
Sonos smart speaker controller API and CLI written in Rust - mlang23
https://github.com/mlang/ronor
======
ping_pong
I'm done with Sonos after they removed the ability to play music straight off
the phone onto the speakers. The only way now to play music is via a service
like Spotify or if you set up an mp3 server via SAMBA.

They keeping cutting features and making their older speakers obsolete. I'm
furious as an early adopter of Sonos that they are essentially bricking my
older speakers or making them useless for no reason. I can't Airplay to them
either because they are older. I can see in the next year or so them
completely rendering my speakers useless, which is unethical. I'm done with
them.

~~~
ohazi
I don't understand why HNers are willing to buy smart speakers when we make
such a fuss lamenting the fact that nobody makes dumb TVs anymore. Buy dumb
speakers and connect them to a little PC so you can run whatever software you
want.

~~~
tastroder
Pure convenience here. Sure, 20 year old me would hate me for putting cloud
connected smart speakers in my home but I'm not 20 anymore and available time
was replaced by available money. I honestly looked and would have paid more
for a fully local speech to text hub with basic apps and a nice API but there
simply wasn't anything that looked like it wouldn't annoy the living hell out
of me. I don't want to setup raspberry pis around my house, maintain and
update weird open source stacks and whatnot. I want to stream stuff to
speakers, control devices around the house through voice and sometimes use
other convenience functions.

Fully realizing the hit on privacy, I understand the thing enough and, more
importantly, trust my particular manufacturer enough that it simply outweighs
that concern for me.

------
xfitm3
At first I was excited because the Sonos software stack frustrates me, but
looking at source it just hits api.sonos.com. Would love to control the
speakers directly on my LAN.

~~~
bluejekyll
Do you know if the speakers are discoverable locally, and what protocol they
use for that?

I know Apple is all mDNS (for AirPlay), I don’t know anything about Sonos
though.

~~~
enigmo
Sonos is (or was) mostly UPnP with some extensions... so for discovery they
used SSDP
[https://en.wikipedia.org/wiki/Simple_Service_Discovery_Proto...](https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol).

I messed around with their stack and internals for a while about ten years
ago... some remnants remain

[https://github.com/NathanHowell/Sonority/tree/master/](https://github.com/NathanHowell/Sonority/tree/master/)

[https://github.com/NathanHowell/Sonority/tree/core/](https://github.com/NathanHowell/Sonority/tree/core/)

[https://github.com/NathanHowell/upd2](https://github.com/NathanHowell/upd2)

------
luma
I wonder what the point of interest is with this project. Libraries for Sonos
access have been available for well over a decade[1].

Is this interesting simply because a device with a well-documented API is now
accessible from Rust? If not... what new information is being presented?

[1] [https://github.com/topics/sonos](https://github.com/topics/sonos)

------
AndrewDucker
This would be a lot more useful with some documentation and a readme.

~~~
BozeWolf
I was about to say the same. Never understood the "read the source" attitude.
If the developer wants to gain users or maybe even get help in developing it,
at least a simple installation and usage example should be there.

15 minutes work for him, would save every user 30 or more minutes.

Not going to try it because of this. A shame. Did find another interesting cli
though: [https://pypi.org/project/sonos-cli/](https://pypi.org/project/sonos-
cli/)

~~~
tekstar
The project is 12 days old.

Maybe you could contribute instead of complaining?

~~~
BozeWolf
I wish! All I can contribute is expressing my concerns. Don't want to be
impolite, don't want to complain. Just express my concerns.

I find it quite frustrating that open source/current company projects have no
or little documentation. Even for a 12 days project it is frustrating. It is
just good habit that documentation is as important as code. I like to say that
if it has no documentation, it does not exist (to the user/contributor). I
also think that code is a way of communicating with your future self or future
developers. So clear code and clear documentation is important. Code is not
important to the computer, the computer does not care about naming things.

~~~
shakna
From another perspective: Whilst I am likely to spend far more time
documenting than coding in my work, when I build something at home to fix a
problem just for me I'm far less likely because it's for me.

In the case of this particular developer, it isn't just for themselves, but
also in a different language, and they've done their best just to reflect an
existing API. They've asked for pull requests.

I can understand not wanting to do the enormous amount of work of translating
an API that is already pretty-much documented when I won't really see any
return at all.

------
p0cc
The funny thing about Sonos speakers is that they run STP amongst themselves.
If improperly configured, this can cause unexpected STP behavior on a network,
and random ports to be shut off.

------
kalekold
Have we all started to mention the language now when we write a piece of
software?

~~~
fortran77
Well, it's Rust! That means it will never crash, leak memory, or be
susceptible to buffer overflow exploits. Plus it's fast! You can listen to a
2-minute song in 1 minute 50 seconds!

~~~
swsieber
This is golden. (And for those who aren't familiar with rust, it can leak
memory and it tends to crash intead of exhibiting undefined behavior... but
you could write it to listen to a 2 minute song at a faster pace :)

------
ben174
I find Home Assistant running on a Raspberry Pi more than capable of all the
automation I could possibly need with my Sonos speakers along with almost any
other device you can think of.

[https://www.home-assistant.io/](https://www.home-assistant.io/)

------
thomaslkjeldsen
Similar project but for Beoplay & written in Swift:
[https://github.com/tlk/beoplay-macos-remote-
cli](https://github.com/tlk/beoplay-macos-remote-cli) (shameless plug)

------
dandigangi
Docs are here if anyone is looking for what you can do:
[https://developer.sonos.com/reference/](https://developer.sonos.com/reference/)

I'll assume not everything is covered.

~~~
mlang23
Yes, only the control API is implemented for now.

------
kswillister
Similar project but integrates with Spotify (written in node)
[https://github.com/kswilster/bronos](https://github.com/kswilster/bronos)
(shameless plug)

------
denysvitali
I've actually built sonos-web [1] a couple of years ago, and started to
rewrite it in Rust [2], but didn't have much time to do it.

It should be a good place to start if anybody wants to extend it (:

[1]: [https://github.com/denysvitali/sonos-
web](https://github.com/denysvitali/sonos-web)

[2]: [https://github.com/denysvitali/sonos-web-
rs](https://github.com/denysvitali/sonos-web-rs)

------
person_of_color
How could I make a LED light show with Sonos? I would need to get FFT data of
the audio and synchronize with Sonos. Is it possible?

------
salamander014
Love this!

If I create a group of speakers, how do I play something on them? If I have 2
speakers that are airplay-capable, Do I just pick one?

------
FreeHugs
I never used Rust. Looking at the code, I see a "Cargo.toml" file that reminds
me of composer.json and package.json in that it seems to contain dependencies.

Where are these pulled from? Is this the same game as with other dependency
managers in that you blindly trust a tree of code written by random people?

~~~
GrayShade
They're pulled from crates.io. I suppose it works as every other dependency
manager, except that you can't have a left-pad because crates can't be
removed.

In this specific case, most dependencies are authored by people well-known and
trusted in the community. The Rust standard library is pretty well-rounded
(not compared to Python sense, but it's not like JavaScript either), so
they're not something like left-pad or is-odd.

You have there an error handling crate by the second most prolific Rust
compiler contributor (if the counts are correct), an OAuth client, an HTTP
one, a interactive line editor (like readline), _the_ serialization library in
the ecosystem with its JSON support crate, a TOML config parser, the URL
parser used by Servo and a crate for determining user paths on Unix.

~~~
eb0la
With cargo (Rust build tool) you don't need to use crates.io _always_ .

For instance, you can target a repository and even a specific commit like this
in gour cargo.toml file:

    
    
      [dependencies]
      package = { git = "https://github.com/...../something.git", rev = "commit_hash_like_9876541_for_instance" }

~~~
echelon
You can still have your dependencies reference the source cargo packages, but
overwrite it in a patch or vendor section.

Don't specify the git repo directly in dependencies unless it's an unpublished
crate.

------
0xdead
"Written in Rust". That alone makes it worthy of the frontpage.

------
einpoklum
The speakers are quite smart; the people willing to use them and get their
entire life recorded by Google and Amazon - somewhat less smart. IMHO.

~~~
tekstar
Sonos sells speakers that don't have any alexa or google integration.

~~~
einpoklum
Website: [https://www.sonos.com/en-us/shop/one.html](https://www.sonos.com/en-
us/shop/one.html)

says "Google Assistant" and "Alexa Built-in".

~~~
NSAID
I own a couple of these. Because it has multiple options for virtual
assistants, nothing is running out of the box as it wouldn't know which
account to use or what service to route to. You have to go through an
additional setup process after setting up the speaker for music playback.

~~~
einpoklum
Do you know for certain that nothing is running silently out of the box? Or
cannot be remotely triggered to run?

~~~
TheDong
Do you know something is running / can be triggered? Someone can't prove a
negative (X isn't running) as easily as a positive (X is), so the burden of
proof should fall on you. Saying "yeah, but how do you know your toaster can't
be remotely triggered to record you?" isn't useful.

Maybe your threat model doesn't allow any hardware with a speaker that has
updates, but that's not a reason to say it's an invalid setup for everyone's
threat model nor to claim that, even without evidence, it's definitely going
to be abused.

~~~
einpoklum
Ah ok, the burden of proof is on me. Your powerful logic has defeated me and
now you are safe and sound with your smart speaker which doesn't eavesdrop on
you.

