Roon Discussion

Discussion in 'Computer Audiophile: Software, Configs, Tools' started by AllanMarcus, Jul 3, 2016.

Tags:
  1. mkozlows

    mkozlows Friend

    Pyrate
    Joined:
    Oct 6, 2015
    Likes Received:
    512
    Trophy Points:
    93
    Yeah, I mean... it's an open port. Look inside your Roon Remote settings at the ARC tab, it'll tell you which port you have open. Anyone on the internet can connect to that port, and from that point on, you're entirely at the mercy of Roon's software quality not to have buffer overflows or XML parsing vulnerabilities or whatever else.

    If their software is buggy, an attacker now has permission on the machine where you have Roon installed to do whatever the user running the Roon service can do (at the very least, probably delete all your music). If that machine has an open privilege escalation exploit (and if you're not assiduous about updating it, it might), now they have root on that machine and can do anything on it. And even without that, now they're inside your network, and can probe around for other gaps or open file shares or insecure smart lightbulbs to turn into DDoS bots, or whatever else.

    It's a real risk, and the main mitigating factor is that Roon is too obscure for most people to give a shit trying to hack Roon. But security through obscurity only works until it doesn't. So hopefully Roon is really good at network security?
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 4
    • Respectfully Disagree Respectfully Disagree x 1
    • List
  2. famish99

    famish99 Friend

    Pyrate
    Joined:
    Dec 26, 2017
    Likes Received:
    1,714
    Trophy Points:
    93
    Location:
    Austin, TX
    Roon operates on the .NET runtime; while not impossible, C#'s memory management makes it significantly tougher for most buffer exploits to occur.
     
  3. Metro

    Metro Friend

    Pyrate
    Joined:
    Dec 27, 2016
    Likes Received:
    1,590
    Trophy Points:
    93
    Location:
    San Francisco
    For a moment there, I thinking of MQA :p.
     
  4. winders

    winders boomer

    Banned
    Joined:
    Feb 13, 2017
    Likes Received:
    1,596
    Trophy Points:
    113
    Location:
    San Martin, CA
    No. They can try and connect to that port. That's a not so subtle difference to what you said.
     
  5. Justin S

    Justin S Friend

    Pyrate Contributor
    Joined:
    Mar 14, 2018
    Likes Received:
    1,506
    Trophy Points:
    93
    Location:
    Toronto
    For me, security through invisibility is my preference :)
     
  6. earnmyturns

    earnmyturns Smartest friend

    Pyrate
    Joined:
    Sep 25, 2016
    Likes Received:
    3,218
    Trophy Points:
    113
    Location:
    Palo Alto
    Home Page:
    Even before ARC, that's why my Roon Core is a standalone Linux box, frequently updated, with no privileged access to anything else on the same LAN. Yeah, it could try to hack my iot gadgets, I have other measures on this network to reduce outbound risk. In an ideal world they'd be using something like QUIC but apparently there aren't yet robust implementations for all the platforms Roon is on.
     
    • Like Like x 2
    • Epic Epic x 1
    • List
  7. Taverius

    Taverius Smells like sausages

    Pyrate
    Joined:
    Dec 27, 2017
    Likes Received:
    3,026
    Trophy Points:
    113
    Location:
    Rapallo, Italy
    Quality is perfectly fine for listening while driving/walking, which is all I was expecting form it.
     
  8. Pocomo

    Pocomo Friend

    Pyrate Contributor
    Joined:
    Jul 6, 2016
    Likes Received:
    284
    Trophy Points:
    53
    Location:
    Boston
    I use Roon at home and Spotify (paid) in the car. I don't think Arc is going to change that picture for me.
     
  9. Metro

    Metro Friend

    Pyrate
    Joined:
    Dec 27, 2016
    Likes Received:
    1,590
    Trophy Points:
    93
    Location:
    San Francisco
    Heads up that Roon Core 2.0 won't run on older Mac and Windows systems (minimum requirement are macOS 10.15 Catalina and Windows 10). Notably, older models of Mac Mini can't run Catalina.

    The crazy thing is that Roon 2.0 will go ahead and install itself onto incompatible devices :rolleyes:. Some users who were running old systems upgraded and got stuck, and it's a hassle to downgrade back to 1.8.
    https://help.roonlabs.com/portal/en/kb/articles/roon-1-8-2-0-migration-faq-16-9-2022
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  10. Clemmaster

    Clemmaster Friend

    Pyrate Contributor
    Joined:
    Sep 28, 2015
    Likes Received:
    3,268
    Trophy Points:
    113
    On the flip side, it now supports Apple silicon natively.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  11. winders

    winders boomer

    Banned
    Joined:
    Feb 13, 2017
    Likes Received:
    1,596
    Trophy Points:
    113
    Location:
    San Martin, CA
    Yes. Roon is now using .NET instead of Mono for the Mac version which not only supports Apple Silicon natively, it also has MUCH better memory management. This has not only improved performance on the M1 Macs, but it has also fixed the memory leak problems some users were seeing.
     
  12. Metro

    Metro Friend

    Pyrate
    Joined:
    Dec 27, 2016
    Likes Received:
    1,590
    Trophy Points:
    93
    Location:
    San Francisco
    Last edited: Sep 23, 2022
  13. Taverius

    Taverius Smells like sausages

    Pyrate
    Joined:
    Dec 27, 2017
    Likes Received:
    3,026
    Trophy Points:
    113
    Location:
    Rapallo, Italy
    It doesn't immediately stop if you're using ROCK, at least - i restarted my network infrastructure this morning down to the VDSL modem and it kept playing.
     
  14. GoodEnoughGear

    GoodEnoughGear Evil Dr. Shultz‎

    Pyrate
    Joined:
    Oct 25, 2015
    Likes Received:
    3,070
    Trophy Points:
    113
    Location:
    Cape Town, South Africa
    Meh, I'm geeky enough that I keep FB2k and JRiver up to date, not to mention UAPP on my phone that does Qobuz too.
     
  15. crenca

    crenca Friend

    Pyrate
    Joined:
    May 26, 2017
    Likes Received:
    3,822
    Trophy Points:
    113
    Location:
    Southern New Mexico
    • Agreed, ditto, +1 Agreed, ditto, +1 x 2
    • List
  16. zonto

    zonto Friend

    Pyrate Contributor
    Joined:
    Sep 30, 2015
    Likes Received:
    4,975
    Trophy Points:
    113
    Location:
    Boston, MA
    Apparently users that want offline access can stay on version 1.8 Legacy, which won't prompt an upgrade. Seems much of this was focused on not having to maintain offline search functionality. I don't get why basic search of a local library and metadata would be difficult to maintain in offline mode, just not having full search or "Valence" functionality.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 4
    • Like Like x 1
    • List
  17. dasman66

    dasman66 Self proclaimed lazy ass - friend

    Pyrate Contributor
    Joined:
    Mar 13, 2018
    Likes Received:
    2,461
    Trophy Points:
    113
    Location:
    NW Pennsylvania
    OMG... what a horrible design decision.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  18. crenca

    crenca Friend

    Pyrate
    Joined:
    May 26, 2017
    Likes Received:
    3,822
    Trophy Points:
    113
    Location:
    Southern New Mexico
    Even in an industry (software) that is known for their myopic view of how their customers actually use and relate to their product, this decision surprises me.

    I experimented briefly, dropping my network (and thus internet) connection. With no internet, Roon will not start up at all, hanging early on in the startup process. If you start up Roon with internet, and then drop your connection, it will run a few minutes and you can add/subtract/play local files, but I'm not sure for how long.
     
  19. Metro

    Metro Friend

    Pyrate
    Joined:
    Dec 27, 2016
    Likes Received:
    1,590
    Trophy Points:
    93
    Location:
    San Francisco
    Users on the Roon community forum have been experimenting, and one was able to continue running for 4 hours after disconnecting the internet. Danny replied:
    This may be the 4th time I’ve said it: Zero minutes. You may find it to be longer, but different things will break at different and unpredictable times. You should not rely on 2.0 working without internet access.
    Use 1.8 Legacy if you need offline access.
    Here is Roon's explanation for requiring internet access:
    https://www.reddit.com/r/roonlabs/comments/xkhtk6/comment/ipeh7co/
    Whatever their reasons, they seem to be baffled by the backlash. They are so caught up with doing things their way that they forget that the most basic function is to just play the damn music file.
     
  20. dasman66

    dasman66 Self proclaimed lazy ass - friend

    Pyrate Contributor
    Joined:
    Mar 13, 2018
    Likes Received:
    2,461
    Trophy Points:
    113
    Location:
    NW Pennsylvania
    wow... it's dumbfounding that they are that disconnected with their users that they didn't foresee pushback. Not everyone has stable internet, and I'm sure there are people out in rural areas that don't have highspeed internet.
     

Share This Page