HDX connectivity

Hi Jon

This thread How do hard disk music servers mitigate some concerns may be of interest - I asked some similar questions and got replies from Naim.

ATB Rotf

I've looked, but the answers were not what I was wanting. I'd like to know which ports are open for outbound and which for inbound on the device, for exampls.
jon

Hi Jon

Would you not have a router between your HDX and the Internet? You could use ACLs on the router and NAT to protect the HDX. Moreover, it only needs this access to collect track titles and artwork, most of the time it doesn't need to be networked.

If you could get access to the HDX then you could run NMAP and Nessus to have a look at what you could see.

This is a different world from just playing 12" of plastic with a hole in the middle.

ATB Rotf

quote:

I'd like to know which ports are open for outbound and which for inbound on the device

Good question, likely to be unanswered here inasmuch as there are also StreamNet services to consider. I'd probably port sniff in a pinch.

quote:

Originally posted by ROTF:
Hi Jon

Would you not have a router between your HDX and the Internet? You could use ACLs on the router and NAT to protect the HDX. Moreover, it only needs this access to collect track titles and artwork, most of the time it doesn't need to be networked.

im not sure its quite that simple -- for example, although we know that hdx can get data files from other machines on the LAN, it would make a lot of sense for other players to get data files from the hdx store too. After all, in this "digital democracy" we dont want double storage.

so now the hdx needs to be a file server onto the lan. Read only, yes, but still there -- and thats just for nice stuff. A denial of service attack from a virus-infected machine on the lan might find ways of getting into xp through buffer overrun (xp hardly has a good historical record in terms of such DofS attacks, for example).

And so on and so forth. Now that Naim is proposing putting a device onto my ethernet, and into my secured LAN, there is a whole new layer of responsibility for being seen to play nicely in that space.

at the very minimum, we need *a lot* more information about which ports need to be open both incoming and outgoing on the hdx, and for what purpose (obvious or otherwise)

jon

quote:

it would make a lot of sense for other players to get data files from the hdx store too.

Not sure this is permitted–use NAS instead.

Naim says you can control the HDX wirelessly from a laptop with the Desktop Client application. That means it has wireless on board. Will the HDX be able to access the online AMG database it uses to get information on ripped CDs wireless too?

Richard.

quote:

Originally posted by jon honeyball:

quote:

Originally posted by ROTF:
Hi Jon

Would you not have a router between your HDX and the Internet? You could use ACLs on the router and NAT to protect the HDX. Moreover, it only needs this access to collect track titles and artwork, most of the time it doesn't need to be networked.

im not sure its quite that simple -- for example, although we know that hdx can get data files from other machines on the LAN, it would make a lot of sense for other players to get data files from the hdx store too. After all, in this "digital democracy" we dont want double storage.

so now the hdx needs to be a file server onto the lan. Read only, yes, but still there -- and thats just for nice stuff. A denial of service attack from a virus-infected machine on the lan might find ways of getting into xp through buffer overrun (xp hardly has a good historical record in terms of such DofS attacks, for example).

And so on and so forth. Now that Naim is proposing putting a device onto my ethernet, and into my secured LAN, there is a whole new layer of responsibility for being seen to play nicely in that space.

at the very minimum, we need *a lot* more information about which ports need to be open both incoming and outgoing on the hdx, and for what purpose (obvious or otherwise)

jon

I think you'll find major differences between Windows XP on a PC and Embedded XP on the HDX. Also, many users experiences of buffer overrun attacks on XP on a PC are related to XP with no, or SP1. Running XP with SP3 is a different option altogether. Remember as well that you are only running Naim's apps on the HDX, nothing else, many forms of virus infection are seen from people downloading an app, from a web browser running on the PC etc., none of which you can do on the HDX.

I guess it'll have something like port 80 open to serve it's web pages on, but even then it'll not have a full web server, but something that just serves up it's flash interface to requesting devices.

If you've got such an in-secure network that your machines on it regularly get viruses so much that this is a worry, I'd suggest you've got other things to get on with repairing than worrying about the vulnerability of the HDX.

Roy.

quote:

Originally posted by KTMax:
Naim says you can control the HDX wirelessly from a laptop with the Desktop Client application. That means it has wireless on board. Will the HDX be able to access the online AMG database it uses to get information on ripped CDs wireless too?

Richard.

The HDX does not have wireless networking built in to the unit itself ... to control the HDX wirelessley then your network would need to have a wireless access point on it.

Cheers

Phil

quote:

Originally posted by Phil Harris: The HDX does not have wireless networking built in to the unit itself ... to control the HDX wirelessley then your network would need to have a wireless access point on it.

Thank you Phil. Forgive me my ignorance. This text from the Naim site made me think I had wireless on board: "Or perhaps you want to run the HDX wirelessly from your laptop? Easy; use either the Desktop Client application or a web browser."

So out of the box the HDX won't be able to connect to my in house wireless lan?

Obviously I need a little more time to get used to audio getting IT.

quote:

Originally posted by Roy Donaldson:
If you've got such an in-secure network that your machines on it regularly get viruses so much that this is a worry, I'd suggest you've got other things to get on with repairing than worrying about the vulnerability of the HDX.

uhhuh...



jon
contributing editor, pcpro magazine...

quote:

Originally posted by KTMax:
So out of the box the HDX won't be able to connect to my in house wireless lan?

Correct - the HDX has a wired ethernet port only.

Phil

quote:

Originally posted by Phil Harris: Correct - the HDX has a wired ethernet port only.

OK. Would something like this (wireless USB adapter) work in the HDX to hook up to the AMC.com database?



I ask because there's no way for me to get an ethernet cable to my system.

I'd suggest you have a look at some of the PowerLine, ie. ethernet over your power cables, type solutions you can get. These are remarably cheap and just plug into the mains.

Alternatively, you can buy something like the Airport Express, or what are generally called Gaming Adaptors (really just an ethernet to wireless bridge).

Roy.

Putting lots of RF hash onto the mains wiring might not be a good idea.

Excluding StreamNet use across the network to other zones, or network control of the server, there is no reason why one could not use an ethernet-over-mains adapter near to the system, for use only when the server needs outside access to the Internet (say, while ripping CDs–requests of metadata for which, by the way, could be queued for after-hours lookup).

The caveat, though, is to make sure that BOTH adapters (head-end and destination) are removed from the mains during serious listening.

Jon although you ask a good question, I can't help but wonder how one would land up with a computer on the home network with a viral buffer overrun do-dad that has the capability to do anything with an HDX?

Surely as long as its behind a router which it will need to be, its no more a less dangerous than say an AppleTV, airport express or Squeezebox?

quote:

Originally posted by garyi:
Jon although you ask a good question, I can't help but wonder how one would land up with a computer on the home network with a viral buffer overrun do-dad that has the capability to do anything with an HDX?

Surely as long as its behind a router which it will need to be, its no more a less dangerous than say an AppleTV, airport express or Squeezebox?

I'm just being provocative, but in a kindly caring way to Naim. *anything* which goes onto Ethernet needs to have a clearly defined which ports are open and for what purpose. Thats best practise, and is what we expect from Naim. Such information has not been forthcoming from Naim so far.

Yes, it is early days and the product hasnt yet shipped in final form, but this is Naim moving into new areas of technology. A reality check by those of us with the relevant knowledge, who work deeply in this field, will only help to make a better product.

Those who attempt to think through the multiplicity of routes through which things can go wrong always miss one. And sod's law says thats the one that will get hit.

This comes from almost an impedance mismatch in thinking between the two worlds. On the one hand, we have long and and labourious discussions about putting in dedicated mains spurs to our naim equipment, making sure the cables (and choice thereof) dangle just right, to seperate "brains from brawn" in the placement of our kit. And so on and so forth.

Along comes HDX and we have already had the suggestion to do ethernet over mains. And doubtless to drape some gig ethernet cabling round the back of the Fraim too for good measure.

Those of us with expertise and experience in both fields are just saying "hold on a sec..." And asking questions like "firewalls?", "what ports are open" and so forth. I havent even started on "what is the musical degradation of a heavily fragemented disc which is, say, over 80% full? Does the embedded XP installation do a defrag at 3am?"

With a crossover product like this, there are lots of questions that need to be asked and answered, so that everyone can get to enjoy their HDX as best as possible.

To answer your question of how could anything do any nasty to an HDX, you must remember this is a Windows computer. It is not a CDS1 or a 555. It comes from a completely different world.

Thats all...

quote:

Originally posted by jon honeyball:
I havent even started on "what is the musical degradation of a heavily fragemented disc which is, say, over 80% full?

Why do you think there would be any sonic effect (good or bad) due to a WAV (or whatever format Naim use) file that is either spread all over the HD or 100% contiguous?

What possible difference would it make?

That's what buffers are for?

quote:

Originally posted by jon honeyball:
Putting lots of RF hash onto the mains wiring might not be a good idea.

That's my idea too. But do you guys think a USB wireless adapter would work on the HDX? Would be pretty simple solution...

Richard.

quote:

Originally posted by PeterZ:

quote:

Originally posted by jon honeyball:
I havent even started on "what is the musical degradation of a heavily fragemented disc which is, say, over 80% full?

Why do you think there would be any sonic effect (good or bad) due to a WAV (or whatever format Naim use) file that is either spread all over the HD or 100% contiguous?

What possible difference would it make?

That's what buffers are for?

Then I would infer that you would say that it matters not what happens in the digital domain of a cd player, because thats just ones and noughts too with a buffer thrown in for good measure????

quote:

Originally posted by KTMax:

quote:

Originally posted by jon honeyball:
Putting lots of RF hash onto the mains wiring might not be a good idea.

That's my idea too. But do you guys think a USB wireless adapter would work on the HDX? Would be pretty simple solution...

Richard.

Theres "work" and "work"...

I would be doing my utmost to keep as much RF noise away from my hifi as possible. Plonking a USB wifi adapter (aka "transmitter") onto an HDX, which might put it within inches of my superline phono stage might not be the best thing to do, but it would "work" in a logical yes/no way.

jon

Thank you Jon.

Fully agree with the RF signals being so close to the components and cables although the amount of RF signals already in the air must be scary too.

If it works I would only plug it in when - or better after - ripping CDs so the HDX can access the AMG database to get the CD info. That would be all for me.

Far better to run some shielded ethernet cable carefully away from the hifi stack and towards the house network wiring.

Naturally, a fibre connection would have been even nicer...

quote:

To answer your question of how could anything do any nasty to an HDX, you must remember this is a Windows computer.

Partly–but not entirely, not the poorly-managed £200 desktops that you often find in someone's home. BIG difference.

Keep in mind, too, that you can crash a web server on a Linux appliance or any other device that provides Web services–how you approach this makes all of the difference.