I make music and write software

I’ve started a tech blog

Screen Shot 2014-01-21 at 10.11.06 AM

As a reaction to the many blogs that read like diaries, I have intentionally kept this blog focused on announcing projects, be they musical or computational. However, this meant that I did not have a venue for writing software things that I think are interesting. In an attempt to not muddy this blog I have started a separate tech blog. You can find it here:

Yesterday I spent an hour building a website that suggests absurd sexy halloween costume ideas. Just 24 hours later, it has received a surprising amount of attention.  You can find it at:

You'd better fucking go as a... flirtatious Winnebago

An example of’s suggestions


Last year around this time, I had an idea for a halloween costume idea generator that would play on the fact that halloween costumes have a reputation for gratuitous sexuality. The idea was that you could prefix any non-sense noun with the word “sexy” and make it a hilarious costume idea. It turned out, that wasn’t quite true. Nouns, as a whole, are actually pretty boring so I gave up.

This year, however, I remembered the idea and decided to try it with a list of “funny” nouns. I trolled the internet for a list of funny nouns and found nothing satisfactory, so I started my own. A half-hour later I had a working prototype and decided it was funny enough to merit purchasing a domain name. I had shamelessly cribbed the aesthetic (both comic and visual) from the hilarious (big debt of gratitude to them, buy their fucking cookbook) so I chose:

A few hours later I had the domain name pointed to my server. I wrote a tweet about it, posted a similar message on Facebook and went to dinner.

As of now, 24 hours later, the project has received:

  • 1,200 Facebook likes surpassing the 1,000 like milestone which, my previously most popular project, recently reached after two and a half years.
  • 44 Twitter mentions, including several media personalities with 10s of thousands of followers
  • 34,000 page views from 4,100 unique visitors

It has been just incredible to watch it spread like this first-hand. My “publicity” consisted of 30 seconds of typing and the project has already engaged thousands of people just a day after I started working on it! I’m reminded how empowering the internet is. If you have an idea that people want to share, you can reach the entire internet without having to spend a cent.

I have released the source code for the site into the Public Domain. You can find it, and submit suggestions at the GitHub repository.

Free Edition of Charles Gounod’s Le Crucifix

About three months ago I began working on a Creative Commons edition of Charles Gounod‘s a cappella choral work “Le Crucifix” with Richard Benefield, the music director Old First Presbyterian Church where I am the bass section leader. Mr. Benefield edited the edition and I typeset it using Lilypond. Creating our own edition allowed us to typeset Richard’s original English translation directly into the score and had the side benefit of allowing us to release a high quality French edition into the Creative Commons.

Sample first page of the edition

Sample first page of the edition


You can find the most recent .pdf versions on GitHub release page.
You can find the source code, fork your own version, or report an error at the GitHub page.

Piano Four-Hands Arrangement [Wedding Gift]

Photo credit: Lynne Stevenson Hylton

Photo credit: Lynne Stevenson Hylton

On September 14th, Chelsea and I were married in her parent’s backyard in Southern California. As a wedding gift I arranged a piano four-hands version of the song Chelsea’s dad, Tom Hollow, wrote to sing Chelsea and her siblings to sleep: “Nammies”.

You can hear a crude midi rendering of it here:

Download as .mp3

Thumbnail: Nammies Four Hands pdfDownload sheet music .pdf file

You can fork the Lilypond engraving source file on GitHub.

Papageno’s Glockenspiel-kulele [Ukulele Ringtone]

Jordan Eldredge as Papageno in SFSU's 2005 Magic Flute - Photo credit Isaac Benelli

Jordan Eldredge as Papageno in SFSU’s 2005 Magic Flute – Photo credit Isaac Benelli


Chelsea is out of town again, and the previous ringtones I recorded for her are probably starting to get on her nerves, so I spent yesterday and today recording her a new one. This one is an electric ukulele/bass arrangement of the glockenspiel music Papageno plays to protect himself, and Pamina, from Monostatos in Mozart’s Die Zauberflöte (The Magic Flute).

The recording consists of four tracks with the melody trading off between the first two. The harmonics proved too hard for me to play in real time, so I recorded only a few measures at a time, and pasted them together in post production:

  1. Electric ukulele melody 1
  2. Electric ukulele melody 2 (harmonics)
  3. Electric ukulele chords
  4. Electric bass

Take a listen, and download the mp3 or iPhone ringtone:

Download as .mp3
Download as .m4r (iPhone ring tone)



Two text-tones on the same theme

Papageno’s Ton

Download as .mp3/Download as .m4r (iPhone ring tone)

Papageno’s Tritone

Download as .mp3/Download as .m4r (iPhone ring tone)

One way “curl pipe sh” install scripts can be dangerous [proof of concept]

I have seen several sites recently that offer a one-line installation that looks something like this:

curl -s | sh

While I appreciated the elegance, it set off warning bells. Despite this initial reaction I could’t come up with a reason why it was any less secure than other installation methods. In fact, I read a very logical argument that this method was actually more secure from the highly respected Paul Irish:

Today I realized at least once case that could validate those initial warning bells. Take a look at this proof of concept:

curl -s | sh

I’ll wait while you paste the script url into your browser and make sure it’s not going to do anything naughty…

Now that you’re sure the line is safe to run, paste it into your shell (I dare ya!). Or, if you are a big wimp, pipe the output to `cat` instead of `sh` like so:

curl -s | cat

As you can see Curl returned a different script than the one you saw in your browser. This is achieved by checking for Curl’s user-agent and, when found, serving a different file.

Of couse, the whole point is pretty much moot because the install script is probably installing lots of other code that you haven’t reviewed, so you are wouldn’t be running this code unless you already trusted the author. However, be aware that you may be lulling yourself into a false sense of security because you appear to have the code right infront of you.