* Posts by Recluse

40 publicly visible posts • joined 22 Jan 2020

Windows 11 24H2 rolls out to more devices – with a growing list of known issues

Recluse

Re: windows mail

I’ve successfully used Evolution (free) on my Linux Mint install for a number of years. Worth a look?

Later - found this link (review)

https://www.zdnet.com/article/finally-this-is-the-linux-email-client-ive-been-hoping-for/

Microsoft preps big guns to shift Copilot software and PCs

Recluse

Re: Thank goodness

Its not just Microsoft that I don’t trust with my information and at home I have blocked via my pfsense firewall by default the ASN’s associated with the likes of Google, Microsoft, Facebook, Oracle, Telegram, Twitter, Yahoo, Adobe et al (obviously this breaks a lot of things, but allows me to approve access on a device by device basis)

Interested to learn what Microsoft ASN have been blocked by your employer to see whether I need to add more to my (lengthy) list.

Inevitably there will be leakage to the data harvesters, but short of not going online at all, I aim to loose by the smallest possible margin.

Now where did I leave my tinfoil hat?

Hello? Emergency services? I'd like to report a wrong number

Recluse

Re: Really?

I recall many years ago being caught out by this. Having set up voicemail on a new mobile (Vodafone?) attempting to retrieve a message I inadvertently dialled 112 instead of 121 and was most surprised to be talking to a ( fortuitously sympathetic) operator …

At the time I was unaware that 112 was a valid emergency number within the UK. I’m still unclear as to whether 911 will work, but I don’t intend to test it!

Cellebrite got into Trump shooter's Samsung device in just 40 minutes

Recluse

Security - every little step helps

Unfortunately (if like me) one is relatively unsophisticated, then you are reliant upon the skill of others to protect your cloud based data (either that or don’t use the cloud - but difficult to avoid these days)

That said, in my experience, people frequently don’t (hassle/convenience preferred?) avail themselves of additional security that is available - say 2FA for your email or (in the case of iOS) activating Advanced Data Protection. Every little bit helps.

As an iOS user, have you activated Advanced Data Protection?

https://support.apple.com/en-gb/102651

Oh Sonos! App update borks users' favorite features and worse

Recluse

Re: Oh, and best of all...

Whilst LMS and PiCorePlayer can be controlled via a web browser for those on iOS, iPeng IMHO is money (one off about £10) well spent. A mature application for controlling LMS (and multiple PiCorePlayers) with a very responsive and helpful developer. Its upgraded when necessary to support evolving versions of iOS, otherwise the app is left alone (already has superb functionality - if its not broke, don't fix it!)

See here

https://apps.apple.com/gb/app/ipeng/id767266886

Support forum here

https://forums.slimdevices.com/forum/user-forums/3rd-party-software/51576-ipeng-support-thread

Recluse

The Sonos alternative is the open source (free) PiCorePlayer

Me thinks time to investigate the Picoreplayer ecosystem (hardware using a Raspberry Pi with potentially amplifier HAT add on) which is based upon the former Squeezebox/Logitech Media Server - now renamed Lyrion. Although Logitech no longer support LMS it has an active developer base expanding its functionality.

Michael Herger (a Logitech employee still supports it and there are a mini army of reactive developers supporting a multitude of plugins enhancing its functionality) eg Tidal, BBC Sounds, I have found them streets ahead in responding in a timely manner to external changes that break functionality (e.g. when the BBC changed their streaming model and broke a lot of commercial digital radios, LMS had a working solution up in hours, whereas it was months before others caught up - some never did and left punters with junked sysyems.

I’ve been using the ecosystem to stream synchronised music around my home for years (this includes locally ripped music, as well as internet streamed from a wide variety of sources). Its most compelling points are its open source, hardware can be easily replaced and superb software support. IMHO Its open source software at its best.

Links

Software site https://www.picoreplayer.org/

Hardware https://thepihut.com/collections/raspberry-pi-audio-hats

Support forum https://forums.slimdevices.com/forum/user-forums?20-User-Forums=

Prof asks court to protect his Unfollow Everything 2.0 extension from Facebook's ire

Recluse

Re: Killing the connection?

Whilst I am yet to use the wireguard facility on my pfsense router, I do widely utilise Open VPV both as a server (for secure inbound connections to my local network) and also outbound client connections to route traffic of choice via my external VPN provider.

Pfsense is essentially an enterprise level firewall available for free. As you may have gathered its quite a handful to configure (albeit there is a lot of information available online) Just about any scenario can be covered and I would encourage you to explore. I have been “playing” with it for a few years and still feel like a “newbie” The more you play the more you learn!

If you want to further your knowledge, check out Lawrence Systems on You Tube (advert free via Invidious) Tom the owner is a fan and has created quite a few videos hi-lighting its potential.

BTW, if you are looking for something straightforward to setup (perhaps as an interim measure whilst you explore pfsense) try Pi Hole

https://pi-hole.net/

Comparison here

https://www.virtualizationhowto.com/2022/04/pfsense-pfblockerng-vs-pihole-pros-and-cons/

Recluse

Re: Killing the connection?

If you want to try going full on at the network/gateway level rather than just browser, look to install pfsense as your firewall and then load a package called pfblockerNG. Utilising the latter it is possible to block both by way of DNS and IP. Also possible to block sites by way of geographical location.

So you could (by way of example) block via DNS e.g. facebook.com or any combination e.g. facebook.co.uk or even by TLD e.g. *.ru *.adult *.aero

Alternatively via IP you could block access to any ASN’s associated with Facebook e.g.

AS11917

AS32934

AS54115

AS63293

AS395291

(or anybody else e.g. Google, Yahoo, Microsoft, Amazon etc)

The nice thing about pfblockerNG is that all the associated firewall rules are generated automatically and can be auto updated as often as you wish. Ditto IP’s associated with ASN’s

I use it to block vast swathes of the internet e.g. all of Google, Microsoft, Adobe etc. only allowing outbound access at an individual device level as appropriate. You can subscribe to (free) lists of malware site and compromised sites. Also know adservers. The list is almost endless.

I find it does provide more granular control, albeit at the expense of breaking things - e.g. Apples iCloud is not exclusively hosted on Apple’s infrastructure. You may find yourself the subject of family complaints and need to spend time unblocking (or just allow the other half white list access to everything, whilst protecting your own devices)

I’ll whisper this, but I never see any adverts when browsing a certain “biting the hand that feeds IT” site.

Of course your level of paranoia may be less than mine (now where did I leave my tin hat?)

Bottom line, only way to be totally invisible is to be offline, otherwise we aim to lose by the smallest possible margin.

BTW did I mention this is all available for free? Note you want pfsense CE edition - Community Edition, not the paid for Plus edition)

https://www.pfsense.org/download

https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html

Have fun!

Ransomware gang did steal residents' confidential data, UK city council admits

Recluse

Re: I am beginning to think . . .

I’ve long ago reached that conclusion … I won’t even apply for my bus pass entitlement on the basis I don't trust the council idiots to safely secure my identification data and photograph.

Now if I could just get the DVLA. to delete my driving licence photo … Oh forgot about the idiots at HMRC & NHS and the Electoral Commission (but as to the latter, I seem to recall its already all gone to some foreign entity with them having been hacked)

My personal data is very important to me, but only post hacking, does security become top priority to these numpties (or was that posterior/bonus covering?)

Horse, door, stable, bolts, shut, me thinks

God help us all if they introduce a mandatory biometric national ID card

Former Post Office boss returns CBE to sender over computer system scandal

Recluse

Re: How many fraud and theft cases in the 80s?

Whilst I share the outrage of the many, I think the ultimate unaccountable public body is HMRC.

They don’t answer the phone efficiently (if at all) they have no local offices and take months (in my experience) to answer correspondence and then frequently ineptly. They have inherited (via Customs/Excise) forcible powers of entry - they effectively write their own search warrants.

They are judge, jury and executioner all rolled into one, with draconian levels of powers able to impose “assessments” the ultimate steamroller … Essentially you are guilty until proven innocent.

Don’t think it will ever happen to you?

Read this woeful tale of a business destroyed by HMRC and the tortuous route the victims had to follow in order to try and obtain some form of redress. Its positively “Orwellian” To the very end HMRC were attempting to avoid any financial liability for their outrageous conduct.

https://www.rpc.co.uk/perspectives/tax-take/high-court-criticises-hmrcs-conduct-and-compels-it-to-honour-its-undertakings/

Short cut to full (2015) judgement on Bailii.org (for those with time on their hands to digest )

https://www.bailii.org/cgi-bin/format.cgi?doc=/ew/cases/EWHC/Ch/2015/225.html&query=(Abbey)+AND+(Forwarding)+AND+(Ltd)+AND+((in)+AND+(liquidation))+AND+(v)+AND+(HMRC)+AND+(.2015.)+AND+(EWHC)+AND+(225)+AND+((Ch))

UK PM promises faster justice for Post Office Horizon victims

Recluse

Re: Hot air

Yes indeed and you can also add to the list the scandal surrounding the NHS and those unfortunate to suffer from haemophilia whom decades later are still awaiting meaningful compensation (a significant number having died from HIV)

https://en.wikipedia.org/wiki/Contaminated_blood_scandal_in_the_United_Kingdom

Ofcom proposes ban on UK telcos making 'inflation-linked' price hikes mid-contract

Recluse

Re: Price rises

Oh A&A do put their prices up !

I seem to recall them increasing their monthly line rental on VOIP lines (SIP Number service) from £1.00 to £1.20 per month.

Mind you it was their first price increase in over ten years and if you contrast them with the grasping main players (BT/Virgin et al) I consider their SIP services a bargain.

Your password hygiene remains atrocious, says NordPass

Recluse

Re: What about sites that force you to make it easier?

My experience is similar - complex passwords ( > 25 characters) accepted, only to find that the password is later rejected as incorrect.

Experimentation finds that the site (although not mentioned) only actually accepted/recorded (say) the first 20 digits of the input passwotd. Doesn’t say much for their capture/error checking/sanitation code …

My other bugbear (as I use a password manager) is constantly being hassled to rotate passwords. If its a site that I don’t visit frequently, the first 5 minutes of any return are spent messing around updating/resetting passwords.

Naturally the sites that seem to insist on frequent changes are the ones that often don’t offer proper 2FA - only the inadequate SMS version - and perhaps I don't want them to know my phone number (no, I am not referring to “cough” smut sites …)

Copilot coming to Windows 10 to help navigate the OS's twilight years

Recluse

Re: Plan to slow Windows 10 - try the other side, its less hassle (mainly)

You may indeed - its VMWare Player which is free for personal non commercial use.

See here

https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html

I migrated to Mint about 5 years ago and its been subject to multiple OS updates (all seamless so far) Just as well really as I am no Linux geek!

Its been such a long time I can no longer recall how I installed player, but it seems reliable and stable.

Recluse

Re: Plan to slow Windows 10 - try the other side, its less hassle (mainly)

Windows has become a tool to allow Microsoft to poke its nose into our lives (the OS equivalent of Google Chrome) Oh for the happy days of Windows 7 when the OS (mainly) did what it was asked and nothing more.

When I noticed I seemed to be spending more time fighting Windows, than using it, I gave up and migrated to Linux Mint. An Apple OS initially appealed (because of greater software choices) before I recognised I would likewise be forced into not infrequent hardware purchases to keep current with Mac OS - so another financial treadmill to avoid.

I decided because of security concerns to give the Linux Wine windows emulator a miss and instead use a locked down Windows 10 VM running within Linux for some local windows specific scanning software, Microsoft Money and Mailstore (to archive/backup my external email)

As regards Windows talking to the mothership I blocked every Microsoft ASN I could find at my home firewall (as I likewise do for Google, Amazon, Facebook, Adobe, Yahoo and Oracle) I do allow access, but only on device specific as of need basis.

My approach does break things - a lot of firms utilise Azure for instance, so web browsing can be intermittent, and it does hi light that Apple seems to avail itself of Cloud competitors storage when hosting iCloud et al …. but everything in life comes at a cost.

More recently my Win 10 VM seems to be talking to the mothership once again, so I have taken the nuclear approach of blocking all outbound connections from the VM except specific AV updates and access to Mailstore.

I feel more in control and I have learned a lot trying to repair what my restrictions break. We aim to loose by the smallest possible margin.

Now where’s my tin foil hat gone ?

Mid-contract telco price hikes must end, Ofcom told

Recluse

Re: Hands

I believe it was called the Zen “lifetime price guarantee”

It was withdrawn for new or existing customers moving to a new plan but continues for those (like me) who do not change their out of contract plans. That said I am sufficiently old in the tooth to know that ultimately it’s likely my plan will be withdrawn by Zen when they decide its uneconomical to maintain and the offered “improved” plan will come without.

Whilst Zen no longer offer the lifetime guarantee, they do guarantee a fixed price for the term of your contract - a much more ethical approach than a lot of the big boys. Its hard work saving money, which is why the big boys with their automated systems have a field day with the busy and apathetic.

I always review my options (your electronic diary is your friend) - as my late father used to observe “we aim to lose by the smallest possible margin” …

Windows 11: The number you have dialed has been disconnected

Recluse

Re: Tim Cook's punishment?

As a person who went to a comprehensive school (unlike my mother who was grammar school educated) its a delight to be educated by the learned readers of the Register, not only in technical IT matters, but also the history of England and its grammar.

Embarrassingly I often feel that my multi lingual friends have a considerably better grasp of the subject (I fear I might be demonstrating my inadequacies in this written response)

That said I do know its “similar to” and “different from” …

BOFH: You. Wouldn't. Put. A. Test. Machine. Into. Production. Without. Telling. Us.

Recluse

Re: The guy's here...

Many years ago, on logging onto a website and being advised that I was required to change my password (and as a recent convert to the joys of the password database) I rather smugly decided to update my password to a super secure (so I thought) 30 digit one (system specified a minimum length of 10 characters).

Auto generated new password and cut/pasted into requisite field, which was duly accepted and confirmed updated. Completed my business on site and logged out and happily went on my way.

Next time I came to logon my password was rejected as invalid - impossible I thought as its recorded in a database and was copied/pasted.

So I used the reset password link and updated my password once again, however next time I came to logon again history was repeated - updated password invalid.

It was only much later I discovered that said system not only had a minimum length but also a maximum field length ... which I consistently exceeded, presumably it arbitrarily shortening my input.

That will teach me to be smug (would still wish to shoot the developer - where was the error checking?)

Remember the bloke who was told by Zen Internet to contact his MP about crap service? Yeah, it's still not fixed

Recluse

He needs to migrate to Andrews and Arnold (AAISP)

Seems a classic case to let AAISP loose on BT Openreach

More here https://www.aa.net.uk/broadband/we-will-fix-your-line/

Microsoft releases Windows 11 Insider Preview, attempts to defend labyrinth of hardware requirements

Recluse

Re: Check out Pi-Hole - run on a VM if necessary

I basically block anything Microsoft related at my pfsense firewall until such time as I need to update my Windows VM at which point I temporarily enable access.

Note there are wider implications in blocking Microsoft eg Azure hosted websites etc. This can be overcome by segmenting your network devices into access lists - appreciate I am a bit of a tin foil hat in this regard. Unfortunately privacy requires some effort (and occasional inconvenience).

ASN numbers listed for Microsoft shown here

https://whois.arin.net/rest/org/MSFT/asns

If you are using pfsense firewall this article describes how to block ASN numbers

https://dannyda.com/2021/04/22/how-to-block-asn-autonomous-system-number-with-pfsense-firewall-how-to-block-an-organization-using-pfsense/

Recluse

Re: Check out Pi-Hole - run on a VM if necessary

I run a Windows 10 VM (to cater for a few necessary programs - e.g. Microsoft Money) within a Linux Mint desktop. I also run pfsense with the pfblockerNG add on - this provides a DNS sink hole capability as well as IP blocking.

Originally I just added every combination of Microsoft DNS associated names to the sink hole, but still there appeared to be a lot of data being extracted.

I eventually (as far as I can tell) blocked this by adding every Microsoft ASN number I could find (currently 29 in my list) to the IP blocker within pfblockerNG.

Every time I boot the VM my firewall logs fill up with attempted connections to Microsoft allocated IP addresses.

Moral if story - if you want to block Microsoft do it at the IP level

Nominet ignores advice, rejects serious change despite losing CEO, chair, half its board in membership vote

Recluse

Drain the swamp ...

As my eyes descended through Kieren's latest update the more my eyebrows rose ... shortly thereafter my jaw joined in and descended, ultimately hitting the floor when I reached the bit about Eleanor Bradley (recently been removed from the board) now being appointed as interim CEO. Talk about waving two fingers at the membership!

I wonder if this might act as a catalyst for EGM number 2 (similar to the way the shutdown of the Nominet forum during the AGM seemed to have been the final straw last time)

Of course where money is involved those currently in control are unlikely to depart voluntarily ... I fear this may be a long slog to drain the swamp, let us hope Public Benefit are up for a further fight

As battle for future of .UK's Nominet draws closer, non-exec director hits a nerve with for-profit proposal

Recluse

Re: To: support@ionos.co.uk

An alternative registrar ?

Mythic Beasts - see here https://www.mythic-beasts.com/domains

(and as an added bonus in the forthcoming vote, they have already declared to oust the current Nominet squatters)

What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses

Recluse

Re: Smug bastard is smug.

Or indeed pfblockerNG on pfsense (which IMHO. is a pihole on steroids)

See here (article is a couple of years old)

https://linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

Angry 123-Reg customers in the UK wake up to another day where hosted mail doesn't get through to users on Microsoft email accounts

Recluse

Re: Recommendations please

Yes likewise - highly recommend Mythic Beasts as well

Microsoft accused of sharing data of Office 365 business subscribers with Facebook and its app devs

Recluse

ASN blocking, not individual IP, is the way to go

@Binraider

If I have understood your intentions correctly, I think that blocking individual Microsoft IP addresses will be akin to "wack a mole" much better to block at the ASN level.

As indicated in my original post one of the third party packages I use in pfsense is called pfblockerNG (pfBlockerNG-devel v2.2.5_33) which allows DNS and ASN blocking. Amongst its killer features is it will automatically check and update ASN lists so as additional subnets are added/removed from an ASN it will update the firewall block lists without any further intervention.

Looking at my firewall logs this morning (post Windows 10 VM boot) I can see the following IP addresses (all Microshaft) on port 443 blocked

52.114.75.79

13.69.68.25

13.80.7.77

52.114.132.73

These are different from those I listed yesterdays and would not be blocked via DNS (no entries listed for IP's)

Personally, if you can, I would recommend switching to pfsense full stop. It is very sophisticated and also free open source software! While pi-hole is good (and has a very low hardware requirement) pfsense is IMHO streets ahead in functionality.

For pfsense higher specification hardware will be required but its still relatively modest. I use an Intel NUC (see here https://www.mini-itx.com/~JBC313) which is powered by a 36w supply. Whatever hardware you use for pfsense its strongly recommended that it has Intel NIC’s and AES-NI on the chipset.

Frankly (whilst I am only a home user) I would feel naked without pfsense. Its also excellent for configuring VPN inbound/outbound connections.

Recluse

Blocking Microshaft - that's what you think

Going off at a tangent - I run a Windows 10 Pro (2004) VM on my Linux Mint desktop. I also run a pfsense firewall with the pfblockerNG package installed.

Obviously I have blocked Microsoft at a DNS level but have also blocked all Microsoft ASN I can find (25 so far). I will allow access to Microshaft but only when I decide its appropriate (eg Windows update check) otherwise the VM Win 10 client is blocked.

As soon as I booted the Windows 10 VM this afternoon pfsense reported that it tried to establish a connection (443) to these IP's

52.114.128.43

52.114.77.33

Whois shows they are both Microshaft

NetRange: 52.96.0.0 - 52.115.255.255

CIDR: 52.96.0.0/12, 52.112.0.0/14

NetName: MSFT

NetHandle: NET-52-96-0-0-1

Parent: NET52 (NET-52-0-0-0-0)

NetType: Direct Assignment

OriginAS:

Organization: Microsoft Corporation (MSFT)

RegDate: 2015-11-24

Updated: 2015-11-24

Ref: https://rdap.arin.net/registry/ip/52.96.0.0

Conclusion

You may block Microsfaft at an DNS level but it appears to have some hard coding for IP addresses to circumvent this.

As I am somewhat neurotic I operate a similar ASN policy for Facebook. Google, Oracle, Adobe, Yahoo. Twitter, Telegram and Amazon. It can be a bit wearing at times but at least I decide who has access to what.

Whilst I am only a home user I also operate a default block outbound policy on pfsense - stops any IOT devices phoning home unless specifically authorised.

Think I'll go for a lie down now ....

Macs, iPhones, iPads to get encrypted DNS – how'd you like them Apples?

Recluse

Re: Good & Bad

Interesting article entitled “ A New Needle and Haystack: Detecting DNS over HTTPS Usage“ on the SANS Institute here

https://www.sans.org/reading-room/whitepapers/dns/needle-haystack-detecting-dns-https-usage-39160

IMHO for those who like to see what’s going through their networks and the security conscious, it does not make for happy reading ...

Recluse

Re: Better late than bleeding edge?

Going "off topic" if you are already using pfsense, I would highly recommend that you investigate using its inbuilt DNS server (DNS Resolver) along with a superb third party add on package (installed from its package manager) called pfBlockerNG-devel (current version 2.2.5_33) which has massively more functionality than PiHole eg can also block IP's by ASN (auto updating).

Handy when you block certain domains, the owners of which then hard code IP's in their code to circumvent DNS blocking - yes Microshaft I am looking at you

Whose side you on, Nominet? Registry floods .co.uk owners with begging emails to renew unwanted .uk domains

Recluse

We aim to lose by the smallest margin ...

I recently disposed of my longstanding .com domain of 20 years standing and moved to a .uk domain on the basis of its much cheaper annual charge (£6 v £12). Then there is 20 % VAT on top as well which is not insignificant. As I recall when I started with the .com it was £4.50 pa.

There way I see it the wider trend is for domain registration to be monetised, hence the only way is up. On acquiring my .uk for this very reason I paid 10 years up front.

As an aside I was originally with 123reg.co.uk registrar, but IMHO found their behaviour unethical. Their hard sell of the associated .uk domain to match my (then) .co.uk was the final straw. Have been much happier since I migrated out to my new registrar. I hope the reader will forgive a personal recommendation for a private company run by proper techs - yes I’m talking about you https://www.mythic-beasts.com/article/about

Logitech Zone Wireless: Swanky headset means business, but that also means it comes with a hefty price tag

Recluse

Re: Not been a fan of Logitech for some years.

Whilst I do not disagree with the sentiments of the previous poster, to provide some balance, at least as regards Logitech Media Server, I would observe that they still maintain the infrastructure to support the associated mysqueezebox.com

Also (as I understand it) on discontinuing their hardware products they released the Logitech Media Server (aka Slimserver) software under a GNU Public Licence. Then of course we still have the indefatigable support of Logitech developer Michael Herger in their forums, who also works on the open source side as well.

Logitech Media Server software IMHO is a peach of a product. The outcome could have been worse ... and all is not bad as regards Logitech

Openreach tells El Reg it'll kill off copper sales in 118 UK locations next year

Recluse

Just to clarify (in case anyone is looking for “Gattacre” in the BT bumph) Mr Norton has spelled Gateacre as it as it is pronounced locally in Liverpool).

Ooh, watch out Google. You've got competition. Verizon has a new 'privacy-focused' search engine

Recluse

Startpage tarnished ?

Worried about your privacy ? there are suggestions that Startpage is no longer "clean ... sort of gamekeeper turned poacher.

"Recently there has been lots of talk about Startpage being acquired (or at least partially acquired) by a US company called Privacy One Group, which is a division of System1, a “data science” company that specializes in targeted advertising"

More here

https://restoreprivacy.com/startpage-system1-privacy-one-group/ and here https://blog.privacytools.io/delisting-startpage/

Remember that Sonos speaker you bought a few years back that works perfectly? It's about to be screwed for... reasons

Recluse

Re: Makes logitech look like....

When there are excellent open source solutions available, I have always struggled to see what was the attraction for Sonos equipment (beyond its supposed plug-n-play setup) but that is unlikely to be a concern for the techies here. An earlier poster has commented about the continuing availability of the excellent Squeezeserver (aka Logitech Media Server) and I would likewise highly recommend the software and its underlying ecosystem.

My home music system runs on multiple Raspberry Pi 3 Model B's with added combined DAC/AMP HAT running PiCorePlayer OS with Logitech Media Server on my NAS. Add in iPeng running on any Apple Device (and a set of loudspeakers) and you have a fully functional system that can play synchronised music across my whole house.

Added hi-lights

Multiple plugins available for added functionality eg Tidal, BBC iPlayer, Spotify etc ...

Active and incredibly responsive developers (donating their time free)

For anyone interested in exploring further I have posted some links below to various sites (this is only really scratching the surface as the possibilities are almost infinite)

(A) Logitech Media Server (LMS) https://forums.slimdevices.com/forumdisplay.php?27-Logitech-Media-Server

(B) LMS Plugins https://forums.slimdevices.com/forumdisplay.php?4-3rd-Party-Software - a particular shout out for Micheal Herger (LMS & Spotify) and BPA (BBCiPlayer and iPlayExtra)

(C) PiCore Player OS download https://www.picoreplayer.org/ plus wider explanation of your multiple options

(D) PiCore Player support https://forums.slimdevices.com/forumdisplay.php?3-Linux-Unix

(E) iPeng http://penguinlovesmusic.de/ipeng-8/ (check out iPeng support thread within forum link B above (This is NOT free but well worth the modest charge - my only connection is as a happy user)

(F) DAC and AMP HAT http://iqaudio.co.uk/hats/9-pi-digiamp.html (other suppliers are available eg https://www.hifiberry.com/shop/)