Under the Covers
Figure 17 shows the main board of the M3800. A key difference between the M3800 and discontinued N3200 is the upgrade of the CPU to better handle the A/V decoding and to provide better NAS performance. The CPU is hidden under the heatsink. But it's documented to be an AMD LX800, instead of the N3200's Freescale 8347 @ 400Mhz.
Figure 17: M3800 Main Board
The SATA controller you can see in the image is a Silicon Image SiI3114 - PCI to 4 Port SATA150 and the two gigabit Ethernet ports are from the Intel 82541p1 chips. Both the N3200 and M3800 have only 256 MB of RAM, which is pretty stingy by current NAS standards and considering the high performance processor.
Figure 16 shows the PCI board that provides the M3800's A/V output features.
Figure 16: PCI Board for A/V Support
The main support chip is hidden under a heatsink so I couldn't identify it. But with a little poking around after I gained root access (more shortly), I found a reference to a string "em8xxxfb" which likely refers to a Sigma Designs SMB8630 series chipset.
Like most other NASes, the M3800 runs Linux internally. But to dig a bit deeper, I wanted to see if I could get direct access to the operating system so I could poke around. Typically the way I do this is to look for flaws in the web-based user interface where I can inject my own commands.
While poking around after installing the new firmware and patch I found another but less serious hole. This one requires an administrator's password so a normal user would not be able to exploit it.
Basically, I went to the Notification menu and filled in normal, proper email information. But I then set up an argument-modifying HTTP proxy to intercept the cgi call and change the notification email address to be something like firstname.lastname@example.org. The result was a reboot of the M3800, which shows that the address was passed directly to a command shell. Obviously, the reboot command could have been something more damaging.
As I mentioned, this hole is only available to an administrator, so there's not a whole lot of danger. Apparently, Thecus agrees, since they have rolled the fix into an upcoming firmware release, which has no set release schedule at this point.
So what did I find with my root access? Pretty much what I expected. Apache was being used as the web server and Samba for SMB support. The iTunes server was Firefly and the Linux kernel was version 2.6.23. I also noticed that one of the startup scripts referenced the dropbear ssh daemon. But it was commented out and the deamon itself had been removed from the system.
But since this is a standard x86-based Linux box, with a bit more time, I could have easily added the daemon back in and updated the boot script to get a command line. Since there are a lot of GPL-licensed components on the box, Thecus is required to provide source code. A quick search of their web site does list source for the M3800.
The M3800 has many features and the performance is top-rate. I enjoyed the iTunes and UPnP AV features and appreciated the Linux and Mac support. The web user interface was a bit boring. But that's not a big concern to me since after you set the box up, you won't be using it much.
But what about it as a HD video player? In short, the A/V output features just don't cut it. I expect more polish, support for a lot more formats, better handling of metadata and a flashier interface.
If you have a compatible video library and don't mind spending an extra $150 - $200, you might go for it. Otherwise just get an N3200 Pro and pocket the difference.