back to article Dump these insecure phone adapters because we're not fixing them, says Cisco

There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially …

  1. John Doe 12

    Typical Lazy Solution

    Yay!! More unnecessary e-waste :-(

    I hate this kind of approach to tech that sadly seems to be so mainstream these days.

    1. ThatOne Silver badge
      Devil

      Re: Typical Lazy Solution

      Lazy solution? It's a genius trick to get people off old kit!

      Make sure your EOLed appliances have a severe vulnerability, ideally one actively exploited "in the wild", and everyone obediently renews his kit as he should. Shareholder value!

      1. An_Old_Dog Silver badge

        What Do Cisco's Support Contracts Say?

        Do they promise patches for kit not yet EOL'd? If so, somebody(ies) with this model and existing Cisco support contracts should talk to their corporate lawyers about suing Cisco. But they probably should make that conversation in-person, and not over their Cicso phone ...

        1. ThatOne Silver badge
          Devil

          Re: What Do Cisco's Support Contracts Say?

          There is the mere technicality of "discovering" that vulnerability only after the EOL. Not a lawyer, but I'm pretty sure since you can't prove it was known before EOL they don't need to fix it anymore.

  2. Michael Strorm Silver badge

    > analog devices like phones, fax machines, and paging systems into IP devices

    Irony is that even though they were intended to run over the "analogue" phone network, virtually all fax machines in use since- I'd guess- the 1980s have been based on digital technology at the scanning, transmitting and receiving stages.

    Obviously it has to modulate that digital signal for transmission of the analogue phone line, but that applies to pretty much *any* digital technology since they all ultimately rely on the underlying "analogue" real world to represent those digital values.

    Also, ever notice that in popular use "digital" is effectively a synonym for "online" these days? That's how we end up with "analogue" DVDs and CDs... you remember them, the audio format whose entire selling point was that it was "Compact Disc Digital Audio"?!! (Rant mode off, etc.)

    1. Martin-73 Silver badge
      Pint

      If you hear anyone saying "analog CD" you have my permission to slap them with a trout till they stop it.

      1. Kevin McMurtrie Silver badge

        There never were LaserDisc readers for computers because they're analog. The pits used frequency modulation for video and duty cycle modulation for audio. Even the digital stuff later was inserted and extracted by analog means.

        1. abend0c4 Silver badge

          I'm not responsible for the downvote as the core information is correct for all practical purposes (though later versions had digital audio).

          However, it's not entirely correct to say there were no readers for computers at all. The BBC Domesday Project was possibly the only user of the LV-ROM variant: 324MB of data stored on a CAV disc and the Philips VP415 player/drive had a SCSI interface to the BBC Master computer that controlled it.

          Pioneer also had an LD-ROM variant which had a higher-capacity CLV implementation (540MB) which was intended mainly for the gaming and karaoke market.

          1. Vometia has insomnia. Again. Silver badge

            I remember the Philips Megadoc system which IIRC used LaserDisc. I wasn't directly involved so I don't recall the details but the computer hardware was originally based on... er, P4000? It's been 30 years and my memory is rubbish, maybe I should've just said "yeah!"

            1. abend0c4 Silver badge

              It didn't user LaserVision per se because there was never a recordable version. However, it did use much of the same technology.

              It differed in that the system used blank discs with the lacquer layer containing tracking information for the read and write lasers enclosing a tellurim alloy layer which the write laser could burn through. The capacity was supposedly a little over 1GB.

              There's a Philips Technical Review with more information:

              https://www.pearl-hifi.com/06_Lit_Archive/02_PEARL_Arch/Vol_16/Sec_53/Philips_Tech_Review/PTechReview-41-1983_84-313.pdf

              There's a promotional video (with a voiceover viewers of Tomorrow's World will recognise) here:

              https://www.youtube.com/watch?v=EhsLXDF-tyM

              Oh, and it would seem there might have been other suppliers of media, if not of equipment:

              https://twitter.com/OldSchoolFormat/status/1517122992840622080/photo/1

        2. Mishak Silver badge

          Digital signals

          I dread to think of the number of projects I've had to rescue where the electronics "engineers" have failed to take into consideration the fact that those nice "digital" signals are really analog.

        3. rcxb Silver badge
          Holmes

          There never were LaserDisc readers for computers because they're analog.

          More likely, it's because LaserDiscs are larger than most computers, and never were very popular.

          Inexpensive video capture cards have been available since at least the mid-90s. Tivo wasn't working with digital TV signals when it debuted.

          You aren't likely to find D-VHS / D-Theatre readers for computers, despite them being digital.

          But you can get cassette readers for computers.

          Popularity matters.

        4. Wayland

          In 1988 I programmed a laser disc player from a computer to make a multimedia experience. Multi Media was a buzz word that had just been invented along with Raves.

      2. Bebu

        Bit hard on the bright young things?

        'If you hear anyone saying "analog CD" you have my permission to slap them with a trout till they stop it.'

        An innocent youth on encountering a vinyl 45 record (single) might call it an "analog CD" as it is a disc and more compact than a 33.3 LP and was of course analogue. A 78 would probably do the youth's head in :)

        On the other hand most of these young blighters richly deserve a serving of face sashimi.

        I am flabbergasted by the renaissance of the vinyl LP format. When I first heard a cd player (the Pachelbel test cd) I thought "thank you Mr Philips!" - no more fFaffing around with disc cleaning cloths, changing stylii and rest of the rigamarole which still gave scratchy sound, uneven equalization and compressed dynamic range.

        The Tesla generation appear to be enthralled by anything that involves extensive fFaffing about and by Elon, master of enfFaffment.

        1. ThatOne Silver badge
          Devil

          Re: Bit hard on the bright young things?

          > I am flabbergasted by the renaissance of the vinyl LP format

          It's hip, it shows you're not one of the herd and all that crap. What brought vinyl back was scratching - try doing this with a CD!... So, by extension, "rappers=hip" became "vinyl=hip" with the yoof, the rest is history.

          1. abend0c4 Silver badge

            Re: Bit hard on the bright young things?

            "What brought vinyl back was scratching"

            It's almost as if people were unaware of the large-area, touch-sensitive controller in their pockets, linked to digital storage and an audio transducer.

            Back in the old days of "vinyl", a non-trivial proportion of pressings were actually polystyrene - try "scratching" with that and you'd likely smash the groove walls on your first attempt.

          2. martinusher Silver badge

            Re: Bit hard on the bright young things?

            Scartching dates at least to the 70s, maybe before.

        2. FIA Silver badge

          Re: Bit hard on the bright young things?

          I am flabbergasted by the renaissance of the vinyl LP format.

          Don't forget there's still Spotify.

          People now can treat vinyl as an experience, much in the way people used to become nostalgic for the experience when CDs became a thing. But they do this with the worlds music library at their fingertips, in a way that people who grew up with only vinyl and CDs couldn't.

          Mind you, some people are just mad.... I once saw a half terrabyte collection of jazz for download, it was a painstaking collection of hundreds of old jazz albums, all in 24bit/192KHz lossless FLAC... all painstakingly sampled from vinyl. Re-compressed to a modern, lossy, format reduced the collection to around 20 gig, and you can still hear all the scratches. :)

          1. ThatOne Silver badge
            Happy

            Re: Bit hard on the bright young things?

            Well, some old blues and jazz records only exist as quite bad direct-to-disk engravings (or even worse, wax cylinders!)... You can't and won't ever get anything better than that noisy, bandwidth and dynamic range limited take, that's all that's left...

            I have some of those on CD, they sound, well, they sound like they must have sounded back then I guess. The only difference is they don't deteriorate each time you play them.

            1. Anonymous Coward
              Anonymous Coward

              Re: Bit hard on the bright young things?

              "You can't and won't ever get anything better than that noisy, bandwidth and dynamic range limited take, that's all that's left..."

              Upvoted for general comment, but disagree with that one statement. I've copied cassette tapes to MP3, both songs and audiobooks, and can testify that Audacity's ability to identify and remove noise is quite remarkable. Just select a block of tape hiss, tell Audacity that it's noise, then select the whole track and tell it to remove noise. Suddenly that hissy tape sounds CD-quality. There are other enhancements available, too.

              1. ThatOne Silver badge

                Re: Bit hard on the bright young things?

                Keep in mind tape hiss is much easier to filter away than wax cylinder cracks and pops: Their issue is that there is actually a little information missing, so when you remove the noisy bit, you necessarily leave a hole. Of course you could average and stuff, but you can hear that, it's more natural sounding to leave the cracks and pops.

          2. Anonymous Coward
            Anonymous Coward

            Re: Bit hard on the bright young things?

            "Don't forget there's still Spotify."

            Sure. Latest hits (and some older stuff) compressed to 4 topmost bits of digital sound and *then* compressed to 25% of original with lossy compression. Great!

            OK if you listen it from phone speaker. OK as background music if you do something else. But it's specifially designed to be listened on the phone. At that point sound quality is not even in top-10 list of matters they are interested in.

            1. Barry Rueger

              Re: Bit hard on the bright young things?

              Exactly. Depending on the state of your hearing, and your genetics, a lot of digital recordings, especially streaming, can be really harsh and unappealing.

              A well mastered vinyl LP can be much preferred.

              1. Mike 137 Silver badge

                Re: Bit hard on the bright young things?

                "Depending on the state of your hearing, and your genetics ..."

                More realistically, it's down to shite mastering. The technologies are capable of better performance than human hearing can cope with, but the technicians commonly bugger the quality by over compressing, which leads of horrid distortion in digital recordings. In analogue recording, with the exception of gross over modulation, most distortion tends to be quite 'gentle' but in digital recording it's almost always harsh.

                But when most folks play back over ear buds with 3-4 mm diaphragms that distort like mad anyway, the effort required to get the best out of the technologies is probably seen as pointless.

          3. Anonymous Coward
            Anonymous Coward

            Re: Bit hard on the bright young things?

            ... saw a half terrabyte collection of jazz for download ...

            Hmmm ....

            Interesting: just where could I look for (and find) that tasty morsel?

            .

        3. Anonymous Coward
          Anonymous Coward

          Re: Bit hard on the bright young things?

          I’m glad it’s not just me that finds the obsession with vinyl absurd. ‘Warmer’ what does that even mean?

          1. 43300 Silver badge

            Re: Bit hard on the bright young things?

            Remember - you are talking "audiophiles" here - the same sort of people who think that spending hundreds or thousands on a magic ethernet cable will make it sound better than a decent-quality ordinary ethernet cable costing a few quid!

            1. John Brown (no body) Silver badge
              Gimp

              Re: Bit hard on the bright young things?

              ...and preparing the vinyl to play, cleaning the disc, checking the stylus, making sure the turntable is level, the amp is properly warmed up, the oxygen is extracted from the connections, is all part the experience, like mediation :-)

              Icon, because he looks like he might like wearing vinyl in its PVC form --------------->

            2. Snapper
              WTF?

              Re: Bit hard on the bright young things?

              Have a gander at some of these rip-offs. https://is.gd/3BU8ys Hoot!

              Sample link - $3,499.99 for a 1 meter length of USB 2.0 cable https://www.theabsolutesound.com/?p=20580

              1. Vometia has insomnia. Again. Silver badge

                Re: Bit hard on the bright young things?

                Yikes. Your choice of icon sums it up nicely. I dunno whether to laugh or lie down in resignation and not get up again.

              2. Frank Bitterlich

                Re: Bit hard on the bright young things?

                "... shortening the signal path and drastically increasing transfer speeds"... you can't make that stuff up.

                Oh wait, they did...

                Unbelievable.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Bit hard on the bright young things?

                  https://www.nordost.com/faqs.php

                  "A digital signal composed of 1s and 0s is not subject to analog signal loss, so how can high quality USB cables make a difference in sound?

                  The actual signal flowing through a USB cable is analog in nature. It is composed of high-speed square waves that represent 1s and 0s. Losses in the shape of those square waves can cause DACs, for example, to misinterpret the conversion to an analog musical signal and cause distortion."

                  Erm... that's only really true if you try to connect your digital signal DIRECT to an analogue input, bypassing the DAC, as the corners get rubbed off in the cable... but digital inputs know this!

              3. that one in the corner Silver badge

                Re: Bit hard on the bright young things?

                That cable is chock full of amazing ideas to improve your audio. Like untwisting the twisted pair. And they spotted that any good cable must have at least one of those mysterious lumps near one end, so not only have they provided two mysterious lumps, but theirs are eco-friendly: made of purest bamboo!

                But that is an old product, and misses out on an important feature: arrows! Yes, if you don't have arrows on the cable, how can you know it is plugged in the right way?

                As this current listing for a £1,199.00 ethernet cable (0.75 metres - don't worry, it cheaper per metre in longer pieces; how does £10,999.00 for 12m sound?) states

                "All audio cables are directional. The correct direction is determined by listening to every batch of metal conductors used in every AudioQuest audio cable. Arrows are clearly marked on the connectors to ensure superior sound quality. For best results have the arrow pointing in the direction of the flow of music. For example, NAS to Router, Router to Network Player."

                https://www.analogueseduction.net/ethernet-and-streaming-cables/audioquest-rje-diamond-ethernet-cable.html

              4. 43300 Silver badge

                Re: Bit hard on the bright young things?

                That's cheap compared to this magical ethernet cable!

                https://www.fanthorpes.co.uk/cables/streaming-cables/ethernet-cables/chord-music-ethernet-cable/

                Select the longest (10m) option - a real bargain at only £20,199.00. Why not buy two so that you have a spare?

                After all, who doesn't have twenty grand to splash on an ethernet cable, eh?!

                1. ThatOne Silver badge
                  Devil

                  Re: Bit hard on the bright young things?

                  > After all, who doesn't have twenty grand to splash on an ethernet cable, eh?!

                  That's military procurement level prices...

          2. RichardBarrell

            Re: Bit hard on the bright young things?

            Distorted in a way that they like.

            1. Doctor Syntax Silver badge

              Re: Bit hard on the bright young things?

              2nd harmonic good, 3rd harmonic bad.

              I remember reading a report of someone who'd creates a setup to add various amounts of various types of distortion for a listening panel. The listeners preferred to sound with some 2nd harmonic (or maybe a slew of even harmonics) distortion added.

              1. abend0c4 Silver badge

                Re: Bit hard on the bright young things?

                Most of the valve equipment that people claim sounds "warmer" contains output transformers. Transformers predominantly produce odd-harmonic distortion (mainly 3rd harmonic). I suspect there may be something else at play.

            2. wub

              Re: Bit hard on the bright young things?

              "Distorted in a way that they like."

              You remind me that every vinyl pressing has to be distorted (carefully) using the RIAA equilization curve, so that the low frequency sounds don't overwhelm the high frequency sounds in the grove. And then on playback, one has to carefully redistort the output to attempt to restore the original balance between low and high frequencies for a high fidelity experience.

          3. Anonymous Coward
            Anonymous Coward

            Re: Bit hard on the bright young things?

            "I’m glad it’s not just me that finds the obsession with vinyl absurd. "

            Obsession is weird, yea. But the idea that you compress everything to topmost 4 bits is CD-era invention and anything which doesn't have that sounds like music, not a wall of noise. Unfortunately loudness wars killed the sound quality in 1990s and nowadays everything is designed to be played from a phone, from recording studio onwards.

            That will sound like crap on any proper equipment and there's nothing we can do to it: Phone is the medium nowadays. Vintage vinyls didn't have that, so it's obvious that those are still in use: Simply better sound quality. Plus some noise, but I don't expect full concert volume in home from a vinyl. Either way, sound quality actually was important. Those days have gone, it's only important it 'sounds good on the phone'.

            I have several examples of vinyl, CD and remastered CD from same album and the best of those is the CD. "Digitally Remastered" CD is also compressed and *a lot* louder than CD: Almost all of the dynamic has gone and running it against a limiter has clipped the peaks causing nasty distortion peaks. Technically: Crap.

            If you buy something produced today, it doesn't matter: Everything is compressed and clipped crap, from the recording studio.

            1. Anonymous Coward
              Anonymous Coward

              Re: Bit hard on the bright young things?

              That will sound like crap on any proper equipment ...

              Vintage vinyls didn't have that ...

              Simply better sound quality.

              Indeed.

              Having spent a great deal of my youth around vinil records and excellent quality sound equipment, I can attest to that.

              Unfortunately, like you point out, those days arew gone.

              .

            2. ridley

              Re: Bit hard on the bright young things?

              How does this get down voted?

              Audio is most definitely compressed to a few tens of dB in the main, that's not controversial it's just true.

              Vintage vinyl also suffered from the loudness wars, finding a decent recording became very hard towards the end of vinyl.

          4. heyrick Silver badge

            Re: Bit hard on the bright young things?

            It means they noticed the tone control button. I guess modern phones can't sound "warmer" because it's too damn hard to get that "warmer" sound when you have five/seven/more individual sliders to play with...

          5. Norman Nescio

            Re: Bit hard on the bright young things?

            ‘Warmer’ what does that even mean?

            An excess of even-order harmonic distortion.

            Higher odd harmonics really grate on human listener's ears, so even if you engineer even-order distortion, you really need to make sure the odd-order distortion is kept low.

        4. anthonyhegedus Silver badge

          Re: Bit hard on the bright young things?

          After the upcoming Zombie Apocalypse, it'll be easier to fashion vinyl record players out of parts lying around, that a CD player. Unfortunately the only music left to listen to on vinyl will be hip-hop or some such frightfulness.

          1. ThatOne Silver badge

            Re: Bit hard on the bright young things?

            On the other hand chances are CDs will resist better than vinyl records. (Although I admit I don't know what they're made out of nowadays. Could be some extra solid, scratch-proof modern polymer.)

            1. John Brown (no body) Silver badge

              Re: Bit hard on the bright young things?

              I remember Tomorrows world demonstrating the CD on TV. It was wonderful and almost abuse proof. They abused it quite badly, including smearing jam on it, cleaned it and it still played! Wow! The realty was that when they went into mass productions, they were nearly as delicate as vinyl LPs when it came to scratches, especially data CD's

              1. Peter Gathercole Silver badge

                Re: Bit hard on the bright young things?

                When the CD format was new, the aluminium layer containing the data was sandwiched between two acrylic disks, so you had tough plastic on both sides of the disks making them extremely resistant to damage. I'm pretty certain that I still have one or two made like this. They're slightly thicker, and heavier than modern CDs.

                Very quickly, the CD manufacturers worked out that they could make them more cheaply by just using one disk, putting the aluminium layer on the top, and then using a lacquer and the ink layer to provide some protection. But not much.

                It is very easy to scratch the top of one of these CD and ruin it.

                But the early two disk sandwich had other problems. One of the issues was that the boundary between the disks that contains the aluminium foil was difficult to seal, and early CD's used to suffer oxidation of the aluminium foil. And although it has little relevance, the ink that they used to use contained solvents that would leach through acrylic, and also attack the foil.

            2. Anonymous Coward
              Anonymous Coward

              Re: Bit hard on the bright young things?

              "On the other hand chances are CDs will resist better than vinyl records"

              They age. Aluminium oxidizes and then you've perforated disc which doesn't play. Vinyl of course is semi-permanent as plastic: It breaks only by force.

              1. nijam Silver badge

                Re: Bit hard on the bright young things?

                > It breaks only by force.

                Or heat. Or grit. Or by putting a stylus on it.

            3. Dog11
              FAIL

              Re: Bit hard on the bright young things?

              Depends on what you mean by "resist better". Bit rot is a thing, and can affect CDs and DVDs, even pressed ones, as well as scratches and delamination. It can be caused by contamination (environment or manufacturing) in the reflective layer, and maybe other things. Pressed CDs are more resistant to (immediate) handling damage, but the Internet Archive is reading (and transferring) shellac and vinyl that's a century old. Think any CD maker can tout that kind of lifetime? I'd actually think that, stored properly, "vinyl" may well have a longer shelf life. Deterioration over time is a fact for almost all types of digital recording (not even considering its fast obsolescence).

              1. M.V. Lipvig Silver badge

                Re: Bit hard on the bright young things?

                I can attest to CDs surviving at least 34 years. I converted my entire cassette tape collection to CDs in 1989, and in all that time I've only had one CD go bad out of over 600 disks. That one was accidentally left in the summer sun on the car dash. Converted them to MP3s late last year and aside from a little clipping on a few songs from the volume leveler program they all sound good.

                1. Michael Wojcik Silver badge

                  Re: Bit hard on the bright young things?

                  There was a study some years go – late '90s maybe? – that appeared in, I think, CACM, that projected longevity for various types of optical media. It noted that the expected lifetime of the "dye" (actually a photosensitive polymer, IIUC) in CD-R was expected to degrade faster than the metal in conventional CDs, and that CD-RW was expected to last somewhere between the CD-R lifetime and conventional CD lifetime.

                  While I may well be wrong on the details, the upshot is that different types of CDs might well have different MTBFs. No idea about CD-MO (magneto-optical "WORM" media), but I suspect as a rule of thumb, the less energy required for recording, the shorter I'd expect the lifetime to be.

          2. Anonymous Coward
            Anonymous Coward

            Re: Bit hard on the bright young things?

            " Unfortunately the only music left to listen to on vinyl will be hip-hop or some such frightfulness."

            You mean the gazillions of LPs produced have vanished somewhere? I don't think so .. CDs actually age faster. But even that is decades, my oldest CDs are from very early 80s and still play OK.

          3. M.V. Lipvig Silver badge

            Re: Bit hard on the bright young things?

            "Unfortunately the only music left to listen to on vinyl will be hip-hop or some such frightfulness."

            Then there will not be music. None of what you wrote about there is. Quite frankly almost everything made after 1990 is crap. This is the only silver lining to all the music greats dying of old age - it's possible to have a complete collection of their works.

        5. Anonymous Coward
          Anonymous Coward

          Re: Bit hard on the bright young things?

          "I am flabbergasted by the renaissance of the vinyl LP format. When I first heard a cd player (the Pachelbel test cd) I thought "thank you Mr Philips!" - no more fFaffing around with disc cleaning cloths, changing stylii and rest of the rigamarole which still gave scratchy sound, uneven equalization and compressed dynamic range."

          That was in the 80s. Anything not classical is now compressed in to top 4 bits of "CD sound" and then lossy compressed further to mp3 -format (60% gone), while current LP players are *very good*. Even my mid-range Thorens differs from CD only because of noise level with a good record. Records of course wear, there's no way around that.

          LP and good player can do about 40dB range, which actually is a lot ... compressed music typically has 4dB range. "Hottest hits today" even less.

          So anything made after 70s on vinyl has *better* sound quality than anything you can find from Spotify: The newer, the worse and it's *all* "louder is better" compressed crap. "Digitally remastered" are the worst offenders: >90% dynamic range has gone *pufff*. Well, except special "audiophile" examples, but you probably won't find from Spotify

          Also you miss the all of the idea: Instead listening 20 second sound bytes from Spotify while doing something else, as background noise, you sit down, put a LP on and listen to it next 25 minutes. You do not do anything else.

          That's *really hard* for most people and of course they won't understand LP at all, because of that.

          1. ThatOne Silver badge

            Re: Bit hard on the bright young things?

            Why compare to Spotify? That's putting the bar pretty low, anything would sound better than that...

            I had vinyl, (reel to reel) tape, compact cassette, and eventually CDs. I finally stuck with CDs. I handle them like I used to handle vinyl (carefully!), so I'm pretty confident they will outlast me.

          2. heyrick Silver badge

            Re: Bit hard on the bright young things?

            "you sit down, put a LP on and listen to it next 25 minutes"

            This. It seems to me that, like making mixtapes back in the day, vinyl was designed to be listened to as an album (especially concept albums), rather than picking out individual songs.

            Whilst the same could have been said of CD, the rise of the "now that's what I call music" compilations, the endless filler songs, and then streaming... has turned music listening from something that a person did per album into a Woolworths pick and mix of random snippets from here and there. It seems less like something one pays attention to as a sort of background noise to stop the mind wandering...

          3. ridley

            Re: Bit hard on the bright young things?

            4db? I know most digital "music" is compressed to 10db but 4db?is that real?

        6. weirdbeardmt

          Re: Bit hard on the bright young things?

          Explain this…. https://www.musicbusinessworldwide.com/50-of-vinyl-buyers-dont-own-a-record-player-data-shows/

          1. that one in the corner Silver badge

            Re: Bit hard on the bright young things?

            > Explain this...

            How about being able to get all the artwork at a size you can actually appreciate it? With liner notes and lyrics that you can read without a microscope?

            And gatefolds without half of it sitting under the CD holder?

            We may huff about the quality of so-called music these days, but the artwork on CDs is dreary as well. Why bother with a Roger Dean double gatefold, just shove another dull band photo on there!

            I admit I'm listening to the CD but I'm looking at the Yessongs LP cover.

            1. heyrick Silver badge

              Re: Bit hard on the bright young things?

              Artwork? I dream of artwork...

              You don't get any of that with digital downloads. I mean, seriously, how hard would it be to include a PDF version of the CD inlay booklet? That way one doesn't need to go on those dodgy advert-laden lyrics websites that all suspiciously have the same mistakes...

        7. ridley

          Re: Bit hard on the bright young things?

          It's all very nice having a large dynamic range available on digital audio.

          It's just a shame that the audio engineers in the main choose to not use it, instead compressing the sound to a few tens of dB so it sounds "good" in the car or via crappy headphones etc.

          Finding well mastered audio is pretty damn hard.

      3. ScrappyLaptop2

        To be fair back in the day there were "full digital" CD's and AAD CD's

        The latter being recorded as analog, mixed as analog and then digitized for the CD. I recall them being colloquially called, "analog CD's".

        1. WereWoof

          Re: To be fair back in the day there were "full digital" CD's and AAD CD's

          Back in the dim and distant past when I first bought a CD player there were a couple of Cds where you could hear the stylus drop onto the record so I suppose they could be called analog CDs.

          1. that one in the corner Silver badge

            Re: To be fair back in the day there were "full digital" CD's and AAD CD's

            > you could hear the stylus drop onto the record

            Vitally important for playing The Goons records:

            'Ere, 'oo stuck that needle in my nut?

  3. Richard Boyce

    Web interface

    Anyone who is exposing the web interface on these devices to the public internet is asking for trouble anyway. From memory, I don't think modern browsers will tolerate connecting to it via https either. All this said, I don't think there is reason for panic if the interface is only available from the LAN. For many businesses, if the LAN is compromised, it's game over anyway.

    If these adapters are replaced, don't buy the suggested Cisco alternative. Go with a different manufacturer that still has an interest in this market.

    1. Anonymous Coward
      Anonymous Coward

      Re: Web interface - True but hardly the issue

      The risk isn't that a user will try to browse to it in an interactive session, clearly the bigger concern is an attack tool stuffing a bad request into it's interface. The more likely attack scenarios would be adapters exposed to traffic from a guest network or road warriors hooking them up in the field without a proper firewall.

      Getting intital access at a network level shouldn't justify tapping out on attempting basic security for stuff like this, but I agree that a good VLAN should isolate these from everything but the phone system hardware anyway. It's not like the fax will care, and if it has it's own network port it need not be on the same VLAN.

      I'm not taking bets on how many places are set up that way.

      Also, I'd like to say that it's a classic Cisco move to try to shove you off of one EOL product onto one who's EOL is just around the corner. The last quote they gave me had switches with a release to manufacturing that was 10 years ago and were nearly EOL. We may not be a big account, but I'd appreciate if they'd at least pretend that they are not engaging in warehouse cleaning when they propose dumping this obsolete trash on us. Oh and you can buy the same switches used for about 20% of what they are asking.

      Oh and Call manager is a toxic dumpster fire. Ours core dumps every time we have to reboot our core switch stack(also cisco) and it took the integrator and Cisco TAC over 4 days to get it running again after migrating from a vmware image on an EOL Cisco UCS server to a dell machine.

    2. Chris 239

      Re: Web interface

      I totally agree but the cyber security industry has management twisted round their little finger.

      My company sells a solution that includes networks will never be exposed to the internet but the cyber teams insist every little vulnerability has to be patched, they even insist data in transit that will never leave the dedicated isolated network should be encrypted.

      1. Michael Wojcik Silver badge

        Re: Web interface

        networks will never be exposed to the internet

        And that's great right until an attacker gets inside the corporate network, pivots, and escalates.

        The "egg" model of network security is dead. If there's a way to connect a "private" network to the wider corporate network, many customers will do it. And once that happens all your vulnerabilities are available as soon as someone gets into the corporate network – which likely happens at least a few times a month for a large organization, assuming good defenses are in place. (That's why we have IDS / IPS systems and incident-response teams.)

    3. Anonymous Coward
      Anonymous Coward

      Re: Web interface

      ... don't buy the suggested Cisco alternative. Go with a different manufacturer ...

      Finally, some common sense.

      I was reading through the comments and what instantly came to mind is that not one (till you, obviously) had said that.

      For that, a case of good annonymous ale for you. |***|D |***|D |***|D |***|D

      .

  4. sanmigueelbeer

    Cisco inserted a short-lived root CA certificate called QuoVadis in one of their vulnerability update. Naturally, when the certificates expired in March 2021, the 112/122 became useless. Cisco used the convenient excuse that the 112/122 are past end-of-support and did nothing.

    I believed Cisco deliberately inserted a certificate with a very short expire date because the 112/122 were not alone. There were WAPs with certificates expiring in 2022 but Cisco was forced to release a software fix with an extended certificate (up to 2099).

  5. david 12 Silver badge

    Other SPA devices?

    I just updated the firmware on some SPA phones. At startup type in the IP address of the bootp server.

    Ok, that requires access to the device, right?

    Not really, you can reboot from the web interface.

    Ok, that requires the web login, right?

    Only if you've reset the default password.

    Ok, at least the firmware must be signed correctly?

    Dunno, the information about this CVE doesn't say anything about code signing: just an authentication failure. That normally means a login failure, since these devices don't have a keyboard for entering the bootp IP address at startup.

  6. Grunchy Silver badge

    Release the source code?

    I use the SPA2102 myself, you merely enter command 7932# and 0 to disable the WAN access. Simple enough.

    I still run my trusty old DNS-323, and the reason is because D-Link released the source code which allowed the enthusiasts to take over development of “Alt-F” alternative firmware. It has become a really useful device, you can put big drives in there, format with EXT4 if you care to, run ftp torrent nfs all sorts of different servers and services. Lately I even put AdGuard Home on there, a light-weight alternative to Pi-Hole. Just the cats pyjamas kind of device, and all because the source code was opened up one grand day. Thanks D-Link!

    Anyway my SPA-2102 runs constantly (well of course, when do you ever turn off your telephone?) and the only thing that went wrong was I had to replace the 5V adapter a couple times.

    Too bad they don’t open-source it, I bet there’s all sorts of wizard things it could do if they’d cooperate with customers for a change.

  7. A Non e-mouse Silver badge

    The security on many of Cisco's (earlier) voice endpoints is dire. The fun thing is that so many of them are still in use. Just pop into John Lewis and see what phones they use. The good ol' 7911.

  8. Anonymous Coward
    Anonymous Coward

    Why would anyone replace a faulty Cisco device that they won't support, with another Cisco device that they won't support.

    They should all just go out and buy a nice secure Huawei device, much cheaper, with no US govt spying backdoors built in.

    1. M.V. Lipvig Silver badge

      Yes, no US spy doors, just Chinese spy doors. Why put up with being spied upon by a power that's really not interested in looking at your network unless you bring the wrong sort of attention to yourself when you can be spied upon by a power that is well known to conduct corporate espionage and IP theft as a government practice? Huawei will help you put yourself out of business, but at least those bloody Yanks didn't have access, right?

      1. Duncan Macdonald

        The US government has become less trustworthy than China

        All the US politicians are interested in is their own power and fortune - they do not care about anyone who is not at least a multimillionaire. The UK security services examined the source code of many Huawei devices and found many examples of poor coding but no evidence of any deliberate backdoors. (However the UK government still went along with the USA when it exerted pressure to ban Huawei.)

        Huawei devices had two major problems as far as the USA was concerned - they were cheaper than the equivalent Cisco devices and they did not have NSA backdoors baked in.

  9. Claverhouse
    Unhappy

    A New Definition For Migration

    Move your cash to our wallets.

  10. Christian Berger

    I once was able to test them

    ... they are almost comically bad.

    I mean one of the main tasks of such devices is to capture 20ms of audio samples, package them into a RTP frame and then send them. There's more to building a good ATA, but that's the most basic thing you need to do.

    Of course, since they are running normal operating systems, there is a bit of jitter to be expected, so if you compare the expected time of arrival to the actual time of arrival you should see some noise, in a histogram that should resemble a normal distribution close to zero. So the error is more likely to be between 0.1 and 0.2 ms than between 10.1 and 10.2 ms. It may be overlaid by a steady rise or fall because your sampling rate is not precise, but any half decent ATA will compensate for that.

    The adapter I've been able to test had a "box shaped" distribution... and to make matters worse, the culminated error rose in discrete steps. Each one of those steps means that not only you will have a glitch in your audio, but also very likely that your modem connection will break. I have no idea how on earth they managed to make their device that bad.

    1. Anonymous Coward
      Anonymous Coward

      Re: I once was able to test them

      ... no idea how on earth they managed to make their device that bad.

      How? Easy ...

      Thing always start to go shit-shaped when there is a beancounter and/or a marketing droid involved.

      In this specific case, I have no doubt one of each species was assigned to the project.

      .

    2. that one in the corner Silver badge

      Re: I once was able to test them

      > I have no idea how on earth they managed to make their device that bad.

      Practice. Years of it.

  11. CowHorseFrog Silver badge

    Laws need to be written to penalized exploits regardless of the cost of the device.

    In this example the penalty for each unpatched / unsupported device needs to be thousands of tens of thousands so its cheaper for companies to do the right thing.

  12. tyrfing

    It's an old part (not made any more, any stock they had has sold out), and EOL means it hasn't been made for years.

    Which means that companies which bought it have fully depreciated it (or certainly should have - unless they're playing games).

    Buy a new one. It should have been replaced a long time ago.

  13. Henry Wertz 1 Gold badge

    Refund?

    So are anyone who bought extended service going to get a refund? A FULL refund going back to June 2020 when extended support began? I would expect one -- people pay extended support on "mature" products knowing that they will not get frequent patches, but under the assumption that when it DOES need a patch it'll receive it. Paying that for "Hey, screw you, we're not patching it anyway", well, it really seems like a problem to me.

    Also, does Cisco realize this'll hurt them in the long run? Why would anyone ever pay for extended support if they know Cisco is going to just take their money and then not follow through?

    1. Anonymous Coward
      Anonymous Coward

      Re: Refund?

      ... does Cisco realize this'll hurt them in the long run?

      Evidently not.

      It has been proven that beancounters (behind the decision to screw over Cisco's clients) have a thing about being out of touch with reality.

      So they don't realise anything much.

      Why would anyone ever pay for extended support if they know Cisco is going to just take their money ...

      It has been proven that beancounters (behind the decision to pay for Cisco's extended support) have a thing about being out of touch with reality.

      So they happily accept Cisco's offer and allow the company/outfit to get screwed.

      .

  14. heyrick Silver badge
    Facepalm

    So Huawei bad, Cisco worse?

    (see subject)

  15. Ken Moorhouse Silver badge

    phone adapter

    I remember the day when they couldn't transfer 110 baud reliably.

  16. Anonymous Coward
    Anonymous Coward

    FWIW - I still use a PAP2T as my ATA behind my f/w of course.

  17. Anonymous Coward
    Anonymous Coward

    Time to change suppliers

    It's interesting looking at their EOL page for the product. They stopped creating security fixes for the product before they stopped selling it AND they only stopped selling it a few years ago.

    I love their recommendation to migrate to another product they're stopping support on next year. This all sounds like a get rich quick scheme. It's time to change suppliers. How can Cisco be trusted?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like