Review: Dr. Dre – Compton (2015)

Let me say that I’m a huge fan of Dr. Dre’s previous work in G-Funk – The Chronic and 2001 are both masterpieces that I listen to frequently.  I had a feeling that after going “back to the lab” this time, we wouldn’t get the same level of quality, but I didn’t lose all hope.  Here’s what I think of the album:


A picture of Compton is painted in the style of 50’s news reels with the whitest voice you can hire.  This makes me think of the “home of the future” and other old shorts.  It highlights the claim that Compton is predominantly black and has high crime, although a little research shows that Compton is 65% Hispanic and 32% Black, which is interesting considering this album just came out – perhaps the claim is back-dated to the 90’s in Dre’s heyday.

Talk About It

Ugh this sucks – it starts with yelling crappy rap like we hear in contemporary hip-hop, not what I actually enjoy, which is G-Funk.  Where are the dope beats and clever groovy lyrics I’m looking for?  Then it goes into a moaned auto-tune drone which is apparently the chorus – “I don’t know everything – one thing, one thing I do know (repeat), is one day I’m ‘a have everything”.  This is the worst – who is responsible for this? 1/5


A little vogue-y – it’s kinda OK.  Jamaican style rap – not my thing.  It has a really weird chorus, and I find it pretty boring.  Not funky, not fresh, just junk. 1/5

It’s All On Me

Right off the bat, this sounds better – they have a good sample as the main melody, but the rapping starts and immediately ruins it.  Is this some sort of anthem?  Oh my god this song sucks.  Rapping at 1:00 or so is OK, but it’s not clever and is just boring.  Where’s the drug/gun/murder references?  This is weak. 1/5

All In A Day’s Work

Starts off with a speech about fear.  Music starts with some promising synth, a little funky.  Aaaand I’m disappointed again – the first rapper is singing his lyrics.  Is this an R&B song?  Just a lot of yelling and bitching.  Then horrible auto-tune bridge.  Why is this on a Dre album?  At least it’s somewhat pleasant. 1.5/5

Darkside Gone

“I ain’t never been no gangsta, but I know N*’s from the darkside” – WHAT?  REALLY!?? I don’t care if you KNOW gangstas – how does that make you tough?  A police officer could make the same claim!  There’s a shout-out to Eazy-E, which is a bit cool, but they go into this female harmony that doesn’t mesh with the song at all and has no proper transitions.  I’m so confused.  This just sounds like more bitching.  1/5

Loose Cannons

Again, it’s not G-Funk.  Where is it?  Just a bunch of yelling again.  There’s no content to these lyrics – it’s just a bunch of statements that aren’t really that interesting. Xzibit does slightly better, and has some decent lyrics, but it’s not really that much better.  There’s a scene where someone’s about to get capped, and a woman pleading and some heavy breathing, then a gunshot and a skit about moving a body.  Meh. 1/5


Horrible introduction – someone screaming.  Beat is a little better, rap is a little better (because it’s Ice Cube).  This is probably the best one yet – a solid Ice Cube song.  OMFG.  The chorus is TERRIBLE.  It sounds like Young Thug, who I hate more than anything.  It just descends into a mess of a club song mixed with R&B mixed with sound effects, then the beat finally comes back, but it still sucks.  1.5/5

Deep Water

Seaside sound effects.  Decent dark melody, some good rapping, but it’s ruined by the “chorus” which is just a muddled mess of noise.  There’s a stuttering sound effect on some of the lyrics that’s extremely annoying.  More moaning droning auto-tune – I hate that.  There’s no cohesion to this song at all.  1/5

One Shot One Kill

Hopes are up – Snoop Lion is on this one.  A good beat, some decent rapping, makes me bob my head a little.  Chorus sucks.  “You are now not in the presence of nice guys” – this is probably the worst lyric I’ve ever heard on a Dre album.  Talk about the weakest way to say someone is in danger – they might as well say “watch out, we may or may not commit crimes at some point in the future”.  It just makes me cringe.  1/5

Just Another Day

I don’t know Asia Bryant, but this song has a GREAT beat and samples, but the brass gets old after a few bars.  Rap is OK, but nothing great, and this still doesn’t qualify as G-Funk in my book.  I’m tired of the brass now.  Female Chorus that’s rather boring and doesn’t fit the genre IMHO.  Musically it’s OK. 1.5/5

For the Love of Money

Oh man, Bone Thugz!  When do they start rapping?  Oh wait – they just took that one sample.  There’s some annoying female singing, but then the rap starts.  The rap is OK.  There’s a build-up, but then it just gets quiet and goes back to the women talking.  Is that crap the chorus?  The “Oooh” sample and the “Yeah” sample get old REALLY quick.  Listenable, but not great at all.  2/5


WTF is that noise?  Why is that there?  It sounds like someone yelling incomprehensibly in a sewer.  Women drone the “chorus” as far as I can tell.  Rap consists of talking about being rich and getting women.  Sewer yelling is in the background of the rap, and it’s annoying.  I hate this song.  1/5


This is yet more singing – very upbeat and has an OK melody, but again, it’s not hardcore enough.  This is the sort of uplifting song I hear on Kendrick Lamar’s albums, which is fine in context, but that’s not what I’m looking for from this album.  Lots of cursing in the rap, but no imagery, just bitching and pleading about feelings. 1/5

Medicine Man

Some woman is singing with no backing.  Oh wow she’s cursing oh my, my sensibilities are scarred!! This is just all over the place.  Eminem starts rapping at 2:07 or so.  This sounds like one of the songs from his albums, but it’s very philosophical and free of the normal dark lyrics I look for with his rap.  Where’s the imagery like him and Dre standing there with a can of gas and matches after committing arson and murder?  Nowhere.  This is lame, but listenable.  2/5

Talking To My Diary

Reminds me of Dilated Peoples – Worst Comes To Worst, except that song is WAY better.  Oh man he’s so hard, he is talkin’ to his diary.  I’m scared.  Oh this might be the first mention of “being high” I’ve heard – how controversial.  Another shout-out to Eazy.  Has a GREAT jazz trumpet lick – there should be a whole album of just THAT – Dre may have discovered a new genre here, and he should exploit it.  This is probably the best song yet.  3/5


This album will probably do well in today’s hip-hop scene, since all the music on it sounds exactly what I’m used to hearing these days.  It is NOT suitable for those looking for an addition to 2001 and The Chronic.  Apparently we’ll never get another great G-Funk album from Dre, so it’s probably time to stop wishing.

Identity Removal Tips

Deleting Reddit Account

To truly delete you reddit account, you have to individually delete all the comments you’ve ever made.  This takes a long time, but is worth it.  Then you can just delete your account – the posts and comments you left will remain with your username deleted.


Go to the Posts section and delete posts to your heart’s content.

Jobvite app on Android

unnamedBob Hite and I created an app to search Jobvite on Android devices.  Soon, we’ll be adding functionality to register a referral ID as well as a company to allow people to find job openings in their company and share them with people using other apps.


The app is hosted here.

NamecoinToBind Setup with Debian

I finally got NamecoinToBind working with bind in Debian. If you don’t know what Namecoin is, check this out (it’s pretty nerdy, so be prepared). I ran into some snags with network configuration, specifically when static-ing the IP of my DNS server. So far, I’ve registered one domain in namecoin, erik.bit. You can see the activity on this record here. If you have a working bind server, you can use NamecoinToBind to periodically create zone files for the .bit TLD. Currently, these zone files can create some issues in bind though, so you have to do the following in your bind configuration:

check-names master ignore;
check-names slave ignore;
check-names response ignore;

This basically allows things like -.bit to work, which is insane:

hank@shelob ~ $ nslookup "\-.bit"
Name:	-.bit

Password security limitations of various websites

After reading , I decided to go through and do a nice password cleansing. After a few years of “good password policies” being trumpeted around, I thought I’d find a majority of website accepting large (> 16-digit) alpha-numeric-symbolic passwords. This was a terrible assumption, and as I’ve been going through and finding these limitations, I’ve been sending complaints to each customer service department. Just a note, the passwords I’m trying are more than 20 characters with symbols, numbers, and uppercase and lowercase letters. Here’s a summary:

Site Notes Result
Amazon Allows the password. Gold Star!
Discover Card Allows the password. Gold Star!
Chase Doesn’t allow symbols.
Ally 16 character maximum!
Fidelity 12 character maximum, no symbols!
Instructables Allows the password. Gold Star!
LinkedIn Allows the password. Gold Star!
Kiva Allows the password. Gold Star!
Yahoo Allows the password. Gold Star!
Mt. Gox Allows the password. Gold Star!
Dwolla Allows the password. Gold Star!
CampBX Allows the password. Gold Star!
Paypal 20 character maximum!
Allstate Passwords must be 6 to 10 characters, certain symbols not allowed (<, >)!
Geico 16 character maximum! Only allows certain special characters!
Github Allows the password. Gold Star!
Site5 Allows the password. Gold Star!
IMDB Allows the password. Gold Star!
Ebay 16 character maximum!
Etrade Strange invalid character error, not a stated limitation. Further investigation shows no special characters are allowed.
Newegg Allows the password. Gold Star!
Netflix 4-10 characters.

The really alarming part is most of the failures I ran into had to do with banking/money. Why do these sites put limits on user password security? It seems like that’s the last place you would want these kinds of limitations. It’s hilarious that sites like IMDB, which I don’t expect strong security from whatsoever, allow me to use more secure passwords than my bank accounts. I especially love this from Etrade – they don’t specify what character was invalid, or that there are any invalid characters that could be entered:

Upon further investigation, I found out they don’t allow special characters.

I also love how Netflix apparently allows a 4-character password! That’s secure, huh!

Got some new vanity bitcoin addresses

I generated these using vanitygen.


The first two even work in firstbits (1erikg and 1manatee)!


I also got a litecoin vanity address:


I generated it like this:

./vanitygen -o vanity.out -X 48 -ik Lerikg

Bitcoin Brainfungus

So, I’ve been “fungusing,” as my friend Geet would put it, on Bitcoin lately. I got myself into a bit of a pickle lately, and I wanted to document what happened and what I did to resolve it. Basically, I’m trying to create physical bitcoins from exceedingly cheap materials. Currently, my plan is to use plastic pirate gold coins with round hologram tamper evident stickers, and under the stickers jam a QRcode or just a label with the private key. This way, you can peel off the tamper evident sticker to redeem the coin. The materials per unit will run about 10 cents (3.5 cents for the plastic, 6 cents for the sticker, plus a label/printout/whatever). There are other places where you can get physical world bitcoins, but they’re expensive! Casascius has some really nice ones for a bit more than a 2 USD premium at current prices:

I’m hoping to make it so these bits of plastic have about zero sentimental value – just pirate coins with numbers thrown on them – but they still seem like money for some reason. I might eventually experiment with metal versions.

I figured out how to generate physical-world-friendly coins using the code found here:

Basically, it seeds the random number generator with entropy from good old OSX, then proceeds to generate a bunch of private keys. It finds private keys that conform to the mini key format discussed here:

So, I went on a quest to figure out how to extract the public key from this private key. It turns out there’s some interesting elliptic curve math involved, and tools exist to somewhat securely dump out the associated data for a public key. The best one I found was the following:

This allows you to locally (yes, in javascript delivered by SSL) dump all relevant information about a private key. I proceeded to key in the private key to the Wallet Details tab, and I got all the information I needed. Next, I sent 5 bitcents (currently trading for about fifty cents USD) to the compressed address. This is where things got weird. After a bit, I noticed the transaction had propagated here:

So, I went to my Mt. Gox account and tried to redeem the private key as a deposit method. It said it was valid, but had no bitcoins associated with it. Uhoh…
Then I tried using the compressed private key. Still no go. I tried everything listed on the bitaddress page, and nothing would let me recover the address.
After a bunch of time, I finally got bitcoind compiled on OSX and properly connecting to bitcoin-qt. I added the address using the following command:

./bitcoind importprivkey L3tUmpNLdfPDMuYDpzNqfwFbCJo6sCkxCahyLibYEm4M9qAHbpZ2
error: {"code":-4,"message":"Error adding key to wallet"}

Oh of course – I forgot to unlock my wallet before doing this. This is how you fix that:

read x && ./bitcoind walletpassphrase "$x" 300 && unset x

This will read your password from STDIN, run it into the bitcoin client and have it store it for 300 seconds, then unset it from the shell. Sure, there are more secure ways to do this, but this is so quick and easy! Finally, I was able to import the private key using the command I showed first (it worked this time, but took a while). It automatically picked up the 5 bitcent balance and added it to my wallet balance (yay!). Here’s a screenshot of the key data I was working with (it’s useless now since I’ve transferred all the BTC out of this account):

As you can see, the private minikey at the bottom is really short (22 characters). I’ll probably be creating an instructable if the whole coin idea works out.


I finally got my QRCode printing down with 30% error correction built in, so I can embed the bitcoin logo front and center on the QRCode itself. Here’s an example:

This contains the private key for a wallet with a single satoshi in it. Here’s the address I used to fill the account:

I was able to print the above QRCode in color, then scan it directly into the Mt. Gox app under Transfer -> Redeem. Here’s the result:

Now all I need is a sword!

I have my bow.

And now I have MY AXE.


It was made by the hand of Anders Stromstedt in Sweden, who looks totally awesome:

The axe feels fantastic, looks fantastic, and has a very sharp edge. I can’t wait to go chop some stuff with it.

More Content Security Policy work

Firefox seems to be the only browser strictly enforcing the X-Content-Security-Policy header at the moment. This is both good and bad: good because it doesn’t adversely effect me here in my Chrome bubble, and bad because it seems to effect some of my readers. I installed Firefox 9 to debug the issue, and ended up with this policy:

[gist id=”1653770″]

The only problem with this is I had to whitelist all of github. This is a problem, because provided one could post script tags in comments on here, they could just link to a raw script in their repository and the policy is meaningless. Without path support in the standard grammar, I can’t properly integrate with github. I hope they add this support so I can do something like the following:

[gist id=”1653778″]

That would at least make it a little harder to do XSS. Of course, they offer subdomains, so this still doesn’t fix the problem. The only way to fix it is to whitelist explicit paths without wildcards. This is more verbose, but it would be better.

In closing, I like CSP, and I think it’s a good idea, but it’s still in early stages after a couple years, and needs a bit of work.