Hi,
I just tried to add my AppleTv into the audio devices, and had to setup password access for audio playback on the ATV. I don’t want that at all, but I didn’t find a way to do this without that. So that means playing any other device on the ATV these devices also have to use this password. The tvOS also has the possibility to use a temporary pw that pops up if the connection is established. I don’t know about the backgrounds, but I feel that Roon make things only right for itself, but breaks compatibility for other use cases. Another example is, that on my Mac mini running the Roon core I had to setup a dedicated user for that who is always logged in. I don’t understand why the Roon core doesn’t go in the background and acts like a daemon like all other system related programs do. This is of course a security issue, because Roon ARC opens ports to the internet, and if Roon for some reason has a bug or e.g. the beloved buffer overflow happens and opens a root console to the system, well, not good. AFAIK daemons have well defined limited resources, access and functionality, so getting out of there sandboxes is hard to achieve. If a daemon, which has only some few functions, would be corrupted not the whole system will be infected. Separating simple core functions and more complex logic is always a good idea.
And the third thing I’d like to fingerpoint, is the one user approach for the streaming clients. I’d like to have access to other users account on the streaming providers to share the music and experience that e.g. my wife has with her account. Well, she pays the half of the monthly fee for Roon, so I think it’s her well deserved right to have access to her streaming account.
Having said this, I hope some of the Roon guys will read this and my comments are going to help to improve Roon’s user experience and security.
At the end I’d like to apologize for some grammatical issues someone will find in that post, because I’m german and not a native speaker.
Cheers,
Stefan