Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > I forgot to mentioned: > For me and others (I think) PiCorePlayer is VERY useful to fast > configure whole player and etc. - on default Raspbian repo I need spend > much more time to achieve players and LMS working. > For me configuring Raspbian via terminal is not user friendly

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > 1) Ok, since 2 years I havent tested this on Raspbian - before, I've > had problem with this - maybe You are right to test it now... > 2) You are right - switching only amplifiers is a good suggestion. Thanks, This ain't my first rodeo > 3) if LMS saves it saves only on

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > > You are not going to be able to do it with Pcp you can do it with > Raspbian - Your choice > > Jeff I forgot to mentioned: For me and others (I think) PiCorePlayer is VERY useful to fast configure whole player and etc. - on default Raspbian repo I need spend much more

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > 1) I have two instances of raspbian neither are UPS'd and I've never had > a problem. > 2) If theres an antifire turn the AMPLIFIERS off not the RasPis have > them UPS'd > 3) If you run an LMS on Pcp there are disk writes so can be corrupted > > You are not going to be able

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > You are almost right but all audio will be placed on separated rack > without UPS and there is fire protection system where during antifire > messages all audio must be immediately switched off > This is a new object (building) and at the beginning of functionality > many fire or

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > Then you don't need to worry about power failure ! You are almost right but all audio will be placed on separated rack without UPS and there is fire protection system where during antifire messages all audio must be immediately switched off This is a new object (building) and

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

> All players gonna be placed on server's room in restricted area so I'm > not worried about removing/replace SD cards Then you don't need to worry about power failure ! *Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard *Server:* LMS Version: Latest Nightly on

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Greg Erskine wrote: > Remember piCorePlayer has a http web server used for configuration, so > don't use piCorePlayer! > > Just use Raspbian and load squeezelite and configure yourself. That will > close a few holes. > > Once you allow Raspberry Pi's into your environment anyone with physical

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

If you look carefully at the OP's diagram there is no audio traffic over the LAN only port 9000 control !! But audio is streamed over port 9000, too. It's not only control. Maybe I'm overcomplicating things... just let us know how it worked out. -- Michael

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > > Use Raspbian for the LMS server and install apache with a HTTPS > reverse > > proxy, block non https traffic with firewalld or iptables Simple. > > And how would the players stream? They don't support https. > > > -- > > Michael Hi Michael, If you look carefully at the

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Use Raspbian for the LMS server and install apache with a HTTPS reverse proxy, block non https traffic with firewalld or iptables Simple. And how would the players stream? They don't support https. -- Michael ___ Squeezecenter mailing list

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Remember piCorePlayer has a http web server used for configuration, so don't use piCorePlayer! Just use Raspbian and load squeezelite and configure yourself. That will close a few holes. Once you allow Raspberry Pi's into your environment anyone with physical access can remove the SD card and

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > Yes !!! it would be nice and I think it should be standard in this > times > LMS using plugins like Spotify, Tidal etc. where is secured protocol > what is acceptable in plugins but LMS is ... I don't know... old skull ? > > I agree with this there is no ability on hardware

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > > > One friendly word of warning though, If you antagonist our best boy or > any other our devs you will find help hard to find on this forum. > > Jeff I am cool :) I don't have anything agains ANY Member of the forum - I am far away to be antagonist - trust me :)

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > OK then this is really simple. > > Keep piCorePlayer for the players > > Use Raspbian for the LMS server and install apache with a HTTPS reverse > proxy, block non https traffic with firewalld or iptables Simple. > > See posts here >

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

OK then this is really simple. Keep piCorePlayer for the players Use Raspbian for the LMS server and install apache with a HTTPS reverse proxy, block non https traffic with firewalld or iptables Simple. See posts here

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > And you want the control Web GUI over https from the Pc's ? Yes !!! it would be nice and I think it should be standard in this times LMS using plugins like Spotify, Tidal etc. where is secured protocol what is acceptable in plugins but LMS is ... I don't know... old

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Jeff07971 wrote: > From 1 PiCorePlayer LMS on a Pi ? > > I don't know for sure because I run LMS on a x86-64 linux system but my > initial thought is good luck with that ! In this case are 12x RPI (1 RPI per zone) so there is no problem with LMS (1 LMS per 1 zone) but at home I have 1 RPI with

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

So are you saying that you have 12 piCorePlayer PLAYERS running from one piCoreplayer LMS ? And you want the control Web GUI over https from the Pc's ? *Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard *Server:* LMS Version: Latest Nightly on Centos 7 VM on

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

> 12 independent zones >From 1 PiCorePlayer LMS on a Pi ? I don't know for sure because I run LMS on a x86-64 linux system but my initial thought is good luck with that ! *Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard *Server:* LMS Version: Latest Nightly

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > > in sum: > > User on PC Windows should control piCoreplayer over secured protocol > > like https - the rest of traffic RPI <--> internet is in old fashion. > > > > Do you see it now in brighter colors ? > > No brighter at all. Exactly the same as before. Forget it. > > -- >

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

jmsizun wrote: > Hi, > > I am curious as to why you are asking about entreprise-level network > security requirements regarding a mostly-DIY audio multiroom solution. > What are you trying to achieve ? > > are you trying to create a commercial product ? > Are you trying to "sonorize" your

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

ideas (with the hypothesis that only port 9000 is used): * to secure the comms between picoreplayer and LMS: why not opening a SSH connection from picoreplayer to LMS server with 9000 port forwarding (localhost on picoreplayer:9000 -> LMS-localhost:9000). * to secure access to web UI: why not

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

A very old package, but this used to be my go to to encrypt legacy connections: http://www.winton.org.uk/zebedee/ TonioRoffo's Profile: http://forums.slimdevices.com/member.php?userid=54314 View this thread:

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Hi, I am curious as to why you are asking about entreprise-level network security requirements regarding a mostly-DIY audio multiroom solution. What are you trying to achieve ? are you trying to create a commercial product ? Are you trying to "sonorize" your company premises? (in this case,

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

in sum: User on PC Windows should control piCoreplayer over secured protocol like https - the rest of traffic RPI <--> internet is in old fashion. Do you see it now in brighter colors ? No brighter at all. Exactly the same as before. Forget it. -- Michael

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Greg Erskine wrote: > piCorePlayer was not written with this environment in mind. Raspberry > Pi's are not very secure for corporate environments by definition. I can only repeat myself. Greg Erskine's Profile:

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > Ok, here are some of the many issues you'll be facing: > > piCorePlayer: no-go > - web UI is not encrypted > - admin console has no password protection > - ssh is using some default credentials > > LMS: > - web UI is not encrypted > - CLI is not encrypted > > Your to-do list:

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > Thank You for answer. > Yes - You are right ! So I told to specialists that the security > firewall should be enough but security policy is required so that there > is no unencrypted traffic so they too are right. > Please tell me - is really unnecessary/impossible to add

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Greg Erskine wrote: > Do companies actually allow users to setup audio systems in a corporate > environment? :confused: > > If I'd tried to do this in any of my jobs I would have been severely > reprimanded or sacked. Half the time I was the IT decision maker and > would have re-ghosted any

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Greg Erskine wrote: > Do companies actually allow users to setup audio systems in a corporate > environment? :confused: > > If I'd tried to do this in any of my jobs I would have been severely > reprimanded or sacked. Half the time I was the IT decision maker and > would have re-ghosted any

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Do companies actually allow users to setup audio systems in a corporate environment? :confused: If I'd tried to do this in any of my jobs I would have been severely reprimanded or sacked. Half the time I was the IT decision maker and would have re-ghosted any such PC immediately. piCorePlayer

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Ok, here are some of the many issues you'll be facing: piCorePlayer: no-go - web UI is not encrypted - admin console has no password protection - ssh is using some default credentials LMS: - web UI is not encrypted - CLI is not encrypted Your to-do list: - implement https on LMS - disable CLI

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Is there a reason why installing LMS on piCorePlayer isn't an option? -LMS on Raspian Stretch -> 2x Radio -RPI 3 ('Mopidy' (https://www.mopidy.com/)), Aune S6 - Exposure 3010S2 - PMC FB1i pinkdot's Profile:

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > Ok, Michael, here is some picture of company setup. Maybe now it will be > clear for You: > > 24708 If this is truly what you IT specialist is asking for (its not) then goodbye internet as DNS and many other LAN traffic is not encrypted. Jeff *Players:* SliMP3,Squeezebox3

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > > "Using LMS to terminate https already is implemented." Great!!! How > to > > switch LMS to https (Settings>Advanced>Security>CSRF Protection > > Level <-- is this https ?) > > Oh my... we're running in circles. You don't understand what you're > asking for, I'm sorry

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

"Using LMS to terminate https already is implemented." Great!!! How to switch LMS to https (Settings>Advanced>Security>CSRF Protection Level <-- is this https ?) Oh my... we're running in circles. You don't understand what you're asking for, I'm sorry to say. Up this thread you said:

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > > Http_client <> LMS(slimserver) <> player(squezelite) (Am I right > > with this topology ?) > > If you're not allowed to have any non-https traffic in your network, > then the https endpoint must be the player, not LMS. Using LMS to > terminate https already is

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

Http_client <> LMS(slimserver) <> player(squezelite) (Am I right with this topology ?) If you're not allowed to have any non-https traffic in your network, then the https endpoint must be the player, not LMS. Using LMS to terminate https already is implemented. I think you're not clear

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > It would need to be implemented in the -players-, not in LMS. Firmware > updates for hardware players you can forget. squeezelite is not my > domain. > > And no, I'm not ignoring you. It's just that you're asking for something > you've got responses for before. But you're not

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > I only asking for this additional feature for piCorePlayer lunched on > Raspberry Pi 3 - is this impossible to add this in near future to > slimserwer (LMS for piCoreplayer) ? It would need to be implemented in the -players-, not in LMS. Firmware updates for hardware players you

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > I only asking for this additional feature for piCorePlayer lunched on > Raspberry Pi 3 - is this impossible to add this in near future to > slimserwer (LMS for piCoreplayer) ? Michael why are You ignoring me and my question? I am sad ;)

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

mherger wrote: > LMS traffic cannot be encrypted because the hardware players don't > support https. I only asking for this additional feature for piCorePlayer lunched on Raspberry Pi 3 - is this impossible to add this in near future to slimserwer (LMS for piCoreplayer) ?

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

LMS traffic cannot be encrypted because the hardware players don't support https. Michael http://www.herger.net/slim-plugins - Spotty, MusicArtistInfo mherger's Profile: http://forums.slimdevices.com/member.php?userid=50

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

BTW I'm pretty sure Apple effectively dropped that requirement before it was ever enforced. https://cheapsslsecurity.com/blog/apple-to-extend-the-ios-app-transport-security-ats-time-duration/ owner of the stuff that used to reside at http://www.tux.org/~peterw/ Note: The best way to reach me

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > What a pity :( > My IT Specialists has internal policy: Every trefic should be secure. > I intent to control LMS from PC. Becouse RPI is connected to the > internet it makes ability to hack the Windows over not secured > connection - port 9000 opened etc. > RPI and PC are behind

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

It's not clear to me how you're using your LMS. I would support the idea of encrypting traffic on public networks. But is this a requirement for your LAN? The Pi does access the internet, yes. But it's not accessible from the internet if configured correctly. You're saying that it was behind a

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > Is possible to add to LMS a Secure protocol for http and CLI commands? No, not without additional software (eg. revers proxying through nginx/apache or the like). And then I just have to add my standard warning: don't open up your LMS to the internet. I wouldn't even do so

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

baxoza wrote: > Hello everyone. > I am looking for email (or other contact) of slimserver (picoreplayer > LMS) author. I have technical question for Him. > Thanks a lot. > /Baxoza > > Ps. > I didn't find it in any licence/info files in picorePleyer distribution. Licensing for packages is

Re: [SlimDevices: SqueezeCenter] Slimserver (LMS for picorePlayer) author - ask for contact

What exact aspect do you need information for? You might want to just ask here. > Am 24.02.2018 um 16:53 schrieb baxoza > : > > > Hello everyone. > I am looking for email (or other contact) of slimserver (picoreplayer > LMS) author. I have technical