The YZA

I think most people who don’t play guitar don’t realize how insane RL Burnside’s guitar playing is. He’s a goddamn Guitar Hero (and obviously much much more), and learning to play like him seems to be the Holy Grail of playing for a lot of people out there. I mean, check this out and tell me it’s not badass:

You can’t even see what his strumming hand is doing it’s moving so fast, but you can hear he’s playing a melody, the bass notes, and percussion all with one guitar, looking so damn cool like it’s no sweat off his back, and singing at the same time. There are loads of subpar YouTube videos made by highly technical blues purists (an oxymoron if I have ever heard one) all attempting to teach folks the secrets to RL’s superhuman gifts.

I remember being totally dumbfounded the first time I saw the above video of him playing (and the others from the same series, also on YouTube). I couldn’t tell what he was doing even though I was looking at it with my own eyes. Listening to what he was doing didn’t help much either, since he was basically playing three parts at once and I couldn’t tell them apart. The most confusing thing is how effortless it looks — his hand looks like it’s just strumming up and down, with such shrewd and casual movement, and he’s only using two fingers from each hand. To boot, he’s singing beautifully and without distraction, as if his mouth and his hand were separate machines.

Anyway, I’ve spent the past few months figuring it all out. I thought I had it for a couple months, and played his songs, and realized eventually I was doing it all wrong. I went back to the videos and watched them over and over again and I finally got it. All the instructional videos on YouTube are wrong, and the few pieces of RL Burnside guitar tablature out there are insufficient — they cover the notes, but not the style or strumming technique. I guess if there’s a demand, I could make a video teaching people how to begin to play like him, but at this point I feel like that would be like a magician explaining away his tricks. But, even if you know how to do a magic trick, the skill is in actually doing it, and I promise you that playing like RL Burnside takes lots and lots of practice. If you want a lesson on how to really play like RL, leave a note here.

I’m in Los Angeles, and I won’t sleep. Driving here at night is the ultimate automotive fantasy, better than driving in New York. Winding roads cliffside, big vistas, ocean views and few other cars in the way. I hate reliance on cars, but while we’re driving ourselves into living in an anachronism, I might as well do it right. California is the ultimate car culture, and they do it proper here: four lane highways in the middle of the desert, six lanes in the city, low population density to guarantee civilian street parking, and many, many gas stations. There are so many badass old cars on the road here, too. I never cared much for cars as a kid in the 80s, but it’s probably because new cars have been ugly my whole life, through the present, where most new cars look like a cross between a spaceship and a jellybean. The old cars are on the highways, cruising at 85MPH like all the rest, preserved thanks to lack of rain and snow-melting salt.

Living near Joshua Tree has been really eye-opening. Our town of Yucca Valley is a mix of military families (there is a base nearby where I’m sure they train for all possible desert warfare scenarios), obese lower middle class working folks, sun-damaged desert derelicts and artists, and white trash Meth addicts (they gay Meth heads are on the southern side of the park in Palm Springs). We’re a happy family: I get stares from everyone, big Arab beard and long graying hair. I look like a mountain man, but maybe from the mountains of Afghanistan. That, combined with my Gap sweater and fancy New York shoes, I’m not sure anyone knows what to make of me.

It’s been a treat not having internet at home. If I’m going to waste time, I’m going to do it while doing something productive, like reading or watching the scarce few movies Netflix sends me. Driving down two miles of dirt road from our house to town takes about 10 to 15 minutes, and rattles the BMW coupe I’m driving quite a bit, so the decision to go down for groceries or entertainment is a relatively big one. My communications with friends have suffered a little, but anyone who knows me knows that I’m not a prompt communicator. If I didn’t advertise it so well that I was going away to “The DESERT”, most people who didn’t hear from me for another three months wouldn’t know the difference. Besides calls to my family, I’ve called exactly one friend in New York, and received one phone call from another friend. I did get a fancy new phone though (DROID, by Google, also by Verizon, also by Motorola), and in addition to allowing me to make a receive calls, it’s also a GPS navigator, a photo and video camera, an MP3 player, a web browser, and everything else. So, I can post photos to Facebook and Twitter and feel good that there’s at least one-way communication. Also, Google now formally and officially owns my life, and I am strangely proud.

Not being in New York has been very healthy. Last week, there was a report issued that New York State has, on average, the least happy people in America. I think I will agree with that conclusion: most of my friends back home are pretty down in the dumps, and I’d say I’m no different. It’s a disgusting rat race of desperate comedians and musicians and bankers and advertising execs all being paid way less than they should be, struggling in the hopes that someone notices them. Compound that with the unending stream of “news” from Facebook and Twitter accounts about peoples’ performances, TV shows, successes (and sometimes failures), promotions, etc. and it feels like you’re smothered by insecure, unhappy people promoting themselves mechanically and unendingly. Everyone’s got something to say, but I can’t understand it if you all talk at the same goddamn time.

The quiet is nice in the desert. The winds blow hard some nights, so hard that it keeps me up and frightens me more than a little, but I’ll take that over not being able to hear my own true thoughts among the pollution of the blog-o-sphere and actual physical atmosphere in New York. California certainly has its share of pitiful self-promoters and misguided corporate attempts at creativity, but it’s also got so much more: beautiful, diverse landscapes, lots of space for people to live and make art and noise without splashing piss on each others’ shoes, and a lot of good weather. New York State has the City… and some apple orchards somewhere upstate.

I have been a little obsessed with John Lennon lately. Sure, it’s a little late to discover him for me, but better late than never. First off, it should be obvious to anyone who has listened to his first solo record (John Lennon/Plastic Ono Band) that his best work came after he left the Beatles. Second, I have to admit that I am more than just a little sad about his passing. For a giant like him (and he really was a giant, as a humanistic human, as an activist, and as an artist) to be gunned down by a mentally disturbed nobody saddens me beyond belief — to tears, even. I’ve been listening to John Lennon/Plastic Ono Band for a few years now, thanks to my buddy Robby Grant, but I recently watched the rock n’ roll movie A Hard Day’s Night, starring The Beatles, and I never knew their young personalities before that.

To think that all was good and well in 1963 (when the film was released), the band was so excited for their success, for their future, and so good-spirited about it too, and that all would be so different only seven years later. Anyway, I’m not going to go on giving a history of The Beatles or John Lennon, but I just thought I would make it clear that Xmas with Yoko and Sean in 1980 (only weeks after John was shot down) could very possibly be the saddest Christmas thought imaginable. Sure, there are probably more terrible circumstances than the death of multimillionaire musician and activist, but the world lost a huge positive force the night he died, and I’m sure the reality of that truth was especially brutal and discouraging on Christmas eve. Don’t forget to Imagine all the people, living life in peace, motherfuckers.

I think I’m going to quit playing music for a while.

I’m in California now, living the Joshua Tree park. I have no internet at home, but I’ll send updates via twitter: http://twitter.com/the_yza .

Will post recordings soon. Over and out.

The Telephones, who are one of my favorite local bands in New York, have hit the big time and are playing the Blender Theater next week. Fronted by triple-threat Jesse Adelmen, they play tuneful, rowdy rock songs that you possibly might hear at a bar, but will more likely be hearing at a venue with a marquee. Go see them play:

The Telephones
Monday 21 Sept, 9:30PM
Blender Theater (23rd St. and Lex), NYC

It’s almost 2010! I realized the other day that The Internet cannot be “undone”. There’s no going back to life as it once was before the existence of The Internet, as much as I might fantasize about that. Short attention spans will continue to be rewarded, and memes will spread even faster than they ever have. I spend lots of my waking hours thinking about The Internet, and how I will try to avoid its intoxication. Meanwhile, I’m checking my email and Facebook pretty damn regularly.

To try to combat the fatigue caused by inundation of Internet novelties, I am leaving it behind for a few months. I know, I know: from the regularity of these blog postings, it might appear as if I had already left The Internet behind already, surfacing twice a year to update a web log that’s supposed to inform people about my life. The truth is, I find it obnoxious when people broadcast incessantly (that means you, Dave Hill), so I choose not to pollute The Internet any further with mundane drivel. It’s a hopeless cause, and maybe I’ll come around and start posting all the time, but it won’t be any time soon.

I’m going out to California for a few months. I’ll be living in the desert in a home with little-to-no The Internet access. I’ll be working on purely creative and self-improvement endeavours, including and certainly not limited to: music, writing, reading classics, and learning the Butterfly stroke. I’m turning 30 years old in less than two weeks, and my time is now.

So, get ready to hear even less from me! Or maybe I’ll send Twitter updates from my cell phone every fifteen minutes about how quiet the desert is.

I use a Mac at my day job. It had been years since I’d used a Mac every day — my father bought my Apple sales pitch when I was in the fourth grade and we bought an Apple IIGS (“Graphics & Sound”) for something like US$4000 (and that’s in 1989 dollars, which is US$6860.57 in 2008 dollars according to the inflation calculator). The machine had no hard drive, and at the software store there was exactly one wall of Apple software, as compared with over a dozen walls of PC software (lots of walls at this software store, like a maze).

After a couple years of school reports and Where in the World is Carmen Sandiego?, I realized that PCs were where it was it — lots of software, cheap, lots of hardware options, and most importantly for 13 year old me (and probably for 26 year old me, too): tons and tons of computer games were made for PCs. So we ditched the Apple and bought a Gateway and thereafter I became a PC guy. I admire my old friend Martin Stabe who tricked out his Apple IIGS and used it through high school (till 1997! Maybe even beyond!). Maybe if my parents hadn’t caved in to every consumer whim I had as a child, I’d be better with my money.

Anyway, here I am, using a Mac every day, and realizing that Windows XP sucks to use after using OS X Leopard, and that for software (including games) that needs to run on a Windows machine, I can use Virtualization software like VMWare Fusion or Parallels or the free VirtualBox. So I wanted a Mac machine, but I wasn’t about to spend buckets of dough on an overpriced Apple computer. I decided that I was going to attempt to install OS X on PC hardware, something people have been doing for a few years ever since Apple started shipping Macs with Intel chips (the same chips that PCs use).

So I went to the Insanely Mac forums and read for a while and at first found it really confusing, inundated by too much information, or missing information, or misinformation. The site is entirely dedicated to people hacking OS X to get it to run perfectly on regular, Newegg bought PC hardware. Eventually, I decided what hardware to buy — the motherboard and video card are probably the most difficult choices to make, as your compatibility with OS X will depend heavily on those two pieces of hardware. I bought the stuff, put it all together, and less than two weeks later, after dozens of installs and re-installs, I have the machine almost fully operational. I’ll share details soon.

Since I haven’t written to this blog in ages, and I have been spending a lot of time working on Rails applications, and I need to document some of the processes of my work somewhere, I figured I’d put them here for the edification of anyone who finds him or herself needed the same questions answered that I did. I definitely googled a shit-ton while looking for answers, and as I did that I thought to myself “My lord, people really do spend a lot of time helping others for no material gain. How have I contributed?” I hadn’t, until now. For all you loyal readers of my writing who expect the regular diatribes concerning the regular things people rant about (politics, art, etc), you can safely ignore these posts without missing too much of me. So here goes:

One of the sites I’ve been working on was found to have a security hole (I won’t say which site, for obvious reasons). It turns out that with Rails, if you sniff or otherwise procure the session ID that’s set in a visitor’s cookie (which is normally sent as plain text), you can then make requests to that Rails app as if you were that visitor as long as the session ID is still valid (meaning you could pretend to be that visitor without actually knowing his/her username or password — all you need is that session ID).

One of the solutions to this (besides making the entire site secure and served via https) is to set a secure authentication token (in the form of a cookie) when a visitor logs in. So now we have two cookies: the session cookie that contains the plain-text session ID, and the authentication token cookie, which, for now, contains an encoded string that I’ll explain below. When a visitor logs in to the secure login page, the authentication token is set and sent over https. Then, for the rest of that visitor’s browsing session (meaning until he/she closes his/her browser), all secure requests from that visitor ask if the authentication token is present and valid. If it is, then the request works fine and the visitor gets back whatever page he/she was requesting. If not, the request is redirected to the login page. Since the authentication token is always sent via https and never as plain-text, the only way an attacker could steal it is to harvest the cookie straight from the legit visitor’s machine (via some sort of spyware or virus script).

So I had to implement all this, but because my development environment used Mongrel, I had no way to serve https pages locally (Mongrel, which is the defacto Rails server, has no built in https support). So I had to change the way I was doing things on my local box before I could code and test my secure authentication cookie. I did some research, and found that the best and easiest solution was to install Passenger (aka mod_rails) as an Apache module, and then use Apache to serve all my pages locally (Apache has SSL support). While I’d deployed onto boxes with Passenger, I’d never considered installing it locally (I guess because it’s not available on Windows and I’ve only just started using a Mac again fairly recently). It turns out it’s a cinch to install, and on OS X there is also a Preferences pane that you can install to make setting up local sites that much easier.

So once you have Passenger set up properly and the (Apache) virutal hosts set up on your development machine, you should create a self-signed security certificate, which you can find instructions to do here. This will be used for your secure pages, and should only be used in development or staging environments because your browser will inevitably throw up a warning when you hit a secure page using this certificate. In production, you have to get some authority to sign your certificate (like GoDaddy.com or some other secure certificate service).

Once I had all that set up, then it was time to modify my Rails app to allow it to serve secure pages, and to set up the login and admin pages to always serve via https. This is easily done once you install the ssl_requirements plugin into your Rails app. It’s a small plugin that lets you easily require or allow certain pages of your Rails app to be served over https — just add something like

class AccountController < ApplicationController
ssl_required :signup, :payment
ssl_allowed :index

to your controller. This will force the signup and payment actions of that controller to use https (any requests to those pages via http will be redirected), and this will allow the index action to be served via https, but also regular http. All other actions of this controller will be forced to use http, and will be redirected to use that protocol if the inital request is https.

That’s pretty much it. Now I can test https locally, and I can easily run multiple rails apps simultaneously. If you read this and want to know any specifics, feel free to leave a comment.