It’s hard to believe that back in 2006 or thereabouts I’d relegated myself to never expect the release of a commercial RISC OS computer again. Production of the Iyonix had been discontinued, the A9Home was pretty much dead in the water and the RISC OS market didn’t seem big enough to sustain another pre-built system, apart from a few Windows+VirtualAcorn offerings from R-Comp.
How things have changed. Sparked by the Raspberry Pi boom and thanks to the hard work of a few key players in the RISC OS market – RISC OS Open, R-Comp and CJE Micro’s to name a few, there’s now an abundance of pre-built systems out there offering the power and stability that RISC OS 5 on newer hardware offers you, without the hassle of building a system based on a board like the Raspberry Pi, Titanium or Wandboard yourself.
So with that all in mind, I was curious to see exactly how many of these pre-built RISC OS computers are available right now and what type of machines they are under the hood.
Older boards, such as Pandaboard and IGEPv5 based systems have been omitted as the boards themselves are now no longer being produced.
It’s also worth noting that while a lot of these systems will have dual-core or in some cases quad-core processors, RISC OS can only utilise one core currently – that said, this isn’t generally a problem for the vast majority of use cases.
Overall, I’ve counted 13 systems that are still in production today, from a total of four vendors. A good chunk of the systems discussed below have independent speed benchmarks on Chris Hall’s website.
TiMachine from R-Comp Interactive (2016)
Built around the Titanium, the TiMachine offers a significant speed boost when compared to other RISC OS compatible boards on the market. The system comes with a dual-core Cortex-A15 processor clocked at 1.5Ghz, 2GB of RAM, two DVI video out ports, a built-in DVD drive, Gigabit networking and a 120Gb SSD hard-drive as standard connected via mSATA.
The two USB sockets at the front of the machine can be swapped out for a card reader at point of sale, which is a nice feature especially if you’ve got Raspberry Pis that depend on SD cards for their storage and/or OS.
The case has space for additional hard drives, which allows for the optional extra of having a built-in backup drive (64GB or 128GB). Hard drives up to 2TB can be used in FAT32 format via USB.
The TiMachine is by no-means a successor to R-Comp’s ARMX6. While the Ti is a more powerful system in general, the ARMX6 is cheaper, supports 4K screen resolution and doesn’t suffer from the TiMachine’s lack of a HDMI port for video output.
Just like with previous computers from R-Comp, a large bundle of applications comes pre-installed with each system which includes a number of recovery tools in case of emergencies. You get the !DualHead multi-monitor software for running two screens effectively, numerous drivers and a number of ‘get out of jail’ type tools – mode recovery, reset tools etc.
A good deal of curated software is also included, 1GB or so of it – this includes the likes of SafeStore and DeleGate.
Similar to the ARMX6, the TiMachine comes with ongoing updates and upgrades as well as a support mailing list.
The TiMachine is available from £899, with the model that includes the additional back up drive costing £50 more.
Rapido Ti from CJE Micro’s (2016)
The RapidoTi from CJE Micro’s is their Titanium based offering, consisting of the Titanium motherboard in a DTX case which can be run vertically or horizontally.
As you’d expect, the Rapido comes with the latest version of RISC OS 5, along with a DVD drive and a 240GB SSD. Additionally, you get a keyboard and mouse two ethernet ports and an optional card reader.
As is the case with R-Comp’s Ti Machine, the system is lacking HDMI output meaning you’re stuck with DVI – although dual monitors are supported
The Rapido Ti costs £909, with having a built-in card reader costing an extra £30.
TIK from A4Com (2018)
The German RISC OS dealer A4Com’s Titanium based offering is the TIK (Titanium-in-Kiste) which consists of the Titanium motherboard in a mini-ATX case, 2GB of RAM, a DVD-RW drive, a 128GB SSD and the latest version of RISC OS 5.
As with all Titanium based machines, you get two DVI ports (no HDMI!), 2 ethernet ports and a wealth of USB ports. A built-in card reader is optional.
The TIK starts from €900 (around £780), with all machines built to order.
ARMX6 from R-Comp Interactive (2014)
The ARMX6 is currently R-Comp’s flagship system based on the quad-core Cortex A9 processor, and it is the successor to the ARMini and ARMiniX.
It comes loaded with 2GB of RAM, 6 external and 4 internal USB sockets as well as a built-in card reader and DVD drive. HDMI video output up to 4k screen resolution is supported. A VGA port can be added if required too.
While not quite as fast as Titanium based machines, the ARMX6 packs a lot of bang for your buck and is marketed as being six times faster than the Iyonix PC.
A 120GB SSD is included for storage, with bigger drives available if needed as well as an optional built-in backup drive. Hard drives up to 2TB can be used in FAT32 format via USB. Partitioned drives are also supported, meaning 1TB drives can now be utilised fully in RISC OS.
The ARMX6 also has a multi-core support Beta currently available for developers (or extremely brave/enthusiastic users), which is pretty exciting!
A bundle of applications comes pre-installed, this includes a number of recovery tools in case of emergencies. SafeStore and DeleGate have recently been added to the bundle to give more peace-of-mind if you’re paranoid of losing important files. The ARMX6 comes with ongoing updates and upgrades as well as a support mailing list.
A good deal of monitor definition files are included as well as a number of ‘in-between’ modes which allow for high-resolution monitors that allow 4K to be readable (e.g. reading text on a 27″ inch screen would by default be too small for most people).
On the audio front, the ARMX6 offers high-quality (up-to-24bit) HDMI audio which can be extracted separately via DAC or output to something like an amp or soundbar. USB audio devices are also supported.
The ARMX6 starts at £699, with optional extras such as bigger drives and optional back up drives coming at additional cost. R-Comp do make a point about a good chunk of profits from the ARMX6 and their other machines do go back into developing RISC OS further now that they and Orpheus Internet (collectively called RISC OS Developments Ltd) own RISC OS, which is great to see.
ARMBook laptop from R-Comp Interactive (2019)
Although not officially launched yet, the ARMBook laptop (name may change before release) is a really exciting prospect. While laptops such as the PiTopRO are currently on the market, the ARMBook is made with RISC OS in mind and is more than just a barebones board in a laptop case.
Details are a little limited as it stands but hardware-wise, it has ~1.2Ghz CPU and 2GB of on-board memory. It will be available in 12″ and 14″ variants, with storage options up to 200GB.
While RISC OS laptops have been promised in the past – the most notable case being the RiscStation portable* which ended up almost as much of an unmitigated disaster as the MicroDigital Omega – R-Comp’s foray into portable RISC OS has more of an air of reliability around it.
The laptop will be dual-bootable with Linux, which should be very useful for times when you’re away from an ethernet connection, rendering the RISC OS side of it offline due to RISC OS’ current lack of wi-fi support. Booting into Linux and connecting to Wi-fi is a nice way of getting around that.
The ARMBook is coming to life as a result of an as-yet unamed company’s CEO asking for RISC OS to be supported on his hardware. That exciting development coupled with far-eastern manufacturing has spawned the ARMBook.
Andrew at R-Comp’s advised the laptop will be available to try out at the RISC OS South West show in February, and some early-adopter units may be available for purchase.
The standard ARMBook will be priced from £499 – with 1080p models coming in at a cheaper price point, probably between £399 and £499.
PiTopRO laptop from CJE Micro’s (2018)
A neat looking laptop from CJE Micro’s featuring the Raspberry Pi 3 with 1GB of RAM running RISC OS packed inside a laptop case alongside a WiFi Nano router for wireless connectivity. This is based on the pi-top modular laptop.
The PiTop has a 14” full HD LCD screen, 4 USB ports, a HDMI port, Gigabit Ethernet and 802.11n wireless support which may be handy if you end up using Linux or another OS that does support wi-fi on it. A MicroSD card with RISC OS 5 on it also comes with it.
As RISC OS isn’t currently designed for portable computers, the PiTop comes bundled with some applications to handle tasks such as powering off and on, monitoring the battery level and controlling the screen brightness.
The PiTopRO is currently available for £549 from CJE.
Mini.m from R-Comp Interactive (2018)
Based around the same quad-core Freescale i.MX6 processor as R-Comp’s ARMX6, the mini.m is essentially a tiny version of its bigger brother.
Although lacking the internal SSD and SD card slot that is present on the ARMX6, the mini.m is about 2 inches in height and width – whilst also packing 2GB of RAM, up to 200GB of internal storage, two USB ports, a gigabit ethernet port and a HDMI slot. The machine can be powered by a dedicated power supply or via USB connected to another computer or to a USB wall adapter.
Partitioned hard drives are supported, meaning 1TB drives can now be utilised fully in RISC OS.
As with the ARMX6, a bunch of monitor definition files as well as a number of ‘in-between’ modes for high-resolution monitors are also included.
The Mini.m is the cheapest of R-Comp’s current computer range starting at £299 for the machine itself, while there are bundles available that include more storage and accessories.
Qadro from RISCOSBits (2018)
The Qadro is based on the Wandboard Quad, which features a 1GHz processor, 2GB RAM and SSD storage options ranging from 120GB to 500GB. Video output is via HDMI, there’s also on-board audio in and out.
Each system comes with RISC OS 5. Various case options are also available when placing an order.
The Qadro’s price isn’t set on RISCOSBits’ website as systems are built to order but from speaking with Andy at RISCOSBits, he’s advised that a base spec Qadro with a 120GB SSD comes in at £379 – which isn’t bad considering a Wandboard Quad board once you’ve factored in VAT and customs charges racks up to about £150 on its own.
WBK from A4Com (2018)
Similar to the Qadro, the WBK from A4Com is based on Wandboard Quad – with 2GB RAM and 128GB SSD storage by default. Video output is via HDMI, there’s also on-board audio in and out. The machine comes in a mini-ITX case that can be run vertically or horizontally.
A multi-card reader is included by default, as well as DVD-RW and an internally mounted 7-port USB switch.
WBK users also get automatically enrolled into a free R-Comp ARMX6 support membership which is a nice touch, this gives users access to R-Comp’s system download, custom-OS updates support scheme.
Each system comes with RISC OS 5. The WBK’s price isn’t set on A4Coms’ website as the system is built to order but I’d imagine the price point won’t be too dissimilar to that of the Qadro – probably in the £400-£500 price range for most orders.
RasberryRO from CJE Micro’s (2015)
Based on the Raspberry Pi 3 Model B+ board, the RaspberryRO comes in two versions – the RaspberryRO and the RaspberryRO Lite.
The standard version (£275) comes with a built-in 7-port USB hub, a Power Control Module with temperature sensor and battery backed RTC (real-time clock) in a mini-ITX case. A mouse and keyboard is chucked in for good measure too. An SD card with RISC OS 5 pre-installed is also included.
The Lite (£200) comes in a custom-made ‘nano’ case along with a built-in 8GB mSATA SSD drive and a battery backed RTC.
PiHard from RISCOSBits (2018)
The PiHard is quite similar to the Qadro in many ways but is based on the Raspberry Pi 3B+ instead.
The system comes with built-in SSD storage as well as RISC OS 5. As with the Qadro, it is built to order but a base spec PiHard with a 120GB SSD comes in at £199.
PiRO from RISCOSBits (2017)
Unlike the PiHard and Qadro from RISCOSBits, the PiRO range are defined builds with set prices on them. The range has three models, the Core (£59) which is essentially a Raspberry Pi 3B+ in a PiRO branded case, with a 32GB SD card that has RISC OS pre-installed on it.
The Plus (£79) is the same as the Core, but comes with a mSATA adapter and case which will allow you to slot in your own mSATA SSD hard-drive.
The Max (£129) is then the same as the Plus, but with a built-in 120GB SSD.
si.zeRO from RISCOSBits (2018)
On the dirt cheap end of the scale we have the si.zeRO – a Raspberry Pi Zero with full sized USB and Ethernet ports added – all packed into a tiny case.
The Zero has 512MB of RAM, which is still more than enough for the vast majority of use cases on RISC OS. A 5V micro USB connector for power is provided, along with a MicroSD card running an enhanced version of RISC OS 5 with additional software. A HDMI adapter is also chucked in for good measure.
The si.zeRO starts at £49 for a 16GB SD card for storage and housing RISC OS on. 64GB (£69) and 128GB (£89) versions are also available.
*Whilst researching this article, I found that the RiscStation website has miraculously been revived, well over a decade since their disappearance from the scene. All of the products listed on there almost certainly do not exist, despite their news page claiming they appeared at Wakefield 2017 to unveil new hardware (which they didn’t). I have a feeling that this is just an odd attempt at domain squatting, and it’s not RiscStation’s original proprietors putting up this drivel. It should come without saying, don’t give them your money.
The first-person shooter Doom is one of those classic games that will never fall out of favour. It transformed the gaming industry back in 1993 and it’s still hugely popular today.
Although there have been quite a few ports to RISC OS over the years, there are two main versions that are recommended for running Doom on modern RISC OS hardware as well as older systems.
As the name suggests, FreeDoom is a free version of the Doom engine and the RISC OS version has been enhanced with RISC OS specific desktop options for doing things like loading additional levels.
You’ll be able to run Doom, Doom 2, Ultimate Doom, Final Doom and community-generated Doom level files (WADs) on FreeDoom – but due to the Doom games still being commercial titles, you’ll need to source the level files yourself before you can play them.
For the most part, FreeDoom on RISC OS is quite reliable and provides a good experience. Although it’s not perfect, it can be buggy and networking support is not available. Level files created using Deth or other Doom editors are also compatible with FreeDoom.
R-Comp’s commercial release of Doom 1, Doom 2 and Ultimate Doom is a complete port of all three titles, with networking support, a huge selection of additional game levels and some improvements to the game’s music. Level files created using Deth or other Doom editors will work with this version.
The games are all compatible with modern RISC OS systems including the Raspberry Pi, Titanium etc. It will also run on pretty much any system older than the Acorn A7000+.
R-Comp’s Final Doom port follows in the same vein as their Doom Trilogy release with some improvements to the game’s music and graphics over the original as well as some extra level packs to give more bang for your buck. Level files created using Deth or other Doom editors will work with this version.
The game is compatible with modern RISC OS systems including the Raspberry Pi, Titanium etc. It will also run on pretty much any system newer than the Acorn A7000+.
Being the glutton for punishment that I am, I decided to do some rearranging of things around the house recently. Apart from a computer that runs without a monitor, keyboard or mouse connected to it, I was planning on moving all my machines to another room. The only system that put a spanner in the works was my Raspberry Pi running RISC OS 5 – which of course doesn’t support wireless.
I initially tried out powerline adapters to allow my electric cabling in the home to pass connectivity around the house and into the spare room, where I could then plug it up to my Pi. For most people, this solution would probably work but I found that there was something about the cabling in my property that was causing traffic on my LAN to loop – this resulted in about 25% of all my traffic dropping out.
Running an Ethernet cable from my router through to the other room wasn’t a suitable option either as
the ball and chain my significant other would hang me out to dry.
So I looked at getting my hands on a Wireless-to-Ethernet bridge. I wasn’t sure on what compatibility issues with RISC OS I was going to run into, so I thought I’d start out cheap with something that has reasonably good reviews on Amazon.
I went for the Vonets VAP11G-300, which is an all-in-one wireless extender and wireless-to-ethernet bridge. It’s coined as being compatible with games consoles and printers so I figured as the device wouldn’t require drivers to work, it was likely to work on RISC OS.
The device can be powered by an external power adaptor or you can plug its built-in USB cable into a computer. The back of the device has a sticker with its MAC address and configuration panel details for you to log in with.
After being plugged into the power and connected up to my Raspberry Pi via ethernet, it was just a case of opening up the adapter’s local IP address (192.168.254.254) in a web browser and selecting my router’s Wi-fi network name from a dropdown list then entering the network password. (Edit: It looks like accessing the configuration page on RISC OS doesn’t work for everyone, your mileage may vary. Use a non-RISC OS computer to setup the network before switching the device back onto RISC OS if needed.)
Then I ran !Boot and went into the Network configuration section to set the Pi’s IP address to 192.168.254.100 and set the gateway and DNS server to 192.168.254.254. Setting the network configuration as Manual works best as selecting DHCP will most likely give a Gateway error.
Once that was done, RISC OS on my Pi was running on my Internet connection without a hitch, and I found it to be pretty reliable considering how inexpensive the device was (£15 on Amazon). I’ve had no issues with it located upstairs and my router being downstairs, although the signal strength does show at about 50% in the configuration webpage, which leads me to believe that if the distance was any larger between it and the router then I might have encountered problems.
All in all, if you’re looking to connect your RISC OS system to a Wi-fi network, this is a decent, cost-effective option.
An original first-person shooter for RISC OS is definitely a rarity, the last one I can think of is the woeful Destiny many moons ago.
Fortunately, Amcog Games’ The Island of the Undead seems to have a lot more going for it.
Officially unveiled at the Wakefield show back in April and released a few months later, The Island of the Undead is a retro first-person shooter written using the Amcog Games Development kit as well as a new 3D engine. The game is a commercial release and is available for purchase for £11.99.
The game is based around the protagonist finding themselves alone on an abandoned military base after being forced to land a plane on a seemingly deserted island due to lack of fuel caused by a fuel leak.
While searching for fuel, a notebook is found with a number of eery scribblings in them, written by the last person on the island. An experimental virus that was initially meant to extend life began killing test subjects before reincarnating them in zombie form. Oo-er.
So naturally, your aim is to find some fuel and bugger off of that island post-haste, but the zombies don’t intend on making it that easy…
The game itself
Island of the Undead is displayed in retro-styled 3D vector graphics and features five original music tracks, 360 degree movement and the quite handy addition of level codes – so you can jump straight back onto a level you were playing before without having to start from scratch again. As always with an Amcog game, sound effects are supplied by their very own RDSP sound module.
A nice feature of the game is a built-in map in the right corner along with a counter that keeps track of your score, ammunition, health and the amount of fuel you’re still to acquire before you can get in your plane and bugger off home.
Source code and level design are also included for everyone to see and tinker with.
As the game is written in BBC BASIC, it should play fine on a vast majority of RISC OS machines, old or new.
The game runs well on a Raspberry Pi 2 and I’d imagine it should be fine with pretty much any other modern RISC OS compatible board you throw at it – Titanium, Beagleboard etc.
Overall, another solid title from Amcog and some definite progression in terms of the type of challenges Antony is giving himself with this game appearing to be a much more difficult title to write when compared to previous releases.
The game is a digital purchase via the Pling Store. If you’ve got just over a tenner to spare and want to help support further RISC OS game development from Amcog then giving Island of the Undead a spin isn’t a bad shout.
Over the years, the blog has featured a few articles on running Internet-facing services on RISC OS, from web servers (WebJames and HTTPServ) to VNC and Samba shares. While those articles did go a little into the security of running those services on RISC OS in this day and age, they didn’t cover what you can expect if you open up your WebJames or Samba instance to the wider Internet.
While browsing the ROOL forums I came across a discussion about how secure it really is to run servers on RISC OS in this day and age – considering how old the majority of server applications are for RISC OS, and how creaky some parts of RISC OS’ networking stack are. That got me thinking, how secure really is it to run services that you care about on RISC OS, or maybe a service that you don’t particularly care about (e.g. a Samba share you never use) but it’s running on a system that you do want to protect.
So to understand what kind of threats there are out there today and how relevant it is to RISC OS, it’ll be first worth going over what the threat landscape is today for Internet-facing servers in general and how sophisticated (or not) threat actors are with their attempts to steal or break your cyber-stuffs.
So unsurprisingly the vast majority of attacks against servers on the Internet are attempts to guess their password, and a huge quantity of those are not very sophisticated at all. This is mainly down to it being so easy to get into systems on the Internet with incredibly weak passwords (if they even have one). Password cracking tools such as Hydra and John the Ripper do allow for complicated ways of getting at people’s passwords other than just going through a list of widely used passwords, but realistically, attackers just don’t need to go to that level of effort.
The Mirai malware, which enslaves Linux systems all over the world, took down a large portion of the world’s most popular websites for a while in 2016 through an enormous Denial of Service attack on DynDNS – a DNS provider that supports services such as Netflix, Twitter and GitHub – in turn taking those websites down. Mirai achieved this through scanning the entire Internet (it’s quicker and easier than you think) and attempting to login to the Telnet service at each IP address armed with a small set (about 20 or so) of default usernames and passwords that are known to be distributed with popular Internet-connected appliances such as CCTV cameras and Network Attached Storage (NAS) drives – ‘admin’ and ‘password123’ type stuff for the most part. After logging into these systems via Telnet, the malware would then get the infected machines to launch Denial of Service attacks at a target all at once.
To give you an idea of the kind of password login attempts an average server might see on the Internet. A server I administer received just under 18,000 login attempts via the SSH protocol in September, which boils down to about 235 unique IP addresses attempting on average 76 login attempts. This in itself shows that attackers generally aren’t trying every possible password connection to break into your system, instead their plowing through a list of common usernames and passwords. Below is an excerpt of the SSH access logs so you get an idea of the kind of behaviour to expect in a password attack.
Nov 20 15:09:48 Plankton sshd: Failed login for invalid user admin from 194.61.XX.XX port 55962 Nov 20 15:43:54 Plankton sshd: Failed login for invalid user service from 194.61.XX.XX port 55962 Nov 20 17:33:11 Plankton sshd: Failed login for invalid user monitor from 194.61.XX.XX port 55969 Nov 20 18:10:33 Plankton sshd: Failed login for invalid user guest from 194.61.XX.XX port 50669 Nov 20 18:49:03 Plankton sshd: Failed login for invalid user support from 194.61.XX.XX port 50669 Nov 20 19:25:06 Plankton sshd: Failed login for invalid user test from 194.61.XX.XX port 50711 Nov 20 20:01:25 Plankton sshd: Failed login for invalid user debian from 194.61.XX.XX port 50712 Nov 20 20:39:15 Plankton sshd: Failed login for invalid user service from 194.61.XX.XX port 50712 Nov 20 21:16:33 Plankton sshd: Failed login for invalid user ubuntu from 194.61.XX.XX port 57006 Nov 20 21:54:46 Plankton sshd: Failed login for invalid user user from 194.61.XX.XX port 57006 Nov 20 22:34:53 Plankton sshd: Failed login for invalid user ubnt from 194.61.XX.XX port 57006 Nov 20 23:16:28 Plankton sshd: Failed login for invalid user pi from 194.61.XX.XX port 63389
So with all that in context. If you want to password-protect content on your RISC OS web server, Samba or VNC server – just set a reasonably secure password and don’t reuse that password elsewhere. This website lets you see roughly how long it might take for someone to brute-force crack your password, once you get to 8 characters or longer, a password containing a mix of uppercase and lowercase letters as well as numbers and special characters is pretty tricky to crack – most attackers would move on.
That said however, if someone with enough knowledge and determination is for some reason targeting you specifically, then you might want to stop using passwords to authenticate altogether. As far as I’m aware, this will mean you’ll need to use a non-RISC OS solution for Samba, VNC etc. as I’ve not come across a RISC OS application that supports key-based authentication yet.
If your server is going to be handling any data you don’t want others getting their grubby mitts on, for example your family photos or maybe a website visitor’s form submission, then you’ll want to be using a server solution that utilises encryption when receiving and sending data. Intercepting data being passed across the Internet using a protocol that doesn’t use encryption, for example HTTP, is trivial with the right tools.
Unfortunately for us, there are no VNC, Samba or Web server programs for RISC OS that support encryption – this includes HTTPserv and WebJames, which are HTTP only web servers.
That said, if you want to run a web server that only serves free software you’ve written to its visitors, or just some information that you don’t mind anyone seeing, then hosting it on RISC OS isn’t a terrible option.
An example of this would be my Raspbery Pi at home, it runs a WebJames instance that consists of one webpage that links to other services on my local network (my file server, media server etc.), so if someone was to sniff that connection, all they’d be able to see is links to other services, but there’s no real data being passed across.
Denial of Service
Denial of Service (DoS) attacks were making the news quite a lot a few years back but they’re still a popular method of attack today, especially for people with very limited computer skills looking to create some damage. A notable attack from the last few years was the time Sony’s Playstation Network went belly up on Christmas Day due to their servers being flooded by enormous amount of bogus traffic in order to ensure that no genuine users could log onto the online gaming network.
Coupled with RISC OS server applications being more susceptible to DoS attacks than most modern servers, the threat of huge amounts of data flooding your server to stop you or others from gaining access for a little while is a real possibility. Although it does raise the question of why, unless there’s a particular reason why someone would want to take your server down for a period of time then this isn’t something I’d be too worried about.
Vulnerability exploitation is a very real threat to all web-facing servers around the world. New flaws that can be exploited into remotely exposing private data or allowing attackers to take access of the system in questions are occurring all the time. These are generally fixed by software vendors in the form of software updates once they’ve been made aware of a particular vulnerability.
There are some quite old and easy-to-exploit vulnerabilities that will be lurking in Samba and probably VNC server applications for RISC OS right now due to the age of the software or protocol versions they’re based on.
In the case of Samba, the latest version for RISC OS is 2.0.2-19990209, versions of Samba 3.6.3 and lower suffer serious security issues but given that RISC OS is an entirely different beast to the Unix/Linux and Windows systems that these exploits are designed for, I find it very unlikely that Samba on RISC OS will be exploitable unless someone goes to the extent of researching then coding a RISC OS specific exploit – incredibly unlikely unless you’ve seriously pissed off a nation state or something.
To sum up
So in the grand scheme of things, if you want to run a server from a RISC OS system and you don’t have any data that could be damaging to you or others should it fall into the wrongs hands, then there’s not really any huge red flags in your way. The possibility of someone exploiting the server software to get into your computer is incredibly small, and providing you don’t cheese off a load of teenage online gamers, then you’re probably not going to fall victim to a DoS attack either.