Typical Lazy Solution
Yay!! More unnecessary e-waste :-(
I hate this kind of approach to tech that sadly seems to be so mainstream these days.
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially …
Do they promise patches for kit not yet EOL'd? If so, somebody(ies) with this model and existing Cisco support contracts should talk to their corporate lawyers about suing Cisco. But they probably should make that conversation in-person, and not over their Cicso phone ...
> analog devices like phones, fax machines, and paging systems into IP devices
Irony is that even though they were intended to run over the "analogue" phone network, virtually all fax machines in use since- I'd guess- the 1980s have been based on digital technology at the scanning, transmitting and receiving stages.
Obviously it has to modulate that digital signal for transmission of the analogue phone line, but that applies to pretty much *any* digital technology since they all ultimately rely on the underlying "analogue" real world to represent those digital values.
Also, ever notice that in popular use "digital" is effectively a synonym for "online" these days? That's how we end up with "analogue" DVDs and CDs... you remember them, the audio format whose entire selling point was that it was "Compact Disc Digital Audio"?!! (Rant mode off, etc.)
I'm not responsible for the downvote as the core information is correct for all practical purposes (though later versions had digital audio).
However, it's not entirely correct to say there were no readers for computers at all. The BBC Domesday Project was possibly the only user of the LV-ROM variant: 324MB of data stored on a CAV disc and the Philips VP415 player/drive had a SCSI interface to the BBC Master computer that controlled it.
Pioneer also had an LD-ROM variant which had a higher-capacity CLV implementation (540MB) which was intended mainly for the gaming and karaoke market.
It didn't user LaserVision per se because there was never a recordable version. However, it did use much of the same technology.
It differed in that the system used blank discs with the lacquer layer containing tracking information for the read and write lasers enclosing a tellurim alloy layer which the write laser could burn through. The capacity was supposedly a little over 1GB.
There's a Philips Technical Review with more information:
There's a promotional video (with a voiceover viewers of Tomorrow's World will recognise) here:
Oh, and it would seem there might have been other suppliers of media, if not of equipment:
There never were LaserDisc readers for computers because they're analog.
More likely, it's because LaserDiscs are larger than most computers, and never were very popular.
Inexpensive video capture cards have been available since at least the mid-90s. Tivo wasn't working with digital TV signals when it debuted.
You aren't likely to find D-VHS / D-Theatre readers for computers, despite them being digital.
But you can get cassette readers for computers.
'If you hear anyone saying "analog CD" you have my permission to slap them with a trout till they stop it.'
An innocent youth on encountering a vinyl 45 record (single) might call it an "analog CD" as it is a disc and more compact than a 33.3 LP and was of course analogue. A 78 would probably do the youth's head in :)
On the other hand most of these young blighters richly deserve a serving of face sashimi.
I am flabbergasted by the renaissance of the vinyl LP format. When I first heard a cd player (the Pachelbel test cd) I thought "thank you Mr Philips!" - no more fFaffing around with disc cleaning cloths, changing stylii and rest of the rigamarole which still gave scratchy sound, uneven equalization and compressed dynamic range.
The Tesla generation appear to be enthralled by anything that involves extensive fFaffing about and by Elon, master of enfFaffment.
> I am flabbergasted by the renaissance of the vinyl LP format
It's hip, it shows you're not one of the herd and all that crap. What brought vinyl back was scratching - try doing this with a CD!... So, by extension, "rappers=hip" became "vinyl=hip" with the yoof, the rest is history.
"What brought vinyl back was scratching"
It's almost as if people were unaware of the large-area, touch-sensitive controller in their pockets, linked to digital storage and an audio transducer.
Back in the old days of "vinyl", a non-trivial proportion of pressings were actually polystyrene - try "scratching" with that and you'd likely smash the groove walls on your first attempt.
I am flabbergasted by the renaissance of the vinyl LP format.
Don't forget there's still Spotify.
People now can treat vinyl as an experience, much in the way people used to become nostalgic for the experience when CDs became a thing. But they do this with the worlds music library at their fingertips, in a way that people who grew up with only vinyl and CDs couldn't.
Mind you, some people are just mad.... I once saw a half terrabyte collection of jazz for download, it was a painstaking collection of hundreds of old jazz albums, all in 24bit/192KHz lossless FLAC... all painstakingly sampled from vinyl. Re-compressed to a modern, lossy, format reduced the collection to around 20 gig, and you can still hear all the scratches. :)
Well, some old blues and jazz records only exist as quite bad direct-to-disk engravings (or even worse, wax cylinders!)... You can't and won't ever get anything better than that noisy, bandwidth and dynamic range limited take, that's all that's left...
I have some of those on CD, they sound, well, they sound like they must have sounded back then I guess. The only difference is they don't deteriorate each time you play them.
"You can't and won't ever get anything better than that noisy, bandwidth and dynamic range limited take, that's all that's left..."
Upvoted for general comment, but disagree with that one statement. I've copied cassette tapes to MP3, both songs and audiobooks, and can testify that Audacity's ability to identify and remove noise is quite remarkable. Just select a block of tape hiss, tell Audacity that it's noise, then select the whole track and tell it to remove noise. Suddenly that hissy tape sounds CD-quality. There are other enhancements available, too.
Keep in mind tape hiss is much easier to filter away than wax cylinder cracks and pops: Their issue is that there is actually a little information missing, so when you remove the noisy bit, you necessarily leave a hole. Of course you could average and stuff, but you can hear that, it's more natural sounding to leave the cracks and pops.
"Don't forget there's still Spotify."
Sure. Latest hits (and some older stuff) compressed to 4 topmost bits of digital sound and *then* compressed to 25% of original with lossy compression. Great!
OK if you listen it from phone speaker. OK as background music if you do something else. But it's specifially designed to be listened on the phone. At that point sound quality is not even in top-10 list of matters they are interested in.
"Depending on the state of your hearing, and your genetics ..."
More realistically, it's down to shite mastering. The technologies are capable of better performance than human hearing can cope with, but the technicians commonly bugger the quality by over compressing, which leads of horrid distortion in digital recordings. In analogue recording, with the exception of gross over modulation, most distortion tends to be quite 'gentle' but in digital recording it's almost always harsh.
But when most folks play back over ear buds with 3-4 mm diaphragms that distort like mad anyway, the effort required to get the best out of the technologies is probably seen as pointless.
...and preparing the vinyl to play, cleaning the disc, checking the stylus, making sure the turntable is level, the amp is properly warmed up, the oxygen is extracted from the connections, is all part the experience, like mediation :-)
Icon, because he looks like he might like wearing vinyl in its PVC form --------------->
"A digital signal composed of 1s and 0s is not subject to analog signal loss, so how can high quality USB cables make a difference in sound?
The actual signal flowing through a USB cable is analog in nature. It is composed of high-speed square waves that represent 1s and 0s. Losses in the shape of those square waves can cause DACs, for example, to misinterpret the conversion to an analog musical signal and cause distortion."
Erm... that's only really true if you try to connect your digital signal DIRECT to an analogue input, bypassing the DAC, as the corners get rubbed off in the cable... but digital inputs know this!
That cable is chock full of amazing ideas to improve your audio. Like untwisting the twisted pair. And they spotted that any good cable must have at least one of those mysterious lumps near one end, so not only have they provided two mysterious lumps, but theirs are eco-friendly: made of purest bamboo!
But that is an old product, and misses out on an important feature: arrows! Yes, if you don't have arrows on the cable, how can you know it is plugged in the right way?
As this current listing for a £1,199.00 ethernet cable (0.75 metres - don't worry, it cheaper per metre in longer pieces; how does £10,999.00 for 12m sound?) states
"All audio cables are directional. The correct direction is determined by listening to every batch of metal conductors used in every AudioQuest audio cable. Arrows are clearly marked on the connectors to ensure superior sound quality. For best results have the arrow pointing in the direction of the flow of music. For example, NAS to Router, Router to Network Player."
That's cheap compared to this magical ethernet cable!
Select the longest (10m) option - a real bargain at only £20,199.00. Why not buy two so that you have a spare?
After all, who doesn't have twenty grand to splash on an ethernet cable, eh?!
2nd harmonic good, 3rd harmonic bad.
I remember reading a report of someone who'd creates a setup to add various amounts of various types of distortion for a listening panel. The listeners preferred to sound with some 2nd harmonic (or maybe a slew of even harmonics) distortion added.
"Distorted in a way that they like."
You remind me that every vinyl pressing has to be distorted (carefully) using the RIAA equilization curve, so that the low frequency sounds don't overwhelm the high frequency sounds in the grove. And then on playback, one has to carefully redistort the output to attempt to restore the original balance between low and high frequencies for a high fidelity experience.
"I’m glad it’s not just me that finds the obsession with vinyl absurd. "
Obsession is weird, yea. But the idea that you compress everything to topmost 4 bits is CD-era invention and anything which doesn't have that sounds like music, not a wall of noise. Unfortunately loudness wars killed the sound quality in 1990s and nowadays everything is designed to be played from a phone, from recording studio onwards.
That will sound like crap on any proper equipment and there's nothing we can do to it: Phone is the medium nowadays. Vintage vinyls didn't have that, so it's obvious that those are still in use: Simply better sound quality. Plus some noise, but I don't expect full concert volume in home from a vinyl. Either way, sound quality actually was important. Those days have gone, it's only important it 'sounds good on the phone'.
I have several examples of vinyl, CD and remastered CD from same album and the best of those is the CD. "Digitally Remastered" CD is also compressed and *a lot* louder than CD: Almost all of the dynamic has gone and running it against a limiter has clipped the peaks causing nasty distortion peaks. Technically: Crap.
If you buy something produced today, it doesn't matter: Everything is compressed and clipped crap, from the recording studio.
That will sound like crap on any proper equipment ...
Vintage vinyls didn't have that ...
Simply better sound quality.
Having spent a great deal of my youth around vinil records and excellent quality sound equipment, I can attest to that.
Unfortunately, like you point out, those days arew gone.
How does this get down voted?
Audio is most definitely compressed to a few tens of dB in the main, that's not controversial it's just true.
Vintage vinyl also suffered from the loudness wars, finding a decent recording became very hard towards the end of vinyl.
‘Warmer’ what does that even mean?
An excess of even-order harmonic distortion.
Higher odd harmonics really grate on human listener's ears, so even if you engineer even-order distortion, you really need to make sure the odd-order distortion is kept low.
I remember Tomorrows world demonstrating the CD on TV. It was wonderful and almost abuse proof. They abused it quite badly, including smearing jam on it, cleaned it and it still played! Wow! The realty was that when they went into mass productions, they were nearly as delicate as vinyl LPs when it came to scratches, especially data CD's
When the CD format was new, the aluminium layer containing the data was sandwiched between two acrylic disks, so you had tough plastic on both sides of the disks making them extremely resistant to damage. I'm pretty certain that I still have one or two made like this. They're slightly thicker, and heavier than modern CDs.
Very quickly, the CD manufacturers worked out that they could make them more cheaply by just using one disk, putting the aluminium layer on the top, and then using a lacquer and the ink layer to provide some protection. But not much.
It is very easy to scratch the top of one of these CD and ruin it.
But the early two disk sandwich had other problems. One of the issues was that the boundary between the disks that contains the aluminium foil was difficult to seal, and early CD's used to suffer oxidation of the aluminium foil. And although it has little relevance, the ink that they used to use contained solvents that would leach through acrylic, and also attack the foil.
Depends on what you mean by "resist better". Bit rot is a thing, and can affect CDs and DVDs, even pressed ones, as well as scratches and delamination. It can be caused by contamination (environment or manufacturing) in the reflective layer, and maybe other things. Pressed CDs are more resistant to (immediate) handling damage, but the Internet Archive is reading (and transferring) shellac and vinyl that's a century old. Think any CD maker can tout that kind of lifetime? I'd actually think that, stored properly, "vinyl" may well have a longer shelf life. Deterioration over time is a fact for almost all types of digital recording (not even considering its fast obsolescence).
I can attest to CDs surviving at least 34 years. I converted my entire cassette tape collection to CDs in 1989, and in all that time I've only had one CD go bad out of over 600 disks. That one was accidentally left in the summer sun on the car dash. Converted them to MP3s late last year and aside from a little clipping on a few songs from the volume leveler program they all sound good.
There was a study some years go – late '90s maybe? – that appeared in, I think, CACM, that projected longevity for various types of optical media. It noted that the expected lifetime of the "dye" (actually a photosensitive polymer, IIUC) in CD-R was expected to degrade faster than the metal in conventional CDs, and that CD-RW was expected to last somewhere between the CD-R lifetime and conventional CD lifetime.
While I may well be wrong on the details, the upshot is that different types of CDs might well have different MTBFs. No idea about CD-MO (magneto-optical "WORM" media), but I suspect as a rule of thumb, the less energy required for recording, the shorter I'd expect the lifetime to be.
" Unfortunately the only music left to listen to on vinyl will be hip-hop or some such frightfulness."
You mean the gazillions of LPs produced have vanished somewhere? I don't think so .. CDs actually age faster. But even that is decades, my oldest CDs are from very early 80s and still play OK.
"Unfortunately the only music left to listen to on vinyl will be hip-hop or some such frightfulness."
Then there will not be music. None of what you wrote about there is. Quite frankly almost everything made after 1990 is crap. This is the only silver lining to all the music greats dying of old age - it's possible to have a complete collection of their works.
"I am flabbergasted by the renaissance of the vinyl LP format. When I first heard a cd player (the Pachelbel test cd) I thought "thank you Mr Philips!" - no more fFaffing around with disc cleaning cloths, changing stylii and rest of the rigamarole which still gave scratchy sound, uneven equalization and compressed dynamic range."
That was in the 80s. Anything not classical is now compressed in to top 4 bits of "CD sound" and then lossy compressed further to mp3 -format (60% gone), while current LP players are *very good*. Even my mid-range Thorens differs from CD only because of noise level with a good record. Records of course wear, there's no way around that.
LP and good player can do about 40dB range, which actually is a lot ... compressed music typically has 4dB range. "Hottest hits today" even less.
So anything made after 70s on vinyl has *better* sound quality than anything you can find from Spotify: The newer, the worse and it's *all* "louder is better" compressed crap. "Digitally remastered" are the worst offenders: >90% dynamic range has gone *pufff*. Well, except special "audiophile" examples, but you probably won't find from Spotify
Also you miss the all of the idea: Instead listening 20 second sound bytes from Spotify while doing something else, as background noise, you sit down, put a LP on and listen to it next 25 minutes. You do not do anything else.
That's *really hard* for most people and of course they won't understand LP at all, because of that.
Why compare to Spotify? That's putting the bar pretty low, anything would sound better than that...
I had vinyl, (reel to reel) tape, compact cassette, and eventually CDs. I finally stuck with CDs. I handle them like I used to handle vinyl (carefully!), so I'm pretty confident they will outlast me.
"you sit down, put a LP on and listen to it next 25 minutes"
This. It seems to me that, like making mixtapes back in the day, vinyl was designed to be listened to as an album (especially concept albums), rather than picking out individual songs.
Whilst the same could have been said of CD, the rise of the "now that's what I call music" compilations, the endless filler songs, and then streaming... has turned music listening from something that a person did per album into a Woolworths pick and mix of random snippets from here and there. It seems less like something one pays attention to as a sort of background noise to stop the mind wandering...
> Explain this...
How about being able to get all the artwork at a size you can actually appreciate it? With liner notes and lyrics that you can read without a microscope?
And gatefolds without half of it sitting under the CD holder?
We may huff about the quality of so-called music these days, but the artwork on CDs is dreary as well. Why bother with a Roger Dean double gatefold, just shove another dull band photo on there!
I admit I'm listening to the CD but I'm looking at the Yessongs LP cover.
Artwork? I dream of artwork...
You don't get any of that with digital downloads. I mean, seriously, how hard would it be to include a PDF version of the CD inlay booklet? That way one doesn't need to go on those dodgy advert-laden lyrics websites that all suspiciously have the same mistakes...
It's all very nice having a large dynamic range available on digital audio.
It's just a shame that the audio engineers in the main choose to not use it, instead compressing the sound to a few tens of dB so it sounds "good" in the car or via crappy headphones etc.
Finding well mastered audio is pretty damn hard.
Anyone who is exposing the web interface on these devices to the public internet is asking for trouble anyway. From memory, I don't think modern browsers will tolerate connecting to it via https either. All this said, I don't think there is reason for panic if the interface is only available from the LAN. For many businesses, if the LAN is compromised, it's game over anyway.
If these adapters are replaced, don't buy the suggested Cisco alternative. Go with a different manufacturer that still has an interest in this market.
The risk isn't that a user will try to browse to it in an interactive session, clearly the bigger concern is an attack tool stuffing a bad request into it's interface. The more likely attack scenarios would be adapters exposed to traffic from a guest network or road warriors hooking them up in the field without a proper firewall.
Getting intital access at a network level shouldn't justify tapping out on attempting basic security for stuff like this, but I agree that a good VLAN should isolate these from everything but the phone system hardware anyway. It's not like the fax will care, and if it has it's own network port it need not be on the same VLAN.
I'm not taking bets on how many places are set up that way.
Also, I'd like to say that it's a classic Cisco move to try to shove you off of one EOL product onto one who's EOL is just around the corner. The last quote they gave me had switches with a release to manufacturing that was 10 years ago and were nearly EOL. We may not be a big account, but I'd appreciate if they'd at least pretend that they are not engaging in warehouse cleaning when they propose dumping this obsolete trash on us. Oh and you can buy the same switches used for about 20% of what they are asking.
Oh and Call manager is a toxic dumpster fire. Ours core dumps every time we have to reboot our core switch stack(also cisco) and it took the integrator and Cisco TAC over 4 days to get it running again after migrating from a vmware image on an EOL Cisco UCS server to a dell machine.
I totally agree but the cyber security industry has management twisted round their little finger.
My company sells a solution that includes networks will never be exposed to the internet but the cyber teams insist every little vulnerability has to be patched, they even insist data in transit that will never leave the dedicated isolated network should be encrypted.
networks will never be exposed to the internet
And that's great right until an attacker gets inside the corporate network, pivots, and escalates.
The "egg" model of network security is dead. If there's a way to connect a "private" network to the wider corporate network, many customers will do it. And once that happens all your vulnerabilities are available as soon as someone gets into the corporate network – which likely happens at least a few times a month for a large organization, assuming good defenses are in place. (That's why we have IDS / IPS systems and incident-response teams.)
... don't buy the suggested Cisco alternative. Go with a different manufacturer ...
Finally, some common sense.
I was reading through the comments and what instantly came to mind is that not one (till you, obviously) had said that.
For that, a case of good annonymous ale for you. |***|D |***|D |***|D |***|D
Cisco inserted a short-lived root CA certificate called QuoVadis in one of their vulnerability update. Naturally, when the certificates expired in March 2021, the 112/122 became useless. Cisco used the convenient excuse that the 112/122 are past end-of-support and did nothing.
I believed Cisco deliberately inserted a certificate with a very short expire date because the 112/122 were not alone. There were WAPs with certificates expiring in 2022 but Cisco was forced to release a software fix with an extended certificate (up to 2099).
I just updated the firmware on some SPA phones. At startup type in the IP address of the bootp server.
Ok, that requires access to the device, right?
Not really, you can reboot from the web interface.
Ok, that requires the web login, right?
Only if you've reset the default password.
Ok, at least the firmware must be signed correctly?
Dunno, the information about this CVE doesn't say anything about code signing: just an authentication failure. That normally means a login failure, since these devices don't have a keyboard for entering the bootp IP address at startup.
I use the SPA2102 myself, you merely enter command 7932# and 0 to disable the WAN access. Simple enough.
I still run my trusty old DNS-323, and the reason is because D-Link released the source code which allowed the enthusiasts to take over development of “Alt-F” alternative firmware. It has become a really useful device, you can put big drives in there, format with EXT4 if you care to, run ftp torrent nfs all sorts of different servers and services. Lately I even put AdGuard Home on there, a light-weight alternative to Pi-Hole. Just the cats pyjamas kind of device, and all because the source code was opened up one grand day. Thanks D-Link!
Anyway my SPA-2102 runs constantly (well of course, when do you ever turn off your telephone?) and the only thing that went wrong was I had to replace the 5V adapter a couple times.
Too bad they don’t open-source it, I bet there’s all sorts of wizard things it could do if they’d cooperate with customers for a change.
Yes, no US spy doors, just Chinese spy doors. Why put up with being spied upon by a power that's really not interested in looking at your network unless you bring the wrong sort of attention to yourself when you can be spied upon by a power that is well known to conduct corporate espionage and IP theft as a government practice? Huawei will help you put yourself out of business, but at least those bloody Yanks didn't have access, right?
All the US politicians are interested in is their own power and fortune - they do not care about anyone who is not at least a multimillionaire. The UK security services examined the source code of many Huawei devices and found many examples of poor coding but no evidence of any deliberate backdoors. (However the UK government still went along with the USA when it exerted pressure to ban Huawei.)
Huawei devices had two major problems as far as the USA was concerned - they were cheaper than the equivalent Cisco devices and they did not have NSA backdoors baked in.
... they are almost comically bad.
I mean one of the main tasks of such devices is to capture 20ms of audio samples, package them into a RTP frame and then send them. There's more to building a good ATA, but that's the most basic thing you need to do.
Of course, since they are running normal operating systems, there is a bit of jitter to be expected, so if you compare the expected time of arrival to the actual time of arrival you should see some noise, in a histogram that should resemble a normal distribution close to zero. So the error is more likely to be between 0.1 and 0.2 ms than between 10.1 and 10.2 ms. It may be overlaid by a steady rise or fall because your sampling rate is not precise, but any half decent ATA will compensate for that.
The adapter I've been able to test had a "box shaped" distribution... and to make matters worse, the culminated error rose in discrete steps. Each one of those steps means that not only you will have a glitch in your audio, but also very likely that your modem connection will break. I have no idea how on earth they managed to make their device that bad.
... no idea how on earth they managed to make their device that bad.
How? Easy ...
Thing always start to go shit-shaped when there is a beancounter and/or a marketing droid involved.
In this specific case, I have no doubt one of each species was assigned to the project.
It's an old part (not made any more, any stock they had has sold out), and EOL means it hasn't been made for years.
Which means that companies which bought it have fully depreciated it (or certainly should have - unless they're playing games).
Buy a new one. It should have been replaced a long time ago.
So are anyone who bought extended service going to get a refund? A FULL refund going back to June 2020 when extended support began? I would expect one -- people pay extended support on "mature" products knowing that they will not get frequent patches, but under the assumption that when it DOES need a patch it'll receive it. Paying that for "Hey, screw you, we're not patching it anyway", well, it really seems like a problem to me.
Also, does Cisco realize this'll hurt them in the long run? Why would anyone ever pay for extended support if they know Cisco is going to just take their money and then not follow through?
... does Cisco realize this'll hurt them in the long run?
It has been proven that beancounters (behind the decision to screw over Cisco's clients) have a thing about being out of touch with reality.
So they don't realise anything much.
Why would anyone ever pay for extended support if they know Cisco is going to just take their money ...
It has been proven that beancounters (behind the decision to pay for Cisco's extended support) have a thing about being out of touch with reality.
So they happily accept Cisco's offer and allow the company/outfit to get screwed.
It's interesting looking at their EOL page for the product. They stopped creating security fixes for the product before they stopped selling it AND they only stopped selling it a few years ago.
I love their recommendation to migrate to another product they're stopping support on next year. This all sounds like a get rich quick scheme. It's time to change suppliers. How can Cisco be trusted?