Rune Audio some thoughts

Art Pepper Via the rune audio interface

Art Pepper Via the rune audio interf

I spent a few hours this weekend mucking about with an old V2 Raspberry pi and the open source product roon audio. http://www.runeaudio.com/

It’s a pretty good little media management system. I can keep all my music (I’ve copied it to a usb attached to the pi) in one place and access – play that data from the pi to the amplifier. The beauty of course is that I can control the playback and search etc via any device on my local network (be it a phone or computer, ipad, tablet – anywhere in the house). One thing that is nice is it’s simple interface, and it is fairly easy set up. But I also have a few concerns that I thought I’d mention hear.

Security
Once you have burnt the roon audio image to your pi you just plug it in and start the device. You can access it via the url http://runeaudio.local/ or by working out the ip number (you might have to look at your router to find this).

This is very convenient but the issue is the product is not Password protected. So if your neighbour some how hacks your wireless network password, he or she could crank up your music system at 4 AM as a prank!

Another thing to consider is that the image has – uses a root super god user, and the password to that user is publicly available.  So after that neighbour cranks up your music they can ssh to the device with root privileges!

Also there is no basic user space (ie anyone on the network can control the server) although there is a hack that can be run via the htpasswd process within the web server . This allows you to hand code that functionality into the product. http://www.runeaudio.com/forum/password-protection-t4372.html

This is not ideal for a basic user!

If you do install a roon audio server in your house – Do change the root ssh password, … NOW! See this link for more information on how to do that.

https://www.cyberciti.biz/faq/linux-set-change-password-how-to/

Also at the time of writing – wireless is not a secure medium,. I recommend a long wireless password that will take hours if not days to hack. As it is currently configured a roon audio server could be a nasty attack vector for a hacker. Changing the root ssh user password is a good start but the file system is rather open (see screen shot) and that could be problematic if not managed in a better way.
Rune via the finder
Unfortunately this is typical of may IOT style products – they need to take security as an important issue – an  initial configuration script could easily manage all of these faults and create a rounder better more secure product. So to sum up.

Ease of setup 8/10

User interface 8/10

Security 2/10

I’ll be keeping an eye on this product – If your not comfortable with the command line and security is important (it should be to everyone!)  it’s probably a good idea not to use this product just now – but if they get their act together around the security issues, I think it has the potential to be something that rivals some of the more expensive commercial products.

This is my review of Guttenberg

*Guttenberg is the new editor for word press currently the default editor although you can install the older editor via a plugin.

This is like the situation with the Mac books, you have taken away all our ports! Only in the case of Gutenberg it’s gone clean and minimalist. I can’t find things. It behaves differently from a product I’ve been using on and off for 10 years, and was happy with. It’s this mistaken idea that form is more important than function!

Please give me back my buttons, knobs and sliders. There is a reason that minimalism is a choice – it looks great but it’s a very boring way to live! You need to strike a balance between clean and lavish.

The programmers need to realize that you make small incremental changes once a product is working, and it’s ok to leave it as it is. It took us 400 years to agree on the basic design of a book but you know what? It works.

I think the idea of a text editor is something most of us are happy with.

All you have to do is look at the rating of this product and see the 3.5 million people who have down loaded the classic editor plug in to discover that this is not a good path.

Re evaluate your approach please. Until next time I’ll be enjoying my retro plugin.

More crawling skin!

I’ve been following the company that says “Don’t be evil” on he issue of project Dragonfly – Googles “China” friendly search engine. The intercept has the lowdown on this project hear.

I have a belief that as companies get bigger they get more stupid and less focused. I think that this is indeed the case for Google. After reading the article I have to ask what sort of flavour of BS are these so called managers trying to stuff down the throats of humanity?

I’m starting to think it’s time to remove all my content from there platform.

Dec 1 post script 1
The register also has an article about the appalling behaviour of Googles’s senior management and it rightly points out that this is a company that is at a very serious fork in the road.

Dec 1 Post script 2
To expand on my thesis that “as companies get bigger they get more stupid” I also found this disturbing story…

Ah Facebook you’ve done it again!

Very interesting reading over the last few days from Gizmondo

https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051?IR=T

In a nut shell it’s not a good idea to give FB your phone number. I’ve never felt right about FB wanting my phone number and I’m darn glad I’ve honoured that feeling.

From the article…
“They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks.”

Also there is some confusion about how private address book data is, and what FB does with that information.

Again from the article…
“People own their address books,” a Facebook spokesperson said by email. “We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them.”

In addition, the use of the phone number for advertising, is something that destroys peoples trusting of 2 stage authentication. After this sort of abuse of data by one of the biggest brands in the world who would want to trust any one else with this degree of security?

They want more and more!

I also thought I’d mention this – a while back FB were trying to sucker people into giving them more data – email address info friend data… in return for more content… Don’t do it… FB wants you to rat on your friends. Also each user is worth up to about $158 to FB. So lets say you have 30 email address’s in your contacts, that’s $4,740.00 worth of data for more “Free” content – mainly generated by me and you.

But wait there’s more! Just at the time of writing this Zuk messes up again. From the NYT
Facebook Is Breached by Hackers, Putting 50 Million Users’ Data at Risk

 

hacky hack hack!

This morning I stumbled upon this. Apple one of the companies in the world that does sort of care about privacy was hacked by a 16 year old!

After busting the kid. Police uncovered a litany of hacking files and instructions all saved in a folder titled “hacky hack hack”.

Full link to the article

https://www.theage.com.au/national/victoria/melbourne-teen-hacked-into-apple-s-secure-computer-network-court-told-20180816-p4zxwu.html

Now coming at you via fiber optic – or FTTP!

So I moved home recently and what I didn’t realise, and what was also a very pleasant surprise, was that the new home has a fiber optic link (or fttp if you want the nice acronym!). So now via a not so great gigabit link via my ISP’s cheap and rather crappy supplied modem. It’s not rocket ship fast but should hopefully be a lot better than the old ADSL2 link that the poor thing limped along on. Fingers crossed that this should work faster and we should have longer uptimes!

 

Quick shout out dumpNotificationDB.py

Had a quick look at this today and it’s a doozy! Patrick Wardle has created a small python script that dumps the data from the macOS, notifications database. This is a whole lot of information that you may not want anyone to see, let alone audit. Be interesting if and how the Mac os X dev team may manage this issue.

More info hear…

https://www.patreon.com/posts/18714633