Roon Discussion

Discussion in 'Computer Audiophile: Software, Configs, Tools' started by AllanMarcus, Jul 3, 2016.

Tags:
  1. Justin S

    Justin S Friend

    Friend
    Joined:
    Mar 14, 2018
    Likes Received:
    629
    Trophy Points:
    93
    Location:
    Toronto
    This is what I thought. Thanks for your input.
     
  2. crenca

    crenca Friend

    Friend
    Joined:
    May 26, 2017
    Likes Received:
    3,400
    Trophy Points:
    113
    Location:
    Southern New Mexico
    That is until the 'Roon Arc Exploit' comes out :p

    You know, the software guys that work at Roon probably don't have core competency with internet services (Bob Stuart is their mentor and inspiration after all ;) ). I agree that the risk is relatively low, lower then some other things a typical person does with their network. Still, security through obscurity may well be the saving grace here - Roon is a niche of a niche of a niche...

     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
    Last edited: Sep 21, 2022
  3. mkozlows

    mkozlows Friend

    Friend
    Joined:
    Oct 6, 2015
    Likes Received:
    479
    Trophy Points:
    63
    Yeah, I mean... it's an open port. Look inside your Roon Remote settings at the ARC tab, it'll tell you which port you have open. Anyone on the internet can connect to that port, and from that point on, you're entirely at the mercy of Roon's software quality not to have buffer overflows or XML parsing vulnerabilities or whatever else.

    If their software is buggy, an attacker now has permission on the machine where you have Roon installed to do whatever the user running the Roon service can do (at the very least, probably delete all your music). If that machine has an open privilege escalation exploit (and if you're not assiduous about updating it, it might), now they have root on that machine and can do anything on it. And even without that, now they're inside your network, and can probe around for other gaps or open file shares or insecure smart lightbulbs to turn into DDoS bots, or whatever else.

    It's a real risk, and the main mitigating factor is that Roon is too obscure for most people to give a shit trying to hack Roon. But security through obscurity only works until it doesn't. So hopefully Roon is really good at network security?
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 4
    • Respectively Disagree Respectively Disagree x 1
    • List
  4. famish99

    famish99 Friend

    Friend
    Joined:
    Dec 26, 2017
    Likes Received:
    1,586
    Trophy Points:
    93
    Location:
    Austin, TX
    Roon operates on the .NET runtime; while not impossible, C#'s memory management makes it significantly tougher for most buffer exploits to occur.
     
  5. Metro

    Metro Friend

    Friend
    Joined:
    Dec 27, 2016
    Likes Received:
    1,420
    Trophy Points:
    93
    Location:
    San Francisco
    For a moment there, I thinking of MQA :p.
     
  6. winders

    winders boomer

    Friend
    Joined:
    Feb 13, 2017
    Likes Received:
    1,558
    Trophy Points:
    113
    Location:
    San Martin, CA
    No. They can try and connect to that port. That's a not so subtle difference to what you said.
     
  7. Justin S

    Justin S Friend

    Friend
    Joined:
    Mar 14, 2018
    Likes Received:
    629
    Trophy Points:
    93
    Location:
    Toronto
    For me, security through invisibility is my preference :)
     
  8. earnmyturns

    earnmyturns Smartest friend

    Friend
    Joined:
    Sep 25, 2016
    Likes Received:
    2,483
    Trophy Points:
    113
    Location:
    Palo Alto
    Home Page:
    Even before ARC, that's why my Roon Core is a standalone Linux box, frequently updated, with no privileged access to anything else on the same LAN. Yeah, it could try to hack my iot gadgets, I have other measures on this network to reduce outbound risk. In an ideal world they'd be using something like QUIC but apparently there aren't yet robust implementations for all the platforms Roon is on.
     
    • Like Like x 2
    • Epic Epic x 1
    • List
  9. Taverius

    Taverius Smells like sausages

    Friend
    Joined:
    Dec 27, 2017
    Likes Received:
    2,999
    Trophy Points:
    113
    Location:
    Rapallo, Italy
    Quality is perfectly fine for listening while driving/walking, which is all I was expecting form it.
     
  10. Pocomo

    Pocomo Acquaintance

    Joined:
    Jul 6, 2016
    Likes Received:
    76
    Trophy Points:
    18
    Location:
    Boston
    I use Roon at home and Spotify (paid) in the car. I don't think Arc is going to change that picture for me.
     
  11. Metro

    Metro Friend

    Friend
    Joined:
    Dec 27, 2016
    Likes Received:
    1,420
    Trophy Points:
    93
    Location:
    San Francisco
    Heads up that Roon Core 2.0 won't run on older Mac and Windows systems (minimum requirement are macOS 10.15 Catalina and Windows 10). Notably, older models of Mac Mini can't run Catalina.

    The crazy thing is that Roon 2.0 will go ahead and install itself onto incompatible devices :rolleyes:. Some users who were running old systems upgraded and got stuck, and it's a hassle to downgrade back to 1.8.
    https://help.roonlabs.com/portal/en/kb/articles/roon-1-8-2-0-migration-faq-16-9-2022
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  12. Clemmaster

    Clemmaster Friend

    Friend
    Joined:
    Sep 28, 2015
    Likes Received:
    2,800
    Trophy Points:
    113
    On the flip side, it now supports Apple silicon natively.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  13. winders

    winders boomer

    Friend
    Joined:
    Feb 13, 2017
    Likes Received:
    1,558
    Trophy Points:
    113
    Location:
    San Martin, CA
    Yes. Roon is now using .NET instead of Mono for the Mac version which not only supports Apple Silicon natively, it also has MUCH better memory management. This has not only improved performance on the M1 Macs, but it has also fixed the memory leak problems some users were seeing.
     
  14. Metro

    Metro Friend

    Friend
    Joined:
    Dec 27, 2016
    Likes Received:
    1,420
    Trophy Points:
    93
    Location:
    San Francisco
    Last edited: Sep 23, 2022 at 3:21 PM
  15. Taverius

    Taverius Smells like sausages

    Friend
    Joined:
    Dec 27, 2017
    Likes Received:
    2,999
    Trophy Points:
    113
    Location:
    Rapallo, Italy
    It doesn't immediately stop if you're using ROCK, at least - i restarted my network infrastructure this morning down to the VDSL modem and it kept playing.
     
  16. GoodEnoughGear

    GoodEnoughGear Evil Dr. Shultz‎

    Friend
    Joined:
    Oct 25, 2015
    Likes Received:
    3,008
    Trophy Points:
    113
    Location:
    Cape Town, South Africa
    Meh, I'm geeky enough that I keep FB2k and JRiver up to date, not to mention UAPP on my phone that does Qobuz too.
     
  17. crenca

    crenca Friend

    Friend
    Joined:
    May 26, 2017
    Likes Received:
    3,400
    Trophy Points:
    113
    Location:
    Southern New Mexico
    • Agreed, ditto, +1 Agreed, ditto, +1 x 2
    • List
  18. zonto

    zonto Friend

    Friend
    Joined:
    Sep 30, 2015
    Likes Received:
    4,327
    Trophy Points:
    113
    Location:
    Boston, MA
    Apparently users that want offline access can stay on version 1.8 Legacy, which won't prompt an upgrade. Seems much of this was focused on not having to maintain offline search functionality. I don't get why basic search of a local library and metadata would be difficult to maintain in offline mode, just not having full search or "Valence" functionality.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 4
    • Like Like x 1
    • List
  19. dasman66

    dasman66 Self proclaimed lazy ass - friend

    Friend
    Joined:
    Mar 13, 2018
    Likes Received:
    1,663
    Trophy Points:
    93
    Location:
    NW Pennsylvania
    OMG... what a horrible design decision.
     
    • Agreed, ditto, +1 Agreed, ditto, +1 x 1
    • List
  20. crenca

    crenca Friend

    Friend
    Joined:
    May 26, 2017
    Likes Received:
    3,400
    Trophy Points:
    113
    Location:
    Southern New Mexico
    Even in an industry (software) that is known for their myopic view of how their customers actually use and relate to their product, this decision surprises me.

    I experimented briefly, dropping my network (and thus internet) connection. With no internet, Roon will not start up at all, hanging early on in the startup process. If you start up Roon with internet, and then drop your connection, it will run a few minutes and you can add/subtract/play local files, but I'm not sure for how long.
     

Share This Page