• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required as is 20 years of participation in forums (not all true). Come here to have fun, be ready to be teased and not take online life too seriously. We now measure and review equipment for free! Click here for details.

Review and Measurements of Topping D10 DAC

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
 

777

Active Member
Joined
Jan 1, 2019
Messages
260
Likes
164
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
:D:D Hillarious post. For Linux remain the same problems ?
 

mi-fu

Senior Member
Patreon Donor
Joined
Jun 7, 2018
Messages
367
Likes
298
Location
New York
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
interesting.
 

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
:D:D Hillarious post. For Linux remain the same problems ?
Well if you want to execute stuff from untrusted sources with admin priviliges you do you ;)
The firmware updater is Windows only, although the firmware itself is a bin file, so I'm guessing the D10 runs some sort of UNIX like OS.

There might be a way to get the firmware into the device without messing with software, though
 

litguy

New Member
Joined
Nov 16, 2018
Messages
3
Likes
0
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
how could you cheat by your government ? why Chinese government want to set backdoor in your computer ?
It's paranoid, Chinese people never have interesting to other person's computer, it's waste of our life
 

Krunok

Major Contributor
Joined
Mar 25, 2018
Messages
3,844
Likes
1,977
Location
Zg, Cro
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable outlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
Sure, by all means this can be done. It is, however, totally unclear what would Chinese hope to find on computers of the D10 users that would justify such effort.. :facepalm:
 
Last edited:

DKT88

Active Member
Patreon Donor
Joined
Feb 26, 2019
Messages
147
Likes
112
Location
South Korea
I have a critique regarding the D10.

1. If you want to upgrade firmware you have to execute Chinese software. Nothing against Chinese people, but we've all heard about backdoors from the Chinese government in software from reputable ou tlets. I really dislike having to expose my computer to security risks to upgrade performance.
2. The firmware itself is downloaded from Topping's website which doesn't use HTTPS. This means that anyone in transit can modify the firmware. So we can't even be sure we are downloading the software from Topping directly. Needless to say, this is a large security risk. This would be solved if Topping cryptographically signed it.

Issue 1 might be controversial to some. Issue 2 shouldn't be controversial. It's just common sense not to execute stuff you downloaded from HTTP, even if it comes from reputable sources (because you cannot verify that it hasn't been tampered with). I hope Topping changes this.
Heres an example of why to worry... https://www.zdnet.com/article/chine...s-products-from-three-asian-gaming-companies/
 

litguy

New Member
Joined
Nov 16, 2018
Messages
3
Likes
0

Snarfie

Active Member
Joined
Apr 30, 2018
Messages
263
Likes
115
If I was you I also would not trust US (NSA) hard & software. https://thediplomat.com/2014/05/in-cyber-dispute-with-us-china-targets-ibm-cisco/
The Chinees don't have any (essential) IBM/SISCO hardware running for a long time. Would be wise if european compagnies/countries would do the same. Ha ha Ore not!. Probable Google knows more about you than you know about your self. They don't need spyware only your consent.
1559813064234.png
 
Last edited:

DKT88

Active Member
Patreon Donor
Joined
Feb 26, 2019
Messages
147
Likes
112
Location
South Korea
If I was you I also would not trust US (NSA) hard & software. https://thediplomat.com/2014/05/in-cyber-dispute-with-us-china-targets-ibm-cisco/
The Chinees don't have any (essential) IBM/SISCO hardware running for a long time. Would be wise if european compagnies/countries would do the same. Ha ha Ore not!. Probable Google knows more about you than you know about your self. They don't need spyware only your consent. View attachment 27265
Yeah, I got rid of Chrome a few weeks ago and am trying DuckDuckGo for a browser. My cyber concerns are not so much privacy (I'm boring) as they are hackers obtaining financial info. A few months ago they did literally get into my computer through Teamviewer. Fortunately I saw the breach and within an hour I locked down all my accounts. Chrome had some saved passwords and they transferred funds from my PayPal and tried and failed to log into Amazon. So I nuked Teamviewer and have hardened up defenses.
 

Snarfie

Active Member
Joined
Apr 30, 2018
Messages
263
Likes
115
Yeah, I got rid of Chrome a few weeks ago and am trying DuckDuckGo for a browser. My cyber concerns are not so much privacy (I'm boring) as they are hackers obtaining financial info. A few months ago they did literally get into my computer through Teamviewer. Fortunately I saw the breach and within an hour I locked down all my accounts. Chrome had some saved passwords and they transferred funds from my PayPal and tried and failed to log into Amazon. So I nuked Teamviewer and have hardened up defenses.
That sucks. My creditcards i block them for scanners (basicly it is turnoff) use my password instead. Also sort of safety measure.
 

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
how could you cheat by your government ? why Chinese government want to set backdoor in your computer ?
It's paranoid, Chinese people never have interesting to other person's computer, it's waste of our life
It's not that the Chinese government has an interest in you. They want to have backdoors in software used by Chinese people.
 

Snarfie

Active Member
Joined
Apr 30, 2018
Messages
263
Likes
115
It's not that the Chinese government has an interest in you. They want to have backdoors in software used by Chinese people.
Could be that western goverments/ compagnies/special interest groups are hiring chinees israeli or russian hackers to do the job for them. An so we are in the complote theories
 

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
Could be that western goverments/ compagnies/special interest groups are hiring chinees israeli or russian hackers to do the job for them. An so we are in the complote theories
Well, except that Chinese cyber espionage has been reported by reputable outlets, such as the NYT, WaPo, etc. It's a well known fact. I wouldn't call it conspiracy theory
 

Snarfie

Active Member
Joined
Apr 30, 2018
Messages
263
Likes
115
Well, except that Chinese cyber espionage has been reported by reputable outlets, such as the NYT, WaPo, etc. It's a well known fact. I wouldn't call it conspiracy theory
Ok but how do we ban for instance de NSA spying on westrn goverments also a well known fact (german president Merkel for instance). Who do we trust too spy?.
 
Last edited:

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
Ok but how do we ban for instance de NSA spying on westrn goverments also a well known fact (german president Merkel for instance). Who do we trust too spy?.
The spying of the NSA is localized to people of interest, unlike China who spies on all of its citizens for words related to political opposition, for example. In any case, it's always a good idea to use open source software where you can see the source code, since backdoors are much harder to introduce.

In any case, I think we all know that with all its faults the probability of being spied by western software is much smaller than if you were using Chinese. There's really no equivalence.
 

DKT88

Active Member
Patreon Donor
Joined
Feb 26, 2019
Messages
147
Likes
112
Location
South Korea
got it, but, I don't know why you think the group created by government ?
I cannot image government have interesting to game player.
In China, we have no privacy, the IM software data all monitor by government.
If they want player data, they can give order directly to game service provider.
The link I posted didn't attribute the specific hacking of gameware to the Chinese government, it was a hacker case. I don't think the Chinese government is interested in hacking a few thousand audiophile computers. But individual hackers, perhaps, still a rather small target. But if the OP is correct in the security assessment of Toppings firmware downloads, that is a security concern and Topping should fix it.
 

AndrovichIV

Active Member
Patreon Donor
Joined
May 25, 2019
Messages
123
Likes
133
The link I posted didn't attribute the specific hacking of gameware to the Chinese government. I don't think the Chinese government is interested in hacking a few thousand audiophile computers. But individual hackers, perhaps, still a rather small target. But if the OP is correct in the security assessment of Toppings firmware downloads, that is a security concern and Topping should fix it.
Agreed. For me the issue that it uses Chinese software is less concerning than the fact that you download an executable through insecure HTTP.
 

waqi953

New Member
Joined
Jun 15, 2019
Messages
1
Likes
0
Hi, I'm new to desktop DAC. I'm planning to buy Topping D10 with JDS Atom. But I probably going to buy the D10 first and the Atom next month. My question is, if I use RCA to 3.5 jack female adapter and connected to headphone, can it produce sound from the RCA out? I'm new to this and trying to search around the internet for the answer but couldn't found it. Appreciate someone cam answer this for me. Thank you.
 
Top Bottom