Skip to Content

Good "Schiit" at the Rocky Mountain Audio Fest

Last weekend I was able to attend one day of the Rocky Mountain Audio Fest, which is held here in the Denver Tech Center, not far from me, along with fellow MacinTech members Rick Hyman and Jon Flowers.

I went through many of the vendor displays in the “CanJam” exhibit focused on Headphones and mobile/personal audio devices, and one of the most interesting things for me was from the Sennheiser booth. I have a set of Sennheiser HD600, which they had on display along with an HDVD 800, their $2,200 headphone amp, as well as an HD650, an HD800 and HD800S. What I noticed is that they were using balanced cables for all of them, where there are separate ground wires for each side, along with isolated, balanced amplifier modules.

Even in the noisy exhibit tent, all three of us could hear a marked difference between their demo units and my headphones, which I had brought with me. Even with the same model headphones plugged into the same amp, but with the standard cable using a shared ground, there was a noticeable improvement in the clarity in the high-end, better control in the bass, and a more open “sound stage” with the balanced cable.

Because the HD600 has a replaceable cable, it’s easy to upgrade to a four-wire balanced cable, and I found an “inexpensive” one from ZY for about $75 through Amazon.com. Sennheiser’s balanced cable is about $240, and “premium” cables go for about $330, which is more than I paid for the headphones!

To use balanced headphones, though, you also need a balanced headphone amplifier. There were lots of options on display at RMAF, either solid-state or tubes, but most of them were in the $4-7K range! One of the exhibitors, though, was Schiit, an American company that is making high-quality gear at more affordable prices. They have recently introduced a headphone amplifier with a built-in Digital/Analog Converter (DAC) module that is upgradeable, the Jotunheim, which sells for under $500! I was able to listen to it at the CanJam event, and was impressed enough that I ordered one from their website that night.

While I was anxious to try out the new amp when it arrived a couple of days ago, I started by playing the Sound Liaison recording of "The Old Man and the Sea" by BATIK through my existing portable DAC/amp, Teac HA-P50, and the original three-wire cable on the HD600. It sounded good, but didn't have the sparkle that I heard at RMAF. Next, I plugged the HD600 into the Jotunheim with 1/4" adaptor, and listened to the same track through the Jotunheim, but still with the standard three-wire cable. With the Jotunheim, both the bass and high-end were noticeably improved, and the sound was more detailed and had more dynamic punch. Finally, I opened up the ZY balanced cable, and carefully unplugged the stock cable from the HD600, and connected the balanced cable in its place. The ZY cable seems to be well made, with a Neutrik 4-pin male XLR connector, and nicely molded connectors for the Sennheiser headphones. The cable has a braided nylon jacket, with a shrink-wrap sleeve over the "Y" where the cables split for each earpiece. I plugged the XLR connector into the balanced jack on the Jotunheim, and restarted the same track again... This was another order of magnitude of improved clarity in the high-end, more solid and controlled bass, and a wider, more open sound stage.

Between the Jotunheim and balanced cable, the HD600 sounds like a completely different set of headphones. While I can't do side-by-side comparisons like I did at RMAF, I can tell that each step exposed more detail in the sound than I had been able to hear previously. I would have to believe that the people who criticize the Sennheisers as having a "veiled high-end" and lacking bass simply aren't driving them properly. With a decent balanced headphone amplified and balanced cable, the HD600 really comes to life. Considering that compared to most of the available audiophile offerings, this entire setup has cost less than $1,000, which would be considered pretty entry level, I feel like its delivering a pretty amazing audio experience.

Mousejack

Speaking of Logitech (in my previous post) it also turns out that security research firm, Bastille, has uncovered a vulnerability in many USB wireless keyboards and mice where the USB "dongle" is easily hacked, allowing someone to connect to your computer and take over control of your keyboard... The list of manufacturers includes Dell, HP, Logitech and Microsoft.

See the details at the website created by Bastille, or one of the many news articles like this one at ComputerWorld.

The article has links to more information, a list of affected devices, and links to manufacturer support sites that have already posted software or firmware updates.

This only affects USB Wireless devices, not Bluetooth devices like the Apple keyboards and mice.

What Happened to Logitech?

I've had several Logitech keyboard/covers for my iPads over the years. In December, while traveling, I dropped my keyboard (and thankfully NOT the iPad) which bent the corner so that it no longer sits flat. When we got home from our trip, I ordered a replacement, the newer Ultrathin Magnetic Keyboard Cover for the iPad Air from Amazon.com. I was frustrated with myself that I had dropped the old one, but was excited about getting the new one, as it is thinner and lighter, and has an adjustable angle for the iPad's screen.

It arrived a few days later, and I plugged it in to charge it, then got it synched with my iPad Air. I began to notice problems almost immediately, as the keyboard would fall asleep when idle, but then not wake up when you pressed a key. I had to turn off the keyboard, and then back on again in order to get it to reconnect... About every 5 minutes!

Then, as I continued to try using it, I discovered that the screen would flash as the keyboard would send the signal to capture a screenshot periodically. One night, it took 57 screenshots as I tried to log in after turning the keyboard off and on, typing email, or trying to type a journal entry into DayOne... Now every time I sync, I have to open Photos and delete all of the extraneous screenshots that the keyboard has taken.

I ordered the keyboard through Amazon before we returned from our trip, and it arrived the day we got home. I opened a support case with Logitech on January 4th, after trying the troubleshooting steps from their website, to unlink the keyboard, turn off Bluetooth, relink, etc. None of which made any improvement.

After several rounds with support website to go through the symptoms and the things that I had tried, entering the model number and serial number of the keyboard, the model number of my iPad, scanning and uploading a copy of the receipt, clarifying my shipping address, etc. I was told that they only replacements they had available are Space Grey/Black. My iPad Aid is Silver/White. I really don't want to replace the keyboard with one that is the wrong color...

I would have simply returned the defective keyboard to the vendor, through Amazon.com, but I had bought the last Silver/White unit that they had in stock. They were unavailable through the end of January, when the 30-day return policy ran out, so I was stuck working with Logitech support.

At the end of January, Logitech marked my support case as "Resolved" and closed it, even though they still hadn't replaced the defective keyboard yet! I had to open a new support case, and reference the original one, which they reopened.

It's now the end of February. I still don't have a replacement keyboard yet. I can see that the Logitech online store has the Silver/White unit in stock, if I wanted to buy a new one. Looking on Amazon.com, the vendor that I bought the defective keyboard from has them back in stock now as well. Logitech support, however, maintains that the only units they have available are the Space Grey/Black. This tells me that they aren't going to replace my brand-new but defective keyboard with a new unit, they are going to ship me someone else's broken return that has been refurbished...

For many years, I have regarded Logitech as the premier manufacturer of keyboards and mice for either PC or Mac, and have recommended them frequently.

Recently, however, it seems that they have dropped Mac support for many of their products, even Bluetooth models like the DiNova Mini, which linked right up with my Mac mini and was recognized as a combo keyboard/trackpad, as well as the mk710, which BestBuy lists as Mac compatible, although it isn't indicated on the box.

It seems that their product quality has dropped considerably, so that they don't have the quality feel that they used to have. Their support is certainly no longer "world class" either...

I've just posted a rather harsh reply in my support case, saying that I've given up on using the crappy keyboard that I bought in December, and I can't wait any longer for a replacement. They might as well send me the wrong color refurb, as I'll likely throw it in the trash as soon as I can find a replacement that actually works...

So, who else makes Bluetooth keyboard covers for iPads? I'm sure that there are plenty of other options, which can't be any worse than the new but defective Logitech that I have now...

Upgrading an Older Macintosh with an SSD Replacement

Let me start with a little background -- I have been an avid Macintosh user since the original Macintosh (128K) was introduced in 1984, when I was in college. Yes, they can be expensive, but they are easier to use, which makes them more powerful, and I find that they have a longer useful lifespan then many other platforms. Over the years, I have kept many of my Macintoshes for over 5 years, keeping them relevant by adding memory and disk space over time, and of course keeping the operating system upgraded to the current version.

My strategy has often been to purchase a new machine just as it is discontinued, when it's very close to the current model but with a decent discount. My current Mac is an early-2011 MacBook Pro 17" that I bought in November 2011, when it was replaced by the late-2011 version, identical except for a modest bump in processor clock rate (2.2 vs 2.3GHz). I saved several hundred dollars by buying the earlier model.

After four years of faithful service, though, it was beginning to feel like an antique. Most of the OS X operating system updates actually improve the overall performance of the system, but it seemed like my old MBP just kept getting slower and slower. Exacerbating the problem is that my iTunes library has grown to over 500Gb, with music ripped in Apple-lossless (ALAC) format, high-definition movies, loads of books and apps, etc. It just wasn't practical to keep all of that on the internal drive, so i've moved the iTunes library to an external G-Drive. This has created an annoying problem. The G-Drive goes into a power-saving mode after being idle for some time. It seems that when it wakes up again when there is activity, it gets re-mounted in Read-Only mode, so you can't save any changes to the drive. Despite being unwritable, there is some background process, probably Spotlight, which is insistent that it has the drive in-use, so it won't allow me to eject the disk so that I can re-mount it again so that it is writable, unless I forced it.

This means that the only option was to shutdown the MBP, power off the external drive, reboot the Mac, then turn the external drive back on, and wait for everything to come back online. It was taking a couple of minutes to shutdown, 5-7 minutes to boot up, 2-3 minutes after logging in before the Desktop icons and menu bar icons would appear, etc. Overall, rebooting my laptop was taking nearly 20 minutes, which is a long time to wait before using the machine.

I was thinking that with tax-refund (hopefully!) season coming up, perhaps it was going to be time to replace the old machine with a new one. I've even contemplated moving to a desktop iMac instead of a laptop, since I tend to only use my iPad Air when I'm away from my desk. As I started to explore my options for a new Macintosh, I realized that the specifications on the new machines didn't seem all that different then my old one... I'm certain that there are probably a few underlying improvements, but the processors are only clocked a smidge faster than what I have now. So why do the newer MacBook Air models that my wife and daughter have feel so much faster than my 2.2GHz quad-core i7?

The answer lies in the storage! While my MBP had the option for a Solid-State Drive (SSD) back in 2011, it was a very pricey option at that time, and rather limited in capacity. I opted for a 5,400rpm 750Gb hard disk drive, which was more affordable, albeit much slower. As time has marched on, however, the slower drive performance has taken its toll. Most of the new Macintoshes have either a SSD or a hybrid "Fusion Drive" that caches the most-frequently accessed files on an SSD, then moves to/from a conventional hard drive for long-term storage.

The price for a solid state drive has come down considerably, especially for larger capacities. I did some research on the web, and the consensus seemed to be that the Samsung 850 EVO models were the highest-performance option at a reasonable cost, providing the best value. Many SSD's are packaged like a 2.5" internal SATA hard drive, so they are an easy swap for the hard drive in most laptops. I opted for a 1TB capacity, a bit larger then the 750Gb drive I was replacing, which cost about $350 on sale at MicroCenter in December, although the price on Amazon was similar.

Aside from the time to backup and restore the drive contents, the actual drive swap took under 10 minutes, but I've done this a few times before... As usual, I relied on nicely organized instructions from iFixit.com, just to guide me through the process. On my MacBook Pro, it's mostly removing the small Phillips screws around the perimeter of the bottom of the case, and removing a bracket that holds the drive in place. There are some pegs that screw into the mounting holes on the sides of the drive housing that get transferred to the housing for the SSD, then reverse the steps to reassemble.

Having already built a USB Flash Drive installer for OS X 10.11 "El Capitan" using the tutorial at MacWorld, I decided to start with a fresh install of the operating system. I booted up off of the flash drive, used Disk Utility to format the SSD as a journaled HFS volume, then let it complete the installation of the operating system. Next, I let the Migration Assistant move over the applications, settings, and files from my TimeMachine backup on an external FireWare 800 drive. This took some time, limited by the speed of the backup drive, not the SSD.

Once I was running on the SSD, I ran Software Update to load the latest updates. Even though I had been running 10.11.2 previously, the fresh install was only at 10.11, so it had to download the 1.4Gb update. I'm on ComCast Xfinity internet, with speeds up to 125Mbps, but was shocked that it was able to download in only a couple of minutes! It seems that even downloads are faster, when the machine isn't waiting to be able to save to the slow hard drive.

So the end result? I've timed the startup time, and from the time I press the power button until the login screen appears is now under 21 seconds! While there used to be a measurable delay in even seeing the Finder icons appear on the desktop, it's now instantaneous. Opening a new Finder window would have taken 15-30 seconds to populate with the directory listing, but is now immediate.

I also did an SSD upgrade in my home server, an older Core 2 Duo Mac mini, with similar results. Swapping out the drive in the Mac mini is a little trickier than the MacBook Pro was, so it took a bit more time, again utilizing a well-written guide from iFixit.com. While the original drive was a 320Gb, I've only used about a third of that, since most of the data is stored on a pair of external drives, so I chose a slightly smaller 250Gb Samsung 850 EVO unit.

While I spent about $500 on both SSD upgrades, I've gotten a significant performance increase in both Macintoshes, for a fraction of the cost of replacing either machine with a new model, breathing new life into my existing hardware investment. Highly recommended!

Moved to MacHighway

As I noted in December, my former web hosting service, GoDaddy, announced in December that they were going to revoke access to us the Mailman mailing list manager that is included by default in their Linux cPanel hosting accounts. I use Mailman for my personal use, as well as to manage several discussion lists for the MacinTech Macintosh Users' Group. GoDaddy claimed that it was due to spammers misusing the service, but I don't really believe that for a second... First, I've gotten more spam while being hosting by GoDaddy than any other service that I have ever used, so I have a hard time believing that they take any actions to prevent spam! They also began advertising their own bulk email service just days after the announcement that they were turning off Mailman, which I can't believe is a coincidence. I had moved my web sites to GoDaddy out of convenience when I was no longer able to host them myself after CenturyLink botched a DSL upgrade, leaving me offline for several weeks.

In any event, in early January, I signed up with local Denver-based web hosting service MacHighway. There package is actually less expensive than GoDaddy. It's also a bonus that they cater specifically to Macintosh users, so their instructions don't reference Windows for everything, although they seem fairly platform-nuetral overall.

So far, I am very pleased with MacHighway. The setup was easy. I have had to put in a couple of support tickets for things like requesting shell access, which is probably not typically used by their average customer. Initially, I had some issues with lots of my Mailman email traffic being discarded due to other sites deferring delivery using greylisting, but MacHighway was able to make adjustments to their Exim mailer settings to accommodate. They have been very responsive to the tickets that I've submitted, kept them open until resolved, and communicated frequently.

GoDaddy Shutting Off MailMan, so I'm Shutting Off GoDaddy

This afternoon, I received this email from GoDaddy.com, my web hosting service:

Important information about your hosting account

Due to spammers abusing MailMan - a cPanel feature that lets you send bulk emails - we're removing the feature on January 23, 2016

If you want to send bulk emails to your customers or clients we recommend checking out GoDaddy Email Marketing. Not only does this program let you email customers, it also includes more powerful features than MailMan, like opt-out management.

If you have questions or need assistance, contact our Support Team at (480) 505-8877.

Mailman is one of the services that I rely on for personal use, as well as for the web site and mailing list that I operate on behalf of MacinTech, a non-profit Macintosh User's Group here in the Denver area.

I've just spent a half-hour on the phone with goDaddy, and there is no exception to their decision to remove Mailman from the service that I've already paid for in advance. Their proposed solution is to pay them twice as much as I do now to add their email marketing program!

There are other hosting providers, like MacHighway, that offer hosting packages for LESS than GoDaddy, which include a mailing list manager, Dada Mail, which is similar to Mailman.

So, after many years at GoDaddy, I'll be canceling my service and domain registrations with them in January, and moving to MacHighway.

Audiophile Headphones and High-Resolution Audio

After we got the Bose Quiet Comfort 20i noise-canceling earbuds for Jeannette, I decided to sit down and compare them with my Bose Quiet Comfort 15 noise-canceling headphones, my Shure E3 in-ear monitors, and my Yamaha YHD-1 orthodymanic headphones. I was actually somewhat surprised by the differences between them, and I thought that they all sounded fairly good by themselves. I think that the Bose earbuds and headphones were very similar. I thought they my Shure E3 had better clarity, though the Yamaha sound was more open and natural, but lacked a little low-end.

While researching the earbuds, I ran across numerous articles on high-resolution audio as well, which is loosely anything that is more than the 44.1KHz sample rate with 16-bit depth (16/44) used by CD recordings. While many of the articles proclaimed how 24/96 or 24/192 sounded so much better than the overly compressed 16/44 recordings. I also found a number of articles like this one proclaiming that HD audio is like the modern-day equivalent "snake oil" marketing hype like tubes vs. transistors or oxygen-free speaker cables... Kirk McElhearn points out that at 16-bit, you can record up to 65K volume levels, and that 44KHz is the minimum sample rate to capture frequencies up to 20KHz, the standard for high-fidelity audio.

If you think back to the time when we went from 256 colors, to 65K colors to 16.7M colors, the difference was dramatic, with 16.7M colors more life-like and photo-realistic. While we were mostly content with 65K colors, and probably can't detect all 16.7M colors, the optimal color bit-depth probably lies somewhere in between 65K and 16.7M.

I think that the move to high-definition television is similar in many respects. In addition to being a higher pixel resolution, the image is also more realistic due to the improved color depth, with better shadowing and high-lights that also gives the image more depth. This change isn't just the resolution alone, but a combination of factors that makes the image discernibly improved, even when comparing 1080p to 720i resolutions.

Kirk McElhearn also had an article describing how to properly change the settings on the Mac to listen to high-resolution audio files, by changing the maximum bit-depth and sampling rate. He also points out that your sound quality is only as good as the weakest link, so if you're using cheap earbuds or speakers, you won't be able to detect any difference, much like trying to watch a Blu-Ray movie on an older analog TV wouldn't look any better than a DVD or a VHS tape.

Kirk also talked about the differences in the audio file format and compression used in MP3, AAC, Apple Lossless or FLAC, and uncompressed AIFF files. I was curious if I could detect the difference, so I took a CD and imported the same track as an MP3 and a 256Kbps AAC file. I found a free application in the Mac App Store called ABXTester which lets you do a blind comparison of two files in different formats, as long as they are natively supported (so no FLAC, for instance). With my Shure E3 in-ear monitors I was able to discern the difference between the higher and lower resolution files 4/5 times in repeated tests, which was enough to convince me that I was able to hear the difference. I re-imported the same CD using Apple Lossless, and was again able to pick which samples were which resolution more than 80% of the time.

Looking at my iTunes library, and displaying the columns for kind and bit-rate, I realized that most of my music was in the lower quality AAC (128kbps bit-rate), likely the default that I picked when my primary iPod was only 15Gb storage capacity. Even though higher rate formats were available, I hadn't changed the default, since that gave reasonable quality with a manageable file size, so that I could fit the majority of my music library on the iPod, without having to pick and choose what to include or exclude.

Over the next few weeks, I re-imported all of my CD collection into iTunes using Apple Lossless format, which preserves the quality of the audio, while allowing some compression to reduce the file sizes. I also changed the settings for synching my little iPod touch to convert down to 128K AAC, but 256K AAC on my iPad which has much more space available. This lets me have the highest quality on my MacBook Pro at home, with a more manageable size on my portable devices.

During this time, I also researched options for better quality headphones, using some of the same websites where I researched the noise-canceling earbuds. I prefer an over-the-ear style for more comfort when using the headphones for a longer period of time, and wanted an open-back design to use at home, since I already have the Bose QuietComfort 15 to use in noisy situations. I spent a lot of time reading through the reviews of full-size open-back audiophile headphones at InnerFidelity.

I was impressed to see that a decade old design costing under $300 on sale, the Sennheiser HD600, still made their "wall of fame" list, along with newer high-end headphones costing over $5,000! I've liked the professional audio gear from Sennheiser that I've used before, particularly their wireless microphones, and they are certainly widely regarded for their headphones. I also liked that many of the parts like the headband, ear pads and cables are replaceable, and sometimes interchangeable between similar models like the HD650.

The one drawback to the HD600 that I recognized is that the nominal impedance is over 300 ohms, which means that many low-power portable devices would have a difficult time driving them effectively, as they don't produce enough output power to drive that high of a load. That lead me to look for a headphone amplifier. While my intention is to primarily use the headphones at home, I wanted the option of a portable unit that I could take with me if I moved around the house. I found several portable headphone amplifiers that would work, but also discovered that for not much more than the price of an amplifier, I could get a unit that contained a higher performance Digital/Analog Converter as well, which would allow me to playback high-resolution audio files if I chose.

After some more research, I settled on the TEAC HA-P50 portable headphone amplifier/DAC. It's about the same size as the original iPod, with a large enough battery to last as long as my iPod Touch or iPad Air, and with a variety of inputs, including analog, TOSLINK, and USB. It comes with a high-resolution audio player on the Macintosh and for iOS, and allows USB connection to Windows, Mac, iOS and Android devices, so there is plenty of flexibility. It also incorporates its own Digital/Analog Convertor chip, a TI PCM5102 "Burr-Brown" unit that supports high sample rates and bit-depths.

I've been very pleased with the combination of the Sennheiser HD600 with the TEAC HA-P50. I think that i would have been very disappointed with the sound of the Sennheisers without the headphone amp. I do believe that the Burr-Brown DAC sounds better than the built-in DAC in the MacBook Pro or iPad, which also don't have enough power to drive the high-impedance load of the Sennheisers. I have done some comparison of high-resolution file formats, and with the HD600's, I can hear a difference in the sound quality. It is often subtle to be sure, but the HD audio has a more open, natural sound, with a more ambient, airy feel, where each voice or instrument can be discerned separately, instead of blended together in the lower-resolution recordings. You can hear the timbre of the horns, the resonance of the string bass, etc.

I can tell a significant difference with many of the CD recordings that I've had for years, re-imported using Apple Lossless format, played through the TEAC HA-P50 driving the Sennheiser HD600 headphones. Even live recordings like Kenny Loggins "Live from Under the Redwoods" has much better clarity, such that you can hear each voice in the chorus, instead of a single, blended voice.

I have downloaded some comparison samples from SoundLiaison and HDTracks.com which allow you to compare the same tracks in different formats. I've also purchased a few albums from HDTracks at higher resolution to compare with some of the CDs that I already owned. Anita Baker's "Rapture" has more clarity in HD audio than on the CD. I've just purchased a 24/96 high-resolution copy of "Chicago II" that is remarkably better than the same tracks from the "Greatest hits Volume I" CD that I've had for years. While it is likely a combination of factors, including not only the resolution and bit-depth of the recording, but also the engineering with little or no compression, etc. that makes the HD Audio recordings sound better than the CD recordings, I can tell a dramatic difference.

While I am still using iTunes to manage my music library, as it allows me to organize and synch my music with my iPod and iPad Air, I've switched to using the free music player VOX to listen at home, as it supports additional file formats, including FLAC and DSD or DFF, and support the high-resolution formats, and will synch the resolution of the TEAC's DAC to match the recording.

I think that the higher resolution and bit-depth capture more nuances in the sound than you get in the CD quality recording at 16/44. It's not just about frequency response, but the level of detail, provided that you have a high-quality sound system that is accurate enough to hear the differences. A good pair of headphones and an amplifier/DAC combination can be had for less than $500, allowing an audiophile listening experience without a lot of investment, which is still portable.

Noise-Cancelling Headphones

Jeannette’s office is being remodeled, and will be moving to more “modern” open, low-walled cubicles. She’s already worried about the noise distraction, so I’ve been looking into noise-cancelling headphones/earbuds for her.

Since the dawn of time (or as long as they have been in business) I would say that I’ve not been a fan of Bose. Having worked in an audio shop while in college, we did some repairs to some of the original Bose 901 "direct/reflecting" speakers, which appears to be an array of 4" paper cone drivers like you would find in a clock radio... While the reflecting concept was interesting, they didn't seem to have a very full range. I preferred more open systems like the Magnaplanar or a time-phased array speaker like the Dahlquist DQ-10, upon which my home-built speakers are based.

I have an older pair of Yamaha YHD-1 orthodymanic headphones, which are open back, and have a nice airy sound. However, since they are open back, they aren't good at blocking ambient noises! When I decided that I needed noise-canceling headphones years ago, I bought a set of the original Bose Quiet Comforts, which I really liked. The sound wasn’t perfect from an audiophile perspective, but the noise-cancelling worked noticeably better than any others that I tried. After using those for several years, the sound on one side became intermittent, but I couldn’t tell if it was the cable or the electronics...

When I was moving into our new open office building a couple of years ago, with low walled cubicles, I realized that I was going to need good noise-cancelling headphones that worked properly. I looked at some other options like the Sennheisers, and also checked into getting my Bose QC fixed. I found that Bose doesn’t really do repairs, but they do trade-ins that cut the price of the new pair by almost half! That made a new pair of Bose less expensive than any of the other options, so I traded in the originals for a new set of Quiet Comfort 15.

I also have a set of earbuds that I really like. None of the Apple models seem to stay in my ears unless I'm sitting perfectly still, so I went looking for a better option. After some research several years ago, I decided on a set of Shure E3 in-ear monitors. I actually ordered them online from a pro audio shop, as their price was a bit lower than the E3c "consumer" models that they had begun packaging for the iPod or iPhone. After a couple years of use, one of cups became intermittent, so I sent them back to Shure for service. They actually just replaced them with a new set, which I'm still using today. They have good noise isolation, since they are in-ear, and are very small and portable to carry around, but I like the Bose QC better when flying. The in-ear fit is a bit snug, so I don't find them as comfortable for long periods of time.

After doing some research earlier this week on current offerings, and looking more at earbuds than headphones, it was pretty clear that the Bose Quiet Comfort 20i was the best choice. We picked up a pair at BestBuy on our way home from dinner last night, and Jeannette is very happy with them. I opened them up in the car before we left the parking lot, so that she could try them out on the drive home.

I found a couple of interesting review sites in the process. One of the best reviews was at WireCutter, which had some references to a site that specializes in headphones, InnerFidelity, which has very thorough reviews.

I hate SPAM, and GoDaddy is Useless!

After the debacle with my CenturyLink DSL last summer, I had to make a quick decision on alternatives to hosting my own domain, email and web. I ended up being off the network for two weeks when CenturyLink couldn't figure out how to restore my DSL server when they did an upgrade that I had already cancelled.

Many years ago, I used a domain-hosting service called DomainDiscover that registered my domains and DNS, redirected web requests inside of a frame, and relayed email from a virtual domain to my ISP account. After I started running Apple's OS X Server, though, I realized that I could provide most of those services myself, on my own home server. My ISP, NeTrack, who was later acquired by Indra's Net, provided a static IP address, so hosting my own domain was fairly straight-forward.

Once I started running my own services locally, I decided that it wasn't necessary to be paying DomainDiscover for the other services that I wasn't using any longer. All I really needed was a domain registrar. Checking on pricing, it seemed that GoDaddy was about the least expensive, and while nobody had a great customer service record, GoDaddy was large and established, so I transferred my domain registrations to them.

So, when my DSL was down for an extended period of time, I did some quick checking, and discovered that GoDaddy had recently started using CPanel virtual Linux hosting, and had hosting plans on sale for half-price, so it was only about $5/month, as I recall. Since my domains were already at GoDaddy, it was easy to setup the hosting account, and I was able to get email service back up in a matter of minutes. Over the next couple of weeks, I was able to create MySQL databases and restore backups from my home server, and migrate all of the content for Drupal, so I had my websites backup in a couple of hours.

Since that time, however, the amount of SPAM that I receive has increased significantly. While cPanel includes SpamAssassin, it allows very little configuration, so its practically useless. What is worse that the SPAM is the backscatter. These are bounced messages from a forged sender that look like came from me, but didn't. When the SPAM can't be delivered, it sends the failure notice to the forged sender's address, which is mine in this case. I'm getting over 500 backscatter daily!

Let me say at this point that if you have looked up my name or email address on the web, because you're angry that I'm sending you SPAM about something seen on the Oprah show -- I'm not the one sending it, I haven't been hacked or infected with a virus or worm, and it didn't come from my computer!

My domain, or rather my domain's email server, is being spoofed by spammers, who are obviously sending huge quantities of SPAM from a variety of different sources, pretending to be my domain.

What does backscatter look like, and how can you tell where it came from?

Let's take a look at the headers from one of the messages. There different ways to do this in different email applications. In Apple's Mail, I choose "Message -> Full Headers" from the View menu.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)
(envelope-from )
id 1YhKy8-0002yW-SZ; Sun, 12 Apr 2015 09:42:49 -0700
Subject: from: Brandon Tate
From: Brandon Tate
Content-Type: multipart/alternative;
boundary=Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8
X-Mailer: iPhone Mail (11D257)
Message-Id: <0bfcd819ccfa$e68a1153$f5a993f5$@tombaugh.org>
Date: Sat, 12 Apr 2015 05:42:44 +0000
To:
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)

--Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit


Hi! How are you?

Have you seen this
before?
Oprah had been using it for over a year!
-----------------

First, let's look at the "From:" line

From: Brandon Tate

If a human were to look at this, its apparent that the name and address don't match. However, many email applications now hide the actual email address, and only show the sender's name, so many people aren't even aware that it has been faked.

Now, let's look at the "Received from" line:

Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

This shows the IP address making the connection to the SMTP server. You can find who this address belongs to by doing a "whois" lookup, from a website, the terminal or command prompt, or the Network Utility on a Mac. I did a whois lookup, and see that address is assigned to Saudi Telecom:

Whois has started…

% This is the RIPE Database query service.

% Information related to '188.52.0.0 - 188.52.255.255'

% Abuse contact for '188.52.0.0 - 188.52.255.255' is 'registry@saudi.net.sa'

inetnum: 188.52.0.0 - 188.52.255.255
netname: SAUDINET_DSL_POOL
descr: DSL HOME Subscribers
country: SA

role: Saudi Telecom Co. Registry Admin-C contact
address: STC complex, murslat, Riyadh
address: P.O.Box: 295997
address: Riyadh 11351
address: Saudi Arabia
phone: +966-11-4434970

% This query was served by the RIPE Database Query Service version 1.78 (DB-3)

I live in Colorado, and my domain is hosted by GoDaddy in Phoenix, so this definitely didn't come from me!

Next, on the same line, see the "HELO=" which shows the name that the sender proclaimed to be -- mail.tombaugh.org. If you lookup this host name in DNS, it shows:

dig mail.tombaugh.org all

; <<>> DiG 9.8.3-P1 <<>> mail.tombaugh.org all
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45335
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.tombaugh.org. IN A

;; ANSWER SECTION:
mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 600 IN A 23.229.231.36

;; Query time: 128 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 65

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3976
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;all. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015041200 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 96

The DNS query shows that the IP address for mail.tombaugh.org is 23.229.231.36, not 188.52.86.70. In my opinion, this should cause the email to be blocked immediately! Unfortunately, it was accepted for delivery, but bounced, and sent the failure notice back to my account.

What can be done to prevent SPAM?

Unfortunately, it is obvious that the SMTP server that received the message isn't validating the reverse DNS lookup from the HELO, and they aren't checking the SPF record. Who's email server is that not checking these basic parameters? Lets look back at the received by line:

Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

Oh my gosh! That's one of the servers in the secureserver.net domain operated by my hosting company, GoDaddy! So GoDaddy's cPanel virtual Linux hosting email servers are not checking that the senders name and address match, nor are they checking their own SPF records in their own DNS for the domains that they host for their customers!

The first line of defense against SPAM is in the SMTP server itself. The SMTP server bundled with CPanel is EXIM. Exim has the helo_verify option which will reject mail if the sender doesn't open with HELO or EHLO, or if the address verification fails. This is obviously NOT enabled. If it were the SPAM would get refused before it was sent.

The second line of defense is to use a blacklisting service such as SpamHaus to see if the sender has been identified as a spammer. I checked the address 188.52.86.70, and its in the SpamHaus Zen blacklist, and several other services as well. This leads me to believe that GoDaddy isn't using a blacklist to validate senders, either...

The next check that should be done would be to verify the authenticy of the sender using a certificate, Yahoo's DomainKeys or DKIM, or Sender Policy Framework. One of GoDaddy's own Support articles suggests creating SPF records in their DNS, which is ironic since their own servers don't seem to check SPF records!. This is what an SPF record looks like:

dig mail.tombaugh.org txt

; <<>> DiG 9.8.3-P1 <<>> mail.tombaugh.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.tombaugh.org. IN TXT

;; ANSWER SECTION:
mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 3600 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"

;; Query time: 154 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:32 2015
;; MSG SIZE rcvd: 107

The SPF record is stored as text, and shows the names of the mail servers that are authorized to send for this domain. In this case, its including any mail server run by GoDaddy.

According to GoDaddy, after wasting an hour talking with their technical support, I should change my email account password, and create an "SPF" record in my DNS... The problem is, the mail didn't come from my account, so changing my password won't affect anything, and I already have an SPF record!

The technical support people at GoDaddy that I talked with today claim that since this email is being handled by cPanel that they can't change the settings to enable helo_verify, set a blacklist, or enable checking SPF records, which I think is bullshit! Even if GoDaddy weren't able to change the configuration for cPanel, they could (and should) relay their inbound email through their own gateway servers which ought to incorporate these kinds of basic filtering mechanisms.

I'm frustrated that not only is GoDaddy not helping to prevent or block SPAM, it appears to me that, in essence, they are enabling the spammers! Any combination of the three simple configurations that I outlined above would prevent this spam from being sent to thousands of recipients, and would eliminate hundreds of backscatter messages per day as well.

The only option that they were able to recommend is to move to a virtual Linux host, instead of cPanel, so that I could do all of the work to setup these things myself. This is what I was expecting to avoid by hosting my domains with a "professional" hosting organization. So, until I decide to host my own server again, I'm going to be deleting ~500 backscatter and a bunch of other SPAM every day...

New Horizons spacecraft to give clearest look at Pluto

New Horizons launched in 2006 and it is finally closing in on some of the farthest reaches of the solar system. It came out of hibernation last week on December 6, 2014, and is now in active mode. It will make its closet pass by Pluto next summer.

Check out this story on 9news.com: http://www.9news.com/story/life/2014/12/15/new-horizons-spacecraft-to-gi...

Here is a link to the mission page as NASA: http://www.nasa.gov/mission_pages/newhorizons/main/

And the Wikipedia article: http://en.wikipedia.org/wiki/New_Horizons

Syndicate content


by Dr. Radut