TOTP: It's not Google Authenticator

bri hefele, , infosec, mobile, security, software

I’ve been meaning to write about this since Twitter announced that only the eight-dollar-checkmark class would have access to SMS-based 2-factor authentication (2FA)1. Infosec circles got back into heated debates about the security implications of SMS-based authentication compared to the risk of losing access to the more-secure option of TOTP. This post isn’t really about that debate, but the major takeaways from either side are that:

User friction is a very real issue, and TOTP will always be more frictional than SMS; I can’t solve that in this post. Personally, I prefer to use TOTP when available due to the risk of a SIM-swapping attack2. This post, however, is more concerned with the matter of keeping your secret portable and within your control if you decide to use TOTP for 2FA.

If you’ve made it this far without knowing what TOTP is, well, that’s almost certainly by design. I would hazard that most people who are aware of it know it exclusively as Google Authenticator. Getting an increasingly-vital, open standard to be almost exclusively associated with one shitty app from one shitty company is certainly very good for that company, but very bad for everyone else. So the first order of business here is to clarify that whenever you see a site advertising 2FA via ‘Google Authenticator,’ what they actually mean is TOTP, or more accurately RFC 6238, an open standard3. Additionally, if you’re reading this and you currently implement TOTP on a site you manage or are planning to, I implore you to describe it accurately (including Google Authenticator as one of several options, if necessary) rather than feeding into the belief that the magical six-digit codes are a product of Alphabet.

So what, then, is TOTP? Even if you know it isn’t A Google Thing, the mechanism by which a QR code turns into a steady stream of six-digit codes is not entirely obvious. This is, typically, how we set up TOTP – we’re given a QR code which we photograph with our authenticator app, and suddenly we have TOTP codes. The QR code itself contains just a few pieces of URI-encoded data. This may include some specifics about the length of the code to be generated, the timing to be used, the hash method being used, and where the code is intended to be used. Crucially, it also contains an important secret – the cryptographic key that, along with a known time reference, is the foundation from which the codes are cryptographically generated. Essentially, a very strong password is kept secure, and from this an easily-digestible temporary code is generated based on time. Because it comes from a cryptographic hash function, exposing one (or more) of these codes does not have the same security implications as exposing the key itself.

Keeping the key itself secret is, in fact, extremely important. Vendor lock-in aside, I assume this partially contributes to the opacity of what happens in between scanning the QR code and having a functional 2FA setup. A large part of the debate over whether ‘Google Authenticator’ is a good 2FA solution is the fact that once your secret is in the Google Authenticator app, it is not coming out. If your app data gets corrupted, or if something misbehaves during a phone transition, you’re out of luck. Hopefully you’ve kept the recovery codes for your accounts safe somewhere. If to you, as to most people, TOTP means Google Authenticator, then this is a very real concern. One goof could simultaneously lock you out of all of your accounts that are important enough to you that you enabled their 2FA.

When I was de-Googling myself years ago, I went through the somewhat-laborious process of generating all new codes to put into Authy. In addition to (or in lieu of, I’m not entirely sure) local storage, Authy keeps your TOTP info in the cloud, allowing you to keep several devices in sync, including a desktop app. While this is a better solution than Google Authenticator, I’m not linking to it as I still think it’s a pretty bad one. The desktop app is an awful web-browser-masquerading-as-desktop-software creation. The system of PINs and passwords to access your account is convoluted. And, while in theory you can put the desktop app into a debug mode and extract your data, there’s no officially-supported path toward data portability. The unofficial method could go away at any time; in fact, while I will credit Indrek Ardel with the original method4, it seemingly no longer works and one must find more recent forks that do. On top of this, the aforementioned bad desktop app and confusing set of passwords meant that it was still just easier to start fresh with new codes when I recently switched away from Authy. Finally, Authy is another corporate product. It’s owned by Twilio, and they seem to want a piece of that lock-in pie as well, offering their own 2FA service that is a quasi-proprietary implementation of TOTP5, as outlined by Ardel.

For years, I’ve been using various KeePass implementations in conjunction with one another as a portable password management solution. I can keep a copy of the database in my OneDrive (or whatever cloud storage I happen to have access to; right now it’s OneDrive but frankly that’s because it’s cheap — not because it’s good) and have access to it from my phone and various computers. I can sync copies to flash drives if necessary, or drop a copy on an M-Disc with other important files to stash in a safe. I was, for a long time, using an unmaintained fork, KeePassX, because it simply vibes better with how I want computers to look and feel than its replacement, KeePassXC does. On mobile, I’ve been using Strongbox6. At some point, I noticed they added support for TOTP codes! The app will happily scan a QR code and add the relevant data to an entry.

This was interesting and novel, and I was already thinking about moving all of my codes into it, simply because storing them that way meant the data was easily recoverable. If I wanted to switch again in the future, I now had access to the secret and any other relevant parameters, and could generate a new QR code from them if need be. But then I happened to notice that KeePassXC, the desktop software I had been avoiding, also supports TOTP codes. And Strongbox’s implementation is fully compatible with KeePassXC’s! This changed things – suddenly this was a portable solution for accessing my TOTP codes and not merely the data behind them. I generated new codes for everything I use (and upgraded my security on a few things that had implemented TOTP without my noticing) and ditched Authy.

While you can add TOTP codes directly in the KeePassXC desktop app, you can’t do it directly from a QR code. Windows is fond of capturing screenshots to the clipboard7; I would love to see an option in KeePassXC that scans an image in the clipboard for a QR code (and then clears the clipboard). Getting codes out is extremely straightforward. Since the data is just in normal entries in my database, a code I scan in via Strongbox will show up in KeePassXC once OneDrive catches up. It is worth noting that this rather shatters the ‘something you know / something you have’ model of 2FA, but the flexibility is there to manage codes and passwords however the user is comfortable. The most important aspect for me was liberating my TOTP data from a series of lockboxes for which I lacked the key.

Ultimately, I don’t think average users care much about data portability until they’re forced to. By the time their hands are forced, the path of least resistance tends to just be to stick with the vendor that’s locked them in8. With TOTP, the ramifications of this can be extremely annoying. More importantly, however, I think Google has done a very good job at preventing users from even knowing that TOTP portability is possible. Whether I convince anyone to store their codes in KeePass databases or not is immaterial; I really just want people to know they have options, and why they might want to use them. I want people to give just a small amount of thought to the implications of having a login credential that you not only have zero knowledge of, but also have zero access to. Frankly, I want people to stop doing free advertising for Google. And finally, I genuinely want a return to an internet where, occasionally, we make our users learn one little technical term instead of letting multi-billion dollar corporations coöpt everything good.

  1. If you’re coming to this post without a basic understanding of 2FA, I’d suggest reading something like Proton’s introduction to the practice, as it’s a bit beyond the scope of what I’m hoping to cover here. The gist, however, is that a password alone is a single point of failure, and 2FA adds an additional security challenge in the case of a password breach, etc. ↩︎
  2. It is important to note that TOTP is not a panacea, there are other attack vectors to worry about. SIM-swapping, however, particularly freaks me out due to the potential for a social engineering attack. ↩︎
  3. Google Authenticator also supports HOTP, or RFC 4226, an increment-based OTP system. In practice, I’ve never seen this method used on its own, though it is itself the backbone of TOTP. ↩︎
  4. For the sake of crediting, Ardel’s gist can be found here. It’s unlikely to work, and in 2020 Ardel left a note recommending users seek out actively-updated forks instead. ↩︎
  5. Quasi-proprietary is, perhaps, a stretch – it just uses different defaults than most. Seven digits and a ten-second time block instead of six and thirty. Importantly, though, it also completely obscures the fact that it’s just weird TOTP from the user. ↩︎
  6. Strongbox has a MacOS app as well; I have not used it. ↩︎
  7. Phrased this way because I’ve lost track of how many inbuilt screenshotting mechanisms this goofy operating system actually has these days. ↩︎
  8. See: everyone still active on Twitter. ↩︎

Rawwwwwr, let's talk about Wavosaur

bri hefele, , audio, software

Okay, so I promise I’m actually working on my 2022 media retrospective post, but I’ve also been itching to write about a particular piece of software that I’ve been getting a lot of use out of lately. I’ve been dabbling a bit with music production in tracker software, a style which is built entirely1 around the use of samples. As such, I’ve found myself needing to work directly on waveforms, editing samples out of pieces of media I’ve stolen or recordings I’ve made directly2. Having used Adobe Audition as both a multitracker and a wave editor for a long time, I rather like its approach as a dual-purpose tool. I do not, however, like Adobe, nor do I really want to wait for Audition to start up when I’m just chopping up waves. It’s too much tool for my current needs. I’ve also used Audacity in the past, which is a multitracker that certainly can function as a wave editor if you want it to. But, among other issues, it’s just not pleasant to use. So I’ve looked into a number of wave editors over the past few weeks, and have primarily settled on Wavosaur.

Wavosaur is not perfect software, I have a few quibbles that I’ll bring up in a bit. It is, however, really good software, with a no-nonsense interface that at least tries to be unintrusive, and is largely user-customizable. It’s quick to launch, and quick to load files. By default, it will attempt to3 load everything that was open when it was last exited, this can be disabled to make things even quicker. While this is true of pretty much any audio editing software, it supports the import of raw binary data as well as enough actual media formats that I can open up an MP4 video of an episode of Arthur that I downloaded from some sketchball site and start slicing up its audio without issue.

Navigating waves is pretty straightforward. Scrollwheel is assigned to zoom instead of scroll, which I do not like. An option for this would be great. It’s not a huge deal, however, since I’m moving around more by zooming than by scrolling in the first place. Zoom in and out are not bound to the keyboard by default; I set horizontal zoom to Ctrl+/- and vertical to CtrlAlt+/-. I might remove modifiers from vertical altogether, but my point is more that binding them to something logical makes navigating helpful, along with CtrlE and CtrlR, the default bindings for zooming to selection and zooming out all the way.

Wavosaur can deal with two different sorts of markers, and these are stored within the .wav file itself. Normal markers can be used to identify all manner of thing in the file. No data (like a name, for example) can be stored along with the marker, so a somewhat sparing use is probably best, but to my knowledge there is no limit to the number of markers that can be added. Other software does allow for similar markers to be named and then navigated by name, but to my knowledge none of these store these in a standardized way in the .wav file itself. I also haven’t seen other wave editing software that supports the other sort of marker that Wavosaur supports – loop markers. There can only be one pair of these — an in and an out — per file. Set your loops to the note’s sustain duration, and you have a very basic implementation of envelope control. While I don’t know of other software that writes this information, both trackers that I’m currently playing with — MilkyTracker and Renoise — will read it4. Wavosaur doesn’t really have a way to preview loop points in context, unfortunately, but the fact that it reads and writes them still makes for a useful starting point within the tracker.

My second-most-used wave editor over the past few weeks has been NCH WavePad5. Aside from the aforementioned loops, WavePad lacks two features that really makes Wavosaur shine for sample creation. The first is the ability to snap to zero-crossings. Doing this helps to ensure that samples won’t end up popping when they trigger (or, with loop points, retrigger). This can easily be enabled and disabled in the menus, though toggling it can’t be bound to a key for some reason. The second is the ability to universally display time in audio samples6 instead of hours, minutes, and seconds. When fully zoomed in, WavePad switches to time based on audio samples, but I couldn’t find a way to set it as a permanent display. Often, with trackers, it’s advantageous to have a fairy intimate knowledge of how many audio samples you’re dealing with in a given sample. Being able to permanently set the display this way in Wavosaur is very helpful.

Wavosaur allows for resampling to an arbitrary sample rate. It has inbuilt pitch- and time-shifting, and a few basic effects like filters. For everything else, it supports VST in a straightforward way. You can build up a rack and preview things live, editing VST parameters while playing a looped selection of audio, and applying once things sound right. There’s some MIDI functionality, though I’m not sure the extent of it. Basic volume automation is included and works well enough. A wealth of visualization tools – spectrum analyzers and oscilloscopes and such – are included, and even have little widget versions that can live in the toolbar. It includes calculation tools for note frequency, delay, and BPM; BPM detection can also automatically place markers on beats. If you set markers at beats in this way, or manually, it will scramble audio based on markers for you.

I said I had a few quibbles that I’d like to get to. I already sort of mentioned one – while keyboard control is decent, not everything can be keybound. Like toggling snap-to-zero-crossings, there are quite a few actions that I would really like to have keyboard control over. Currently you can easily select between marker points by double-clicking within them, but the same can’t be done from the keyboard; overall, selection could use more granular control via menus and the keyboard. One very annoying thing is that doing an undo action resets the horizontal zoom out to 100%. If I’ve zoomed in on a section of audio that I’m looking to slice out into a new sample, I don’t want to lose that view if I need to correct a goofball mistake I made. Finally, something that a lot of good software has spoiled me for is a one-step process for making a new file from a selection. Right now it’s a two-step process of copying and pasting-as-new, which is fine. But it does sort of add up when you’re chopping up a bunch of samples. These are all pretty minor issues, and overall I think Wavosaur is a great little waveform editor. If you’re working with samples for trackers, I think it may be the best choice (on Windows, at least).

  1. There are modern trackers like Sunvox and Psycle that incorporate synthesis alongside PCM sampling, and using tracker interfaces for synth chips goes back to at least the SID. I think that overall, however, ‘tracker music’ mainly refers to or evokes software and music that is entirely sample-based. ↩︎
  2. I need to upgrade my contact mics, but I’m still liking the Tascam GT-R1 for its Hi-Z input. I also love the Zoom Handy H2n for its five-microphone MS/XY configuration, and the flexibility that affords. ↩︎
  3. A caveat here is that a lot of the sample slicing that I’m doing involves copying from a lengthy file into a new file for the individual sample. Doing this creates a temporary ‘paste.wav’ that won’t exist next time Wavosaur launches. ↩︎
  4. The Tascam GT-R1 supports overdub recording, and some other functionality for practice and jam recording, and part of this is a basic looping functionality. They cared enough about this that it gets dedicated buttons on the front panel! But alas, however it does this is not the same standard used by Wavosaur and the various trackers. ↩︎
  5. I don’t mind linking to NCH WavePad because it is quite good, but I wanted to bury the link down here for two reasons. First, their marketing is incredibly aggressive, to the point where they’ve bought ads that come up advertising it as a ‘Wavosaur alternative’ when you’re searching for Wavosaur (software that I might actually refer to as a free alternative to the $39.95 WavePad). Frankly, I just don’t like that. Second, they have a history of bundling bloatware in with their software. As far as the internet says, and as far as I can otherwise tell, they don’t do this anymore. But I think it’s worth knowing companies’ histories with these things. That said, I used WavePad and other NCH software many years ago, and it was solid then. WavePad was solid for me now as well, and had some UI tricks up its sleeve that I really liked. So, past the caveats, I do recommend checking out NCH WavePad if you need a wave editor and Wavosaur isn’t cutting it for your needs. ↩︎
  6. So, this is slightly tricky. Sampling in music refers to playing back short recordings of instruments, beats, vocals, &c. But in digital communication, when we’re talking about PCM audio, a sample is one point of audio. So, in a 44.1khz mono audio file, every second worth of audio contains 44,100 samples. For the purpose of this post, I refer to these as audio samples. ↩︎

Some things I have been meaning to write about but haven't

bri hefele, , hardware, software, Sony, video games

So… I have a few posts that I’ve sort of been working on, but they’re involved. I have others that I just haven’t been motivated to actually work on; motivation in general has been difficult lately. And there have been some things I’ve played with or thought about recently, but I just can’t figure out a way to sort of give those things the narrative structure that I hope for when I’m writing here. So, since it’s been a while, here are some things that I maybe should have written about:

The Steam Deck

I bought one of these. It’s weird! A big pile of compromises. I guess where I land on it is that it does what it’s supposed to do. It is a reasonably powerful machine in a handheld game console form factor, for a far lower price than a GDP. The outward-facing console features are horrible, in my opinion. The D-pad is unusable; I average like twenty lines lower in master mode Tetris than on my Switch or my modified DualShock 4. The button placement is too wide; I primarily play shmups and can’t reliably get from A to B for bombs. I think trackpads are the worst sort of input device – the Deck has two of them and they’re the worst of the worst. Put simply, I wouldn’t use this thing if it didn’t solve other problems.

And it does, but again this is mostly just by being the only thing that exists in this form factor and at this price. The parts that actually do the heavy lifting are software – the Proton emulation layer and the SteamOS Linux distribution. Proton does work surprisingly well – I play a lot of doujin games written in obscure languages for Windows 2000, and I’ve had very few compatibility issues. The SteamOS UI/UX is… fine. It’s always very obvious that you’re using a computer and not a purpose-built console, though. Anyway, I don’t love gaming on my laptop, so I have been getting a lot of use out of the Steam Deck. Hopefully more things start to exist in this market.

The Brother P-Touch Stickerkid

I’m probably going to write about this over on Cohost as well, where I’ve been doing more of the nerd stuff that I’ve kind of migrated from place to place over the years. But lately I’ve been kind of fixating on thermal labelmakers. They’re incredibly unsexy devices, and they’re essentially all the same. I think it’s fascinating seeing the slight differences model to model, though, like how the absolutely miserable PT-1400 is one of only like three models that has symbols for electrical polarity (and possibly the only model that does both that and barcodes).

Brother made a few models that really feel like they were trying to milk an existing product line as much as they could. One of the more interesting ones is the Stickerkid, the PT-25. The idea is just, kids like stickers, and thermal-printed labels are just… kinda crappy stickers. This line of thinking makes sense, but it also lends itself to… a really lazy product. Brother didn’t make that. The physical unit is based on an existing mid-grade model rather than the bottom of the barrel (I prefer the feel of it to the aforementioned PT-1400). The ROM is wildly different from normal models. It has a massive bank of symbols, many that can be combined in various ways for making varied faces and face/body combinations. It has a (bad, but still) typing game. It has a ‘piano mode’ which is just that every button makes a different tone (this can be disabled). It has a bank of a handful of phrases in several languages as a sort of half-hearted learning tool. It has physical ‘yes’ and ‘no’ buttons that make menu navigation much more pleasant than my typewriter-sized professional PT-9400. I won’t pretend it’s a great general-purpose labelmaker1, but I will say that Brother went way harder on the implementation of this idea than they needed to.

ReWASD

For a long time, I’ve exclusively used a DualShock 4 for gaming on my laptop. I have it modified with clicky switches, and it’s great for falling-block games and pretty good for shmups. I’ve finally got a working solution, albeit wired, for the Neo Geo Pad 2 PlayStation controller. I assumed that I’d be able to use my existing remapping software with it, since the adaptor I’m using (Brooks) emulates a wired PS4 controller. But the software I was using is picky, only activating a hardcoded list of approved USB devices. There are a lot of options that really feel like they fit in with the shmup lifestyle – often looking as cobbled together as the launchers for these games, and only mapping to keypresses, lacking virtual controller support.

But I didn’t want to need a second piece of software for the rare times I need virtual controller support, so I bit the bullet and bought reWASD. It takes forever to start up, presumably because the UI is all some Electron (or whatever) type bullshit. And there are some weird glitches here and there that seem to demand relaunching. But overall, I really enjoy the experience of this software over what I was using before. It’s far more customizable, the UI is just more intuitive, and it works fine with my adapted Neo Geo Pad 2. Customizability includes shift layers as well as mappings for double-taps and the like. I’m considering a shmup mapping for my Epyx 500XJ where the inner button will be shot, the outer button will be focus, and double-tapping the outer button will be bomb. Anyway, I expected the software to be a minor upgrade beyond just solving my immediate problem, but it is probably the best remapping experience I’ve had.

Sony SRS-BTM8

There really isn’t much to say about this Bluetooth speaker, and even if there were, I’m hesitant to just keep posting about Sony products. The SRS-BTM8 is an old, discontinued speaker that you can easily snag on eBay for about $20. It sounds fine. Not great, but fine. And importantly, it’s powered by 4 AA batteries. It’s pretty rare to find a Bluetooth speaker that isn’t powered by an internal lithium-ion battery, and with the infrequency that I use mine2 – this means I can basically never use it because the battery is bound to be dead. This solves that problem and is perfectly fine in every other way.

Next up…

I think that’s about all I have for right now. There are still a number of posts that I’m hoping I’ll actually follow through with. But even if I can’t build up the energy for any of that, I expect to get my 2022 media recap posted early in January. We’ll see where things go from there! Happy new year!

  1. The plastics used might not be the greatest, but that’s just sort of a ‘90s consumer electronics problem. At any rate, I used my Stickerkid for presents this year and when I swapped out the tape afterward, I snapped off a bit of plastic that holds a spring which presses the tape up to the head via a roller. ↩︎
  2. I don’t mean my LSPX-S2, which gets use but pretty much stays in one place. ↩︎

Revisiting the travel chess computer

bri hefele, , chess, gaming, hardware, retrocomputing

Computers are interesting things. When we think of computers, we tend to think of general-purpose computers – our laptops, smartphones, servers and mainframes, things that run a vast array of programs composed of hundreds of thousands of instructions spanning a multitude of chips. When I was younger, general-purpose computers were more-or-less hobbyist items for home users. Single-purpose computers still exist everywhere, but there was certainly a time when having a relatively cheap, often relatively small computing device for a specific task was either preferable to doing that task on a general-purpose computer, or perhaps the only way to do it. Something like a simple four-function calculator was a far more commonplace device before our phones became more than just phones.

Chess poses an interesting problem here. By modern standards, it doesn’t take much to make a decently-performing chess computer. The computer I’ll be discussing later in this post, the Saitek Kasparov Travel Champion 21001 runs on a 10MHz processor with 1KB of RAM and 32KB of program ROM (including a large opening library). It plays at a respectable ~2000 ELO2. This was released in 1994, a time when the general-purpose computer was becoming more of a household item. The Pentium had just been released; a Micron desktop PC with a 90MHz Pentium and 8MB of RAM was selling for $2,499 (the equivalent of $4,988 in 2022, adjusting for inflation)3. 486s were still available; a less-capable but still well-kitted-out 33MHz 486 with 4MB of RAM went for $1,399 ($2,797 in 2020 dollars). Chessmaster 4000 Turbo would run on one of these 486s, albeit without making the recommended specs. It cost $59.95 ($119.85 in 2020 dollars)4, and while it’s hard to get a sense of the ELO it performed at, players today still seem to find value in all of the old Chessmaster games; they may not play at an advanced club level, but they were decent engines considering they were marketed to the general public. A more enthusiast-level software package, Fritz 3, was selling for 149 DEM5, which I can’t really translate to 2020 USD, but suffice it to say… it wasn’t cheap. Fritz 3 advertised a 2800 ELO6; a tester at the time estimated it around 2440 ELO. Interestingly, when that tester turned Turbo off, reducing their machine from a 50MHz 486 to 4.77MHz, ELO only dropped by about 100 points.

All of this is to say that capable chess engines don’t need a ton of processing power. At a time when general-purpose computers weren’t ubiquitous in the home, a low-spec dedicated chess computer made a lot of sense. The earliest dedicated home chess computers resembled calculators, lacking boards and only giving moves via an LED display, accepting them via button presses. Following this were sensory boards, accepting moves via pressure sensors under the spaces. These were available in full-sized boards as well as travel boards, the latter of which used small pegged pieces on proportionally small boards with (typically clamshell) lids for travel.

In 2022, we all have incredibly powerful computers on our desks, in our laps, and in our purses. Stockfish 15, one of the most powerful engines available, is free open source software. Chess.com is an incredible resource even at the free level, powered by the commercially-available Komodo engine. Full-size electronic boards still exist, which can interface with PCs or dedicated chess computers. Some of these products are pretty neat – DGT makes boards that recognize every piece and Raspberry Pi-based computers built into chess clocks. There is an undying joy in being able to play an AI (or an online opponent) on a real, physical, full-sized board.

The market for portable chess computers has pretty much dried up, however. Pegboard travel sets eventually gave way to LCD handhelds with resistive touchscreens and rather janky segment-based piece indicators. These were more compact than the pegboards, and they required less fiddling7 and setup. The advent of the smartphone, however, really made these into relics; a good engine on even the lowest-end modern phone is just a better experience in every single way. On iOS, tChess powered by the Stobor engine is a great app at the free level, and its pro features are well-worth the $8 asking price. The aforementioned chess.com app is excellent as well.

When I was quite young, I improved my chess skills by playing on a 1985 Novag Piccolo that my parents got me at a local flea market. I loved this pegboard-based computer – the sensory board which indicated moves via rank-and-file LEDs, the minimalist set of button inputs, even the company’s logo. It was just a cool device. It is, of course, a pretty weak machine. Miniaturization and low-power chips just weren’t at the state that they are now, and travel boards suffered significantly compared to their full-sized contemporaries. The Piccolo has been user rated around 900 ELO, it doesn’t know things like threefold repetition, and lacks opening books.

I’ve been trying to get back into chess, and I decided that I wanted a pegboard chess computer. Even though the feeling pales in comparison to a full-sized board, I don’t have a ton of space, I tend to operate out of my bed, and I have that nostalgic itch for something resembling my childhood Novag. Unfortunately, things didn’t improve much beyond the capabilities of said Novag during the pegboard era. I would still love to find one of the few decent pegboard Novags – the Amber or Amigo would be nice finds. But I ended up getting a good deal on a computer I had done some research on, the aforementioned Saitek Kasparov Travel Champion 2100 (from hereon simply referred to as the 2100).

I knew the 2100 was a decent little computer with a near-2000 ELO8 and a 6000 half-move opening library. I liked that it offered both a rank-and-file LED readout and a coordinate readout on its seven-segment LCD. Knowing that these pegboard computers struggled to achieve parity with their full-sized counterparts, I was pretty surprised to find some above-and-beyond features that I was familiar with from PC chess engines. The LCD can show a wealth of information, including a continuous readout of what the computer thinks the best move is. A coaching mode is present, where the computer will warn you when pieces are under attack and notify you if it believes you’ve made a blunder. A random mode is present, choosing the computer’s moves randomly from its top handful of best options instead of always choosing what it believes is the best of the best. You can select from themed opening books or disable the opening library entirely. These are all neat features that I really wasn’t expecting from a pegboard computer9.

I can see why the 2100 tends to command a high price on the secondary market – if you want a traditional pegboard chess computer, it seems like a hard one to beat. I’m certainly intrigued by some of the modern solutions – the roll-up Square Off PRO looks incredibly clever10. But for a compact yet tactile solution that I can tune down to my current skill level or allow to absolutely blast me, the 2100 checks a lot of unexpected boxes. As I mentioned, these travel units died out for good reason; I can play a quick game on chess.com against Komodo and get an incredibly detailed, plain-language analysis afterword that highlights key moments and lets me play out various ‘what if?’ scenarios. I do this nearly every day as of late. Purchasing a nearly-three-decade-old chess computer may have been a silly move. But it’s a different experience compared to poking at at an app on my phone. It’s tactile, it’s uncluttered. It’s scaled down, but there’s still something about just staring at a board and moving pieces around. I still use my phone more, but the 2100 offers something different, and it offers that alongside a decent engine with a flexible interface11. Maybe one of these days someone will come out with a travel eboard, but I doubt it. Solutions like the Square Off PRO are likely the direction portable chess computers are headed. This is fine, it’s a niche market. I’m just glad a handful of decent models were produced during the pegboard era, and I’m happy to have acquired the Saitek Kasparov Travel Champion 2100.

  1. To the best of my knowledge, this unit is also known as the Kasparov Cosmos. Aside from the color of plastic, these units look identical, are feature-identical, and have been tested to the same rating. I don’t, however, have actual confirmation that they run identical hardware or ROMs. ↩︎
  2. Saitek claims 2200 ELO on the Travel Champion 2100 (why it’s called 2100, then, is a mystery…) but an independent test places it around 1980 ELO. I’ll trust independent tests a bit more, though ranking a computer is rather murky to begin with. ↩︎
  3. Price/specs from an ad in the December 1994 Home PC magazine. ↩︎
  4. Price from an ad in the March 1994 Electronic Entertainment magazine. ↩︎
  5. The asking price was apparently 198 DEM, but ads from the time suggest it sold for as low as 149 DEM. ↩︎
  6. ELO taken from a review in the October 1994 issue of PC Joker. ↩︎
  7. A thing about sensory boards is that they like having confirmation that the board state isn’t getting out of sync. So, in addition to making your move (by pressing down once to remove a piece and again to place it), you need to input the computer’s piece moves on the board as well. Obviously you would have to make the moves for them, but the act of applying pressure at the beginning and end of every move gives it sort of a rigid feel that can feel fiddly at times. ↩︎
  8. Frans Rosch, known for the Fritz engine, wrote Saitek’s engines at the time. ↩︎
  9. A lot of these features made it into Saitek’s LCD line as well, like the Mephisto by Saitek Maestro, one of which I may have also acquired. ↩︎
  10. Modern electronic boards no longer rely on pressure sensors. The aforementioned boards from DGT sense pieces by proximity and know what they are. The Square Off PRO isn’t quite so advanced, but it does use magnets in lieu of pressure sensors. This makes for more natural play, of course, but it also either locks you in to the manufacturer’s costly pieces or requires hacks to get traditional pieces to work. Pressure-based boards accept any pieces. ↩︎
  11. The interface is still pretty simple, and setting options and accessing info and such is not super intuitive. However, the manual is definitely something of a bygone era. It is very detailed and very well-written. I’ll hopefully be getting a flatbed scanner soon and popping this up on archive.org. ↩︎

A doughnut in my ear: the Sony Linkbuds

bri hefele, , audio, hardware, Sony

Ever since I saw Techmoan’s video about the new Sony Linkbuds, truly wireless1 earbuds with an open design made possible by virtue of a doughnut-shaped driver, I’ve been enthralled. I always prefer open headphones, which can be tricky when you’re buying things meant to go in your ear. Even within the realm of full-sized, over-the-ear cans, it’s a niche market. People like having a silent, black background. I understand this, but it isn’t for me. For one thing, silence gives me anxiety. For another, the sort of platonic ideal folks tend to have for music – the live performance – is never a silent black box either. Ambient sound exists; even the much-misunderstood 4′33″ by John Cage is more of an exercise in appreciating ambient sound than it is an exercise in silence. Perhaps that’s a pretentious way of looking at things, but this widespread belief that audiophile greatness starts in a vacuum has certainly left the market with a dearth of open designs.

Earbuds themselves are a dying breed. In-ear monitors (IEMs) direct sound through a nozzle directly into the ear canal, where their tips are inserted. This gives a tight physical connection to the sound, and it – once again – isolates the listener from the world better, leading to a more silent experience. I’ve used – and enjoyed – a handful of semi-open IEMs, but… IEM fit is tricky. My ears are different enough in size that I generally need a different tip size for either ear. Even when I do get the ‘right’ fit, it nearly always feels like a delicate balance, and one that requires me to sit a certain way, move very little, and avoid shifting my jaw at all. For quite some time now, I’ve been using Master and Dynamic’s MW-07 Plus. Their design is such that an additional piece of silicone butts up against the back of the ear’s antihelix for additional support, minimizing fit issues significantly. They also sound great. I like these enough that I own three pairs of them2. Getting them seated properly can still be an issue, though, and… they aren’t open. They do provide an ‘ambient listening’ mode that’s sort of a reverse of active noise cancelling – using the inbuilt microphones to pick up ambient noise and inject it into the stream. It’s better than nothing. A new problem has started to manifest with the MW-07s in which that additional piece of silicone doesn’t always fit over the IEM tightly enough, and it obscures the sensor that detects whether or not the IEM is in your ear. The result has been a lot of unintentional pausing, and a lot of frustration.

I spend a fair amount of time listening to a Walkman or a DAP using full-size cans (generally Sennheiser HD-650s), but I also do like the convenience of casual listening from my stupid phone with no headphone jack via Bluetooth. Right now, this means either one of my several pairs of MW-07s, or the weird little doughnuts that are the Sony Linkbuds. I’ve been putting the Linkbuds through their paces for a couple of weeks now, and they’ve quickly become my favorite solution for casual listening. I will get into their caveats – which are not minor – but the TL;DR is that they sound good enough, they fit well, and they’re just… pleasant to use. I know the hot take is to say that Sony lost their flair for innovation and experimentation in the ‘90s or whatever, but they are still doing interesting things. It may not be particularly impressive on a technical level, but someone still had to greenlight the R&D for designing a custom doughnut-shaped driver for the Linkbuds. It’s a shot in the dark for an already-niche product market. These aren’t going to be for everyone, but if the idea of a truly wireless earbud with a gaping hole in the middle to allow ambient sound in is appealing to you – I think Sony did good.

Comfort

To start, the Linkbuds are extremely comfortable. Unlike any IEM I’ve used, they quickly disappear from my ear. If I shake my head, I’ll notice the weight there, but they stay in place fine. Being earbuds instead of IEMs, there are no tips to worry about sizing. But like the MW-07s, there is an additional bit of silicone – in this case, a tiny little hoop that catches behind the top of the antihelix. These are included in five sizes, and they help with positioning enough that choosing the ‘wrong’ size is detrimental to sound and not just the security of the earbud in the ear. They seem too flimsy to do anything, but they’re vital to the fit, and that flimsiness ensures that they remain light and comfortable. Aftermarket manufacturers are selling replacements for these; I’ve acquired some pink ones to make them a bit more me. The amount of silicone contacting the skin is low enough to keep itchiness to a minimum during extended wear – a discomfort that became a reality after wearing the MW-07s for long stretches.

Sound

The Linkbuds are not an audiophile-grade experience. Compared to the MW-07s, they’re… thin. But they don’t sound bad, they don’t sound particularly cheap or tinny. Their sound is rather hard to describe. Some folks have done frequency response charting3 of them, and… yeah the low end rolls off early and it rolls off hard. This can be compensated for quite serviceably with the inbuilt equalizer (more on this shortly), but these are never going to hit you with thick sub-bass. Music that relies heavily on this will sound a bit thin. Occasionally, a piece of pop music like Kero Kero Bonito’s ‘Waking Up’ will surprise me in just how much the production leans on the low-end. But for the most part, the equalizer gets the upper bass present enough that music tends to sound full enough to be satisfying.

There is one really peaky little frequency range somewhere in the 2500Hz band. I first noticed it on µ-Ziq’s ‘Blainville’, the repeating squeal noise was… unbearable. This manifested in a few other tracks as well4, but was also tameable through equalization. Beyond these frequency response issues, it’s tricky to talk about the sound of them. They sound big. Not necessarily in terms of soundstage, but the scope of the reproduced sound itself feels more like it’s coming from large cans firing haphazardly into my ears than tiny little doughnuts resting precisely inside them. I assume this can largely be attributed to the good fit – I’ve used high-end wired earbuds like the Hifiman ES1005, and when they’re properly positioned they sound great… but keeping them properly positioned is tough. Soundstage is fine, imaging is fine. I actually enjoy them quite a bit for well-recorded classical, particularly pieces for chamber ensembles. In a recording like Nexus and Sō Percussion’s performance of Music for Mallet Instruments, Voices, and Organ, not only do the instruments feel like they exist in a physical space, you can almost sense where on the instrument a given note is being struck.

The app

I’ve mentioned the equalizer twice now, but before I can talk about that, I have to talk about the app. In general, a product is less appealing to me if it involves an app – this tends to mean some functionality only exists in a terribly piece of software that probably won’t exist anymore in three years. This is true of the Linkbuds as well, but two things make me reluctant to care about it: the functionality feels pretty set-it-and-forget-it to me, and they’re already bound to a phone by virtue of design. The app lets you set quite a few things including some strange 3d spatial stuff that I haven’t tested, a listening profile designed to liven up low-bitrate lossy compression, and integration with other apps. This integration is very limited, only supporting Spotify (which you shouldn’t do) and a few other things I hadn’t heard of6. It also lets you set the language for notifications (for low battery and the like), and upgrade the firmware. Then there’s the equalizer – five bands, plus a vague ‘Clear Bass’ slider. I’ve found I’m happiest with the following settings:

Clear Bass 400Hz 1kHz 2.5kHz 6.3kHz 16kHz
+7 +1 ±0 -4 -3 -3

This obviously isn’t going to work miracles with the sub-bass, but it does bring enough bass presence to make for a fuller sound, and it smooths out that peak in the 2.5kHz band. The equalizer has a bunch of presets, and lets you store three of your own presets. Frustratingly, while the app supports a bunch of different Sony headphones, it’s also a different app than the one used for Sony speakers.

A final thing that the app allows for is the setting of the four tap commands that are available to you – twice or thrice on either Linkbud. These are limited to a handful of presets – one plays/pauses and skips to next track, one is volume up/down, one is next/previous track, etc. I wish these were just fully customizable. I find it easier to adjust volume with the physical buttons on my phone, so I’m using pause/next and next/previous. I’d love to tweak this for a couple of reasons – not having a redundant next command, and swapping the order of next and previous. Regardless, this is more useful than the hardcoded two buttons on my MW-07s. And while tapping on the Linkbuds feels silly vs. pressing an actual button… it is much easier.

A few final notes

Battery life is bad. I get it, the shape of them and the fact that half of the unit is a doughnut-shaped driver means there isn’t much room for a battery. But the reality is that the MW-07s last long enough to get through a workday, and the Linkbuds just… won’t. Which sucks, because getting through each new slogging day of work pretty much requires a constant stream of high-energy music. The case they come in doesn’t have a great battery either, and this is less forgivable.

Compared to the MW-07s, I really like the way the case feels. It’s made of the same plastic as the Linkbuds themselves, which just… has a nice feel to it. The case is also just weighted in a very pleasing weeble-wobbly way. The Linkbuds snap into the case very positively, whereas the MW-07’s just kind of flop into place. The Linkbuds’ case has a single LED, which reports the battery status of the case itself when you open it, and each Linkbud when you snap them into place. It only seems to report vague green and orange levels. The MW-07 case, on the other hand, has three LEDs which clearly correspond to case, and left and right. These LEDs have three vague levels instead of two.

One last silly detail that the Linkbuds get better than the MW-07 is the volume that they use for their own sounds. Tap confirmations and low battery notifications are soft sounds, played at reasonable volumes. The MW-07’s notification for switching on ambient listening mode is just a little too loud, and the low battery notification is absolutely alarming. This is something that a lot of companies seem to neglect – generic units are usually terrible about it. Master and Dynamic certainly tried harder than generic vendors, but Sony did it right. It’s a little thing, but little things add up.

I guess this post largely serves to take away my audiophile cred, but the reality as I age and my life gets more complicated is that there’s listening as an activity and then there’s listening as background. The activity is akin to enjoying a 15-year Macallan Fine Oak while background listening just gets you through the day like a few shots of rail vodka. The Linkbuds serve my casual background listening needs really well, and they sound perfectly fine doing it. They pale in comparison to my Sennheiser IE-800s, but… they’re supposed to. They’re doing a different job. And while my MW-07s may sound better, they’re increasingly not worth the hassle when I want to both listen to music and move my body. I hope Sony makes a second version of these. I want more doughnut-shaped drivers out in the world. I want Sony to really go ham on such an open design. I want Sony to keep being weird. But mostly I just want to know I’ll be able to get a replacement pair a few years down the line, because I think I’m going to want to keep using these for a while.

  1. I don’t love this term, but it’s stuck as an industry standard and I suppose it is accurate. If you’re not in the know, earlier Bluetooth earbuds and in-ear monitors were wireless in the sense that there was no wire running directly to your phone or other device, but technical limitations meant that short wires connected them to one another/a receiver. Truly wireless designs are, by contrast… truly wireless. I don’t know why the term bothers me. ↩︎
  2. I didn’t pay full price for any of them, so… that helps. ↩︎
  3. SoundGuys included one in their review. I didn’t link straight to it from the post because I don’t know what their testing methodology is, and I’ve seen murmurings around that the response they were showing only manifests at higher volume. Take it with a grain of salt, but… regardless, these aren’t for bassheads. ↩︎
  4. Another one I made note of was ‘2021 Needs It’ by La Neve ↩︎
  5. I use the term high-end loosely here. A $70 pair of earbuds is only high-end in the sense that few manufacturers are making earbuds beyond the $15 price point. ↩︎
  6. Endel, Auto Play, and Soundsense. Dunno. ↩︎