Operation: Red Flag

President-elect Trump has started naming his potential appointees and, if you’re a thinking man with a half a brain, they’re terrifying.  It’s like a clown car opened up behind the White House and he’s just taking them in the order they’re getting out.  The one that this missive touches on is his CIA appointee who has stated that using encryption “may itself be a red flag.”  Seriously, Mr. Pompeo?  Or, using encryption is because those of us using it prefer to keep the government out of our business as our founding fathers intended and not this Orwellian ridiculousness we’re being asked to pretend is the new normal.  Hell no.  Using encryption doesn’t make me a terrorist any more than buying Sudaphed makes me a criminal drug user.

 Clipart - Waving Red Flag

So, without further ado, may I present my plan.  Well, less of a plan and more of an idea that I hope takes off because….well…screw Mr. Pompeo. 

red flagRed Flags | Baer Law Firm

Basic Network Connection


Basically, if you’re running internet from Time Warner, Comcast or any of the large providers, you’re compromised.  Sorry – it’s just how it is.  Thankfully, there are things you can do about this.  There are VPNs, proxies and other variations on that theme.  I’ve used a LOT of these and I have some recommendations.

First and foremost VPNs.  VPN stands for Virtual Private Network and the simplest explanation is you are logging to their network and using their network to navigate the web and it sends the data back to you.  The theory, there, is that the only IP address visible is the one assigned when you log into the VPN – your own network IP address is not exposed.  So, think of it as a tunnel under a lake.  The only thing the world knows about it the opening from the other side of the lake from where you entered the tunnel.  So, there is some debate as to which are better and if there are any good free ones. 

I currently have four installed on my system that I use.  Each has its own set of pros and cons.

SecurityKISS

Let’s start with the one I use the least – SecurityKISS.  I’ve used it off and on for over a year and it’s pretty solid.  I get slightly reduced bandwidth speeds, but that’s to be expected.  The only real downside to this particular VPN is that it has a bandwidth usage limitation of 300MB, if I remember correctly, and that’s per day, I believe, and resets every 24 hours.  Now, it looks like they’ve simplified it since I started using and that’s not necessarily a bad thing.  It uses a client you can download and have pricing options that range from free to just under 90 euros a year. Of course, each price tier opens up more possible server connections as well as features. 

SoftEther / VPNGate

Another one that I use that is a little more complicated to set up is VPNGate / SoftEther VPN. The one thing I like about this is that once you get it set up, you load a list of potential servers and it displays the uptime, bandwidth and how many users are currently connected.

image

There are four ways to connect, each with their pros and cons and the VPNGate website has instructions to set up each method including one to use the OpenVPN client if you already have that in order to use other VPNs.  It’s also open source, so you won’t be restricted in your usage for using the “free” option, as they’re all free.

Windscribe

I started using Windscribe after I was doing research and really liked what I saw.  I liked it even more when I didn’t notice any discernable slowdown when using the VPN – even running a speedtest confirmed it.  Now, what’s interesting about this VPN is that there are ways, free ways, to increase your monthly usage cap. 

image

My current cap is at 15GB per month and, thus far, when I am going back and forth between VPNs, this has been more than enough.  There are two pricing options and they’re basically free and paying the yearly charge of ~$90 all at once or monthly.  I like the free option and was willing to do things like tweet a micro-testimonial to get an addition 5GB per month.

One of the interesting things to note is that not only can you use this on your Windows or MacOS system, but also your android device or even your router if it has been DD-WRT or Tomato flashed.

VPNBook

I’ve started using VPNBook a lot more, of late.  About the only things it disallows are pop connections and torrenting (except for, it would seem, the European servers).  It does pretty much everything else, is fast and pretty easy.

image As you see in the graphic, there, it supports a number of servers in a number of locations.  It tend to use the US1 and US2, though I’ll use the Canadian ones if I’m feeling frisky.  The only “inconvenience” is that the password to log into the VPN is provided by VPNBook on the web site.  I pinned the page in my browser, so it’s not too bad.  It’s pretty simple to set up and the instructions are clear and concise. VPNBook supports OpenVPN so is usable on Windows, MacOS, Linux, iPad and Android devices.  It also supports PPTP, but recommends the OpenVPN method.

TOR

“The Onion Router” or TOR can fall under “browser” as well, and that’s where I will discuss it more.  At this point, you just need to know that it is a distributed network designed to provide anonymity.  For the most part, it does, but my recommendation is to fire up a VPN and then load your TOR browser.

E-Mail


E-Mail is the most easily siphoned window into your personal lives.  There are some ways to mitigate this – webmail is, in theory one way, though it’s not any more or less secure than a standalone client if it’s not set up properly.  So – what do I use?  I’ve tried a ton of email clients over the years and the one I’ve settled on isn’t necessarily the one I’d recommend for end-to-end encrypted emails.

Confidant Mail

Confidant Mail might be a hard sell because it’s basically uprooting your existing emails (even though you keep your old email address) and putting them into a completely encrypted system. It’s not simplest to set up and seems to rely on you convincing everyone you communicate with to install and use Confidant Mail, as well.  Since it’s a standalone application it doesn’t run the same risks as do webmail or even standard pop/smtp-based email clients that employ message encryption.  It had a page dedicated to why it’s better than normal or even encrypted email.  It generates a public key via GPG when you set up the program, initially, and once that’s done you can upload the key to the servers so that people who are subsequently installing the program will be able to search for, find, and add you to their contact list.  I recommend checking it out, but something that I’ve had a bit of a problem over the 20 years I’ve tried using PGP is convincing my friends and family to also use PGP. 

Sigaint.org

Anything with “Making the three-letter agencies cry” in the tag-line is something worth looking into.  The only thing with Sigaint is that you really need to access it through your TOR browser. They have a clearnet address, as well, but it mainly serves to tell you to seek them out via TOR.  It’s a webmail client, so there are inherent risks, but they are quite open and honest, telling you not to trust them and to encrypt your emails.  Now, there is a “pro” option, as well, that for $32 for life, will allow you to use multiple protocols (pop3s, smtps, imaps), upgrade your email storage from 50MB to 1GB, full disk encryption, and a slew of other things to ensure your anonymity.  With the pro upgrade, you can also use an external email client – it says it’s been tested with Thunderbird, Claws and K9 Mail.  The free version is still very usable, though they recommend PGP-encrypting your emails before you send them, and I’ve had nary a hitch using it.  You basically get two email addresses – the clearnet version and the onion-specific version.  They both go to the same place, it just depends on the origin.  If you want no one to know who your are, this is the way to go.

ProtonMail

A fairly new service arrived earlier this year.  Basically, ProtonMail provides end-to-end encryption, a two-step authentication method (log into Proton Mail, then log into your mailbox), as well as the ability to send emails that will, in essence, self-destruct after a set amount of time.  It’s hosted in Switzerland and their servers never see plaintext anything – all the emails stored on the server are encrypted.  This has three cost/service plans where the free service provides you with a single address, a limit of 150 messages per day and 500MB storage.  The Plus tier is 48 euros per year and gives you a bit more while the Visionary tier gives you 20GB storage, 10 custom domains with 50 unique emails addresses and no limit on sending/receiving emails.  It’s 288 euros per year.  One interesting feature is that you can enable authentication logs which will tell you when your mailbox was accessed and from what IP address.  This is a solid choice and I’ve not had a problem with ProtonMail – and you can download the android app to access it from your phone or tablet, as well.

Trend Micro – Encrypted Email solution

I’m not sure what to do with this, since it’s more or less a service solution rather than a product solution, so you have several choices as to how it protects your email.  It looks decent enough, but also, to me, looks like there are several holes along the chain that could be problematic, but that’s just me worrying about anything that is not encrypted leaving your system and relying on something “out there” to do it for you.  It also looks geared towards small business, with a subscription system, so I’m not sure how useful it will be to an end user who wishes to employ it.  So, there you go – another option. 

Web Browsers


image

I have many browsers.  I want to try them all, see which ones work the best for my needs.  I will touch on them and let you decide for yourself if they will work for you, your privacy, your security.

Chrome

Yes, Chrome.  Mostly, this is because of the pile of extensions you can plug into it to give you whatever level of protection you wish.  I use the following plugins to great success:

    • AdBlock Plus (ad blocker…)
    • Anonymous Communication (secure chat client)
    • BitDefender Quickscan (real-time antivirus checking of web pages)
    • Block Site (offending site?  “Welcome to my kill filter, sucker.”)
    • Do Not Track (cuts down on sites abilities to track you)
    • DotVPN (VPN internal to the browser)
    • Ghostery (makes it easy to see who’s trying to track you)
    • Javascript Popup Blocker (popup blocker that handles most of the javascript-based ones)
    • NetCraft Extension (site information and phishing protection)
    • OneTab (not security, but bloody useful – collapses all tabs to a list on one page)
    • Performance Analyzer (measures the performance of web pages/sites)
    • Poper Blocker (my favorite popup blocker)
    • Request Maker (Log, edit and send HTTP requests)
    • Rubber Glove (removes common browser tracking ‘fingerprints.’)

Now, these come at the expense of performance, occasionally, and RAM usage, most of the time, but I haven’t been hit by any drive-by malware for a LONG time.  When used with a VPN (one of the ones listed above or just the DotVPN), it offers reasonable protection from snooping.

FireFox

After I spent a large amount of time getting the beta of FireFox up and running and customized to my liking, it decided to update to a newer version and wiped out not only all of my bookmarks, but my extensions, as well.  As you can imagine, that made me a touch salty, which is why I don’t use FireFox as often as I used to.  That said, I have a couple of addons/extensions that make FireFox more usable for me.

    • AdBlock Plus (ad blocker…)
    • uBlock Origin (an efficient blocker that is pretty customizable)

As I mentioned, though, I don’t use it much, anymore.  So, these two are by no means the extent of the addons or extensions out there, but they’re the only ones I’ve put back since being forced to start from scratch.

Epic Privacy Browser

image

They feel that your privacy is yours and yours alone.  It’s a solid browser and does just about everything I need.  The big things to take into consideration, here, are that

    • Private Browsing is *always on*
    • it automatically sends the “do not track” message to websites
    • it blocks all third party trackers and cookies
    • one-click on/off proxying which hides your IP address and encrypts your data (gets REALLY slow, sometimes, especially when inside a VPN tunnel)
    • it searches through its own proxy when obscures your searches from outside “eyes”

So, basically, it has just about everything you need, right out of the gate, to be private and mostly safe out there in the wilds of the internet.  I mentioned that it gets slow inside of a VPN.  A lot of things get slow inside a VPN tunnel, so it’s not a condemnation as much as a factual statement – in this case, however, you know why and can appreciate why your data is taking a bit of time to find its way back to you.  It does break some sites, of course, but has a “Quick compatibility umbrella” which expands and lets you pick and choose which safety mechanisms you are using in an attempt to return compatibility.  I use this browser a lot.

Opera

Opera was my first “go-to” browser after my FireFox kerfuffle.  It’s a solid browser and one that I’ve used off and on since it was initially released back in the land before webkit.  The one thing I miss is the ability to set how many data connections you wanted to hammer a site with to improve performance.  I think it’s still in there, but the bottom line is that, really, most connections are fast enough that it’s really fairly unnecessary unless you want to inadvertently instigate your own miniature Denial of Service attack which, by the way, web masters love. 

I only have a few extensions and they are “the usual subjects,” AdBlock Plus, and that’s pretty much the only ones for security. “Why,” you may ask.  Well, it has a nifty feature whereby you can toggle, on a tab-to-tab basis, the built-in VPN connectivity, which is through SurfEasy.  For the most part, it’s fast and can be routed through numerous countries for added protection.

Brave

It’s main goal is to limit the trackers and ads that slow down your browsing while at the same time protecting your private data.  It’s a good browser and I actually do find it faster when going to normally ad-laden sites.  Of course, part of that, too, is that I use a custom hosts file that nips most of that in the bud, but still, you can tell the difference.  It defaults to trying to run everything through https-everywhere, which is good.

image

The bottom line, for me, with this browser is that it’s in its infancy and each release makes it better.  It’s a solid browser, now, but doesn’t have everything to keep you off the grid…yet.

Vivaldi

After the big three (Chrome, FireFox and Opera) all flaked out in their own ways, I spent a lot of time looking for a browser that didn’t drive me nuts.  I test drove this for a few days and those days have turned into months.  I like it because it’s fast, does everything I want, and doesn’t do dumb stuff.  One of the selling points is that almost every aspect of the browser, and therefore your browsing experience, is customizable.  It’s not as secure as the others, but can take extensions to fix that, I’ve just been too lazy to, recently.  Well…when I want secure, I’ve got how many other browsers to choose from?

OWASP Mantra

“Elegant, clean and completely open source,” this browser is build with the security / penetration tester in mind.  The landing page has a slew of links ranging from your everyday to the Hackery section and a link directly to Shodan.  One of the things that stands out about this browser is the number of tools built in.  There are a lot.  I suppose I could list them out, but that’s pretty much what their web site is for – it discusses each one and does a better job than I could.  Honestly, it’s more for site testing than security, but as it takes FireFox extensions, you can add whatever you need, in this regard.  It is, nice, however, to have the ability to see what headers are being passed on to you and allowing you to edit them on the fly.  That’s good stuff, right there.

Maxthon Cloud Browser

This browser actually kind of tries to be a one-stop shop for you, providing a browser with many interesting security features like an encrypted password manager, right-click re-enabler, a cloud-based note/document storage area (1GB/free), and a provider of anonymous emailboxes.  All this translates to a web browser that is pretty solid for information gathering while you’re browsing the web.  It also defaults to duckduckgo as its search engine which, while it doesn’t return 1.5 zillion results like Google, it also returns mainly those things that have something to do with what you’ve searched for and not a bunch of ad placement crap.  I haven’t used it a huge amount because, well…nine browsers makes “equal time” hard.  That said, it seems to do well with ridiculously pop-up ridden sites like firstrowsports.eu, on which I watch hockey from the Ukraine and rugby from New Zealand and it plays the video with no fuss, no muss.  Not a security related feature, to be sure, but one that’s welcome, nonetheless.

Pale Moon

Developed by the save folks who develop FossaMail (which is what I use), this browser just received an overhaul.  This overhaul brought it up to “today’s browser standards” and in the process broke a couple of the nice security extensions it had going for it.  This will probably be fixed, in the near future, but fear not – important security extensions remain: AdBlock Latitude, Encrypted Web, and Secret Agent.  What this means is that you’re not going to see the majority of the ads out there, you’re going to be in HTTPS as much as possible and it will rotate the “User Agent” as not to leave a reliable fingerprint of the browser you’re using.  This is a good thing.  It will also alert you if a site tries to hijack requests and tries to redirect it to a different web site.  It will tell you the how, the who and the potential why: “Your web surfing may be subject to surveillance.” It’s a solid browser with a highly customizable landing page which is nice.  Check it out, but also check out the FireFox-based extensions that you can add to make it as secure as your paranoia desires.  Is it paranoia if you know it’s happening?  At any rate…

TOR Browser

As discussed, previously, this is the browser that works with the TOR network and will allow you to see deep/dark web sites and those sites with the .onion suffix.  It allows you to switch TOR circuits – or paths through the TOR network – in order to maintain anonymity if you feel that the current route/path/exit node has been compromised. Do remember that while the TOR model allows your data to be encrypted inside the TOR network, once your data leaves an exit node and goes to a site, the data in between the exit node and site is not encrypted by the TOR network, so continuing to use an extension like HTTPS Everywhere is always a good idea.  Now, what I do, for what it’s worth, is to fire up a VPN and then launch the TOR browser.  This way the TOR network connections are working within an already obfuscated network tunnel.  While not foolproof, it does increase the challenge for prying eyes/agencies.  While navigating through Onion-land is a bit more arduous and a bit slower, it is still a much safer alternative to bopping around in clearweb land.  There is also a “hardened” version that may be a version or so behind the currently available TOR browser, but has been modified to provide a lot more security.  I use this one almost exclusively.

….

You’ll notice there a browser missing.  Most folks in the IT world understand why it’s missing.  Perhaps you don’t.  Perhaps you love IE Edge.  Here’s the thing – it’s a screen door on a submarine, security-wise.  That’s pretty much what you need to know.  Any of the browsers above would be a much better choice when it comes to keep your data from “the man.”  In the interest of fairness, I will say, simply, that when I tried to “harden” IE, it broke.  I can no longer use it to browse the internet and it has become, inexplicably, the default PDF reader despite Acrobat Reader being installed.  It now, like Hodor, can only say one thing:

image

Encryption


This is where Pomeo is poking the bear.  I’m a firm believer in 1st, 4th and 5th Amendment rights as well as a strong heaping helping of “nunya.”  What’s “nunya,” you say?  If you grew up in the south, you know this is a rather sassy way of saying, “None of your business.”  Really, that’s how I feel about all aspects of my digital life.  I used to have an attitude of “fine, look around – I’ve got nothing to hide!”  What changed?  Well, for one thing, the Patriot Act.  Almost completely unconstitutional in its reach and just a wake up call that it doesn’t matter what the laws say, the government will find a way to wiggle around them.  Then came the hoo-hah about the iPhone in the San Bernadino terrorist case where some dunderhead tried to brute force *guess* the password to the iCloud and iPhone accounts and effectively wiped both clean.  Somehow, this was seen as Apple’s fault and so there was the huge floofle about how Apple should create a backdoor for law enforcement and Apple basically said, “Up yours,” as well they should.  What killed me about this, tangentially, was that if you search for “iPhone 5 unlocking/decrypting,” there are enough links that the FBI could have had it done in under 5 business days and for right around $150.  At any rate, as soon as that story hit the news, I hopped into my Android settings menu and encrypted the heck out of my phone.  You want anything?  You’re going to have to work for it, or at least lay out some cash.  Even though I’m not doing anything “wrong,” I’m not in any way shape or form going to make this easy for anyone who wants my data without a fight…or encryption key.

Drive Encryption

I absolutely encourage drive encryption.  Every Virtual Machine I create is encrypted and has to be decrypted, using the proper password, to even mount.  Once past that, the drive is encrypted and, finally, the user directories are encrypted with a different password for each user.  Seems like it could be considered overkill, doesn’t it?  Well, so what?  I think I mentioned not making it easy.

VeraCrypt

This is a very useful – and free – encryption program geared towards drive encryption, whether it is full disc encryption, partial disk, containers (encrypted files that act like drives but aren’t outwardly visible as such) and can even hide these encrypted volumes.  It’s free, actively maintained and based off of the TrueCrypt software package that was used by a multitude of corporate entities, including mine (TrueCrypt, not VeraCrypt) – and it (VeraCrypt) is SO much faster and less flaky than McAffee’s “Endpoint” software, in my experience.  You can select many encryption protocols and – and this is a wonderful “and” – you can even wrap them three deep, meaning your volume will first be encrypted with AES-256, then it will be encrypted with Blowfish, or TwoFish, and finally, on top of these two encryptions, it will encrypt a third time using Serpent, for example.  That’s my personal choice, but there are several combinations from which to choose.  This flexibility makes it exceedingly useful and, more importantly, pretty intuitive to use.  I recommend this to the moon and back for keeping your sensitive bits protected.

McAffee Endpoint Solutions

My experience with this product has been largely negative, but that might have to do with how it was implemented, so I’m disinclined to just dismiss it out of hand.  It’s only one of two in the list that costs anything, so you’ll need to take that into consideration.  I do know some folks who feel safer purchasing a commercial product – especially an expensive one – because they feel it’s more secure.  This could be.  I couldn’t tell you.  I just know that post-encryption, I’ve had better luck with VeraCrypt.  Honestly, the only trouble I have had with Endpoint is that it will suddenly and out of the blue simply disavow any knowledge of my passcode to decrypt the drive in order to use it.  This is frustrating in itself, but the process to recover it is not only a titanic pain, but – here’s the thing that throws giant red flags for me – with the recovery software, you are given a long series of numbers that will allow you to reset the password and, therefore, decrypt the drive.  Now, in a corporate environment – and one thing I do actually appreciate about the seemingly overly complex method for doing this that my employer uses – you can only access this recovery module after logging into the web portal, going to the “recover endpoint encryption” link and clicking it, then entering your credentials in, again, including a secret question, and only after satisfying this step will it allow you to embark on the rest of the journey.   Now, on the plus side, the price isn’t a deterrent.  Ranging from ~$20 for individual users to ~$5K for an enterprise license, it’s really not all that bad, comparatively.  That said, I trust VeraCrypt more.  Why?  Just because, really.  While the aforementioned folks feel more comfortable with a for-profit product, I prefer a product written by someone(s) whose only skin in the game is reputation.

Microsoft Bitlocker

I’ve never used Bitlocker.  It used to be only available on the Ultimate editions of Windows7 and, I believe 8.  I think it’s standard, now.  If it’s not, it should be.  At any rate, it functions very much like the above two solutions when it comes to encrypting entire drives.  You can encrypt your system (boot) drive with relative ease and, at this point in the game, I recommend that course of action. 

Symantec Endpoint Encryption

Now, I am pretty sure I haven’t used this, but I might have in a previous incarnation – I honestly don’t remember.  That said, from reading the literature and implementation documents, it seems like it’s on par with McAffee’s offering and does allow full-disk encryption.  I also boasts using PGP (Pretty Good Privacy) for it’s encryption of choice.  The company seems to be positioning this solution towards the enterprise customer, but you can get the Endpoint Encryption in a single license for $189.  So, again, I’ve not worked with it, so I can’t say one way or another if it’s the right product for you or your needs.  I’m just letting you know it’s out there and, frankly, the more encryption the better.

On-the-Fly / Individual file / Text Encryption

There are a long ton of solutions, here.  I’m going to focus on ones I’ve used and/or recommend.

Pretty Good Privacy (PGP)

The granddaddy of all public key encryption, this has going through a slew of changes, purchases, open source projects and version.  It’s been entertaining to watch, if not a little frustrating to keep up with.  Basically, the majority of things I’ll be discussing fall under this category, in some way or another.

Symantec

PGP, Inc. was purchases by Symantec, and so is included in the aforementioned Endpoint security package.  I’m mainly putting this here for completeness’ sake.  This isn’t to be confused with PGP Corporation.  Oh, wait…yes it is.  This is PGP if you want to pay for it.

OpenPGP

Standardized in the mists of history (1997), OpenPGP is available for all platforms, including iOS and Android.  This is pretty much the standard and everything derives from this.  It’s free.  It’s mostly easy to set up – the hardest part is thinking of a suitably secure password.  Their site has email encryption solutions, keyservers, and even a section for developers discussing signing their projects.  The email section provides a long ton of options/solutions.  Check them out.

PGPi

For historical purposes, only, I include the “international” version of the original PGP software and should be considered exceedingly outdated – it supports Windows 3.1/95/98/NT as well as the Amiga and OS/2.  So, why would I include it?  Because it’s fascinating to see how far we’ve come, really.  I love digging around in this stuff, so, I figured I’d share.

GnuPG (GPG)

This is what I use.  Take that for what it’s worth…I use it.  That doesn’t mean you need to use it or should use it.  I just like the setup of GPG4Win and it’s easy for me to work with.  The binary releases, should you not feel like downloading the code and compiling (./configure ./make ./make install), support Windows, Linux, MacOS, Android, OpenVMS, and RISC OS.  Integrated into the Windows shell, it makes encrypting/signing/decrypting documents, other files, directories and even drives painfully simple.  I recommend it.

Diplomat OpenPGP

I’m including this not just because they have their own OpenPGP solution for you, but a they also offer secure file transfer, which is nothing to sneeze at.  Now, while the OpenPGP product is free, the Diplomat File Transfer product is not.  It’s pricey, but when you look at what it does – securing file transfers, either P2P, FTP, FTPS and SFTP, as well as encrypting those files that are transferred with the private keys, meaning only the sender and the recipient can open the file(s) sent.  That’s pretty hoss.  This service will cost you, with the “basic” version *starting at* $595, the “standard edition” starting at $2,995 all the way up to the Enterprise version with the terrifying “Call for pricing.”  Still – if you’re worried about industrial espionage, how much is your data worth to you?

Again…make these folks work for it, where “these folks” can be, basically, anyone who wants to access your drive who isn’t you and, especially, without permission.  There are more solutions out there, but this should provide a good starting point. 

Cloud Storage


I know a lot of people that use either their own server or services like Dropbox to store files “in the cloud.”  There’s Dropbox, Mega.nz, and a whole slew of others, but they all share one thing: they’re searchable by the companies that set them up and in that light, anything subversive or  plain illegal in your file storage area can be found and you can endure anything from irritation all the way to outright pain.  That doesn’t sound fun.  So, let me recommend a few.  I’ve been using Keep2Share, of late.  It functions much like Dropbox, but I haven’t read any missives, recently, talking about k2c routinely scrubbing through user accounts looking for violations.  Let’s look at some other options, shall we?

Boxcryptor

This is a product that looks a LOT like what were talking about with Diplomat.  There are differences, of course, but as you get into the paid subscription versions, one of the big selling points is the end-to-end encrypted file transfer.  That said, the free version offers this, as well, just without as many bells, whistles and safeguards.  The free version features the ability to secure one cloud account, up to two devices from which to upload and save data, and Whisply integration which, for those who don’t speak weird corporate software naming practices, is their end-to-end file transfer encryption which will allow you to send out an unlimited number of links to the files you store there and these other folks don’t have to be boxcryptor users.  It also has a portable installation if you’re not wanting to, or can’t, install it one your system.

Tresorit

Aiming to not be a full service, encrypted cloud storage provider, it’s not free, but offers a lot of features.  Their claim, also, is that it would take 1,000 years to crack the encryption they use. I wonder if that will change with quantum computing?  At any rate, they offer a couple of tiers of service, with the personal level providing a terabyte of storage, access from 10 devices, password protected links and extensive file permission settings for file sharing.  The personal subscription is $30 per month, so $360 per year.  For small business and enterprise, it’s considerably more outlay, but is less per user.  Again, the enterprise model has the scary “Custom pricing,” which probably just means customizable for your business, but I still like seeing everything out in front of me.  One interesting thing that I like a lot is that it has a section for developers, offering a SDK to allow the end-to-end encryption to be integrated into your application.  The tagline, “No more data breaches” sounds good to me.  You have to request access, but I’m thinking that a software development company could benefit greatly from being able to tell clients/customers how secure their data will be.

Waula

LaCie’s solution was one I was going to discuss, but upon hopping to the site for more information, I got this:

<h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>Ref A: C544C6B0F1F84F22A420DB3DC53148B5 Ref B: F4B412192C8F55313E7D91E98DB04966 Ref C: Fri Nov 25 08:03:07 2016 PST”

so…you know.

nCrypted Cloud

This looks like another encrypted cloud service, though, it’s positioning itself more as a security layer on top of cloud storage.  Honestly, if the files are encrypted, I’m not sure I care how you get them there.  Well, that’s not entirely true, but you get the picture.  The personal version is free and for non-commercial use.  You get roughly the same features as on the company/enterprise-centric models, but without the longer audit trail, Active Directory integration and collaboration tools.  Now, there’s free, then there is the per-user cost for each level: $10.  The only difference is the number of users, at a minimum, that you are required to have: 25 for small business, 250 for medium business and 2,500 for enterprise-level. 

Honestly, I’m running out of steam.  For cloud storage alternatives beyond what I’ve laid out, here, I recommend this article.  It goes into greater depth than I have been and gives you pros and cons in a concise manner.  Concision has never been my strong suit.

Summary


Long story short, if you want to keep the government/hackers/pranking friends/ex-spouses out of your data/email/what-have-you, you need to secure it.  There are also ways to secure what you already have, for example, in Yahoo or Gmail. 

There’s an option for most webmail services to use two-factor authentication.  Use it.  You’ll be glad you did, especially when reports come out stating that Yahoo knew about data breaches as early as 2014 (and didn’t do anything until much later), and the recent Gmail breach. If it’s difficult for YOU, it’s going to be that much more difficult for anyone else.

Also, don’t use fingerprint or simple-pattern unlocking on your phones.  While a long PIN is a pain in the butt for you, just think how much of a pain it will be for someone who doesn’t *know* the PIN.

Stop using common passwords. While “ihatemyjob” is funny in ads, it’s horribly insecure and will take even an average computer a few minutes, if that, to crack.  Even throwing in a “!” at the end will delay the “crackening.”  That said, I’m a big fan of using symbols and numbers.  “Ih4t3myj0b!” will be that much more difficult to crack.

Above all, just don’t make it easy.  The more layers of security, the better.  The heftier the encryption, the better.  It doesn’t make you a terrorist, it makes you a pragmatist. Remember – This isn’t about hackers, anymore.  It’s about our government.

Advertisements

Flying Without A Net

It’s interesting…I’ve been doing an experiment. So far, in the three months since I reimaged my system back to Windows 7, I’ve not installed an antivirus application. “WHOAH! That’s CRAZYPANTS!” you say. Here’s the thing…I’ve been able to run my system at full-bore speeds. I’ve got MANY layers of JavaScript blockers going on my browser of choice (Chrome, in this case). I’ve modded my hosts file to have over 39K entries of blocked malicious sites and I add to it just about every day. I run a malware scanner ever so often, usually once a week with nary a nasty other than a couple of tracking cookies.

Honestly, I find antivirus software to be bigger hassles than the majority of viruses (other than the REALLY nasty ones that require scorched earth methods). Symantec/Norton and McAffee are, themselves, viruses – one of the banes of my work laptop experiences is the Symantec Endpoint ridiculousness that is installed.  Whomever configured it was the devil, as it will, randomly, throughout the day decide it needs to scan, no matter what I’m in the middle of doing, and will – sometimes, if it’s bored – run the scan a couple of minutes down to 30 seconds apart.  This wouldn’t be so bad if it didn’t give itself full priority, shoved what you were working on to the background and do it’s thing.  While this may not be Symantec’s fault, they get the blame for writing this bloated warthog of an application that chews up 500+MB of RAM on a system only graced with 4GB.  Avira blew their chance with me when they started being SEVERELY obnoxious with the popups pushing you to purchase a paid copy of the software and all hope for them was lost when I decided to uninstall it and instead of running the uninstaller, it downloaded and launched the updated version of the software.  Talk about virulent behavior.  Honestly, the best I’ve used is Avast, but even it taxes my system at random times enough to be severely annoying at best and  production killing at worst – and this is on a 3.9GHz hexcore with 20GB RAM, so if it grinds THAT to a halt, there’s something fundamentally wrong.

So, Mr. Flying Without a Net, why do you feel safe without any antivirus software on the most susceptible OS known to man? Honestly, I’ve changed my computing behavior. I rarely download anything from the net anymore that isn’t a purchase from a reputable vendor. I visit “normal” sites — the exception being a TV viewing site that necessitated the modded hosts file to begin with (if you’ve not encountered 23 popups within a 10 seconds span, you haven’t lived) — and I never do anything unexpected… So far, I’ve managed to stay clean. Now, I consider myself lucky in this regard and know that if something goes *bing,* it will go *bing* in a big way. That said, walking the straight and narrow has done wonders. Additionally, the use of firewalls – multiple layers has made life easier.

I will recommend a modded hosts file, in general, though, simply because it has sped things up immensely to have all the ad-pushing sites stopped dead so it actually loads CONTENT on a website rather than a ton of ads.  I’ve found ad-heavy sites will load orders of magnitude faster.

So you know – for hosts file replacement goodness, go here:
http://winhelp2002.mvps.org/hosts.htm

Do I think I’m 100% safe?  Not a chance.  This is Windows.  Do I think that behavior modification has made a world of difference?  You betcha. Would I recommend this to others?  I guess it depends on the person.  If you can’t live without certain high risk behavior that tends to result in viruses being strewn throughout your system, then I wouldn’t choose this route.  Again, it also comes from experience and knowing how to avoid certain fast-tracks to infection.  We’ll see how long this age of antivirus-free tranquility lasts…

My Experience Converting a Passive Jackson Stealth to Active Pickups

I can not be the only person on the planet who has ever wanted to take a Jackson StealthEX or any other Jackson dinky or otherwise with the HB-SC-SC one volume, one tone, 5-way switch configuration and basically swap out the factory pickups with actives and replace the box switch.  I can’t be the only one.  If I repeat it enough, I may believe it.

Now, for the purposes of this article, the 5-way switch was quite generic and the pickups were Seymour Duncan Blackouts (AHB-1, AS-1b, AS-1n).  So, to review and convey the simplicity of what I wanted to do

  • Factory humbucker -> AHB-1
  • Factory mid -> AS-1b (tapped/split)
  • Factory neck -> AS-1n
  • Factory 5-way box switch -> new 5-way box switch
  • 250K Volume pot -> 25K volume pot
  • 250K Tone pot -> 25K tone pot
  • factory mono “lipstick” jack -> stereo “lipstick” jack
  • Fix any other internal weirdness encountered.

Simple, right?  Well, don’t you believe it.  Let me rephrase…don’t be fooled into thinking that this fairly thorough swapout will have *specific,* *applicable* help files on the internet to help you.  I spent close to a week pouring over stewmac and guitarelectronics and seymourduncan not to mention more obscure sites, in an effort to gain as much info going in as I could so that this would be a nice surgical strike…or as close to a surgical strike as replacing all the electronics in a guitar can be.  No dice, really.  I ended up with just about every wiring diagram available on Seymour Duncan’s site printed off as well as 4 others from different sites.  They all had one thing in common – they were all applicable to a point.  Not any one diagram covered every part of what I needed and my electronics theory is so rusty (this is the stuff I used to do in high school – over 20 years ago) that cobbling together the wiring diagrams into a happy, all-inclusive and functional wiring diagram that I could use for quick reference was not really in the cards.  Since, as we all know, using four+ schematics is about the opposite of “quick reference.”

With that in mind, I am, now, setting out to right this wrong and get a working wiring diagram out there for everyone, like me, who is/was looking for this information and could not find it for the life of them.  Here it is.  Eventually.  It would really help if I could remember exactly what I did.

An additional kibitz, on my part, was I got to a point where I got the theory quite well enough, but just needed to know what wire got soldered where, something not entirely obvious from some of these diagrams.  So, my plan with this is to draw up schematics for those who would like them and a wiring diagram for those who prefer that route.

Additionally, here’s what I did, once all the other parts were out:

After all the pickups are in their nice little homes on the front of the guitar and the wires are routed through and ready to be connected to things to make them sing, we say a small prayer, sacrifice a small goat, and set about some wiring.

Isolate all the white wires from the pickups.  These are hot, happy, and what you’re going to connect to the switch.  Go in reverse order from what your brain would say to do logically:  looking down on the switch connections on the back, numbering down the left side, 1 through four.  So, to reverse your brain’s desire, connect the neck pickup to connection 1, the mid to 2, the humbucker to 3.

Now, you’re left with one more on the left side.  Ignore it.

We’ll get to the right side in a bit.  For now, let’s just worry about getting the hot wires to their respective connections.  In looking at where the white wires originate, you’ll notice you’ve got about ¼” to work with as it splits from the main black wire as a white-bare wire pair.  Since the bare wires all go to ground, it’s impractical to run them right in to the switch, so, for what it’s worth, I added an additional short length of wire to each hot, enough to reach the switch from the volume potentiometer, basically, since that’s where the common grounds congregate.

Once the hots are soldered to the switch, it’s time to make sure the battery connections are all square.  You only need one (buying 3 active pickups, you now have three), and will take all of the red wires, one for each pickup, and solder them to the red battery wire.

To complete the circuit, the black wire from the battery connector should be soldered to the common ground of the output jack.

Now we have all of those bare wires to deal with from the pickups.  Ok, three, but still…  What I did was to do basically the red-wire trick and solder them all to a single wire and then solder that single wire to the top of the volume potentiometer (pot).  It may not be the best solution, but is a lot cleaner looking.

Now, so long as you’re soldering things on the volume pot, solder the third connector, the one on the right looking at it from the top, to the top of its pot.  A fairly painless way to do this, if you don’t want to bend the connector back to the metal of the pot, is to run a *very* short wire – like ½” – connecting the connector to the top of the pot.

Again, so long as we’re soldering grounds to the volume pot, run a short length of wire between the top of the volume to the tone pot.

The tone version of the connector soldered to the top should come with the AHB-1s in the form of a 25K pot that already has a 0.47pf capacitor soldered from the right connector to the top of the pot.  If this is not the case, then, you know what to do – solder a capacitor (at this is based on preference and desired outcome, more on this later) from the right connector to the ground spot on the top of the pot.  For your everyday tone, the 0.47pf capacitor will do just fine, but I’ve heard other companies talking about better results using a .10pf.

Finally, we’re to the right side of the switch and ready to tie everything together.  First, solder a ground line between the jack ground and the #2 position (counting from the bottom) on the switch.  Now, run a wire between the center connector on the tone potentiometer to the leftmost connector on the volume potentiometer.  Now, connect the leftmost connector to the #1 (bottom) position on the right side of the switch.

Once that’s finished, solder a wire between the center connector on the volume pot to the hot output of the output jack.

That’s it.  Now, if you’ve done it like me, you’ve got a bit of a bird’s nest going on in there.  I feel your pain.  Also, if you’re like me, and are migrating from passive to active pickups, you’re presented with a whole new problem: where are you going to stick the battery?  Well, if you are like me, then you will just wedge it in between the switch and the inner wall beside the jack.  It’s not pretty.  So, further, if you’re like me, you decided to purchase a battery box from a local electronics store, got some velcro, and attached it to the outside of the guitar on the back, close to the heel.

[Disclaimer of doom] I wrote this from memory looking at a schematic I drew…from memory…  What this means to you is that it could be completely wrong.  I don’t want you to hose up your guitar based solely on my info.  If there’s anyone out there who can either confirm or debunk any part of this, please do.  I’ll be placing the schematic and wiring diagram up, soon, maybe — I’m not sure where I put my drawings, since we moved — so those can be used as reference.

The original wiring diagram:
HSS_wiring_diagram_ish
In progress:
Jackson_in_progress_clear
Finished — note the different switch:
Jackson_complete

Producing an Album for the First Time: Part VI – Lesson Learned

A Time and Place

One of the more significant lessons I learned was about…well, honestly, patience. The situation was clear, however, I just didn’t anticipate the disruption. The album had some tracks that were monsters, literally and figuratively, and when editing them on my original desktop setup, I ran into major problems with the CPU seizing and, sometimes, simply rebooting the entire system. It had enough and, honestly, so had I. Additionally, there was just not enough RAM overhead to handle some of what I needed to do, as well. Applying a filter would involve significant drive-grinding time as the virtual RAM disk swapped data back and forth for what seemed to be eternity. For reference, my desktop, at the time, was a 2.6GHz Duo-core with 12GB RAM. The problem? It was a Dell, so I couldn’t just swap things out – I had to make sure they would play well with all the proprietary nonsense Dell saddles you with so that your next upgrade will have to be through them, or be done, yourself…

Now, this isn’t to cast aspersions on Dell products, it is, however, pointing out that there are some proprietary things about Dell systems that will make upgrading a …maddening… experience. First and foremost, the chassis connection headers are not going to match up to any motherboard you purchase and hope to put into your Dell case. Why would you want to replace your motherboard? Well, because you are limited to the type and power of the CPU you get, should you wish to replace it. In my case, I would only been able to upgrade processors to a quad-core and only up to 3GHz. Considering the deal I found for the Hex-Core 3.9GHz processor, I knew I was going to have to upgrade my motherboard, as well.

So, it came to be that I had the motherboard and the CPU, but I quickly discovered that there was no way I was going to be able to use it without a new chassis, since the panel headers were never going to line up and there were a couple of important ones – power on and reset. For reference, I didn’t realize that systems wouldn’t even boot without the reset being attached, at the least at the motherboard header level. The one that worked?  After a couple of attempts, I settled on probably the cheapest chassis out there that’s sold by reputable dealers.  The edges of the metal inside the case aren’t ground or beveled so are, in some cases, lethal…  However, the power supply location allowed the connections to still reach the motherboard, something the more expensive models missed being able to do by scant centimeters, but very real distances that couldn’t be overcome by wishy thinking.

The problem was that this process took a solid week and a couple days to get a system back up and running and able to do anything moderately useful.  The REAL problem?  This was smack in the middle of mixing Brendan’s album.

My justification was simply that I had run into a problem where there were three to four songs that I wasn’t able to listen to, in real time, when I was mixing, because the horsepower needed was more than the system currently had.  Here’s the thing – there are two approaches to take here and I obviously took one, which is to up the horsepower of the machine so it can handle all the plugins across the multitude of tracks in the mix.  The other approach, which I would recommend, is to simplify.  If you’re using that many plugins on that many tracks, it’s probably time to change your approach – but I was so new to this world that I didn’t know how to execute that fairly simple process.

For reference, something as simple as setting up a couple of FX busses and sending your tracks to the single FX source will go a long way towards reducing CPU overhead and also make it easier to keep a uniform FX application across all tracks on that particular FX bus.

So, really, the moral to this story is that if you have a song or four that have 15 to 20 tracks, each with effects, and when you hit the space bar to listen and it starts stuttering all over the place because your CPU is seizing and begging for mercy, the FIRST thing to do is look into simplifying the overall makeup of the song either through the use of FX busses or just reconsidering all of the effects, period.  If you’re still running into problems, it’s tempting to upgrade your hardware. Fair enough. My advice?  Don’t do it in the middle of a time-sensitive project.  Really.  It was bone stupid on my part and something I won’t be doing again, trust me.

So you know, though, current incarnations of the songs have 40+ tracks, limited effects bussing and relatively no CPU taxing.  It also helps that system is now a bit more juggernaut-esque, boasting a 3.9GHz six core processor with 20GB RAM. So, maybe the bigger lesson, for me, was how to craft a better mix without being reliant on CPU-heavy effects.  Yes, they sound better.

Producing an Album for the First Time: Part V–An Open Letter To Metallica

One thing that happens with every album, ever, in the history of record production, is that it will leave the artists’ control completely and go to the hands of the Mastering Engineer.  This is the step that puts the polish, the pizzazz, the extra touches on the songs to make them come together as an album.  It’s also, of late, where a completely listenable album gets killed.  This was the lesson I learned from Metallica’s “Death Magnetic” album.

Dear Metallica:  Do NOT allow this to happen, again.  Please. Please. PLEASE.

For reference, as I sat listening to “Pack Your Bags,” the aforementioned monster with the wall of sound and face-melting music, I was reminded of the difference between the released version of “Death Magnetic” and what later became known as the “Guitar Hero Mixes.”  If you’re not familiar with the tale that wasn’t right, to borrow from Helloween, the following transpired:

  • Metallica recorded “Death Magnetic.”
  • Guitar Hero Metallica needed the mixes – so the unmastered versions were sent.
  • ”Death Magnetic” was sent to mastering.
  • Metallica went on tour.
  • ”Death Magnetic” was released…overloud, and completely lacking dynamics.
  • Metallica was unhappy, and rightfully so.

What’s missing on the allmusic credits is anyone actually directly called a “Mastering Engineer.”  I wonder if that was on purpose.  The upshot is that a very solid, listenable album went to the mastering engineer and left an overdriven, crispy, clipping, mushy mess.  What do I mean?  Well, take a look at the waveforms for “All Nightmare Long.”

AllNightmareLong_comparison

The top waveform is from the album version.  The bottom waveform is from the mixes sent for inclusion in Guitar Hero:Metallica.  It doesn’t take a genius to see that the top waveform is barely a waveform at all, with no room for dynamics and with boatloads of clipping – which you can actually hear in the song as clicking and crackling.  The biggest thing I noticed listening to the quieter, more sedate version of the song was that the intro vocals to each verse are run through a neat filter like James was singing through a fan.  This effect is completely lost in the album version, which is too bad, because it was a neat effect.

Dear Metallica: Do NOT allow this to happen again.  Please.  Please. PLEASE.

This was the lesson that I brought with me into approaching what is already a mine-field in the self- or tiny-budget-production arena, and that’s mastering your own mixes.  It’s generally seen as a “no no” and something that, under normal circumstances, I would try to avoid.  However, with no budget, it’s kind of hard to justify $50-$500 per song for mastering.  To me, what “Death Magnetic” told me, in no uncertain terms, was that – no matter what – don’t just slide the volume faders all the way up.  It also kept me mindful of the waveform, that precious waveform.  What it didn’t really prepare me for is how hard it is to maintain that waveform, and keep those dynamics alive, when the feedback from the artist seems to revolve around, almost to the exclusion of anything else, “just a touch louder.”  It’s hard, and it’s a delicate balance.  I know I’m not the only producer to encounter an artist who wants the album to be loud and in your face.  I think the biggest difference is that most producers have more experience with not only handling these requests with a polite, “no,” or, more importantly, how to actually give the bumps in volume without the rest of the mix suffering.  That was the biggest challenge for me.

I think the worst part, for me, is that while working on this project, I was learning constantly.  Now, that, in and of itself, isn’t the bad part.  The bad part comes when you’ve sent all the masters off to the artist and they’ve been submitted for duplication and then you find that better way, that cleaner mix, that perfect sound.  Below is an example of that.  The song is “Tiocfaidh Ár Lá (Our Day Will Come)” and the top waveform is the album version while the bottom waveform is the “Perfexion Mix” that I’ve put together since.

Tiocfaidh_comparison

While it’s still nothing compared to the brutality that occurred with “Death Magnetic” and “All Nightmare Long,” it’s still a drastic difference.  While the bottom version of the song is obviously going to be quieter, meaning you’ll have to turn the volume up a bit if you want it to be the same volume, it’s also got much better definition, clarity and overall production quality and, for my money, sounds almost 100% better.  That said, this particular mix came two weeks too late and will, most likely, be relegated to a “remixed, remastered” version of the album to be released in the future.

So, this open letter I spoke of – here goes:

Dear Metallica,

Your music is enjoyed and treasured by millions. I have been a fan since “Ride the Lightning” back in 1985 – 30 of my 41 years.  I have been your strongest supported and, indeed, your harshest critic.  It’s probably a little strange, but, after all these years, you’re kind of like family and so, you take the good and you take the bad, but the love is still there.  I don’t know if you noticed that this past album, “Death Magnetic,” the criticism was not “wow…this is NOT metal, OR Metallica,” but instead, “wow – there’s so much of this album I’m NOT hearing because of the production and the decision to mash the living crap out of the mixes to win the ‘loudness war.’”

There are so many dynamics-related things on “Death Magnetic” that a lot of people missed because they didn’t seek out a little-known, but well worth the investigation, group of files called the MIII mixes.  These mixes were the pre-master mixes that all had everything – clarity, dynamics, tone and, yes, power.  Sure, you had to turn it up a little more in the car, but you could also hear the bass line in “End of the Line,” the guitar movement during the chorus of “Broken, Beat and Scarred,” and, as mentioned above, the filtered vocals in “All Nightmare Long.”  While I’m not expert or a producer on the level of Rick Rubin – heck, I’m not comfortable being in the same sentence with Mr. Rubin! – I am someone who’s got enough mixing and producing experience under my belt to know one thing – to hell with the loudness war.  It is, indeed, a war no one wins and when it comes at the expense of the band – you know, you guys…the ones who pour your heart, soul and money into producing the music you love – and, ultimately, the fans who are paying to hear the music you’ve produced, it’s definitely a war not worth fighting.

So, with that, please take that into consideration when you enter and, eventually, leave the studio.  For the love of all that is good in this world, make sure your waveforms are clean, gentle and beautiful – full of dynamics and perhaps, more importantly, clarity.  Please make sure that my ears will hear every note, every high hat, every heavy, palm-muted down-stroke, every harmony.  Please take every step possible to make sure that the producer doesn’t allow the mastering engineer to take your hard work and turn it into an overloud, unlistenable jumble of crap, but instead a polished, pristine album worthy of the name “Metallica.”

Sincerely,

Phil

Producing an Album for the First Time: Part IV–Creating Monsters

Now, I’ll preface this with saying, these aren’t tutorials.  There might be some nuggets of "how-to"-ness in there, but these are softer, more philosophical pieces that take you into the challenges I faced and how we got from "sure, I can help!" to "that’s it!  It’s perfect as we’re going to get it!  Let’s do this!"  For the record, we’re not there, yet.  Are we ever there, yet?

So…there’s this song.  It’s got a good hook and a good guitar line.  The vocals are good on the scratch track.  All in all, it sounds like a good track, probably on the back end of the album to help balance it out and make for a solid album start to finish.  Then something happened.  We brought in this fella John who was to play “fiddle.”  Well, John so happens to be brilliant and talented through and through and within one practice take with this song, we were all looking at each other like…”wow!”

At that point, the rest of the track needed to be laid down and with each piece, the monster grew.  Soon, there were re-recorded vocals, guitars, bass, bagpipes, bodhrun, djimbe, drums, and violins.  Some didn’t make the final cut.  Some takes got spliced and reworked enough to make a couple of solid tracks with the best all in one place.  If you were to place all the tracks into the mix and just let ‘em go, it would make you twitch – there’s THAT much going on in this song.

As happens, there were, in total, 48 mixdowns of this song to get it “right,” and, I think I mentioned, I’m not sure we are 100% there, but, we’re really close and part of it came from understanding that compression does when met with four main sources of volume in a track, even when there are 16 total tracks (excluding fx tracks).  We ran into a problem with the monster, once everything was fixed, tonally through EQs and light compression, some reverb here and there, and so on.  What’s the problem, you ask?  The monster gets hungry and has to eat things.

OK, so the metaphor may be getting stretched a little, but here’s the bottom line – when one thing gets loud, something else gets soft, and finding the balance is the true monster.  I tried so many methods to get the vocals to sit nicely while still allowing you to hear each part clearly.  It was almost comical, though, as I’d have what I thought was a good balance, and then after mixdown, the vocals would either be lost or so up front to a point where everything else sounded lost in the background…   So many iterations!  I finally discovered the culprit – the compressor in the Master track.

Full disclosure – I use the Slate Digital FG-X Mastering plugin and I really like it.   That said, it does what compressors/limiters do – when one thing gets louder than the threshold, it makes it quieter and when one frequency range is dominating the mix, bad things happen, overall.  What I found was, each individual track sounded absolutely fine when solo’d.  When I had vocals and “instruments,” it was fine.  The culprit?  The drums.  The train driving to oblivion was, in fact, obliterating the mix.  When I added the drums back in, the overall sound dropped ~3dB and, specifically, the vocals sank closer to 4dB. 

So, how does one tame a monster like this?  I basically figured out that I had to do what I tried a while ago – mix down the instrumentation and vocals separately and bring them together for a mixdown and then send that mixdown to the mastering round.  It wasn’t the most elegant solution, but it was the only solution I found – remember I’m a bit of a rookie with this! – that allowed the full dynamics of the instrumentation (all of it!) and vocals to coexist.  The end result?  An Irish Rebel Rock song that feels a lot like the Motörhead “Orgasmatron” cover train looks.

Facebook, Release Teams and Good Manners

I have worked in every aspect of the software design life-cycle.  I have gathered requirements, documented those requirements, distilled those requirements, programmed those requirements, tested those requirements and released programs and/or updates reflecting those requirements.  It’s through this experience that I have come to understand how to make users happy and, by and large, it comes down to two things — doing what you say you’re going to do and good manners.

Doing what you say you’re going to do kind of goes without saying, I would hope.  In case not, it comes down to living up to your contract with client, be it written or a hand-shake or verbal commitment with inferred contractual implications.  If your client takes “Sure, I’ll get that to you, tomorrow” as meaning just that, it’s a contract.

Good manners, on the other hand, comprises many more aspects and facts of the company-client relationship and, while living up to the above contractual points have some legally binding aspects, it’s also good manners to deliver what you say you’re going to deliver when you say you’re going to deliver.  It’s also good manners to treat your client with respect, not infer they’re idiots, listen to what they’re saying and acknowledge it.

Sort of a tangent, here.  I’ve been in some discussions, recently, where there’s a fallacy that the client is *always* right.  Nothing could be further from the truth.  Before I get lambasted for such heresy, consider the following revision to that old addage:
“The customer may not always be right, but the customer should always feel as though they are being considered fairly and have their concerns validated.”  Kibitizing over UI look and feel issues tends to bring this up a lot and the last thing the customer needs to hear is, “whatever.  We’re not dong it,” especially when the real case is that the customer hasn’t been informed that this request will break the UI layout to a point where fixing it would put the development timeline much further out and if it’s something they still want to do, this will have to be taken into consideration and whatever contractual gymnastics necessitated by this will need to be ironed out.  Generally, communicating to the client, even when it’s not reinforcing “they’re right,” will be appreciated because it’s showing that you’re listening to them and also, you’re giving them an informed response that can be considered.

To bring this back to the point of this post, Facebook has been epitomizing the exact opposite of this, of late.  I have a post not terribly long ago about the updates to the interface that just get dropped on the user with no warning, no explanation of what has changed and no regard for the user, really, at all.  There is only the misguided and over-simplistic, if not pandering, attitude of “we’re making it better for the user.”

Here’s the thing…it’s arrogant and lazy the way it’s handled, presently, by Facebook’s release team.  To be fair, it’s not just FB, but they’re the most recent release team to irritate me, so they bear the brunt of my wrath.

Why would I cast such aspersions on a team of folks that I don’t know that do, honestly, work very hard and are undoubtedly under a great deal of pressure?  Because the onus for informing the user of major changes in newly released products is on the release team.  The user should be informed of what has changed, especially when it alters major, core functionality.

I speak, specifically, about the “Most Recent” posts display option in the news feed.  It was through the kindness of others that I re-found this *core feature* at all.  It was moved from being the second, immediate option on the left-hand side to buried 2/3rds of the way down in the “extra” options on the right side of the application beneath things like games notifications.  None of this was documented, anywhere, in the release of this app.  I didn’t get a pop-up on the first run following the update informing me of the major changes to the app.  I wasn’t given a run-down of the complete release notes.  I was just pushed the update and left to fend for myself.  That’s arrogant.  That’s lazy.

The arrogance comes in that, because they are the almighty Facebook, there is no reason why anyone would question anything they do, so they can do whatever they wish and people will like it — they have to if they wish to continue accessing Facebook with a native mobile app.   The laziness comes in with how simple it would be to put a pop-up screen that appears the first time you run the app after the update the in the main part of the pop-up highlights the major changes.  For example, “Moved ‘Most Recent’ to an almost impossible place to find.”  Then there would be two buttons: “Dismiss” and “Release Notes.” With these two buttons, the user would have the option to CHOOSE to either read the full release notes or to dismiss the dialog altogether.  There’s the rub — if the information is there and I’ve chosen to not read it, then it’s on me if I can’t find something and, therefore, have no right to complain.  However, if there has been no common courtesy involved and the user has not even been attempted to have the information communicated, then that’s on the release team and that boils down to bad manners.

You wouldn’t just send a deliverable to a major client without telling them what you were delivering.  That would be crazy.  Why would your potential billions of clients be treated any differently?  Not only is that bad maners, but bad business, as well.