Review: Hanging by a Hair — Playing Rapunzel

It’s been a long time since I really loved a filk album. “Hanging by a Hair” broke the drought. Mich Sampson and Marilisa Valtazanou, performing as Playing Rapunzel, put the emphasis where it counts: on the songs. The topics are fascinating, the lyrics clear, and the musicianship aimed at bringing out the songs.

album cover, Hanging by a Hair“Hanging by a Hair” has a mix of popular oldies, filk oldies, and new songs. Picking a favorite is hard. I think I’d go with “Lizukha,” for its storytelling, fitting the words to the rhythm, and its frame structure. I could also mention the very distinctive setting of Jodi Krangle’s “The Lady” or the old favorite “Starship and Haiku.” “Ophelia” had me puzzled till I noticed the title; it takes an oblique approach, and I think I’ll have to listen a few times to grok it completely. Mich and Marilisa use a lot of different instruments without overwhelming the vocal lines.

According to the website, it’s available as a download or CD purchase from Bandcamp, but shipping to the US isn’t available yet. (I got the CD at the release party in Germany. I paid for it like anyone else; there aren’t many review copies in filk.)

If I have a complaint, it’s that there are only ten songs on the album. But which is better: a ten-track album with at least eight tracks I’ll want to listen to repeatedly, or a sixteen-track one with four really memorable songs?

Advertisements
Posted in General. Tags: , . Comments Off on Review: Hanging by a Hair — Playing Rapunzel

Let’s not surrender fandom to bullies

The illiberal factions in fandom just want power. They don’t care much whom they go after, as long as they can flex their muscles. The Worldcon 75 committee has offered the latest sample of this, shoving Dave Weingart out as the filk head.

Note: I’ve discovered that Vox Day has linked to this post, which doubtless accounts for the comments below. I’m not letting anyone turn my blog into a mud-slinging fest, so I’ve disabled comments on this post.

Dave discussed what happened here. In brief: Someone got the notion that Dave should never talk to her. He respected this. One day he inadvertently posted a Babylon 5 video link to a chat group which this other person was also in. For this, he was told he could continue to run filk only if he agreed to end all staff contact outside his division. Of course, it’s impossible to run a part of the program that way, so his only choice was to withdraw.
Read the rest of this entry »

Posted in General. Tags: , . 4 Comments »

Tomorrow’s Songs Today on eBay

Cover for Tomorrow's Songs Today

The cover by Matt Leger for Tomorrow’s Songs Today

I’ve put a signed and numbered copy of Tomorrow’s Songs Today up on Ebay. My supply of the first run is getting low, so this may be the last copy of the original run that I sell, since I want to keep a couple of copies for myself.

The book is available for free in ebook form, and the book’s website has updates, but if you want to help support the book, or if you just like having a paper copy, this is your chance.

Posted in General. Tags: , , . Comments Off on Tomorrow’s Songs Today on eBay

Chris Hadfield’s “Space Sessions”

Cover of 'Space Sessions'Like others coming home from OVFF (the Ohio Valley Filk Festival), I found find Chris Hadfield’s CD, Space Sessions: Songs from a Tin Can, waiting for me. My reactions are mixed. It has some very good songs on it, but it’s not the CD I expected.

Hadfield is an astronaut and a musician. his “I.S.S. (Is Someone Singing)” is very popular among filkers, and I hope a convention can snag him as a guest. Space Sessions is described as “11 new songs — all recorded in space. … Hadfield says he hopes the music, lyrics, and the unique circumstances of its creation will give listeners a taste of life in outer space.”
Read the rest of this entry »

Posted in General. Tags: , , . Comments Off on Chris Hadfield’s “Space Sessions”

Filkers can do better

Filk is a community more than a musical style. It’s people in different countries drawn together by the love of songs which are clever, which look toward the future, which examine many possibilities for the world. I’ve found myself as much at home at filk conventions in Canada, Germany, and England as in the United States. Many things about filk have changed over the years and will keep changing, but we should always keep this.

Dandelion logo from FilKONtario siteFilk is a part of science fiction and fantasy fandom, which loves to explore ideas. This means discussion and debate. It means hearing ideas which may make us uncomfortable and being able to think people are seriously wrong without treating them as outcasts. Fandom has been a stronghold of liberalism, in the sense I cited in my last post: “valuing tolerance, freedom, and reason rather than orthodoxy, authoritarianism, and tradition.” (This has nothing to do with the Democratic and Republican parties, neither of which is liberal in that sense today.)
Read the rest of this entry »

Posted in General. Tags: , . 11 Comments »

Filkers on Patreon

Just a list of some filkers’ (or close-to-filkers’) pages on Patreon:

If I’ve missed some, please let me know.

Posted in General. Tags: , , . Comments Off on Filkers on Patreon

The Helva Peters CD project

An IndieGoGo campaign has started to produce a CD of Helva Peters’ recordings and help pay her medical expenses.

In the early nineties, Helva often sang at conventions in the northeast and MASSFILC gatherings. At the time she had a very impressive voice and gave a moving interpretation to her own songs as well as songs by others. She can be heard on the Wail Songs tapes Shoot the Moon, The Programmer and the Elves, and Let’s Have a Filk Sing, as well as the CD set Balticon Tapes (all out of print). Since then, various health issues, particularly Multiple Chemical Sensitivity aka Toxin-Induced Loss of Tolerance, have taken their toll on her, though she still sometimes comes to filksings.

Things have lately taken a more serious turn with her; she now has Stage IV cancer, and family sources are advancing her money for a trip to Tijuana, where she believes a treatment not available in the US will be more helpful to her. She’ll be piling up a lot of expenses and would like to be able to return at least some of that money.

At the same time, it would be a wonderful thing if more of her old recordings became better known to filkers. This project’s goal is to produce a CD from them and raise money that will help her meet her expenses. Harold Stein will produce the CD. All proceeds after costs of materials, which will be minimal, will go to Helva.

Please support the campaign and help spread the word.

Posted in General. Tags: , , . Comments Off on The Helva Peters CD project

The Helva CD project

In the early nineties, Helva Peters often sang at conventions in the northeast and MASSFILC gatherings. At the time she had a very impressive voice and gave a moving interpretation to her own songs as well as songs by others. She can be heard on the Wail Songs tapes Shoot the Moon, The Programmer and the Elves, and Let’s Have a Filk Sing, as well as the CD set Balticon Tapes. Since then, various health issues have taken their toll on her, though she still sometimes comes to filksings.

Things have lately taken a more serious turn with her; she now has Stage IV cancer, and family sources are advancing her money for a trip to Tijuana, where she believes a treatment not available in the US will be more helpful to her. She’ll be piling up a lot of expenses and would like to be able to return at least some of that money.

At the same time, it would be a wonderful thing if more of her old recordings became better known to filkers. Her presence at early MASSFILC meetings was one of the things that kept me coming. We’re both fans of the Ron Perlman-Linda Hamilton TV show Beauty and the Beast, and her song “Vincent (Wells)” is a favorite of mine. Helva is her fannish name, taken from Anne McCaffrey’s The Ship Who Sang, and she’d often sing Cecilia Eng’s “Helva’s Song.”

To accomplish two things at once — raising some money for her medical expenses and making this happen — Helva and I are working on a crowdfunding project to produce a CD of her recordings. Harold Stein has been enthusiastic about the idea, and some other people have set out digging for recordings of her performances. The current plan is that I’ll run the campaign on her behalf. If you read my earlier post asking about raising money for another person, now you know the reason.

I’ve made a video of Helva talking about her situation and asking for support. It will be a while before the campaign is actually online, but I want to start building awareness now. If you have photos or recordings that might be usable, please let me know. If you might like to donate something as a premium, let me know. I’ll be throwing in some number of copies of Tomorrow’s Songs Today. The basic premium will, of course, be the CD. We expect to offer downloads through Bandcamp as well.

A lot is still fluid, but I can promise that everything after expenses, which we’ll keep minimal, will go to Helva. None of the other principals will be paid anything.

Fundraising

I’m making plans for a fundraising campaign for a friend with serious medical issues. This turns out to be rather complicated if I don’t want to get hit with income tax on money that I’m not keeping. I’m not ready yet to reveal specifics; this post is about exploring this issues. If anyone knows more, please let me know.

Fundraising and gifts for an individual are not tax-deductible. If I collect the money and pass it through, the income is the recipient’s, not mine, but if I don’t carefully document that, the IRS could get nasty.

The plan is a crowdfunding campaign, and the key question is what account or accounts the money will go into. I’ve found an article on the Massachusetts Attorney General’s site which looks useful. It appears that opening a special bank account jointly with the recipient is the safest way to go. Commingling money with my personal funds can look bad, so I shouldn’t use my PayPal account; the recipient may have one, or we may have to go with credit cards only. There will be expenses, so I’ll need to have access to the money myself.

If you have suggestions, let me know. I already understand that comments don’t count as legal advice.

Posted in General. Tags: , , . Comments Off on Fundraising

How Lenovo’s spyware works

If you’ve recently bought a Lenovo computer and you’ve been reading about “Superfish,” should you panic? Yes.

Well, no. Panic never produces useful results. But you should definitely act. If you can, return the computer and get a different brand. If you can’t, take prompt steps to remove the spyware.

The best approach is to install Windows (or Linux) from scratch, overwriting the existing operating system, and not using Lenovo’s installation package. The problem isn’t just the spyware; it’s that Lenovo has shown itself to be basically untrustworthy. Even if we assume it accepted Superfish stupidly rather than knowing it was committing a major security breach, Lenovo was notified on January 21 that Superfish used a self-signed root certificate to intercept SSL communications and didn’t respond until the publicity became overwhelming, almost a month later. Update: Superfish was reported for falsifying Google search results on Lenovo’s forums back in September 2014, though that report didn’t note the SSL hijacking.

The root certificate issue may need some explaining. The SSL certificate system, which is central to secure Web communications, relies private/public encryption keys. When you connect with authenticated HTTPS to a server, it queries the server using encrypted data, based on the public certificate. It can respond correctly only if it has the corresponding private key.

But how do you know that the certificate is authentic? The answer is “digital signing.” A key is authenticated with encrypted data from a certificate authority (CA), and the same public-private trick is used to verify the signature’s authenticity.

But isn’t that begging the question? You still need to know whether the CA is authentic. A CA’s certificate can be signed by another CA, and such chains are necessary to handle the vast number of SSL certificates on the Internet. Ultimately it comes down to a trusted source, a “root certificate.” Browsers ship with one or more root certificates, which they trust by default. If a root certificate is compromised, the whole system comes crashing down. It can claim that fake certificates are genuine and allow impersonation of websites that collect your credit card numbers and other personal data.

Lenovo’s Superfish installs a rogue root certificate. It uses it to intercept your secure communications and modify them. It “self-signs” the certificate, so your browser will trust it. You think you have a secure, private channel to a site like Google, but Superfish is listening to every bit you transfer. This is what’s known as a “man in the middle” attack. It decrypts your data, does things with it, and then re-encrypts the modified data and sends it on its way.

Lenovo is intercepting secure communication by feeding users false data. I’m no lawyer, but shouldn’t that be grounds for criminal charges?

The private key is on the computer which runs Lenovo’s subverted version of Windows. It’s password protected, but a little reverse engineering of the software has turned up the password, which is a rather weak one and is now all over the Internet. This means that others can impersonate the impersonator, doing far worse things than injecting ads into your browser.

The CA system is inherently fragile. Superfish isn’t the first to have thought of this scam. There are lots of opportunities for criminals and governments (pardon the redundancy) to steal information this way.

It appears that Lenovo’s removal package, introduced after intense public pressure, removes the Superfish software but not the bogus certificate.

Lenovo has been shamelessly lying:

There has been significant misinformation circulating about Superfish software that was pre-installed on certain Lenovo laptops. The software shipped on a limited number of computers in 2014 in an effort to enhance the online shopping experience for Lenovo customers. Superfish’s software utilizes visual search technology to help users achieve more relevant search results based on images of products they have browsed.

Despite the false and misleading statements made by some media commentators and bloggers, the Superfish software does not present a security risk. In no way does Superfish store personal data or share such data with anyone. Unfortunately, in this situation a vulnerability was introduced unintentionally by a 3rd party. Both Lenovo and Superfish did extensive testing of the solution but this issue wasn’t identified before some laptops shipped. Fortunately, our partnership with Lenovo was limited in scale. We were able to address the issue quickly.

Where do we start? Lenovo makes unspecified claims about “false and misleading statements” without denying anythying in particular. The issue isn’t merely a “security risk,” but an actual, willful breach. Whether it shares the intercepted data with a third party is irrelevant. The claim that a software bug “unintentionally” created the forged certificate and man-in-the-middle interception is ludicrous.

The “third party” in question is a company called Komodia, which devised the interception technology and used its own name as the password for the bogus certificate. According to Forbes, Komodia’s founder, Barak Weichselbaum, “was once a programmer in Israel’s IDF’s Intelligence Core.” Komodia used to offer an “SSL hijacker,” no longer on their website although the Internet Archive still has the page. Komodia explains that “the hijacker uses Komodia’s Redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning.” Purely unintentionally, of course.

Just by the way, here’s a filk on the subject:

Superphishin’

Words: Gary McGath, Copyright 2015

Music: “Superchicken”

When your data is in danger,
When it’s picked up by a stranger,
And they never asked for your permission,
There is someone you can blame
For putting spyware on your disk:
Lenoooooooooovo’s Superphishin’!
 
If it looks like you have well and truly caught it,
You should have known it was infected when you bought it.
 
Now you understand the risk
Of SSL faked on the disk;
A painful death for them is what you’re wishin’.
There is someone you can blame
For putting spyware on your disk:
Lenoooooooooovo’s Superphishin’!
Lenoooooooooovo’s Superphishin’!

Posted in Tech. Tags: , , , . Comments Off on How Lenovo’s spyware works