We're back, babyyyy (& my 2023 music retrospective)

So, first item of business – my blog is back up and running! I had a fake post1 here explaining as much (though I forgot to mirror it on RSS, oops), but I upgraded to a new laptop recently, and in the process lost a bunch of data I needed to keep this site running. It took a while, but I’ve sorted it out. It’s possible that I may have missed something, and if I find that’s the case, I should still be able to rebuild it from a snapshot I have.

Anyway! 2023 is over! It was a terrible year; good riddance, I guess. I’m writing this alone on New Year’s Eve as I get over covid. My idle moments are consumed with the anxiety of returning to my job on Tuesday, as they always are when I’m not consumed by the anxiety of actually being at my job. I genuinely feel like it might kill me if I don’t quit soon, so that’s fun!

I didn’t do one of these posts last year2 for a number of reasons. But, I told myself I would this year. To motivate me to get the blog up and running again, to motivate me to produce some creative output for the void, and I guess hopefully to motivate maybe one other person to check out maybe one or two rad fucking albums. Originally my plan was to write about five albums and five video games. I kind of succeeded at the first part here, I just also threw in five honorable mentions. And I’m planning to break out the video game list into a separate post. Things were getting unwieldy, and I’m honestly still juggling a few games around in my head to determine what makes the cut. Spoiler alert: Viewfinder and Picayune Dreams are guaranteed to make the cut. Even if I fail to get that post out, click those links! They’re good games!

Anyway onto the five albums of 2023 that I want to highlight, in no particular order:

Caroline PolachekDesire, I Want to Turn Into You
Let’s just get this one out of the way since anyone who has a grasp on the type of weird I am probably thinks this is my album of the year. And, y’know, maybe it is. I think it’s a perfect album, if that means anything. But it’s been discussed to death by all the most pretentious people in the world, so what can I add? Well, I will say that I struggled with it for a few months. Generally speaking, I struggle with albums that are stylistically diverse3. My brain was quick to latch on to ‘Bunny is a Rider’, a programming-forward pop track that expresses itself at first blush as quite minimalist. On the whole, however, Polachek describes the album as an exercise in maximalism, “too-muchness, […] overwhelm.”4 And for a while, when ‘Bunny’ would end and throw me right into the Spanish guitars of ‘Sunset’, I was indeed overwhelmed in a way that genuinely challenged me. It was a challenge that brought back my memories of fully learning to grasp and understand and love Kate Bush’s Hounds of Love as an (also perfect, IMO) album. It paid off for me, and if you haven’t heard Desire, I Want to Turn Into You… yet, I haven’t much else to say except that I do firmly believe it’s a must-listen.
PortisheadRoseland NYC Live 25
Okay, being a rerelease of an album from 1998, I guess this one’s a cheat5. I already knew I loved this album; it was already my favorite Portishead album, unequivocally. If you’re unfamiliar with Portishead, it’s worth knowing that their discography is… sparse. They released two studio albums in 1994 and 1997, then just kind of disappeared until releasing Third in 2008. In between those first two albums, however, they did a few live performances – something they were famously uncomfortable with – and in 1998 released a live album and concert film of a performance with a chamber orchestra at the now-defunct Roseland Ballroom. The concert film was all drawn from this one concert, but inexplicably the album release contained alternate recordings of several tracks as well as several omissions. Now we have this remaster, and it’s… imperfect, but still a massive improvement. The tracks are all from the Roseland concert shown in the film, though ‘Elysium’ and ‘Seven Months’ are still oddly absent. A vinyl release is forthcoming, so perhaps length was a factor. Overall though, the track list is much more comfortable and the sound quality is great.
Pupil SlicerBlossom
I am decidedly not a metalhead; hell, I barely even find most forms of rock capable of tickling my brain. Neither of those are statements that I’m proud of, so I am genuinely happy when something breaks through my wall and manages to expand my horizons a bit. When I do dip into metal, it tends to be stuff that leans heavily into to other sonic palettes that are more approachable to me6. Blossom, certainly, is not the first mathcore album, but it did introduce me to the math-rock-but-harder genre, and it’s been an incredible album to keep revisiting and finding little bits and pieces that I can latch onto to kind of better learn how to appreciate the sonic elements of metal that my brain really hesitates to open up to. ‘Momentary Actuality’ was the first track I heard; it’s approachable, it’s incredible, give it a listen. Oh, and if you pick it up, you’re supporting a trans artist. Fuck yeah.
arms body legs flesh skin bone sinew good luck! Wallsocket is… a lot of things. Leading with ‘Cops and Robbers’, a track that plays out my own personal fantasy of fucking off from a miserable job, cashing out on a white collar crime, and running away to the midwest. The album, overall, is presented as a reflection on the artist’s time spent in the fictitious town of Wallsocket, Michigan. Conceptually, it’s intricate. Sonically… Well, I think I have to come to terms with the fact that we’re entering a post-hyperpop era. Genres ebb and flow, and the big players in the space seem to be branching out. PC Music has come to an end7. There are new, big things on the horizon, and I’ve heard several people kind of solidify this moment in time by declaring Wallsocket as the first post-hyperpop album. That’s kind of silly; genre always is. But, sonically, it’s hard to describe Wallsocket without at least imagining some version of a hyperpop-inspired rock album. It’s as many things to the ear as it is to the mind, with beats often built on beds of ad nauseum vocal samples. If you pick apart all of the pieces and try to figure out how they make a song, it doesn’t seem possible. Yet underscores does it, and she does it very well. I can’t get this album out of my head; I think the obvious first track to recommend is ‘Locals (Girls like us)’ ft. gabby start, though ‘Horror movie soundtrack’ is likely my fave. Oh, and if you pick it up, you’re supporting a trans artist. Fuck yeah.
Kiki RockwellRituals on the Bank of a Familiar River
Oh, ho, ho… this is a treat. I think the best way to introduce Kiki is to say that they’re making witch music, but the witches are of the Salem8 variety, and now said witches have power over the men and in the end it matters very little whether this power is magical or not. It’s primal. It comes from the heart, it comes from the land, and it comes from a collective feminine strength. Narratively, she pulls from various histories and mythologies to weave these very freeing reversals of power that stand next to the source material, telling you not to be afraid. I realize I’ve just kind of said a bunch of lofty bullshit here, and I’ve probably made their music seem far more grave than it is, which is a bit of a disservice. Empowering as it is, this album is also just a ton of fun. Watch the behind-the-scenes footage for ‘Burn Your Village (Same Old Energy pt. II)’, it’s a blast. My favorite track is likely ‘Madeline’, though its working with a much darker and quieter sonic palette than the rest of the album. Fantastic album, shout out to the friend who introduced me to Kiki’s music. Oh, and if you pick it up, you’re supporting a queer artist. Fuck yeah.

  1. Fake meaning I just manually added something to the homepage that kinda sorta resembled a post. I’ll try to make sure it’s archived. ↩︎
  2. I can honestly just… drop a 2022 recommendation down here as an honorable mention, right? À Dada by Ruby My Dear is just… a perfect, impeccably tight breakcore album. Just listen to this fuckin’ track. ↩︎
  3. Gonna go ahead and drop an honorable mention here for 100 gecs10,000 gecs. Their debut release was one of those albums that sort of fundamentally rewrote the ‘what is music’ part of my brain (and I was already on the hyperpop train). This follow-up is incredible, but again… it has some stylistic jumps that make it hard for me to take in as an album. I’m working on cracking its structure into my brain, though, and I still recommend folks listen to it. The opener, ‘Dumbest Girl Alive’ cemented itself as a personal anthem as soon as I heard it (y’all better put emojis on my grave). Oh, and if you pick it up, you’re supporting a trans artist. Fuck yeah. ↩︎
  4. Quoted from the interview segment around 16:04 from Polachek’s KEXP performance earlier this year. The entire performance is worth watching, and KEXP is worth giving a sub to if you haven’t already. ↩︎
  5. Since I’m admitting that the Portishead rerelease is a cheat, it’s only fair that I just drop an honorable mention in here. That’s gonna be André 3000New Blue Sun. If you missed this release dropping, it’s… not a rap album, but a beautiful swirl of Windham-Hill-esque acoustic and digital flutes. I didn’t spend enough time with it to really have a lot of deep thoughts, but it’s very pretty and absolutely worth setting aside an hour and a half of a day to give a listen. ↩︎
  6. Like, say, Deafheaven’s shoegaze-esque approach to the genre. And since I decided that the Portishead album counts, the 10th anniversary remaster of Sunbather is absolutely an honorable mention for this list. ↩︎
  7. And the final honorable mention of the day: A.G. Cook and EASYFUN’s project, Thy Slaughter, released the perfect end to PC Music, Soft Rock. I honestly just haven’t spent enough time with it yet to really pop it into my short little list here. ↩︎
  8. I use ‘Salem’ here as an American who knows of Salem as the most recognizable shorthand for the otherwise largely European series of religiously- and politically-motivated witch trials all sort of stemming from the publication of the Malleus Maleficarum. Kiki, who was brought up in Germany, has pointed out that ‘Germany was the country with the most witches burned and executed’ (via Hype Medium). That America has not grown as much as we would like to believe since the Salem trials is certainly not lost on her, however: ‘It saddens me that as of the recent overturning of Roe v Wade in the U.S., this song has connected with people on a much darker level. Women have been dealing with the same themes for thousands of years.’ (via The New Zealand Herald). ↩︎

File Managers

In 2023-12, I got a nag email from Jam Software, passive-aggressively letting me know that I was using TreeSize on more machines than I was licensed for. Perhaps they meant my old laptop, from which I can’t delicense because said computer is an unbootable mess of corrupted data. But honestly, it’s hard to say what they meant; the email was as self-contradictory as it was condescending. TreeSize is great software, but a practice like this makes Jam a company I can’t recommend, and I’ve removed the links to their site accordingly.

Microsoft’s File (or Windows) Explorer1 has never been good2. Early Windows felt like a GUI for the sake of a GUI, competition to the Macintosh. The Mac’s Finder was itself quite simple, and also never really quite grew into anything for power users. This makes sense for Apple, but Microsoft started off with a weak simulacrum of Finder and never really got around to embracing its power users. Before Windows was ever released, Peter Norton was selling an incredibly powerful file manager for DOS, Norton Commander3. Far more of a power tool than Explorer could ever dream of, Norton Commander set the guidelines for an entire class of file browser, the Orthodox File Manager or OFM.

Windows 11 has seen a revamp of Explorer that further dumbs down what should be a first-class component of any operating system. Even after shipping this atrocity, they kept stripping it down further, though quickly reversed that decision. All this to say that Explorer has never been a viable option for the sort of user that actually uses their file manager to manage files, and it’s only getting worse. A perfect opportunity to talk about alternative file management paradigms and the software I personally use on Windows.

Orthodox File Managers

So let’s start with OFMs. Dr. Nikolai Bezroukov, who seemingly coined the term, has a whole page dedicated to the philosophy of these managers. In it, he lists many characteristics (‘notions’ as he calls them) of OFMs. Some, like ‘minimal UI chrome’ are vague in definition and feel more like consequences of the overall design and user base and less like requirements. Two of the notions that tend to be sticking points, however, are a ‘command channel’ and ‘tiled, nonoverlapping windows with minimum decorations.’

The ‘command channel’ aspect is simultaneously one of the defining features of an OFM and also one that… is less of a big deal on Windows. The idea here is that the file panes are tightly integrated with a CLI window; both OS and internal shell commands can be executed on a selection in a file pane. This is great on a Unix-like system, but CLI interaction on Windows is… not good. The ‘DOS prompt’ is minimalist; PowerShell is an abomination. Accordingly, while some OFMs on Windows still treat the CLI as a first-class citizen (Far Manager), others relegate it to a small corner of the interface (Total Commander) and others still do away with it entirely (OneCommander).

‘Tiled, nonoverlapping windows’ generally refers to the dual-pane design of OFMs which, on Windows at least, personally feels like the defining characteristic. Bezroukov and others would certainly disagree with me here, but the fundamental paradigm that makes working with non-orthodox file managers untenable is a display that is nominally split into source and destination panes. Fingers on the home keys, navigating to a ‘From:’ and a ‘To:’ directory before making a selection and firing off a single command is, quite frankly, the only way that GUI file operations really make sense to me. The alternative is to spawn two disparate, floating Explorer windows and play the alt-tab game while copy/cut/pasting and/or shudders drag and drop. On a Unix system, complex file operations are quite simple from the CLI itself. On Windows, this is less true, and while a GUI feels more necessary to me, the ideal GUI is still one that shows me a lot while allowing me to fully interact from the keyboard.

NeXTSTEP Innovations: Miller columns and drop stacks

While it’s hard to find any innovations that have come out of Windows Explorer, the long-dead predecessor to macOS, NeXTSTEP, was full of clever ideas. One that is still often re-implemented today (and in fact has been a core function of the Macintosh Finder for decades) is a columnar breadcrumb view known as Miller columns. Put simply, you start with a column for your root directory, and every step that you drill down the tree creates a new column to the right with that step’s directory listing. While it isn’t the best for file management, it is incredibly useful for directory navigation. Aside from file management, it routinely comes up in music software as the mechanism for drilling down from, say, genre to artist to album.

NeXTSTEP had another useful paradigm which, unfortunately, has largely disappeared from the world of file managers. More of a broader shell function, the drop stack lived in the dock as a sort of limbo for files. Files could be added to the stack from all manner of disparate locations, and then a single operation could be performed on this whole stack at once. For my broken brain at least, it is far easier to keep track of everything if I can have this little temporary list of files to review before I commit a change vs. poking around various places and doing multiple smaller file operations. While it is, as mentioned, an uncommon feature, Cocoatech’s Path Finder is a modern file manager that implements a drop stack4. While I have not used Path Finder in years, it always served me well and it still seems like the top choice for an advanced file manager on the Mac.

Visualizing the file system

If you’ve read much of my blog (or even just this very post), you probably know that I’m not overly fond of GUIs. The advent of all this fancy graphical stuff does very little for file navigation and management, in my opinion, but it does open up a lot of possibilities for advanced visualization. This can be as simple as color-mapping the age of files or a complete treemap view of a file system, showing relative directory and file sizes across the board at a glance. Dreamt up in 2001 by Ben Shneiderman and Martin Wattenberg, treemaps are miserable things to look at, as evidenced by Darío Weitz’s assertion that “Treemaps are one of the visual elements most employed in Business Intelligence (BI) presentations”. But despite having the aesthetics of something that was imagined for the worst people who have access to copious amounts of data, they do offer an overview of massive data sets that allow a viewer to easily discern the highest-ranking data for a given parameter.

Space constraints have always been an issue with computing, and treemaps are a reasonable way to let users drill down into the most storage-hungry corners of their machines. It’s hard to pin down what software did this first, but TreeSize was certainly an early example, as was WinDirStat. Easier on the eyes, some utilities such as KDE’s FileLight or DaisyDisk for the Mac rely on stacked pie charts.

My personal file management toolbox

I’ve mentioned quite a few pieces of software already, including everything that I use on a day-to-day basis. But (hopefully) it’s worth expanding on why I use what I use, why I’ve migrated away from other pieces of software, and how I navigate features that may be missing or oddly implemented.

Total Commander (Commercial/$60)

Let’s just get the obvious one out of the way – if you ask any power user dork for a Windows Explorer replacement, they’re likely to respond with ‘Total Commander’. This is justified – it’s powerful out of the box, extensible with a healthy plugin ecosystem, and incredibly customizable. Bezroukov doesn’t seem to care much for it, as it lacks a strong command interface. I’ve already said my piece regarding this, but I just don’t find it to be all that useful on Windows. The misery of the Windows CLI experience is one of my biggest gripes with this operating system. As far as a dual-pane system, however, Total Commander works great. All the menus and keyboard shortcuts are customizable, to the point where I’ve mapped [ and ] as touch-typist-friendly alternatives to the up/down cursor keys. Sync browsing – that is, navigating both panes at the same time if the directory structures are mirrored – is not readily available by default, but it can be added to the menus and/or keyboard via the internal command, cm_SyncChangeDir.

Speaking of synchronization, basic file sync is also included. It won’t monitor/perform realtime sync, but it does a fine job of manual sync. Sync, copy, and move operations all support optional file verification. As is typical for OFMs, the two panes can be switched from source/destination to browse/preview. The preview pane is extensible, and while it doesn’t cover every type of file I might like it to, it falls back on a raw text output which is often a useful fallback. Things like determining whether Windows binaries are x64 or i386 are easy without stepping into an additional application5.

One feature that I mentioned is useful but seldom supported – the drop stack – is absent from Total Commander. No analogue is built in, but a plugin that adds a temporary pane exists, and works well for those times when I really need a drop-stack-style paradigm. Temporary panes appear in OFMs here and there, and do pretty much what you’d expect – they turn whichever pane you set them to into file limbo. All in all, Total Commander deserves its praise as the power-user file manager for Windows.

OneCommander (Commercial/$14/Free feature-limited version for non-commercial use)

OneCommander6 was the first dual-pane file manager I used when I moved back to using Windows as my primary operating system. The free version is feature-rich enough to extensively test, and at the time a full license was in the ballpark of $5. It was an absolute steal for what it was, and I’m honestly happy that the developers are charging more for it now; it’s still a bargain. It was never quite customizable enough for me to use it beyond the handful of times that I really needed two panes, however, leading me to invest in Total Commander.

Over time, it has gotten increasingly customizable. It is very much a modern approach to dual-pane file management. It lacks the OFM-requisite command line entirely, and only runs on Windows 10 or 11. In addition to dual-pane browsing, it offers quite a bit of flexibility with views, including a very nice Miller column view. These paradigms can be combined, yielding a stacked dual-pane Miller column browser. Visually, by default files are color-coded according to age. It has clever little file management ideas like color-coded tags for files and inline notes.

Total Commander requires quite a bit of learning if you’re used to Windows Explorer vs. a different OFM. OneCommander, on the other hand, largely works as a newcomer would expect out of the box. Combined with its approachable, modern UI (and low price), I cannot recommend it enough for folks who are looking for more oomph than what Explorer has to offer, but who are not file management nerds. And while Total Commander remains my daily driver, I’m planning on buying another OneCommander license for my new computer.

TreeSize (Commercial/free version exists as do several license tiers)

Like Total Commander, TreeSize has been around for a while. I mentioned earlier that it might have been the first software to use treemaps to visualize disk usage; certainly it was an early example. The version being sold today still offers a treemap visualizer, as well as a much more palatable pie chart visualization and others. This is TreeSize’s purpose – visualizing and browsing the file system based on file and directory sizes and other metadata.

In its least visual view, essentially a standard file browser pane, it still offers an inline, sparkline-esque visualization of every item’s percentage of the space it consumes of its parent. All of the visualizations can be filtered by other metadata like extension or owner. Much like One Commander, the age of a file can also be factored in. Detailed reports can be generated and compared as snapshots. At the professional license level (which I don’t have and therefore have not tested), this can all be automated into a task scheduler as well. It also comes with a pretty comprehensive file search utility, which seems a bit strange at first but does tend to go hand-in-hand with the sort of cleanup operations one might use a usage visualizer for.

Disk usage visualizers tend to be pretty simple one-trick ponies, and while TreeSize is still primarily suited for one task, it offers a lot of flexibility in how you can visualize and navigate that task. It’s quick to scan as well, and all in all just reliably works the way I expect it to.

Honorable mentions

Far Manager (FOSS/BSD-style license)
Far Manager is a TUI-based OFM in the vein of Norton Commander. It integrates well into Windows, offering things like a (still TUI-based) right-click contextual menu that matches the one in Explorer. It’s a great little program that I rarely use because I tend to just use shell commands for file management when I’m in a CLI. I have been playing more with it lately in ConEmu and if I come to find a setup here that really works with my workflow, I’ll likely write about it in the future. Far Manager does have a built in temporary pane in lieu of a drop stack. Bezroukov likes this one.
ZTreeWin (Commercial/$30)
Much like Far Manager, ZTreeWin uses a TUI, and much like Far Manager, I’ve been playing with it under the pretense of working it into a workflow with ConEmu. Unlike Far Manager, it’s entirely tree-based and not an OFM. It’s a clone of XTree/XTreeGold from the DOS days, and therefore really only shares UI paradigms with XTree and other XTree clones. This happens with OFM’s all tending to follow Norton Commander UI paradigms as well, but I personally am far more used to these as they’ve just had better staying power. But ZTreeWin is very quick and has quite a bit of power behind it. Time will tell if it finds its way into my command-line experience, but it is worth checking out.
Tablacus Explorer (FOSS/MIT license)
Tablacus Explorer is an interesting take on a multi-pane file explorer. It lacks a command interface, and doesn’t offer a ton of functionality beyond what Windows provides. My understanding is that the file panes are just Explorer widgets provided by the OS (though I may be wrong about this). What it offers, then, is a highly modular and customizable approach to viewing and interacting with regularly standard browser views. Inbuilt are 2-, 4-, and 6-pane views as well as tree/list views. An extensive add-on library contains yet more views as well as small UX modules for various customizations. And, while I haven’t managed to dive into this yet, it seems like there are a lot of possibilities for writing add-ons and using Tablacus Explorer as a framework for more niche file browsing needs.
Resonic Player (Commercial/69€ with a free tier available)
This one is a bit niche, and it’s still in beta with the last release being four years old at this point, but it’s good at what it does – browsing directories of audio for the purpose of sifting through samples. It auto-plays as you go through a directory, and importantly it’s quick and responsive while doing this. I doubt I’d shell out for the pro version when development seems stalled, but as long as the free version is available, it’s an indispensable tool if you tend to find yourself needing to go through directories full of audio.

  1. For Windows 10, Microsoft changed Explorer’s name from one generic thing to another. I guess I understand why; though I would certainly claim to prefer the old name, I use ‘Windows Explorer’ throughout this post for clarity. ↩︎
  2. I’ve linked to it before, but Gravis (Cathode Ray Dude) posted a fantastic article showing the evolution of Explorer through the years. ↩︎
  3. While it was released by Peter Norton’s company, Norton Commander was written by John Socha. ↩︎
  4. I did find one file manager that implements a drop stack that runs on modern Windows, UltraExplorer by MustangPeak. As far as I can tell, the last version was released in 2009; MustangPeak’s website no longer exists. I would not do any actual work with an unmaintained file manager from four major Windows versions ago, but it does run and the downloads are preserved on the Internet Archive. ↩︎
  5. Look for the PE header which tells the operating system what type of binary it’s looking at. While this is binary info, the most relevant types we’re worried about here are easily grokked in a text preview: L for 32-bit and d† for 64-bit. ↩︎
  6. The official site uses ‘OneCommander’ as one word on the homepage, and rather inconsistently switches to the two-word ‘One Commander’ in the documentation. I’ve opted for the former here. ↩︎

GemiNaut's clever solution to a peculiar problem

I’m a big proponent of the web being leaner and more text-based. In light of how strongly the web has veered in the opposite direction, it’s probably a radical position to say that I think less of the web should have any visual styling attached to it at all. More text channels where a reader can maintain a consistent, custom reading experience feels like a better solution than a bunch of disparate-looking sites all with their own color schemes, custom fonts, and massive headers1.

I often use text-based web browsers like Lynx and WebbIE. I also tend to follow a lot of people who maintain very webring-esque sites, even moreso than mine. But there is more internet than just the HTTP-based World Wide Web. Gopher is, or was, depending on your outlook, an alternative protocol to HTTP. It was more focused on documents that kind of reference one another in a more bidirectional way, and because it never really got off the ground in the way HTTP did, it also never really got the CSS treatment; it’s really just about structured text. Despite most of the information about Gopher on the web being historical retrospectives, enthusiasts of a similar mind to me are keeping the protocol alive2.

Then there’s Gemini3. Gemini is a sort of modern take on Gopher. For nerds like me, it’s wonderful that such an effort exists. If you’re interested in the unstyled side of the internet, Gemini is worth looking into. I do think it needs a bit of love, however, as curl maintainer Daniel Stenberg points out how lacking the implementation details are. I disagree with a few of Daniel’s points; Gemini falls into a lot of ‘trappings’ that HTTP escaped because HTTP development steered toward mass appeal. Gemini is for a small web, one for weirdos like me. The specification and implementation issues seem very real, however, and while I don’t think Gemini can or should get WWW-level acceptance, an RSS-sized niche would be nice, at least, and software sort of needs to know how to work for that to happen.

All of this only really matters for background context. I’ll likely post more of my thoughts on a textual internet in the future, and I’ll likely also be dipping my toes in publishing on a Gemini site. The point of this post, however, is to talk about a strange problem that happens with unstyled text-based content. While there are certainly far fewer distractions between the reader and the content, there’s also a sort of brain drain that comes from sites being visually indistinguishable from one another. I always just kind of assumed this was one of those annoyances that would never really be important enough to try to solve. Hell, the way most software development is going these days, I don’t really expect to see any new problem-solving happening in the UX sphere. But I recently stumbled across a browser that solves this in a very clever way.

GemiNaut4 is an open-source Gemini and Gopher browser for Windows that uses an identicon-esque visual system to help distinguish sites. Identicons are visual representations of hash functions, typically used for a similar version of the same problem – making visually distinct icons for default users on a site. If everyone’s default icon is, say, an egg, then every new user looks the same. Creating a simple visual off of a hash function helps keep users looking distinct by default. I’ve often seen them used on password inputs as well – if you recognize the identicon, you know you’ve typed your password in correctly without having the password itself revealed.

Don Parks, who created the original identicon, did so to ‘enhance commenter identity’ on his blog5. But he knew there was more to it than this:

I originally came up with this idea to be used as an easy means of visually distinguishing multiple units of information, anything that can be reduced to bits. It’s not just IPs but also people, places, and things.

IMHO, too much of the web what we read are textual or numeric information which are not easy to distinguish at a glance when they are jumbled up together. So I think adding visual identifiers will make the user experience much more enjoyable.

-“Identicon Explained” by Don Parks via Wayback Machine

And indeed, browser extensions also exist for using identicons in lieu of favicons; other folks have pieced together the value in tying them to URLs. But GemiNaut uses visual representations of hashes like these to create patterned borders around the simple hypertext of Gopher and Gemini sites. The end result is clean pages that remain visually consistent, yet are distinctly framed based on domain. It only exists in one of GemiNaut’s several themes, and I wish these themes were customizable. Selfishly, I also wish more software would adopt this use of hash visualization.

Aside from browsing Gemini and Gopher, GemiNaut includes Duckling, a proxy for converting the ‘small web’ to Gemini. The parser has three modes: text-based, simplified, and verbose. The first is, as one might expect, just the straight text of a page. Of the other two, simplified is so stripped-down that apparently this blog isn’t ‘small’ enough to fully function in it6. But it does work pretty well in verbose mode, though it lacks the keyboard navigation of Lynx, WebbIE, or even heavy ol’ Firefox.

I had long been looking for a decent Windows Gopher client, and was happy to find one that also supports Gemini and HTTP with the Duckling proxy enabled in GemiNaut. But truly, I’d like to see more development in general for the text-based web. All the big browsers contain ‘reader modes,’ which reformat visually frustrating pages into clean text. ‘Read later’ services like Instapaper do the same. RSS still exists and presents stripped-down versions of web content. There is still a desire for an unstyled web, and it would be great to see more of the software that exists in support of it adopting hash visualizations for distinction.

  1. Yes, yes. ↩︎
  2. In the article, I have linked to an HTTP proxy of the Floodgap Systems gopher root; this page obviously exists on gopher as well ↩︎
  3. Again, in the article the Project Gemini HTTP proxy is linked; here it is on gemini ↩︎
  4. And again, HTTP proxy in the post. GemiNaut site on Gemini protocol. ↩︎
  5. Wayback Machine archive of “Visual Security: 9-block IP Identification” by Don Parks. ↩︎
  6. It sort of works? Posts mostly work, though footnotes don’t. Importantly, pagination is also busted. But again, the situation is much better in verbose mode. ↩︎

TOTP: It's not Google Authenticator

I’ve been meaning to write about this since Twitter announced that only the eight-dollar-checkmark class would have access to SMS-based 2-factor authentication (2FA)1. Infosec circles got back into heated debates about the security implications of SMS-based authentication compared to the risk of losing access to the more-secure option of TOTP. This post isn’t really about that debate, but the major takeaways from either side are that:

User friction is a very real issue, and TOTP will always be more frictional than SMS; I can’t solve that in this post. Personally, I prefer to use TOTP when available due to the risk of a SIM-swapping attack2. This post, however, is more concerned with the matter of keeping your secret portable and within your control if you decide to use TOTP for 2FA.

If you’ve made it this far without knowing what TOTP is, well, that’s almost certainly by design. I would hazard that most people who are aware of it know it exclusively as Google Authenticator. Getting an increasingly-vital, open standard to be almost exclusively associated with one shitty app from one shitty company is certainly very good for that company, but very bad for everyone else. So the first order of business here is to clarify that whenever you see a site advertising 2FA via ‘Google Authenticator,’ what they actually mean is TOTP, or more accurately RFC 6238, an open standard3. Additionally, if you’re reading this and you currently implement TOTP on a site you manage or are planning to, I implore you to describe it accurately (including Google Authenticator as one of several options, if necessary) rather than feeding into the belief that the magical six-digit codes are a product of Alphabet.

So what, then, is TOTP? Even if you know it isn’t A Google Thing, the mechanism by which a QR code turns into a steady stream of six-digit codes is not entirely obvious. This is, typically, how we set up TOTP – we’re given a QR code which we photograph with our authenticator app, and suddenly we have TOTP codes. The QR code itself contains just a few pieces of URI-encoded data. This may include some specifics about the length of the code to be generated, the timing to be used, the hash method being used, and where the code is intended to be used. Crucially, it also contains an important secret – the cryptographic key that, along with a known time reference, is the foundation from which the codes are cryptographically generated. Essentially, a very strong password is kept secure, and from this an easily-digestible temporary code is generated based on time. Because it comes from a cryptographic hash function, exposing one (or more) of these codes does not have the same security implications as exposing the key itself.

Keeping the key itself secret is, in fact, extremely important. Vendor lock-in aside, I assume this partially contributes to the opacity of what happens in between scanning the QR code and having a functional 2FA setup. A large part of the debate over whether ‘Google Authenticator’ is a good 2FA solution is the fact that once your secret is in the Google Authenticator app, it is not coming out. If your app data gets corrupted, or if something misbehaves during a phone transition, you’re out of luck. Hopefully you’ve kept the recovery codes for your accounts safe somewhere. If to you, as to most people, TOTP means Google Authenticator, then this is a very real concern. One goof could simultaneously lock you out of all of your accounts that are important enough to you that you enabled their 2FA.

When I was de-Googling myself years ago, I went through the somewhat-laborious process of generating all new codes to put into Authy. In addition to (or in lieu of, I’m not entirely sure) local storage, Authy keeps your TOTP info in the cloud, allowing you to keep several devices in sync, including a desktop app. While this is a better solution than Google Authenticator, I’m not linking to it as I still think it’s a pretty bad one. The desktop app is an awful web-browser-masquerading-as-desktop-software creation. The system of PINs and passwords to access your account is convoluted. And, while in theory you can put the desktop app into a debug mode and extract your data, there’s no officially-supported path toward data portability. The unofficial method could go away at any time; in fact, while I will credit Indrek Ardel with the original method4, it seemingly no longer works and one must find more recent forks that do. On top of this, the aforementioned bad desktop app and confusing set of passwords meant that it was still just easier to start fresh with new codes when I recently switched away from Authy. Finally, Authy is another corporate product. It’s owned by Twilio, and they seem to want a piece of that lock-in pie as well, offering their own 2FA service that is a quasi-proprietary implementation of TOTP5, as outlined by Ardel.

For years, I’ve been using various KeePass implementations in conjunction with one another as a portable password management solution. I can keep a copy of the database in my OneDrive (or whatever cloud storage I happen to have access to; right now it’s OneDrive but frankly that’s because it’s cheap — not because it’s good) and have access to it from my phone and various computers. I can sync copies to flash drives if necessary, or drop a copy on an M-Disc with other important files to stash in a safe. I was, for a long time, using an unmaintained fork, KeePassX, because it simply vibes better with how I want computers to look and feel than its replacement, KeePassXC does. On mobile, I’ve been using Strongbox6. At some point, I noticed they added support for TOTP codes! The app will happily scan a QR code and add the relevant data to an entry.

This was interesting and novel, and I was already thinking about moving all of my codes into it, simply because storing them that way meant the data was easily recoverable. If I wanted to switch again in the future, I now had access to the secret and any other relevant parameters, and could generate a new QR code from them if need be. But then I happened to notice that KeePassXC, the desktop software I had been avoiding, also supports TOTP codes. And Strongbox’s implementation is fully compatible with KeePassXC’s! This changed things – suddenly this was a portable solution for accessing my TOTP codes and not merely the data behind them. I generated new codes for everything I use (and upgraded my security on a few things that had implemented TOTP without my noticing) and ditched Authy.

While you can add TOTP codes directly in the KeePassXC desktop app, you can’t do it directly from a QR code. Windows is fond of capturing screenshots to the clipboard7; I would love to see an option in KeePassXC that scans an image in the clipboard for a QR code (and then clears the clipboard). Getting codes out is extremely straightforward. Since the data is just in normal entries in my database, a code I scan in via Strongbox will show up in KeePassXC once OneDrive catches up. It is worth noting that this rather shatters the ‘something you know / something you have’ model of 2FA, but the flexibility is there to manage codes and passwords however the user is comfortable. The most important aspect for me was liberating my TOTP data from a series of lockboxes for which I lacked the key.

Ultimately, I don’t think average users care much about data portability until they’re forced to. By the time their hands are forced, the path of least resistance tends to just be to stick with the vendor that’s locked them in8. With TOTP, the ramifications of this can be extremely annoying. More importantly, however, I think Google has done a very good job at preventing users from even knowing that TOTP portability is possible. Whether I convince anyone to store their codes in KeePass databases or not is immaterial; I really just want people to know they have options, and why they might want to use them. I want people to give just a small amount of thought to the implications of having a login credential that you not only have zero knowledge of, but also have zero access to. Frankly, I want people to stop doing free advertising for Google. And finally, I genuinely want a return to an internet where, occasionally, we make our users learn one little technical term instead of letting multi-billion dollar corporations coöpt everything good.

  1. If you’re coming to this post without a basic understanding of 2FA, I’d suggest reading something like Proton’s introduction to the practice, as it’s a bit beyond the scope of what I’m hoping to cover here. The gist, however, is that a password alone is a single point of failure, and 2FA adds an additional security challenge in the case of a password breach, etc. ↩︎
  2. It is important to note that TOTP is not a panacea, there are other attack vectors to worry about. SIM-swapping, however, particularly freaks me out due to the potential for a social engineering attack. ↩︎
  3. Google Authenticator also supports HOTP, or RFC 4226, an increment-based OTP system. In practice, I’ve never seen this method used on its own, though it is itself the backbone of TOTP. ↩︎
  4. For the sake of crediting, Ardel’s gist can be found here. It’s unlikely to work, and in 2020 Ardel left a note recommending users seek out actively-updated forks instead. ↩︎
  5. Quasi-proprietary is, perhaps, a stretch – it just uses different defaults than most. Seven digits and a ten-second time block instead of six and thirty. Importantly, though, it also completely obscures the fact that it’s just weird TOTP from the user. ↩︎
  6. Strongbox has a MacOS app as well; I have not used it. ↩︎
  7. Phrased this way because I’ve lost track of how many inbuilt screenshotting mechanisms this goofy operating system actually has these days. ↩︎
  8. See: everyone still active on Twitter. ↩︎

Rawwwwwr, let's talk about Wavosaur

Okay, so I promise I’m actually working on my 2022 media retrospective post, but I’ve also been itching to write about a particular piece of software that I’ve been getting a lot of use out of lately. I’ve been dabbling a bit with music production in tracker software, a style which is built entirely1 around the use of samples. As such, I’ve found myself needing to work directly on waveforms, editing samples out of pieces of media I’ve stolen or recordings I’ve made directly2. Having used Adobe Audition as both a multitracker and a wave editor for a long time, I rather like its approach as a dual-purpose tool. I do not, however, like Adobe, nor do I really want to wait for Audition to start up when I’m just chopping up waves. It’s too much tool for my current needs. I’ve also used Audacity in the past, which is a multitracker that certainly can function as a wave editor if you want it to. But, among other issues, it’s just not pleasant to use. So I’ve looked into a number of wave editors over the past few weeks, and have primarily settled on Wavosaur.

Wavosaur is not perfect software, I have a few quibbles that I’ll bring up in a bit. It is, however, really good software, with a no-nonsense interface that at least tries to be unintrusive, and is largely user-customizable. It’s quick to launch, and quick to load files. By default, it will attempt to3 load everything that was open when it was last exited, this can be disabled to make things even quicker. While this is true of pretty much any audio editing software, it supports the import of raw binary data as well as enough actual media formats that I can open up an MP4 video of an episode of Arthur that I downloaded from some sketchball site and start slicing up its audio without issue.

Navigating waves is pretty straightforward. Scrollwheel is assigned to zoom instead of scroll, which I do not like. An option for this would be great. It’s not a huge deal, however, since I’m moving around more by zooming than by scrolling in the first place. Zoom in and out are not bound to the keyboard by default; I set horizontal zoom to Ctrl+/- and vertical to CtrlAlt+/-. I might remove modifiers from vertical altogether, but my point is more that binding them to something logical makes navigating helpful, along with CtrlE and CtrlR, the default bindings for zooming to selection and zooming out all the way.

Wavosaur can deal with two different sorts of markers, and these are stored within the .wav file itself. Normal markers can be used to identify all manner of thing in the file. No data (like a name, for example) can be stored along with the marker, so a somewhat sparing use is probably best, but to my knowledge there is no limit to the number of markers that can be added. Other software does allow for similar markers to be named and then navigated by name, but to my knowledge none of these store these in a standardized way in the .wav file itself. I also haven’t seen other wave editing software that supports the other sort of marker that Wavosaur supports – loop markers. There can only be one pair of these — an in and an out — per file. Set your loops to the note’s sustain duration, and you have a very basic implementation of envelope control. While I don’t know of other software that writes this information, both trackers that I’m currently playing with — MilkyTracker and Renoise — will read it4. Wavosaur doesn’t really have a way to preview loop points in context, unfortunately, but the fact that it reads and writes them still makes for a useful starting point within the tracker.

My second-most-used wave editor over the past few weeks has been NCH WavePad5. Aside from the aforementioned loops, WavePad lacks two features that really makes Wavosaur shine for sample creation. The first is the ability to snap to zero-crossings. Doing this helps to ensure that samples won’t end up popping when they trigger (or, with loop points, retrigger). This can easily be enabled and disabled in the menus, though toggling it can’t be bound to a key for some reason. The second is the ability to universally display time in audio samples6 instead of hours, minutes, and seconds. When fully zoomed in, WavePad switches to time based on audio samples, but I couldn’t find a way to set it as a permanent display. Often, with trackers, it’s advantageous to have a fairy intimate knowledge of how many audio samples you’re dealing with in a given sample. Being able to permanently set the display this way in Wavosaur is very helpful.

Wavosaur allows for resampling to an arbitrary sample rate. It has inbuilt pitch- and time-shifting, and a few basic effects like filters. For everything else, it supports VST in a straightforward way. You can build up a rack and preview things live, editing VST parameters while playing a looped selection of audio, and applying once things sound right. There’s some MIDI functionality, though I’m not sure the extent of it. Basic volume automation is included and works well enough. A wealth of visualization tools – spectrum analyzers and oscilloscopes and such – are included, and even have little widget versions that can live in the toolbar. It includes calculation tools for note frequency, delay, and BPM; BPM detection can also automatically place markers on beats. If you set markers at beats in this way, or manually, it will scramble audio based on markers for you.

I said I had a few quibbles that I’d like to get to. I already sort of mentioned one – while keyboard control is decent, not everything can be keybound. Like toggling snap-to-zero-crossings, there are quite a few actions that I would really like to have keyboard control over. Currently you can easily select between marker points by double-clicking within them, but the same can’t be done from the keyboard; overall, selection could use more granular control via menus and the keyboard. One very annoying thing is that doing an undo action resets the horizontal zoom out to 100%. If I’ve zoomed in on a section of audio that I’m looking to slice out into a new sample, I don’t want to lose that view if I need to correct a goofball mistake I made. Finally, something that a lot of good software has spoiled me for is a one-step process for making a new file from a selection. Right now it’s a two-step process of copying and pasting-as-new, which is fine. But it does sort of add up when you’re chopping up a bunch of samples. These are all pretty minor issues, and overall I think Wavosaur is a great little waveform editor. If you’re working with samples for trackers, I think it may be the best choice (on Windows, at least).

  1. There are modern trackers like Sunvox and Psycle that incorporate synthesis alongside PCM sampling, and using tracker interfaces for synth chips goes back to at least the SID. I think that overall, however, ‘tracker music’ mainly refers to or evokes software and music that is entirely sample-based. ↩︎
  2. I need to upgrade my contact mics, but I’m still liking the Tascam GT-R1 for its Hi-Z input. I also love the Zoom Handy H2n for its five-microphone MS/XY configuration, and the flexibility that affords. ↩︎
  3. A caveat here is that a lot of the sample slicing that I’m doing involves copying from a lengthy file into a new file for the individual sample. Doing this creates a temporary ‘paste.wav’ that won’t exist next time Wavosaur launches. ↩︎
  4. The Tascam GT-R1 supports overdub recording, and some other functionality for practice and jam recording, and part of this is a basic looping functionality. They cared enough about this that it gets dedicated buttons on the front panel! But alas, however it does this is not the same standard used by Wavosaur and the various trackers. ↩︎
  5. I don’t mind linking to NCH WavePad because it is quite good, but I wanted to bury the link down here for two reasons. First, their marketing is incredibly aggressive, to the point where they’ve bought ads that come up advertising it as a ‘Wavosaur alternative’ when you’re searching for Wavosaur (software that I might actually refer to as a free alternative to the $39.95 WavePad). Frankly, I just don’t like that. Second, they have a history of bundling bloatware in with their software. As far as the internet says, and as far as I can otherwise tell, they don’t do this anymore. But I think it’s worth knowing companies’ histories with these things. That said, I used WavePad and other NCH software many years ago, and it was solid then. WavePad was solid for me now as well, and had some UI tricks up its sleeve that I really liked. So, past the caveats, I do recommend checking out NCH WavePad if you need a wave editor and Wavosaur isn’t cutting it for your needs. ↩︎
  6. So, this is slightly tricky. Sampling in music refers to playing back short recordings of instruments, beats, vocals, &c. But in digital communication, when we’re talking about PCM audio, a sample is one point of audio. So, in a 44.1khz mono audio file, every second worth of audio contains 44,100 samples. For the purpose of this post, I refer to these as audio samples. ↩︎