss it out of hand.  It’s only one of two in the list that costs anything, so you’ll need to take that into consideration.  I do know some folks who feel safer purchasing a commercial product – especially an expensive one – because they feel it’s more secure.  This could be.  I couldn’t tell you.  I just know that post-encryption, I’ve had better luck with VeraCrypt.  Honestly, the only trouble I have had with Endpoint is that it will suddenly and out of the blue simply disavow any knowledge of my passcode to decrypt the drive in order to use it.  This is frustrating in itself, but the process to recover it is not only a titanic pain, but – here’s the thing that throws giant red flags for me – with the recovery software, you are given a long series of numbers that will allow you to reset the password and, therefore, decrypt the drive.  Now, in a corporate environment – and one thing I do actually appreciate about the seemingly overly complex method for doing this that my employer uses – you can only access this recovery module after logging into the web portal, going to the “recover endpoint encryption” link and clicking it, then entering your credentials in, again, including a secret question, and only after satisfying this step will it allow you to embark on the rest of the journey.   Now, on the plus side, the price isn’t a deterrent.  Ranging from ~$20 for individual users to ~$5K for an enterprise license, it’s really not all that bad, comparatively.  That said, I trust VeraCrypt more.  Why?  Just because, really.  While the aforementioned folks feel more comfortable with a for-profit product, I prefer a product written by someone(s) whose only skin in the game is reputation.

Microsoft Bitlocker

I’ve never used Bitlocker.  It used to be only available on the Ultimate editions of Windows7 and, I believe 8.  I think it’s standard, now.  If it’s not, it should be.  At any rate, it functions very much like the above two solutions when it comes to encrypting entire drives.  You can encrypt your system (boot) drive with relative ease and, at this point in the game, I recommend that course of action. 

Symantec Endpoint Encryption

Now, I am pretty sure I haven’t used this, but I might have in a previous incarnation – I honestly don’t remember.  That said, from reading the literature and implementation documents, it seems like it’s on par with McAffee’s offering and does allow full-disk encryption.  I also boasts using PGP (Pretty Good Privacy) for it’s encryption of choice.  The company seems to be positioning this solution towards the enterprise customer, but you can get the Endpoint Encryption in a single license for $189.  So, again, I’ve not worked with it, so I can’t say one way or another if it’s the right product for you or your needs.  I’m just letting you know it’s out there and, frankly, the more encryption the better.

On-the-Fly / Individual file / Text Encryption

There are a long ton of solutions, here.  I’m going to focus on ones I’ve used and/or recommend.

Pretty Good Privacy (PGP)

The granddaddy of all public key encryption, this has going through a slew of changes, purchases, open source projects and version.  It’s been entertaining to watch, if not a little frustrating to keep up with.  Basically, the majority of things I’ll be discussing fall under this category, in some way or another.

Symantec

PGP, Inc. was purchases by Symantec, and so is included in the aforementioned Endpoint security package.  I’m mainly putting this here for completeness’ sake.  This isn’t to be confused with PGP Corporation.  Oh, wait…yes it is.  This is PGP if you want to pay for it.

OpenPGP

Standardized in the mists of history (1997), OpenPGP is available for all platforms, including iOS and Android.  This is pretty much the standard and everything derives from this.  It’s free.  It’s mostly easy to set up – the hardest part is thinking of a suitably secure password.  Their site has email encryption solutions, keyservers, and even a section for developers discussing signing their projects.  The email section provides a long ton of options/solutions.  Check them out.

PGPi

For historical purposes, only, I include the “international” version of the original PGP software and should be considered exceedingly outdated – it supports Windows 3.1/95/98/NT as well as the Amiga and OS/2.  So, why would I include it?  Because it’s fascinating to see how far we’ve come, really.  I love digging around in this stuff, so, I figured I’d share.

GnuPG (GPG)

This is what I use.  Take that for what it’s worth…I use it.  That doesn’t mean you need to use it or should use it.  I just like the setup of GPG4Win and it’s easy for me to work with.  The binary releases, should you not feel like downloading the code and compiling (./configure ./make ./make install), support Windows, Linux, MacOS, Android, OpenVMS, and RISC OS.  Integrated into the Windows shell, it makes encrypting/signing/decrypting documents, other files, directories and even drives painfully simple.  I recommend it.

Diplomat OpenPGP

I’m including this not just because they have their own OpenPGP solution for you, but a they also offer secure file transfer, which is nothing to sneeze at.  Now, while the OpenPGP product is free, the Diplomat File Transfer product is not.  It’s pricey, but when you look at what it does – securing file transfers, either P2P, FTP, FTPS and SFTP, as well as encrypting those files that are transferred with the private keys, meaning only the sender and the recipient can open the file(s) sent.  That’s pretty hoss.  This service will cost you, with the “basic” version *starting at* $595, the “standard edition” starting at $2,995 all the way up to the Enterprise version with the terrifying “Call for pricing.”  Still – if you’re worried about industrial espionage, how much is your data worth to you?

Again…make these folks work for it, where “these folks” can be, basically, anyone who wants to access your drive who isn’t you and, especially, without permission.  There are more solutions out there, but this should provide a good starting point. 

Cloud Storage


I know a lot of people that use either their own server or services like Dropbox to store files “in the cloud.”  There’s Dropbox, Mega.nz, and a whole slew of others, but they all share one thing: they’re searchable by the companies that set them up and in that light, anything subversive or  plain illegal in your file storage area can be found and you can endure anything from irritation all the way to outright pain.  That doesn’t sound fun.  So, let me recommend a few.  I’ve been using Keep2Share, of late.  It functions much like Dropbox, but I haven’t read any missives, recently, talking about k2c routinely scrubbing through user accounts looking for violations.  Let’s look at some other options, shall we?

Boxcryptor

This is a product that looks a LOT like what were talking about with Diplomat.  There are differences, of course, but as you get into the paid subscription versions, one of the big selling points is the end-to-end encrypted file transfer.  That said, the free version offers this, as well, just without as many bells, whistles and safeguards.  The free version features the ability to secure one cloud account, up to two devices from which to upload and save data, and Whisply integration which, for those who don’t speak weird corporate software naming practices, is their end-to-end file transfer encryption which will allow you to send out an unlimited number of links to the files you store there and these other folks don’t have to be boxcryptor users.  It also has a portable installation if you’re not wanting to, or can’t, install it one your system.

Tresorit

Aiming to not be a full service, encrypted cloud storage provider, it’s not free, but offers a lot of features.  Their claim, also, is that it would take 1,000 years to crack the encryption they use. I wonder if that will change with quantum computing?  At any rate, they offer a couple of tiers of service, with the personal level providing a terabyte of storage, access from 10 devices, password protected links and extensive file permission settings for file sharing.  The personal subscription is $30 per month, so $360 per year.  For small business and enterprise, it’s considerably more outlay, but is less per user.  Again, the enterprise model has the scary “Custom pricing,” which probably just means customizable for your business, but I still like seeing everything out in front of me.  One interesting thing that I like a lot is that it has a section for developers, offering a SDK to allow the end-to-end encryption to be integrated into your application.  The tagline, “No more data breaches” sounds good to me.  You have to request access, but I’m thinking that a software development company could benefit greatly from being able to tell clients/customers how secure their data will be.

Waula

LaCie’s solution was one I was going to discuss, but upon hopping to the site for more information, I got this:

<h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>Ref A: C544C6B0F1F84F22A420DB3DC53148B5 Ref B: F4B412192C8F55313E7D91E98DB04966 Ref C: Fri Nov 25 08:03:07 2016 PST”

so…you know.

nCrypted Cloud

This looks like another encrypted cloud service, though, it’s positioning itself more as a security layer on top of cloud storage.  Honestly, if the files are encrypted, I’m not sure I care how you get them there.  Well, that’s not entirely true, but you get the picture.  The personal version is free and for non-commercial use.  You get roughly the same features as on the company/enterprise-centric models, but without the longer audit trail, Active Directory integration and collaboration tools.  Now, there’s free, then there is the per-user cost for each level: $10.  The only difference is the number of users, at a minimum, that you are required to have: 25 for small business, 250 for medium business and 2,500 for enterprise-level. 

Honestly, I’m running out of steam.  For cloud storage alternatives beyond what I’ve laid out, here, I recommend this article.  It goes into greater depth than I have been and gives you pros and cons in a concise manner.  Concision has never been my strong suit.

Summary


Long story short, if you want to keep the government/hackers/pranking friends/ex-spouses out of your data/email/what-have-you, you need to secure it.  There are also ways to secure what you already have, for example, in Yahoo or Gmail. 

There’s an option for most webmail services to use two-factor authentication.  Use it.  You’ll be glad you did, especially when reports come out stating that Yahoo knew about data breaches as early as 2014 (and didn’t do anything until much later), and the recent Gmail breach. If it’s difficult for YOU, it’s going to be that much more difficult for anyone else.

Also, don’t use fingerprint or simple-pattern unlocking on your phones.  While a long PIN is a pain in the butt for you, just think how much of a pain it will be for someone who doesn’t *know* the PIN.

Stop using common passwords. While “ihatemyjob” is funny in ads, it’s horribly insecure and will take even an average computer a few minutes, if that, to crack.  Even throwing in a “!” at the end will delay the “crackening.”  That said, I’m a big fan of using symbols and numbers.  “Ih4t3myj0b!” will be that much more difficult to crack.

Above all, just don’t make it easy.  The more layers of security, the better.  The heftier the encryption, the better.  It doesn’t make you a terrorist, it makes you a pragmatist. Remember – This isn’t about hackers, anymore.  It’s about our government.

Where to go if You Want to Die in a Hailstorm of Bullets

A less provocative title for this still invites controversy, and that is “At What Point do We Acknowledge a Need For Gun Control?”

My rants on this on Facebook have gotten long and emotional.  My opinion on this is constantly met with “we’ll just have to agree to disagree” when I even say the words “gun” and “control” in the same sentence.  There’s this visceral need to equate the idea of preventing people from getting guns that should not have them through mandatory background checks with taking away everyone’s guns that has ever owned them, ever.  Honestly, I’m not going to espouse the virtues one way or another.  I’m just going to put statistics in front of you and let you decide for yourself.  Actually, statistics might be wrong term, as well, since people are fond of saying that “statistics lie” or “you can make statistics say whatever you want.”  This is true, and I think I’ve been guilty of presenting data in a way to support my research a time or two back in school.  So, let’s just look at raw numbers shall we?

Here are the numbers, by state and by year, of mass shootings, per year, where “mass” is defined as more than three people being involved and “shooting” being defined as an event that involved the use of a firearm.

State 2013

2014

2015


Incidents Deaths Injuries Incidents Deaths Injuries Incidents Deaths Injuries
Alabama 8 15 22 3 3 11 4 4 14
Alaska 0 0 0 1 0 6 1 4 0
Arizona 8 20 16 1 1 3 5 15 9
Arkansas 0 0 0 1 4 4 1 1 3
California  53 68 200 37 47 134 14 16 51
Colorado 4 7 10 1 0 4 0 0 0
Connecticut 4 6 13 1 0 5 3 2 16
Delaware 4 3 14 0 0 0 1 0 6
Florida 23 40 72 21 42 79 15 12 53
Georgia 7 5 30 12 15 46 13 23 40
Hawaii 0 0 0 0 0 0 0 0 0
Idaho 0 0 0 0 0 0 1 3 1
Illinois 23 22 104 29 31 102 11 7 45
Indiana 8 8 26 7 4 29 5 4 21
Iowa 1 1 3 0 0 0 1 0 4
Kansas 7 15 17 2 3 6 1 2 2
Kentucky 6 11 14 3 5 7 3 1 15
Louisiana 10 10 55 13 8 60 10 15 40
Maine 1 1 3 1 5 0 0 0 0
Maryland 5 5 19 3 5 11 8 7 28
Massachusetts 1 2 2 3 0 15 5 3 21
Michigan 15 11 62 14 9 55 6 2 36
Minnesota 5 6 11 3 1 16 0 0 0
Mississippi 2 2 6 3 6 7 2 2 7
Missouri 12 14 43 4 2 17 7 12 21
Montana 0 0 0 0 0 0 1 5 0
Nebraska 0 0 0 0 0 0 0 0 0
Nevada 6 12 14 5 6 16 1 3 1
New Hampshire 0 0 0 0 0 0 0 0 0
New Jersey 12 9 46 8 8 29 9 6 30
New Mexico 4 6 11 1 1 3 0 0 0
New York 16 19 56 11 5 41 16 14 62
North Carolina 18 13 62 8 17 19 5 11 12
North Dakota 0 0 0 0 0 0 0 0 0
Ohio 13 14 42 9 19 20 10 12 41
Oklahoma 7 17 12 4 7 11 5 5 15
Oregon 0 0 0 3 1 12 1 1 3
Pennsylvania 17 16 63 10 11 43 5 3 27
Rhode Island 1 0 4 1 0 5 1 0 4
South Carolina 6 14 15 5 5 20 5 17 9
South Dakota 0 0 0 1 4 1 0 0 0
Tennessee 11 19 27 9 10 30 6 8 24
Texas 15 36 47 20 34 83 12 25 56
Utah 1 3 1 2 5 6 1 4 0
Vermont 0 0 0 0 0 0 0 0 0
Virginia 11 12 39 7 10 24 5 3 20
Washington 4 8 13 5 8 17 0 0 0
West Virginia 3 5 9 1 5 0 0 0 0
Wisconsin 2 0 8 4 1 16 3 6 9
Wyoming 0 0 0 0 0 0 0 0 0
Washington DC 6 14 37 4 0 19 2 2 6
Puerto Rico 3 11 10 0 0 0 0 0 0










Totals 363 500 1258 281 348 1032 205 260 752

So, take 2013.  That’s 500 people killed in 363 separate incidents with over 1,200 people injured.  I’ll only use my personal knowledge for comparison, here, but that 500 people is more than if you killed the entire graduating class of Wabash College for that year…two and a half times.  The year of 2014 was a little better, but still would have killed off more than the entire graduating class of Wabash College for that year, almost twice, as well.  So far, in 2015, it’s looking like another wipeout, having already eclipsed this past year’s graduating class number – which was the highest it’s been in over decade.

So, for perspective, if you were to average that out to fit within the graduating class paradigm, the number of people killed in mass shootings over the last three years would be the equivalent of wiping out the past 5.9 years of Wabash College graduates.  We haven’t even addressed the number of people injured in these shootings, which has eclipsed the 3,000 mark over the past three years and we’re just over half-way through this current year.

If you want to look at it, in totality, for the past three years per state, it looks like this:

Total


Incidents Deaths Injuries
Alabama 15 22 47
Alaska 2 4 6
Arizona 14 36 28
Arkansas 2 5 7
California  104 131 385
Colorado 5 7 14
Connecticut 8 8 34
Delaware 5 3 20
Florida 59 94 204
Georgia 32 43 116
Hawaii 0 0 0
Idaho 1 3 1
Illinois 63 60 251
Indiana 20 16 76
Iowa 2 1 7
Kansas 10 20 25
Kentucky 12 17 36
Louisiana 33 33 155
Maine 2 6 3
Maryland 16 17 58
Massachusetts 9 5 38
Michigan 35 22 153
Minnesota 8 7 27
Mississippi 7 10 20
Missouri 23 28 81
Montana 1 5 0
Nebraska 0 0 0
Nevada 12 21 31
New Hampshire 0 0 0
New Jersey 29 23 105
New Mexico 5 7 14
New York 43 38 159
North Carolina 31 41 93
North Dakota 0 0 0
Ohio 32 45 103
Oklahoma 16 29 38
Oregon 4 2 15
Pennsylvania 32 30 133
Rhode Island 3 0 13
South Carolina 16 36 44
South Dakota 1 4 1
Tennessee 26 37 81
Texas 47 95 186
Utah 4 12 7
Vermont 0 0 0
Virginia 23 25 83
Washington 9 16 30
West Virginia 4 10 9
Wisconsin 9 7 33
Wyoming 0 0 0
Washington DC 12 16 62
Puerto Rico 3 11 10




Totals 849 1108 3042

So, if you take that over the past three years, and I’m going to fudge and make the data look “less bad” by counting 2015 as a complete year for our purposes.  I’ll address it, correctly, in a minute.  Over the past three years, that translates to 0.77 incidents per day.  Remember, this is counting 2015 as a complete 365 days. These numbers translate to  1.01 deaths per day.  That’s a person a day, every day, for three complete years.  For injuries, that translates to 2.78 injuries per day as part of a mass shooting.  Remember, that’s if we’re going on the assumption of 365 days times three – 1095 days.

It looks slightly worse if we consider that we’re only 209 days into the year.  So, that would make a total of 939 days.  This changes it to, over the past two years and this year, to date (as of July 28, 2015), 0.9 incidents per day.  This may not seem significantly different, but we’re that much closer to a mass shooting every single day for the past two and half years.  Think about that.  The death per day number is, now, 1.18 – that’s over a person a day being killed in a mass shooting.  Counting up the injuries, we are looking at 3.24 people per day.

So, if you’re looking at choice vacation spots, it might be wise to avoid Chicago or Detroit whose mass shooting violence is on the uptick.  California still shows the largest numbers, but it is a pretty big state.

I’m just putting the numbers out there.  How you feel about the numbers is up to you.  My question is only this – at what point are the lives of the dead and injured important enough to admit something needs to be done?

For those wondering, here are the data sources used.  I know the danger inherent in using a single source and I’m pretty sure they’re incomplete just because of the sheer numbers, but even if that’s the case, the picture they paint is gruesome and worth considering.

http://shootingtracker.com/wiki/Mass_Shootings_in_2013
http://shootingtracker.com/wiki/Mass_Shootings_in_2014
http://shootingtracker.com/wiki/Mass_Shootings_in_2015

Flying Without A Net

It’s interesting…I’ve been doing an experiment. So far, in the three months since I reimaged my system back to Windows 7, I’ve not installed an antivirus application. “WHOAH! That’s CRAZYPANTS!” you say. Here’s the thing…I’ve been able to run my system at full-bore speeds. I’ve got MANY layers of JavaScript blockers going on my browser of choice (Chrome, in this case). I’ve modded my hosts file to have over 39K entries of blocked malicious sites and I add to it just about every day. I run a malware scanner ever so often, usually once a week with nary a nasty other than a couple of tracking cookies.

Honestly, I find antivirus software to be bigger hassles than the majority of viruses (other than the REALLY nasty ones that require scorched earth methods). Symantec/Norton and McAffee are, themselves, viruses – one of the banes of my work laptop experiences is the Symantec Endpoint ridiculousness that is installed.  Whomever configured it was the devil, as it will, randomly, throughout the day decide it needs to scan, no matter what I’m in the middle of doing, and will – sometimes, if it’s bored – run the scan a couple of minutes down to 30 seconds apart.  This wouldn’t be so bad if it didn’t give itself full priority, shoved what you were working on to the background and do it’s thing.  While this may not be Symantec’s fault, they get the blame for writing this bloated warthog of an application that chews up 500+MB of RAM on a system only graced with 4GB.  Avira blew their chance with me when they started being SEVERELY obnoxious with the popups pushing you to purchase a paid copy of the software and all hope for them was lost when I decided to uninstall it and instead of running the uninstaller, it downloaded and launched the updated version of the software.  Talk about virulent behavior.  Honestly, the best I’ve used is Avast, but even it taxes my system at random times enough to be severely annoying at best and  production killing at worst – and this is on a 3.9GHz hexcore with 20GB RAM, so if it grinds THAT to a halt, there’s something fundamentally wrong.

So, Mr. Flying Without a Net, why do you feel safe without any antivirus software on the most susceptible OS known to man? Honestly, I’ve changed my computing behavior. I rarely download anything from the net anymore that isn’t a purchase from a reputable vendor. I visit “normal” sites — the exception being a TV viewing site that necessitated the modded hosts file to begin with (if you’ve not encountered 23 popups within a 10 seconds span, you haven’t lived) — and I never do anything unexpected… So far, I’ve managed to stay clean. Now, I consider myself lucky in this regard and know that if something goes *bing,* it will go *bing* in a big way. That said, walking the straight and narrow has done wonders. Additionally, the use of firewalls – multiple layers has made life easier.

I will recommend a modded hosts file, in general, though, simply because it has sped things up immensely to have all the ad-pushing sites stopped dead so it actually loads CONTENT on a website rather than a ton of ads.  I’ve found ad-heavy sites will load orders of magnitude faster.

So you know – for hosts file replacement goodness, go here:
http://winhelp2002.mvps.org/hosts.htm

Do I think I’m 100% safe?  Not a chance.  This is Windows.  Do I think that behavior modification has made a world of difference?  You betcha. Would I recommend this to others?  I guess it depends on the person.  If you can’t live without certain high risk behavior that tends to result in viruses being strewn throughout your system, then I wouldn’t choose this route.  Again, it also comes from experience and knowing how to avoid certain fast-tracks to infection.  We’ll see how long this age of antivirus-free tranquility lasts…

Losing My America

So, there’s this meme.  I had a very visceral reaction to it – it’s the one with the drill Sargent from “Full Metal Jacket” telling us in no uncertain terms that we’re losing our “beloved America” to “goat humpers.”  Honestly, that’s just offensive.  Because of our country’s history of racism and propensity to name-call, I know who and what this is talking about.

Honestly, I find that I’m losing MY America to intolerance and hate. #ScarSpangledBanner #TrueAmericanHate (BTW, the most recent Testament/Exodus tour was freaking amazing…just saying) It’s not some Muslim insurrection I fear because of the Muslims I know, most of them have better values and place more value on life and peace than their Christian counterparts in my life. If it’s about “growing a pair and acting like Americans,” it’s time to establish what that means and I, for one, don’t recall this country being founded on the “values” of hate, bigotry and ignorance. Isolationism and freedom, yes. Being an asshole, no. Well, maybe…there’s plenty of historical precedent, I suppose…

For me, it’s not anyone from any other country, race, religion or so-called-creed that’s undermining and destroying the fabric of our country, it’s those that perpetuate that to be American, you need to be an asshole who instead of taking time to understand the cultural differences, choose instead to call names. My America is being destroyed by my government’s insistence on sending my friends and family overseas to kill a fabricated and media-amplified enemy when the real problem is who holds the petroleum resources and something that could, really, be negotiated without threat of violence.  We’re just not wired that way, apparently, because it’s the more difficult way to do something. It’s harder to accept someone for their differences than to dismiss them as different and “other.” I’ve said it for years — we need to stop listening to so-called “war experts” and invest serious time and energy recruiting “peace experts.” I, for one, don’t want this world blown all to hell for my kids because people have forgotten how or think they’re too good to use their words…

It says, “Wake up and smell the bacon.”  I do like waking up to the smell of bacon, although with my thyroid medicine I can’t eat it until a bit of time AFTER my coffee. This is medicine prescribed through American health care, taken with Swedish coffee, in front of my American built (except for the Singaporean semiconductors, Taiwanese case, Thai hard drives…), sitting on top of a Japanese stereo receiver (studio setup…long story…). There’s a point to this — everything is from everywhere. We, as a planet, are together on our ride in this compressed and screwed up span of time, and we can choose to live our lives finding reasons to hate and kill each other, or we can choose to find our commonalities and work towards making this world a better place…and there are VERY few exceptions where discriminating against or killing someone makes a positive difference.

It’s not the Muslim you need to worry about, it’s the Extremist — and that goes to ANY religion or belief. You also have to see through the media representations and perpetuated stereotypes. You have to care enough to take the time to learn why a certain people or person does something in order to understand that it’s probably not a threat to the threads of your reality and, more likely than not, is just as odd to you as whatever you’re doing is to them…

So, to wrap this up in a tidy bow, if you feel being an asshole is the most important American value, then you are the problem, not the person who is trying to make a better life for his or her family by coming to what used to be called “the land of opportunity,” but, now, seems more to be “the land of intolerant bigotry.”  Makes you proud to be an American, doesn’t it?

Producing an Album for the First Time: Part VI – Lesson Learned

A Time and Place

One of the more significant lessons I learned was about…well, honestly, patience. The situation was clear, however, I just didn’t anticipate the disruption. The album had some tracks that were monsters, literally and figuratively, and when editing them on my original desktop setup, I ran into major problems with the CPU seizing and, sometimes, simply rebooting the entire system. It had enough and, honestly, so had I. Additionally, there was just not enough RAM overhead to handle some of what I needed to do, as well. Applying a filter would involve significant drive-grinding time as the virtual RAM disk swapped data back and forth for what seemed to be eternity. For reference, my desktop, at the time, was a 2.6GHz Duo-core with 12GB RAM. The problem? It was a Dell, so I couldn’t just swap things out – I had to make sure they would play well with all the proprietary nonsense Dell saddles you with so that your next upgrade will have to be through them, or be done, yourself…

Now, this isn’t to cast aspersions on Dell products, it is, however, pointing out that there are some proprietary things about Dell systems that will make upgrading a …maddening… experience. First and foremost, the chassis connection headers are not going to match up to any motherboard you purchase and hope to put into your Dell case. Why would you want to replace your motherboard? Well, because you are limited to the type and power of the CPU you get, should you wish to replace it. In my case, I would only been able to upgrade processors to a quad-core and only up to 3GHz. Considering the deal I found for the Hex-Core 3.9GHz processor, I knew I was going to have to upgrade my motherboard, as well.

So, it came to be that I had the motherboard and the CPU, but I quickly discovered that there was no way I was going to be able to use it without a new chassis, since the panel headers were never going to line up and there were a couple of important ones – power on and reset. For reference, I didn’t realize that systems wouldn’t even boot without the reset being attached, at the least at the motherboard header level. The one that worked?  After a couple of attempts, I settled on probably the cheapest chassis out there that’s sold by reputable dealers.  The edges of the metal inside the case aren’t ground or beveled so are, in some cases, lethal…  However, the power supply location allowed the connections to still reach the motherboard, something the more expensive models missed being able to do by scant centimeters, but very real distances that couldn’t be overcome by wishy thinking.

The problem was that this process took a solid week and a couple days to get a system back up and running and able to do anything moderately useful.  The REAL problem?  This was smack in the middle of mixing Brendan’s album.

My justification was simply that I had run into a problem where there were three to four songs that I wasn’t able to listen to, in real time, when I was mixing, because the horsepower needed was more than the system currently had.  Here’s the thing – there are two approaches to take here and I obviously took one, which is to up the horsepower of the machine so it can handle all the plugins across the multitude of tracks in the mix.  The other approach, which I would recommend, is to simplify.  If you’re using that many plugins on that many tracks, it’s probably time to change your approach – but I was so new to this world that I didn’t know how to execute that fairly simple process.

For reference, something as simple as setting up a couple of FX busses and sending your tracks to the single FX source will go a long way towards reducing CPU overhead and also make it easier to keep a uniform FX application across all tracks on that particular FX bus.

So, really, the moral to this story is that if you have a song or four that have 15 to 20 tracks, each with effects, and when you hit the space bar to listen and it starts stuttering all over the place because your CPU is seizing and begging for mercy, the FIRST thing to do is look into simplifying the overall makeup of the song either through the use of FX busses or just reconsidering all of the effects, period.  If you’re still running into problems, it’s tempting to upgrade your hardware. Fair enough. My advice?  Don’t do it in the middle of a time-sensitive project.  Really.  It was bone stupid on my part and something I won’t be doing again, trust me.

So you know, though, current incarnations of the songs have 40+ tracks, limited effects bussing and relatively no CPU taxing.  It also helps that system is now a bit more juggernaut-esque, boasting a 3.9GHz six core processor with 20GB RAM. So, maybe the bigger lesson, for me, was how to craft a better mix without being reliant on CPU-heavy effects.  Yes, they sound better.

Producing an Album for the First Time: Part V–An Open Letter To Metallica

One thing that happens with every album, ever, in the history of record production, is that it will leave the artists’ control completely and go to the hands of the Mastering Engineer.  This is the step that puts the polish, the pizzazz, the extra touches on the songs to make them come together as an album.  It’s also, of late, where a completely listenable album gets killed.  This was the lesson I learned from Metallica’s “Death Magnetic” album.

Dear Metallica:  Do NOT allow this to happen, again.  Please. Please. PLEASE.

For reference, as I sat listening to “Pack Your Bags,” the aforementioned monster with the wall of sound and face-melting music, I was reminded of the difference between the released version of “Death Magnetic” and what later became known as the “Guitar Hero Mixes.”  If you’re not familiar with the tale that wasn’t right, to borrow from Helloween, the following transpired:

  • Metallica recorded “Death Magnetic.”
  • Guitar Hero Metallica needed the mixes – so the unmastered versions were sent.
  • ”Death Magnetic” was sent to mastering.
  • Metallica went on tour.
  • ”Death Magnetic” was released…overloud, and completely lacking dynamics.
  • Metallica was unhappy, and rightfully so.

What’s missing on the allmusic credits is anyone actually directly called a “Mastering Engineer.”  I wonder if that was on purpose.  The upshot is that a very solid, listenable album went to the mastering engineer and left an overdriven, crispy, clipping, mushy mess.  What do I mean?  Well, take a look at the waveforms for “All Nightmare Long.”

AllNightmareLong_comparison

The top waveform is from the album version.  The bottom waveform is from the mixes sent for inclusion in Guitar Hero:Metallica.  It doesn’t take a genius to see that the top waveform is barely a waveform at all, with no room for dynamics and with boatloads of clipping – which you can actually hear in the song as clicking and crackling.  The biggest thing I noticed listening to the quieter, more sedate version of the song was that the intro vocals to each verse are run through a neat filter like James was singing through a fan.  This effect is completely lost in the album version, which is too bad, because it was a neat effect.

Dear Metallica: Do NOT allow this to happen again.  Please.  Please. PLEASE.

This was the lesson that I brought with me into approaching what is already a mine-field in the self- or tiny-budget-production arena, and that’s mastering your own mixes.  It’s generally seen as a “no no” and something that, under normal circumstances, I would try to avoid.  However, with no budget, it’s kind of hard to justify $50-$500 per song for mastering.  To me, what “Death Magnetic” told me, in no uncertain terms, was that – no matter what – don’t just slide the volume faders all the way up.  It also kept me mindful of the waveform, that precious waveform.  What it didn’t really prepare me for is how hard it is to maintain that waveform, and keep those dynamics alive, when the feedback from the artist seems to revolve around, almost to the exclusion of anything else, “just a touch louder.”  It’s hard, and it’s a delicate balance.  I know I’m not the only producer to encounter an artist who wants the album to be loud and in your face.  I think the biggest difference is that most producers have more experience with not only handling these requests with a polite, “no,” or, more importantly, how to actually give the bumps in volume without the rest of the mix suffering.  That was the biggest challenge for me.

I think the worst part, for me, is that while working on this project, I was learning constantly.  Now, that, in and of itself, isn’t the bad part.  The bad part comes when you’ve sent all the masters off to the artist and they’ve been submitted for duplication and then you find that better way, that cleaner mix, that perfect sound.  Below is an example of that.  The song is “Tiocfaidh Ár Lá (Our Day Will Come)” and the top waveform is the album version while the bottom waveform is the “Perfexion Mix” that I’ve put together since.

Tiocfaidh_comparison

While it’s still nothing compared to the brutality that occurred with “Death Magnetic” and “All Nightmare Long,” it’s still a drastic difference.  While the bottom version of the song is obviously going to be quieter, meaning you’ll have to turn the volume up a bit if you want it to be the same volume, it’s also got much better definition, clarity and overall production quality and, for my money, sounds almost 100% better.  That said, this particular mix came two weeks too late and will, most likely, be relegated to a “remixed, remastered” version of the album to be released in the future.

So, this open letter I spoke of – here goes:

Dear Metallica,

Your music is enjoyed and treasured by millions. I have been a fan since “Ride the Lightning” back in 1985 – 30 of my 41 years.  I have been your strongest supported and, indeed, your harshest critic.  It’s probably a little strange, but, after all these years, you’re kind of like family and so, you take the good and you take the bad, but the love is still there.  I don’t know if you noticed that this past album, “Death Magnetic,” the criticism was not “wow…this is NOT metal, OR Metallica,” but instead, “wow – there’s so much of this album I’m NOT hearing because of the production and the decision to mash the living crap out of the mixes to win the ‘loudness war.’”

There are so many dynamics-related things on “Death Magnetic” that a lot of people missed because they didn’t seek out a little-known, but well worth the investigation, group of files called the MIII mixes.  These mixes were the pre-master mixes that all had everything – clarity, dynamics, tone and, yes, power.  Sure, you had to turn it up a little more in the car, but you could also hear the bass line in “End of the Line,” the guitar movement during the chorus of “Broken, Beat and Scarred,” and, as mentioned above, the filtered vocals in “All Nightmare Long.”  While I’m not expert or a producer on the level of Rick Rubin – heck, I’m not comfortable being in the same sentence with Mr. Rubin! – I am someone who’s got enough mixing and producing experience under my belt to know one thing – to hell with the loudness war.  It is, indeed, a war no one wins and when it comes at the expense of the band – you know, you guys…the ones who pour your heart, soul and money into producing the music you love – and, ultimately, the fans who are paying to hear the music you’ve produced, it’s definitely a war not worth fighting.

So, with that, please take that into consideration when you enter and, eventually, leave the studio.  For the love of all that is good in this world, make sure your waveforms are clean, gentle and beautiful – full of dynamics and perhaps, more importantly, clarity.  Please make sure that my ears will hear every note, every high hat, every heavy, palm-muted down-stroke, every harmony.  Please take every step possible to make sure that the producer doesn’t allow the mastering engineer to take your hard work and turn it into an overloud, unlistenable jumble of crap, but instead a polished, pristine album worthy of the name “Metallica.”

Sincerely,

Phil

Producing an Album For the First Time: Part III–Style’s Substance

We live in a world that’s largely driven by the notion of style over substance and, to me, that’s pretty sad.  That said, that’s not really what this is about.  This is about what substance your style brings to the table, especially when you’re working with something that isn’t necessarily your style.

A little more opaque, this morning, with this entry, it would seem, allow me to clarify.  The artist in question can be described as an acoustic, Irish, rebel rock musician.  I can be described as a heavy metal, sometimes acoustic musician.  While an unlikely pairing, there are more similarities than I really thought, at first.  His musicianship and delivery bridge the gap, quite nicely, and I can appreciate the “slower stuff,” too.  It’s what we bring to the table and it’s what colors our views.  Learning to understand when it was just my “metal sensibilities” taking over and when it was something that would benefit the song was an slow process, mainly because there had to be an understanding that it was happening.  You also learn how much you appreciate listening to other styles of music when you can switch gears between them.

The most prominent example of this comes from a song that might get put into a “building a monster” entry, sometime later.  It’s been the most technically challenging track to nail down of any that I’ve dealt with.  Now, as a rookie, that doesn’t leave many – just all the other tracks on the album and then all the previous ones that I’ve practiced on in the past.  So, with that, the song grew from a jangly attitude song to a freaking beast over the course of recording.  Naturally, the metalhead in me screamed for a serious thickening underneath it all with double bass drums, pounding bass, vocal doubling ( or more!) and some effects on the violin to make it scream.  This, my friends, would make an even more gigantic mess than what have 26 tracks already makes, especially when 3 instruments are all fighting for the same frequencies – bagpipes, guitar and violin.

So, I had to step back and listen to some songs that brought those instruments together and get more in that mindset.  What it helped with, more than anything, was placement.  More on that in a later entry, but needless to say, when it comes to “wall of sound,” metal has a pretty good bead on it – though, not a corner on the market, as this song proves.  Still, letting the song be an Irish Rebel Rock song and not a slightly acoustic metal song was a challenge for me because of my “style,” but I couldn’t let my “style” run over the obvious, power substance of this track.

We all bring our own style to everything we do.  I’ve learned that the wisdom is when to let the style take a backseat to the substance at hand and let it have the spotlight.