18 Feb 2015

PHP 5.6 and UPS’s Web Services

This has been an extremely puzzling bug I’ve been trying to figure out while working on Package Stalker recently. Since updating my webserver to PHP 5.6, connections to UPS’s web services host, wwwcie.ups.com, have been failing intermittently, with no distinguishable pattern between which connections succeed and which fail.

After lots of debugging, I found this note in PHP’s documentation:

The default ciphers used by PHP have been updated to a more secure list based on the Mozilla cipher recommendations, with two additional exclusions: anonymous Diffie-Hellman ciphers, and RC4.

With PHP’s error messages being unhelpful as usual, I used OpenSSL’s s_client command to debug the connection:

openssl s_client -cipher 'HIGH:!RC4' -connect wwwcie.ups.com:443

It seemed to connect successfully… most of the time. About 1 in 3 attempts, I’d get this message:

3073504956:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:

This matched exactly the error being produced in PHP.

Upon examining the output further, it seems that sometimes when you connect to UPS’s web service, you get a nice, up-to-date box that sends you a TLSv1.2 handshake and supports the DHE-RSA-AES256-GCM-SHA384 cipher suite. But other times, you end up with a horribly outdated box that only supports TLSv1.0 with RC4-SHA as the only supported cipher suite!

What’s going on here? In all likelihood, UPS is using a simple load-balancer such as haproxy to handle inbound connections, and handling TLS directly at the server level; it seems that one of the tracking servers is misconfigured to only use RC4 cipher suites. I’ve contacted UPS’s Developer Resources department to alert them of the issue.

In the mean time, to work around this in PHP 5.6, use the following stream context options if you’re setting up the connection yourself:

$ctx = stream_context_create([
	'ssl' => [
		'crypto_method' => STREAM_CRYPTO_METHOD_ANY_CLIENT,
		'capture_session_meta' => true,
		'ciphers' => 'DEFAULT:RC4-SHA'
	]
]);

$connection = stream_socket_client("ssl://wwwcie.ups.com:443", $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $ctx);

If you’re using cURL, this is even easier – just set CURLOPT_SSL_CIPHER_LIST:

curl_setopt($handle, CURLOPT_SSL_CIPHER_LIST, 'DEFAULT:RC4-SHA');

I’ll update this post with anything I hear from UPS.

Posted in Uncategorized
6 Oct 2014

Why I’m leaving Simple Bank

I’m not sure if other posts have made their way to the Internet by now, or how much mine will resemble the others, but we need to talk about Simple Bank.

Earlier this year, on February 20, 2014, Simple announced that they were bought by BBVA, a huge international bank based out of Argentina. Their announcement was of course very enthusiastic and forward-looking – after all, of the two normal “favorable” results of a startup, getting eaten by a bigger fish is considered one of them.

Now, I don’t know if what’s happened over the past few months has been a result of the buyout, or if it’s just bad engineering, but let’s go over some issues.

Background: in August of 2014, Simple transitioned many of their payment processing bits to a new back-end. This enabled overnight ACH transfers to your other bank accounts, and much quicker bill payment. These were both welcome to me, because this made it less of a stressor when I needed to get a check to someone fast.

“But wait!”, you say. “Can’t you just write them a check yourself?”

No.

This is Simple’s Achilles’ heel. You can’t write paper checks.

I’m sorry, I know that in 2014 the idea of giving someone a piece of paper with your bank account number on it should be unheard-of, but it isn’t. Mailing checks to payees is still something I have to do. So is handing a physical check to someone. Just saying “expect a check in the mail in about a week” isn’t too reassuring to an auto mechanic, church or other local business where dealing in checks is the norm.

Still, I was dealing with that okay. In the last 2 months though, things changed.

Remember the infrastructure upgrades in August? Well I guess they optimized out the ability to add up your balance correctly. They say it only affected a small number of customers, but I was never contacted and still noticed discrepancies. I think it affected everyone.

Their staff isn’t cut out for the task of manually tabulating everything. So their August statements are still delayed. And there’s radio silence on the September statements.

The support message queue is backlogged by “2-3 days” right now. Last week, I lost my debit card (it turned up in the wrong pocket in my wallet… derp). Went online, blocked it, and called them to order a new one. 7-9 business days until arrival. If you call them, they try to guilt you into using the online messaging facility.

And then Thursday, I got an email from my landlady: October’s rent hadn’t arrived yet. That was it.

I logged in and sent her a screenshot proving that the money was gone from my bank account on September 19. I have no idea where the fuck the check is, but the money sure isn’t in my account. As a remedial measure, I’ve moved October’s rent plus $1k in expenses to my old US Bank account, so that at least I can get cash and write checks. That landed on Friday and I was just barely able to pay my rent on time.

As a young company, I expect Simple to make mistakes. I work at a young company, and we’ve screwed shit up badly before. Botched product launches, missing datasets, that stuff happens on occasion. But when it does, we bend over backwards to make things right with our customers. We’ve sent tech support onto the customer site, put developers on the phone with customers, and done full network diagnostics to help customers solve their issues.

I’m sure that adding up bank transactions is more complicated than it looks. But Simple has had 2 months to solve this, and we’re still sitting here wondering where our statements and balances are. There is no ETA, no fix in test. I don’t know what they have in place for QA, but whatever it is, is not adequate.

As a result, I’ve picked another bank and am moving my money and my business there.

Posted in Uncategorized
8 May 2013

A reminder on believing the Internet

I love how 4chan trolls still think this is funny. Of course, it’s still effective if you market this kind of dogshit to gullible paranoid forest-dwellers.

Recently, a buddy of my dad’s from college linked me to a highly entertaining article basically saying the Illuminati is responsible for the Boston bombings. (You know it’s gonna be good if it’s on “itsagodthingproductions777.com!”) I randomly picked one piece of evidence from the article to inquire on.

The whole investigation lasted about 20 minutes. I’ll spare you the gory details, but “Doc” (the author of the article) talks about this Joe Ametrano dude who supposedly uploaded a “tribute” video about the Sandy Hook massacre a month and 4 days before it happened. I took the liberty of investigating the timestamp claim.

I used the Wayback Machine to access the video’s page. Sifting through the page source I found a direct link to the thumbnail image on Vimeo’s CDN – which was never deleted despite the fact that the account and video have been. Using the Web Developer extension for Firefox, I viewed the image’s response headers. The good part:

Last-Modified: Mon, 17 Dec 2012 10:20:46 GMT

A video can’t be modified after it’s uploaded, and this image would have been generated seconds to minutes after the video went up.

So Joe Ametrano, a random gentleman 4chan decided to target for this pathetic spoof, is just an ordinary person who felt the need to create a tribute video after the fact.

In my professional opinion (I hold a degree in information security and forensics), this completely destroys that single piece of “evidence” in “Doc’s” article, and implicitly (assuming the other “evidence” was gathered in the same way) brings everything else he mentions into question.

This combined with the fact that 4chan trolling tactics like this are well known across the Internet leads me to rest comfortably in my opinion that conspiracy theories rarely, if ever, hold any water whatsoever.

I’m ashamed I even have to say this in 2013, and that I even devoted 20 minutes of my time to investigating this silliness, but remember kids, just because you read about it on the Internet, doesn’t mean it’s true.

Posted in Uncategorized
14 Apr 2013

Reliance + ignorance = BAD

I know I haven’t made too many real posts to this blog lately (spam about that HFOSS class doesn’t count) but I want to talk about an issue that I have noticed quite a lot in American culture specifically. That issue is ignorance about the workings of devices critical to your well-being.

There are many types of devices which people tend to own without knowing anything about, but the two most common ones are probably computers and cars. Since I’ve been learning about cars a lot lately, I’ll talk about those.

Think about your car. Why do you have one? You probably use it as transportation to get to your place of employment, to take you to the grocery store to buy food, to take you to your classes, and for many other purposes. Now, if you’re like the vast majority of people I know, you probably don’t have the slightest clue about how it works. I want to just take a moment of your time to bluntly point out how incredibly stupid this is.

Think about this. You’re relying on this device every day. If it were to be destroyed (which is very easy to do), it costs enough that buying another one is probably not financially feasible for you. If it breaks, you can’t go to work. If you don’t go to work for several days in a row, you get fired. You can’t buy groceries, and thus can’t eat. You can’t go to classes, and thus will fail out of school. Clearly, you need your car.

So you call AAA and have them tow it to the nearest mechanic with instructions to “just fix it.” They call you the next day… it’s bad, and it’ll be $1,200 to fix. How do you know this? You don’t, because you don’t know shit about how your car works. You simply turn the key, move a lever from “P” to “D” and push the long slender pedal and it goes.

Let’s propose an alternative.

Let’s propose that in order to obtain your driver’s license, you need to explain the following:

  • Briefly describe all of the following major subsystems in a car: air intake, fuel intake, engine, transmission, power train, exhaust, steering (including power steering), braking, electrical (including how fuses and relays work). What happens when you push the long slender pedal?
  • How a transmission works, and why you need one (many people who don’t know how to drive stick can’t answer this!). How a clutch works on a very simple level (it’s a pressure plate that connects your engine and transmission, and it’s disconnected when you push the pedal in which enables you to change gears safely).
  • A list of the major fluids, frequency at which they should be changed, and symptoms that indicate a leak. (Oil and filter at 3,000-7,000 miles, ATF every 15,000, power steering, brake fluid, coolant, washer fluid, A/C freon.)
  • How a disc brake works – which three main parts are involved (rotor, pads, caliper), what a brake lockup means, and how ABS really works.
  • How to check your oil and know whether to change or refill it (never taught to me)
  • Symptoms associated with other common malfunctions: vacuum leaks, dirty spark plugs, difficult steering, squeaky accessory belt, etc.
  • What the check engine light (CEL) really means, and how to use an onboard diagnostics (OBDII) reader

With this basic knowledge, most people would at least know enough to not get terribly ripped off.

A couple of years ago, when I had just bought my car and did not have the above knowledge, I took it into a shop because the CEL was on. I got charged over $150 for the mechanic to spray carb cleaner into my EGR valve and slap it back on. Fucker probably didn’t even replace the gasket. I declined to have work done on my rear brakes (which are drum brakes) – he wanted $300 to bleed the lines out and replace the wheel cylinders. The wheel cylinders are $12 a piece, and yes, while replacing them does indeed require bleeding the system, if this takes you 3 hours you’re doing it wrong. It’s a 30 minute job for an experienced mechanic.

Over spring break this year a buddy and I decided to do a SeaFoam treatment, fix the reverse lights, change the spark plugs, and change out a failed wheel bearing. I suspected the switch on the transmission case that is pushed when the car is in reverse had gotten gummed up (common on old Saturns like mine) and the bulbs definitely weren’t at fault as I tested the sockets with a multimeter. I had already bought the new reverse switch from AutoZone, but realized that the purchase had been unnecessary: upon locating the switch I noticed it had been disconnected.

For the record, nonworking reverse lights are cause to fail inspections in New York and Connecticut. My car is registered in Ohio, where my parents live, because I haven’t graduated from college yet. Ohio’s “inspections” go as far as an emissions check which these days simply means an OBDII probe. I think you have to demonstrate working turn signals and honk your horn at your driver’s test. My reverse lights had been out for two years.

I don’t know if that particular mechanic is the one that disconnected the switch on the transmission case that is closed if the car is in reverse. I suspect it is, but lacking proof, I will spare that mechanic from being identified at this point in time. The mechanic in question is one that a close friend’s family has trusted for years on end.

Not all mechanics are like this. On Saturns the wheel bearings are pressed in, meaning you need a 12 ton press and a lift to remove and replace them. This being beyond the ability for me and my buddy to perform, we located a nearby mechanic1 who my buddy’s grandma has been going to for years. The owner confirmed for me that it was the wheel bearing, explained the cost of the repair and why, fixed it promptly, and handed me the old part back. When I drove it away from the shop, the steering alignment was way off. I drove it back and he aligned my car for free, despite the time investment of about 45 minutes. It was the best experience I’ve ever had with a mechanic and I promised him I would be recommending his shop to anyone and everyone in the area.

Knowing the issue beforehand, or even suggesting something in the ballpark and being wrong, is a great way to keep people who service your critical devices in check.

This kind of knowledge requires time investment, and I realize that needing to be more resourceful with money than time is a condition that comes with being young. Still, my weeks are filled to the brim this quarter, it’s midterm season, and yet I found time to change my front pads and rotors today with the help of a friend over in Batavia. The monetary advantage is significant: it cost me $108.50. That’s $20 for gas, $80 for parts, and $8.50 to buy him Chinese food. Compare that to $150 for marked-up parts and $200 in labor to have a mechanic do it.

But by doing it myself, I also hung out with a friend I hadn’t seen in a long time (and who was feeling down because he’s stuck in a wheelchair for 3 months, but that’s a different story). And I learned how brakes work. Have you ever stopped to think about how important brakes are? They’re the most important device in your car. It’s a hunk of metal, weighing between 1 and 3 tons, rolling down the road. The parts that make it go are important, obviously, but you’re not gonna die because your car can’t go. If your car can’t stop, then you’ve got a problem. So how does this important part of your car actually work? It turns out that a hydraulic system squeezes a ceramic pad against a metal disc (rotor), converting your kinetic energy into heat. Of course, if you didn’t know that you’re on par with probably 85% of America.

This needs to change. Reliance on black boxes leaves us vulnerable to being scammed, stranded and panicked. Learning how these devices work makes you feel smarter and more in control of your life. Something as simple as technical knowledge can turn a disaster into a manageable incident.

1 The gentleman who replaced my wheel bearing is Tony DiSiena, owner/operator of A&L Auto Service, 1562 Route 52, Fishkill, NY, 12524. If you live in that area, you should give him your business, because he deserves it.

Posted in Uncategorized
17 Dec 2012

Gentlemen, please mind your knees.

The recent tragedy in Newtown, CT has undoubtedly reached your eyes or ears by now. I’m not going to be another one of those people bitching about over-reporting of it (though I do believe over-reporting is a genuine problem). However, I do want to have a quick word with you, my Dear Reader, on the nature of knee-jerk legislation such as that pertaining to gun control which will inevitably come up in the course of the coming months.

I will start by reminding you that Newtown is a location which is very near and dear to me. Not only do I work for a company whose founders are from Newtown, but my girlfriend Bonnie attended Sandy Hook Elementary and her family continues to live there today. Friday’s events struck me as closely as anyone.

Grieving is right and appropriate, but it is possible to grieve in a right and appropriate way without proposing and enacting measures in haste, without considering their consequences. To word it differently, our society seems to be that every tragedy can and should result in legislation designed to prevent it from ever happening again. Take our freedoms and rights, oh holy governmental protectors, just protect us from these dreadful events!

I am grieving with the rest of Newtown, but I am grieving with my head on straight.

If you have not yet read the reports, Mr. Lanza obtained his weaponry by way of his mother, whom he overpowered, murdered, and then proceeded to the school. His mother’s weapons were legally obtained, presumably locked up, and otherwise possessed in compliance with even the strictest proposed gun-control legislation. There is no amount of legislation that could have prevented this particular incident.

Some have proposed the enactment of legislation which holds a gun owner responsible for any crimes committed with that gun. Shall we then blame the late Mrs. Lanza for her weapon’s role in this tragedy? She was overpowered, and then killed. This was not her fault, beyond perhaps the lack of an unbreakable gun safe in her house – which would have been reasonable, as her children are both grown and to her knowledge were of no danger. Moreover, if Mrs. Lanza purchased the weapon with intent to protect herself during a burglary or other intrusion, is it not reasonable to keep it in a location more convenient than a safe, so that she can quickly obtain it when it is needed? Protecting yourself and your own family and property is the primary reason the Second Amendment was added to our Bill of Rights. What protection would a gun afford against a burglary if you have to spend 5 minutes fumbling with the safe to get your gun out? The intruder isn’t just going to stand there. If we mandate the use of gun safes, the entire purpose of the Second Amendment will be largely defeated.

I have a different proposal. Let’s enact a law which imposes a 1 year moratorium on laws which, in exchange for a few “little-used” freedoms, aim to prevent a specific Bad Thing from happening again. Our society is so convinced that legislation is the answer to all of our problems. It is not.

I know it’s generally rather unorthodox for me to write a blog post that talks only about a wrong answer without proposing a right one. I could go on for hours on this, but suffice it to say this is a good place to start.

Posted in Uncategorized
4 Dec 2012

Shout-out

Internet rules dictate that I not name names, but you know who you are. You’re a close friend of mine who I’ve spent a lot of time talking through depression over the past ~8 months. You’ve been struggling with suicidal thoughts, sometimes very persistent and strong ones, and I’ve spent a few late nights talking you out of making your way to the nearest tall building, be it through firm instruction, just listening, or anything in between.

Other people might look at this description of you and think of weakness, frailty or dependence, but this past weekend you proved them all wrong with one of the most beautiful things I have ever heard of: you contacted a complete stranger over the Internet on a whim and pulled an all-nighter to acquaint yourself with him. Just before you both went to bed, after the sun was up, his words were, “because of you, I’m starting to have hope.”

There is nothing you could have done which would have more thoroughly reminded me why I spent all those countless nights with you, or made me more proud to call you my friend. You are a beautiful, strong and selfless person, and this is to serve as a public acknowledgement of that. You worked tirelessly this weekend and, as a result, saved a life. That’s more important than any other accomplishment ever.

-D


To the reader:

If you’re depressed or suicidal, I have two facts for you:

  • You’re not worthless. Far from it. The addressee of my open letter above was exactly where you are, and to a certain extent, still is, and he saved someone’s life this weekend. If there is truly nothing else, you have the potential to inspire and create hope.
  • If you want to talk to someone, shoot me an e-mail and I’ll gladly get to know you and hear you out. I know it helps to talk to someone in your shoes, so after getting acquainted, I might introduce you to someone who’s got a situation closer to yours if that’s OK.
Posted in Uncategorized
13 Nov 2012

Christmas List

This is now my birthday list.

Because my friends and family are so nice.

Unless otherwise noted, any items received multiple times will not result in any complaints. Pretty much everything here is under $100, and most are under $50.

  • An AeroPress and filters. $30 on Amazon.
  • Yubikey NEO. Gotta be the Neo, I already have normal Yubikeys crawling out of my ass.
  • BAWLS. Fscking delicious drink, not a ginormous amount of caffeine and way healthier than something like Monster.
  • Thanks Mom! A new wallet. Tri-fold, leather, black, vertical slots for cards (i.e. pull them out of the top of the wallet), preferably RFID blocking.
  • Thanks Mom! A less sh*tty case for my Nexus 7. Or a pogo pin dock for it if they actually release one (doubtful).
  • Thanks Bonnie! Milwaukee M12 screw gun, with an extra battery. A bit pricier – about $150 for both.
  • Thanks Bonnie! Security bits, including some small ones.
  • Thanks, me! (oh wait.) Want to be super awesome? Samsung Galaxy Note II or Galaxy S III. Off contract, unlocked, with a case and 64GB microSD card. Roughly $850 total. (Yeah, didn’t think so.)
  • Thanks, Bonnie! A new backpack. I’m 1.5 quarters from graduation and just noticed some serious zipper failure on my now 5-year-old backpack. I don’t think it’s gonna survive the year. Shop around for deals on this backpack, I’ve heard it can be as cheap as $50. Another possibility.
  • Will update as more ideas come to mind
Posted in Uncategorized
11 Sep 2012

On the state of affairs

Unfortunately the 140-byte limitation doesn’t quite cut it.

I don’t wish to undermine the terrible tragedy that was the loss of life on September 11, 2001. Quite the contrary; though insulated from the loss of loved ones myself, many close friends of mine, particularly those from the tri-state area, cannot say the same. My thoughts and prayers are with them, even 11 years later.

We must also not forget that the United States is not fully innocent. I do not buy into conspiracy theories, especially “9/11 WAS AN INSIDE JOB” and that kind of BS. I fully believe it was orchestrated by people who have frustrations with America. I also do not believe that these are complex, irrational, religiously rooted frustrations, but very simple, easy-to-understand, and quite tragic.

By chance, tonight while browsing the Web I happened upon this Time article. It reports the targeted killing of Abdulrahman al-Awlaki – a 16-year-old boy, an American citizen living in Yemen, who just happened to be the son of a prominent radical Muslim. There was no trial, no presentation of evidence, no due process. A 16 year old was ordered dead by our government merely because of his ancestry, and it was carried out.

The US has a long history of performing operations such as this, particularly against Middle Eastern countries, when it is to our tactical advantage. To phrase it differently, we are the man behind the curtain, and often times we have pulled strings which have resulted in the loss of innocent lives in order to protect our position of power, international status, and low gas prices. It is easy to see how people arrive at the conclusion that retaliatory action – “blowback” in CIA terms – is the only way to have their voice heard.

While I am against killing by either side, we did it first, America. And for those we have specifically targeted, there is no combination of words which can fully reconcile what we have done, but we sure could start by apologizing.

Meanwhile, things have worked out great for surveillance-society proponents. All in the name of stopping terrorism (that we ourselves are the root cause of), we have willingly given up more and more of our privacy and other liberties under the promise of security. Mind you, this game has been going for a long time, but I think Sept 11, 2001 was the point on the slippery slope where our feet came out from under us and we began uncontrollably trading our liberty for a cat-and-mouse game that is doing nothing to protect us.

You know how we stop terrorism? Get out of the Middle East’s pants. Phase out of reliance on their oil (meaning, aggressively adopt electric vehicles here) and allow oil prices to skyrocket as they are already itching to do. Issue a sincere, heartfelt apology, and then back it up by getting out of there completely. We fucked up, and the only right thing to do is to get out.

While we’re at it, we should stop supporting Israel, which is running an oppressive regime against anyone in the country that isn’t Jewish, at times even destroying Palestinian villages to build military bases. No wonder “death to Israel” is a thing over there… the government doesn’t even recognize their basic rights to have a peaceful home and clean water. I don’t care if they’re “God’s chosen people.” They sure aren’t acting like it. God’s love doesn’t come as a bulldozer.

September 11, 2001 was a tragedy and a wrong, but not the first wrong in this exchange between the US and the Middle East. Blocking people from bringing water bottles onto airplanes is a silly and ineffective way to combat it. The right way to do it is to mind our own damn business.

Posted in Uncategorized
4 Sep 2012

Just to clarify my position on blogging for hire

I just wanted to respond publicly to two e-mails I received four hours apart from each other this morning.

Unlike a certain Eve Pearce or Henry Thompson (links provided so you can avoid their sites in the future), this blog and the space on it are not for sale. If I post about a product I like on here, I will usually be nice enough to link to the product manufacturer’s website; however, I have never, and will never, accept any money or other compensation whatsoever in exchange for posting (potentially) dishonest reviews or otherwise turning my blog into a commercial.

This unethical advertising practice disgusts me.

Posted in Uncategorized
2 Aug 2012

Update on Nord, a year later

Kinda forgot about this blog again, basically now it’s little more than a scratch-pad.

So, it’s been a year since I bought my Nord Stage 2, and I have both praises and criticisms for Clavia.

The good

Latency

Honestly this is where having real hardware is an advantage (although we’ll get to some criticisms on the hardware shortly). When I was on software, I got the latency down to about 20ms which is playable, but not really what you want for serious work. With the Stage 2, the latency through my whole audio system (all analog) is <1ms.

Tweakability/flexibility on stage

If you’re not yet aware, typically wherever I live, I end up playing for my church. This means I’m on stage a lot. A keyboard that on stage is both 100% reliable and easily tweakable is hard to build, and Clavia’s done it. I take advantage of it too… very often we get into the middle of a song and I find myself adjusting envelopes, filters, oscillator shape, drawbars, etc. It’s extremely nice to have.

MIDI

I need two physical keyboards even if there’s only one set of sonic possibilities. The Stage 2 does a good enough job of dealing with my Axiom Pro 61 that it’s quite usable on stage. I still wish MIDI routing settings could be saved with the program though, especially as they’ve added similar settings in OS releases since v1.26. It can be tedious to remember which zones to enable on the Axiom. I wish I could just set MIDI rules on the Stage 2, save them with the program, and leave the AP61 on “Zone 1” all the time.

The bad

The main reason I’m writing this post is to codify some of the criticisms I have of Clavia’s design. I understand their design decisions, but disagree with many of them.

Architecture

All of Nord’s products are based off of FreeScale’s CPUs and DSPs — specifically, the CPU is the ColdFire. It’s an old, cheap processor, and the instruction set is a reduced version of Motorola’s 68k. There is support within Linux and gcc for it. I have yet to definitely determine what kernel and C library are in use, but the OS X packages for their firmware contain a blob which is definitely unencrypted, and one interesting string in there is “__gnu_cxx20recursive_m”.

The issue is, I’m really starting to see some limitations hit with this architecture. Like 18 polyphony combined between the two synth slots. I hit that ALL the time. There’s only 16MB of main RAM, and from what I can tell, about 16MB of flash space for the OS. These parts probably total <$50 not including the DSPs. Being that this is keyboard cost me $4,450, I would think Clavia would consider building their boards based off of a more modern architecture with processors that scale well while still generating minimal heat, such as ARM's Cortex A9 or so. Meanwhile, the ColdFire has remained largely unchanged through the last 15 or so years. I do wonder how much work it would be for Clavia to port their OS codebase to ARM; I would guess it depends mostly on integer/float sizes and how much of the OS is currently written in m68k assembly. Judging by what their OS looks like in a hex editor, I'd say most of it is probably C/C++. Yamaha, Korg and Kurzweil have all re-architected their platforms in recent years around Linux and either x86 or ARM. I realize Clavia does not want to be like the big guys, and that's why their keyboards are so awesome, but there is some legitimacy to this hardware architecture approach.

Outputs

The Stage 2 uses I²S internally. Converting I²S to S/PDIF is doable with very cheap, off-the-shelf parts, and yet Clavia has yet to offer any boards with a digital output. Perhaps they think their customers are all old geezers that just want an instrument that sounds like something from the 60s or 70s, and don’t care for this newfangled digital crap. Um.

Product maintenance

I have to give Clavia credit for maintaining their products well in terms of library support, but for some reason or another, flash space is so tight on the Stage 2 that they can’t swap out the drawbar and Leslie engines for the new ones included in the C2D. I dunno about you, but I would readily give up the pedal noise feature (which I never use, since I don’t have their $200 triple pedal) for a better sounding B3 and Leslie.

In general, Clavia seems to be against adding significant new features, particularly in the area of sonic possibilities, after release; once it’s released, save for bugfixes, it sounds how it’s gonna sound forever.

Summary

The Stage 2 is great, though I really think it would benefit from some hardware and architecture changes to bring it into this century. Clavia’s done a great job researching how the sound of a B3 or Steinway grand piano works, and I have no regret about paying out the ass for the results of that research. Now what they need is a good hardware engineer who can make their instruments a hundred times more powerful in terms of processing abilities. Once they do that, they truly will have built the keyboard to end all keyboards.

Posted in Uncategorized