karlgrz

symphonic code: my gift to the coding gods

2 Factor Authentication GPG & SSH keys with pass and Yubikey NEO

In the beginning...

For the past few years I've used KeePass as my password management solution, both for personal and work related credentials. It's a great product. When I moved from PC to OS X and eventually Linux I used KeepassX and the Android client, KeePassDroid, with great success. I stored my .kdbx database in DropBox for easy syncing between my many machines and devices. I felt comfortable with the security and usability at the time.

Bombshell

After reading through this thread a little over a month ago I grew a bit skeptical and started to look at alternatives.

Meditate on this...

This led me to what I will affectionately call a "deep dive into the wormhole" that is PGP encryption and, also, GNU Privacy Guard, or GPG. Having used it extensively in practice but not really diving deep before, I was excited to give myself a good reason to research the topic. When I actually tried to generate my own key pair following best practices I realized that there were a lot of things I was not familiar with. I attribute this both to not practicing these techniques as often as other programming paradigms and also my ignorance in the area.

After my research I knew that I wanted a few things from my next solution. I wanted a tool that would leverage an existing GPG keychain. I didn't want to rely on something else generating keys for me, as I wanted to create my own and manage them myself so I could reasonably confirm that the keys were generated in a sound manner. I wanted authentication, encryption, and signing subkeys for daily use on all my devices while my private master key pair could be stored offline in an airgapped USB key. I also really wanted some kind of 2 Factor Authentication.

In the end, I found a solution that fits all my criteria and I have been very happy with it thus far.

pass

When I read that HN thread I was introduced to a little tool called pass, which is a password management tool following the Unix philosophy. Behind the scenes it is essentially a wrapper around gpg (or gpg2) and git, and it works very well. After a little research I was sold. It has a functional Android client (Password Store which also relies on OpenKeychain), and a functional native client (QtPass) for most OS's, so if I did decide I needed to use this in a VM or a different platform in the future I should be covered.

GPG

I won't regurgitate the key generation process here, as I feel others have already done this exceptionally well. I will just link to the resources I used to generate my key pair:

For the most part, I had a smooth time generating my key pair. I did everything very, very slowly so I understood every step of the way, so ultimately it took an incredibly long time. There is so much information online about this stuff buried in forum posts and github issues. These 4 posts captured nearly everything I needed to know about creating a nice key pair that I feel is reasonably private and secure.

Enter the Yubikey

You'll notice some of those posts reference Yubikey NEO, which I started seeing a lot in my research. I ended up purchasing one and am pleased with the results. Essentially, a Yubikey is a hardware token for strong 2 factor authentication. It operates much like a smartcard, but has a few other interesting features that ended up fitting in perfectly with how I wanted my workflow to be.

The Yubikey NEO offers both contact (USB) and contactless (NFC) communications, so I can use one single device with both my laptop and my phone. Beautiful.

Oops

Those posts above cover almost everything you need to get started, but I ran into a couple of issues, probably due to my own ignorance more than anything, but I feel like they might trip up someone else so I wanted to document them somewhere.

When working with the Yubikey NEO, this forum post answered all the questions I had regarding getting my subkeys on to the NEO itself.

One thing that didn't work well was setting GNUPGHOME directly to the USB drive housing my airgapped private key pair in the VM I was using to export to the NEO. I had to copy the folder to the VM (which I questioned at first but in the end, it's an airgapped VM and I conceded that it was reasonably secure for me, but use your own discretion). I tried setting the permissions differently on the key, but the only thing that worked properly was copying directly to the VM. After that I was able to export the keys to the NEO no problem and shred the VM.

4096 v. 2048

When I first generated my key pair I made the subkeys all 4096 bit, thinking that "moar datas" has to be better. Practically speaking, that is the truth. However, Yubikey NEO only supports subkeys up to 2048 bit, which, after some research, isn't a huge deal depending on who you ask, and 2048 bit seems to be sufficient for me. Considering my private master key pair is 4096 bit, when a Yubikey does support 4096 bit subkeys, I should be set without having to generate a new master private key pair.

gnome-keyring

Another thing that was annoying was gnome-keyring was interfering with the interaction between Yubikey NEO pin caching on pass CLI and QtPass. gnome-keyring is enabled by default on Ubuntu 15.04.

After a bit of research, I opened an issue thinking it was a bug. I'd like to take a moment now to give a shout out to Anne Jan Brouwer and his responsiveness to issues and pull requests (he is active maintainer of QtPass). Every interaction I had with him gave me further confidence that this was the right solution for me. Thank you, good sir!

In the end, my problem was solved by a couple simple steps. First, I had to add a gpg-agent.conf to my ~/.gnupg folder with the following contents:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

Also, I had to turn off gnome-keyring and add this to my .bashrc:

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
fi
. /tmp/gpg-agent.env

This seems to be a bit more straight forward on OS X. "Linux UX is rough?" Pfft :-)

Re-encrypt

The last thing that was not very clear is when you generate new subkeys you need to re-init your pass repo with the new encryption subkey. For example, let's assume the master private key pair has been stored away and we are on our development laptop. Let's say this is the output of gpg --list-secret-keys:

karl@deathstar:~$ gpg --list-secret-keys
/home/karl/.gnupg/secring.gpg
-----------------------------
sec#  4096R/ABCDEFGH 2015-01-01
uid                  Karl Grzeszczak <karl@karlgrz.com>
ssb   4096R/01234567 2015-01-01
ssb   4096R/76543210 2015-01-01
ssb>  2048R/00000000 2015-05-01
ssb>  2048R/11111111 2015-05-01
ssb>  2048R/22222222 2015-05-01

This shows that my private master key pair (generated on 2015-01-01) is NOT on my laptop (sec# means your secret key is not on the current keychain, since I left it on the airgapped USB drive). This means if my laptop was stolen, I could revoke all those subkeys, generate new ones with my master private key pair, and then re-publish the new keys to key servers.

It also shows that I had 2, 4096 bit subkeys generated on 2015-01-01, and 3, 2048 bit subkeys generated on 2015-05-01 that are stubs (the actual private key resides on a smartcard, in this case the Yubikey NEO).

What this doesn't show is that the 2, 4096 bit subkeys were revoked and they were the keys used to originally create my pass entries. At first I was trying to whip up a quick script to re-encrypt my entries, but pass already has an easy mechanism to do this, like so:

pass init <new-gpg-id>

In this example, my encryption subkey is 11111111, and I would run this:

pass init 11111111

This iterates every entry and re-encrypts it with your new subkey. Awesome!

ssh

Lastly, something I never realized before all this is that you can use a GPG authentication subkey as an SSH key for servers or source control or wherever an SSH key would be used. This has a fantastic side effect of bestowing hardware 2 factor authentication upon my SSH key. It is simple to do once you have all your keys exported to the Yubikey NEO. To get the public key for your GPG authentication subkey you run the following command:

gpgkey2ssh <id-of-authentication-subkey>

So in my case, my authentication subkey in the previous example was 22222222, so I'd run:

gpgkey2ssh 22222222

The output is the public SSH key, which you can paste into github, bitbucket, or the authorized_keys file on your server. Having to type my Yubikey NEO PIN one time every time it is inserted for SSH is a mighty fine compromise for the hardware two factor authentication.

Commentary

There exists services like keybase.io which is a great thing. They are trying to take a very complex set of operations and make it more accessible, which I think is fantastic. This stuff needs to be MUCH simpler in order to gain a wider adoption. Right now, the state of world is clear: it's just not ready for mainstream consumption.

I am not a member of a government agency, or a security professional, or someone dealing with health care numbers on a day to day basis. I'm just a software engineer, but I do work with lots of things that for one reason or another should be private. It is nice to see an entire community of people that have the same goals and ideals behind encryption and keeping data private that I do. Having followed these procedures, you should be reasonably confident that you have done a good job in protecting your encryption keys and the data you are encrypting with them. It's a shame there are so many agencies, governments, and private companies trying to put backdoors into the very same encryption tools that protect them as well. One day these techniques will be outdated and, possibly, easily hacked or brute forced. Hopefully, by then, we will have better options for protecting our data. But we need something right now, and this feels like the best way currently.

Here's the opinion I formed for myself after this exercise. We need a new approach. There has to be a better way to do this. I don't know what that is, but I want something better. The tools we have right now leave a lot to be desired. They're functional, but they are not "usable." I think if we (the community) spent a bit more resources on smoothing out the rough edges then there would be wider adoption of these tools.

In order to be a standard, people have to use it. In order to get people to use it, there has to be a standard. In order to be a standard...

I read a great quote by Moxie Marlinspike about GPG:

In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I’m still excited about the future, but I dream of a world where I can uninstall it.

I like GPG, but I also want something better.

I'd love to hear your own ideas about this stuff, as well as how I can improve the techniques I have described here. This has been a fascinating learning exercise, and I feel like I've only scratched the surface.

Ubuntu Unity: Changing from High DPI to Dual Monitors

I've been running Ubuntu Desktop on my desktop machine at home for a few years now (I put together a great system in January 2014). Just recently, in November 2014, I switched my work laptop from a retina MacBook Pro to a Dell XPS 15 (High DPI w/ touchscreen: amazon.com ) running Ubuntu Desktop 14.04. For some reason, I prefer Linux to OS X, I guess I'm weird, heh.

The screen on this model is a 3200x1800 touchscreen, and text looks just as good (if not better) than the retina MacBook does at max DPI.

The problem is: it's Linux, so...high DPI is not exactly a well supported feature throughout the ecosystem.

At the time I received the Dell, it was pointless trying to run day to day work activities in high DPI. Everything looked all jacked up, whether it was browsing the web in Chrome or Firefox, editing text with Sublime Text, chatting in HipChat, querying postgresql with PgAdmin, or looking at source trees in TortoiseHG, amongst other things. Odd stuff like this was commonplace:

A photo posted by Karl Grzeszczak (@karlgrz) on

I tried all kinds of hacks and settings to get things working nicely, but alas, it was frustrating, and it was just easier to run in 1920x1080. It still looked ok, but it wasn't as good as it could be.

This pissed me off, obviously ;-)

Last week, I saw an update for Chromium. Every time I see an update for Chromium, I try it on high DPI. Lo and behold, they finally have scaling working properly! Huzzah! This is what it looks like now:

Present day Chromium

So I put in a bit more work, and I'm happy to say my entire workflow can be sustained in high DPI, with a few caveats that I can put up with.

  • HipChat still looks a little weird (shrug)
  • PgAdmin looks really weird. Query output windows are really smooshed in grid view.
  • TortoiseHg is hilarious:

Thanks, QT

  • VirtualBox guests have no respect for scaling factor. This is fine, because I don't do much work in Windows anymore, so I just need to run an IIS server for MVC 5 apps until vNext is fully supported on Linux.
  • Dual monitors are still jacked up because you can't set monitor independent text scaling factors (I think this is supported in 14.10 or 15.04 but I can wait for that).

So this is great when I'm just using the laptop, but what about when I go to the office and use my second monitor?

Like I said, I'm on 14.04, so this might be better (or hopefully unnecessary) in 14.10 or 15.04 (PLEASE let me know in the comments if it's the case!), but I just whipped up a couple very simple scripts to run when I switch between the two.

SetupForHighDPI.sh

#!/bin/bash

dconf write /com/ubuntu/user-interface/scale-factor "{'DP1': 8, 'eDP1': 16}"
gsettings set org.gnome.desktop.interface text-scaling-factor '1.25'

SetupForDualMonitors.sh

#!/bin/bash

dconf write /com/ubuntu/user-interface/scale-factor "{'DP1': 8, 'eDP1': 8}"
gsettings set org.gnome.desktop.interface text-scaling-factor '1.0'

What these scripts do, basically, is just automate setting the Text Scaling Factor from Unity Tweak Tool and the Scaling Factor from Settings -> Displays menu. You'll need to find the settings for your specific system, these posts helped me out:

http://askubuntu.com/questions/454279/change-default-system-font-using-terminal-only-in-14-04

http://askubuntu.com/questions/510457/how-do-i-get-the-value-of-display-scale-for-menu-and-title-bars-from-the-c/510476#510476

It's annoying to have to run a script each time I switch from just the laptop to using my external monitor at work. It's all worth for those beautiful looking, high DPI fonts though!

Hopefully soon I won't need any of this and high DPI in Unity will Just Work™. A lot of people tell me to switch to GNOME or KDE or xfce. I've used all those, and while they are great in their own right, I've come to like Unity. It should work well here, too. It seems like all the problematic apps are using QT. Could be a coincidence.

My Favorite Records of 2014

Another year down, another year where my only post is about my favorite records. Fitting.

This year didn't have nearly the volume of great records that was bestowed upon us in 2013, but there was still an abundance of quality stuff to go around. There's quite a few surprises in here. Get on with it!

Spoiler alert: I'm still looking for a contender to Yellow & Green for "Album of the Decade." Maybe next year...

25.) Trap Them - Blissfucker

Grindcore meets crust punk for a bone-slamming ride on the thrash train. I really like these guys. Fast paced record for when you want to let off some steam.

24.) Alcest - Shelter

This record feels like it REALLY wants to just jump out and get heavy at times, but it never really does. And it works. Great songs, a lot of really beautiful musical moments on here. Not quite the same aggression but the feeling is there.

23.) At The Gates - At War With Reality

OG death metal lords are back. What a record. Last year we got a new Carcass and Gorguts record. This year new At The Gates. This album rips. I'm so glad this didn't suck, I was really anticipating it for a long time. TONS of great guitars in here.

22.) Devin Townsend - Z²

Devin Townsend is on a roll. This is more of a theatrical performance than just "a metal record." The first album is Devin Townsend Project, the second album is Ziltoid. I thought all the voice acting was really something special, and really made for an incredible listening experience. On the second playthrough I skipped a lot of the skits, but you should give it a full listen at least once. I would love to see this live with a full stage show.

21.) Primus - Primus And The Chocolate Factory With The Fungi Ensemble

Do you like Primus? Do you like Willy Wonka? If either answer is "yes" you are in for a treat. If both "yes" then you will love this as much as I did. Someone uploaded a version of the movie that has this synced up with the soundtrack and it is great. I wonder how this sounds on mushrooms, which is clearly how they wrote and recorded this. And probably intended for it to be listened to. Weird and creepy, just the way I like it.

20.) YOB - Clearing the Path to Ascend

For some reason I thought these guys were even older than they are. I never got into them before, as this was the first thing I really listened to of theirs. Loved this. Great doom record. I need to visit the catalog soon.

19.) John Garcia - John Garcia

Kyuss' frontman put out a solo record. It's as good as you think it should be.

18.) Every Time I Die - From Parts Unknown

I was greatly anticipating this record, and it was a worthy follow up to Ex-Lives. These guys really capture their insane live show on record. Great tunes. Moor is awesome. Keith Buckley continues his legacy with some great lyrics and delivery. Two horns up.

17.) ✝✝✝ - ✝✝✝

Chino's voice is magical. He is in so many projects, and he owns every single one of them. I loved the first two EPs, and this is basically a repackaging of those plus another EP worth of material. The new songs are really good. "The Epilogue" is probably my vote for song of the year. If you've never listened to this and you like Deftones you have no idea what you are missing out on.

16.) Jack White - Lazaretto

Jack White's solo stuff is bluesy rock done right, every single time. Such a good record. The discography he is building for himself is the story of legends.

15.) Killer Be Killed - Killer Be Killed

Supergroups come and go, but Killer Be Killed may be one of the best vocally. Troy Saunders puts out two amazing records in one year, and Greg Puciato further affirms his seat at the top of metal vocalists. And Max does some good stuff, too. The chemistry of these guys is fantastic, I'd really like to see them live. Mastodon fans and DEP fans, this is a little bit different, but some good metal nonetheless.

14.) Floor - Oblation

Sludgy sludge. I -loved- this record. Didn't really get into these guys older stuff but this seems to be their best.

13.) Pallbearer - Foundations of Burden

Arkansas Doom-ers Pallbearer knocked this one out of the park. Every second of this record feels just right. Great record and a great follow up to Sorrow and Extinction.

12.) Insomnium - Shadows of the Dying Sun

Dreary, cold, and dark. This record makes me feel like going on a walk in the winter without a jacket on. It's hauntingly epic.

11.) Electric Wizard - Time to Die

English Doom legends. I never heard of them before this record other than hearing the name, and I was pleasantly surprised to find a deep catalog. This album is awesome.

10.) Darren Korb - Transistor OST

Yes, this is a video game soundtrack. According to last.fm, I listened to this record about 50 times throughout the year. Darren Korb also wrote the wonderfully amazing Bastion OST, which is equally as good. Ashley Barrett is on a handful of tracks on this one, as well, and her voice shines on each track. Outstanding. Spoiler: I have only played the game for a few minutes to make sure it worked on Linux (as Wasteland 2 needs to finished, first).

9.) Soen - Tellurian

These guys claim Tool as an influence right on their wikipedia page. Influence is an understatement. This album rules. Another supergroup on my list, these guys have former Opeth drummer Martin Lopez and Willowtree vocalist Joel Ekelöf amongst their ranks. Ekelöf is a dead ringer for Opeth's Mikael Åkerfeldt on nearly every track. So much, in fact, that I thought he appeared as a guest. This was the closest we got to a new Tool record this year, and it's incredible.

8.) Animals as Leaders - The Joy of Motion

Tosin Abasi kicking more ass, as usual. Awesome guitars. Awesome songwriting. Awesome record.

7.) The Pineapple Thief - Magnolia

The theme of the year was "Look at all these bands you've never heard of that have lots of great songs." This record surprised the hell out of me. It's magnificent. Go listen to the first two tracks ("Simple As That" and "Alone At Sea") and try not to nod your head to the beat. These British rockers started in 1999 and have put out TEN solid, meaty records in that time. This one kind of has a Radiohead meets dredg approach to the song writing (I guess). Excellent discovery and excellent record. I wish I heard of these guys a long time ago.

6.) Opeth - Pale Communion

I think I was one of the few metalheads that actually liked Heritage. I love this record. If Mikael Åkerfeldt doesn't want to scream anymore I am perfectly happy with that as long as they keep records like this coming. Forget what you know about Opeth, the screaming and death metal influences are nowhere to be found here. Classic rock meets bluesy prog magic comes together in a holy matrimony of aural bliss. Spin it.

5.) So Hideous - Last Poem / First Light

Another unknown that blew me away this year. The opening track "Rising" sounds like the audio equivalent of a horror movie. Start to finish, this never lets up.

4.) Winterfylleth - The Divination of Antiquity

Best black metal record I've heard in a LOOONG time. These guys write some great riffs, and the musicianship all around is top notch. "A Careworn Heart" is as good a song as I've ever heard in the genre. Listen to it for yourself, it's amazing. In fact, I'm listening to this as I write this post.

3.) Mastodon - Once More 'Round The Sun

One of my favorite bands. I really liked The Hunter. Crack The Skye was one of my favorite records of all time. This is better than both. Mastodon stepped it up on this. Every single song is memorable. "Aunt Lisa" is my runner up for song of the year (that chorus with the ladies from The Coathangers is infectious).

2.) Slipknot - .5 : The Gray Chapter

This was the most hyped record of the year and this actually delivered the goods. I was worried that the loss of Paul and the booting of Joey was going to turn the rhythm section into a joke, but the newcomers rose to the occassion and delivered.

I'm a huge Slipknot fan, and have been ever since I heard the self titled record and saw Clown douse himself with fire twice on that first small club tour in 1999.

It seems like Slipknot has become it's own genre over the years, turning into something of a giant rock monster in and of itself. I was disappointed with All Hope Is Gone, but it was still ok. But it didn't have that "wow" factor that their other records did, and this left a bad taste in my mouth for the past few years.

This record made me a Slipknot fan again. The Devil In I is probably my favorite Slipknot song since the s/t record, and you can really feel all the passion and emotion that went into the writing and recording of this masterpiece. Say what you want about Slipknot: there is no denying they have captured a pivotal point in their career and turned a terrible situation into a phenomenal piece of art.

1.) Destrage - Are You Kidding Me? No.

"Are you kidding me? No!" is usually what the conversation sounds like after I have been telling people what my favorite album of the year was. There was no doubt. This came out on March 4th and right after the first spin I was saying "NOTHING WILL BE BETTER!!!" to myself.

Another band I had never heard of before this dropped, Destrage is one frenetic pile of energy if I ever heard one. These Italians are all virtuosos on their respective instruments. Every single one of them. In fact, you should check out this documentary from the "Are You Kidding Me? No." recording and just watch Federico bang on the drums in amazement. This guy is one of the best drummers I have ever seen or heard. So good.

Their guitarists (Ralph Salati and Matteo Di Gioia) and bassist Gabriel Pignata deserve to be in every single "Best Metal Guitarst / Bassist" discussion going forward. Mature, deep, insatiable riffs combined with really catchy song writing make for some memorable songs.

And their vocalist, Paolo Colavolpe? I find it incredibly hard to believe that one person makes all the vocal noise on this recording. The blitzkrieg delivery comes to a halt for beautiful singing, then right back to schizophrenic barking in the blink of an eye. I'd be greatly surprised if he can pull any of this off live, but I'll live in wonder for now and just enjoy this incredible recording.

Hands down the best record I heard all year.

Honorable Mentions

  • Tombs - Savage Gold
  • Goatwhore - Constricting Rage of the Merciless
  • Bloodbath - Grand Morbid Funeral
  • White Arms Of Athena - White Arms Of Athena
  • Nothing - Guilty of Everything
  • Architects - Lost Forever // Lost Together
  • Junius - Forgiving The Cleansing Meteor
  • Ne Obliviscaris - Citadel
  • Skyharbor - Guiding Lights
  • Pink Floyd - The Endless River
  • He Is Legend - Heavy Fruit

My Favorite Records of 2013

I listened to quite a lot of new music this year. Lots of metal, a bit of hip-hop, a ton of retro / psychedelic stuff. A lot of REALLY BAD garbage.

These are all the albums that stuck with me somehow. Mostly, these are the albums I played more than once. Overall, I'd say 2013 was one of the best musical outputs of any year this century (so far). Here's my favorites...

25.) The Safety Fire - Mouth of Swords

I was pumped to catch these guys with Between the Buried and Me in the fall of 2012. But I missed the show. I had heard so much good stuff about these guys but never listened to them before. Mouth of Swords really wowed me. Excellent metal record, right up the BTBaM alley. Tommy Giles even makes a guest appearance. I really like their song writing, solid record overall.

24.) Eminem - The Marshall Mathers LP 2

Ok, before I go into this record, my gripe with the title. I got into several heated arguments about the title, and how I don't think this record IN ANY WAY resembles a "follow-up" to the original opus. But I digress...

What a banger. Front to back, this record is awesome (with a couple misses in the middle). Rap God, Berzerk, and Brainless are all stand outs. This guy spits fire at the drop of a hat, and I love listening to him rhyme.

23.) David Bowie - The Next Day

Bowie is timeless. This record really blew me away. I wasn't expecting it to be bad, but I didn't think it would be this great. He keeps up with the times AND holds onto his bread and butter songwriting.

22.) Tesseract - Altered State

The sophomore record from Tesseract. 4 songs divided into 10 tracks. All clean vocals. Progressive metal masterpiece. A brilliant follow up to One, if you like intricate, progressive metal, check this out.

21.) Russian Circles - Memorial

I love this band. They make some excellent atmospheric instrumental metal. Memorial is no exception.

20.) Dead Letter Circus - The Catalyst Fire

I first heard about these Aussies from a friend of mine when he showed "One Step" and I was chomping at the bit for more.

I was really looking forward to this record, and it shines. Kim Benzie's voice is incredible. Reminds me of Maynard.

19.) Ghost - Infestissumam

Ahh, Ghost. What a band. What a record. These guys have really grown on me in the last year. Infestissumam is an excellent record. If you can put aside the EXTREMELY over-the-top Satanic references you get some truly great 70s-style fuzzy metal, and it rocks.

18.) Protest the Hero - Volition

What do you get when Protest the Hero has Lamb of God's Chris Adler play drums on their new record? A masterpiece, that's what. Better than everything they've ever done, in my opinion.

17.) Kanye West - Yeezus

Yeezus. Weird record. Really weird. But I like it. This guy is full of himself, almost to a fault. But he makes good tunes. Blood on the Leaves, what a jam.

16.) Red Fang - Whales and Leeches

I'd love to party with these guys. They make some kick ass tunes, and have been for a while. I put them in the same league as Mastodon, and they deserve it.

15.) Pelican - Forever Becoming

I played this record 3 times the first time I heard it. It's awesome. These Chicago natives know how to groove and write some truly magical tunes.

14.) The Ocean - Pelagial

Something about these guys strikes me as quite pretentious, but I don't care that much because they rock the house. Pelagial is beautiful, both with vocals and on the instrumental. These guys haven't made a bad record yet, and this one is really great.

13.) Carcass - Surgical Steel

CARCASS! Their first record since 1996 and it SLAMS! This has to be one of the best produced, best sounding albums of 2013. Solid riffs, incredible drums, and great songs. You want some good, solid death metal, then you've come to the right place.

12.) Anciients - Heart of Oak

I never heard of these guys before their debut record dropped. I listened to it the day it came out and was blown away. Kind of a heavier Mastodon with a bit less melody. Great record.

11.) Gorguts - Colored Sands

Razor blade proficiency on these riffs. Gorguts is awesome, and they put out one of the best death metal records of the year.

10.) Kylesa - Ultraviolet

This one caught me off guard. I've heard of Kylesa before, and had an idea what they were all about. They've had quite a history so far. Ultraviolet is just incredible.

The dual vocals of Laura Pleasants and Phillip Cope work so well together. And the twin drummers make for some interesting rhythmic assaults. Slamming record from start to finish.

9.) The Black Dahlia Murder - Everblack

Hands down one of my most anticipated records of the year, and boy did it deliver. I love this band. Everblack was incredible. Production, song writing, riffs, everything was great. I look forward to hearing these songs live when they come around with Carcass.

8.) Clutch - Earth Rocker

I never have been a die hard Clutch fan, but this record might have changed that. Every single song on this record is great. Gone Cold gives me goosebumps every time I hear it.

7.) The Dillinger Escape Plan - One of Us is The Killer

First time I listened to this record I was impressed, but I wasn't falling in love with it or anything. Then I let it sit there for a while, and came back later. And came back again. And again. Now I can't get these songs out of my head. Nothing's Funny and One of Us is the Killer do not leave my brain much. Incredible record from one of the best live bands I've ever seen (there, I said it).

6.) Nine Inch Nails - Hesitation Marks

Trent Reznor came back with a vengeance on Hesitation Marks, and it delivered. This record reminded me a lot of With Teeth or Year Zero more than anything else, and it rocked. Lots of catchy NIN type stuff, and the songs are still stuck in my head. I'm pissed I didn't get to catch any of the live shows, the production looked incredible.

5.) Uncle Acid & The Deadbeats - Mind Control

Best band name ever. This record had to be good to make it into my top 5. Just go listen to it. Stoner / psychedelic rock from the 70s with just enough headbanging groove to make it heavy.

4.) Queens of the Stone Age - ...Like Clockwork

I think this is the record I listened to the most out of anything that came out in 2013. It's so good. Josh Homme is one of my favorite song writers, and I've been a Queens of the Stone Age fan since Rated R. The supporting cast on ...Like Clockwork is all-stars, and the Elton John inspiration is bizarrely amazing. Vampyre of Time and Memory, Smooth Sailing, Fairweather Friends, My God Is The Sun, well, every song on this record should be a single. It's so good. Can't say anything more about it.

3.) Deafheaven - Sunbather

This record is terrifyingly beautiful. I listened to it the day it came out before everyone started praising the hell out of it (though, to be fair, people that leaked it were praising it like crazy long before the release date). I was excited to check it out because I had never heard of them before. Blown away is an understatement.

This record sounds like the band I would want to be in if I was a drummer. The drumming on this record is phenomenal. It's not the most technical or fast or whatever, but it is SO DAMN GOOD and so atmospheric and rhythmic that it makes me want to be drummer.

The guitars are epic. I love the way Kerry McCoy goes from some insanely black metal trill picking riff almost instantaneously into an epic thunderstorm of hanging chords and lush melodies.

George Clarke's vocals are insane. More than just a voice, he adds an additional instrument to each song. You can feel every word and scream that he puts out, and the production makes it that much more impactful.

It's such a damn good record. Do yourself a favor and just listen to it. Forget about genres, forget about preconceived notions of whatever you might think it is, just listen to it as a great piece of music and appreciate it for what it is. I can't wait to see them when they come around.

2.) Purson - The Circle and The Blue Door

Never heard of these folks before this record dropped. Never heard much press. Maybe that's why I love it so much.

Rosalie Cunningham's voice is beautiful, and every single one of these songs was stuck in my head after the first play through. They remind me of what would happen if Blue Oyster Cult, Janis Joplin, and Led Zeppelin all got in a room and decided to write an album together. There are so many beautiful moments on this record that you should just listen to it for yourself. The Contract, Spiderwood Farm, and Sapphire Ward really stood out for me, but the entire thing is a retro nod to the classics, and it's awesome.

1.) Atoms for Peace - Amok

What do you get when you stuff Thom Yorke, Flea, Nigel Godrich, Joey Waronker, and Mauro Refosco into a studio? Apparently a great record.

Seriously, I don't want to know how this was conceived. I don't care how it was recorded. All I know is the finished product is, hands down, the best record I heard all year. Every single moment on this record feels like it is in the right place and naturally belongs EXACTLY where they put it. It blows my mind how many awesome musical moments they have crammed into one album.

I dare you to listen to any song on this album and not be humming it to yourself all day. Try it. You will fail.

I like Radiohead, but I think this blows everything they've done out of the water. Judge, Jury, and Executioner, Default, Stuck Together Pieces, and Dropped...oh man, DROPPED, that song is a monument all to itself. That song sinks the teeth in and just grooves me away.

I look forward to the next record they write, but until then, I'm pretty sure I'll be playing this one a lot in the months / years to come. Album of the year, hands down.

Honorable Mentions

  • .letlive - The Blackest Beautiful
  • A Storm of Light - Nations to Flames
  • Alice in Chains - The Devil Put Dinosaurs Here
  • Amon Amarth - Deceiver of the Gods
  • Arctic Monkeys - AM
  • Autopsy - The Headless Ritual
  • Bad Rabbits - American Love
  • Black Sabbath - 13
  • Black Tusk - Tend No Wounds
  • Bring Me The Horizon - Sempiternal
  • Cult of Luna - Vertikal II
  • Felix Martin - The Scenic Album
  • Haken - The Mountain
  • I is Another - I is Another
  • Ihsahn - Das Seelenbrechen
  • In Solitude - Sister
  • Intronaut - Habitual Levitations
  • Karnivool - Asymmetry
  • Killswitch Engage - Disarm the Descent
  • Locrian - Return to Annihilation
  • Mouth of the Architect - Dawning
  • Mustasch - Sounds Like Hell, Feels Like Heaven
  • Norma Jean - Wrongdoers
  • Oblivion - Called to Rise
  • Orchid - The Mouths of Madness
  • Phantom Glue - A War of Light Cones
  • Pyres - Year of Sleep
  • Pyrramids - Brightest Darkest Day
  • Revocation - Revocation
  • Rosetta - The Anaesthete
  • Scorpion Child - Scorpion Child
  • She & Him - Volume 3
  • Soilwork - The Living Infinite
  • Sound City - Reel to Reel
  • Spiritual Beggars - Earth Blues
  • Stomach Earth - Stomach Earth
  • The Ongoing Concept - SAloon
  • Toxic Holocaust - Chemistry of Consciousness
  • True Widow - Circumambulation
  • Volto - Incitare
  • We Butter the Bread With Butter - Goldkinder
  • Windhand - Soma

Enabling Wifi in Raspbian

I've started playing around with a Raspberry Pi recently. It's pretty slick, but there are a few gotchas I've run into, particularly regarding wifi.

I'm using a Model B Raspberry Pi which came with a USB wifi dongle, since my TV and router are not in the same room.

With raspbmc, it asks for your ssid and passphrase, but with an image like raspian, you have to configure the settings yourself. It's not too bad, but the documentation I searched for was not very helpful or clear.

This worked for me. Here's is what my /etc/network/interfaces looks like:

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "YourSSIDGoesInHere"
wpa-psk "YourWifiPassphraseGoesInHere"

After that, run this to reboot the pi:

sudo reboot

Once it starts back up you should see a message displaying your pi's new IP address handed out from your router displayed during boot.