-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-07-03 07:11, Franz wrote: > On Sun, Jul 3, 2016 at 3:33 AM, Andrew David Wong > <[email protected]> wrote: > > On 2016-07-02 19:06, Franz wrote: >>>> On Sat, Jul 2, 2016 at 11:05 AM, Andrew David Wong >>>> <[email protected]> wrote: >>>> >>>> On 2016-07-02 05:30, Franz wrote: >>>>>>> With Qubes release 3.x, having USB controller(s) >>>>>>> default assigned to sys-usb and Xen meddling checking >>>>>>> shared resources between different USB controllers, it >>>>>>> is even more difficult than R2 to use external USB >>>>>>> music hardware, either for output or input. >>>>>>> >>>>>>> So I wonder: why not using sys-usb as a music hub? >>>>>>> Everything is already assigned and all you have to do >>>>>>> is plug in external USB devices. >>>>>>> >>>>>>> Well, now all music I'm playing on other hardware are >>>>>>> mp3 downloaded from internet, which means sources that >>>>>>> I cannot control and eventually compromised. So this >>>>>>> may result in compromising sys-usb. Consequences? I do >>>>>>> not know, but I do know that the color of sys-usb is >>>>>>> default red, so this may not be a mayor problem. >>>>>>> >>>>>>> What do you think? >>>>>>> >>>>>>> I have seen that default sys-usb does not has a sys-net >>>>>>> VM. It may be possible to leave it as it is, playing >>>>>>> music saved on a USB medium, or it may be even more >>>>>>> convenient to connect sys-usb to a sys-net VM to >>>>>>> directly play music from youtube, internet radios, etc. >>>>>>> Would you do that? >>>>>>> >>>>>>> Best Fran >>>>>>> >>>> >>>> - From a security perspective, I think you're right. sys-usb >>>> and sys-net (in some cases, they may be combined) should be >>>> assumed to be compromised, which means that we should assume >>>> that an attacker could be using sys-usb to do anything >>>> (including play music files). If we're already assuming that >>>> an attacker could be doing this, why shouldn't you (the >>>> actual owner of the system) not do it yourself, if you want >>>> to? >>>> >>>> - From a practical perspective, your performance may not be >>>> very good if memory balancing is disabled and a low amount of >>>> memory is assigned to the VM, so you may want to adjust this. >>>> (You wouldn't adjust this to benefit an attacker, though, so >>>> the analogy may start to break down here.) >>>> >>>> >>>>> Thanks Andrew, the most lightweight music player I could >>>>> find is Deadbeef, which is even portable, so no need to >>>>> install it in template. It works perfectly with the default >>>>> memory setting of sys-usb. I had to install also >>>>> pavucontrol in template to be able to rise the volume in >>>>> sys-usb beyond the maximum of Deadbeef. >>>> >>>>> Really great sound now with very little work!! :-)) My dogs >>>>> are alarmed hearing loud music in my room. >>>> >>>>> Just a small detail, is there a way to use QM "run command >>>>> in VM" to launch the script that starts portable Deadbeef? >>>> >>>>> Best Fran >>>> > > Sounds like it should be pretty straightforward to do that. Maybe > something like: > > qvm-run sys-usb /home/user/deadbeef.sh > > >> Well this runs in Dom0, not using Qubes manager "run command in >> VM", which, if opened in sys-usb, works directly is sys-usb. > >> Using "run command in VM" if you write "gnome-terminal" it opens >> a terminal, you write "firefox", it opens firefox. But I have >> never been able to run a sh script this way. > >> Or am I misunderstand what you wrote? Best >
Both ways should work. (I tested again just now to confirm.) Perhaps you forgot to make your script executable or something? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXeTVWAAoJENtN07w5UDAwwCQP/1VB02W/WlbLPtm0Zl1BUCAx ABeQrI+4Z6ZSJzmeu9VDFaxr9vDsIW0dSvJsaAlLuh8VQc8OqIFORuuSQgCkWeCR zjLmjR/om0YL5S7Wsv4zZ8BzlOZn+WTC2ID74gxPh+Vx1nfCfeC7eBzrahfgEVOh kOGvDRlhR9QQWkz2xQBo80zTaNu+R681PSE8PmXGDc27OFvU0GKq8b+5ctIFDPYJ OyznmAlVeu9hXciCAIhQXlIusK7oNmQlsikHcEU20igDGAMKXH+vzty95M5eZU7t Jcv7Xj1PIchZ3tP7RgjfX/NSVFPj46f2HT0cPbTXUXVdK5hjB5zH8RHuQIPPM36O NsyhNdvcBukqjqUsDacFtIr28eFPTRrurxK3O0mhWG9JxgRNLaTXmnmuDh+NV4WW 4TYahQvvHT8Kl8nYE8NQrMC6vSqBxJlpDy9xoHsnP6Jk3dOkj0qBAiHX2NQQuokv kYxcdETgXnDqywym538B5M9l4OBLOGdv+0lj4wyhA2Ygw6BHSCXfqUp8RFUFkpGC CcL8uzQazomE94vOV+lPJzTDWpeBP2RVNqpUuJ8CBD3Qai4RzozNxStviVK+Yctu GyKxJ4A6B7Q/KsmSh32BNblDNePH1dAwdpnKkdiPW6thgaTI4zZoQAZUBfGJxZBK kTsTM22OcfagJz70T+I/ =eipM -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b558e77e-3165-a8c1-6fc9-11982d13e307%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
