On Sun, Jul 3, 2016 at 3:33 AM, Andrew David Wong <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-07-02 19:06, Franz wrote: > > On Sat, Jul 2, 2016 at 11:05 AM, Andrew David Wong > > <[email protected]> wrote: > > > > On 2016-07-02 05:30, Franz wrote: > >>>> With Qubes release 3.x, having USB controller(s) default > >>>> assigned to sys-usb and Xen meddling checking shared > >>>> resources between different USB controllers, it is even more > >>>> difficult than R2 to use external USB music hardware, either > >>>> for output or input. > >>>> > >>>> So I wonder: why not using sys-usb as a music hub? Everything > >>>> is already assigned and all you have to do is plug in > >>>> external USB devices. > >>>> > >>>> Well, now all music I'm playing on other hardware are mp3 > >>>> downloaded from internet, which means sources that I cannot > >>>> control and eventually compromised. So this may result in > >>>> compromising sys-usb. Consequences? I do not know, but I do > >>>> know that the color of sys-usb is default red, so this may > >>>> not be a mayor problem. > >>>> > >>>> What do you think? > >>>> > >>>> I have seen that default sys-usb does not has a sys-net VM. > >>>> It may be possible to leave it as it is, playing music saved > >>>> on a USB medium, or it may be even more convenient to connect > >>>> sys-usb to a sys-net VM to directly play music from youtube, > >>>> internet radios, etc. Would you do that? > >>>> > >>>> Best Fran > >>>> > > > > - From a security perspective, I think you're right. sys-usb and > > sys-net (in some cases, they may be combined) should be assumed to > > be compromised, which means that we should assume that an attacker > > could be using sys-usb to do anything (including play music files). > > If we're already assuming that an attacker could be doing this, why > > shouldn't you (the actual owner of the system) not do it yourself, > > if you want to? > > > > - From a practical perspective, your performance may not be very > > good if memory balancing is disabled and a low amount of memory is > > assigned to the VM, so you may want to adjust this. (You wouldn't > > adjust this to benefit an attacker, though, so the analogy may > > start to break down here.) > > > > > >> Thanks Andrew, the most lightweight music player I could find is > >> Deadbeef, which is even portable, so no need to install it in > >> template. It works perfectly with the default memory setting of > >> sys-usb. I had to install also pavucontrol in template to be able > >> to rise the volume in sys-usb beyond the maximum of Deadbeef. > > > >> Really great sound now with very little work!! :-)) My dogs are > >> alarmed hearing loud music in my room. > > > >> Just a small detail, is there a way to use QM "run command in VM" > >> to launch the script that starts portable Deadbeef? > > > >> Best Fran > > > > Sounds like it should be pretty straightforward to do that. Maybe > something like: > > qvm-run sys-usb /home/user/deadbeef.sh > Well this runs in Dom0, not using Qubes manager "run command in VM", which, if opened in sys-usb, works directly is sys-usb. Using "run command in VM" if you write "gnome-terminal" it opens a terminal, you write "firefox", it opens firefox. But I have never been able to run a sh script this way. Or am I misunderstand what you wrote? Best > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJXeLHMAAoJENtN07w5UDAwhqsQALIRpT/Ji90XWV3zGaVwpkzu > VR3xDnmn3WJFw0xqQ38P+TFDEHPZ+VvBHvaIPQx0jj/NILDZqKs6CCfoiMidlFM+ > UpInMxWXLHOay/cOLaX9fFGhkBCCt0mYpUa0MS4AatF7+pZqqp7x3tQjHJ5b9x9S > XRJnjq6OIJ7h0jKFfjVufekFIY1o5U3w85abmnIIyVtZEwgt71FZO+GvMtJN6Pjb > OIOfsoe4Q1lvsKMCy1/0j0UNT1CKaStUs0LiUEBZetdGG9Vdh8tS7PM8zzXz8XfR > 1Jg0veqzdcni2h2WrUvBRetUeUahgkVHGBtBTAMHz1prC9CEc8jOgrUZQ2rKfc1S > EJokDqYL9T0bz3sZe3f+UyP4QztyCGHRixGAXO8IAiW6Tv6PG/sNpsEwKwMBDf+C > 52/M2L22EZp1LuidFpQ++a8qh1PdrZaWvUX0dcCxFJgA63xbRtaXWDAInZD1VC4g > DeNKfuqKvbFpV61+oVYda23wSNQOV1y9wsy49cBvxJpFcZInCCpGRSMHPc9SHiAy > obNJsTngKKVmWq6XrsiSDRHI36qRqJd0fv7JVEn01XnNB34hLQLsiFXy5IW394zy > govNi8MGZ9M7Edk5ZDJJijXvzckYc6ELRMSKoMGmEpfOpy+nghiKZBqIf+pBsx81 > 7JrJQ6y14dHq9lGcjuBS > =Mc5u > -----END PGP SIGNATURE----- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBTxkPnOckAEUunq2wDsGDtsQxwsFsR%3DMTo_aaQ4Hv3EA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
