I have a Salkstream III that houses Roonserver and my music files on it’s internal hard drive. The OS is Arch Linux 5.8.5.
The recent issue with Roon users running older OS not being able to access Roon after the most recent update has me considering updating the OS on my Salkstream. While I’m not affected by the current issue, I am concerned it will eventually happen, and I may be exposed to security risks by continuing to run an older OS version (5.8.5).
I contacted Salk and he said I just need to run pacman -Syu. However, he cautioned that, “… Linux made some changes to the way they compress files and older versions of Linux do not have the capability to de-compress the files for installation. In this case, it will download the files and start trying to process, but will produce an error…”
Does anyone here know if 5.8.5 will trigger such an error? Salk said if I get such an error, I would need to ship the hard drive to him in order to update the OS.
For reference, much of this stuff is way over my head, though I can certainly follow step by step instructions.
If I’m thinking correctly, 5.8.5 should be ok to update since it was released many months after the change indicated in the above link? Or is there more to it than that?
It’s several years since I used Arch Linux, but isn’t there an option for pacman so it does a test run, printing the output to a file rather than making changes?
You can then review it or have it reviewed before proceeding.
I think the option is P but please check.
I’ve been glancing over these threads after the last update and in this case at least, it seems the Arch system is completely updatable, not embedded as I thought.
Arch is a rolling release distribution, that occasionally requires some manual intervention when updating, if you run Arch you should update it monthly at least and monitor the announcements on their site prior to doing so.
I’ve got it in the back of my mind that when it comes time to retire the Salkstream (hopefully not soon) my best option is likely to build a NUC/Rock unit (with LOTS of handholding to get it done ). I figure that way I don’t have to rely on a 3rd party for OS maintenance and support (though Salk’s support has been exemplary).
The downside to going the NUC/Rock route is losing my current “one box” solution that works well with my particular setup; ie ability to Airplay TO the Salkstream, optical spdif connection directly to my older processor (no USB, no HDMI). I would have to add additional equipment to get the functionality I have now, which I’d rather not do if possible.
I took a look at the Arch Linux site and was completely overwhelmed. That stuff is way above my pay grade. I can access the Salkstream using TeraTerm and enter a command line exactly as someone tells me, but that’s where my Linux skills end.
I’m hoping it’s as simple as Salk indicated it might be; enter pacman -Syu on the command line. But if anything unexpected pops up, I’ll be completely lost.
Since my Salkstream is currently working fine with 5.8.5, my primary concern at this time is if by not updating, I’m exposed to security threats.
Yes and no. Network (audio) streamers are consumer devices designed for easy and convenient use – not security devices or hardened hosts. Convenience is an enemy of security!
So make sure the “security threats” stay outside of your private network (use a firewall, make sure the firewall is maintained and stays updated) and do not expose such devices to unnecessary threats. Doing so will leave you with internal “security threats”. You should not have “security threats” inside your private network. If you do, then “convenience” devices are usually wide open without any real protection because that’s how they were designed (for easy and convenient use/access).
Some functionality may require limited exposure to the internet and its security threats though. You have to accept the risk if you want to use such functionality (like Roon ARC for example). Users have to trust the device manufacturers here to implement such functions in a secure way. It is then also important that such devices stay supported and receive regular updates because what’s considered a “secure way” is evolving and changing over time. An example of this evolving/changing/updating is the very reason for this thread. It also demonstrates what happens in the best case (from a security POV) with outdated (security wise) devices – they loose functionality/stopp to work, requiring the owner to take action (update and/or replace the device).
Note: Just because a device is supported by its manufacturer (regular firmware updates available) doesn’t mean that the device maintenance is automated and device updates happen without the owner taking action. Consult the manual or the manufacturer to find out more.
As far as we still talk about Roon and given the current example, it seems that the main risk is that Roon / Roon ARC may simply stop working at some point in time on an outdated system. Other internet based services (Tidal connect, etc) may also stop working if their parent service evolves.
But there could of course be other vulnerabilities too. Let’s say in the internet radio library or perhaps more common in a http library in use. One obviously doesn’t get patched libraries if there are no more updates from the manufacturer. A common user may not even know that there is a potential risk looming inside such an outdated device. But isn’t the whole point of buying of-the-shelf finished products that users don’t have to know about such details? That the tasks of creating and maintaining the hard- and software needed is transferred from the user to an entrusted manufacturer? So if there is no more support for a device, the choices for users are limited if they want to avoid security risks.
Go and get a (still) supported device.
Take over the maintenance of your current device yourself.
The later is often not possible because a user simply lacks the skill to do so and/or there is no access to a device’s firmware that would allow a user to do so. It seems that for the Salk it is possible to do. If you are willing and able to do it long term is up to you to decide (time, skill, willingness to take risks). From the information in this thread it seems that the Salk is a “regular” PC device with full user access that runs a major Linux distribution.
PS: This reply was intentionally formulated unspecific in parts to be able to serve as guide for all parties interested in the theme discussed.
I’m assuming my Asus router (bought a couple years ago) has a firewall? I’m pretty sure the router is set up to update automatically. I’ll have to check.
I’m not sure why you are introducing your router into this conversation but all ASUS routers have a firewall for both ipv4 and ipv6 (although, since ipv6 support is disabled by default, I suspect the ipv6 firewall is also disabled by default - I can’t remember, I have had ipv6 enabled for a couple of years now).
My Asus router (an RT-AX88U) will notify my when a firmware update is available but it will not automatically update.
However, yours may be different. I am running the Asuswrt-Merlin firmware on my router which might have changed this aspect (although it generally tried to stay very close to the ASUS firmware.
The latest ASUS firmware for my router is 3.0.0.4.388_24198 and was released on 20/10/2023. I suspect that your router will have an update dating from the same period.
@Suedkiez is correct. @BlackJack mentioned having an up to date firewall, which I believe my router has (Asus RT-AX68U, bought Oct 2022, running Asus firmware).
I appreciate the info you posted. I’ll have to check my router settings to see if it automatically updates.
I’m getting the sense from the responses here (thank you!), that with an up to date firewall, the security risk running an older Arch Linux version on my Salkstream may be reasonably low.
Still, if updating the OS would be a simple thing to do (I’m waiting to hear back from Salk about additional questions I have), it seems it would be a reasonable thing to do periodically to maximize the useful life of my Salkstream.
Oh, forgot to mention, if it matters, I don’t use ARC and have UPnP turned off in the router.
The firewall protects you mainly against attacks from to Internet towards your system.
If you use your system with outdated OS to access the Internet like your client computer you are at high risk.
If you have a dedicated music server which has outdated software, the risk is low, if you use it only for streaming music.
BUT:
You have to access services in the cloud, Roon, Tidal, Qobuz. These services have to maintain a current security level. They have to defend every day against multiple ten thousands of attacks. Therefor they have to be on the latest level.
To maintain connectivity from your client machines to these servers, you have to update your clients too. If you don’t do, at some stage the client is to old and the server is no longer compatible and you loose access.
I believe this applies to my case since the Salkstream is only used for streaming music; Roon for local library and Qobuz, and Airplay for streaming Apple Music from iPhone/iPad to the Salkstream.
So it seems since the Salkstream, using an older version of Arch Linux, is currently working fine with Roon, the most important thing currently is to make sure my router firmware is up to date. Does this sound right?
I looked up the process for updating my Asus router. The update process seems simple enough, but Asus then recommends resetting the router to factory defaults after updating, then setting up the router again (from scratch?). Setting up the router again is something I do not look forward to.
Ugh, sometimes all this “computer stuff” makes me want to go back to spinning shiny discs!
It’s odd. In the Asus owners manual and on this page about updating the router using the Asus app, there is no mention of needing to reset the router to factory defaults.
However, on this page about updating using the WebGUI, it does recommend resetting the router after updating. BTW, the video instructions in this link do not mention needing to reset.
I don’t know why the difference between the two methods.
Frankly, it doesn’t make sense to me that a reset to factory defaults would be needed. I’ve never had a product before that required a reset after updating.
The 1st link you have is from August 2023.
The 2nd is from January 2024.
My guess is: After the firmware upgrade some settings are not working in the way as before, resulting in problems after the upgrade.
The quick fix for this is a factory reset and restart from scratch. I have not seen in these guides, that you can save the config and restore it later.
). I figure that way I don’t have to rely on a 3rd party for OS maintenance and support (though Salk’s support has been exemplary).
