Best answer by Phil.Coleman
View original
Support for SMB v2 or v3
Userlevel 3
With all the recent reports and issues with the WannaCry ransomware I wanted to restrict use of SMB v1 on my home network. My NAS blocks this to the outside world but I wanted to secure things internally as well. I can configure the NAS to not support SMB v1 but this then prevents the Sonos controller app from seeing the share. When will Sonos support later versions of SMB? I had seen another thread on this somewhere and it sounded like it wasn't going anywhere. Is it possible to get an update on this please.
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.
Page 3 / 5
That's an impressive graph, though as you note, the Sonos team can easily omit all sorts of included stuff that is not needed on an embedded system. The good news is that both of us have a workaround that protects the original sound files while serving up copies to the Sonos. Having worked on embedded systems for fun, I can also appreciate the RAM, Flash, etc. limitations that the coders at Sonos are likely grappling with.
I imagine that decoding secure streams in particular to be a challenge relative to the hardware they get to work with. Too bad that the RAM in zone players is not considered 'upgradeable' (assuming that's one of the limitations the coders have to contend with).
I imagine that decoding secure streams in particular to be a challenge relative to the hardware they get to work with. Too bad that the RAM in zone players is not considered 'upgradeable' (assuming that's one of the limitations the coders have to contend with).
Userlevel 7
+22
That link isn't a list of distributions, rather it is a list of links to the kernel versions, programs and libraries used by Sonos. The Attributions file gives some info but you'd have to dig into the actual sonos-kernel.tgz file to see which bits from where are used. Switching your Linux kernel is not a trivial operation and doing it on an embedded system is even more difficult.
There was a huge size increase in the core OS going from Linux v2.0 to Linux v2.6, if I recall correctly, which is why so many embedded devices never even attempted the change. The change from v2.6 to v3 was more cosmetic because they thought the 2.XX number was getting too big.
https://www.phoronix.com/scan.php?page=news_item&px=MTAxNDg
Version 2.4 I don't recall, Version 2.6 LTS (Long Term Support) looks to have ended active maintenance in 2016 sometime. Version 3.2 LTS likely ends in May of 18.
Many system maintainers continue to use the Linux kernel version that was originally released with their device and backport any needed operational or security fixes to that which makes their internal release numbers very different from the kernel's version numbers.
Any size increase in any area of the firmware in a Sonos device means there is less space available for something else. If features are added that fit in newer devices but don't fit in older ones we are faced with the CR-100 situation again. Older devices will soon be missing features and incur additional costs to maintain, edging closer to the "No longer supported" status that ended the life of the CR-100s.
There was a huge size increase in the core OS going from Linux v2.0 to Linux v2.6, if I recall correctly, which is why so many embedded devices never even attempted the change. The change from v2.6 to v3 was more cosmetic because they thought the 2.XX number was getting too big.
https://www.phoronix.com/scan.php?page=news_item&px=MTAxNDg
Version 2.4 I don't recall, Version 2.6 LTS (Long Term Support) looks to have ended active maintenance in 2016 sometime. Version 3.2 LTS likely ends in May of 18.
Many system maintainers continue to use the Linux kernel version that was originally released with their device and backport any needed operational or security fixes to that which makes their internal release numbers very different from the kernel's version numbers.
Any size increase in any area of the firmware in a Sonos device means there is less space available for something else. If features are added that fit in newer devices but don't fit in older ones we are faced with the CR-100 situation again. Older devices will soon be missing features and incur additional costs to maintain, edging closer to the "No longer supported" status that ended the life of the CR-100s.
Hey Stanley, based on the GPL page, there are a variety of Linux distributions to choose among, see: http://www.sonos.com/documents/gpl/8.4/gpl.html
It's an interesting read. The latest Linux distribution in there (3.10.53) appears to have dedicated SMB1, SMB2, and SMB3-related files in it (see the /FS/CIFS folder) while the 2.6.35 version also hosted at Sonos just has a few smb2 references embedded inside its CIFS-related documents. So, I'd guess the appearance of SMB3 support in the Sonos universe would signal a switch to Linux 3.10.x from 2.x?
Hilariously, that version of Linux has also been deprecated as of last year (see https://www.linux.com/news/linux-kernel-310-reached-end-life-users-are-urged-move-linux-44-lts-1) with 3.10.x users being urged to switch to 4.4. The version of Linux hosted at Sonos appears to be outdated, even within the branch, as the last release was 3.10.108. That said, the Linux versions that the developers are using internally may quite possibly more recent than the stuff they're hosting on the Sonos GPL page.
It's an interesting read. The latest Linux distribution in there (3.10.53) appears to have dedicated SMB1, SMB2, and SMB3-related files in it (see the /FS/CIFS folder) while the 2.6.35 version also hosted at Sonos just has a few smb2 references embedded inside its CIFS-related documents. So, I'd guess the appearance of SMB3 support in the Sonos universe would signal a switch to Linux 3.10.x from 2.x?
Hilariously, that version of Linux has also been deprecated as of last year (see https://www.linux.com/news/linux-kernel-310-reached-end-life-users-are-urged-move-linux-44-lts-1) with 3.10.x users being urged to switch to 4.4. The version of Linux hosted at Sonos appears to be outdated, even within the branch, as the last release was 3.10.108. That said, the Linux versions that the developers are using internally may quite possibly more recent than the stuff they're hosting on the Sonos GPL page.
Userlevel 7
+22
Since I can't do anything about it I'm not spending hours looking into the guts of the issue but if one wanted to do that...
Remember it is a "stack" and you can't just update one component of that stack in many cases. What kernel is Sonos running, does that kernel support the latest SMB code? What fiddling has Sonos done to the various bits of code involved and how does that port to the newer releases that are needed to update the SMB.
I used to do a bit of embedded systems work before I retired and I can tell you that we missed a lot of release milestones over interactions and dependencies in the code we were upgrading, before we even got to glitches in the hardware support it offered. I've never had the lid off any of my gear to look but is there even hardware dubbing support available in the standard units sold or is that something they reserve for in-house test hardware?
I'll stick with my "too many worms for the can - it is a hard problem" theory over greed, stupidity or just evil.
Remember it is a "stack" and you can't just update one component of that stack in many cases. What kernel is Sonos running, does that kernel support the latest SMB code? What fiddling has Sonos done to the various bits of code involved and how does that port to the newer releases that are needed to update the SMB.
I used to do a bit of embedded systems work before I retired and I can tell you that we missed a lot of release milestones over interactions and dependencies in the code we were upgrading, before we even got to glitches in the hardware support it offered. I've never had the lid off any of my gear to look but is there even hardware dubbing support available in the standard units sold or is that something they reserve for in-house test hardware?
I'll stick with my "too many worms for the can - it is a hard problem" theory over greed, stupidity or just evil.
It will be interesting to see when this item (that is allegedly on a to-do list per the Sonos CEO) will be fixed. I'm not holding my breath given that there is little future monetary income potential from doing so (bug fixes are rarely profitable). Streaming and voice integration are squarely the center of attention at Sonos right now.
Interesting to hear that the SMB 3.11 stack is smaller than the SMB1v1 stack. Does that go for Flash and RAM? I imagine that the RAM in the players is a limiting factor besides the 'mini-computer' CPU (not my description).
Interesting to hear that the SMB 3.11 stack is smaller than the SMB1v1 stack. Does that go for Flash and RAM? I imagine that the RAM in the players is a limiting factor besides the 'mini-computer' CPU (not my description).
The problem is that if they don't solve it, and there is another high publicity hack on SMB 1, or just because why bother to include SMB 1 so Linux and Microsoft stop including it rather than the current default of including it but turning it off. SMB 3.1.1 as I understand it works with SMB 2 and is smaller than SMB 1 (all of the versions from 2.0 onwards use a fraction of the network bandwidth of SMB 1 which is actually a NetBios LAN based system from before the days of WAN)
Agreed, it's indeed a software stack. But what if that software stack, with an inclusion/replacement of SMB V2 or 3 no longer fits in the memory available on the devices mentioned? There is, to my meager knowledge, a limit to the amount of memory available on the older devices. That leads me to the conclusion that the "stack" might not fit any longer, if they were to add an update to that library.
I don't know that for sure, and I'm not a programmer, nor have I looked in to exactly what the usage is currently, or the cost to update. My only point of reference is prior work in maintaining software in gaming, and an assumption that Sonos is actively trying to solve the problem. It's entirely possible that I'm way off base. But I do feel comfortable in saying that Sonos isn't ignoring the problem. It would be an odd stance for a software driven company to take.
I don't know that for sure, and I'm not a programmer, nor have I looked in to exactly what the usage is currently, or the cost to update. My only point of reference is prior work in maintaining software in gaming, and an assumption that Sonos is actively trying to solve the problem. It's entirely possible that I'm way off base. But I do feel comfortable in saying that Sonos isn't ignoring the problem. It would be an odd stance for a software driven company to take.
It's a software stack, no hardware needs to change. UNLESS you have an extremely out of date media server. and I am talking pretty close to last century! reality is any media server built since 2003 is capable of at least SMB 2. the difference is that SMB 1 was built when all networks were closed pre-internet networks. SMB 2 was the first file handler for connected networks and predates Sonos as a concept.
The software stacks are even available as libraries so no need to even write them from scratch just integrate the library into the network stack.
I also have a work around that works for me, but I can't sell Sonos to my Nan unless she can get an off the shelf media server that works with it. which at the current time she can't do. but she can use Samsung, or Philips or Apple or....
So the upshot of that is your Sonos kit becomes unusable as the company vanishes, outsold by inferior but more modern technology from the big money companies.
The software stacks are even available as libraries so no need to even write them from scratch just integrate the library into the network stack.
I also have a work around that works for me, but I can't sell Sonos to my Nan unless she can get an off the shelf media server that works with it. which at the current time she can't do. but she can use Samsung, or Philips or Apple or....
So the upshot of that is your Sonos kit becomes unusable as the company vanishes, outsold by inferior but more modern technology from the big money companies.
Userlevel 7
+22
A fix would be great but at what cost? I'd sure hate to get a note from Sonos saying something like:
"We are now offering SMB v3 so the Windows 10 users will stop complaining about v1. Sadly that makes all your older Sonos gear obsolete, we are offering $100 per household to compensate you for all your Zone Players, older Connects and Play 5s becoming inoperative collector's items like your CR-100s."
If it was an easy fix I'm guessing Sonos would have done it long ago to end the moaning. Since it is then highly likely to be a painful fix, how much pain are you willing to undergo to get it?
I vote for minimal Pain and adding a Raspberry PI, WD LIve Drive or similar work around. Far more affordable for me than replacing a house full of older Sonos gear.
"We are now offering SMB v3 so the Windows 10 users will stop complaining about v1. Sadly that makes all your older Sonos gear obsolete, we are offering $100 per household to compensate you for all your Zone Players, older Connects and Play 5s becoming inoperative collector's items like your CR-100s."
If it was an easy fix I'm guessing Sonos would have done it long ago to end the moaning. Since it is then highly likely to be a painful fix, how much pain are you willing to undergo to get it?
I vote for minimal Pain and adding a Raspberry PI, WD LIve Drive or similar work around. Far more affordable for me than replacing a house full of older Sonos gear.
https://www.adafruit.com/product/2604
But the point is CONSUMER SALES will keep it alive, it's not good enough for tech geeks to love Sonos any more, competition is here and aiming at people who want to plug it in and use it.
I find it hard to believe this is still an issue... just like to wish SMB 3 a happy 15th birthday, and SMB 2 is now old enough to vote in most countries! Even version 4 would be of school age now...
This isn't a feature request, it's not even a keep up with the technology request, it's just a desire to keep it real and keep Sonos competitive, Mesh is now common, many competitors are snapping at the heals of Sonos the next couple of years will have competition like never before.
Isn't it about time 18 year old technology was implemented as standard!
:?
Userlevel 7
+22
A Raspberry PI can be quite minimal and attractive if you buy a nice looking $10 or so case, and it doesn't need more than USB power, Ethernet and your data drive attached to it. You could possibly use a BIG SD card for your music and the operating system but that isn't the best long term solution. Easy to tuck a Pi behind your router or somewhere similar, out of sight and mind. All updates and administration (vary rarely needed) can be done via the Ethernet and VNC.
https://www.adafruit.com/product/2604
https://www.adafruit.com/product/2604
Sonos devices are considered minimalistic and aesthetically beautiful.
Hah. Making something that "just works" with minimal fuss was *exactly* what catapulted Apple to the top, just like Sonos. But under that pretty skin is the product of countless hours of hard work, big innovations. Consider how Wifi mesh networking between Sonos players 'just works', is easy to set up, and so on. This focus on intelligent infrastructure is precisely why Sonos became so popular and the leader in its niche.
Problem is, us "non-cloud" users are no longer attractive to the company because the sale has been made and the potential to monetize us vs. the "cloud" users is minimal. Our end of the market is saturated, the cloud end is still wide-open, at least in the eyes of management.
I don't expect them to update allowable SMB protocols unless forced to. Instead, the focus is on iOS, android applications and trying to stake out as much territory as possible while fighting for relevance in the face of the HomePod, Alexa pods, and whatever Google is bringing to the table.
Management is basically pushing us all to abandon Sonos and go for a more competitor that is happy to 'just' do home HiFi well. That day may come for me, in the meantime I have disabled all 'updates' from Sonos since I'm not a fan of having functionality taken away from me.
With the above, I don't put *all* the data on my NAS at risk just to accommodate a outdated network stack by the only product that still needs it in my home. AFAIK, no NAS allows selective SMB authentication requirements on a per-share basis. Thus, as file sharing protocols go, the server security is only as good as the dumbest/most outdated file sharing protocol you allow it to use.
Unfortunately not a minimal configuration at all...
Sonos devices are considered minimalistic and aesthetically beautiful.
I agree with stanley, treat your music server for the Sonos as a disposable device. I use a Airport extreme base station (AEBS) with a 2TB 2.5" drive to host the data and it works fine. Every time I update my iTunes library, I use Carbon Copy Cloner to synchronize the Sonos source drive with my NAS. Doesn't take too long. It's my canary in the coalmine and if the data is lost, so what, it's just a copy.
With the above, I don't put *all* the data on my NAS at risk just to accommodate a outdated network stack by the only product that still needs it in my home. AFAIK, no NAS allows selective SMB authentication requirements on a per-share basis. Thus, as file sharing protocols go, the server security is only as good as the dumbest/most outdated file sharing protocol you allow it to use.
With the above, I don't put *all* the data on my NAS at risk just to accommodate a outdated network stack by the only product that still needs it in my home. AFAIK, no NAS allows selective SMB authentication requirements on a per-share basis. Thus, as file sharing protocols go, the server security is only as good as the dumbest/most outdated file sharing protocol you allow it to use.
Yeah, it's ridiculous...
I got bit by this today, in an effort to improve security on my Synology NAS, I set SMB V2 as the minimum level. Everything was hunky dory except all of a sudden music library on the Sonos doesn't work. Foolish me, thinking my "premium" audio solution would support SMB levels from this millennium!
Userlevel 1
The missing implementation of SMBv2 just gave me some headache when trying to connect my SONOS setup to the new NAS. I pushed this discussion to twitter. Maybe this helps to get a higher priority. Feel free to comment.
https://twitter.com/naml1t/status/935990595369230336
https://twitter.com/naml1t/status/935990595369230336
Userlevel 1
In 2010 Sonos didn't have any open source competition. Now not only do they have that competition, but it is better suited for my use case. I don't have to send Sonos any data... at all, I know exactly what network traffic it will generate and it uses modern protocols. Sorry Sonos but you have definitely lost a customer on this one. Your attempts to tell me SMB v1 is secure is complete garbage. Don't pee on my back and tell me it's raining.
I would highly recommend that others look into other options beyond Sonos. It is quite apparent that Sonos will not listen to it's user base. This thread is months old, and the other one is even older. You have had your opportunity to fix this and you refused.
I would highly recommend that others look into other options beyond Sonos. It is quite apparent that Sonos will not listen to it's user base. This thread is months old, and the other one is even older. You have had your opportunity to fix this and you refused.
Userlevel 7
+22
Just toss together a Raspberry PI as a NAS and open up SMB v1 on it, dirt cheap and the issue goes away.
Far better than using a more expensive WD Live Drive and finding you can't get security updates for it for very long.
Far better than using a more expensive WD Live Drive and finding you can't get security updates for it for very long.
Userlevel 1
So to revive an old thread. I run an entirely Mac/FreeBSD/Unix network at my house. I have been allowing smb v1 regretfully for a while now. Even before wanacry virus became known to the masses. I recently shut it off on the last remaining device I have on my network (My Nas). I am left with two options... Wait for sonos to fix the problem, Or hack my sonos if possible. The other option is to replace the sonos with a small form factor linux box and run CMUS with some of the remote applications for it. They won't be as polished as the sonos app on my phone, but I can be sure the file share over SSHFS is going to be a hell of a lot more secure than SMB V1.
So SONOS. I have been a customer since the ZP90. I have told many people how easy to use your system is. How it has Apple-like 'it just works' qualities. But until you decide to patch such a gaping security hole as SMB v1, I can't continue to use or recommend your products.
So SONOS. I have been a customer since the ZP90. I have told many people how easy to use your system is. How it has Apple-like 'it just works' qualities. But until you decide to patch such a gaping security hole as SMB v1, I can't continue to use or recommend your products.
Throwing myself into the mix of this thread, an update has removed SMB 1 from my Windows 2012 r2 Essentials server it actually happened quite a while ago, but Sonos kit still worked fine. Now my Cisco Router has been patched and will no longer support SMB 1 either so if I force it back onto my server (or any server) it won't be networkable anyway.
Weird thing is My Sonos is still working... EXCEPT! I treated myself to 3 new speakers 2 play 5's to run in my kitchen and 1 play 1 to run in my bedroom... none of those will work with my library on the Windows Server. but the old system still works so if I play a track or play list to the old system then group those with the new speakers then the music plays on the new speakers... Which is a bit of a mystery to me!
But what I am going to do is slightly different. I have my music sync'ed to OneDrive to give me an off site backup. I am going to sync that back to a Mac Mini I have for other purposes and use that as my library temporarily.
BUT IF there is a Beta of an SMB 3 version of Sonos which there surely must be soon! please include me, I will have both libraries available as well as the extremely odd old v new speaker issue ready to give the new software a bit of a test.
Weird thing is My Sonos is still working... EXCEPT! I treated myself to 3 new speakers 2 play 5's to run in my kitchen and 1 play 1 to run in my bedroom... none of those will work with my library on the Windows Server. but the old system still works so if I play a track or play list to the old system then group those with the new speakers then the music plays on the new speakers... Which is a bit of a mystery to me!
But what I am going to do is slightly different. I have my music sync'ed to OneDrive to give me an off site backup. I am going to sync that back to a Mac Mini I have for other purposes and use that as my library temporarily.
BUT IF there is a Beta of an SMB 3 version of Sonos which there surely must be soon! please include me, I will have both libraries available as well as the extremely odd old v new speaker issue ready to give the new software a bit of a test.
Userlevel 7
+22
If you are worried about your NAS data just add a different NAS device that can be running the v1 SMB to keep Sonos happy. I used a Raspberry Pi and old disk drive and got it working for under $50. No need to worry if all that is there are copies of your music files.
Now, some might say that's not a security issue, since it's not gaining control of an account or accessing data or elevating privileges, but it's still a vulnerability and it's still unpatched.
Unpatched but very easily addressed too. If I was being a contrarian I would call this more of a configuration error than a vulnerability. That's why it's present in all versions of SMB.
I'm aware that Sonos has stated that they see streaming as the future, regardless of how many of us have thousands of songs in digital music libraries stored on computers or NAS devices.
I would bet that Sonos has made their decision not "in spite of" the number of people who use local sharing but because of it.
I agree with the rest though, and intelligent commentary such as yours helps the conversation (even if we quibble on minor points). There are others who don't.
Userlevel 7
+21
Actually, Microsoft has acknowledged at least one denial-of-service vulnerability in SMBv1 that it is not patching in Windows.
http://securityaffairs.co/wordpress/61530/hacking/smbloris-smbv1-flaw.html
Now, some might say that's not a security issue, since it's not gaining control of an account or accessing data or elevating privileges, but it's still a vulnerability and it's still unpatched.
And yes, I'm aware that Sonos has stated that they see streaming as the future, regardless of how many of us have thousands of songs in digital music libraries stored on computers or NAS devices. I also realize that they may not put as high of a priority on fixing the issue as a result. But that doesn't lessen its importance, or the desire of some to continue pushing for this to be fixed/changed until it is done.
http://securityaffairs.co/wordpress/61530/hacking/smbloris-smbv1-flaw.html
Now, some might say that's not a security issue, since it's not gaining control of an account or accessing data or elevating privileges, but it's still a vulnerability and it's still unpatched.
And yes, I'm aware that Sonos has stated that they see streaming as the future, regardless of how many of us have thousands of songs in digital music libraries stored on computers or NAS devices. I also realize that they may not put as high of a priority on fixing the issue as a result. But that doesn't lessen its importance, or the desire of some to continue pushing for this to be fixed/changed until it is done.
This. The patches have addressed the known vulnerabilities, so suggesting that:
Is simply wrong.
Microsoft itself has recommended everyone stop using because of the vulnerabilities that exist in it. So Sonos is requiring that you run other devices in an insecure manner in order to use that functionality of Sonos.
The known vulnerabilities have patches, so Sonos isn't requiring you to run anything 'insecurely'. They're requiring you to run an aged protocol that is at a much higher risk for new exploits than the more current versions. It's important to remember that the major hacks Wannacry and Notpetya exploited problems that fixes had *already been released for*. That means if you were using SMBv1, and your system was up to date, then it couldn't have effected you.
So let's step back and look at the big picture here. Should Sonos address this by switching to a newer version as the default? Yes. I even believe they'll eventually get around to it, and there's nothing wrong with telling Sonos that it's important to you.
Throwing a tantrum like a two-year old is pointless and well outside of a rational response though:
I contacted support but they just DON'T CARE! They even said that just using it at home, and now it comes, IS NO RISK AT ALL!
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
But if you do all of your music listening through streaming sources and don't have your own local music library, then there's nothing for you to worry about, as far as Sonos is concerned.
*This next part is only my opinion.*
There's an important kernel of information in that sentence you've posted. Sonos has made it clear that they view the streaming user as more of their core market. That means items such as the one being discussed in this thread will not be given top priority. If it's crucial to you then that should be weighed against new/future investments in their product line. Again, I'm all for telling Sonos what you want, but be aware of what they say too. It might not always be as clear as "we view your use case as marginal".
Edit:
I missed this earlier.
Evidently VLANs are another decades old technology that are too challenging for Sonos to figure out.
More than "too challenging", Sonos probably (accurately in my mind) decided that developing around technology in use by a fraction of a percentage of households probably isn't a good way to spend development dollars.
Page 3 / 5
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.