Author Archives: Tim

F-Secure Sense: a success and a failure (and why you should not rely on your anti-virus software)

I am in the process of reviewing F-Secure sense, a hardware firewall which works by inspecting internet traffic, rather than scanning files on your PC or mobile device. This way, it can protect all devices, not only the ones on which an anti-malware application is installed.

I get tons of spam and malware by email, so I plucked out a couple to test. The first was an email claiming to be an NPower invoice. I don’t have an account with NPower, so I was confident that it was malware. Even if I did have an account with NPower, I’d be sure it was malware since it arrived as a link to a website on my.sharepoint.com, where someone’s personal site has presumably been hacked.

I clicked the link hoping that Sense would intercept it. It did not. Here is what I saw in Safari on my iPad:

image

(Wi-Drive is a storage app that I have installed and forgotten about). I clicked More and saved the suspect file to Apple’s iCloud Drive.

Then I went to a Windows PC, and clicking very carefully, downloaded the file from iCloud Drive. The PC is also connected to the Sense network.

Finally, I uploaded the file for analysis by VirusTotal:

image

Well, it is certainly a virus, but only 4 of 58 scanning engines used by VirusTotal detect it. You will not be surprised to know that F-Secure was one of the engines which passed it as clean.

image

Note that I did not try to extract or otherwise open the files in the ZIP so there is a possibility that it might have been picked up then. Still, disappointing, and an illustration of why you should NOT rely on your antivirus software to catch all malware.

Now the good news. I had another email which looked like a phishing attempt. I clicked the link on the iPad. It came up immediately with “Harmful web site blocked.”

image

While that is a good thing, 50% of two attempts is not good – it only takes one successful infection to cause a world of pain.

My view so far is that while Sense is a useful addition to your security defence, it is not to be trusted on its own.

In this I am odds with F-Secure which says in its FAQ that “With F-Secure SENSE no traditional security software is needed,” though the advice adds that you should also install the SENSE security app.

image

F-Secure Sense Firewall first look: a matter of trust

Last week I journeyed to Helsinki, Finland, to learn about F-Secure’s new home security device (the first hardware product from a company best known for anti-virus software), called Sense.

I also interviewed F-Secure’s Chief Research Officer Mikko Hypponen and wrote it up for The Register here. Hypponen explained that a firewall is the only way to protect the “connected home”, smart devices such as alarms, cameras, switches, washing machines or anything that connects to the internet. In fact, he believes that every appliance we buy will be online in a few years time, because it costs little to add this feature and gives vendors great value in terms of analytics.

Sense is a well made, good looking firewall and wireless router. The idea is that you connect it to your existing router (usually supplied by your broadband provider), and then ensure that all other computers and devices on your networks connect to Sense, using either a wired or wireless connection. Sense has 3 LAN Ethernet ports as well as wireless capability.

This is not a full review, but a report on my first look.

image

Currently you can only set up Sense using a device running iOS or Android. You install the Sense app, then follow several steps to create the Sense network. You can rename the Sense wifi identifier and change the password. The device you use to setup Sense becomes the sole admin device, so choose carefully. If you lose it, you have to reset the Sense and start again.

My initial effort used the Android app. I ran into a problem though. The Sense setup said it required permission to use location:

image

I am not sure why this is necessary but I was happy to agree. I clicked continue and verified that Location was on:

image

Then I returned to the Sense app but it still did not think Location was available and I could not continue.

Next I tried the iOS Sense app on an iPad. This worked better, though I did hit a glitch where the setup did not think I had connected to the wifi point even though I had. Quitting and restarting the app fixed this. I am sure these glitches in the app will be fixed soon.

I was impressed by the 16 character password generated by default. Yes I have changed it!

image

I was up and running, and started connecting devices to the Sense network. Each device you connect shows up as a protected device in the Sense app.

There are very limited settings available (and no, you cannot use a web browser instead, only the app). You can set a few network things: IP address, DHCP range. You can configure port forwarding. You can set the brightness of the display, which normally just shows the time of day. You can view an event log which shows things like devices added and threats detected; it is not a firewall log. You can block a device from the internet. You can send feedback to the Sense team. And that is about it, apart from the following protection settings:

image

The above is the default setting. What exactly do Tracking protection and Identify device type do? I cannot find this documented anywhere, but I recall in our briefing there was discussion of blocking tracking by advertisers and identifying IoT devices in order to build up a knowledgebase of any security flaws in order to apply protection automatically. But I may be wrong and do not have any detail on this. I enabled all the options on my Sense.

As it happens, I have a device which I know to be insecure, a China-made IP camera which I wrote about here. I plugged it into the Sense and waited to see what would happen.

Nothing happened. Sense said everything was fine.

image

Is everything OK? I confess that I did not attach Sense directly to my router. I attached it to my network which is behind another firewall. I used this second firewall to inspect the traffic to and from the Sense. I also disconnected all the devices other than the IP Camera.

I noticed a couple of things. One is that the Sense makes frequent connections to computers running on AWS (Amazon Web Services). No doubt this is where the F-Secure Security Cloud is hosted. The Security Cloud is the intelligence piece in the Sense setup. Not all traffic is sent to the Security Cloud for checking, but some is sent there. In fact, I was surprised at the frequency of calls to AWS, and hope that F-Secure has got its scaling right since clearly this could impact performance.

The other thing I noticed is that, as expected, the IP Camera was making outbound calls to a couple of servers, one in China and one in Singapore, according to the whois tools I used. Both seem to be related to Alibaba in China. Alibaba is not only a large retailer and wholesaler, but also operates a cloud hosting service, so this does not tell me much about who is using these servers. However my guess is that this is some kind of registration on a peer to peer network used for access to these cameras over the internet. I don’t like this, but there is no way I can see in the camera settings to disable it.

Should Sense have picked this up as a threat? Well, I would have liked it if it had, but appreciate that merely making outbound calls to servers in China is not necessarily a threat. Perhaps if someone tried to hack into my camera the intrusion attempt would be picked up as a threat; it is not easy to test.

On the plus side, Sense makes it very easy to block the camera from internet access, but to do that I have to be aware that it might be a threat, as well as finding other ways to access it remotely if that is something I require.

Sense did work perfectly when I tried to access a dummy threat site from a web browser.

image

If you disagree with Sense, there is no way to proceed to the dangerous site, other than disabling browser protection completely. Perhaps a good thing, perhaps not.

It all comes down to trust. If you trust F-Secure’s Security Cloud and technology to detect and prevent any dangerous traffic, Sense is a great device and well worth the cost – currently £169.00 and then a subscription of £8.50 per month after the first year. If you think it may make mistakes and cause you hassle, or fail to detect attacks or malware downloads, then it is not a good deal. At this point it is hard for me to tell how good a job the device is doing. Unfortunately I am not set up to click on lots of dangerous sites for a more extensive test.

I do think the product will improve substantially in the first few months, as it builds up data on security risks in common devices and on the web.

Unfortunately more technical users will find the limited options frustrating, though I understand that F-Secure wants to limit access to the device for security reasons as well as making it simpler to use. The documentation needs improving and no doubt that will come soon.

More information on Sense is here.


The threat from insecure “security” cameras and how it goes unnoticed by most users

Ars Technica published a piece today about insecure network cameras which reminded me of my intention to post about my own experience.

I wanted to experiment with IP cameras and Synology’s Surveillance Station so I bought a cheap one from Amazon to see if I could get it to work. The brand is Knewmart.

image

Most people buying this do not use it with a Synology. The idea is that you connect it to your home network (most will use wifi), install an app on your smartphone, and enjoy the ability to check on how well your child is sleeping, for example, without the trouble of going up to her room. It also works when you are out and about. Users are happy:

So far, so good for this cheap solution for a baby monitor. It was easy to set up, works with various apps (we generally use onvif for android) and means that both my wife and I can monitor our babies while they’re sleeping on our phones. Power lead could be longer but so far very impressed with everything. The quality of both the nightvision and the normal mode is excellent and clear. The audio isn’t great, especially from user to camera, but that’s not what we bought it for so can’t complain. I spent quite a long time looking for an IP cam as a baby monitor, and am glad we chose this route. I’d highly recommend.

My needs are a bit different especially as it did not work out of the box with Surveillance Station and I had to poke around a bit. FIrst I discovered that the Chinese-made camera was apparently identical to a model from a slightly better known manufacturer called Wanscam, which enabled me to find a bit more documentation, but not much. I also played around with a handy utility called Onvif Device Manager (ONVIF being an XML standard for communicating with IP cameras), and used the device’s browser-based management utility.

This gave me access to various settings and the good news is that I did get the camera working to some extent with Surveillance Station. However I also discovered a number of security issues, starting of course with the use of default passwords (I forget what the admin password was but it was something like ‘password’).

The vendor wants to make it easy for users to view the camera’s video over the internet, for which it uses port forwarding. If you have UPnP enabled on your router, it will set this up automatically. This is on by default. In addition, something strange. There is a setting for UPnP but you will not find it in the browser-based management, not even under Network Settings:

image

Yet, if you happen to navigate to [camera ip no]/web/upnp.html there it is:

image

Why is this setting hidden, even from those users dedicated enough to use the browser settings, which are not even mentioned in the skimpy leaflet that comes with the camera? I don’t like UPnP and I do not recommend port forwarding to a device like this which will never be patched and whose firmware has a thrown-together look. But it may be because even disabling UPnP port forwarding will not secure the device. Following a tip from another user (of a similar camera), I checked the activity of the device in my router logs. It makes regular outbound connections to a variety of servers, with the one I checked being in Beijing. See here for a piece on this, with regard to Foscam cameras (also similar to mine).

I am not suggesting that there is anything sinister in this, and it is probably all about registering the device on a server in order to make the app work through a peer-to-peer network over the internet. But it is impolite to make these connections without informing the user and with no way that I have found to disable them.

Worse still, this peer-to-peer network is not secure. I found this analysis which goes into detail and note this remark:

an attacker can reach a camera only by knowing a serial number. The UDP tunnel between the attacker and the camera is established even if the attacker doesn’t know the credentials. It’s useful to note the tunnel bypasses NAT and firewall, allowing the attacker to reach internal cameras (if they are connected to the Internet) and to bruteforce credentials. Then, the attacker can just try to bruteforce credentials of the camera

I am not sure that this is the exact system used by my camera, but I think it is. I have no intention of installing the P2PIPC Android app which I am meant to use with it.

The result of course is that your “security” camera makes you vulnerable in all sorts of ways, from having strangers peer into your bedroom, to having an intrusion into your home or even business network with unpredictable consequences.

The solution if you want to use these camera reasonably safely is to block all outbound traffic from their IP address and use a different, trusted application to get access to the video feed. As well as, of course, avoiding port forwarding and not using an app like P2PIPC.

There is a coda to this story. I wrote a review on Amazon’s UK site; it wasn’t entirely negative, but included warnings about security and how to use the camera reasonably safely. The way these reviews work on Amazon is that those with the most “helpful votes” float to the top and are seen by more potential purchasers. Over the course of a month or so, my review received half a dozen such votes and was automatically highlighted on the page. Mysteriously, a batch of negative votes suddenly appeared, sinking the review out of sight to all but the most dedicated purchasers. I cannot know the source of these negative votes (now approximately equal to the positives) but observe that Amazon’s system makes it easy for a vendor to make undesirable reviews disappear.

What I find depressing is that despite considerable publicity these cameras remain not only on sale but highly popular, with most purchasers having no idea of the possible harm from installing and using what seems like a cool gadget.

We need, I guess, some kind of kitemark for security along with regulations similar to those for electrical safety. Mothers would not dream of installing an unsafe electrical device next to their sleeping child. Insecure IoT devices are also dangerous, and somehow that needs to be communicated beyond those with technical know-how.

Fixing Logitech Media Server for Microsoft Edge – and playing DSD

I run Logitech Media Server (LMS) on a Synology NAS. It works very well, better than when I used a Windows VM.

There is an annoyance though. Synology has been slow to keep its LMS package up to date and the official release is still 7.7.6. There are a few issues with this release, but I lived with it, until I discovered that LMS 9.x can play DSD files, using a DSDPlayer plugin that adds DoP (DSD over PCM) support. This means you can output native DSD provided you have a DSD DAC (and some DSD files to play). DSD is the format used by SACD and some audiophiles swear it sounds better than PCM.

I then discovered that Synology is showing signs of updating LMS and has a beta release of LMS 9.0. You enable beta versions in the Package Center and it will offer to update.

image

I installed, then added DSDPlayer and, hmm, I could see the DSD files but they did not play.

I found a fix for the DSD issue. A user has updated the plugin, and if you add the following plugin repository:

http://server.pinkdot.nl/dsdplayer/repo.xml

you can update DSDPlayer and it works. 

image

Now I can play native DSF files through Squeezebox Touch (you also need the EDO modification) and a Teac DSD DAC. Great.

However, I then discovered that the LMS 9.0 UI does not work in Microsoft Edge, if you have the Creators Update. The links are not clickable.

There is a fix described here. I found the commit on GitHub here. However this does not update the Synology package. I logged into the Synology over SSH and made the change manually in @appstore/SqueezeCenter/HTML/Default/slimserver.css.

It works. I’m glad because I have LMS on the Edge favourites bar, and the alternative (opening LMS in IE or another browser) is less convenient.

And yes, I use Edge, in part to keep in touch with what it is like, in part because I’m resistant to a Google Chrome monoculture, and in part because it’s pretty good now (the initial Edge release was hardly usable).

There is still a problem though. The LMS Settings page does not work in Edge. I can live with that (open in Internet Explorer) but would like to find a fix.

Update: I fixed the settings issue by installing the latest LMS 9.0 with this patch. Many thanks to LMS user pinkdot on the LMS forums. However I still needed the manual fix for slimserver.css.

Email hassles with migration to Windows 10 – if you use Windows Live Mail

Scenario: you are using Windows 7 and for email, Windows Live Mail, Microsoft’s free email application. You PC is getting old though, so you buy a new PC running Windows 10, and want to transfer your email account, contacts and old messages to the new PC.

Operating systems generally come with a built-in mail client, and Windows Live Mail is in effect the official free email client for Windows 7. It was first released in 2007, replacing Windows Mail which was released with Vista in 2006. This replaced Outlook Express, and that evolved from Microsoft Mail and News, which was bundled with Internet Explorer 3 in 1996. Although the underlying code has changed over the years, the user interface of all these products has a family resemblance. It is not perfect, but quite usable.

Windows 8 introduced a new built-in email client called Mail. Unlike Windows Live Mail, this is a “Modern” app with a chunky touch-friendly user interface. Microsoft declared it the successor to Windows Live Mail. However it lacks any import or export facility.

The Mail app in Windows 10 is (by the looks of it) evolved from the Windows 8 app. It is more intuitive for new users because it no longer relies on a “Charms bar” to modify accounts or other settings. It still has no import or export feature.

The Mail app is also not very good. I use it regularly now myself, because there is an account I use which works in Mail but not in Outlook. I don’t like it. It is hard to articulate exactly what is wrong with it, but it is not a pleasure to use. One of the annoyances, for example, is that the folders I want to see are always buried under a More button. More fundamentally, it is a UWP (Universal Windows Platform) app and doesn’t quite integrate with the Windows desktop as it should. For example, pasting text from the clipboard is hilariously slow and flashes up a “Pasting” message in an attempt to disguise this fact. Sometimes it behaves oddly, an open message closes unexpectedly. It is like the UWP Calculator app, another pet hate of mine – I press the Calculator key on my Windows keyboard, up comes the Calculator, then I type a number and it doesn’t work, I have to click on it with the mouse before it accepts input. Just not quite right.

I am getting a little-off topic. Back to my scenario: how are you meant to transition from Windows Live Mail, the official mail client for Windows 7, to the Mail app in Windows 10, if there is no import feature?

In one way I can explain this. First, Microsoft does not really care about the Mail app. Everyone at Microsoft uses Outlook for email, which is a desktop application. This is important, because it means there is no internal pressure to make the Mail app better.

Second, Microsoft figures that most people now have a cloud-centric approach to email. Your email archive is in the cloud, so why worry about old emails in your Mail client?

This isn’t always the case though. A contact of mine has just been through this exact scenario. He has happily used Windows Live Mail (and before that Outlook Express) for many years. He has an archive of old messages which are valuable to him, and they are only in Windows Live Mail.

Unfortunately Microsoft does not currently have any solution for this. The answer used to be that Windows Live Mail actually works fine on Windows 10, so you can just install it. However Microsoft has declared Windows Live Essentials, of which Live Mail is a component, out of support and it is no longer available for download.

image

Incidentally I am writing this post in Windows Live Writer, another component of Essentials, but which fortunately has been published as open source.

If you can find the Windows Live installation files though, it still runs fine on Windows 10. You do need the full setup, called wlsetup-all.exe, rather than the web version which downloads components on demand. Here it is, installed and connected on Windows 10:

image

This application is no longer being maintained though, and there are some compatibility issues with some email services. This will get worse. The better answer then is to migrate to full Outlook. However, Microsoft makes Outlook expensive for home users, presumably to protect its business sales. Office Home and Student does not include Outlook, and to buy it separately costs more, currently £109 in the UK. Another option is to subscribe to Office 365 and pay a monthly fee.

Even if you intend to migrate to Outlook eventually, it may make sense to use Live Mail for a while on Windows 10. There is an export option to “Exchange” format which means you can migrate messages from Live Mail to Outlook.

This is all more work than it should be, for what must be a common scenario. You would think that migrating from the official mail client for Windows 7, to the official mail client for Windows 10, would not be so difficult.

More on MQA and Tidal: a few observations

I have signed up for a trial of the Tidal subscription service and have been listening to a few of the MQA-encoded albums that are available. You can find a list here. Most of the albums are from Warner, which is in the process of MQA-encoding all of its catalogue.

From my point of view, having familiar material available to test is a huge advantage. Previous MQA samples have all sounded good, but with no point of reference it is hard to draw conclusions about the value of the technology.

I have used both the software decoding available in the Tidal desktop app (running on Windows), and the external Meridian Explorer 2 DAC which is an affordable solution if you want something approaching the full MQA experience.

image

Note that on Windows you have to set Exclusive mode for MQA to work correctly. When using an MQA-capable DAC, you should also set Passthrough MQA. The Explorer 2 has a blue light which shows when MQA is on and working.

image

For these tests, I used the Talking Heads album Remain in Light, which I know well.

The Tidal master is different from any of my CDs. Here is the song Born under Punches in Adobe Audition (after analogue capture):

image

Here is my remastered CD:

image

This is pretty ugly; it’s compressed for extra loudness at the expense of dynamic range.

Here is my older CD:

image

This is nicely done in terms of dynamic range, which is why some seek out older masterings, despite perhaps using inferior source tapes or ADC.

This image shows three variants of the track streamed by Tidal and captured via ADC into a digital recorder at 24-bit/96 kHz.

image

The first is the track with full MQA enabled and decoded by the Explorer 2. The second is the “Hi-Fi” version as delivered by Tidal, essentially CD quality. The third is the “Master” version, in other words the same source as the first, but with Exclusive mode turned off in Tidal, which prevents MQA from working.

You can see at a glance that MQA is doing what it says it does and extending the frequency response. The CD quality output has a maximum frequency response of 22 kHz whereas the MQA output extends this to 48 kHz at least as captured by my 24-bit / 96 kHz (the theoretical maximum frequency response is half the sampling rate).

Do they sound different though, bearing in mind that we cannot hear much above 20 kHz at best, and less than that as we age? I have been round this hi-res loop many times and concluded that for most of us there is not much benefit to hi-res as a delivery format. See here for some tests, for example.

MQA is not just extended frequency response though; it also claims to fix timing issues. However my captured samples are not really MQA; they are the output from MQA after a further ADC step. Of course this is not optimal but the alternative is to capture the digital output, which I am not set up to do.

An interesting question is whether the captured MQA output, after a second ADC/DAC conversion, can easily be distinguished from the direct MQA output. My subjective impression is, maybe. The first 30 seconds of Born Under Punches is a sort of collage of sounds including some vocal whoops, before David Byrne starts singing. What I notice listening to the Tidal stream with MQA enabled is that the different instruments sound more distinct from each other making the music more three-dimensional and dramatic. The vocals sound more natural. It is the best I have heard this track.

That said, I have not yet been able to set up any sort of blind test between the true MQA stream and my copy, which would be interesting, since what I have captured is plain old PCM.

There is a key point to note though, which is that mastering offered by Tidal is better than any of the CD versions I have heard; the old Eighties mastering is more dynamic but sounds harsher to my ears.

With or without MQA; you might want to subscribe to Tidal just to get these superior digital transfers.

Update: it seems that the Tidal stream for Remain in Light (both MQA and Hi-Fi) is a different mix, possibly a fold-down from the 5.1 release. So it is not surprising that it sounds different from the CD. The question of whether the MQA decoded version sounds different still applies though.

-

The MQA enigma: audio breakthrough or another false dawn?

The big news in the audio world currently, announced at CES in Las Vegas, is that music streaming service Tidal has signed up to use MQA (Master Quality Authenticated), under the brand name Tidal Masters. MQA is a technology developed by Bob Stuart of Meridian Audio, based in Cambridge in the UK, though MQA seems to have its own identity despite sharing the same address as Meridian.

image

What is MQA? The question is easy but the answer is not. Here is the official short description:

Conventional audio formats discard parts of the sound to keep file size down, but part of this lost detail is the subtle timing information that allows us to build a realistic 3D soundscape in our minds. … With MQA, we go all the way back to the original master recording and capture the missing timing detail. We then use advanced digital processing to deliver it in a form that’s small enough to download or stream.

At first sight it looks like another format for lossless audio, and the description on MQA’s site confuses matters by making a comparison with MP3:

MP3 brings you just 10% of what was recorded in the studio. Everything else is lost to fit the music into a conveniently small file. MQA brings you the missing 90%.

There are two problems with this statement. One is that MP3 (or its successor AAC) actually sounds very close to the original, such that in tests most cannot tell the difference; and the other is that audiophiles tend not to use MP3 anyway, preferring formats like FLAC or ALAC (Apple’s version) which are lossless.

There is more to it than that though. There are three core aspects to MQA:

1. “Audio origami”: MQA achieves higher resolution than CD (16-bit/44.1MHz) by storing extra information in audio files that is otherwise wasted, as it stores audio that is below the noise floor (ie normally inaudible). There is a bit of double-think here as removing unnecessary parts of audio files is the sort of thing that MP3 and AAC do, which the MQA folk have told us is bad because we are not getting 100%.

This is also similar in concept to HDCD (High Definition Compatible Digital), a technology developed by Pacific Microsonics in the Eighties and acquired by Microsoft. Of course MQA says its technology is quite different!

Note that you need an MQA decoder to benefit from this extra resolution, and there is a nagging worry that without it the music will actually sound worse (HDCD has the same issue).

2. Authentication. MQA verifies that the digital stream is not tampered with, for example by audio features that convert or enhance the sound with digital processing. This can be an issue particularly with PCs or Macs where the built-in audio processing will do this by default, unless configured otherwise.

3. Audio “de-blurring”. According to MQA’s team:

There’s a problem with digital – it’s called blurring. Unlike analogue transmission, digital is non-degrading. So we don’t have pops and crackles, but we do have another problem – pre- and post-ringing. When a sound is processed back and forth through a digital converter the time resolution is impaired – causing ‘ringing’ before and after the event. This blurs the sound so we can’t tell exactly where it is in 3D space. MQA reduces this ringing by over 10 times compared to a 24/192 recording.

If this is an issue, it is not a well-known one, at least, not outside the niche of audiophiles and hi-fi vendors who historically have come up with all sorts of theories about improving audio which do not always stand up to scientific scrutiny.

So is MQA solving a non-problem? That’s certainly possible; but I do find it interesting that MQA has received a generally warm reception from listeners.

Here’s one audiophile’s reaction:

Have never really “done” digital before. 16/44 has always sounded ghastly to my ears right from the start and still now. MQA did indeed “fix” the various forms of distortion that I could hear present in everything where the sampling rate was taken down to just 44. … My findings – those of an improved sense of solidity in the stereo image and the lack of that horrendous crystalline glassy edge to things, especially on the fade, seem to be being mirrored in what people are hearing. It doesn’t have that thing I describe as a “choppy sense of truncation” which I suspect others mean by “transients”.
Basically, per the post above, it’s a bit like “good analogue”. Digital can finally hold its head up high against an analog from master-to vinyl performance. And not only that, hopefully, walk all over it and give us something genuinely new.

If this history of audio has shown us anything, it is that subjective judgements about what makes something sound better (and whether it is better) are desperately unreliable. Further, it is often hard to make true comparisons because to do requires so much careful preparation: identical source material, exactly matched volume, and the ability to switch between sources without knowing which is which, to avoid our clever brains from intervening and telling us we are hearing differences which our ears alone cannot detect.

We should be sceptical then; and even possibly depressed at the prospect of a proprietary format spoiling the freedom we have enjoyed since the removal of DRM from most downloadable audio files.

Still … is it possible that MQA has come up with a technology that really does make digital audio better? Of course we should allow for that possibility too.

I have signed up for Tidal’s trial and will report back shortly.

Ripping vinyl with the Plato home entertainment system

I am a tad conflicted when it comes to vinyl records. On the one hand, I have not seen convincing scientific evidence, or a properly conducted blind test, that demonstrates any reason why record replay is superior to digital, while there is plenty of evidence for the reverse. On the other hand, I put on a well-mastered record, and it is like magic, I am transported into the music in a way that my digital sources rarely achieve. Plus the sleeves are beautiful, and in the case of older recordings, a sense that this is the real thing and subsequent formats mere copies (even if they do sound better). Finally, sometimes missing or damaged master tapes, or the bad habits of the recording industry in compressing CD audio so that it is uniformly LOUD, mean that records sometimes really do sound better, despite the limitations of the format.

If you like the sound of records but the convenience and security against damage that digital offers, you might want to rip them. I have done this but would not describe it as easy. You have to play the record in the closest to ideal conditions you can manage – clean record, no dust accumulated on the stylus, high quality turntable and phono stage – while also recording the output through an analogue to digital converter (ADC). Then when done, you have to break the result into separate tracks and tag it correctly. There is software to assist this whole process, like Channel D’s Pure Vinyl, but it is never that quick and easy. There is also the question of how much to tinker with the results in the hope of improving it, via click removal and the like. Personally I tend to the view that most things risk making the sound worse, but there is certainly a case for it, especially with particularly intrusive scratches.

Last week I went to a demo of Plato, a system for ripping vinyl combined with an all-in-one home media playback solution. It comes from the Derby-based company Convert Technologies, formerly known as Entotem. The company has also launched the Red Dot recording service, through which you can get them to rip vinyl or even CDs on your behalf.

image

The company showed me its top of the range unit, which is an all-in-one box for storing digital media as well as playing it, and includes a power amplifier which delivers, they say, 25W Class A amplification or 50W Class B. The idea of Class A/B amplification is not new so I am not sure whether there is any secret sauce in the Plato design; however the company also offers a Class B version at a considerably lower price.

The system runs Android customised for the purpose, with a touch screen. There is also a controller app which works best on Android but is also available for Apple iOS with “approx 70% of the functionality”. It includes an ESS Sabre 32 DAC and ADC. Inside is a beefy toroidal tranformer powering the various boards. Around the back is a generous set of inputs and outputs, including MM/MC phono input, 3 additional line inputs, 1 coax and 3 optical digital inputs, 2 optical digital outputs, 1 HDMI output, and 3 USB 2.0 ports.

The digital format can be set up to 24-bit/192 kHz.

image

You can pay extra for SSD storage which is pretty pointless from a technical point of view (SSD is much faster, but a conventional hard drive easily fast enough for audio recordign and playback) but would lower the noise level slightly, though the fan is likely to be louder in any case.

Having all the controls functions driven by software enables plenty of features. You can change the phono input from moving coil to moving magnet, vary the capacitance and resistance,  and apply a rumble filter, for example.

Ripping vinyl is a matter of pressing a red button (hence the name of the ripping service). When the audio is played, there is an analogue chain for listening, I was told, but also a “parallel digital path” which captures a sample of the audio and sends it to Gracenote, an online tagging service, for recognition. If you are lucky, you will get the metadata and album artwork automatically retrieved. The system will also separate the tracks for you, taking most of the drudgery out of the ripping process. 

The system does not attempt any click or noise reduction. “We have looked at it, because we write all the software, but most people said ‘don’t do it’,” said Pete Eason, Customer Experience Manager. “It’s not a priority”.

You can export the files to USB storage, so you could do your own additional processing if you wanted. However there is an annoyance: the agreement with Gracenote prohibits the export of the album art. So if you export your files for playback on a phone, for example, you don’t get the art. That’s irritating and there is talk of switching to another metadata supplier to fix it.

The system will stream music from attached USB storage, or over the network using UPnP. I am not a fan of UPnP because it seems less amenable to search, and less reliable, than other systems such as Logitech Media Server, but it should work OK. Internet radio is also provided, via the TuneIn service.

However you cannot access Plato’s storage directly over the network. This makes me wonder if Plato’s engineers would have been better off using Linux rather than Android for their embedded OS, as that would make this trivial to implement.

There is no support for Spotify Connect, which is a shame. You can of course stream to the unit from a phone or laptop using a device such as Google ChromeCast but that is not the same thing, since the quality and consistency of the signal is limited by your phone.

The Red Dot ripping service sounds good for those with plenty of money and little time, especially as it includes a cleaning service, but it is expensive at £10.00 per album and a minimum quantity of 25. Note you could buy the CD for less in many cases.

There is also a limitation in terms of the playback equipment used. It would be too expensive to use a true high-end cartridge and stylus. Red Dot uses “a really decent Pro-Ject Debut Carbon turntable and Ortofon stylus,” according to the FAQ, though they talked about other possible turntables, but always mid-range. That may not equal the equipment you have at home.

I got to ask some awkward questions. Why would anyone want to rip their vinyl, when with Spotify or Apple Music you could just play it from internet?

“There’s a quality issue there,” said marketing guy Ben Timberley. Eason added, “and also you can backup your vinyl. It’s always going to be a pristine original.”

Well, it will not always be a pristine original, but it will always be the same as when it was ripped.

I asked a hypothetical question. Let’s say I submit my rather beaten-up copy of David Bowie’s Ziggy Stardust, and as it happens Red Dot had just ripped someone else’s pristine copy of exactly the same album. Would they rip my scratched copy, or simply give me their existing rip? I would get my crackly one back, I was told. The other copy “belongs to someone else. We are sticking firmly on the side of the law on this one.”

I am not personally convinced that the law is so clear-cut. My records all say “unauthorised … copying of this record prohibited” and “all rights reserved”. On the one hand, there is the question of whether even personal format conversion of a record is strictly legal (though I cannot imagine anyone being pursued for it). On the other hand, since the record represents a personal license to enjoy that particular recording, I am not sure that whether you get back a copy of your record or someone else’s makes any difference.

Red Dot also offers to rip CDs, and here the argument seems even more ridiculous. Since ripping a CD with identical mastering results in an identical file, it would be absurd to re-rip when you already have the file in question. Are LPs any different, even though the imperfections of the format mean that every rip will vary slightly?

Next question: is there a paradox at the heart of this operation, which is that people who love records believe that the analogue chain sounds better than digital, so they are unlikely to want a digital copy? And if they do, why not just buy the digital version?

I got a somewhat garbled response. “That’s one argument but then this is essentially lossless, isn’t it?” said Eason. “You’re getting all the pops, the clicks, the whistles.”

“We’ve got the best DAC in the industry, which is the Sabre DAC,” added Timberley. “If you are going to convert it we’ve got the best piece of kit to do it.” Though I think he meant ADC rather than DAC.

I also suggested that retailers might prefer to buy their own Plato and offer a ripping service, rather than resell Red Dot. Dealers are “too busy” said Timberley, though they might look a a licensing restriction if it became an issue.

What I think

This is not a review and I have not had a chance to try this at home. If you seriously want to rip your vinyl (and I do think there could be good reasons, as I stated above, though hearing pristine pops and clicks is not one of them), then Plato looks like a convenient though expensive choice.

As an all-in-one hi-fi (just add speakers) Plato might also be good, though it looks expensive compared to, say, a NAS, a Raspberry Pi with a DAC, and a decent amplifier. It is hard to value these things without trying them out though.

In the end though, my instinct is that the best way to play records is to play records. I haven’t found record wear much of a problem, especially when you have a large collection.

So I am not sure that Plato is for me, though it does look nice and easy to use.

Table of recommended retail prices (including VAT)

  Vinyl ripping Phono Stage Pre Amp Power Amp
Class B
Power Amp
Class A
Price with
1TB HDD
Price with
2TB HDD
Price with
1TB SSD
Plato Lite Yes (with external
Phono stage)
No Yes No No £1899 £1999 £2539
Plato Pre Yes Yes Yes No No   £2400 £2940
Plato
Class B
Yes Yes Yes Yes No   £2999 £3539
Plato Class A Yes Yes Yes Yes Yes   £3999 £4539

Mio MiVue 688: record your driving

The Mio MiVue 688 is a high quality dashcam which will record your journeys as well as alerting you to lane drift and speed cameras.

image

In the box is the device itself – around 90 x 45 x 37mm – together with a vehicle power adapter and a suction mount. You will need a couple more things to get going: a Micro SD memory card (8GB to 128GB) and a USB Mini-B to type A cable, presuming you want to connect it to a PC. It is always annoying to find that that you have to buy extras, though you may have some spares anyway, and also annoying that MiVue still use the older Mini-B connector which is relatively uncommon now.

The MiVue 688 has a rechargeable battery, though for full use you will want to keep it powered continuously with the adapter.

After charging, the first thing you will want to do is to set the date and time as well as your preferred distance measure. Being in the UK I set it to miles.

In doing so, you will get an idea of how the MiVue’s controls work. There is a nice bright LED colour display, but it is not touch control. Instead, there are 6 buttons:

  • Power button on the left edge
  • Event button (for emergency recording) on the front right
  • Four function buttons on the right edge

The control system is not all that intuitive. By default the unit records when it is on. The function keys come into play when you go into the menu. The top key is the menu key; it displays or exits the current menu. The next key is Enter. The two lower keys are cursor keys. At first you might think that the buttons align with the menu item you want to operate, but they do not. Of course you are not intended to operate this fiddly menu system while driving.

The normal use is that recording starts as soon as the unit receives power, in other words when you start the engine. It then records continuously, creating 3-minute video files. If it runs out of space it overwrites old files.

When you start recording you get a view of what it is recording on the screen. After a short time, this blanks out and you just get the time. However it is still recording.

The device has a Sony Exmor video processor, does 1080p video recording and displays on a 2.7″ screen. It has an F1.8 aperture and a 140⁰ wide angle lens.

The MiVue 688 in use

I tried the MiVue on a 3-hour journey on a rather damp day. The first challenge is mounting the MiVue, the main problem being getting the power cable connected without it hanging dangerously or getting in the way. I found some short lengths of gaffer tape essential, to secure the cable to the edge of the windscreen. The MiVue cable is fortunately fairly long.

I then sited the camera towards the top of the windscreen. Again, care is needed as you do not want it to obscure your view.

I found the way the device works confusing at first. In particular, I thought that when the screen changed from the live recording to the clock, that recording had stopped. It was only when I got back and connected the device to a PC that I realised the entire journey was on video. I do think this is preferable; despite the emergency button, you want the recording to happen without having to think about it.

image

My journey passed without incident, but having a recording, given how simple this is to achieve, does make sense. If you are the innocent party in a collision, it will provide crucial evidence. Note that it records your speed and exact location as it goes, thanks to built-in GPS. A side-effect of having a dashcam may be that you are less inclined to take chances, knowing that there will be evidence.

When we parked, I removed the MiVue, because I did not want the embarrassment of risking theft of my loan gadget. This is a dilemma, as the MiVue has a parking function that will automatically record if it detects a collision when parked. If you think someone might steal the device though, that will not help you.

Annoyances

Wiring up the MiVue all felt a bit DIY and it would be good to see provision for dashcams built into modern vehicles. I also found several nits with the MiVue:

  • Menu system not intuitive
  • Old type of USB connector
  • Getting started leaflet barely adequate (you can download a slightly better manual)
  • Packaging does not make it clear that you need to supply your own memory card and USB cable – as well as Gaffer tape or equivalent

Extras

On the plus side, there are a few extras. The safety camera warnings worked, though if you have SatNav of some kind you probably already have this. There is the parking function mentioned above. The speed always shows, and since this is more accurate than my in-car speedometer this is a benefit.

A camera feature lets you take still images. Could be handy after an incident.

A motion sensor kicks in a recording automatically in the event of sudden movement. This also tends to happen when handling the unit, for example connecting it to a PC!

There are also some Advanced Driver Assistance features. Specifically, this covers Lane Departure Warning (could be a life-saver if you fell asleep), which beeps if you drift out of your lane; and Front Collision Warning System which beeps if it thinks you are driving too close to the vehicle in front.

These are handy features, but require regular calibration to work. You have to tell the MiVue where is the horizon and where is the end of your bonnet (hood). You cannot do this while driving so require a passenger.

I would have thought the AI for this kind of feature could do this calibration automatically as systems like this evolve.

MiVue Manager

You can download a MiVue Manager app to help you view your videos. I did not get on well with this. The first annoyance was that the MiVue Manager app insists on running with admin rights on Windows. Next, I found it still did not work because of missing codecs.

image

However I can view the videos fine using the Windows 10 built-in app, or VLC. So I gave up on the MiVue Manager.

Conclusion

The MiVue 688 will cost you around £150 and works well. As noted above though, there are some annoyances and you might prefer a touch control unit like the 658, which is a similar price.

I am still impressed. The quality of the video is very good, and this MiVue provides significant benefit at modest cost.

More information here.

Meizu M3 Max: Android 6.0 phablet, good value if you don’t mind Flyme OS

Meizu, one of the top ten smartphone manufacturers in China, has just brought out the M3 Max, an Android 6.0 phablet currently on offer for $224.99 (around £185), which seems great value for a 6.0″ smartphone complete with dual SIMs slots and fingerprint reader. I have been using it for a while to see how it stacks up against the competition.

image

My M3 Max is a sample, and while I believe it matches the production model in terms of hardware, you may find a few more concessions to non-Chinese users in the version for European and US markets. That said, my sample does include the Google Play Store and a thing called GMS Installer which assists installation of the Google Mobile Services required for Google-flavoured Android, which is what most users in countries like the UK and USA require.

This was my first experience of Meizu’s Flyme OS, a custom version of Android, and the distinctive one-button control. The front button on the M3 Max has multiple functions. Tap lightly and it is a back button. Press and click and it is a home button. Rest your finger and it is a fingerprint reader. And if you are wondering how to switch applications, that is a swipe up from the bottom of the screen.

I like having a hardware button, but I am not convinced that one button improves on the traditional Android three buttons: back, home, and app switcher. I also prefer the fingerprint reader on the back, as on recent Huawei phones. That said, I soon got used to it. You can register more than one fingerprint, and I found it useful to register my right thumb I can pick up the phone and tap my thumb on the front to unlock it.

Setting the phone up was a little more challenging than with Android devices designed primarily for our market. Meizu/Flyme has alternative apps for common requirements such as web browser, maps, music and even app store. I found myself downloading a bunch of apps to get a more familiar experience, including the Google Chrome browser, OneDrive, Outlook, Twitter, Facebook and Spotify. I did have a few issues with the Play store initially – it would open and immediately crash – but things seemed to settle down after I applied a few updates.

There are a few compromises in a phone at this price point. The fingerprint reader is not the equal of the one on the Huawei P9 or Honor 8, for example, taking longer to register my fingerprint and requiring slightly more careful positioning to read it, but it still works satisfactorily. In day to day use I have no complaints about the responsiveness of the OS or the battery life.

Physically the M3 Max has a metal body and a smooth finish. The design is straightforward but pleasant enough. The case is 7.9mm thick, which makes it a relatively thin device if that is important to you. It is somewhat heavy though, about 190g, though in return you get a reassuringly solid feel.

There are a few compromises in a phone at this price point. The fingerprint reader is not the equal of the one on the Huawei P9 or Honor 8, for example, taking longer to register my fingerprint and requiring slightly more careful positioning to read it, but it still works satisfactorily. In day to day use I have no complaints about the responsiveness of the OS or the battery life.

Physically the M3 Max has a metal body and a smooth finish. The design is straightforward but pleasant enough. The case is 7.9mm thick, which makes it a relatively thin device if that is important to you. It is somewhat heavy though, about 190g, though in return you get a reassuringly solid feel.

The Flyme skin supports floating windows after a fashion.

image

Even on a 6″ device though, it is not all that useful since you can only really make use of one app at a time.

Swipe down from the top to reveal notifications and the usual array of Android shortcuts.

image

The camera is nothing spectacular but does cover most of the features you are likely to want. Tap the Auto button to reveal popular features like Panorama and Macro. This is also the route to video recording.

image

If you choose Manual on this screen, you can make your own settings for
Exposure time

  • ISO
  • Focus
  • Exposure compensation
  • Saturation
  • Contrast
  • White balance

A decent range of controls.

The Settings button lets you specify photo size as well as other features like grid lines.

image

Benchmarks and specifications

I ran some benchmarks. PC Mark came up with a score of 3156 for its Work 2.0 performance.

image

Geekbench 4.0.1 delivered:

  • 1475 RenderScript Score
  • 683 Single-Core Score
  • 2670 Multi-Core Score

While these results are unexciting, at this price point they are more than reasonable.

Specifications

  • Android 6
  • ARM MT6755M 1 GHz 8 core CPU
  • 6” display, 1080×1920, 480 ppi
  • Capacitive touch screen
  • GPS
  • 3GB RAM
  • 64GB storage
  • Second SIM slot can also be used for up to 128GB SD card
  • Mali-T860 GPU
  • 13MP rear camera
  • 5MP front camera
  • 4100 mAH battery
  • Weight 190g
  • Size 163.4 x 81.6 x 7.9mm

Conclusion

Meizu is not a well-known brand in the UK or USA, but they are a major Chinese vendor, though pitching towards the lower end of the market. This is a good value device and a solid choice if you are looking for a phablet-style phone in this price range and can put up with a slightly less familiar Android experience.

You can purchase from here.