I keep on reading that according to Sonos very few users are still using their “Music Library” accessed by the archeic SMB version 1 protocol.
I hate to break the news to the software engineers from Sonos - but the reason very few are still using it is purely because SMBv1 is extremely unsecure and was superseded by SMBv2 more than 15 years ago. Furthermore Sonos appearently only accepts the ridiculously unsecure authentication protocol NTLMv1 and the “newer” NTLMv2 that was introduced more than 23 years ago.
So - the reason that very few users are riscing their network infrastructure is simply because they do not really have a choice - do they?
On the other side - Sonos could implement SMBv2 and NTLMv2 support in their S2 line.
One could even dream about full SMBv3 and Kerberos support …..
However - I do not see that move from Sonos - because they claim we do not use NAS anymore.
It’s my understanding that Sonos stated that Sonos users were not using NAS very often several years ago, I believe while SMBv1 was pretty active. The reality is that users stopped playing music from local libraries as streaming sources replaced them, not really because of security concerns.
I am not at all saying that Sonos shouldn’t bother updating to current authentication protocols, I think they should. I’m just saying that the drop in usage is not caused by lack of protocol support….it would be hard to even say they are that corelated.
PC and Mac hosted music libraries no longer use SMB at all, and that is where the majority of local file playback occurs. NAS users are a minority of a minority users.
The reality is that users stopped playing music from local libraries as streaming sources replaced them, not really because of security concerns.
Based on my use, I agree. I never lost much sleep over security issues using a local NAS, and still use it occasionally. But when there is so much more available on streaming services, why bother...
I am pretty sure I am not an outlier in this respect.
Perhaps take a look at this link:
Perhaps take a look at this link:
Hi Ken,
Those are great news :-)
I did not see that post until now - thanks for pointing
Streaming from local libraries has been under 15% of Sonos usage since 2011:
And less than 10% since 2016:
Also, there is no SMB1 problem on a PC/Mac, only an NAS. So the percentage of users affected by this change are indeed limited, given the scarcity of people using a) Local music libraries and b) an NAS drive to house them.
Since it is so easy to work around the security issues of SMB v1 with a NAS to SMB v1 gateway there is really no reason for it to be much of an issue.
Grab a Raspberry Pi Zero W or better and just set it up as a gateway from your NAS to Sonos.
https://stan-miller.livejournal.com/357.html
Or just skip the NAS and use a Pi to serve up your music.
With the new Pi Zero 2 W selling for $15.00 and just needing a USB power brick and a SD card to be up and running it is a cheap option either way you go.
If / when Sonos upgrades the S2 gear to a newer SMB version the older S1 stuff likely won’t be changed due to the internal memory limits.
My main reason to move away from my Synology NAS to an Apple Mini for my local music library was not the storage protection (I can mitigate this with my LAN and wifi security settings) but rather the playlist management features (like number of plays, resume play, etc.).
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.