‘Heartbleed’ and what it really means to end-users

Once more out of the ether I emerge…and with a new theme, nonetheless.  More on that later.

There’s been a lot of talk (and some panic) about this whole Heartbleed thing in the past few days.  Since most folks that I know are not going to be familiar with what OpenSSL is, or care to learn, I decided to put together a quick “How does this affect me” guide to what this thing actually is, and what you need to do.

What is Heartbleed?

So, imagine that you buy a nice new set of windows for your house, with really secure locks.  These windows are great, and the fact that you have them makes you feel more secure.  Until the manufacturer reveals that they’ve just discovered a flaw in their design, that’s been there the whole time they’ve been making their windows.  This flaw potentially allows someone to bypass or disable those locks…if they know how.

That’s Heartbleed – something called OpenSSL is the “window” and someone’s discovered a flaw that’s been there for a while.  It’s not a virus, but a defect.

How bad is Heartbleed?

Heartbleed basically allows someone with the proper knowhow to eavesdrop on (and steal) information that was theoretically being passed securely via SSL (the green padlock).

This is potentially very bad.  Potentially.

So the bad guys found this flaw?

No.  There are plenty of people (“ethical hackers”, or “white hat hackers”) who try to find system vulnerabilities before the bad guys do.  Heartbleed was found by some of these folks proactively.  There hasn’t yet been any confirmation that anyone’s data has been stolen via Heartbleed.

But still, I should panic, right?

Not quite.  Why?  Well, SSL is used on sites that are collecting personal data (such as login information, credit card numbers, etc.) – the “green padlock” shows up in the URL bar on most browsers:

SSL example

HOWEVER, OpenSSL is only one kind of SSL out there.  This does not mean that all green-padlock sites are now compromised.

So, what exactly IS affected?

Only sites that used OpenSSL to generate their SSL certificates.  But who’s that, you ask?

That’s a good question, and many folks are putting together lists online of sites that were using OpenSSL, and were therefore exposed to this vulnerability.  Since Heartbleed was discovered, many places have patched the hole.

A couple of these lists are here:

An important note: most banking sites out there (the holy grail for hackers) use their own “brand” of SSL – and are therefore not vulnerable.  Check anyway, but you shouldn’t have anything to worry about there.

So…what do I do?

As it says on the cover of the Hitchhiker’s Guide to the Galaxy, “Don’t Panic.”  There are two things you should do; one is reactive and one is proactive.

Reactive – visit the lists above, and if any of them recommend changing your password, do it now.

Proactive – download and use Google Chrome as your browser.  Then, download the Chromebleed plugin so that it can monitor your browsing and alert you if a site you’re visiting is vulnerable to Heartbleed.  If it is, don’t use the site.

Conclusion

That’s really the minimum that you should know about Heartbleed to be an “informed citizen.”  This does sound a bit like Y2K in terms of hype, and people not really truly understanding the nature of the thing.

It is serious, there’s no doubt.  It’s possible that hackers have known about and exploited this for a while now.  But it’s also possible that nobody found it before the good guys, and that patches will be rolled out quickly enough to prevent anything serious from happening.

If you want to learn more about Heartbleed, visit http://heartbleed.com/, or simply do a search on Google (or Twitter #heartbleed).

Hope this has been helpful!

– Matt

PageFlip’s new Firefly pedal – coming soon!

First: yes, I’ve posted again.  Hopefully this will be the swift kick I need as a busy semester begins to wind down.  I’ve had a great experience this semester, and would love to share some of what we’ve done in Music Tech classes here.  More on that later.  To the point….

PageFlip’s George Wolberg has informed me of their Kickstarter campaign for their new product – the PageFlip Firefly.  With the attention that my PageFlip vs. AirTurn post has garnered, I think it’s appropriate to keep that train of thought going on this blog.

The key points of this new pedal are supposedly thus:

  • Programmable “Mode” buttons
  • Illuminated pedals
  • Longer 30-minute timeout period
  • Optional wired connectivity in addition to wireless Bluetooth
  • Brand new design that’s “rugged, hefty, ergonomic, and silent” – emphasis here is probably on “silent”

I am hoping that I will be able to get one for review at some point, and if I do, I’ll definitely reopen the PageFlip vs. AirTurn debate.

Here’s the message straight from PageFlip:

Hi,

We have exciting news at PageFlip!

We have launched a Kickstarter campaign to raise funds for our next-generation page turner pedal: the PageFlip Firefly. The Firefly promises to be the most advanced page turner pedal on the market. It features five programmable mode buttons, illuminated pedals, a long 30-minute timeout period, wireless OR wired connectivity, and a new design that is rugged, hefty, ergonomic, and silent.

Please visit our Kickstarter page to see a demo. You can find us on www.kickstarter.com by searching for PageFlip, or go directly to: http://www.kickstarter.com/projects/106246461/pageflip-firefly-programmable-bluetooth-page-turne

Our Kickstarter campaign lets you place an advance order to get the new Firefly pedal within three months at a 33% savings! In addition, if you order a PageFlip Cicada on our Kickstarter page, you can save $15 and get the pedal within a month – just in time for the holiday season.

Please visit us at www.kickstarter.com (search for PageFlip) and help spread the word. Feel free to contact us at support@pageflip.com if you have any questions or comments.

Regards,
– The PageFlip Team

I am personally excited for some of these features – the programmable Mode buttons and the silent operation in particular.  Only a couple of weeks left – and over halfway to go at this point.  Let’s make this happen!

Noteflight releases version 3.0

After a months-long hiatus to focus on other projects, I’ve returned to the blog world.  I know you all missed me.

UNCG has been using Noteflight in a few classes here on campus for over a semester now, and I have to say that the integration with Blackboard makes it VERY slick.  I’ll blog more about that later, but the big news is that today, Noteflight released its much-anticipated foray into HTML5, with their version 3.0.

Users can try it out by going to Noteflight.com, logging in, and clicking a link at the top of the page.  Also, visiting Noteflight.com on a mobile device (Apple devices: iOS 6 or later) will now take you to the new HTML5 interface.

Noteflight on the iPad!

I haven’t taken the time to play with it very much, aside from tinkering on my iPad just because I could.  But it does look pretty slick so far!  There are some speed issues (which NF acknowledges in their release notes), and some other features that haven’t been ported all the way over to HTML5 yet, but that’s a big reason why Noteflight has kept their old Flash version available, labeled “Noteflight Classic.”

I will post more about our experience with Noteflight Campus a bit later on, as I find more time to evaluate.  I’m also headed down to NOTION’s headquarters today for a product tour, and I’m excited to see what they’ve been up to in the years since I last used their software.  More on that later as well.

So, head over to Noteflight, check out version 3.0, and let’s have some comments!  What do you think of it?

Spotify’s use for the classical musician

Just a quick one-off here, as I’m quite busy with other projects.  I happily subscribe to Spotify.  If you don’t know what that is, you should definitely find out, quickly.  And while it was mostly for personal enjoyment and exploration of music while at work, I’ve found another great use for it as a classical musician preparing for an audition.

The search function is great for typing in the name of a piece you’re expected to prepare for an audition (let’s go with Mendelssohn’s Midsummernight’s Dream, scherzo section, which is standard fare for clarinet auditions).  If I were unfamiliar with this excerpt, and wanted quick access to a large sample size of recordings for my preliminary research, Spotify is perfect.  If you are specific enough in your search query, it’s possible to line up a number of recordings right in a row of the same movement.

That way, I can listen to a number of them back-to-back and listen for interpretive differences, tempo differences, etc. that will help me better prepare for my audition.  It may be true the Naxos can do something like this as well, but you can’t argue with the swiftness that Spotify offers.  And, Spotify has access to some pretty good recordings too!

Its classical library is even getting deep enough where this might be useful for use in schools too – I searched for Eric Whitacre’s Sleep, and found at least 10 recordings.  The “best” recordings may not necessarily be there, but isn’t that a subjective thing anyway?

The cool part about being a paying subscriber is that I can Star the recordings I like (or all of them!), make a playlist, and sync that playlist to my iPhone / iPad for later listening as well.  Audition prep on the go!

Spotify is definitely changing the way I start to prepare for auditions – please feel free to add any info about how it’s helping you!

Protecting your accounts – some password tips, and 2-factor authentication

This post comes a bit later than I originally intended, but with things so crazy here at work as the semester has gotten underway, I’m surprised that I’ve had any time to sit at my desk in the first place.

It may be old news by now, but this article, which details the now-infamous hacking of journalist Mat Honan, is one of the scariest things I’ve read in a long time, at least from a digital life perspective.  Before you continue reading this post, please take some time to read the article if you haven’t already.  (note: the article contains some strong language).

Done?  Good, read on.

Since the time of the hacking, Apple has reportedly stopped allowing iCloud password resets over the phone, and Amazon followed suit some days later.  But the underlying premise here is still very real, and very concerning – just how secure are your sensitive data and accounts online?

This post is going to be a short post with a few links for you to read, focusing on two security measures that I strongly recommend you take.

First, if you have a Google account, enable 2-step verification (also called 2-factor authentication).  It involves a traditional password (“something you know”), but adds an access code sent via SMS to your phone (“something you have”).  It takes more time, but you can opt to do this every 30 days if you’re on a trusted computer.  Plus, you’ll get an SMS in the event that an unauthorized party successfully gets past your password phase on your account.  Rather than go over it in detail here, I’m going to instead link you to a good article and video about it.

Second, in general, your passwords should be strong passwords.  Some guidelines to follow can be found here.  Also, one of my favorite webcomics did a strip about this topic as well, seen here.  Bottom line – password length matters more than all of those “special characters” that website ask you to enter.

Finally, I am exploring password managers such as 1Password.  I haven’t ever used one before, but they seem like a decent enough idea.

Please take steps to secure your online identities and information.  Don’t wait for the companies who hold all of your personal information to patch their holes.  Not everyone who hacks accounts like in the story above is doing it just to educate the masses…

Screencasting on iPad (a followup)

Recently, Technology for the Classical Singer posted an article on how she handles screencasts from her iPad (which are coming out great, by the way!).  I wanted to share a slightly different approach that I came across, mostly because the audiophile in me doesn’t like the idea of feeding the iPad headphones back into the mic.

The solution posted by Tech4Singers wins in terms of simplicity; the screen recording app takes care of the uploading and all for you.  You don’t need a computer at all to use it.  My solutions do require a Mac computer.

Disclaimer: I have two potential solutions, and both are more complex than the one that Tech4Singers suggests.  But I’m assuming that those of you who want to record iPad screencasts are fairly tech-savvy anyway…so you’ll be able to hack it.

  1. The setup begins with an iPad with Touchposé, being projected via AirPlay onto a Mac by way of Reflection
  2. Hook up a microphone to your Mac (or use built-in).  Personally, I have a cheap set of MXL 990/991 mics that I feed into my machine using an M-Audio Profire 610, and I use a pop filter to boot.  I’m a bit more hardcore, I guess.
  3. Download and install SoundFlower (by Cycling 74), an audio rerouting application.  You may need to restart your computer after this (I honestly don’t remember).
  4. Open Audacity, set output device to SoundFlower, turn on monitoring (passes input directly to output without need to record), and make sure your input is coming from your microphone, whether internal or external.  This step will allow us to record our voice during the screencast, and send it to SoundFlower.
  5. Open System Prefs, and set system output device to SoundFlower.  The iPad sound is sent to Reflection during mirroring, and Reflection sends its audio to the default audio device (it doesn’t have its own audio options).  Now we have our voice via Audacity, and the iPad sound via Reflection both being fed to SoundFlower.
  6. Use Quicktime to do a Screen Recording (Lion or later required), selecting SoundFlower as the audio input device, and selecting the area of the screen that Reflection is running in rather than doing a full-screen broadcast.  Now, the audio that we’re feeding to SoundFlower is routed to the input on Quicktime during our screen recording.

The only real downside here is that you are not able to monitor the iPad audio, but neither can you really with the sound coming out of the headphones as in Tech4Singers’ solution.

The second iteration of this setup involves skipping the SoundFlower setup, but involves some post-production merging.

  1. Same as previous – iPad w/ Touchposé –> Reflection on Mac
  2. This time, you’re recording the iPad on Reflection, including sounds.
  3. Set up a microphone as above, and feed it into a new track in Audacity.
  4. Record on both Reflection and Audacity – you’ll end up with a video (with audio) from Reflection, and you’ll get an audio track in Audacity that can be spit out as a WAV or MP3 file.
  5. Merge these two in an application like iMovie, and fine-tune your audio sync as necessary.
  6. Export from your video app.

This second solution is a bit simpler overall, but what I love about my first solution with SoundFlower is that it produces a video instantaneously that can be uploaded right then and there.  The second solution requires less messing around at first, but you add the post-production step, which is not only not really ideal, but takes a lot more time as iMovie (or your app of choice) to bring in, and then re-render the video.  And again, no audio monitoring of the iPad here either.

Regardless, I think Touchposé and Reflection have a lot of use for me in other settings, as I do workshops and training at UNCG on the iPad.  I could see that coming in handy, since half the battle on the iPad is knowing where and when to tap!

That’s it for me.  Hope this has been educational, at the very least.

Teaching Notation Software

WARNING: Philosophical post alert.  Don’t say I didn’t warn you.

In a recent post, I put together a bunch of information on MakeMusic’s buyout offer and Sibelius’ branch closure.  Since that time, there’s been very little else concrete said about the future of these two notation giants.  But I did start thinking again about a worst-case scenario, and about who here at UNCG would be most affected by the (potential) loss of both Finale and Sibelius.

  • Unequivocally, the biggest loss would be to our composition students.  They are knee-deep in this software day after day, and it would be a huge hit to them to not have any more updates to these pieces of software to which they have already dedicated countless hours.  Our Jazz Studies majors, who do lots of arranging, would also feel this quite significantly.
  • The next group affected would likely be our music education majors, but mostly those who do their own full-ensemble arrangements (band / orchestra / choir).  I know that our MusEd majors are required to do some of that for their degree work, but it’s not necessarily something every music educator deals with.  In my days as a band director, I used Sibelius a couple of times for ensemble warmup exercises, but mostly used it to put together worksheets.
  • We also have a small contingent of Music Theory majors, but I suspect that they fall into the same usage case as the Music Ed majors – very little need for the full horsepower of Finale / Sibelius.
  • Finally, we have our Music Performance majors.  Again, drawing from my own experience as a clarinetist and performance major, I’ve used notation software for a few things – most notably transposing excerpts, transcribing handwritten music, and inputting accompaniments for SmartMusic.

As I thought about the degree to which our students would be affected, I imagined what it’d be like for our students to not have these applications.  Finale and Sibelius can do most anything, but could our students get away with something lighter-weight, like Noteflight?

The answer in many cases, I think, is yes.  As a performance major, I could have done most of the stuff I needed to do in Noteflight (except the SmartMusic accompaniments).  As a teacher, I did actually enter a good number of my worksheets into Noteflight rather than booting up Sibelius.  I even created simple Music Theory worksheets / assignments in Noteflight.

The two main cases where I have said “no, I really need something more” are when I was:

  1. Composing or scoring for a large ensemble – Finale / Sibelius is better for this, IMO
  2. Writing a piece of “modern” music (I wrote a few electroacoustic pieces as a grad student) where I need to do things with modern notation, floating measures, etc.

That brings me to my overall point.  It’s my responsibility to oversee and teach a freshman-level Music Technology sequence here at UNCG, and up until this year we’ve taught Finale.  We’d spend a LOT of time on Finale, a good number of weeks in both semesters.  And don’t get me wrong – our students learned Finale pretty well.  But how many of our students really need to know a program like Finale?  Wouldn’t most students’ time be better spent on a simpler application like Noteflight?  Even the free version was enough for me as a performer and teacher 90% of the time.  So why bother teaching Finale to everyone?  Aren’t we supposed to teach relevant, applicable skills?  Many of our music majors here won’t ever need the full power of Finale / Sibelius..aren’t we swatting a fly with a sledgehammer, so to speak?

That’s not to say that no student needs to learn a full-fledged notation app…it would be absurd to claim that.  I think, though, that there is a better way.  So, here’s what I’ve come up with for this year:

  • In Music Tech I, the freshmen will spend some time on Noteflight, but less time than we used to spend on Finale.  In addition, Noteflight Campus will be used in their Theory classes.
  • In Music Tech II, which is only required for Music Education majors this year (another change), Finale / Sibelius will be introduced, with the focus on producing printable full scores for large ensemble (band/orchestra/choir).
  • An upper-level elective course in Music Notation will be offered for those who want / need it later on. Here, we will cover Finale / Sibelius in more depth, and the apps will be our focus 100%.  We could even cover things like MuseScore or Lilypond.

One other thing to consider is this: these Music Tech classes are taken here at UNCG during the freshman year.  How much of this technology changes by the time the students graduate and actually want to APPLY this knowledge?  If we teach them Finale 2012, it’s logical (ignoring current scenarios) that Finale 2016 will be out by the time they graduate.  Anyone else see a potential problem here?  Instead, let’s give them the tools they need to get through their degree program (Noteflight) now, and focus on Finale / Sibelius as an upper-level elective that they can take closer to graduation, so that it has a chance to be more-or-less the same application once they are out in the field.

We’ll see how that track works over the next year or two.  I have a good feeling about it, based on my past experience with these Music Tech courses.  ”Famous last words,” right?  I do think that this approach will offer a number of possible “tiers” of knowledge on Music Notation software, and based on my initial assessment, it only makes sense.

If anyone else out there has experience with this, or thoughts on my thoughts, please feel free to contribute.  I’m not making a statement that this is the way it needs to be; I’m just sharing my thought process, and trying to improve the quality of education for our music majors here at UNCG.

Thanks for reading – I know this was a long, philosophical post instead of a practical one.  More practical stuff coming soon, promise.

Batch optimizing PDF sheet music in Acrobat

After reading numerous posts (like this one) that pose the question, I decided that it’s about time to share my methods for batch optimizing my sheet music scans using Acrobat.

“Optimizing” PDFs, if you’re not familiar with the term, basically does a few things – deskews (straightens), despeckles (removes background noise), and shrinks the file size.  That last one is the one that most iPad users are after – more space means more music you can fit, and means faster loading on the iPad.

The standard way to do this is to open the PDF in Acrobat and select Document > Optimize Scanned PDF.

Optimize command in Acrobat

Getting to the Optimize command in Acrobat

Having to do this with each document individually , however, gets tedious.  Luckily, Acrobat actually has a pretty powerful Batch Processing function that allows users to create a series of commands that can be automatically run on a group of documents, that will save the user tons of time.  Here’s how I created my Batch Optimize action (instructions created on a Mac, running Acrobat 9.5.1, FYI):

  1. Go to Advanced > Document Processing > Batch Processing…

    Batch Processing

    Batch Processing menu item on Mac, Acrobat 9.5.1

  2. Select “New Sequence…” and name it something meaningful (e.g. “Batch Optimize”)
  3. On the next screen, click “Select Commands…” – you should be able to find Optimize Scanned PDF in the Document folder on the next popup.  Select it, and click “Add >>” to add it to the sequence.

    Adding the Optimize action to the sequence

    Adding the Optimize action to the sequence

  4.  Double click the Optimize Scanned PDF action on the right side to adjust the settings for the action.  Here are my settings that I find to produce good-quality scans for a new iPad with retina:

    My optimize settings

    My optimize settings

  5.  Click OK to return to the main window for your new Sequence.  Keep #2 (Run commands on:) set to “Ask When Sequence is Run.”  You can choose your own preference for #3 (Select output location) – if you leave it at “Same folder as originals,” it’ll overwrite the originals.  For me, that’s fine, but if it’s not for you, then you can select either Specific Folder or Ask When Sequence is Run.
  6. Select OK when you’re done, and now your new Batch Sequence should appear in the menu.  Select it and click “Run Sequence” – choose your files and go!

For what it’s worth, I have created another Batch Sequence for tagging my music, forgoing the outdated forScore app for Mac.  Most of the music I tag is guitar music for church, so I’ve created a Sequence (using the Description command) that will tag the PDFs (using Subject and Author, which forScore will interpret as Genre and Composer), and leave the title as is.  So, as long as I title my pieces correctly while scanning, I run two Batch Sequences and my music is forScore-ready.  Heck, if I wanted to, I could even combine those two into one Process – maybe I’ll get to work doing that.

So, there you have it.  Granted, I do have access to Acrobat Pro through work, so I didn’t have to fork over the money for it.  For those of you in a similar situation, I hope this helps.  Acrobat is capable of so much more than I even know, so in a way it’s overkill, but you can’t argue with results.

The World of Music Notation is Changing…

A follow-up to my last post, now that the news has had some time to settle…

The future of Finale’s parent company is in question.  Sibelius’ main development branch is closing down.  Both of these facts have shaken up the music notation world as of late, and regardless of what happens with these applications, one thing is clear: users are losing confidence in MakeMusic and Avid.

I’m posting here for a couple of main reasons: updates, and alternatives.  As far as I know, there has been no real update on MakeMusic’s buyout offer.  Avid has stated a few times (including here and here) that they intend to continue supporting Sibelius, but wants them working closer to their other software devs in CA.  There is a Sibelius support group website (of sorts) that’s popped up, and if you’re worried about the future of Sibelius, I encourage you to visit, read, and consider signing their petition and/or taking other action as you deem appropriate.

However, in the event of disaster on both fronts (Finale and Sibelius are both axed), I also want people to know that there are alternatives.  Of course, in this worst-case scenario, you can likely continue to use your software – just don’t expect updates.  But you also have a few other solutions that you can check out at no cost:

  1. MuseScore - cross-platform, open source, and free.  Not without its bugs and quirks, but the development team recently released a minor version update (1.2), and in my experience it is a very stable program.  http://musescore.org/
  2. Noteflight - cloud-based notation that uses a Flash engine.  Some downsides, such as requiring access to the internet to use it, but this web app is fairly sophisticated.  To access all of the features, there is a subscription fee, but a basic account is free to try.  http://www.noteflight.com/
  3. Lilypond - this is perhaps the most complex, but most powerful, solution.  If you are a coder (or understand markup / code), you may just get into this.  (Confession: I’m getting into this.)  It’s different not doing things with a GUI, very different.  But, the music you can produce with it is crisp, clear, and just really nice.  http://lilypond.org/ - DEFINITELY read their Manual.  A lot.

As I mentioned, I’m in the process of learning Lilypond, but am on hold for the moment thanks to a web development project.  I teach MuseScore as a Finale alternative already, and we will be test-adopting Noteflight this year for its ability to integrate with our Blackboard LMS (a very cool feature).  I really have nothing bad to say about these applications, other than that Finale / Sibelius are definitely more sophisticated, just because they’ve been around longer.  Who knows where any of these three products will be next year, in 5 years, or beyond – but if Finale and Sibelius become dead weight and don’t see any more significant upgrades, it’s only a matter of time before something else steps up to fill the void.

Anyway, that’s it.  More news on this, as well as my experience with Noteflight and Lilypond, eventually.