Re: [qubes-users] Using sys-usb as music hub

2016-07-03 Thread Franz 
On Sun, Jul 3, 2016 at 12:55 PM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-07-03 07:11, Franz wrote:
> > On Sun, Jul 3, 2016 at 3:33 AM, Andrew David Wong
> >  wrote:
> >
> > On 2016-07-02 19:06, Franz wrote:
>  On Sat, Jul 2, 2016 at 11:05 AM, Andrew David Wong
>   wrote:
> 
>  On 2016-07-02 05:30, Franz wrote:
> >>> With Qubes release 3.x, having USB controller(s)
> >>> default assigned to sys-usb and Xen meddling checking
> >>> shared resources between different USB controllers, it
> >>> is even more difficult than R2 to use external USB
> >>> music hardware, either for output or input.
> >>>
> >>> So I wonder: why not using sys-usb as a music hub?
> >>> Everything is already assigned and all you have to do
> >>> is plug in external USB devices.
> >>>
> >>> Well, now all music I'm playing on other hardware are
> >>> mp3 downloaded from internet, which means sources that
> >>> I cannot control and eventually compromised. So this
> >>> may result in compromising sys-usb. Consequences? I do
> >>> not know, but I do know that the color of sys-usb is
> >>> default red, so this may not be a mayor problem.
> >>>
> >>> What do you think?
> >>>
> >>> I have seen that default sys-usb does not has a sys-net
> >>> VM. It may be possible to leave it as it is, playing
> >>> music saved on a USB medium, or it may be even more
> >>> convenient to connect sys-usb to a sys-net VM to
> >>> directly play music from youtube, internet radios, etc.
> >>> Would you do that?
> >>>
> >>> Best Fran
> >>>
> 
>  - From a security perspective, I think you're right. sys-usb
>  and sys-net (in some cases, they may be combined) should be
>  assumed to be compromised, which means that we should assume
>  that an attacker could be using sys-usb to do anything
>  (including play music files). If we're already assuming that
>  an attacker could be doing this, why shouldn't you (the
>  actual owner of the system) not do it yourself, if you want
>  to?
> 
>  - From a practical perspective, your performance may not be
>  very good if memory balancing is disabled and a low amount of
>  memory is assigned to the VM, so you may want to adjust this.
>  (You wouldn't adjust this to benefit an attacker, though, so
>  the analogy may start to break down here.)
> 
> 
> > Thanks Andrew, the most lightweight music player I could
> > find is Deadbeef, which is even portable, so no need to
> > install it in template. It works perfectly with the default
> > memory setting of sys-usb. I had to install also
> > pavucontrol in template to be able to rise the volume in
> > sys-usb beyond the maximum of Deadbeef.
> 
> > Really great sound now with very little work!! :-)) My dogs
> > are alarmed hearing loud music in my room.
> 
> > Just a small detail, is there a way to use QM "run command
> > in VM" to launch the script that starts portable Deadbeef?
> 
> > Best Fran
> 
> >
> > Sounds like it should be pretty straightforward to do that. Maybe
> > something like:
> >
> > qvm-run sys-usb /home/user/deadbeef.sh
> >
> >
> >> Well this runs in Dom0, not using Qubes manager "run command in
> >> VM", which, if opened in sys-usb, works directly is sys-usb.
> >
> >> Using "run command in VM" if you write "gnome-terminal" it opens
> >> a terminal, you write "firefox", it opens  firefox. But I have
> >> never been able to run a sh script this way.
> >
> >> Or am I misunderstand what you wrote? Best
> >
>
> Both ways should work. (I tested again just now to confirm.) Perhaps
> you forgot to make your script executable or something?
>
>
Yes I forgot to make it executable. Many thanks

> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXeTVWAAoJENtN07w5UDAwwCQP/1VB02W/WlbLPtm0Zl1BUCAx
> ABeQrI+4Z6ZSJzmeu9VDFaxr9vDsIW0dSvJsaAlLuh8VQc8OqIFORuuSQgCkWeCR
> zjLmjR/om0YL5S7Wsv4zZ8BzlOZn+WTC2ID74gxPh+Vx1nfCfeC7eBzrahfgEVOh
> kOGvDRlhR9QQWkz2xQBo80zTaNu+R681PSE8PmXGDc27OFvU0GKq8b+5ctIFDPYJ
> OyznmAlVeu9hXciCAIhQXlIusK7oNmQlsikHcEU20igDGAMKXH+vzty95M5eZU7t
> Jcv7Xj1PIchZ3tP7RgjfX/NSVFPj46f2HT0cPbTXUXVdK5hjB5zH8RHuQIPPM36O
> NsyhNdvcBukqjqUsDacFtIr28eFPTRrurxK3O0mhWG9JxgRNLaTXmnmuDh+NV4WW
> 4TYahQvvHT8Kl8nYE8NQrMC6vSqBxJlpDy9xoHsnP6Jk3dOkj0qBAiHX2NQQuokv
> kYxcdETgXnDqywym538B5M9l4OBLOGdv+0lj4wyhA2Ygw6BHSCXfqUp8RFUFkpGC
> CcL8uzQazomE94vOV+lPJzTDWpeBP2RVNqpUuJ8CBD3Qai4RzozNxStviVK+Yctu
> GyKxJ4A6B7Q/KsmSh32BNblDNePH1dAwdpnKkdiPW6thgaTI4zZoQAZUBfGJxZBK
> kTsTM22OcfagJz70T+I/
> =eipM
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from

Re: [qubes-users] Using sys-usb as music hub

2016-07-03 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-02 19:06, Franz wrote:
> On Sat, Jul 2, 2016 at 11:05 AM, Andrew David Wong
>  wrote:
> 
> On 2016-07-02 05:30, Franz wrote:
 With Qubes release 3.x, having USB controller(s) default
 assigned to sys-usb and Xen meddling checking shared
 resources between different USB controllers, it is even more
 difficult than R2 to use external USB music hardware, either
 for output or input.
 
 So I wonder: why not using sys-usb as a music hub? Everything
 is already assigned and all you have to do is plug in
 external USB devices.
 
 Well, now all music I'm playing on other hardware are mp3 
 downloaded from internet, which means sources that I cannot 
 control and eventually compromised. So this may result in 
 compromising sys-usb. Consequences? I do not know, but I do
 know that the color of sys-usb is default red, so this may
 not be a mayor problem.
 
 What do you think?
 
 I have seen that default sys-usb does not has a sys-net VM.
 It may be possible to leave it as it is, playing music saved
 on a USB medium, or it may be even more convenient to connect
 sys-usb to a sys-net VM to directly play music from youtube,
 internet radios, etc. Would you do that?
 
 Best Fran
 
> 
> - From a security perspective, I think you're right. sys-usb and
> sys-net (in some cases, they may be combined) should be assumed to
> be compromised, which means that we should assume that an attacker
> could be using sys-usb to do anything (including play music files).
> If we're already assuming that an attacker could be doing this, why
> shouldn't you (the actual owner of the system) not do it yourself,
> if you want to?
> 
> - From a practical perspective, your performance may not be very
> good if memory balancing is disabled and a low amount of memory is
> assigned to the VM, so you may want to adjust this. (You wouldn't
> adjust this to benefit an attacker, though, so the analogy may
> start to break down here.)
> 
> 
>> Thanks Andrew, the most lightweight music player I could find is
>> Deadbeef, which is even portable, so no need to install it in
>> template. It works perfectly with the default memory setting of
>> sys-usb. I had to install also pavucontrol in template to be able
>> to rise the volume in sys-usb beyond the maximum of Deadbeef.
> 
>> Really great sound now with very little work!! :-)) My dogs are
>> alarmed hearing loud music in my room.
> 
>> Just a small detail, is there a way to use QM "run command in VM"
>> to launch the script that starts portable Deadbeef?
> 
>> Best Fran
> 

Sounds like it should be pretty straightforward to do that. Maybe
something like:

qvm-run sys-usb /home/user/deadbeef.sh

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXeLHMAAoJENtN07w5UDAwhqsQALIRpT/Ji90XWV3zGaVwpkzu
VR3xDnmn3WJFw0xqQ38P+TFDEHPZ+VvBHvaIPQx0jj/NILDZqKs6CCfoiMidlFM+
UpInMxWXLHOay/cOLaX9fFGhkBCCt0mYpUa0MS4AatF7+pZqqp7x3tQjHJ5b9x9S
XRJnjq6OIJ7h0jKFfjVufekFIY1o5U3w85abmnIIyVtZEwgt71FZO+GvMtJN6Pjb
OIOfsoe4Q1lvsKMCy1/0j0UNT1CKaStUs0LiUEBZetdGG9Vdh8tS7PM8zzXz8XfR
1Jg0veqzdcni2h2WrUvBRetUeUahgkVHGBtBTAMHz1prC9CEc8jOgrUZQ2rKfc1S
EJokDqYL9T0bz3sZe3f+UyP4QztyCGHRixGAXO8IAiW6Tv6PG/sNpsEwKwMBDf+C
52/M2L22EZp1LuidFpQ++a8qh1PdrZaWvUX0dcCxFJgA63xbRtaXWDAInZD1VC4g
DeNKfuqKvbFpV61+oVYda23wSNQOV1y9wsy49cBvxJpFcZInCCpGRSMHPc9SHiAy
obNJsTngKKVmWq6XrsiSDRHI36qRqJd0fv7JVEn01XnNB34hLQLsiFXy5IW394zy
govNi8MGZ9M7Edk5ZDJJijXvzckYc6ELRMSKoMGmEpfOpy+nghiKZBqIf+pBsx81
7JrJQ6y14dHq9lGcjuBS
=Mc5u
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7d6cb56-97b2-339c-1ba4-306aea15e35f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using sys-usb as music hub

2016-07-02 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-02 05:30, Franz wrote:
> With Qubes release 3.x, having USB controller(s) default assigned 
> to sys-usb and Xen meddling checking shared resources between 
> different USB controllers, it is even more difficult than R2 to
> use external USB music hardware, either for output or input.
> 
> So I wonder: why not using sys-usb as a music hub? Everything is 
> already assigned and all you have to do is plug in external USB 
> devices.
> 
> Well, now all music I'm playing on other hardware are mp3 
> downloaded from internet, which means sources that I cannot
> control and eventually compromised. So this may result in
> compromising sys-usb. Consequences? I do not know, but I do know
> that the color of sys-usb is default red, so this may not be a
> mayor problem.
> 
> What do you think?
> 
> I have seen that default sys-usb does not has a sys-net VM. It may 
> be possible to leave it as it is, playing music saved on a USB 
> medium, or it may be even more convenient to connect sys-usb to a 
> sys-net VM to directly play music from youtube, internet radios, 
> etc. Would you do that?
> 
> Best Fran
> 

- From a security perspective, I think you're right. sys-usb and sys-net
(in some cases, they may be combined) should be assumed to be
compromised, which means that we should assume that an attacker could
be using sys-usb to do anything (including play music files). If we're
already assuming that an attacker could be doing this, why shouldn't
you (the actual owner of the system) not do it yourself, if you want to?

- From a practical perspective, your performance may not be very good if
memory balancing is disabled and a low amount of memory is assigned to
the VM, so you may want to adjust this. (You wouldn't adjust this to
benefit an attacker, though, so the analogy may start to break down
here.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXd8pHAAoJENtN07w5UDAwqJYP/2n4dkvRYPinkD0XpBlrvE5Y
mGAZ5r9ILgngl+J1GnbsSsVZ1LroxuB5IeRfoZKNIJ6YvpSXfrDzg3bo1L/9jP8y
ItpynJyyZB5VPN7d3QVLgbjef0M1efOgNGz0LppowbmZVCbYqniE3m0bKvbbPGPp
2VFM+qS6jkWiTQxsiGzPiDH0nCiMV7DO5V8Sin84gsWpi+C7/MAC/aE0pXqabPXB
7krqH6gSV73cXMOTjVrlMdtudoVShC0GrTvUEnLgjZekGkAat/6t/QgNXYtg85Ba
0b2SeRZYL0jbQvbRJdrzkRl7sPc/MNBo6SAaIYAE7m80lBRLfNmHCR+2KZfFO1oB
4OCK5MzwMCSedZACntEz6YIxo5EmuIcXJhit3Lch4YNaWoVLlWpiPZuEV0Zde7MN
ygJJqL7OT1uJJiwBIMSP8nDigz0noyGsmKAS4ETD8G1dCAmxQUUObsvl8gqnrPyh
o+Y+aXr4OkYVK4U5fZVZAxNtyuhZXzy1Qy9CxsAJJEODIr7kWq0SLKudCJQrOKyc
6bpNO6kj4tKx/2J3hh7tsOHrm5CJAgdohN97lbEKHjMNJSp3vuCa6Hb3t9xhmBgS
g19C/WyeScqFjiNUqX+PvAEo/mleu2+npXlR6LpeITCtgdgQuoeIuN3EMvbgIZo7
kF6sJ6taZjwyPDOEOKSk
=vWLK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54db7572-dc6a-ae43-78c8-e34ed21e5f64%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.