Skip to main content
So on the old ask forum wishlist items would get lost. Thought I would post a topic where people could vote their biggest wish for controller software improvements.
Would love to have a resizable android widget. Also, one which isn't quite so dark?



Take a look at Sonos Widget / Sonos Widget Pro (a third party app in Google Play Store) ... Pro version worth buying just so that you can have one giant (resizeable) widget that shows all of the players and what they are playing... with a few limited controls too
I would really like it if different controllers can each have their own favorites lists. Such that my wife has her favorites on her phone and laptop, I have mine on my devices, and our kids have theirs on their tablets. That would be really awesome, and it should be really simple to implement.
Hmmm. Maybe not so simple, I think. If I'm not mistaken, that data is stored at the speaker level, not on the controller level. So you'd end up having to write some code that 1) uniquely identifies the controller app connected, and 2) adjust the amount of memory on the speaker level to even out the number of controllers that might be connected to it, and then 3) rewrite the controller to store data itself beyond what it currently does, which isn't much.



I've already got issues with not enough space on the speakers to save my playlists. If they were to split out more of that memory for different controllers, I'd be an unhappy camper.



Do you run out of space for each of your "favorites"?
One option for a basic algorithm would be that if there is only one controller device active at some point, that device's list of favorites is pushed onto the speakers. They only thing needed that is some contention control in case multiple controllers are active together.

Another option would be to let each controller device hold a separate "private" list of favorites, and add a button with which the user can push that private list to the speakers. That should be really trivial to implement, as it is not much more than a batch of actions that each user can already do manually.
Perhaps it's not strictly a controller issue, but none of the listed suggestions strike me as nearly as important as better and tighter integration with Spotify and GPM. The current integrations could be much tighter than they are (and fixing some of the longstanding integration bugs would be appreciated too!)



Dave Ings
1. Artists and contributing artist working correctly (artist for album artist, and contributing artist for track artist within a compilation) - mine are the same

2. Compilations held separately

3. Sort by album name but by Artist first

Simple things that would make a world of difference
Hi,



In my opinion, what is most missing are "Listening profiles"

It would be great if we can create profiles that include rooms to group and sound level to each room.

Then we can select a Listening profile any time or even apply it to an alarm.



Better than the actual grouping function...



Cheers

Emanuel
Voice Over-ride



I'd like to be able to use my Sonos setup as a PA system using the mic on my phone. Like a voice amp. I can then pretend to be one of the those dodgy party DJs; singing over the track, getting mum and dad on the dance floor and generally being a nuisance. Would be useful for calling the kids downstairs for tea. Would save me having to Facetime them.

Joking aside, it could actually be quite a useful and fun feature.
I would like it if the sound bar would only temporarily leave the group it is in when my TV is on. Every time I want to play music, I have to add the sound bar back to a group with other Sonos devices.
Master controller Mode - To override other users / children / guests from changing volumes or now playing.
One potential option missing from your list is ongoing security maintenance. Sonos is still stuck at SMB1 for access to local NAS-based music data. SMB itself has moved on to version 4.7 by now and Microsoft deprecated all use of SMB1 in 2013 due to security concerns. Now, WannaCry and similar malware is exploiting the many weaknesses in SMB1 (NTLM v1 authentication, among others) to install ransomware.



Could the Sonos team please also focus on security? I get that Sonos doesn't earn an income stream from maintaining security the way it does by adding yet another subscription service... but Sonos will destroy customer goodwill if it prevents good IT security hygiene practices. Currently, use of its premium appliances with a NAS enables a known attack vector for malware!



Yes, there are lengthy workarounds (Plex, subsonic) but they create holes / vulnerabilities of their own. I would prefer to see Sonos take the SMB1 bull by the horn and upgrade its SMB stacks to at least version 3 or higher.
One potential option missing from your list is ongoing security maintenance. Sonos is still stuck at SMB1 for access to local NAS-based music data. SMB itself has moved on to version 4.7 by now and Microsoft deprecated all use of SMB1 in 2013 due to security concerns. Now, WannaCry and similar malware is exploiting the many weaknesses in SMB1 (NTLM v1 authentication, among others) to install ransomware.



Could the Sonos team please also focus on security? I get that Sonos doesn't earn an income stream from maintaining security the way it does by adding yet another subscription service... but Sonos will destroy customer goodwill if it prevents good IT security hygiene practices. Currently, use of its premium appliances with a NAS enables a known attack vector for malware!



Yes, there are lengthy workarounds (Plex, subsonic) but they create holes / vulnerabilities of their own. I would prefer to see Sonos take the SMB1 bull by the horn and upgrade its SMB stacks to at least version 3 or higher.




Sonos doesn't have an "income stream from adding yet another subscription service". Sonos makes money from selling hardware, that's it. They don't get kick-backs or paid for having particular services available.



There may well be validity in what you say about SMB1 I can't say as it's not my area of expertise.
As stated many times, there are no fees or kickbacks, or any other kind of "income stream" from services added to Sonos. Membership in the Sonos Music Partners program is free and open to any service that wishes to take part.



Also, SMB1 is fine for anyone concerned enough about security to apply the proper updates.
As stated many times, there are no fees or kickbacks, or any other kind of "income stream" from services added to Sonos. Membership in the Sonos Music Partners program is free and open to any service that wishes to take part.



I stand corrected. Thank you.



Also, SMB1 is fine for anyone concerned enough about security to apply the proper updates.



How do *I* apply the proper updates to a Sonos? It is Sonos that insists on the use of a protocol that its own developer expressly deprecated 4 years ago due to ongoing security concerns! So what if Microsoft fixed *this* particular issue with SMB1 this time? There likely are far more that they have yet to discover.



The point is that SMB1 is inherently much less secure than later revisions and hence should not be used. The latest open-source SMB server implementations turn off SMB1 compatibility by default for a reason. Wannacry and similar ransomware exploiting these SMB1 authentication issues is now circulating and has the potential to make a lot of Sonos customers unhappy.



To me, potentially jeopardizing customer data is simply irresponsible. Network infrastructure should not be prone to being penetrated and multiple revisions out of date . A layered defense against malware is better than allowing for single-point failures, such as relying on Microsoft to keep patching SMB implementations that have been deprecated for years (and especially on operating systems that they officially discontinued support on).



Has Sonos even made a commitment re: updating the network stack? Every official response I have seen here so far seems 100% non-comittal. As best as I can tell, without Sonos' help, this network share access issue cannot be fixed short of disabling SMB access and using an alternative like Plex.
Sigh.




There may well be validity in what you say about SMB1 I can't say as it's not my area of expertise.


I too have no clue about this; but is it the concern that in the present state a virus can be injected into my Sonos kit when it is streaming music from my Apple music subscription, as an example? Or, into my Mac because of sharing the broadband pipe?


I too have no clue about this; but is it the concern that in the present state a virus can be injected into my Sonos kit when it is streaming music from my Apple music subscription, as an example? Or, into my Mac because of sharing the broadband pipe?




Neither, if I understand your question. correctly. No, my security upgrade request is for users who still use a local file server (NAS, computer, etc.) to supply music to the Sonos (for example, with a shared iTunes library). IIRC, this was one of the original methods for using a Sonos, predating streaming support.



If this topic interests you, simply google "SMB1 Microsoft". The first entry is from a blog at Microsoft that details why SMB1 should not be used. How it is unsafe, how it cannot be made safe. Etc. It's starting paragraph is likely a good summary of the rest of the page:



code:
Hi folks, Ned here again and today’s topic is short and sweet:
Stop using SMB1. Stop using SMB1. STOP USING SMB1!
Earlier this week we released MS16-114, a security update that prevents denial of service and remote code execution. If you need this security patch, you already have a much bigger problem: you are still running SMB1.




This, from one the principals at Microsoft that deal with SMB every day, Ned Pyle.



Here's the problem: If you want to use a NAS as a file repository for your music collection, Sonos forces you by default to use a unsafe protocol to access said music. Yes, there are kludgy workarounds, but the principal issue remains, i.e. Sonos has not even announced that they're working on SMB2+ support.



The libraries for Linux are out there (i.e. SMB 2-3.11 for server and client), so the libraries are not the issue. That some NAS' still only ship with SMB1 support is also no reason to lag behind. SMB1 support by Sonos could be a opt-in function with the relevant warnings to let users know what they're letting themselves into. That's the responsible way to support options that potentially undermine the data of your customers.


Here's the problem: If you want to use a NAS as a file repository for your music collection, Sonos forces you by default to use a unsafe protocol to access said music.


I use a WD MyCloud that was added to my Apple Time Capsule founded Wifi network when I bought and set up the WD. All my music is copy/pasted from a computer HDD into a folder on the WD, that Sonos uses after indexing.



Where is the security hole?
SMB1 provides opportunities for Man-In-The-Middle attacks, see https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ The Time Capsule has only one password, no multiple user classes. etc. so the entire share is potentially affected.
Is this a general issue, or one which has arisen because I have put my music in the shared music folder on the NAS via a copy/paste action? If it is general, what has Sonos to do with it? If not general, what is the consequence to my Mac in general and to music files on the NAS in specific?
This is an issue related to the protocol that your file server has to support in order to play nicely with the Sonos. Sonos cannot connect to any file server that doesn't support SMB1. Thus, you may have to dumb down the file server to allow SMB1 transactions. This is the equivalent of having a thick bank safe door (SMB3 has strong encryption and password protection) and then propping the safe door open with a wedge. So, yes, you have a thick safe door but the wedge disables that security feature!



Known SMB1 insecurity is perhaps not an issue for people who just store some music (for which they hopefully have backups). So what if the data is lost, it's easily replaced. Evicting the ransomware that may affect the file server may be a big headache, however. Especially if they're using a file server running an MS OS.



For anyone who is also backing up other data to the file server / NAS, SMB1 insecurity is potentially a bigger issue. The problem for file server incarnations I am familiar with is that you can't simply segment file server shares by protocol (i.e. allow SMB1 for a burner partition and SMB3+ for everything else). Thus, you potentially put the whole file server at risk when authentication protocols can be broken easily. That's why NTLM v.1 authentication (used in SMB1) is now regularly turned off by default and has to be manually enabled by the file server user.



Bottom line, using a Sonos as intended should not be an invitation to be hacked. The company should commit itself to the data security of ifs customers by not being years out of data re: best practices. It really makes me wonder what other potential issues there may be if the network stack is this out of date.
Since Sonos has not committed itself to even supporting SMB2+, the easiest solution may be to create a burner file server just for the Sonos. That way, if Sonos' credentials are compromised, all you lose is the content on the burner file server. Many access points support NAS functionality (Apple Airport Extreme, among others) and the only downside (besides having any SMB1 access at all on your network) is the additional power consumption of the attached drive and the likely greater latency accessing said data.
Damn I was looking for a "album shuffle" mode but I can't see it in the list, there's quite a few forum threads about that though...

And then global keyboard shortcuts to allow you to start/stop (or go to next albums 🙂 ) from any program. Just like in Foobar actually.
Why on God's green Earth there's an SMB security debate in a thread about improvements in the Sonos controller is yet another curious question about the nature of online fora. You'd think someone with such desperate concerns would place them in a more effective thread, rather than bury them in this one. :8
It would be nice to be able to stream music from websites easier...youtube, cdbaby....ways to discover musicians without the huge label support.