Archive for April, 2011


Security in a connected TV world

Sitting in my inbox, I have a press release from one of the companies that makes TV middleware – that’s the stuff that typically does things like the interactive services, and increasingly provide access to online content, like iPlayer, LoveFilm and other material.

I’ve been thinking about what, if anything to write about it. On the face of it, their press release struck me as containing a certain amount of FUD: it essentially said that they’d included protection against viruses in their middleware, so TVs that used it would be better protected on the internet. And yes, while there might be a theoretical possibility, is it really that great? After all, what could a virus on your TV do? Force you to watch Corrie instead of Eastenders?

There are probably more important things to worry about and so, beyond chatting about it with a couple of more knowledgeable people, I put it to the back of my mind. But, following the news of the hacking of the Sony PlayStation Network, I think it’s worth revisiting.

Attacking your TV

First, it’s worth considering exactly how a connected TV works. They’ll all be slightly different, but I’ll take Panasonic’s VieraCast as an example, partly because I have one myself, but also because there’s information about there about how it works, notably here.

Essentially, when you press the VieraCast button, the set goes to a specific URL, and fetches the main page, and there’s not much in the way of security involved. Does that make it a big issue? Well, not really. In theory, if you could hijack the DNS servers, either on a widespread scale or just on a user’s home network, you could make the TV fetch content from a different site. And perhaps that content could ask people for credit card info, and some of them might enter it.

But that’s not hacking or infecting the TV, really – you’d have to attack the internet infrastructure, or a user’s home network. And if you’re attacking someone’s network, you’ll probably find richer pickings on the PC than you will by trying to work out which brand of connected TV they might have and how to subvert it.

Despite what the press release claimed, I’ve not yet seen a connected TV that actually has important information stored in it, like credit card details. My VieraCast set has my YouTube login, sure, but that’s not going to be much use to anyone. One friend’s TV offers them LoveFilm, but the only identifying information the TV has to know is a long number that’s obtained from the web site – again, no credit card details stored on the TV.

And I think it’s pretty unlikely anyone’s going to suggest your TV does store that. Of course, there is a theoretical risk – and people who know more about this stuff than I do tell me that there’s very little in the way of security included in the specifications for services like HbbTV, or many of the manufacturer portals. And yes, that should probably be addressed.

The PlayStation attack

With many of these services at a relatively young age, in fact, I think now might be the time for some of those working on them to go back and look at how security can be beefed up – but not just in the connected devices like TVs and set top boxes that will be becoming increasingly prevalent over the next couple of years.

The full details of how the Sony PlayStation Network were hacked aren’t available, and may never be – but clearly a lot of personal information has been obtained, for more people than live in the whole of the United Kingdom.

There’s no excuse for not securing your own PC with firewalls, and anti-virus software, but the Sony hack should remind us all that the richest pickings will seldom be found by attacking lots of individual computers. They’ll come from companies like Sony, or TJX (owners of TJ Maxx) – formerly believed to be the biggest hack ever, at a mere 45 million users – who have lots of data gathered in one place, and not properly secured.

Mostly forgotten amidst all the fuss over the PlayStation Network is that Sony’s Qriocity streaming service has also been affected by this hack. It provides streaming music, videos and feature films to Bravia TVs and Blu-ray players. It’s fairly new, and given the lack of fuss, I suspect not that widely used – if you’re in the US and want streaming films, the name you look for is NetFlix, while in the UK it’s LoveFilm.

But, I do wonder if the scale of the problems with the PlayStation Network will have a knock on effect on people’s willingness to use online entertainment services. It’s received much press coverage and I suspect that for an awful lot of people, it’s been their first encounter with entertainment of any sort delivered over the internet. For it to have such a spectacular security failure surely can’t be good for consumer confidence.

After Sony

In the UK, internet entertainment is still pretty young, at least in terms of paid services. It’s growing, as more people produce TVs with LoveFilm, and services like YouView will provide access to even more paid content. Across Europe HbbTV is being deployed alongside other platforms from TV manufacturers.

Some of these services are more mature than others – we’re unlikely to see anything with a YouView badge for some months yet, for instance. But I think they could all do with taking some time to consider security issues.

The potential of attacks on your TV itself is still, I think, a pretty slim chance – but that doesn’t mean that manufacturers shouldn’t stop and think about how they can make sure their systems are more robust.

The groups creating standards like HbbTV should perhaps take time to see how they can be updated to increase security – hopefully in ways which can be implemented via software updates to equipment that’s already deployed.

And, given that what seems to have happened with PlayStation Network was a problem with the service provider not taking decent security precautions, perhaps there’s also a need for more transparency, or information about compliance to be made available.

Would it be a good idea, for instance, if YouView were to have a requirement that services available via its platform never stored billing data in unencrypted form? And if encrypted connections were mandatory for transferring personal information between the box and the remote servers?

Some people might say “Won’t that lock out smaller players? Or introduce compliance requirements? And you can never be 100% secure anyway.” Yes, all that is correct. But I still think that any connected TV or online entertainment service that wants to be sure it has the confidence of customers should be thinking long and hard about how they can avoid the mistakes made by Sony, and make sure that their customers know they take these things seriously.

Connected TV platforms are still young, and deployed in relatively small numbers. It’s far better to address the question of security now than to wait until there are tens of millions of TVs and set top boxes, running on platforms that could have been made more secure.


Q&A: Digital audio formats

Time for another question, from Paul Hunter, who asks

“what is the difference between PCM 2.0 stereo channel and Dolby Digital (DD) 2.0?  I have a brand new amp (Onkyo) which shows that Standard Definition  TV programmes, via my Humax HDR Fox T2 recorder, are transmitted in PCM 2.0, whereas the majority of HD programmes are transmitted in DD 2.0 (although some in DD 5.1).  My amp appears to be capable of converting both the PCM 2.0 and DD 2.0 input formats to 2.1 stereo, or even 5.1 surround outputs.   Please could you explain the difference between PCM 2.0 and DD 2.0 inputs?”

There’s not a massive difference, in terms of what you’ll hear, really. The 2.0 indicates that the signal has just two channels of audio, and no separate channel for the subwoofer. When your amp converts this to 2.1 what it’s really doing is filtering off the low frequencies and directing them to the subwoofer channel.

But stepping back a bit, the real question – what’s the difference between PCM 2.0 an Dolby Digital 2.0, given that they are both stereo signals?

PCM stands for Pulse Code Modulation, which is a pretty simple way of encoding digital audio, without compression. It’s understood by just about every bit of AV kit out there, and you could call it the lingua franca of digital audio, I suppose.

Dolby Digital is a codec, which involves some compression, so theoretically if you were to take the same audio signal and encode it in PCM and Dolby Digital, you might (depending on the bit rates involved) hear a small difference, in favour of PCM.

Both formats can be used for stereo or multi-channel audio, however because of the uncompressed nature of PCM, you can’t really get more than two channels down an S/PDIF link, whether optical or digital, though some kit will support multi-channel PCM via HDMI. But I digress. Back to the 2.0 versions of each:

On Standard Definition Freeview (and most other services) the soundtrack uses MP2 compression. Some kit will support that, but not all, and when you’re using a digital connection, whether HDMI or S/PDIF, the most straightforward thing to do is simply to decode it to PCM audio, and so you get a PCM 2.0 stream from your receiver.

On High Definition channels on Freeview, the sound uses the AAC codec (and can use HE-AAC, which is the High Efficiency version of the same codec). This is used for both stereo and multi-channel programmes, and like the MP2 audio on standard def channels, can be converted to PCM.

However, not all home AV kit has HDMI, so many people will be relying on an S/PDIF connection for their audio. And some kit with HDMI doesn’t support multi-channel PCM, either.

So, for surround broadcasts, the most sensible thing to do for broadest compatibility is to convert the AAC multi-channel audio into Dolby Digital 5.1, and the chipsets in many FreeviewHD products are capable of doing this. Kit connected via HDMI can tell the receiver if it will support multi-channel PCM, but via S/PDIF that’s not possible, as it’s a one way connection. So, creating Dolby Digital is a solution that will work for most kit, and will work whether the programme is in stereo or multi-channel audio.

It would be possible to switch between using Dolby Digital 5.1 and PCM 2.0 when a programme is broadcast in stereo on HD channels, but that’s not generally considered a great idea. Lots of kit will handle it perfectly, but some won’t, and you may get a momentary loss of sound, or some other audible glitch. So, it’s best to stick to the same codec, and simply indicate the number of channels included in the stream.

This is less of a problem when changing between SD and HD channels, of course, because you’ll be expecting to lose sound and vision anyway.

The quick answer to the question, then, is that it’s just a different codec, but the signal is still in stereo. And the details, above, explain why it makes sense to create a Dolby signal even for a stereo programme.


Choosing a FreeviewHD recorder

I’ve just finished reviewing the TVonics DTR-Z500HD Freeview HD recorder for Register Hardware; it should be published in the next week or so. I can’t tell you exactly what I thought before then (after all, they pay me for my opinion), but I thought it’s worth raising some questions that people will have to think about when they head out to buy something like this, because there isn’t really a single product that ticks absolutely all the boxes.

I’ve looked at four ‘pure’ FreeviewHD recorders, by which I mean units that record only to a hard drive, and also a Panasonic one that can burn DVDs. There are some interesting new models coming along, which I hope to look at including the new Sony, which is the first model to be certified with all the necessary software for the BBC iPlayer via Freeview.

So, it’s worth taking a look at what you’ll find from the various products that are out there, and the key ways in which they differ. I’m not necessarily intending to direct people towards a specific product, but rather to explain the things you might need to consider when you buy, so you can choose the best product for your needs.

It’s worth stressing at this point that many manufacturers will tell you that something “is planned for a future firmware update.” It can be tempting to make your decision based on such statements, but do try to check them first, and make sure they really have come from a reliable source, and not just wishful thinking on a forum somewhere. The best advice, really, is always to buy a product for what it does now, rather than what you hope it might do at some later date, if there’s an update to it.

Under consideration

I’m going to refer to five products here, to give you an idea of the sort of breadth of functionality you might come across; four are ones I’ve tested myself – the Humax HDR-Fox T2, Icecrypt T2400, TVonics DTR-Z500HD, and DigitalStream DHR8205. The final one is the new Sony SVR-HDT500. I’m purposefully leaving aside the Panasonic disc burning kit – it’s not really in quite the same class as these others.

All of these products have differing degrees of functionality, but you can pick them all up for between £200 and £300, give or take a bit. The DigitalStream and TVonics are at the cheaper end of the range, the Sony is more or less in the middle, and the Humax and Icecrypt come in at the top of the range (that’s assuming a 500GB disk; some are available with different sizes; if you want to know how that relates to recording time, read this article).

Key differences

All the recorders have their own little quirks and differences, which I’m not going to enumerate here; you’d do best to read the reviews for more insight on that. But there are also big functional differences that might make quite a difference to what you want to buy, so that’s what I’ll look at here.

BBC iPlayer is one of those; only two of the products have it available – the Humax and the Sony. In the case of the Sony (and it will roll out to future kit, as I mentioned here) it’s provided by supporting the iPlayer on the red button services, so you press Red while watching any BBC TV channel and select it from the menu. On the Humax, it’s via their own TV portal, which also provides access to Sky Player – and it’s the only kit so far that will let you access Sky content that way. Some of the others may get iPlayer via red button later – but remember what I said about updates.

Dolby Transcoding (a favourite topic on this site) isn’t universally supported; of the products I’m talking about but the IceCrypt have it at the moment, though on the Sony it’s apparently not available via HDMI. Is this important to you? Only you can tell, though to keep things in perspective, so far it’s just a few HD programmes that broadcast with surround. All newer kit should have it, but I’d still advise checking exactly how much support there is.

Some people just want a recorder that lets them watch and record TV. Others want it to be able to view other things, like movies they’ve downloaded, or photos. The Humax can play media over your home network; the others don’t – but the IceCrypt lets you copy files to it via the network, and then view them. The others will let you view photos from a USB drive, and sometimes play MP3 files, but that’s as far as it goes.

How much TV do you watch? That might sound a silly question, but it can be important. Most of the kit I’ve mentioned is clever enough to let you watch a third channel while you’re recording two others, a trick made possible by the way digital TV works. But the TVonics doesn’t. Some people won’t be bothered, but others will find that pretty limiting.

Subtle shades

Those are the main differences you’ll find, really – is surround sound supported, is iPlayer available, can you view files stored on your home network. But of course there will be more subtle things too, like the interface, and how you can organise recordings (the TVonics, for example, just has one list, and no folders), or whether you can browse the programme guide by genre, or even search by name.

Some of those things might sound like things you’d never do, but it’s worth thinking about them, because they can be the little things that will make using a PVR a completely different way of watching TV, as I tried to explain here. Only you know which will really be important to you, but I hope I’ve pointed out some of the key areas where products may differ from one another, even though they seem superficially similar.


EU court decision could cut price of PVRs

For those who didn’t spot it, last week the excellent Broadband TV News site carried a report about a ruling from the European Court of Justice which may have implications for the pricing of PVRs – the hard disk recorders that many people are using for satellite and terrestrial services like Freeview, Freesat and Sky.

Until now, these have been classified as recording apparatus, and so attract a rate of duty of 13.9% when they’re imported into the EU, which of course makes them a little more expensive in the shops.

The ECJ has ruled that they should be reclassified as set top boxes with a communications function, which exempts them from duties (and that, ‘communications function’ element is why, for example, the iCan EasyHD Freeview HD set top box has a modem port on the back; it’s cheap to add, and reduces the import costs).

How prices work

Of course, the fact that the duty may not have to be paid won’t necessarily reduce prices – it could just be absorbed into the profit margin by distributors or retailers, and eventually eaten away by inflation over time, so don’t get too hopeful about a price drop yet.

It’s also worth looking at how things like this affect the pricing. Let’s suppose that a product costs a nice neat £100 to manufacture and ship to the UK.

Import duties of 13.9% take the cost at the point of import to £113.90. If we assume that the distributor of the product takes just 5% margin – out of which they’ll be promoting the product to retailers, perhaps advertising it, and handling repairs, warranty and so forth – the price that they can offer to retailers is £119.60.

According to people I’ve spoken with, some of the large retailers may demand a margin of 30%; sometimes they’ll work backwards from a retail price-point that they have in mind and say “We want to sell this at £179.95” so you have to sell it to us at a price that gives us 30% margin. But for this simple comparison, let’s assume that they just add 30% margin on, taking the final price to £155.47, but that’s before VAT is added, so the final price to the customer is £186.57, for a product that cost £100 at the point of import.

How much difference does the duty change make? If we assume everything else is the same, then the price after VAT is £163.80, or over £20 on £100 of imported product, so not to be sniffed at. And, of course, most PVRs are starting at around the £200 mark, or even higher, so potentially, there could be even larger savings.

Imbalance of power

Incidentally, going back to the point I made about large retailers having a price point in mind, if they did impose that price, then what happens is that the distributor – especially for smaller brands, who won’t have the same power as the large retailers, who can simply decide to drop the product – will be forced to cut their margin. With the figures I’ve given for the example with duty and a retail price of £179.95, that means they’d have to offer large retailers the product for £115.35, equivalent to a margin of 1%.

And after this duty change – which of course most punters won’t hear about – they could continue to sell at that hypothetical price, and if they paid the distributor his full 5% margin, the retailer would have a margin of 42.8%. Or, they could drop the price to £159.95, maintain their margin and the squeeze on the importer, and boast about having cut prices by £20.

This, of course, happens all over the retail world, not just in electronics – just ask a farmer!


The magic number: 6.2.1

Those who’ve followed the saga of Freeview HD since its launch, and the discovery by many early adopters that they couldn’t actually get surround sound using their existing equipment, may recall that I mentioned all that was going to change.

Well, in theory, that day is here. The latest version of the ‘D Book’ which contains the technical specifications for Freeview HD kit in the UK is now being used for testing. It’s version 6.2.1 and it apparently clarifies further two of the important aspects of Freeview HD.

One is the transcoding of surround sound, which means that even if you have older equipment that can only be connected via optical, or HDMI kit that only understands Dolby Digital, you should be able to get surround sound through your existing system, even when the broadcasters are using AAC audio, as they do at the moment. (If you want a crash course in surround sound, start here)

The second feature is support for the enhanced interactive services (called the MHEG Interaction Channel), which are used to provide the BBC iPlayer via the Red Button service.

The DTG has been helpful enough to announce on their website that Sony’s new Freeview+ HD box has been certified to D Book 6.2.1, so you should be able to buy the SVR-HDT500 safe in the knowledge that it’ll do everything you want.

But it’s not likely they’ll be doing that for everything else – and that means you’ll find some equipment on sale that has been tested with the new version of the D Book, and some that was tested with the older version, which may or may not provide iPlayer or Dolby Digital transcoding.

All you know is that if a product has the digital tick and the Freeview logo, it has passed DTG testing. There is no way for a consumer to know which version of the tests it used.

In time, that won’t make so much difference, but right now, it’s pretty stupid. There should, at least, be a list of equipment tested under the previous version of the D Book, so that consumers can make an informed decision about whether or not to buy older kit – they’d know, at the very least, that they would have to enquire further to find out exactly what functionality was supported.

Update: The DTG told me this morning that they are working on such a list. More details when I have it.

Sharing information

I have my own list on this site, but I’ve not been able to try every box out there, let alone every version of firmware for them; as I posted yesterday, if you have kit that’s not on the list, or can offer more information, perhaps we can crowdsource a more comprehensive one.

Why’s that important? While all new kit should support surround sound, and iPlayer, the older stuff isn’t going to vanish from shelves overnight, and it’s likely to be around for a while. It will also often be discounted, making it cheaper for many users who want to buy HD kit, so it’s important that they are informed about just what they’ll be getting.

What the new specs say

Although the D Book itself isn’t publicly available, the Freeview HD licence that manufacturers have to agree to is, and that outlines the changes. There are three main ones to focus on:

1. Support for Audio Description on channels using AAC audio is mandatory, since 1st January 2011. As long time followers of this will recall, it was the need to offer Audio Description that made broadcasters choose AAC audio, causing the whole transcoding issue, so the fact that it wasn’t even mandatory for receivers to support AD made things even more frustrating.

2. Audio Transcoding; D Book 6.2.1 ‘clarifies’ this and the following features are mandatory since 1st Jan 2011:


Where the HDMI sink does not support the native bitstream audio, the receiver shall be able to perform one of the following, presenting the same number of channels as broadcast:

• Transcode to AC-3. • Transcode to DTS. • Output linear PCM.

For the uninitiated, ‘HDMI sink’ means the thing the box is plugged into, such as an AV receiver or a TV. And there’s still pretty much nothing on the market that does support AAC multi-channel audio; AC-3 is old-fashioned Dolby Digital, which most home AV kit will support, giving you proper 5.1 surround via HDMI; DTS is an alternative system, but I suspect most kit will simply output Dolby Digital.

Via optical:

If SPDIF supported, the receiver shall be able to output any multi-channel audio, regardless of the broadcast encoding, in one of the following formats, presenting the same number of channels as broadcast:

• AC-3. • DTS.

So, finally the specs make transcoding mandatory, and this should be true of all of this year’s kit – but I’ll certainly post about any I find where that turns out not to be true.

3. From 1st April 2011,

Receivers shall support the MHEG InteractionChannelExtension and ICStreamingExtension, as defined in Chapters 11 to 19. This requires receivers to provide a broadband network interface supporting TCP/IP (e.g. Ethernet or IEEE 802.11).

Equipment tested between 1st Jan and 1st April doesn’t have to support the latest spec, and so won’t necessarily support iPlayer.

Where are we now?

Essentially, any kit tested now must support both iPlayer and transcoding of surround sound. Any kit tested since Jan 1st must support transcoding. Kit tested earlier doesn’t have to support either – but it may support transcoding anyway (see my list for kit that does).

Unfortunately, it’s not quite as simple as saying “Only buy products released from now on” as the testing process can often happen quite some time in advance of kit being on sale. And the lack of a public list stating what was tested when, or even an addition to the Freeview HD labelling, indicating support for transcoding and iiPlayer is something of a shame, to put it mildly.

The forthcoming list from the DTG will hopefully help choosing equipment a little easier.


Freeview HD surround sound updates

I’ve just made a minor update to my list of equipment that can transcode surround sound for Freeview HD, adding information about the TVonics DTR-Z500HD, which I’m reviewing at the moment for Register Hardware.

I’ll also be posting a more general update about the topic in the next few days. Meanwhile, if you have already bought Freeview HD kit, and have it connected up to your surround sound system, please do let me know whether or not you are able to get surround sound from it. I’d like to try and build up a more comprehensive list of the 2010 kit – which is likely to be sold off cheaply as new models come out – so that those looking for a bargain can be sure what they’ll be getting.

How to check

The best way to check whether or not your kit can decode surround properly is either to watch the BBC test card, which is on during the daytime, or to catch one of the programmes that is always broadcast in 5.1 audio, such as Later with Jools Holland or A little Later. You should see your AV kit indicate that it’s receiving a Dolby Digital signal, rather than Pro Logic or simple PCM audio.

If you are able to check and let me know, please do – the email address is at the top of this page, or you can post in the comments. Remember to say exactly what model number your FreeviewHD receiver or TV is, and if possible which firmware version. It would also be helpful to know if you have connected it to your AV gear using an optical connection or an HDMI one.

If enough people supply information, then we can create a useful table for others to refer to when they are thinking of buying Freeview HD kit.


High speed broadband: Korea can. Why can’t we?

This was originally published in Personal Computer World as part of a feature on Ultrafast Broadband I wrote in 2008.

Take a look around online, and you’ll often find people pointing out that other countries have cheaper and faster provision than the UK – and it’s true. But, sadly, that doesn’t mean that we can necessarily have the same, and there are some important factors that are often overlooked.

For example, in many parts of Europe, cable television is much more prevalent, and passes more than 90% of homes, giving both easier access to the network, and greater economies of scale. In the UK, the comparable figure is 50% – and the cable industry has only come together as one in the last two years, after starting as a huge patchwork of organisations; on the continent, consolidation happened much sooner.

But cable’s not the only reason – it turns out that two of our key British obsessions also count against us in the broadband stakes – houses and mortgages. Places like Korea, where just about everyone who wants it can have blisteringly fast broadband aren’t like the UK. With our old housing stock and dislike of living in flats, 80% of British properties are houses (according to the Office for National Statistics). In London there are more purpose-built flats, but it’s still only 32%. Compare that with Seoul, where flats were just 4% of housing in 1970, but had grown to 53% by 2006. Installing a high speed link to an apartment block means one fibre can serve hundreds of homes, rather than just the one that would be the case for a typical house, or a handful for a small converted house.

And our desire to own properties makes things complicated too; it’s much easier to install high speed broadband services, like those from Ask4, at the building stage, along with all the other utilities, but our slow rate of building means that’s only just starting to happen. And while you can install connections as part of a refurbishment, as Ask4’s Jonathan Burrows explained “That’s much easier when the whole building is owned by one company. Otherwise you have to make a separate legal agreement with each occupier.”

So, while it may well be true that some countries are doing better than we are when it comes to provision of high speed broadband, it’s sadly not an issue that can be looked at in purely technical terms.