Operation: Red Flag

President-elect Trump has started naming his potential appointees and, if you’re a thinking man with a half a brain, they’re terrifying.  It’s like a clown car opened up behind the White House and he’s just taking them in the order they’re getting out.  The one that this missive touches on is his CIA appointee who has stated that using encryption “may itself be a red flag.”  Seriously, Mr. Pompeo?  Or, using encryption is because those of us using it prefer to keep the government out of our business as our founding fathers intended and not this Orwellian ridiculousness we’re being asked to pretend is the new normal.  Hell no.  Using encryption doesn’t make me a terrorist any more than buying Sudaphed makes me a criminal drug user.

 Clipart - Waving Red Flag

So, without further ado, may I present my plan.  Well, less of a plan and more of an idea that I hope takes off because….well…screw Mr. Pompeo. 

red flagRed Flags | Baer Law Firm

Basic Network Connection


Basically, if you’re running internet from Time Warner, Comcast or any of the large providers, you’re compromised.  Sorry – it’s just how it is.  Thankfully, there are things you can do about this.  There are VPNs, proxies and other variations on that theme.  I’ve used a LOT of these and I have some recommendations.

First and foremost VPNs.  VPN stands for Virtual Private Network and the simplest explanation is you are logging to their network and using their network to navigate the web and it sends the data back to you.  The theory, there, is that the only IP address visible is the one assigned when you log into the VPN – your own network IP address is not exposed.  So, think of it as a tunnel under a lake.  The only thing the world knows about it the opening from the other side of the lake from where you entered the tunnel.  So, there is some debate as to which are better and if there are any good free ones. 

I currently have four installed on my system that I use.  Each has its own set of pros and cons.

SecurityKISS

Let’s start with the one I use the least – SecurityKISS.  I’ve used it off and on for over a year and it’s pretty solid.  I get slightly reduced bandwidth speeds, but that’s to be expected.  The only real downside to this particular VPN is that it has a bandwidth usage limitation of 300MB, if I remember correctly, and that’s per day, I believe, and resets every 24 hours.  Now, it looks like they’ve simplified it since I started using and that’s not necessarily a bad thing.  It uses a client you can download and have pricing options that range from free to just under 90 euros a year. Of course, each price tier opens up more possible server connections as well as features. 

SoftEther / VPNGate

Another one that I use that is a little more complicated to set up is VPNGate / SoftEther VPN. The one thing I like about this is that once you get it set up, you load a list of potential servers and it displays the uptime, bandwidth and how many users are currently connected.

image

There are four ways to connect, each with their pros and cons and the VPNGate website has instructions to set up each method including one to use the OpenVPN client if you already have that in order to use other VPNs.  It’s also open source, so you won’t be restricted in your usage for using the “free” option, as they’re all free.

Windscribe

I started using Windscribe after I was doing research and really liked what I saw.  I liked it even more when I didn’t notice any discernable slowdown when using the VPN – even running a speedtest confirmed it.  Now, what’s interesting about this VPN is that there are ways, free ways, to increase your monthly usage cap. 

image

My current cap is at 15GB per month and, thus far, when I am going back and forth between VPNs, this has been more than enough.  There are two pricing options and they’re basically free and paying the yearly charge of ~$90 all at once or monthly.  I like the free option and was willing to do things like tweet a micro-testimonial to get an addition 5GB per month.

One of the interesting things to note is that not only can you use this on your Windows or MacOS system, but also your android device or even your router if it has been DD-WRT or Tomato flashed.

VPNBook

I’ve started using VPNBook a lot more, of late.  About the only things it disallows are pop connections and torrenting (except for, it would seem, the European servers).  It does pretty much everything else, is fast and pretty easy.

image As you see in the graphic, there, it supports a number of servers in a number of locations.  It tend to use the US1 and US2, though I’ll use the Canadian ones if I’m feeling frisky.  The only “inconvenience” is that the password to log into the VPN is provided by VPNBook on the web site.  I pinned the page in my browser, so it’s not too bad.  It’s pretty simple to set up and the instructions are clear and concise. VPNBook supports OpenVPN so is usable on Windows, MacOS, Linux, iPad and Android devices.  It also supports PPTP, but recommends the OpenVPN method.

TOR

“The Onion Router” or TOR can fall under “browser” as well, and that’s where I will discuss it more.  At this point, you just need to know that it is a distributed network designed to provide anonymity.  For the most part, it does, but my recommendation is to fire up a VPN and then load your TOR browser.

E-Mail


E-Mail is the most easily siphoned window into your personal lives.  There are some ways to mitigate this – webmail is, in theory one way, though it’s not any more or less secure than a standalone client if it’s not set up properly.  So – what do I use?  I’ve tried a ton of email clients over the years and the one I’ve settled on isn’t necessarily the one I’d recommend for end-to-end encrypted emails.

Confidant Mail

Confidant Mail might be a hard sell because it’s basically uprooting your existing emails (even though you keep your old email address) and putting them into a completely encrypted system. It’s not simplest to set up and seems to rely on you convincing everyone you communicate with to install and use Confidant Mail, as well.  Since it’s a standalone application it doesn’t run the same risks as do webmail or even standard pop/smtp-based email clients that employ message encryption.  It had a page dedicated to why it’s better than normal or even encrypted email.  It generates a public key via GPG when you set up the program, initially, and once that’s done you can upload the key to the servers so that people who are subsequently installing the program will be able to search for, find, and add you to their contact list.  I recommend checking it out, but something that I’ve had a bit of a problem over the 20 years I’ve tried using PGP is convincing my friends and family to also use PGP. 

Sigaint.org

Anything with “Making the three-letter agencies cry” in the tag-line is something worth looking into.  The only thing with Sigaint is that you really need to access it through your TOR browser. They have a clearnet address, as well, but it mainly serves to tell you to seek them out via TOR.  It’s a webmail client, so there are inherent risks, but they are quite open and honest, telling you not to trust them and to encrypt your emails.  Now, there is a “pro” option, as well, that for $32 for life, will allow you to use multiple protocols (pop3s, smtps, imaps), upgrade your email storage from 50MB to 1GB, full disk encryption, and a slew of other things to ensure your anonymity.  With the pro upgrade, you can also use an external email client – it says it’s been tested with Thunderbird, Claws and K9 Mail.  The free version is still very usable, though they recommend PGP-encrypting your emails before you send them, and I’ve had nary a hitch using it.  You basically get two email addresses – the clearnet version and the onion-specific version.  They both go to the same place, it just depends on the origin.  If you want no one to know who your are, this is the way to go.

ProtonMail

A fairly new service arrived earlier this year.  Basically, ProtonMail provides end-to-end encryption, a two-step authentication method (log into Proton Mail, then log into your mailbox), as well as the ability to send emails that will, in essence, self-destruct after a set amount of time.  It’s hosted in Switzerland and their servers never see plaintext anything – all the emails stored on the server are encrypted.  This has three cost/service plans where the free service provides you with a single address, a limit of 150 messages per day and 500MB storage.  The Plus tier is 48 euros per year and gives you a bit more while the Visionary tier gives you 20GB storage, 10 custom domains with 50 unique emails addresses and no limit on sending/receiving emails.  It’s 288 euros per year.  One interesting feature is that you can enable authentication logs which will tell you when your mailbox was accessed and from what IP address.  This is a solid choice and I’ve not had a problem with ProtonMail – and you can download the android app to access it from your phone or tablet, as well.

Trend Micro – Encrypted Email solution

I’m not sure what to do with this, since it’s more or less a service solution rather than a product solution, so you have several choices as to how it protects your email.  It looks decent enough, but also, to me, looks like there are several holes along the chain that could be problematic, but that’s just me worrying about anything that is not encrypted leaving your system and relying on something “out there” to do it for you.  It also looks geared towards small business, with a subscription system, so I’m not sure how useful it will be to an end user who wishes to employ it.  So, there you go – another option. 

Web Browsers


image

I have many browsers.  I want to try them all, see which ones work the best for my needs.  I will touch on them and let you decide for yourself if they will work for you, your privacy, your security.

Chrome

Yes, Chrome.  Mostly, this is because of the pile of extensions you can plug into it to give you whatever level of protection you wish.  I use the following plugins to great success:

    • AdBlock Plus (ad blocker…)
    • Anonymous Communication (secure chat client)
    • BitDefender Quickscan (real-time antivirus checking of web pages)
    • Block Site (offending site?  “Welcome to my kill filter, sucker.”)
    • Do Not Track (cuts down on sites abilities to track you)
    • DotVPN (VPN internal to the browser)
    • Ghostery (makes it easy to see who’s trying to track you)
    • Javascript Popup Blocker (popup blocker that handles most of the javascript-based ones)
    • NetCraft Extension (site information and phishing protection)
    • OneTab (not security, but bloody useful – collapses all tabs to a list on one page)
    • Performance Analyzer (measures the performance of web pages/sites)
    • Poper Blocker (my favorite popup blocker)
    • Request Maker (Log, edit and send HTTP requests)
    • Rubber Glove (removes common browser tracking ‘fingerprints.’)

Now, these come at the expense of performance, occasionally, and RAM usage, most of the time, but I haven’t been hit by any drive-by malware for a LONG time.  When used with a VPN (one of the ones listed above or just the DotVPN), it offers reasonable protection from snooping.

FireFox

After I spent a large amount of time getting the beta of FireFox up and running and customized to my liking, it decided to update to a newer version and wiped out not only all of my bookmarks, but my extensions, as well.  As you can imagine, that made me a touch salty, which is why I don’t use FireFox as often as I used to.  That said, I have a couple of addons/extensions that make FireFox more usable for me.

    • AdBlock Plus (ad blocker…)
    • uBlock Origin (an efficient blocker that is pretty customizable)

As I mentioned, though, I don’t use it much, anymore.  So, these two are by no means the extent of the addons or extensions out there, but they’re the only ones I’ve put back since being forced to start from scratch.

Epic Privacy Browser

image

They feel that your privacy is yours and yours alone.  It’s a solid browser and does just about everything I need.  The big things to take into consideration, here, are that

    • Private Browsing is *always on*
    • it automatically sends the “do not track” message to websites
    • it blocks all third party trackers and cookies
    • one-click on/off proxying which hides your IP address and encrypts your data (gets REALLY slow, sometimes, especially when inside a VPN tunnel)
    • it searches through its own proxy when obscures your searches from outside “eyes”

So, basically, it has just about everything you need, right out of the gate, to be private and mostly safe out there in the wilds of the internet.  I mentioned that it gets slow inside of a VPN.  A lot of things get slow inside a VPN tunnel, so it’s not a condemnation as much as a factual statement – in this case, however, you know why and can appreciate why your data is taking a bit of time to find its way back to you.  It does break some sites, of course, but has a “Quick compatibility umbrella” which expands and lets you pick and choose which safety mechanisms you are using in an attempt to return compatibility.  I use this browser a lot.

Opera

Opera was my first “go-to” browser after my FireFox kerfuffle.  It’s a solid browser and one that I’ve used off and on since it was initially released back in the land before webkit.  The one thing I miss is the ability to set how many data connections you wanted to hammer a site with to improve performance.  I think it’s still in there, but the bottom line is that, really, most connections are fast enough that it’s really fairly unnecessary unless you want to inadvertently instigate your own miniature Denial of Service attack which, by the way, web masters love. 

I only have a few extensions and they are “the usual subjects,” AdBlock Plus, and that’s pretty much the only ones for security. “Why,” you may ask.  Well, it has a nifty feature whereby you can toggle, on a tab-to-tab basis, the built-in VPN connectivity, which is through SurfEasy.  For the most part, it’s fast and can be routed through numerous countries for added protection.

Brave

It’s main goal is to limit the trackers and ads that slow down your browsing while at the same time protecting your private data.  It’s a good browser and I actually do find it faster when going to normally ad-laden sites.  Of course, part of that, too, is that I use a custom hosts file that nips most of that in the bud, but still, you can tell the difference.  It defaults to trying to run everything through https-everywhere, which is good.

image

The bottom line, for me, with this browser is that it’s in its infancy and each release makes it better.  It’s a solid browser, now, but doesn’t have everything to keep you off the grid…yet.

Vivaldi

After the big three (Chrome, FireFox and Opera) all flaked out in their own ways, I spent a lot of time looking for a browser that didn’t drive me nuts.  I test drove this for a few days and those days have turned into months.  I like it because it’s fast, does everything I want, and doesn’t do dumb stuff.  One of the selling points is that almost every aspect of the browser, and therefore your browsing experience, is customizable.  It’s not as secure as the others, but can take extensions to fix that, I’ve just been too lazy to, recently.  Well…when I want secure, I’ve got how many other browsers to choose from?

OWASP Mantra

“Elegant, clean and completely open source,” this browser is build with the security / penetration tester in mind.  The landing page has a slew of links ranging from your everyday to the Hackery section and a link directly to Shodan.  One of the things that stands out about this browser is the number of tools built in.  There are a lot.  I suppose I could list them out, but that’s pretty much what their web site is for – it discusses each one and does a better job than I could.  Honestly, it’s more for site testing than security, but as it takes FireFox extensions, you can add whatever you need, in this regard.  It is, nice, however, to have the ability to see what headers are being passed on to you and allowing you to edit them on the fly.  That’s good stuff, right there.

Maxthon Cloud Browser

This browser actually kind of tries to be a one-stop shop for you, providing a browser with many interesting security features like an encrypted password manager, right-click re-enabler, a cloud-based note/document storage area (1GB/free), and a provider of anonymous emailboxes.  All this translates to a web browser that is pretty solid for information gathering while you’re browsing the web.  It also defaults to duckduckgo as its search engine which, while it doesn’t return 1.5 zillion results like Google, it also returns mainly those things that have something to do with what you’ve searched for and not a bunch of ad placement crap.  I haven’t used it a huge amount because, well…nine browsers makes “equal time” hard.  That said, it seems to do well with ridiculously pop-up ridden sites like firstrowsports.eu, on which I watch hockey from the Ukraine and rugby from New Zealand and it plays the video with no fuss, no muss.  Not a security related feature, to be sure, but one that’s welcome, nonetheless.

Pale Moon

Developed by the save folks who develop FossaMail (which is what I use), this browser just received an overhaul.  This overhaul brought it up to “today’s browser standards” and in the process broke a couple of the nice security extensions it had going for it.  This will probably be fixed, in the near future, but fear not – important security extensions remain: AdBlock Latitude, Encrypted Web, and Secret Agent.  What this means is that you’re not going to see the majority of the ads out there, you’re going to be in HTTPS as much as possible and it will rotate the “User Agent” as not to leave a reliable fingerprint of the browser you’re using.  This is a good thing.  It will also alert you if a site tries to hijack requests and tries to redirect it to a different web site.  It will tell you the how, the who and the potential why: “Your web surfing may be subject to surveillance.” It’s a solid browser with a highly customizable landing page which is nice.  Check it out, but also check out the FireFox-based extensions that you can add to make it as secure as your paranoia desires.  Is it paranoia if you know it’s happening?  At any rate…

TOR Browser

As discussed, previously, this is the browser that works with the TOR network and will allow you to see deep/dark web sites and those sites with the .onion suffix.  It allows you to switch TOR circuits – or paths through the TOR network – in order to maintain anonymity if you feel that the current route/path/exit node has been compromised. Do remember that while the TOR model allows your data to be encrypted inside the TOR network, once your data leaves an exit node and goes to a site, the data in between the exit node and site is not encrypted by the TOR network, so continuing to use an extension like HTTPS Everywhere is always a good idea.  Now, what I do, for what it’s worth, is to fire up a VPN and then launch the TOR browser.  This way the TOR network connections are working within an already obfuscated network tunnel.  While not foolproof, it does increase the challenge for prying eyes/agencies.  While navigating through Onion-land is a bit more arduous and a bit slower, it is still a much safer alternative to bopping around in clearweb land.  There is also a “hardened” version that may be a version or so behind the currently available TOR browser, but has been modified to provide a lot more security.  I use this one almost exclusively.

….

You’ll notice there a browser missing.  Most folks in the IT world understand why it’s missing.  Perhaps you don’t.  Perhaps you love IE Edge.  Here’s the thing – it’s a screen door on a submarine, security-wise.  That’s pretty much what you need to know.  Any of the browsers above would be a much better choice when it comes to keep your data from “the man.”  In the interest of fairness, I will say, simply, that when I tried to “harden” IE, it broke.  I can no longer use it to browse the internet and it has become, inexplicably, the default PDF reader despite Acrobat Reader being installed.  It now, like Hodor, can only say one thing:

image

Encryption


This is where Pomeo is poking the bear.  I’m a firm believer in 1st, 4th and 5th Amendment rights as well as a strong heaping helping of “nunya.”  What’s “nunya,” you say?  If you grew up in the south, you know this is a rather sassy way of saying, “None of your business.”  Really, that’s how I feel about all aspects of my digital life.  I used to have an attitude of “fine, look around – I’ve got nothing to hide!”  What changed?  Well, for one thing, the Patriot Act.  Almost completely unconstitutional in its reach and just a wake up call that it doesn’t matter what the laws say, the government will find a way to wiggle around them.  Then came the hoo-hah about the iPhone in the San Bernadino terrorist case where some dunderhead tried to brute force *guess* the password to the iCloud and iPhone accounts and effectively wiped both clean.  Somehow, this was seen as Apple’s fault and so there was the huge floofle about how Apple should create a backdoor for law enforcement and Apple basically said, “Up yours,” as well they should.  What killed me about this, tangentially, was that if you search for “iPhone 5 unlocking/decrypting,” there are enough links that the FBI could have had it done in under 5 business days and for right around $150.  At any rate, as soon as that story hit the news, I hopped into my Android settings menu and encrypted the heck out of my phone.  You want anything?  You’re going to have to work for it, or at least lay out some cash.  Even though I’m not doing anything “wrong,” I’m not in any way shape or form going to make this easy for anyone who wants my data without a fight…or encryption key.

Drive Encryption

I absolutely encourage drive encryption.  Every Virtual Machine I create is encrypted and has to be decrypted, using the proper password, to even mount.  Once past that, the drive is encrypted and, finally, the user directories are encrypted with a different password for each user.  Seems like it could be considered overkill, doesn’t it?  Well, so what?  I think I mentioned not making it easy.

VeraCrypt

This is a very useful – and free – encryption program geared towards drive encryption, whether it is full disc encryption, partial disk, containers (encrypted files that act like drives but aren’t outwardly visible as such) and can even hide these encrypted volumes.  It’s free, actively maintained and based off of the TrueCrypt software package that was used by a multitude of corporate entities, including mine (TrueCrypt, not VeraCrypt) – and it (VeraCrypt) is SO much faster and less flaky than McAffee’s “Endpoint” software, in my experience.  You can select many encryption protocols and – and this is a wonderful “and” – you can even wrap them three deep, meaning your volume will first be encrypted with AES-256, then it will be encrypted with Blowfish, or TwoFish, and finally, on top of these two encryptions, it will encrypt a third time using Serpent, for example.  That’s my personal choice, but there are several combinations from which to choose.  This flexibility makes it exceedingly useful and, more importantly, pretty intuitive to use.  I recommend this to the moon and back for keeping your sensitive bits protected.

McAffee Endpoint Solutions

My experience with this product has been largely negative, but that might have to do with how it was implemented, so I’m disinclined to just dismiss it out of hand.  It’s only one of two in the list that costs anything, so you’ll need to take that into consideration.  I do know some folks who feel safer purchasing a commercial product – especially an expensive one – because they feel it’s more secure.  This could be.  I couldn’t tell you.  I just know that post-encryption, I’ve had better luck with VeraCrypt.  Honestly, the only trouble I have had with Endpoint is that it will suddenly and out of the blue simply disavow any knowledge of my passcode to decrypt the drive in order to use it.  This is frustrating in itself, but the process to recover it is not only a titanic pain, but – here’s the thing that throws giant red flags for me – with the recovery software, you are given a long series of numbers that will allow you to reset the password and, therefore, decrypt the drive.  Now, in a corporate environment – and one thing I do actually appreciate about the seemingly overly complex method for doing this that my employer uses – you can only access this recovery module after logging into the web portal, going to the “recover endpoint encryption” link and clicking it, then entering your credentials in, again, including a secret question, and only after satisfying this step will it allow you to embark on the rest of the journey.   Now, on the plus side, the price isn’t a deterrent.  Ranging from ~$20 for individual users to ~$5K for an enterprise license, it’s really not all that bad, comparatively.  That said, I trust VeraCrypt more.  Why?  Just because, really.  While the aforementioned folks feel more comfortable with a for-profit product, I prefer a product written by someone(s) whose only skin in the game is reputation.

Microsoft Bitlocker

I’ve never used Bitlocker.  It used to be only available on the Ultimate editions of Windows7 and, I believe 8.  I think it’s standard, now.  If it’s not, it should be.  At any rate, it functions very much like the above two solutions when it comes to encrypting entire drives.  You can encrypt your system (boot) drive with relative ease and, at this point in the game, I recommend that course of action. 

Symantec Endpoint Encryption

Now, I am pretty sure I haven’t used this, but I might have in a previous incarnation – I honestly don’t remember.  That said, from reading the literature and implementation documents, it seems like it’s on par with McAffee’s offering and does allow full-disk encryption.  I also boasts using PGP (Pretty Good Privacy) for it’s encryption of choice.  The company seems to be positioning this solution towards the enterprise customer, but you can get the Endpoint Encryption in a single license for $189.  So, again, I’ve not worked with it, so I can’t say one way or another if it’s the right product for you or your needs.  I’m just letting you know it’s out there and, frankly, the more encryption the better.

On-the-Fly / Individual file / Text Encryption

There are a long ton of solutions, here.  I’m going to focus on ones I’ve used and/or recommend.

Pretty Good Privacy (PGP)

The granddaddy of all public key encryption, this has going through a slew of changes, purchases, open source projects and version.  It’s been entertaining to watch, if not a little frustrating to keep up with.  Basically, the majority of things I’ll be discussing fall under this category, in some way or another.

Symantec

PGP, Inc. was purchases by Symantec, and so is included in the aforementioned Endpoint security package.  I’m mainly putting this here for completeness’ sake.  This isn’t to be confused with PGP Corporation.  Oh, wait…yes it is.  This is PGP if you want to pay for it.

OpenPGP

Standardized in the mists of history (1997), OpenPGP is available for all platforms, including iOS and Android.  This is pretty much the standard and everything derives from this.  It’s free.  It’s mostly easy to set up – the hardest part is thinking of a suitably secure password.  Their site has email encryption solutions, keyservers, and even a section for developers discussing signing their projects.  The email section provides a long ton of options/solutions.  Check them out.

PGPi

For historical purposes, only, I include the “international” version of the original PGP software and should be considered exceedingly outdated – it supports Windows 3.1/95/98/NT as well as the Amiga and OS/2.  So, why would I include it?  Because it’s fascinating to see how far we’ve come, really.  I love digging around in this stuff, so, I figured I’d share.

GnuPG (GPG)

This is what I use.  Take that for what it’s worth…I use it.  That doesn’t mean you need to use it or should use it.  I just like the setup of GPG4Win and it’s easy for me to work with.  The binary releases, should you not feel like downloading the code and compiling (./configure ./make ./make install), support Windows, Linux, MacOS, Android, OpenVMS, and RISC OS.  Integrated into the Windows shell, it makes encrypting/signing/decrypting documents, other files, directories and even drives painfully simple.  I recommend it.

Diplomat OpenPGP

I’m including this not just because they have their own OpenPGP solution for you, but a they also offer secure file transfer, which is nothing to sneeze at.  Now, while the OpenPGP product is free, the Diplomat File Transfer product is not.  It’s pricey, but when you look at what it does – securing file transfers, either P2P, FTP, FTPS and SFTP, as well as encrypting those files that are transferred with the private keys, meaning only the sender and the recipient can open the file(s) sent.  That’s pretty hoss.  This service will cost you, with the “basic” version *starting at* $595, the “standard edition” starting at $2,995 all the way up to the Enterprise version with the terrifying “Call for pricing.”  Still – if you’re worried about industrial espionage, how much is your data worth to you?

Again…make these folks work for it, where “these folks” can be, basically, anyone who wants to access your drive who isn’t you and, especially, without permission.  There are more solutions out there, but this should provide a good starting point. 

Cloud Storage


I know a lot of people that use either their own server or services like Dropbox to store files “in the cloud.”  There’s Dropbox, Mega.nz, and a whole slew of others, but they all share one thing: they’re searchable by the companies that set them up and in that light, anything subversive or  plain illegal in your file storage area can be found and you can endure anything from irritation all the way to outright pain.  That doesn’t sound fun.  So, let me recommend a few.  I’ve been using Keep2Share, of late.  It functions much like Dropbox, but I haven’t read any missives, recently, talking about k2c routinely scrubbing through user accounts looking for violations.  Let’s look at some other options, shall we?

Boxcryptor

This is a product that looks a LOT like what were talking about with Diplomat.  There are differences, of course, but as you get into the paid subscription versions, one of the big selling points is the end-to-end encrypted file transfer.  That said, the free version offers this, as well, just without as many bells, whistles and safeguards.  The free version features the ability to secure one cloud account, up to two devices from which to upload and save data, and Whisply integration which, for those who don’t speak weird corporate software naming practices, is their end-to-end file transfer encryption which will allow you to send out an unlimited number of links to the files you store there and these other folks don’t have to be boxcryptor users.  It also has a portable installation if you’re not wanting to, or can’t, install it one your system.

Tresorit

Aiming to not be a full service, encrypted cloud storage provider, it’s not free, but offers a lot of features.  Their claim, also, is that it would take 1,000 years to crack the encryption they use. I wonder if that will change with quantum computing?  At any rate, they offer a couple of tiers of service, with the personal level providing a terabyte of storage, access from 10 devices, password protected links and extensive file permission settings for file sharing.  The personal subscription is $30 per month, so $360 per year.  For small business and enterprise, it’s considerably more outlay, but is less per user.  Again, the enterprise model has the scary “Custom pricing,” which probably just means customizable for your business, but I still like seeing everything out in front of me.  One interesting thing that I like a lot is that it has a section for developers, offering a SDK to allow the end-to-end encryption to be integrated into your application.  The tagline, “No more data breaches” sounds good to me.  You have to request access, but I’m thinking that a software development company could benefit greatly from being able to tell clients/customers how secure their data will be.

Waula

LaCie’s solution was one I was going to discuss, but upon hopping to the site for more information, I got this:

<h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>Ref A: C544C6B0F1F84F22A420DB3DC53148B5 Ref B: F4B412192C8F55313E7D91E98DB04966 Ref C: Fri Nov 25 08:03:07 2016 PST”

so…you know.

nCrypted Cloud

This looks like another encrypted cloud service, though, it’s positioning itself more as a security layer on top of cloud storage.  Honestly, if the files are encrypted, I’m not sure I care how you get them there.  Well, that’s not entirely true, but you get the picture.  The personal version is free and for non-commercial use.  You get roughly the same features as on the company/enterprise-centric models, but without the longer audit trail, Active Directory integration and collaboration tools.  Now, there’s free, then there is the per-user cost for each level: $10.  The only difference is the number of users, at a minimum, that you are required to have: 25 for small business, 250 for medium business and 2,500 for enterprise-level. 

Honestly, I’m running out of steam.  For cloud storage alternatives beyond what I’ve laid out, here, I recommend this article.  It goes into greater depth than I have been and gives you pros and cons in a concise manner.  Concision has never been my strong suit.

Summary


Long story short, if you want to keep the government/hackers/pranking friends/ex-spouses out of your data/email/what-have-you, you need to secure it.  There are also ways to secure what you already have, for example, in Yahoo or Gmail. 

There’s an option for most webmail services to use two-factor authentication.  Use it.  You’ll be glad you did, especially when reports come out stating that Yahoo knew about data breaches as early as 2014 (and didn’t do anything until much later), and the recent Gmail breach. If it’s difficult for YOU, it’s going to be that much more difficult for anyone else.

Also, don’t use fingerprint or simple-pattern unlocking on your phones.  While a long PIN is a pain in the butt for you, just think how much of a pain it will be for someone who doesn’t *know* the PIN.

Stop using common passwords. While “ihatemyjob” is funny in ads, it’s horribly insecure and will take even an average computer a few minutes, if that, to crack.  Even throwing in a “!” at the end will delay the “crackening.”  That said, I’m a big fan of using symbols and numbers.  “Ih4t3myj0b!” will be that much more difficult to crack.

Above all, just don’t make it easy.  The more layers of security, the better.  The heftier the encryption, the better.  It doesn’t make you a terrorist, it makes you a pragmatist. Remember – This isn’t about hackers, anymore.  It’s about our government.

Advertisements

Chris Caffery – Your Heaven is Real

Chris Caffery – Your Heaven is Real

It’s funny…I remember seeing Chris on the “Gutter Ballet” tour and he just kind of hung back a little and let Criss do his thing.  From that point on, though, I’ve watched him grow as a guitarist, musician and producer.  His most recent work is something that we saw come to life through myriad postings on Facebook and it was an amazing process to watch unfold.  That’s kind of why I have resisted writing a review, to this point.  I had just finished producing an album, myself, so watching the process here, knowing what goes into it from a recording, producing, mixing and mastering stand-point, I have a different approach than I used to.  It kind of becomes a little club (you, the artist and thousands of his closest friends Smile ) watching a project grow and come closer and closer to fruition and wanting so badly for everything to pan out perfectly and become a sort of cheerleader.

That’s why *I* felt a little too close to it, even though I, really, had nothing to do with other than a few posts of encouragement along the way.  Then something changed.  I read a review.  Now, it wasn’t a horrible review, mostly.  It’s one of those that looks like it comes from a place of expectation that may or may not have been in line with what the point or purpose of the album actually was.  I feel a little sorry for the reviewer inasmuch as the full fury of Chris’ fans have been unleashed upon him.  For the most part, this is because the reviewer barely reviewed the music and, instead, chose to review Chris, himself.  That’s not how reviews work, really.  That said, as reviewers usually do, he brought it upon himself.  This is because no matter what your opinion is, someone will disagree.  Additionally, when you go after a person a lot of people care about, they’re going to push back, hard.  With that in mind – I’m going to talk about what I know with Chris, my perspective on the album and, towards the end, the music.

I’m not going to address much more of the other review, really, save for a couple points.

So, first and foremost, this is an 80s metal album.  Sure, there are some modern aspects to it, stylistically, but it conjures up — without sounding overly like — Savatage and Dr. Butcher with ease, and shows a lot of influence from those bands and from the songwriting he was exposed to, contributed to and learned from.  So, here’s where the divide, I believe, comes in.  I *love* hearing 80s metal musicians producing 80s metal.  I just do.  I loved a band from Richmond called Claude Zircle for exactly that reason — there were no pretentions.  They played their 80s metal hearts out, and that’s exactly what “Your Heaven Is Real” does.  Chris isn’t trying to win the nu-metal crowd.  He’s not looking for the prog-metal crowd.  He’s looking for people who enjoy honest, solid, metal.  In this, he delivered, in spades.  There’s something for every metalhead, here — there’s so much groove on this disc, it’s quite tasty.  If you don’t feel the 80s screaming through in “Just Fine,” I don’t know what to tell you.  The album, itself, also has a consistency across it — the tone, the energy, the love, the effort.

It’s funny, though, because it’s at this point in a lot of reviews where the comments start veering into “you’re a fanboy” or equally derisive terms that basically are implying that because you honestly like something and have good things to say about it, you’re a kiss-ass.  That always baffles me.  Me?  You get what you get.  If I like it, I say so, if I don’t, I say so.

Another aspect in which I felt a little too close to really review the album, objectively, was knowing the stories behind a lot of the songs, as revealed by Chris over the creation of the album via Facebook.  Once I know what something’s about, and how deeply personal these things are, and how much of an artist gets exposed by “putting himself out there” in a way that few people ever know — how the hell do you criticize that?  Even on the album I was just working on, it was much easier to be critical, as a producer, about musical and production choices, when I didn’t know that it was a song, for example, about the brutal hole left in the artist’s heart after the untimely death of his brother.  It’s at that point that it becomes the artist’s complete game – even as producer and mixer, there are things about which you just accept you have no say.  The same falls, for me, into that realm, here.  “Your Heaven Is Real” isn’t some attempt at a catchy chorus (have I mentioned that the song *crushes* and the chorus will get stuck in your head for a while?) without substance, but a very personal revelation about a pretty damned scary situation and brings, to me, two interpretations of the song that aren’t disparate — as a result of the experience, there’s a new appreciation of what is an isn’t real to Chris when it comes to the afterlife, and, really, it’s more of an affirmation and uplifting message than we’ve gotten from Chris, previously.  To me, that’s awesome — he’s in a happier place, which is exceedingly obvious if you follow him on Facebook.  Chris has always worn his emotions on his sleeve and produced music from the heart, and this is no different — something for which *I’m* grateful, though, I do understand how some folks aren’t always comfortable listening to songs that aren’t just about political rants, sex drugs and rock’n’roll, or any of the impersonal, banal topics we’ve come to expect in recent years.  That said, I’m in no position to criticize personal experience and expression for reasons I’ve mentioned before.

Oh, but make no mistake — Chris has socio-political rants, too, but there are more songs, here, about new and more personal topics, and are addressed with the same lack of compromise as “Pissed Off” though handled with more experience, wisdom and maturity.  What?  We all mature as we get older and, in this case, it just means the music is growing, proportionately, with Chris.  That’s not a bad thing.

I will address a comment from the review within one of the points from the review I wish to focus on, just because it’s something I didn’t have an appreciation for prior to last winter, when I was in a similar situation.  So, here’s the thing the review stated, “While the mix is clear, the overall sound is muddy and not sharp enough…” We’ll pair that with one of the comments on the review that stated, “…sounds like it was recorded on a PC.”  Here’s the thing — in several ways it probably was – so what?  There’s a lot of the home studio that is now piped through the PC to record and from what I’ve seen of Chris’ studio, I have no reason to believe any different.  Even in a larger studio, again, the trend is to pipe everything through a PC. That said, having just produced an album that was recorded in its entirety on a Mac (so, kind of PC…) and mixed/mastered on my studio system, I have a new appreciation for what went into this album.  I know how bloody hard it is to get a good, consistent sound that sounds good on your monitors, in your car, on your phone, and so on, and I also know what happens when you either don’t have the right monitors, the right angle on the monitors and the right distance from the monitors, ignoring the fact, for the moment, as to whether the room is treated, or not.

So, with that in mind, there are parts that I, as someone who has just spent time mixing songs until my eyes glazed over and my ears were so fatigued, and I dreamt of the songs for weeks, recognized right off the hop while listening to the album.  I believe it was on “Why” that I thought, “Ah, the monitors were <so>” when mixing the acoustics, as there were a couple of spots where they came hard through the back-side of the mix, on the sides a bit louder than probably intended, but was probably the result of a lot of late night sessions, you know – when pouring his heart and soul into this project.  It’s one of those things that I don’t think I would have given a second thought to if I didn’t have this stupid new quasi-curse of listening to albums like a flippin’ mixer/producer.  That said, “Why” is probably my favorite track on the album.

It’s kind of like once you’ve run your first kitchen as a chef, eating out is a whole different experience where you’re all at once over critical of everything and how you would do it differently, and here’s the thing — it doesn’t change the experiences of the people around you.  The real joy of a chef is peeking out from behind the swinging door and seeing someone take a bite of a dish you put your soul into and watching their eyes roll back and that “Mmmmmmmm…”  There’s nothing like it.

Likewise, as an artist, watching people start to close their eyes, bob their heads in rhythm and get taken to someplace else for a while through the music, that’s what it’s all about.  How they get there is subjective, and that’s I think what we’ve run into, here, with the review’s mention of “clear” yet “muddy and not sharp enough.”  One thing you learn pretty quickly when mixing an album is that your ears adjust.  So, if you’re working on a song, the small changes get absorbed into the song.  Try this — if you listen to music with your EQ flat, boost your treble up for about 5 minutes.  Now, change it back.  It sounds weird — even dull and kind of lifeless, doesn’t it?  Then, however, after another 5 minutes, it’s the “new normal,” again, and it just is how it is.  I would wager some of this happened not only when producing this album but when listening to it, as well.  I know it came into play on the one I worked on.  Good gravy, it did.  At any rate, the point is this — the mix is clean.  You can pick out every ingredient — the drums (Brian Tichy is absolutely on point), the bass, the guitars, the vocals, the spices (some synths, some choir-y parts).  There are times that the bass eats the kick, a little, but that’s also something that comes into play with this observation — this, like any album, depends upon that on which you’re listening to it.  In my case, I listened on my studio rig through my monitor speakers.  I’m very used to the tone on these, now, so I know their tendencies and I also have tried to keep them as flat as possible, response-wise.

So, this album is “flat,” and what I mean by that is that it’s not jacked one way or another, not over-bassy and not treble-heavy, and it is definitely not “lifeless.”  It has a good balance.  Now, there are places where there’s a little mud right in the 120-500Hz range where ALL the instruments want to play, but that is, to me, to be expected in metal, and, honestly, in pretty much everything short of piano concertos or pan flutes.  So, the clatter about “muddy and not sharp enough” really comes down to this — poke your EQ, sparky.  I know that when producing, there’s that goal that you produce an album that won’t “need” EQ-doinking, but reality comes crashing in when you realize every human on this planet has not only different tastes, but different ears that are more sensitive to different frequencies than others and, really, in order to make everyone happy, everyone’s going to have to put in a little effort.  Hmm…That came out funny, but I stand by it.

If you think a recording sounds a little dull, it may be one of a billion variables, but one of the easiest fixes, if you think a recording is muddy, is to poke the mid-high and high EQ sliders up a bit and maybe even scoop the mids a little.  I mean, growing up listening to metal on my little walkman with the 3-band EQ on the side, I adjusted it for just about every album I ever played in that thing, and I played a LOT of metal.  So, I guess my point here is that if you’re thinking it’s a bit muddy, tweak a bit, because the overall production is tight.  There are some places where it’s a little *too* flat, for my taste, but I’d rather have it flat and be able to adjust it to sound good to my ears than have it so jacked to one extreme or the other I a way that I can’t adjust it to my preference.  Those spots are also few and far between and don’t take away from the listening experience of the album.  It’s just something that, for better or worse, I pick up and hone in on, now, that I didn’t used to.

So, after all this, what do I think of that album?!  It’s a solid-ass effort from Chris that shows just how much he’s progressed as a musician and song-writer.  The songs are more involved, complex and produced with more dynamics and appreciation for white-spaces.  I appreciate the growth that’s gone into his vocals and, truly, he’s found his own voice and I dig it.  Again — 80s metal, man, 80s metal!  I enjoy the songs a lot.  I enjoy knowing the stories behind them.  I enjoy how the stories are told.  This album embodies what I wish more artists would try — honest, hard-working and just pure Chris.  Hmmm…I’m not saying other bands should try to be pure Chris, but try putting in the love and effort into their work.  It’s funny — the review that shall not be named inferred that Chris basically churned this out because he needed the money and some form of pity grab.  I have absolutely no idea where that came from.

For me, the standout tracks are the title track – a perfect, blistering opener – “Why,” “Hot Wheelz,” “I Never Knew” and “2-26-15,” which is elevated that much more if you know what that date means to Chris.  If you don’t, ask him.  That’s not to say that “Arm and a Leg” isn’t heavy as hell and well executed or that “Just Fine” isn’t a bad-ass jam that channels the 80s perfectly, or that there is any filler on this album.  It just means that those were the songs that I gravitated to, thus bringing this back to how subjective this all is.  I dig the album.  More to the point, I take the album as a whole – the effort, the late nights, the love and everything that goes into taking what’s in your heart and getting to unleash it on the world.  It’s the blistering solos, sure, but it’s also the person poured into it.  Take some time to get to know it and you won’t be disappointed.

In closing, “Your Heaven Is Real” is pure Chris and executed not flawlessly (though pretty close), but honestly — and it’s honestly a great album.

Where to go if You Want to Die in a Hailstorm of Bullets

A less provocative title for this still invites controversy, and that is “At What Point do We Acknowledge a Need For Gun Control?”

My rants on this on Facebook have gotten long and emotional.  My opinion on this is constantly met with “we’ll just have to agree to disagree” when I even say the words “gun” and “control” in the same sentence.  There’s this visceral need to equate the idea of preventing people from getting guns that should not have them through mandatory background checks with taking away everyone’s guns that has ever owned them, ever.  Honestly, I’m not going to espouse the virtues one way or another.  I’m just going to put statistics in front of you and let you decide for yourself.  Actually, statistics might be wrong term, as well, since people are fond of saying that “statistics lie” or “you can make statistics say whatever you want.”  This is true, and I think I’ve been guilty of presenting data in a way to support my research a time or two back in school.  So, let’s just look at raw numbers shall we?

Here are the numbers, by state and by year, of mass shootings, per year, where “mass” is defined as more than three people being involved and “shooting” being defined as an event that involved the use of a firearm.

State 2013

2014

2015


Incidents Deaths Injuries Incidents Deaths Injuries Incidents Deaths Injuries
Alabama 8 15 22 3 3 11 4 4 14
Alaska 0 0 0 1 0 6 1 4 0
Arizona 8 20 16 1 1 3 5 15 9
Arkansas 0 0 0 1 4 4 1 1 3
California  53 68 200 37 47 134 14 16 51
Colorado 4 7 10 1 0 4 0 0 0
Connecticut 4 6 13 1 0 5 3 2 16
Delaware 4 3 14 0 0 0 1 0 6
Florida 23 40 72 21 42 79 15 12 53
Georgia 7 5 30 12 15 46 13 23 40
Hawaii 0 0 0 0 0 0 0 0 0
Idaho 0 0 0 0 0 0 1 3 1
Illinois 23 22 104 29 31 102 11 7 45
Indiana 8 8 26 7 4 29 5 4 21
Iowa 1 1 3 0 0 0 1 0 4
Kansas 7 15 17 2 3 6 1 2 2
Kentucky 6 11 14 3 5 7 3 1 15
Louisiana 10 10 55 13 8 60 10 15 40
Maine 1 1 3 1 5 0 0 0 0
Maryland 5 5 19 3 5 11 8 7 28
Massachusetts 1 2 2 3 0 15 5 3 21
Michigan 15 11 62 14 9 55 6 2 36
Minnesota 5 6 11 3 1 16 0 0 0
Mississippi 2 2 6 3 6 7 2 2 7
Missouri 12 14 43 4 2 17 7 12 21
Montana 0 0 0 0 0 0 1 5 0
Nebraska 0 0 0 0 0 0 0 0 0
Nevada 6 12 14 5 6 16 1 3 1
New Hampshire 0 0 0 0 0 0 0 0 0
New Jersey 12 9 46 8 8 29 9 6 30
New Mexico 4 6 11 1 1 3 0 0 0
New York 16 19 56 11 5 41 16 14 62
North Carolina 18 13 62 8 17 19 5 11 12
North Dakota 0 0 0 0 0 0 0 0 0
Ohio 13 14 42 9 19 20 10 12 41
Oklahoma 7 17 12 4 7 11 5 5 15
Oregon 0 0 0 3 1 12 1 1 3
Pennsylvania 17 16 63 10 11 43 5 3 27
Rhode Island 1 0 4 1 0 5 1 0 4
South Carolina 6 14 15 5 5 20 5 17 9
South Dakota 0 0 0 1 4 1 0 0 0
Tennessee 11 19 27 9 10 30 6 8 24
Texas 15 36 47 20 34 83 12 25 56
Utah 1 3 1 2 5 6 1 4 0
Vermont 0 0 0 0 0 0 0 0 0
Virginia 11 12 39 7 10 24 5 3 20
Washington 4 8 13 5 8 17 0 0 0
West Virginia 3 5 9 1 5 0 0 0 0
Wisconsin 2 0 8 4 1 16 3 6 9
Wyoming 0 0 0 0 0 0 0 0 0
Washington DC 6 14 37 4 0 19 2 2 6
Puerto Rico 3 11 10 0 0 0 0 0 0










Totals 363 500 1258 281 348 1032 205 260 752

So, take 2013.  That’s 500 people killed in 363 separate incidents with over 1,200 people injured.  I’ll only use my personal knowledge for comparison, here, but that 500 people is more than if you killed the entire graduating class of Wabash College for that year…two and a half times.  The year of 2014 was a little better, but still would have killed off more than the entire graduating class of Wabash College for that year, almost twice, as well.  So far, in 2015, it’s looking like another wipeout, having already eclipsed this past year’s graduating class number – which was the highest it’s been in over decade.

So, for perspective, if you were to average that out to fit within the graduating class paradigm, the number of people killed in mass shootings over the last three years would be the equivalent of wiping out the past 5.9 years of Wabash College graduates.  We haven’t even addressed the number of people injured in these shootings, which has eclipsed the 3,000 mark over the past three years and we’re just over half-way through this current year.

If you want to look at it, in totality, for the past three years per state, it looks like this:

Total


Incidents Deaths Injuries
Alabama 15 22 47
Alaska 2 4 6
Arizona 14 36 28
Arkansas 2 5 7
California  104 131 385
Colorado 5 7 14
Connecticut 8 8 34
Delaware 5 3 20
Florida 59 94 204
Georgia 32 43 116
Hawaii 0 0 0
Idaho 1 3 1
Illinois 63 60 251
Indiana 20 16 76
Iowa 2 1 7
Kansas 10 20 25
Kentucky 12 17 36
Louisiana 33 33 155
Maine 2 6 3
Maryland 16 17 58
Massachusetts 9 5 38
Michigan 35 22 153
Minnesota 8 7 27
Mississippi 7 10 20
Missouri 23 28 81
Montana 1 5 0
Nebraska 0 0 0
Nevada 12 21 31
New Hampshire 0 0 0
New Jersey 29 23 105
New Mexico 5 7 14
New York 43 38 159
North Carolina 31 41 93
North Dakota 0 0 0
Ohio 32 45 103
Oklahoma 16 29 38
Oregon 4 2 15
Pennsylvania 32 30 133
Rhode Island 3 0 13
South Carolina 16 36 44
South Dakota 1 4 1
Tennessee 26 37 81
Texas 47 95 186
Utah 4 12 7
Vermont 0 0 0
Virginia 23 25 83
Washington 9 16 30
West Virginia 4 10 9
Wisconsin 9 7 33
Wyoming 0 0 0
Washington DC 12 16 62
Puerto Rico 3 11 10




Totals 849 1108 3042

So, if you take that over the past three years, and I’m going to fudge and make the data look “less bad” by counting 2015 as a complete year for our purposes.  I’ll address it, correctly, in a minute.  Over the past three years, that translates to 0.77 incidents per day.  Remember, this is counting 2015 as a complete 365 days. These numbers translate to  1.01 deaths per day.  That’s a person a day, every day, for three complete years.  For injuries, that translates to 2.78 injuries per day as part of a mass shooting.  Remember, that’s if we’re going on the assumption of 365 days times three – 1095 days.

It looks slightly worse if we consider that we’re only 209 days into the year.  So, that would make a total of 939 days.  This changes it to, over the past two years and this year, to date (as of July 28, 2015), 0.9 incidents per day.  This may not seem significantly different, but we’re that much closer to a mass shooting every single day for the past two and half years.  Think about that.  The death per day number is, now, 1.18 – that’s over a person a day being killed in a mass shooting.  Counting up the injuries, we are looking at 3.24 people per day.

So, if you’re looking at choice vacation spots, it might be wise to avoid Chicago or Detroit whose mass shooting violence is on the uptick.  California still shows the largest numbers, but it is a pretty big state.

I’m just putting the numbers out there.  How you feel about the numbers is up to you.  My question is only this – at what point are the lives of the dead and injured important enough to admit something needs to be done?

For those wondering, here are the data sources used.  I know the danger inherent in using a single source and I’m pretty sure they’re incomplete just because of the sheer numbers, but even if that’s the case, the picture they paint is gruesome and worth considering.

http://shootingtracker.com/wiki/Mass_Shootings_in_2013
http://shootingtracker.com/wiki/Mass_Shootings_in_2014
http://shootingtracker.com/wiki/Mass_Shootings_in_2015

My Experience Converting a Passive Jackson Stealth to Active Pickups

I can not be the only person on the planet who has ever wanted to take a Jackson StealthEX or any other Jackson dinky or otherwise with the HB-SC-SC one volume, one tone, 5-way switch configuration and basically swap out the factory pickups with actives and replace the box switch.  I can’t be the only one.  If I repeat it enough, I may believe it.

Now, for the purposes of this article, the 5-way switch was quite generic and the pickups were Seymour Duncan Blackouts (AHB-1, AS-1b, AS-1n).  So, to review and convey the simplicity of what I wanted to do

  • Factory humbucker -> AHB-1
  • Factory mid -> AS-1b (tapped/split)
  • Factory neck -> AS-1n
  • Factory 5-way box switch -> new 5-way box switch
  • 250K Volume pot -> 25K volume pot
  • 250K Tone pot -> 25K tone pot
  • factory mono “lipstick” jack -> stereo “lipstick” jack
  • Fix any other internal weirdness encountered.

Simple, right?  Well, don’t you believe it.  Let me rephrase…don’t be fooled into thinking that this fairly thorough swapout will have *specific,* *applicable* help files on the internet to help you.  I spent close to a week pouring over stewmac and guitarelectronics and seymourduncan not to mention more obscure sites, in an effort to gain as much info going in as I could so that this would be a nice surgical strike…or as close to a surgical strike as replacing all the electronics in a guitar can be.  No dice, really.  I ended up with just about every wiring diagram available on Seymour Duncan’s site printed off as well as 4 others from different sites.  They all had one thing in common – they were all applicable to a point.  Not any one diagram covered every part of what I needed and my electronics theory is so rusty (this is the stuff I used to do in high school – over 20 years ago) that cobbling together the wiring diagrams into a happy, all-inclusive and functional wiring diagram that I could use for quick reference was not really in the cards.  Since, as we all know, using four+ schematics is about the opposite of “quick reference.”

With that in mind, I am, now, setting out to right this wrong and get a working wiring diagram out there for everyone, like me, who is/was looking for this information and could not find it for the life of them.  Here it is.  Eventually.  It would really help if I could remember exactly what I did.

An additional kibitz, on my part, was I got to a point where I got the theory quite well enough, but just needed to know what wire got soldered where, something not entirely obvious from some of these diagrams.  So, my plan with this is to draw up schematics for those who would like them and a wiring diagram for those who prefer that route.

Additionally, here’s what I did, once all the other parts were out:

After all the pickups are in their nice little homes on the front of the guitar and the wires are routed through and ready to be connected to things to make them sing, we say a small prayer, sacrifice a small goat, and set about some wiring.

Isolate all the white wires from the pickups.  These are hot, happy, and what you’re going to connect to the switch.  Go in reverse order from what your brain would say to do logically:  looking down on the switch connections on the back, numbering down the left side, 1 through four.  So, to reverse your brain’s desire, connect the neck pickup to connection 1, the mid to 2, the humbucker to 3.

Now, you’re left with one more on the left side.  Ignore it.

We’ll get to the right side in a bit.  For now, let’s just worry about getting the hot wires to their respective connections.  In looking at where the white wires originate, you’ll notice you’ve got about ¼” to work with as it splits from the main black wire as a white-bare wire pair.  Since the bare wires all go to ground, it’s impractical to run them right in to the switch, so, for what it’s worth, I added an additional short length of wire to each hot, enough to reach the switch from the volume potentiometer, basically, since that’s where the common grounds congregate.

Once the hots are soldered to the switch, it’s time to make sure the battery connections are all square.  You only need one (buying 3 active pickups, you now have three), and will take all of the red wires, one for each pickup, and solder them to the red battery wire.

To complete the circuit, the black wire from the battery connector should be soldered to the common ground of the output jack.

Now we have all of those bare wires to deal with from the pickups.  Ok, three, but still…  What I did was to do basically the red-wire trick and solder them all to a single wire and then solder that single wire to the top of the volume potentiometer (pot).  It may not be the best solution, but is a lot cleaner looking.

Now, so long as you’re soldering things on the volume pot, solder the third connector, the one on the right looking at it from the top, to the top of its pot.  A fairly painless way to do this, if you don’t want to bend the connector back to the metal of the pot, is to run a *very* short wire – like ½” – connecting the connector to the top of the pot.

Again, so long as we’re soldering grounds to the volume pot, run a short length of wire between the top of the volume to the tone pot.

The tone version of the connector soldered to the top should come with the AHB-1s in the form of a 25K pot that already has a 0.47pf capacitor soldered from the right connector to the top of the pot.  If this is not the case, then, you know what to do – solder a capacitor (at this is based on preference and desired outcome, more on this later) from the right connector to the ground spot on the top of the pot.  For your everyday tone, the 0.47pf capacitor will do just fine, but I’ve heard other companies talking about better results using a .10pf.

Finally, we’re to the right side of the switch and ready to tie everything together.  First, solder a ground line between the jack ground and the #2 position (counting from the bottom) on the switch.  Now, run a wire between the center connector on the tone potentiometer to the leftmost connector on the volume potentiometer.  Now, connect the leftmost connector to the #1 (bottom) position on the right side of the switch.

Once that’s finished, solder a wire between the center connector on the volume pot to the hot output of the output jack.

That’s it.  Now, if you’ve done it like me, you’ve got a bit of a bird’s nest going on in there.  I feel your pain.  Also, if you’re like me, and are migrating from passive to active pickups, you’re presented with a whole new problem: where are you going to stick the battery?  Well, if you are like me, then you will just wedge it in between the switch and the inner wall beside the jack.  It’s not pretty.  So, further, if you’re like me, you decided to purchase a battery box from a local electronics store, got some velcro, and attached it to the outside of the guitar on the back, close to the heel.

[Disclaimer of doom] I wrote this from memory looking at a schematic I drew…from memory…  What this means to you is that it could be completely wrong.  I don’t want you to hose up your guitar based solely on my info.  If there’s anyone out there who can either confirm or debunk any part of this, please do.  I’ll be placing the schematic and wiring diagram up, soon, maybe — I’m not sure where I put my drawings, since we moved — so those can be used as reference.

The original wiring diagram:
HSS_wiring_diagram_ish
In progress:
Jackson_in_progress_clear
Finished — note the different switch:
Jackson_complete

Losing My America

So, there’s this meme.  I had a very visceral reaction to it – it’s the one with the drill Sargent from “Full Metal Jacket” telling us in no uncertain terms that we’re losing our “beloved America” to “goat humpers.”  Honestly, that’s just offensive.  Because of our country’s history of racism and propensity to name-call, I know who and what this is talking about.

Honestly, I find that I’m losing MY America to intolerance and hate. #ScarSpangledBanner #TrueAmericanHate (BTW, the most recent Testament/Exodus tour was freaking amazing…just saying) It’s not some Muslim insurrection I fear because of the Muslims I know, most of them have better values and place more value on life and peace than their Christian counterparts in my life. If it’s about “growing a pair and acting like Americans,” it’s time to establish what that means and I, for one, don’t recall this country being founded on the “values” of hate, bigotry and ignorance. Isolationism and freedom, yes. Being an asshole, no. Well, maybe…there’s plenty of historical precedent, I suppose…

For me, it’s not anyone from any other country, race, religion or so-called-creed that’s undermining and destroying the fabric of our country, it’s those that perpetuate that to be American, you need to be an asshole who instead of taking time to understand the cultural differences, choose instead to call names. My America is being destroyed by my government’s insistence on sending my friends and family overseas to kill a fabricated and media-amplified enemy when the real problem is who holds the petroleum resources and something that could, really, be negotiated without threat of violence.  We’re just not wired that way, apparently, because it’s the more difficult way to do something. It’s harder to accept someone for their differences than to dismiss them as different and “other.” I’ve said it for years — we need to stop listening to so-called “war experts” and invest serious time and energy recruiting “peace experts.” I, for one, don’t want this world blown all to hell for my kids because people have forgotten how or think they’re too good to use their words…

It says, “Wake up and smell the bacon.”  I do like waking up to the smell of bacon, although with my thyroid medicine I can’t eat it until a bit of time AFTER my coffee. This is medicine prescribed through American health care, taken with Swedish coffee, in front of my American built (except for the Singaporean semiconductors, Taiwanese case, Thai hard drives…), sitting on top of a Japanese stereo receiver (studio setup…long story…). There’s a point to this — everything is from everywhere. We, as a planet, are together on our ride in this compressed and screwed up span of time, and we can choose to live our lives finding reasons to hate and kill each other, or we can choose to find our commonalities and work towards making this world a better place…and there are VERY few exceptions where discriminating against or killing someone makes a positive difference.

It’s not the Muslim you need to worry about, it’s the Extremist — and that goes to ANY religion or belief. You also have to see through the media representations and perpetuated stereotypes. You have to care enough to take the time to learn why a certain people or person does something in order to understand that it’s probably not a threat to the threads of your reality and, more likely than not, is just as odd to you as whatever you’re doing is to them…

So, to wrap this up in a tidy bow, if you feel being an asshole is the most important American value, then you are the problem, not the person who is trying to make a better life for his or her family by coming to what used to be called “the land of opportunity,” but, now, seems more to be “the land of intolerant bigotry.”  Makes you proud to be an American, doesn’t it?

Producing an Album for the First Time: Part IV–Creating Monsters

Now, I’ll preface this with saying, these aren’t tutorials.  There might be some nuggets of "how-to"-ness in there, but these are softer, more philosophical pieces that take you into the challenges I faced and how we got from "sure, I can help!" to "that’s it!  It’s perfect as we’re going to get it!  Let’s do this!"  For the record, we’re not there, yet.  Are we ever there, yet?

So…there’s this song.  It’s got a good hook and a good guitar line.  The vocals are good on the scratch track.  All in all, it sounds like a good track, probably on the back end of the album to help balance it out and make for a solid album start to finish.  Then something happened.  We brought in this fella John who was to play “fiddle.”  Well, John so happens to be brilliant and talented through and through and within one practice take with this song, we were all looking at each other like…”wow!”

At that point, the rest of the track needed to be laid down and with each piece, the monster grew.  Soon, there were re-recorded vocals, guitars, bass, bagpipes, bodhrun, djimbe, drums, and violins.  Some didn’t make the final cut.  Some takes got spliced and reworked enough to make a couple of solid tracks with the best all in one place.  If you were to place all the tracks into the mix and just let ‘em go, it would make you twitch – there’s THAT much going on in this song.

As happens, there were, in total, 48 mixdowns of this song to get it “right,” and, I think I mentioned, I’m not sure we are 100% there, but, we’re really close and part of it came from understanding that compression does when met with four main sources of volume in a track, even when there are 16 total tracks (excluding fx tracks).  We ran into a problem with the monster, once everything was fixed, tonally through EQs and light compression, some reverb here and there, and so on.  What’s the problem, you ask?  The monster gets hungry and has to eat things.

OK, so the metaphor may be getting stretched a little, but here’s the bottom line – when one thing gets loud, something else gets soft, and finding the balance is the true monster.  I tried so many methods to get the vocals to sit nicely while still allowing you to hear each part clearly.  It was almost comical, though, as I’d have what I thought was a good balance, and then after mixdown, the vocals would either be lost or so up front to a point where everything else sounded lost in the background…   So many iterations!  I finally discovered the culprit – the compressor in the Master track.

Full disclosure – I use the Slate Digital FG-X Mastering plugin and I really like it.   That said, it does what compressors/limiters do – when one thing gets louder than the threshold, it makes it quieter and when one frequency range is dominating the mix, bad things happen, overall.  What I found was, each individual track sounded absolutely fine when solo’d.  When I had vocals and “instruments,” it was fine.  The culprit?  The drums.  The train driving to oblivion was, in fact, obliterating the mix.  When I added the drums back in, the overall sound dropped ~3dB and, specifically, the vocals sank closer to 4dB. 

So, how does one tame a monster like this?  I basically figured out that I had to do what I tried a while ago – mix down the instrumentation and vocals separately and bring them together for a mixdown and then send that mixdown to the mastering round.  It wasn’t the most elegant solution, but it was the only solution I found – remember I’m a bit of a rookie with this! – that allowed the full dynamics of the instrumentation (all of it!) and vocals to coexist.  The end result?  An Irish Rebel Rock song that feels a lot like the Motörhead “Orgasmatron” cover train looks.

Producing an Album For the First Time: Part I

This is going to be a multi-part retrospective and exposition on what it has been like being tapped to produce an album with, literally, no previous experience.  In a case of “we all have to start somewhere” mixed with “I know a lot of theory” with a sprinkle of “well, here were go, then!” I charged forth with dark gusto into a land heretofore unknown and full of peril, reward, but most of all, potential.

First and foremost, you might ask how this came about.  Basically, I know an artist who’s busted his hump for the last few decades and hasn’t hit a break, and was coming up on another roadblock and it all seemed to revolve around money.  It was at that point that I took what little knowledge I had and, yes Ms. Mosby, “a little learnin’ is a dangerous thing,” and threw my hat into the ring, offering whatever assistance and expertise I could to help him get this record not only recorded, but produced and into the hands of fans, new and old.  For the record, I had NO idea what I was getting into.  This is, of course, to be expected.

I had just made the full defection from ProTools to Reaper and, as such, was currently learning the ropes with it and had no established workflow to speak of, no real concept of what I needed to do, template-wise, and no understanding of how much it was going to take to get from “artist arriving” to “handing off a CD.”  For the record, we’re still not to that last point, but we’re getting there.  It’s a process – that’s something you need to understand from the outset – and it’s a living, breathing thing.

1. Step one – Recording

The discussions are over and it’s time to get the musician in there.  Now, there are some things to be done!  I had looked over all the checklists.  I had looked at all the preparatory documentation we should need and printed off individual track worksheets.  I had read so many blogs, forum threads, eBooks and articles that my head was swimming.  It was at this point I was eternally grateful that my partner in this venture had quite a number of years’ experience with the recording side of things.  He took over the reigns for recording, but that, also, set up an interesting dynamic later on.  He’s Mac based and we ended up doing all of the recording and preliminary editing in LogicPro X.

Honestly, as the mixer/producer, my role in this situation was mainly as cheerleader. I kept notes to the best of my ability and tried to keep my burgeoning cold at bay so as not to ruin many takes with a rogue cough or sneeze.  Two and a half minutes never felt so long as when you’ve got a tickle in the back of the throat and a sneeze on-deck and you pretty much have to hold your breath the entire time.  Since this was late December, a lot of us were sniffly, including our brilliant violinist who despite coming in and just blowing us away, had a little “snurf!” at the end of just about every run.  I felt bad, but with a little editing, those were mostly editable and those that weren’t, I quickly figured out how to bury in the mix.

All in all, with all the musicians, from scratch tracks to “final takes,” it took around 7 days, spread over a couple of weekends.  There was travel involved for a few, and some broken up sessions, tackling a few songs at a time, as one would expect, and it was amazing to watch, learn, and hear everything start to come together.  We were hearing it go from mere ideas and hopes to an actual album with a metric tonne, as it were, of potential.

The vocals were – and still are – a significant challenge in this because the artist is not some pop diva or emo mewler, but rather an Irish folk-rocker (rebel rocker!) who had not only a fairly wide dynamic range, overall, but a strong set of pipes that took a lot of finessing to tame.  It was also a voice that, as the mixing process progressed, seemed to defy all of the common “standards” and I found myself confused and searching in a lot of ways as to how to make the voice sound big without sounding thin or “crispy” which is something that you know when you hear it.

We used quality mics for the recording and thought we had it all finished.  We were wrong.  I was finding that I had to really work with and mess with and tweak the vocals in order to give them “life.”  This went on for a couple of iterations back and forth and tweaking and grumbling.  Finally, the artist re-recorded the vocals with a different mic, sent the files, and they sounded good: warm, up front, and not really needing much by way of an EQ treatment.

This brings us to a logical stopping point and leads us to part 2 – Don’t fear the Reaper…