Server - Page 24 of 34

Lightmeter 1.0: Monitoring tool for mail servers

Who does not know the problem: You want to send an urgent e-mail, but the target server refuses to receive the message. To investigate the cause, mail admins have to go through the logs and determine the reason for the rejection. The more mail servers an admin has under his wing, the more confusing and complex the whole thing gets.

Lightmeter recommends how you can remove the blacklist entry of your mail server.

(Image: Lightmeter)

As a remedy for this, the beginning 2019 Sam Tuke presented his project Lightmeter, a monitoring tool for Postfix Servers – after all, around a third of the market. It collects information and uses it to create statistics on the dispatch of e-mails, which it presents graphically in a dashboard. Now the project has released version 1.0, the biggest innovation of which is the ability to handle blacklisting entries, which was promised in January.

Recommendations for action included Lightmeter analyzes the logs of the Postfix mail server – including automatic import of historical logs -, extracts integrity metrics from them and visualizes them in real time. In the event of problems with the mail server, the monitoring tool generates notifications on the web and optionally via Slack. If one of the mail servers has landed on a real-time blackhole list (RBL), it determines recommendations on how to remove this entry.

Lightmeter had in June via the nlnet Foundation 50. 000 Euro received from the Next Generation Internet project of the EU Commission. The grant is intended to support Lightmeter in its efforts to maintain the independence of decentralized, digital communication from the large technology oligopolies. Lightmeter 1.0.0 is available as a Docker image and in GitLab or Bintray. The software is licensed under Affero GPL Version 3 (AGPLv3).

(avr)

Continuous Integration: TeamCity 2020.2 integrates Python Build Runner

The tool provider JetBrains is best known for development environments such as IntelliJ IDEA, but the Czechs are also active in the field of continuous integration (CI). In the current release 2020. 2 of the CI service TeamCity, JetBrains presents a wealth of new features, above all the support for Python.

Interaction with Python and new log-in The server for Continuous Integration (CI) now supports the Python programming language with the new Python Build Runner, which, according to the blog announcement, works with all operating systems, virtual environments and the most common testing frameworks. Tools for checking the code in Python projects should also be possible. Developers can see the results of Python builds and tests in the TeamCity UI, from where they can control changes and check the code.

The new version integrates pull requests for the Bitbucket Cloud: According to an announcement by JetBrains, developers can now automatically use TeamCity to pick up the pull requests that they have created in their repository in the Bitbucket Cloud. The feature can be used together with the Commit Status Publisher and automatic merge options. The 2019 introduced integrated team environment JetBrains Space (with a Git-based version control and code review) is integrated into TeamCity through the Commit Status Publisher. Another new feature is the ability to authenticate with an existing GitHub, GitLab or Bitbucket account at TeamCity. The automatic comparison with the external OAuth accounts then eliminates the need to log in with a password. TeamCity 2020. 2, according to the provider, also supports GitHub (GitHub Enterprise) installed on premises and self-hosted GitLab.

Use external services as required TeamCity now also allows developers to carry out work steps in the CI / CD pipeline (Continuous Integration / Continuous Delivery) in an “agentless” mode: Leave it at that Build Agents free themselves to perform other tasks that are queued. The goal is apparently to re-bundle the need for external cloud services for pipeline jobs such as AWS (which can be costly) in a customized manner. In TeamCity, the so-called agentless build steps can be displayed like standard builds with the option of tracking their status, searching logs and viewing their progress.

For administrators, monitoring external storage locations in Disk Usage Monitor of concern, in which the server can now also integrate and display storage locations beyond the local drives, the regular clearing and freeing of storage space can now be planned in a user-defined manner. Further innovations concern the experimental Sakura UI, which now displays the progress of tests on its own page and has a build log search function.

Details on these and other innovations of the release can be found in the announcement in Refer to the JetBrains blog. The blog entry offers further links and a series of demo videos for deeper understanding.

(sih)

Service Mesh: HashiCorp releases Consul 1.9

The Service Mesh Consul developed by HashiCorp is now available in version 1.9. With the new release, the developers have focused on providing apparently more granular control of service meshes, revising the monitoring of services within the service mesh, and tighter integrations with more runtime platforms in a Kubernetes-native way.

The most important new features at a glance Consul 1.9 contains the following functions, among others:

The extension of the intention model by so-called application-aware (Layer 7) Intentions should offer the possibility of creating guidelines that, in addition to the service identity, also evaluate information at the application level. The Service Mesh Visualization offers a new topology tab in the Consul user interface with topology diagrams and service mesh metrics. These functions are intended to improve the configuration and troubleshooting in the service mesh. With the new version, Consul can be controlled by objects in the Kubernetes Configure style. It is also offered to manage the service mesh configuration for services via CRDs (Custom Resource Definition). It is now possible to install Consul via Helm Charts in OpenShift. The Active Health Checks for Consul on Kubernetes integrates Kubernetes status checks in Consul . This is to ensure that the data traffic is not forwarded to faulty pods. Consul can now handle streaming. This is seen as a major improvement in the way update notifications are delivered to block queries within the cluster. Streaming is intended to reduce the CPU and bandwidth usage of the network on Consul servers in large implementations. Who If you want to dig deeper into the innovations, the blog announcement is well advised. The changelog lists the changes in detail.

Service … what? The ability of a service mesh, to simplify complex containers and to improve network functions, makes technology an important infrastructure layer. In a service mesh, each service instance is linked to that of a reverse proxy server. The service instance and the sidecar proxy share a container, which in turn is managed by a container orchestration tool. The service proxies are responsible for communication with other service instances and can support functions such as service detection, load balancing, authentication and authorization and secure communication.

Microservices are booming in the course of digital transformation strategies. But many companies find that not everything is going smoothly. Microservices can offer more flexibility and scalability, but they can also be more complex. This is where the service mesh comes into play. Read more about this in the article The Year of the Service Mesh.

Form in the service mesh the service instances and their sidecar proxy provide the data level, which also includes the processing and answering of inquiries. The service mesh also includes a level to control the interaction between the services, which is mediated by their sidecar proxies.

(ane)

TikTok: exploit chain enables account transfer “with one click”

TikTok or its operator ByteDance has paid a researcher 18 US dollars reward after he received him under a responsible disclosure procedure, i.e. under had reported two vulnerabilities in the video portal to a responsible, predefined framework. A combination of both vulnerabilities would have enabled the takeover of TikTok accounts “with one click” under certain conditions.

As from the documentation of the process on the bug bounty platform Hackerone, through which the Responsible Disclosure process ran, the researcher Muhammed Taskiran (“milly”) submitted his report to the TikTok team at the end of August. The determined severity of the vulnerability combination was increased from medium (6.1) to high (8.2) at the beginning of September. On 18 September the security problem was then resolved on the server side. There was no need for action for users.

Transfer exploit code as URL parameter The information on the security gaps and the attack combination created by “milly” at Hackerone is limited to brief summaries. Accordingly, one of the two vulnerabilities enabled so-called reflected, i.e. server-side cross-site scripting by transferring a URL parameter that had not been adequately checked and cleaned on the server side.

The second vulnerability concerned an end point in the TikTok infrastructure that was vulnerable to Cross-Site Request Forgery (CSRF). CSRF attacks enable transactions in the context of a user who is already logged in.

The combination of both gaps to form an exploit chain was achieved by “milly” with JavaScript code, which, thanks to vulnerability one, was initially sent as a URL parameter the TikTok server could send and execute. The code triggered the CSRF vulnerability there – with the result that the researcher was able to assign new passwords for existing accounts. The whole thing only worked if a (unspecified) third-party app had been used to log into the respective account in the past.

TikTok – these alternatives are available (ovw)

heise offer: heise MacDev: Online conference with focus on Apple's SwiftUI starts soon

The developer conference heise MacDev is just around the corner: This time the online conference will take place on Wednesday, December 2nd – a participation booking is still possible for a short time.

The focus of the conference is on Apple’s still young declarative development framework SwiftUI, which is intended to simplify the implementation of user interfaces for all Apple device categories – from small watches to Macs with huge displays. Porting iOS apps to the Mac with Catalyst is also one of the topics, as are lectures on Augmented Reality, Xcode / LLDB Debugging, Thread Modeling, Clean Architecture, GPS, Server Side Swift, Accessibility, UIKit and the development of barrier-free user interfaces.

Software development for all Apple devices The Mac & i developer conference covers key areas of software development for all Apple hardware, i.e. Mac, iPhone and iPad to Apple Watch and Apple TV. The heise MacDev 2020 is divided into an online conference day with two tracks and a total of 14 lectures. In advance takes place on 30. November the workshop “SwiftUI from A to Z” took place. A program overview can be found on the MacDev conference website.

Participation only requires a browser. The lectures can be viewed live as well as recorded afterwards. An exchange with other participants and speakers is optionally possible. The ticket costs 299 euros, for teams there are group discounts.

heise MacDev – the developer conference of Mac & i (lbe)

Microsoft hints at turning Xbox into an app for your TV

Microsoft is in the early phases of rolling out its xCloud streaming service on mobile devices, but TVs are the next logical step. In an interview with The Verge, Xbox chief Phil Spencer has revealed we’ll likely see an Xbox app appear on smart TVs over the next year. “I think you’re going to see that in the next 12 months,” said Spencer, when asked about turning the Xbox into a TV app. “I don’t think anything is going to stop us from doing that.”

Spencer previously hinted at TV streaming sticks for Microsoft’s xCloud service last month, and this latest hint suggests we might see similar hardware or an Xbox app for TVs during 2021. Microsoft is currently working on bringing xCloud to the web to enable it on iOS devices, and this work would naturally allow xCloud to expand to TVs, browsers, and elsewhere.

Microsoft was previously working on a lightweight Xbox streaming device back in 2016, but it canceled the hardware. Microsoft has been testing the idea of streaming and TV sticks ever since the company originally demonstrated Halo 4 streaming from the cloud to Windows and Windows Phones all the way back in 2013.

Microsoft’s xCloud service.

Photo by Nick Statt / The Verge

While Microsoft might be pushing ahead with xCloud, it certainly has no plans to abandon consoles or hardware. “I don’t think these will be the last big pieces of hardware that we ship,” says Spencer. Instead, Microsoft sees a future where there’s a hybrid of local hardware and cloud hardware. “When we think about xCloud, which is our version of Stadia or Luna, I think what it needs to evolve to are games that actually run between a hybrid environment of the cloud and the local compute capability,” explains Spencer. “It’s really a hybrid between both of those.”

How this hybrid plays out could mean we see Xbox Series S and X consoles getting access to xCloud soon. This could allow players to try a game quickly before they fully download it from Game Pass, or possibly even stream a demo of a game before purchasing it.

Microsoft also has plans to integrate xCloud into Facebook Gaming in the future, so we’re clearly going to see a lot of changes to xCloud soon. We still don’t have full details on Microsoft’s plans for Xbox TV apps, but the company did partner with Samsung earlier this year for xCloud. Microsoft is also planning to upgrade its server blades to the more capable Xbox Series X hardware at some point in 2021.

You can read or listen to Nilay Patel’s full interview with Phil Spencer right here.

WebAuthn: AWS extends multi-factor authentication

As of today, Amazon customers can activate WebAuthn in AWS Single Sign-On as additional multi-factor authentication. So far, the service only offered one-time passwords (OTP) and radius for this.

WebAuthn has been developed by the FIDO Alliance and the W3C since 2019 Version 1.0 published web standard for passwordless authentication with public key procedures. It is also a core component of FIDO-2, which is used in many security keys and in current operating systems such as Android, Linux or Windows. The service on the server uses the Client-to-Authenticator Protocol (CTAP) to access a local authenticator, such as a fingerprint scanner, integrated facial recognition or a hardware token.

MFA can be set up with just a few settings via the WebAuthn authenticator.

(Image: Amazon AWS)

Users can register various authentication devices via the WebAuthn authenticator and in the future use one of them to log into the AWS Management Console or the AWS Command Line Interface (CLI). The two-factor authentication from WebAuthn not only works for all identities stored in the internal identity store of AWS Single Sign-On, but also for users from an Active Directory – regardless of whether they are managed by AWS or not. All information and instructions for configuration can be found in the associated blog entry.

(avr)

Windows update out of turn fixes Kerberos authentication problems

Windows security updates that were distributed last week as part of the security patch day have apparently caused new problems on some systems in corporate environments – namely when authenticating with Kerberos.

Microsoft has made improvements and updates for Windows Server 2004 (/ R2), 2016, 2019, 1903 / 1903 and 2004/20 H2 provided to fix the problem. The updates are optional: admins do not get them via WSUS, but can download them manually from Microsoft’s update catalog if necessary.

DCs and RODCs potentially affected The problems are caused by updates that fix the CVE gap – 2020 – 17049, should close. According to Microsoft’s advisory on CVE – 2020 – 17049 enabled these attackers to circumvent the security mechanisms of the Kerberos Key Distribution Center (KDC) under certain conditions. The way in which the vulnerability was originally eliminated caused various problems with Kerberos authentication and renewing the tickets used by the Kerberos service on some domain controllers (DCs) and read-only domain controllers (RODCs).

Affected versions and downloads Further details on the fixes can be found below linked support articles for the affected Windows servers -Versions can be found. Microsoft also recommends that you ensure that the latest Servicing Stack Update (SSU) has been installed before updating.

Windows Server 2012: KB 4594438 (Download Update) Windows Server 2012 R2: KB 4594439 (Download Update) Windows Server 2016: KB 4594441 (Download Update) Windows Server 2019: KB 4594442 (Download Update) Windows Server version 1903 / 1909: KB 4594443 (Download Update) Windows Server version 2004 / 20 H2: KB 4594440 (Download Update) Latest Servicing Stack Updates (overview) (ovw)

Database system: A hole in IBM Db2 endangers Linux, Unix and Windows

By successfully exploiting a security gap, attackers could attack systems with the IBM Db2 database system with malicious code. Admins should install the secured versions as soon as possible.

The vulnerability (CVE – 2020 – 4701) is with the threat level ” high ” Mistake. In a warning message, IBM writes that the versions for Linux, Unix and Windows are affected. Db2 Connect Server is also vulnerable.

Root gap If an attacker has local access to a compromised system, he could trigger a memory error (buffer overflow) in an unspecified way and as a result execute malicious code with root rights.

Thereof are the versions V 10. 5, V 11. 1 and 11. 5 affected. V 10. 1 and 9.7 are not vulnerable according to IBM. So far only the secured output is 10. 5.5.0 published. For the other versions there are special builds in which the developers have closed the gap.

After a note to the reader, affected platforms in the preview text adapted.

(of)

Service mesh: Istio 1.8 not only focuses on security but also on greater usability

The Istio team has released the fourth and last release of the year 2020 of the service mesh platform. With Istio 1.8, the development team is taking a further step towards multi-cluster meshes and workloads that run on virtual machines (VM) in the mesh. According to the release notes, the main focus of the update is on troubleshooting and improving the platform.

Istio 1.8 provides installation instructions for developers that contain it should make it easier for them to install a mesh that extends over several clusters. Developers can decide whether the clusters should be in the same network and whether multiple control levels are desired.

VM support and security For the year 2020 the Istio team has set itself the goal of expanding support for workloads that are not running in Kubernetes. With Istio 1.6, the team took the first steps on this path. Version 1.7 of the WorkloadEntry API should make it easier to display workloads that are not based on Kubernetes in Istio. To do this, virtual machines (VMs) or bare metal workloads were raised to the same level as a Kubernetes pod. Developers can define a service that is supported by VMs in addition to the pods. This allows VM workloads to be migrated to a Kubernetes cluster without disrupting traffic to and from it.

Building on the security precautions in Version 1.7, the current release focuses on usability. In addition to simplifying the installation process, developers can use the istioctl analysis tool for installation. A new DNS proxy feature makes it possible to resolve mesh services from VMs – without an unsafe query from the cluster DNS server. The new feature is intended to reduce cluster DNS traffic and the number of look-ups required to resolve the IP of a service. With an automatic registration it is possible to inform the VM agent about the type of workload and to have workload entry objects automatically created for him when the agent joins the mesh.

Istio 1.8 has further innovations for security. For example, Istiod now sends certificates to gateways instead of reading them directly from Kubernetes. More information about Istio 1.8 can be found in the release notes.

(mdo)

Drupal updates eliminate critical gaps in several versions and modules

The Drupal developers have secured several version series of the content management system against a critical vulnerability. Under certain conditions, attackers could have exploited this remotely to execute program code on the respective web server (Remote Code Execution, RCE).

Furthermore there are updates for the Drupal modules SAML SP 2.0 SSO module, Media oEmbed and Examples for Developers . Here, too, critical weaknesses have been eliminated throughout. Drupal admins should update vulnerable installations and modules as soon as possible.

The Ink Filepicker also has a critical vulnerability. However, since it was not repaired by the project managers and they apparently no longer care about the module, the Drupal Security Team has marked the project as “unsupported”. In a security advisory it advises to uninstall:

Ink Filepicker – Unsupported – SA-CONTRIB – 2020 – 037 Drupal Core: RCE via file upload Drupal Advisory SA-CORE gives details of the vulnerability in the CMS itself – 2020 – 012. Accordingly, it was previously possible to assign specific names when uploading files, which led to the CMS interpreting the file type incorrectly. As a consequence, in the case of certain hosting configurations not described in detail in the advisory, the system could be made to execute harmful PHP code.

The “Security Risk Matrix” in the advisory shows that that at least the access rights of an authenticated user would be required for an attack. Exploit code in the wild has not yet been spotted.

The new versions 7. 74, 8.8. 11, 8.9.9 and 9.0 .8 remedy the vulnerable Drupal editions 7.x, 8.8.x, 8.9.x and 9.0.x. Since 8-version series before 8.8.x are no longer officially supported, no update is available for them.

In addition to the update, the Drupal team recommends that certain files that have already been uploaded to the server be retroactively ” Check for hidden “potentially harmful file types. Details can be found in the advisory.

Module updates close critical gaps The critical gaps in the three modules mentioned at the beginning for several Drupal versions can be misused to bypass authentication mechanisms (SAML SP 2.0 SSO) and offer further points of attack for RCE (Media oEmbed, Examples for Developers). Module users can find information on vulnerable and fixed versions in the advisories:

SAML SP SSO – Access bypass – SA-CONTRIB – 2020 – 038 Media oEmbed – Remote Code Execution – SA-CONTRIB – 2020 – 036 Examples for Developers – Remote Code Execution – SA-CONTRIB – 74 – 035 (ovw)

Enterprise Java: Eclipse Foundation releases Jakarta EE 9

After a long hanging game with two month-long postponements, the Eclipse Foundation has released Version 9 of Jakarta Enterprise Edition. The final version of the individual specifications is now available on the website of the Jakarta EE working group. It is to be expected that in the coming months the common Java application servers will aim for certification according to Jakarta EE 9.

Since 2018 Jakarta EE has been the name of the Enterprise Edition of Java and thus continues the history of Java EE. The ninth edition does not bring any substantial innovations, but for trademark reasons the APIs it contains change the Java package prefix from “javax” to “jakarta”. The conversion of existing applications therefore requires a revision of the own source code, which was last necessary with Java EE 5 with the introduction of annotations.

Jakarta EE is a collection of industry standards that enable company applications in Java to be programmed that are independent of the application server used. Future editions of Jakarta EE should bring new capabilities and increasingly turn to the cloud environment. 2017 Oracle handed over the former Java EE to the Eclipse Foundation.

(odi)

Telegram chat: the secure privacy nightmare – an analysis and a comment

Telegram is becoming more and more a synonym for “secure chat” and “chat with privacy” in certain circles. But even very simple tests, which everyone can carry out themselves, show that using the messenger service is almost completely naked.

Jürgen Schmidt – aka ju – is the managing editor of heise Security and Senior Fellow Security at heise. A graduate physicist by profession, he has been working for Heise for over 15 years and is also interested in the areas Networks, Linux and Open Source.

The first simple test is: Give a message with a link like ” https://www.heisec.de “, but does not send it yet! You will then see that your smartphone is already showing some information about heise Security:

Already at Typing provides Telegram information about the typed link.

WhatsApp, for example, does that too. The app on the mobile phone fetches the information from the URL in the background and shows it to you. Not so with Telegram: There the app delivers everything you type to the Telegram server – even before you send it. And this server then visits the URL and delivers it to the Telegram app on the mobile phone with the “Portal for IT Security”.

I did this test with a Honey URL. In other words, a URL that was only created for this purpose and has never been used anywhere before. Access from the TelegramBot appeared in the log files of my Honey URL server immediately after I typed this URL into the Telegram app. It had the IP address 149. 154. 161. 10, which belongs to a Telegram server in England. Mind you, that happened before I sent the link!

The telegram -Server visited my “secret” web page before I had sent the message with the URL.

During the cross-check with WhatsApp, the honey server also registered an access. But as expected, it was done from my own IP address. The app on my smartphone in the WLAN had retrieved the data, no external server.

The complete chat archive Now for the second test. Opens on the PC in a private Browser window the web page of the Telegram chat: https://web.telegram.org/. There you have to register with your cell phone number. Then Telegram will send you a login code in the form of a six-digit number. Before you type it into your browser, you switch the mobile phone to flight mode so that it can no longer send any data. If you then enter the code in the browser, a web page opens with all your chats.

Very convenient : You can also use Telegram in your browser.

What do you think where this data comes from? Not from your cell phone. Because that is in flight mode without a network. And before you have identified yourself with the code, the browser must never have received your data. There is only one possibility left: the content of the chats comes from the web server that your browser is talking to. For me it was a server in a data center in Amsterdam (99. 154. 161. 99).

So this server has access to a complete copy of all my chats. It even contains the previously typed but not yet sent message with the heise Security URL as a “draft”. And of course, Telegram not only stores my chats – but those of all Telegram users.

Everything that users write is stored centrally at Telegram and delivered when required. To you, if you identify yourself with the correct code. But certainly also to an officer who can show a search warrant. Or to a bribed employee or to hackers who gain access to the servers. And if Telegram decides one day that they want to use this data to make you “exciting offers” – that is, targeted advertising – there is nothing, at least from a technical point of view, that could prevent them from doing so. Privacy? Is not!

Theoretically, Telegram has so-called “secret chats” that are protected from being read by third parties. But they are so well hidden that most Telegram users don’t even know them, let alone use them. In addition, these secret chats come with a number of restrictions. So they cannot be used for groups and only ever used on one device. Almost all Telegram chats therefore run via the normal channels that can be read by Telegram.

Review: Auralic Aries G2.1 dissected a streaming platform

It is impossible to imagine life without , stream music in any form. From your own collection, from streaming services or just internet radio. If something has taken off and shrunk CD production, it’s streaming. Hardware manufacturers are reaping the benefits. The drives that are always susceptible to interference are gone, something new has to come into your home and if you don’t stream, children will look at you compassionately.

Now the hardware is still manageable, writing software for a pleasant operation is a completely different field. Not everyone is given the opportunity to write a user interface of which the user intuitively understands how things fit together. Often the control of the hardware is not always successful, which can lead to crashes. One of the positive exceptions to this is Auralic with its Lightning DS platform for software and Tesla G2 platform for hardware. Resulting in a range of digital transports and streaming server / DACs. Within the package, a key component is the Aries G2.1 streaming transport, an upgrade of the esteemed Aries G2. HIFI.NL had the honor of being able to use and listen to the Aries G2.1 down to the finest detail. Refined with the knowledge of previously reviewed Auralic products, the installation was child’s play.

Auralic Aries G2.1: Description The Auralic Aries G2. 1 streaming transporter connects optionally via a Tri-band wireless connection or via wired Ethernet with Tidal (MQA) and Qobuz, with internet radio, with USB drives, NAS systems and optional internal storage. The Aries G2.1 can be used for Spotify Connect, Bluetooth and AirPlay, is fully Roon ready. All using playlists, memory caching, gapless playback and bit-perfect multiroom support. With its high computing power, the Aries G2.1 can handle files in DSD resolution up to DSD 512 and PCM to 32 bit / 384 kHz (highest resolutions over USB only).

Updated in the Aries version G2.1 compared to the G2 the chassis is made of aluminum and with an extra reinforced bottom plate. After that, the inside of the housing is clad with copper to effectively resist RFI. The Aries G2.1 stands on spring loaded feet to avoid mechanical influences. Each foot is adjusted with six springs to suit the weight and weight distribution of the device. A 4 inch 300 ppi color display shows you key functions such as playback status, configuration and artwork. In addition to the mechanical adjustment, the Aries G2.1 delivers more power to the USB output compared to the G2 for better adaptation to various brands of DACs. The software has now been brought to version 7.2.2.

The Auralic Aries G2.1 streaming transporter offers internal space for an SSD or HDD of 2 .5 inches in any capacity available. Auralic has recently released a major firmware update, bringing the possibility to play CDs with an attached optical drive via the Lightning DS software or to rip the contents of the CD (at the same time) and store them on a USB drive. If necessary even on your NAS. During playback, all the possibilities of the Auralic models are used, such as jitter reduction and upsampling.

During the ripping process, each sector is read twice. If there is a difference between the first and second read, the same sector will be read eight more times at a slower speed to get a 100 percent accuracy. The Tesla G2 platform on which the Aries G2.1 runs is designed with the sole aim of being a high quality reproduction, upgradable and is purely focused on audio. Tesla G2 works seamlessly with its own Auralic App and is the most powerful platform available for digital music playback and streaming, according to Auralic. Tesla G2 runs on a 1.2GHz quad-core processor. With 1GB of memory cache and 8GB of data storage, multiple applications can be loaded simultaneously and network noise is reduced because circuits are open for less time.

To take the Aries G2.1 to such a high level, it internally uses two Femto clocks, digital clocks with an extreme accuracy of which Ã One always works for the digital technology and the other clock is assigned to the USB ports. Two linear power supplies work together, the first to power the processor circuits, the LCD display and USB connected sources. The second power supply is intended for all sensitive audio components such as the Femto clocks and the USB output. The ActiveUSB is therefore more than just an asynchronous controller due to its low jitter, precision clock and separate power supply for USB.

EMI from USB sources does not stand a chance in the Aries G2.1. The power supplies are galvanically isolated from each other to prevent EMI interference. The various electrical circuits are also galvanically separated from each other internally, such as clock, processor and data transmission. Are there wishes and comments to link to the price for the Auralic Aries G2.1 streaming transporter of € 4. 699, -? Perhaps, the Aries G2.1 is only available in black, can only be operated with Apple iOS and not with Android and â ?? ¦. I would appreciate that when music is playing the display stays on and when nothing is playing the display dims. Now the display is either always on or always off after a few seconds while playing and at rest. Difficult for the purist who never switches off his streamer and wants to save the display at rest, but wants to see what he or she is playing.

Technical details

Lossless file format: AIFF, ALAC, APE, DFF, DSF, FLAC, OGG, WAV and WV

Lossy file format: AAC, MP3 , MQA and WMA

Sampling: PCM 44. 1KHz to 384 KHz to 32 Bit, DSD 64 to DSD 512 DoP and native

Controls: Lightning DS App for iOS, BubbleUPnP, Kazoo, Roon

Inputs: USB Drive, LAN, WiFi antenna

Digital Outputs: L-Link, Toslink, S / PDIF, A ES / EBU, USB

Streaming: UPnP / DLNA Media Server, TIDAL and Qobuz, Sublime + streaming, Internet Radio, AirPlay, Bluetooth, Songcast, RoonReady, …

Options: SSD or 2.5 HDD, remote control

Network: Gigabit Ethernet, Wireless: 802. 11 b / g / n / ac Tri-Band

Housing: Black Anodized, chassis solid aluminum one piece

Dimensions: 34 cm x 32 cm x 9 , 6cm

Weight: 9.3kg

Environment The listening takes place in the familiar home environment where the power supply is built with an AudioQuest Niagara 5000 mains filter and CrystalConnect power cords. Music storage and ethernet switch are Melco N 11 and S 100, for most of the playback I make using Roon Rock on a NUC elsewhere in the home. The DAC is a Metrum Acoustics Pavane, analog coupled with a Yter XLR interconnect to an Audia Flight Strumento No.1 preamplifier and again with Yter XLR to a FLS4 power amplifier. Crystal Cable Speak Reference connects my Spendor Classic 2/3 monitors to the amplifier, the speakers have Townshend Maximum Super Tweeters, underneath Townshend Podiums and Custom Design Fish Tank stands.

The protagonist in this review is an Auralic Aries G2.1 Streaming Transporter as the thing is called in full. Just say a streamer, connected with AudioQuest Vodka on the switch and with AudioQuest Diamond AES / EBU on the DAC. The choice for these cables and method of connection stems from working with and Aries G1, where it turned out to me that the Metrum DAC performs optimally with an AES / EBU cable and a notch less with USB, Coax or Toslink. The Auralic Aries G1 is my reference in this and in daily use. The fact that my system is structured in this way says nothing about the performance of other power cords, ethernet connections and various digital cables on the Aries G2.1. Everyone has their own preferences, budget and maybe things on the shelf. By way of illustration, in my second system, the Aries G2.1 also played for a while and did so impressively via a Grimm TPR AES / EBU cable.

Auralic joins the series of streamers known to me like Lumin , Cambridge Audio, Naim, Bryston, Metrum, Bluesound, dCS and more, brands that all have their pros and cons. Sometimes being very quirky, working with an extensive own App or rather leaning on UPnP and Roon. As an enthusiastic supporter of the convenience of Roon and the extensive extra information that Roon provides, most of the players mentioned have been used as Roon Endpoint. Just like I do with the Auralic Aries G1 and G2.1. The fact that Auralic has an extensive own App gives me the opportunity to keep my own music collection, built up over the years, separate from music services such as Tidal and Qobuz. I use Roon for my music, the Auralic Lightning App for Tidal.

If I do not have Roon, the Lightning software fully meets all the requirements that can be set for a modern streamer. That’s why I played with the Aries G2.1 as Roon Endpoint and used Lightning to discover new music. A dedicated storage was not built into the Aries G2.1, also not necessary at all if a Melco N 10 music server is present. With that I am wasting one plus of the Aries G2.1 compared to the Aries G1 in which no internal storage fits, there are still plenty of pluses left, I have noticed in the past period.

From G1 to G2.1 With both my own Aries G1 in house and the Aries G2.1 that was made available, a comparison cannot be ignored. Because why would you spend a lot more money for the same functionality if you are not going to use internal storage options. The operation is the same, the software is the same, the number of connections is the same with only one exception, even the appearance is not essentially different. The only visible exception is the Lightning Link at the rear with which a Master Clock, Upsampler and / or a DAC from Auralic can be linked jitter-free. Anyone who has had the pleasure of listening to that stack (the undersigned) knows what a great result is achievable. Back to mutual comparison. The most essential, strikingly audible difference between the G1 and the G2.1 is the G2.1 adding foundation to the music. The G1 has a reputation for being light in sound and too puristic for some already clear systems, the G2.1 does not so much bring a heavier bass response, it is rather deeper, more present, more neutral and correct.

A bass response that spreads further through the listening room, ensures that an orchestra can play to the full, that a person has a chest with air and a piano sounds longer in the dark notes . Almost the difference between a loudspeaker and the same loudspeaker with a high quality sighing subwoofer. In addition, in the G2.1 more subtle is present the degree of detail, the extra calm in the reproduction, the more holographic stereo image and the ease with which man and instrument are set off against the background. Even used exclusively as a Roon Endpoint, the G2.1 proves its added value in a beautiful system that knows how to reveal the differences. However, the memory of the observations does not so much concern the points mentioned, but rather the feeling, the experience, the imagination of the artist. n, the satisfaction of listening to music. If we were talking about wine, the G2.1 has a better finish while both are excellent in taste.

Sighs and pops After the direct comparison, there is much, very listened a lot to music, varying from French sigh girls to opera singers, from rough men to wimps, from solo instrument to orchestra or band. Divides into pop, jazz and classical. For example, I enjoyed a live recording of Carla Bruni at the Olympia in Paris. With only a small line-up and her own guitar, her voice is central, complete with recording errors, so that the CD has remained authentic. Introducing Bruni on a large stage is easy, sitting on a stool, radiating pleasure, which is rewarded by applause from an audience in which individual hands can be distinguished.

The live experience is even greater as piano and bass join in. The funny â ?? La derniÃ¨re minuteâ ???? closes the concert, it seems so simple, but somewhere heavy tones appear, small subtle sounds can be perceived behind her voice, the audience goes wild at the end and finally someone bumps into a microphone. The Aries G2.1 seems to enjoy uncovering everything.

Also live is â ???? Stairway to heavenâ ????, performed exclusively on guitar by Rodrigo y Gabriela from the CD â ???? Live in Japanâ? ???. A whole CD with only two guitars is a bit too much for me, this song by Led Zeppelin has so much eloquence, power, softness to the point that it is a classic. This is where that extra foundation of the G2.1 is very welcome. A blow to the body of a guitar should be echoing, strings should resound in the body of the instrument and the Aries is a master of that. It can be even wilder in â ???? Diablo Rojoâ ???? with which the concert closes. As a music chain, try to really keep separating the two guitars and still let them flow together. Combine speed with long extinction, maintain rhythm and whip up both audience and soloists in the living room.

It is â ???? Timeâ ???? Pink Floyd says in a cacophony of bells, a constant heartbeat, wavy low that rolls across the room, echoing drums and vocals. Addicted to the LP, streaming has come a long way in my home and the LP quality has since surpassed. That has cost effort and a lot of money, the result is there and the Aries G2.1 makes an extra contribution. I own the album as a CD 44. 1 / 16 and as DSD 64, where Roon works with the Auralic Aries G2.1 to move from DSD 64 to go to PCM 176. 4 / 24 which can lock my DAC. The Aries lets you hear the differences clearly, the resolution, the foundation of the heartbeat, the DSD file makes more of it.

The Aries is anyway serving when it comes to filtering and converting. While playing you can adjust the filter ring from precise to dynamic, to balanced and soft. From very detailed to pleasant on the ear. It took some headaches and hours of listening before I figured out that â ???? Smoothâ ???? I like the most. Nice and spacious and forming a nice balance between the three other positions. A few more hours were needed to figure out whether upsampling brings or removes what. My DAC is hardly sensitive to it and does nothing to up- or down-sample itself. The Aries G2.1 (and also the Aries G1) do the resampling so correctly and without frills that I have it permanently turned on to 176. 4 or 192 depending on the source resolution. It is not unique for a streamer to be able to do that, over the years I have discovered that you can do better in the Auralic than leave it to an upsampling DAC. Almost every DAC (usually excluding R2R) has a sample rate at which it is least burdened with computing and performs the best. Unfortunately, the DAC generally lacks pure computing power and an Auralic does bring it.

To the North Almost classical music is â ???? Myopiaâ ???? from Agnes Obel. Her latest album that can project a bubble of sound in the listening room. A bell in which the sounds of acoustic instruments and the strangest electronic sounds can be heard. In this case, it is important that the chain, and the streamer as part of it, is able to separate all sounds from the reproducers. Nothing is more disturbing than listening to speakers that cannot. You can even point out the exact location with your eyes closed.

The Aries G2.1 largely helps to prevent that annoyance. This gives Obel’s polyphonic singing an added value, here and there a voice pops up, differing in placement of height, depth and width. It makes “broken sleep” to an experience where the tendency arises to turn the head in the direction of the voices. The frequent use of the cello keeps the rhythm, while long tones have the chance to fade into nothingness. What emerges is a painting of sounds and timbres, which can be distinguished from each other to a high degree, whereby the coherence is not lost.

What I can’t get enough of lately is â ???? Quiet winter night: An acoustic jazz projectâ? ??? of the Hoff Ensemble. Jazz, vocals, beautifully recorded and full of minute details as well as a powerful bass and full piano. The fact that I don’t understand a word of what is being sung is irrelevant. The extent to which the Aries G2.1 manages to deliver the stream to the DAC and the rest of the system. Perhaps this is an exceptional recording that reveals that the streamer part does have its own sound and is certainly not a conduit of ones and zeros as some think. I would love to get rid of that prejudice, unfortunately that still doesn’t work. It is going too far again to explain exhaustively that ones and zeros do not exist, that they are indications of a voltage difference that unfortunately is affected in many ways before it reaches our ears as audible sound. Just listen to an Auralic Aries G2.1 compared to other brands or types of streamers and discover the results for yourself. Even mutual results, because it is not without reason that the urge arose to upgrade my second system with my Aries G1 and to continue to feed the main system from the Aries G2.1 for good. A win-win situation for everyone, except for my bank account. Money in the bank does not make you happy, a good music reproduction all the more as an excuse I tell my environment.

Shine on Lightning DS Auralic can be praised for its excellent software under the name Lightning DS, the consistent quality of the products and the well thought-out equipment. The higher in the segment, the more Auralic sees the basic principles faithfully refining equipment in order to achieve an ever better display. Not because you have to, not because more money will flow into the till, but to give more pleasure to experiencing music. It has long been known in serious audio that an enclosure affects playback, that disconnecting equipment from the substrate can help, and that equipment must be able to â € œseeâ € each other electrically. but should not influence. Combating RFI / EMI and galvanically separating all inputs and outputs is expensive if you want to do that properly, the gain by hearing is greater than is often thought. Exactly the things that Auralic has paid attention to with the upgrade from the Aries G2 to the G2.1. The extra budget available compared to the Aries G1 also ended up well. All this makes the Auralic Aries G2.1 an attractive asset for those who stream their music rather than play it via CD or LP.

The operation is clear and straightforward. The options are widely adjustable in the software and the installation of an internal storage is obvious. Expansions in the form of a master clock, upsampler or DAC can be purchased from the same brand. Competition is fierce in the streamer world and every brand tries to differentiate itself. Because it is such a busy market, I therefore have some hesitation in rewarding the device with 5 stars and I would rather give it the designation â € œ Recommended! Â € with full conviction. along. Because Auralic has succeeded in linking many consumer wishes, modern requirements, flexibility, design and seamless functioning with sound quality in order to win over the potential customer. Which â ???? sure enoughâ ???? will work with the Aries G2.1.

Auralic Aries G2 .1

â ?? ¬ 4. 699, – | Dynaudio Benelux

Review Como Audio Solo + Ambiente + Turntable set

Como Audio is certainly no stranger to the readers of HIFI.NL. We have been in regular contact with Tom DeVesto, and have previously introduced you extensively with the Como Audio Musica. The label â ???? table radioâ ???? was quite an understatement. But the line of products is bigger. Como Audio also has a record player in its range. That of course requires a review.

Como Audio Como is a relatively new brand, but has deep roots in the audio. After all, there is a man with a vision behind it: Â Tom DeVesto . A â ???? completeâ ???? bringing a new brand to the market, mainly dominated by Sonos, requires a set of balls. When we look at the products and their quality, we admire Como Audio. As audio enthusiasts, we know that CD and vinyl are not dead. And Como Audio knows that too. But then with a future proof touch.

Personally, we wanted to get started with the Como Audio Bluetooth Turntable, but in full Como mode. How? With a complete set! The Solo + Ambiente + Turntable. That is a Solo with extra speaker and a turntable: a set that provides the user with many possibilities.

The Solo becomes a real stereo system with the additional Ambiente speaker, with almost everything on board: multiroom audio, streaming audio, Spotify, DAB +, USB, headphone connection, Bluetooth, clock and alarm, 2x stereo input (3.5mm), color screen, wifi, optical input and one 30 Watt class-D amplifier for the control of the 2-way system. The Solo comes in 4 versions, for each an appropriate color for the interior.

Which brings us to the second product in this set. This turntable has no name other than Bluetooth Turntable. so Como could have come up with a peppy name for that. If we can make a suggestion: the Limoncello? The turntable itself is well put together. We see that the arm resembles a model from Pro-Ject, which suggests that parts come from it. Of course Como Audio gives it its own twist. A heavy steel platform, slip mat and a dust cover. We also find an Ortofon OM 10 element. A built-in phonostage and Bluetooth functionality make it reasonably future-proof, and that offers possibilities. The Como Audio Bluetooth Turntable can therefore be connected wirelessly to the Solo.

Start and drive Unpack, drop and set the set has a maximum of 30 minutes to time. Crazy called it took most of the time to set up. This has to do with the buttons on the front of the Solo; these are both rotary and click buttons. The screen is not a touchscreen, although the appearance suggests otherwise!

The Ambiente stereo speaker can be connected with a single RCA cable. This is attached to the speaker. To connect to the WiFi network, we have to turn and click the buttons. It gives a bit of the feel of a text message you make on a Nokia 3310. But once we are connected, it is set. We are greeted with a notification that there is a system update. It is always good to keep internet connected systems up to date. After the update we are only surprised: we can completely reset the Solo! Nothing has been preserved. That is a point to improve. It is easy to immediately download the app, available for Android and iOS.

The buttons on the front have a big advantage: quick, easy operation. If it was a bit more difficult to set up, it is that easy to use the same buttons. This also makes it clear why this was chosen. We have to understand which button does what, but we get the hang of it in no time. This is a strong point for people who don’t feel like messing with an app on the phone. In addition, a remote control is also included. We choose our favorite radio stations, our music server is linked and we connect the record player. It is almost ready for use. It is advisable to check the adjustment. A check to see if the record player is level is also a step in this process. We connect the whole with the supplied cable and adapter. For example, the record player can be connected to the Solo. The transparent RCA cable then goes to a 3.5 mm plug.

Now we already hear you think: “That’s not good, is it?”. And you are absolutely right about that. A chain is only as strong as its weakest link, and that also applies to audio systems. Preference is given to a cable that already contains the adapter and which consists of one whole. But this is what Como Audio delivered, so this is what we test it with. Fortunately, the head office has announced that it will deliver the product with a different cable from this summer, so that no more adapters are needed. Now all that remains is an espresso and a listening session.

Musical Fun Factor “It’s a Wednesday morning, 07: 00 hours The Solo on button is pressed. Preset button 1 and Q-music can be heard over the speakers. The radio station logo appears on the screen. Meanwhile, the coffee machine is switched on and the living room is enveloped in the scent of fresh espresso. ”

This is how the Como Audio set has made its appearance in recent weeks, in a daily rhythm. The acceptance in such a steady rhythm can be a difficult process. In the case of the Como Audio Solo, Ambiente and the Turntable it was quite organic; within a day it was very natural to just turn on the radio or just turn on a CD from the server. And that is sometimes a different matter with some products. (Just below us; the Solo, Ambiente and Limoncello sound much better, right?). A comparison with Sonos or Bluesound is therefore easily made. But we’ll get to that later.

The step to turn on music for a moment is just the touch of a button. In the days when people work a lot at home, we also notice that we also listen to more music. There was a lot of radio, especially in the morning, and from lunch music was switched on via Spotify or the server. Around dinner the round black discs appeared and several LPs were listened to while enjoying a glass of wine.

The convenience and “Fun Factor” are very high with this set, and that is exactly what makes listening to music so much fun. Something we already encountered with the Crosley . But what exactly do we mean by that? It is often a combination of several factors. Think of the product, the price of the product, the ease of use, the right music and the time or place. The Solo excels in convenience. Press the button and listen. What we often encounter with multiroom or smart speakers is the smartphone. This almost always has to be taken in hand to put on other music. Then we are often tempted to read that email, or to view that post on Instagram or Facebook. There is no such distraction with the Como Audio Solo. It takes you as a user with a modern system back to a period of uncomplicated music experience. Of course there is an app available, but if we have used it five times during the entire period, then it is a lot. Combine that convenience with the sound quality and the circle is complete.

With the rotary knob we scroll through the music on the server, until we come across an album of which we think ‘yes, nice’. A good example is the Buena Vista Social Club, with the eponymous album from 1997. We own the album in Flac, hi-res. The Como just plays that. And the surprise is all the greater when we hear that the display is better than expected. The vocals and instruments are clear and have a clear place in the room. We do hear a slightly exaggerated mid-low / low. This is mainly because the housing has to compensate. So don’t expect audiophile performance. It is more like a delicious warm apple pie from Oma. All flavors have come together in that apple pie and together they form the whole. The audio performance of the Solo and the Ambiente can also be compared. We really hear music. We do not hear the vocals and instruments separately. We also don’t hear different levels, we just hear music, as a whole. Straight forward.

We also find the pleasure when we grab a few LPs. The album 21 by Adele and Forever Dreaming by Myles Sanko , for example. Adele doesn’t need an introduction. Myles Sanko is a British soul and jazz singer. He has been working hard since 2013 and has performed at North Sea Jazz, among others. We put on the song of the same name Forever Dreaming. We are looking for the swing that is in that song. With a good audio system sitting still is difficult and you will be captivated by the melody. We clearly hear the wind section shaping the melody. Here you can indeed hear the swing we are looking for. There is a small but. The music sounds good, better than you would expect. We only miss some body here and there. Just that little bit of strength underneath that creates conviction. When we set up Adele, we like to listen to that powerful swipe. Turning Tables is a very suitable number for this. Also appropriate in terms of name. Adele can convey a lot of emotion with her singing. This is also audible on the Como Audio Solo and Bluetooth Turntable. We feel the emotion and the swipe is more than pure enough. For a 2-way system, the Solo and the Turntable set a good score. Although there is more quality in the Turntable than the Solo can display.

Straightforward Now as a reader you naturally want to know what it costs and whether it is that exorbitant amount is worth. Let’s start with the target audience. For whom is such a set interesting? Are you that person who is harassed for the third time by the neighbor on Saturday because she can’t stop talking about their new Sonos speaker? And that they are now audiophiles too, because they have more than 1000 to spend on audio stuff, but they still have to save for the subwoofer. Making you wonder if you could drink the bottle of red wine in hand in one gulp, as long as you don’t have to listen to your neighbor anymore? Congratulations! You belong to the target group for Como Audio! They have an extensive range for multi-room audio products. Audio products made of wood. Available in 4 different colors, such as walnut. It is made for people who want the audio quality, but not Sonos. And especially its convenience. Just turn on some music. Music for cooking, or for relaxing on the couch with a glass of wine.

The set as a whole is very extensive and prepared for the future. The TV can also be connected to it with an optical cable. The cable was a weak link with the record player. It did not stay in place and the adapter prevented us from using all connections at the back. The Bluetooth connection provided more freedom. We could also place the record player elsewhere, at a slightly greater distance. The downside is that the quality of the connection was not always great. A slight hum could be heard when the turntable was turned on. As soon as the music started we didn’t hear anything anymore. A simple adapter is included with the record player. This could explain the hum. It can often be traced back to electricity or earth. The adapter can be replaced for an Sbooster, for example. This will also be a leap forward in the ge loud quality. The hum was also more present with Bluetooth than with wired listening, but again for the sake of completeness: the cabling of the test set differs from how the product is now delivered, and according to the manufacturer the c connector and ground cause hum in this setup.

Now we mainly used the front controls, but there is also an app. He could use some finishing touches. There will probably be a tip at startup, but that’s in a different language. So we can’t read that.

Which brings us to the prize. For the Como Audio Solo you pay 399 euro, for the Bluetooth Turntable you pay your 499 euro and for the Ambiente again 129 euros. That brings the total price to 1027 euros. Is it worth that price?

As a comparison, you could also buy 2x a Sonos Five or a Bluesound Pulse Mini, but at the same time it cannot be compared. It lacks the look and charisma of the Como Audio. The Fun Factor! The pleasure and that is precisely what makes listening to music so addictive. Another perspective can also be the ministry. This system is also very suitable for people who do not want to switch on or operate their audio with a smartphone. It would be even more attractive if Como Audio turns it into a set or bundle, including a nice set price, then we are completely happy.

Conclusion Como Audio is a great brand, with authentic audio aspects. The combination of the Solo, Ambiente and the Bluetooth Turntable provide a high fun factor. Add to that the fact that the operation is very simple and easy. A smartphone or tablet is not required for use. Are there any drawbacks? Sure, but that doesn’t make the fun and adventure of music on the Como Audio any less.

Como Audio

Combi: â ?? ¬ 1. 027 | Â como-audio.nl Â

Rating: 4/5