Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40
  1. #1
    Senior Member B1tbull's Avatar
    Join Date
    May 2009
    Location
    Belgium
    Posts
    107

    2015 NAS for LMS

    Greetings,

    I finally decided to move on from a dedicated PC to a NAS device for running LMS.
    From past history is seems that SBS/LMS has been running on Netgear, Qnap and Synology gear.
    The simple question is which NAS device still has a working package today ( 2015 ) to run LMS.
    All I need is the basic capability streaming FLAC files to Duet/Squeezebox classic receivers from the NAS device.
    Other internet streaming services are not required.
    From looking at the NAS mfg. sites it is not clear who is still supporting LMS as a simple package.

    PS. Not interested in Vortex/Linux/Raspberry Pi or manually engineered NAS solutions, just want it KSS ( Keep it simple and Stupid ).

    Thanks in advance for any advice in this regard.

  2. #2
    Member KeBul's Avatar
    Join Date
    Sep 2009
    Location
    London
    Posts
    85

    Some QNAP info...

    I've been using a QNAP TS-119 or TS-219P+ or for many years now, they have given solid service but the recent discovery that SSOTS uses a version of bash that has the 'Shellshock' vulnerability caused me some concern.

    What concerned me even further was the guy who discovered this obviously had spent some time trying to find the 'owner' of SSOTS/LMS on QNAP's, he was given short shrift from QNAP community forums and headed off to talk to QNAP, who's public response has been to remove the software from their App store. (you can still get it elsewhere though).

    I couldn't find any reference to the issue here and tried to raise it myself but hit verification issues that were stopping me from posting. Finally Michael Herger posted here: http://forums.slimdevices.com/showth...xposedby-SSOxS but there hasn't been a positive public response on that thread, so at this stage I've no idea if anyone is working on SSOxS to resolve the bash vulnerability, I sure hope someone does, it's a pretty cool community continuing support for the Squeeze eco system it would be a shame if SSOxS was left behind.

    So in the meantime I've migrated over to a Raspberry Pi 2 B, very simple to get up and running using the new SqueezePlug & MAX2Play noobs install, (more info here: http://forums.slimdevices.com/showth...sion-Available ) very cheap and incredibly quick and very low power consumption. I'm still amazed how quick LMS web interface is now compared to the sluggish response I was used to when it was running from either NAS, I doubt I'll ever revert back to running directly on either of my NAS units.

    Also I think there may be issues with some (or all?) of QNAP's newer Freescale Arm Cortex Processor models and SSOTS, pretty sure I saw a thread in QNAP community forums about this - so worth a look there prior to purchasing, other than that all QNAP Marvell ARM, Atom and Core2Duo x86 models still work with SSOTS/LMS.

    ******Update on above paragraph*******

    I found the thread on QNAP Community forums, I'll link to it but you have to be registered and logged in to view: http://forum.qnap.com/viewtopic.php?f=123&t=99281
    It would seem there is no qpkg for the new ARM Cortex based units, but you can manually install SSOTS, configure autostart and install the LMS tarball from within SSOTS.

    ******

    I'm not a Synology or ReadyNAS user but I would imagine SSODS for those also suffers from the bash vulnerability and I certainly can't help with specific model support, hopefully others will chip in to help you with that.
    I sure I glance through a write up on running LMS on a Synology (or ReadyNAS) using another underlying package, but can't remember where (somewhere on these forums though).

    Cheers

    Kev
    Last edited by KeBul; 2015-04-27 at 14:05.

  3. #3
    Senior Member
    Join Date
    Oct 2010
    Posts
    180
    I'm running LMS on a QNAP TS-215. The shellshock issue is news to me, but it looks like it already has been addressed:

    http://www.wegotserved.com/2014/09/3...ty-qts-v4-1-1/

    And the LMS App still is present on the QNAP App center:

    https://www.qnap.com/i/en/app_center...X86&jump_win=1

    Am I missing something? Is this still an issue?

    Terry

  4. #4
    Senior Member
    Join Date
    Nov 2014
    Posts
    203
    Quote Originally Posted by KeBul View Post
    the recent discovery that SSOTS uses a version of bash that has the 'Shellshock' vulnerability caused me some concern.
    Kev,

    Thanks for mentioning this. This is good info. Do you know if this is a problem on Synology as well?

    ---

    B1tbull,

    The latest version supported on Synology NAS systems is 7.7.3. My impression is that they don't really care about the LMS package (anymore). It's doubtful in my mind there will be further updates; they might even pull the package at some point.

    Personally, I'm moving in the direction of using my NAS for storage only and running LMS on a small-board computer like a Raspberry Pi 2.

  5. #5
    Member KeBul's Avatar
    Join Date
    Sep 2009
    Location
    London
    Posts
    85

    TerryS...

    Quote Originally Posted by TerryS View Post
    I'm running LMS on a QNAP TS-215. The shellshock issue is news to me, but it looks like it already has been addressed:

    http://www.wegotserved.com/2014/09/3...ty-qts-v4-1-1/

    And the LMS App still is present on the QNAP App center:

    https://www.qnap.com/i/en/app_center...X86&jump_win=1

    Am I missing something? Is this still an issue?

    Terry
    Yes and Yes...

    Correct QNAP patched QTS, quite rightly as well, it is their software.

    The issue I'm talking about is in SSOTS (Squeeze Server On Turbo Station) which is the underlying software that allows Squeeze Server or now Logitech Media Server to run on the NAS.

    In QNAP's App Store, as you correctly linked to, the App page is there, but neither download links work - both give "404 - Page not found". The product has been pulled.

    So yes it is still a problem. As my first post stated, Michael H is aware and has asked if someone can tackle it (see link from my first post) - so far on that post no-one has stepped up to look at it, but that doesn't mean no-one is looking at it, just means no-one has publicly declared they are looking at.

    Kev

  6. #6
    Senior Member
    Join Date
    Oct 2010
    Posts
    180
    I see. Thanks for explaining.

    Terry

  7. #7
    Member KeBul's Avatar
    Join Date
    Sep 2009
    Location
    London
    Posts
    85

    Not 100% sure about Synology...

    Quote Originally Posted by poing View Post
    Kev,

    Thanks for mentioning this. This is good info. Do you know if this is a problem on Synology as well?
    I believe Synology uses SSODS (Disk Station) and QNAP SSOTS (Turbo Station) I think SSODS came first and was modified into SSOTS for use on QNAP Turbo Stations, so I would expect the underlying bash version to be the same.

    The chap who found the vulnerability uses QNAP and SSOTS hence the issue being highlighted in the QNAP world first.

    flipflip the original programmer doesn't seem to have been around for some time now, others have been modifying SSOTS in recent times, flipflip's website is still running though and has updated copyright dates (2015) and an email address http://oinkzwurgl.org/ssods

    Quote Originally Posted by poing View Post
    Personally, I'm moving in the direction of using my NAS for storage only and running LMS on a small-board computer like a Raspberry Pi 2.
    Which is exactly what I have just done, I think I'll end up with my music stored on the RP2 using a usb flash drive but automatically backed up onto my NAS units.

    Kev

  8. #8
    Senior Member B1tbull's Avatar
    Join Date
    May 2009
    Location
    Belgium
    Posts
    107

    Thanks to all for this valuable input.

    Based on your feedback I am afraid that LMS is soon to be extinct in all the NAS incarnations,
    mainly because Logitech has pulled the plug on this software long time ago.
    My initial intend was getting a NAS for backup only, and this is what I may end up doing now.
    The Raspberry PI alternative seems now a valid alternative.
    I will check other forums for specifics on this.
    Any other alternative solutions are now of course welcome.

    This forum still rocks - keep the info flowing.

  9. #9
    Senior Member HeadBanger's Avatar
    Join Date
    May 2010
    Location
    Ashingdon, UK
    Posts
    442
    Quote Originally Posted by poing View Post
    Personally, I'm moving in the direction of using my NAS for storage only and running LMS on a small-board computer like a Raspberry Pi 2.
    No need. Unrelated to this pinkdot has been developing a way to repackage LMS as an installable spk update (or fresh instal) via Synology's DMS for Diskstations that will not instal LMS via SSODS.

    I currently have LMS 7.9 on my DS1815+ using his beta re-pack. Have a look on the SSODS thread for more details.

    HB

  10. #10
    Senior Member
    Join Date
    Oct 2010
    Posts
    180
    Please forgive what probably is a stupid question, but what is the mechanism for an attack using the shellshock vulnerability? Is it through WiFi, or could it get in through an internet connection? Wouldn't my router firewall protect from an internet based attack?

    I live out in the boonies, so I'm not too worried about WiFi based attacks. You'd have a problem just getting within WiFi range of my house. And my internet connection is through a Verizon 4G modem connection, so I don't think any external ports are accessible. I can't even use remote log in apps like a remote camera or remote desktop connection because Verizon doesn't assign static IP addresses for 4G. So I'm wondering if this shellshock vulnerability is anything I need to worry about.

    Terry

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •