Prototype of the school's proposed catcam 3000

Today fak3r from fak3r.com and Matt from Obtuseview.com are working together to bring you a multi-perspective piece on internet security.  Rarely are team-ups like this seen except in the pages of “Marvel Team-Ups” or “a very Special Episodes of Diff’rnt Strokes.”

So the Pennsylvania school using webcams on district provided laptops to spy on its students story just gets more and more bizarre.  The parents of one of kids is (rightfully) suing the school, “…alleging the district unlawfully used its ability to access a webcam remotely on their son’s district-issued laptop computer [...] it watched him through his laptop’s webcam while he was at home and unaware he was being observed” This is apparently proven when the school “caught” the student engaging in “improper behavior” in his home, via a webcam image.  Meanwhile the school claims it had the ability to observe images via the webcam, but that it would only be used if the laptop were reported to be lost stolen or missing, and even then “…the district would first have to request access from its technology and security department and receive authorization.” Additionally, the school claims this monitoring was all part of an agreement defining “acceptable-use” that the family had to sign to allow the student to take the laptop home, which also states that the family was required to buy insurance for the borrowed laptop.  So far, so ridiculous, but then it starts getting sillier…

Now, as for the student’s “improper behavior” that the school claims they viewed is starting to come to light, thanks to the lawsuit.  While the school claims to have used the secret remote webcam activation ONLY 42 times (and only to ‘track down’ lost or stolen laptops) it hasn’t explained what this student was busted for, after all, he hadn’t stolen the computer.  Now it sounds like the school is claiming that, “…the student was disciplined for was an accusation of either drug use or drug selling. For what? Well, the image showed the student with Mike & Ikes candies, which do have a passing resemblance to pills, but (last we checked) do not appear to be controlled substances.” Now we all know that obesity is something we need to keep in check in this country, but a school counting how many jelly beans a kid is eating at home?  Come on!  But seriously, they thought the student was popping pills at home, and they thought this would be an acceptable use of their spying capability to bring this to light?  Just who are the geniuses behind this idea, much less the plan of using the webcams to track stolen laptops of students?  While using webcams to spy on users is pretty high tech, and seems to be a unbeatable to find the perps who lifted the laptops, I can’t think of any way (*cough* black tape) to stop the webcam (*cough* reinstall) from seeing the user, plus, once they have the perps image, they still have to figure out who that is, and pass it on up the chain.  While I’m all for schools protecting their property, I’ve always thought something less compicuous be used, like having software that phones home to alert authorities not only that the laptop has been stolen, but where it’s connecting from, and other specific details of the new user.  Of course there paid software Mac options out there, free ones for Linux, and even cooler ones for the DIY geek to really hack into (a keylogger being a particularly fun way to turn the tables and mess with the privacy of these perps).  The point is, a cursory Google search reveals far more options without the obvious privacy of using a webcam to gather info.

Yummy!

What do you think, should the school have even tried to use such measures to keep tabs on their property?  Should they have done it a different way?  Or are you a parent with kids in grade school (like me) that can’t believe a trusted institution would pull such a stunt?  Then, to get coverage from the other 1/2 of this dynamic writing team up, swing over to Matt at Obtuse View with his post highlighting some other considerations of this case.

Related posts

• EFF’s SSD (Surveillance Self-Defense) Project (1)
• No downtime for online free speech (1)
• TJX Companies data breach reveals credit card data (2)
• Somebody set up us the bomb (2)
• Security researcher Dan Kaminsky (1)

live photo of Part Chimp courtesy of Last.FM

Well 2009 was another stellar year for music if you ask me, and as usual, my yearly ‘top’ list is going on a month late. I always have these grand designs of writting a short paragragh about each selection, why I picked it, how I first heard it, etc, but you know how that goes.  I will say that this year, while I’ve gotten into many bands the way I have in years past (trolling record stores, randomly listening to anything I can find online), I’ve also found things I wouldn’t have found thanks to my Twitter account.  While those who don’t get  Twitter think it’s just folks updating what they had for breakfast, if you stick around, dig deeper and find the right people to follow, it’s amazing wealth of information.  Not requiring the effort of say a blog post allows rapid, unvarnished opinions, spouted out between people’s day to day tasks, which I always prefer since I feel I’m more lucid after a few cups of coffee while something is blaring in my ears. New this year is the reissues section, what with things like OK Computer and Young Team being reissued, I can’t help but highlight them.

As always I want to give a hat tip to the fabulous folks at my neighborhood record store, Euclid Records, where I bought almost all of these discs over the past year.  I also want to recognize people like Ryan, Anthony, Mary, @fcervantes, @plasmatron, @koppper @crankin and Yvonne for a continued stream of what has their attention at any particular time – grabbing stuff and listening to it later when I have more time always reveals new sounds to me, so thanks for that. Also, as always, this list will be added to my ever expanding Noise page here, listing my favs from 2001 to the present.

Ok enough of this babble, hell, I already have a couple of possible contenders for next years list! With that in mind, here’s my….

Best music of 2009

Andrew Bird “Noble Beast”

-



Neko Case “Tornado”

-



DOOM “Born Like This”

-



Morrissey “Years of Refusal”

-



The Clues “Remember Severed Head”

-



Disfear “Live The Storm”

-



Imogen Heap “Elipse”

-



Part Chimp “Thiller”

-



The Thermals “Now We Can See”

-



Danger Mouse, Sparklehorse, David Lynch “Dark Night of the Soul”

-



Jay Reatard “Watch Me Fall”

-



Mountain Goats “The Life of the World to Come”

-



Lightning Bolt “Earthly Delights”

-



Phoenix “Wolfgang Amadeus Phoenix”

-



Rufus Wainwright “Milwaukee At Last!!!”

-

Reissues

Okkervil River “Black Sheep Boy”

-



Mogwai “Young Team”

-



Nirvana “Bleach”

-



Radiohead “OK Computer”

-
So what do you think?  Did I miss something that you think is essential?  Sound off, and feel free to follow what I’m listening to (in real time no less!) by adding me as a ‘friend’ at Last.FM – I’m always looking for new ways to music.  Who knows, maybe what you recommend to me will make my Best of 2010 list.

Related posts

• Dark Night of the Soul (3)
• Upcoming live release from Mogwai (0)
• Radiohead was freaking fantastic (3)
• Radiohead coming to St. Louis next tour (0)
• Neko Case on NPR (0)

This year Mogwai will release a live cd and album, Special Moves, and a dvd, Burning, covering a three night set during the 2009 shows in Brooklyn.  Here they are doing Mogwai Fear Satan, which while from the same tour, is not from the film, but is shot by the same people (thanks for the info Stuart, pictured above) so it’s a good look into what to expect. If it’s all like this it looks like the perfect live film in my opinion, focused on the band interactions and movement, not the audience.  To find out more, and get a free mp3 download of 2 Rights Make 1 Wrong from the set, visit Special Moves.  Can’t wait to see/hear this, after taking a long time to get into The Hawk Is Howling, I’m ready to see them live again.  I was still ‘digesting’ the re-release of Young Team that I bought in London last year, but it’s been a long time since I’ve seen them live as they haven’t toured St. Louis, and the Austin gigs were too long ago to count.  Just can’t wait for this release.

Related posts

• Best music of 2009 (4)
• They Might Be Giants (0)
• Reviewer makes “educated guess” that new Black Crowes album blowes (2)
• Record Store Day – April 18, 2009 (0)
• Radiohead was freaking fantastic (3)

So I’ve had my MacBook Pro for a few months now, and since I have a 500 Gig harddrive, I haven’t bothered to empty my trash yet. Now I’m on a work trip in China, and it makes me think about the privacy (internet and otherwise) that I have in the US, that I don’t expect here. In fact, since we’re blocked from posting to either Facebook or Twitter, I know this post will only make it there because this site will post if for me after I post it to my site (again, not something you’d think about just living in most other parts of the world). So what a good time to learn how to securely emptying my trash! The first thing I did was use the ‘Secure delete’ feature of the OS X trash folder, but with over 190,000 files to remove, it sat there at 0% while the fan spun up for about 15 minutes. That was it for me, it was clear it was going to take years for this to happen, so canceled that and hit Google to learn the right way to do it via the commandline. One of the best pages talks about srm a secure file deletion for posix systems that is installed by default on OS X. I’ve crafted my srm command to use the nice command to reduce the amount of overhead the process causes (again, the GUI version was taking over the system and heating things up quickly) and the sudo command to ensure all files would be deleted regardless of permission/ownership. In the end in looks like this:

nice -19 srm -rfv ~/.Trash/*

Yeah, while the -v flag will slow things down slightly, I prefer to have ‘verbose’ output from the command to understand exactly what it’s doing. Does anyone have better/more secure way to do this? Leave a message in the comments if you do, I’d love to learn more about this.

Related posts

• HOWTO run Chromium OS on a Dell Mini 9 with wifi (7)
• Google mp3blog search widget (0)
• Army: Twitter could be a terrorist tool (0)
• (Paranoid) Android demo (0)

UPDATE: I’m now running the latest build of Hexxeh’s Chrome OS named Flow – and everything just works out of the box.  The release is much improved, and it’s getting very close to being the perfect day-to-day netbook OS as far as I’m concerned.  Great work!

While I still really dig my Dell Mini 9, even with 2Gig of RAM it feels kinda sluggish when I have my normal 50 tabs open, and I’ve always known someone could do better (since I’m too lazy to recompile a kernel for it like I would have in the past).  With all the focus on netbooks it was bound to be addressed, and while Android looks promising, it’s currently still more of a phone OS than something you’d be able to use on your netbook.  I’ve run it off a USB drive on the Mini 9 just to check it out, it was cool, but again, not really usable enough for a ‘top – maybe that’s not the target. Another I want to check is Moblin, Intel’s effort using Ubuntu as a base, but I haven’t seen a Mini 9 HOWTO (maybe I’ll have to write my own…) for that.  So, enter Google Chrome OS, Google’s idea of how to not only address this problem, but perhaps lay out how we will use these computers in the future.  It’s always funny when I start talking about cloud and thin clients, it takes me back to dumb terminals talking to mainframes, but I digress. The point is, thanks to great posts at jasongriffey.net and Lifehacker, it’s really easy to install Google’s Chrome OS on a Dell Mini 9, the only thing I really have to add is that you have to use ChromeOS Zero from the hexxeh.net site. After all, this is an open source project, so folks are going to make changes/fix things and share with everyone. Looking at the site they had a new release, yesterday (gotta love it!) The last time I tried a build the wifi on my Mini just worked, so it looks like those problems are a thing of the past.

Related posts

• (Paranoid) Android demo (0)
• HOWTO: install Ruby on Rails on Debian or Ubuntu Linux easily (4)
• HOWTO: fix fonts in Debian Lenny/Sid (2)
• HOWTO: automatically reconfigure Xorg in Debian (4)
• HOWTO securely delete files in OS X on the commandline (1)

UPDATE: as if to underscore the importance of this tool and approach, yesterday a story hit about a SQL Injection attack infecting over 132,000 systems in short order.  Net-Security have the full details on this attack, including how it probes the host via JavaScript to check for known vulnerabilities, how it exploits them, and how it ultimately downloads a back-door trojan to get the game going.  It’s really amazing to see how complicated and professional these things have gotten, and just adds to the reasoning that we have to step up to the plate and learn how to better defend against them.

I’ve been privy to some log dumps showing real, and successful, SQL attacks on some MSSQL servers before, and they weren’t pretty.  Of course a SQL injection attack has little to do with the database (well, as long as it’s still SQL based at least (nod to CouchDB and MongoDB)), and more with the code that calls it, and how that code deals with sanitizing inputs.   For this reason MySQL is just as vulnerable, after all, bad code is bad code.  While a client of mine opted for a firewall ‘module’ they had to buy an additional licence for, that set them back many thousands of dollars, I knew there had to be cheaper/better ways to address this kind of vulnerability.  One way of course is to fix the code, but with legacy sites that no one has touched for years, this may be impractcal (I didn’t say this, I only heard it), and the other idea is to proxy the SQL and ‘clean’ it before it hits the database.  The advantage of this approach is that it protects against known attacks, as well as unknown attacks, since it limits so much of what an attack is allowed to accomplish when trying to get its’ foot in the door.  This approach is what the folks over at GreenSQL have done, and it’s very impressive.  They sum things up nice and sweet with, “GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.” A high-level view shows GreenSQL acting as the proxy from the frontend to the database:

This sounds and looks ideal, so with that in mind I installed GreenSQL with the default options on a MySQL server, and setup the included web-based Management Console to kick the tires and see what it does.  To show that it’s working I logged into a MySQL database, first directly, on port 3306:

# mysql -h 127.0.0.1 -P 3306 -u dbadmin -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 24768
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.mysql> show databases;
+-------------------------+
| Database                |
+-------------------------+
|<all of my database      |
| names were listed here> |
+-------------------------+
32 rows in set (0.00 sec)
mysql> quit

And that’s what you’d expect, you login as a privledged user and you can see all of your databases, simple.  Now I tried it going through GreenSQL, so essentially a proxy to the database server, on port 3305.

# mysql -h 127.0.0.1 -P 3305 -u dbadmin -p
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 24763
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
Query OK, 0 rows affected (0.00 sec)
mysql> quit

Ah, ok, I can see how this would make things more secure!  I then logged into the Management console to see what it had to say about the incident, and it told me what had happened:

Matching queries:
Query:    show databases
Time:    2009-12-09 22:02:26
DB User:    dbadmin
Risk:    31 blocked
Reason:    Detected attempt to discover db internal information.
ID:    1

After this I went into my website’s config file, (wp-config.php in Wordpress) and instructed it to connect to port 3305, instead of 3306.  A bit of a note, this wasn’t directly documented in my wp-config.php file, so to change the port, you just add a colon and the port number at then end of localhost, or your DB hostname, so it looks like this:

define('DB_HOST', 'localhost:3305');

I bring this up because most other configs will include a seperate line for the port, but hey, this works too, it was just a little ‘gotcha’ that I had to Google.  Now GreenSQL is protecting my websites, including fak3r, and I expect to only expand upon this as I learn more ways to protect my servers from the wilds of the Internet.

Conclusion: While some will whine that GreenSQL “only” supports MySQL and Postgresql, when I first looked into this they were only supporting MySQL – and that was last month, so I suspect they’ll cover things like MSSQL and even Oracle in the future.  This would be huge for businesses and corportations of all sizes to protect their data, something sites like the Chronology of Data Breaches are showing us are STILL NOT HAPPENING.  Plus, coming from a firewall background, this seems like an obvious way to protect things.  While there’s a performance trade off, their tests show it to be very minimal, but I’ll try to run my own tests and report back.  So, make no doubt about it, the GreenSQL folks have put together an enterprise ready product that they are actively developing to address the latest database threats.  Highly recommended.

Please post questions or comments below, I’m always learning and and chances are you know something I don’t!

Related posts

• Software support must evolve with Open Source (1)
• Open Source is good for you (1)
• HOWTO: serve jpeg2000 images with a scalable infrastructure (2)
• HOWTO: configure MySQL’s my.cnf file (6)
• HOWTO build your own open source Dropbox clone (54)

We had a alternate (un-official) cloud talk at TDWG. Organized here http://bit.ly/8LGUCr – one of the main things we wanted to cover, is to review what data is available now (or should be) out on Amazon’s free public data sets: http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=243 From there we derived a software stack from ideas of what would be useful for biodiversity folks to have on an EC2 compatible Debian Linux instance to do distributed computing against those sets. http://bit.ly/8GSEa7 This in turn builds off of what has already been done with BioLinux http://www.jcvi.org/cms/research/projects/jcvi-cloud-biolinux/ which is more of a desktop-able EC2/Eucalyptus image. Eucalyptus (http://open.eucalyptus.com/) is an open source project for you to bring up your own ‘private clouds’ that leave open the ability to migrate part of all of it to Amazon’s EC2 instances if you needed more power. But you know me, my idea would be to have a data base of participating parters worldwide that you could aim at, and if they were up/available, you could use their remote services to crank your data instead of using Amazon and being charged. I think this way scientists would really get to experiment with different data, without having to worry about cost. Of course enough institutions or partners would have to participate (and this doesn’t take into account any politics), but failing that, the Euca setup would at least provide a proof of concept that could be ramped up just by moving things to EC2.

Lastly, we now have a code site where we want to house different ways of accessing this data, and being able to send jobs out to EC2/Euca, here: http://code.google.com/p/biodivertido/

I’m working with Eucalyptus learning how to set it up, and then configure a slim Linux image that could be scaled out. From there, add the useful applications to it, make it a template others could use on their own Euca setups, or EC2, or both, to do map/reduce, or whatever work they want. This is where my expertise ends, I just want to facilitate the community to be able to get to that point. But, to address that point – I sent an email out to the group:

“All — Nick posted this to Twitter, but I wanted to highlight it for everyone here http://www.politigenomics.com/2009/11/bioinformatics-and-cloud-computing.html

that was prompted by this blog post by David Dooling (Genome Project) http://www.warelab.org/blog/?p=307

The Genome Project is at Washington University, here in Saint Louis, where an in-law of mine recently started working. So, I have an in there, and have been trying to find time and questions to present to people on the project for ideas/reviews of our approaches.”

I would suggest we work with people who have already done this on our level (Tim from Gbif) then come up with real world examples that we could test out, and then draw in more experienced folks like this to comment on how we could best use ‘the cloud’ be it local/private/shared/ec2/etc for the biodiversity community.

Related posts

• No related posts.

EFF has a page covering what they call The SSD Project (Surveillance Self-Defense) which they provide, “…to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.“  This is important stuff, and what I wish others would know, so I’m posting links to the source in the hope it will get more exposure and results in the search engines of the Internet.  I will contact EFF and see if we can formulate a better method to disseminate and distribute this text, allowing for updates and annotations going forward. Also, I aggregate news that cover these kind of issues over on Left to chance, take a look, then follow @lefttochance and @eff on Twitter to stay informed, and consider joining the LinkedIn EFF Group I run to join in the conversation.  In other words, get involved and …

Know  your  rights!

Related posts

• Security researcher Dan Kaminsky (1)
• School spies on student, busts him for…eating candy (2)
• New phisher site to fight! (0)
• FBI lost 160 laptops in last 44 months (3)
• TJX Companies data breach reveals credit card data (2)

UPDATE: Thanks to Ryan, Ant and Fern for the tips.  With that in mind I found an online Slicehost tutorial that contained the steps and explained how to install ruby via apt-get, then get the latest rubygems, install that manually, ran gem to update itself, then run gem to install rails – as suggested.  The steps I took from that page:

On a Debian Lenny system that does not have ruby, rubygems or rails installed on it yet:

apt-get update
apt-get upgrade
apt-get install ruby-dev ruby ri rdoc irb libreadline-ruby libruby libopenssl-ruby sqlite3 libsqlite3-ruby libsqlite-dev libsqlite3-dev

Once that completes without errors, make sure ruby is installed and ok:

ruby -v

Now download the latest rubygem (1.3.5 as of this post) from RubyForge http://rubyforge.org/frs/?group_id=126:

wget http://rubyforge.org/frs/download.php/60718/rubygems-1.3.5.tgz

Unpack it, change into the directory, run setup:

tar xzvf rubygems-1.3.5.tgz
cd  rubygems-1.3.5
ruby setup.rb

After that you’ll see:

RubyGems 1.3.5 installed

Then it’s suggested that you make a symlink to gem1.8 so you can run it as gem:

ln -s /usr/bin/gem1.8 /usr/bin/gem

Now make sure everything is up to date (even though we just installed the latest):

gem update
gem update --system

And finally – install rails:

gem install rails

After this you can check what gem has installed, and their version numbers:

gem list

And there you have it, more steps than I wanted, but now I know how to have a Debian system up to date, with Ruby, and then having rubygems handling all of the other ruby things that are better dealt with as gems.  As for systems I already have running in production in mixed enviroments?  I’ll look to migrate those to properly configured installs in the future. I guess for extra credit I should contact the maintainer of rubygems, and the associated gems, for Debian to get their side of the story, or maybe a solution they could put in place moving forward.

Original post:

I’ve been using Ruby on Rails on and off for many years now, and friends are always showing me new RoR apps to try out that look fly.  I can get things up and running fine, but it’s when the time comes to update an app that I have issues; I seem to come to the fork in the road where apt-get doesn’t have the latest version of Rails or some dendancy, and gem install is the proposed solution. I worry that mixing the two updating procedures will mess things up, since I have seen this before in Debian GNU/Linux, as well as FreeBSD (I suspect it’s me, and there’s a right way to do it). So, for example, today I noticed there was a new version Redmine a few days ago, so I update to the latest via SVN (the suggested way of updating Redmine):

# cd /opt/redmine-svn
# svn up
At revision 3076.

Now I copy in the email.yml and database.yml from my working instance so this will use the same config:

# cp /opt/redmine/config/database.yml /opt/redmine/config/email.yml config/

So far so good, let’s rake it up:

# RAILS_ENV=production rake db:migrate
(in /opt/redmine-svn)
Missing the Rails 2.3.4 gem. Please `gem install -v=2.3.4 rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.

So here we are, crap, what version of Rails do I have installed via apt-get?

# apt-cache showpkg rails | head -n3
Package: rails
Versions:
2.2.3-1 (/var/lib/apt/lists/ftp.debian.org_debian_dists_squeeze_main_binary-i386_Packages) (/var/lib/dpkg/status)

Damn, so what version of Debian am I running?

# cat /etc/issue.net
Debian GNU/Linux squeeze/sid

Yep, the latest, testing branch. So here I am, do I leave the apt-get world and start up gem install or what? My hesitation is that this is my ‘production’ version of Redmine, and I don’t really want to build out a sep install just to test my Rails updating, and if I do that, will the gem Rails install hose my current apt-get installed Rails anyway? So this is the problem I’ve had since I started playing with Rails apps, and it’s been about 3 years now (fak3r.com was on Typo for almost a year).  I’m open to suggestions as to how others handle this, do you just install Debian and then not even use apt-get for Rails/Ruby stuff? It seems that gem install always have the most up to date stuff, I’m just concerned that updating things that way will interfere with an apt-get update; apt-get upgrade of the main system later, particularly now that I’m already in the apt-get side.  Do I reinstall and go all gem install for just Ruby stuff, and apt-get just for the system?  How do people segment this?  There has to be a proper way that I’m missing.

Comments?

Related posts

• HOWTO: install Ruby on Rails on Debian or Ubuntu Linux easily (4)
• Speed up Ruby-on-Rails with memcached (18)
• HOWTO: ssh tunneling for fun and profit (0)
• HOWTO: populate your term’s title automatically (4)
• HOWTO: conky config (conkyrc) for Debian Part 2 (2)

Notice: the text of this post in the gray, blockquote area was taken from the website Look Into My Owl, and I forgot to attribute it to them. The reason I used a blockquote was to signify that it was a direct quote, and that it wasn’t mine, but I didn’t say it wasn’t, and didn’t put a link to the original work as I usually do. It was an oversight on my part, and I regret it.

…

“The more I try to hurt you, the more it hurts me“

Ah, just another line that revolves in my head after repeated listenings of the amazing ‘Dark Night Of The Soul‘, the Danger Mouse and Sparklehorse (Mark Linkous) musical collaboration with David Lynch.

It took me a few full listens, to get over my pre-conceived notions of this opus.  See, while it was a musical/art project/book of David Lynch’s, due to a dispute between Danger Mouse and the record company, EMI, it has yet to be released.  Additionally, as if the pairing of Danger Mouse, Sparklehorse and David Lynch wouldn’t draw enough attention from a starving music public, the album also features James Mercer (The Shins), The Flaming Lips, Gruff Rhys (Super Furry Animals), Jason Lytle (Grandaddy), Julian Casablancas (The Strokes), Frank Black (the Pixies), Iggy Pop, Nina Persson (The Cardigans), Suzanne Vega, Vic Chesnutt, Scott Spillane (Neutral Milk Hotel, The Gerbils) along with David Lynch, singing.

“I woke up and my yesterdays were gone“

The offical wording from the Danger Mouse camp says, ”Due to an ongoing dispute with EMI, Danger Mouse is unable to release the recorded music for Dark Night Of The Soul without fear of being sued by EMI. Danger Mouse remains hugely proud of Dark Night Of The Soul and hopes that people lucky enough to hear the music, by whatever means, are as excited by it as he is,” seems to give at least nod and a wink to piracy of the music, something Danger Mouse encouraged years ago when his release of The Grey Album was halted.  So while it’s very cool that an artist that has found financial success with the chart topping Gnarls Barkley, can continue to put out music that challenges, it’s also a sad reminder of what intellectual property is treated like; a commodity.  Is it piracy if the artist themselves instructed you to downloadload it “by whatever” means?  To me, a record of this importance shouldn’t have to resort to these tactics, but when it’s all about the benjamins…

“jacob it’s time again to wake up and accept your awards“

Image from Look Into My Owl

So while EMI has refused to release the music, David Lynch was clear to his release his book/art project, which he did as planned, but with a blank CDR included.  ”A limited edition book of Lynch’s visuals for the album has been released and is available here. Due to an ongoing dispute with a record company, the music that Danger Mouse produced has not been released. In place of the album, the book is supplemented with a recordable compact disc. Each copy of the book is clearly labelled, “For legal reasons, enclosed CD-R contains no music. Use it as you will.”  The release happened as a collaboration between Lynch and Danger Mouse, their first project, Dark Night of the Soul, 30 June – 11 July 2009 Michael Kohn Gallery, Los Angeles.

From the site LOOK INTO MY OWL: Fifty of Lynch’s photographs were mounted on aluminum and displayed in small groups throughout the two room exhibition. The pieces are untitled but make reference to tracks from the album “Dark Night of the Soul” that Danger Mouse mixed with the pop band Sparklehorse. The album will be playing in the gallery for the duration of the show.

The bulk of the action in the imagery is centralized within the composition. This bespeaks a significant difference between Lynch’s still and moving images. Lynch refers to still photography in his films when the scene breaks down into a solitary focus with spectral sounds. The prints in this exhibit along with the background music evoke the sensation of his films while maintaining a presence all their own.

A limited edition book of Lynch’s visuals for the album has been released and is available. Due to an ongoing dispute with a record company, the music that Danger Mouse produced has not been released. In place of the album, the book is supplemented with a recordable compact disc. Each copy of the book is clearly labelled, “For legal reasons, enclosed CD-R contains no music. Use it as you will.”

So Lynch’s photos were on display in the gallery, and all made direct references to the music, with the soundtrack of the record playing as the compliment…what a way to experience both.

“the last survivor crawling through the dust“

Image from Look Into My Owl

As with other critics darling releases, there’s a ton being written about the music right now.  Uber-stereogeek site Stereophile covered the album in great detail, and was then listed as their Recording of the Month, for August 2009.  Spin took time out to give a track by track breakdown, helping listeners to understand who was responsible for what, and who that singing way in the back was.  Also, it looks like promotion was in full swing, as the large, movie style posters were plastered around Austin for the SXSW festival this year.

“up on the poduim you’re handsome and you’re tall / but actually you are just hardly 5 foot small“

So back to the music, yes, so far I’m really digging it.  As with everything I’ve heard from Danger Mouse, the production is incredible, but there is such a variety in this one, it serves like some full featured buffet that no one wants to leave. As the NPR reviewer states, ”...Dark Night of the Soul delivers in every way you’d hope for. It’s beautiful but haunting, surreal and dark, but sometimes comical and affecting, with ear-popping, multilayered production work. It just gets more mesmerizing with every listen.”  While that’s pretty heddy praise, after living with it for a day, I have to agree.  After the coneptions about the music fade, it’s replaced by the various moods in the music and it just feels right.  Although if you really listen to it, I’m not sure if it’s supposed to…

“when you lay your head upon the pillow, I’ll be gone“

…

(if you can’t find a place to download the music online, leave a note below)

Related posts

• Best music of 2009 (4)
• HOWTO: log the user’s IP, not the proxy’s, in Lighttpd access log (6)
• EFF’s SSD (Surveillance Self-Defense) Project (1)