baxoza wrote:
> I forgot to mentioned:
> For me and others (I think) PiCorePlayer is VERY useful to fast
> configure whole player and etc. - on default Raspbian repo I need spend
> much more time to achieve players and LMS working.
> For me configuring Raspbian via terminal is not user friendly
baxoza wrote:
> 1) Ok, since 2 years I havent tested this on Raspbian - before, I've
> had problem with this - maybe You are right to test it now...
> 2) You are right - switching only amplifiers is a good suggestion.
Thanks, This ain't my first rodeo
> 3) if LMS saves it saves only on
Jeff07971 wrote:
>
> You are not going to be able to do it with Pcp you can do it with
> Raspbian - Your choice
>
> Jeff
I forgot to mentioned:
For me and others (I think) PiCorePlayer is VERY useful to fast
configure whole player and etc. - on default Raspbian repo I need spend
much more
Jeff07971 wrote:
> 1) I have two instances of raspbian neither are UPS'd and I've never had
> a problem.
> 2) If theres an antifire turn the AMPLIFIERS off not the RasPis have
> them UPS'd
> 3) If you run an LMS on Pcp there are disk writes so can be corrupted
>
> You are not going to be able
baxoza wrote:
> You are almost right but all audio will be placed on separated rack
> without UPS and there is fire protection system where during antifire
> messages all audio must be immediately switched off
> This is a new object (building) and at the beginning of functionality
> many fire or
Jeff07971 wrote:
> Then you don't need to worry about power failure !
You are almost right but all audio will be placed on separated rack
without UPS and there is fire protection system where during antifire
messages all audio must be immediately switched off
This is a new object (building) and
> All players gonna be placed on server's room in restricted area so I'm
> not worried about removing/replace SD cards
Then you don't need to worry about power failure !
*Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer
x3,Wandboard
*Server:* LMS Version: Latest Nightly on
Greg Erskine wrote:
> Remember piCorePlayer has a http web server used for configuration, so
> don't use piCorePlayer!
>
> Just use Raspbian and load squeezelite and configure yourself. That will
> close a few holes.
>
> Once you allow Raspberry Pi's into your environment anyone with physical
If you look carefully at the OP's diagram there is no audio traffic over
the LAN only port 9000 control !!
But audio is streamed over port 9000, too. It's not only control. Maybe
I'm overcomplicating things... just let us know how it worked out.
--
Michael
mherger wrote:
> > Use Raspbian for the LMS server and install apache with a HTTPS
> reverse
> > proxy, block non https traffic with firewalld or iptables Simple.
>
> And how would the players stream? They don't support https.
>
>
> --
>
> Michael
Hi Michael,
If you look carefully at the
Use Raspbian for the LMS server and install apache with a HTTPS reverse
proxy, block non https traffic with firewalld or iptables Simple.
And how would the players stream? They don't support https.
--
Michael
___
Squeezecenter mailing list
Remember piCorePlayer has a http web server used for configuration, so
don't use piCorePlayer!
Just use Raspbian and load squeezelite and configure yourself. That will
close a few holes.
Once you allow Raspberry Pi's into your environment anyone with physical
access can remove the SD card and
baxoza wrote:
> Yes !!! it would be nice and I think it should be standard in this
> times
> LMS using plugins like Spotify, Tidal etc. where is secured protocol
> what is acceptable in plugins but LMS is ... I don't know... old skull ?
>
> I agree with this there is no ability on hardware
Jeff07971 wrote:
>
>
> One friendly word of warning though, If you antagonist our best boy or
> any other our devs you will find help hard to find on this forum.
>
> Jeff
I am cool :) I don't have anything agains ANY Member of the forum - I am
far away to be antagonist - trust me :)
Jeff07971 wrote:
> OK then this is really simple.
>
> Keep piCorePlayer for the players
>
> Use Raspbian for the LMS server and install apache with a HTTPS reverse
> proxy, block non https traffic with firewalld or iptables Simple.
>
> See posts here
>
OK then this is really simple.
Keep piCorePlayer for the players
Use Raspbian for the LMS server and install apache with a HTTPS reverse
proxy, block non https traffic with firewalld or iptables Simple.
See posts here
Jeff07971 wrote:
> And you want the control Web GUI over https from the Pc's ?
Yes !!! it would be nice and I think it should be standard in this
times
LMS using plugins like Spotify, Tidal etc. where is secured protocol
what is acceptable in plugins but LMS is ... I don't know... old
Jeff07971 wrote:
> From 1 PiCorePlayer LMS on a Pi ?
>
> I don't know for sure because I run LMS on a x86-64 linux system but my
> initial thought is good luck with that !
In this case are 12x RPI (1 RPI per zone) so there is no problem with
LMS (1 LMS per 1 zone) but at home I have 1 RPI with
So are you saying that you have 12 piCorePlayer PLAYERS running from one
piCoreplayer LMS ?
And you want the control Web GUI over https from the Pc's ?
*Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer
x3,Wandboard
*Server:* LMS Version: Latest Nightly on Centos 7 VM on
> 12 independent zones
>From 1 PiCorePlayer LMS on a Pi ?
I don't know for sure because I run LMS on a x86-64 linux system but my
initial thought is good luck with that !
*Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer
x3,Wandboard
*Server:* LMS Version: Latest Nightly
mherger wrote:
> > in sum:
> > User on PC Windows should control piCoreplayer over secured protocol
> > like https - the rest of traffic RPI <--> internet is in old fashion.
> >
> > Do you see it now in brighter colors ?
>
> No brighter at all. Exactly the same as before. Forget it.
>
> --
>
jmsizun wrote:
> Hi,
>
> I am curious as to why you are asking about entreprise-level network
> security requirements regarding a mostly-DIY audio multiroom solution.
> What are you trying to achieve ?
>
> are you trying to create a commercial product ?
> Are you trying to "sonorize" your
ideas (with the hypothesis that only port 9000 is used):
* to secure the comms between picoreplayer and LMS: why not opening a
SSH connection from picoreplayer to LMS server with 9000 port forwarding
(localhost on picoreplayer:9000 -> LMS-localhost:9000).
* to secure access to web UI: why not
A very old package, but this used to be my go to to encrypt legacy
connections:
http://www.winton.org.uk/zebedee/
TonioRoffo's Profile: http://forums.slimdevices.com/member.php?userid=54314
View this thread:
Hi,
I am curious as to why you are asking about entreprise-level network
security requirements regarding a mostly-DIY audio multiroom solution.
What are you trying to achieve ?
are you trying to create a commercial product ?
Are you trying to "sonorize" your company premises? (in this case,
in sum:
User on PC Windows should control piCoreplayer over secured protocol
like https - the rest of traffic RPI <--> internet is in old fashion.
Do you see it now in brighter colors ?
No brighter at all. Exactly the same as before. Forget it.
--
Michael
Greg Erskine wrote:
> piCorePlayer was not written with this environment in mind. Raspberry
> Pi's are not very secure for corporate environments by definition.
I can only repeat myself.
Greg Erskine's Profile:
mherger wrote:
> Ok, here are some of the many issues you'll be facing:
>
> piCorePlayer: no-go
> - web UI is not encrypted
> - admin console has no password protection
> - ssh is using some default credentials
>
> LMS:
> - web UI is not encrypted
> - CLI is not encrypted
>
> Your to-do list:
baxoza wrote:
> Thank You for answer.
> Yes - You are right ! So I told to specialists that the security
> firewall should be enough but security policy is required so that there
> is no unencrypted traffic so they too are right.
> Please tell me - is really unnecessary/impossible to add
Greg Erskine wrote:
> Do companies actually allow users to setup audio systems in a corporate
> environment? :confused:
>
> If I'd tried to do this in any of my jobs I would have been severely
> reprimanded or sacked. Half the time I was the IT decision maker and
> would have re-ghosted any
Greg Erskine wrote:
> Do companies actually allow users to setup audio systems in a corporate
> environment? :confused:
>
> If I'd tried to do this in any of my jobs I would have been severely
> reprimanded or sacked. Half the time I was the IT decision maker and
> would have re-ghosted any
Do companies actually allow users to setup audio systems in a corporate
environment? :confused:
If I'd tried to do this in any of my jobs I would have been severely
reprimanded or sacked. Half the time I was the IT decision maker and
would have re-ghosted any such PC immediately.
piCorePlayer
Ok, here are some of the many issues you'll be facing:
piCorePlayer: no-go
- web UI is not encrypted
- admin console has no password protection
- ssh is using some default credentials
LMS:
- web UI is not encrypted
- CLI is not encrypted
Your to-do list:
- implement https on LMS
- disable CLI
Is there a reason why installing LMS on piCorePlayer isn't an option?
-LMS on Raspian Stretch -> 2x Radio
-RPI 3 ('Mopidy' (https://www.mopidy.com/)), Aune S6 - Exposure 3010S2
- PMC FB1i
pinkdot's Profile:
baxoza wrote:
> Ok, Michael, here is some picture of company setup. Maybe now it will be
> clear for You:
>
> 24708
If this is truly what you IT specialist is asking for (its not) then
goodbye internet as DNS and many other LAN traffic is not encrypted.
Jeff
*Players:* SliMP3,Squeezebox3
mherger wrote:
> > "Using LMS to terminate https already is implemented." Great!!! How
> to
> > switch LMS to https (Settings>Advanced>Security>CSRF Protection
> > Level <-- is this https ?)
>
> Oh my... we're running in circles. You don't understand what you're
> asking for, I'm sorry
"Using LMS to terminate https already is implemented." Great!!! How to
switch LMS to https (Settings>Advanced>Security>CSRF Protection
Level <-- is this https ?)
Oh my... we're running in circles. You don't understand what you're
asking for, I'm sorry to say.
Up this thread you said:
mherger wrote:
> > Http_client <> LMS(slimserver) <> player(squezelite) (Am I right
> > with this topology ?)
>
> If you're not allowed to have any non-https traffic in your network,
> then the https endpoint must be the player, not LMS. Using LMS to
> terminate https already is
Http_client <> LMS(slimserver) <> player(squezelite) (Am I right
with this topology ?)
If you're not allowed to have any non-https traffic in your network,
then the https endpoint must be the player, not LMS. Using LMS to
terminate https already is implemented.
I think you're not clear
mherger wrote:
> It would need to be implemented in the -players-, not in LMS. Firmware
> updates for hardware players you can forget. squeezelite is not my
> domain.
>
> And no, I'm not ignoring you. It's just that you're asking for something
> you've got responses for before. But you're not
baxoza wrote:
> I only asking for this additional feature for piCorePlayer lunched on
> Raspberry Pi 3 - is this impossible to add this in near future to
> slimserwer (LMS for piCoreplayer) ?
It would need to be implemented in the -players-, not in LMS. Firmware
updates for hardware players you
baxoza wrote:
> I only asking for this additional feature for piCorePlayer lunched on
> Raspberry Pi 3 - is this impossible to add this in near future to
> slimserwer (LMS for piCoreplayer) ?
Michael why are You ignoring me and my question? I am sad ;)
mherger wrote:
> LMS traffic cannot be encrypted because the hardware players don't
> support https.
I only asking for this additional feature for piCorePlayer lunched on
Raspberry Pi 3 - is this impossible to add this in near future to
slimserwer (LMS for piCoreplayer) ?
LMS traffic cannot be encrypted because the hardware players don't
support https.
Michael
http://www.herger.net/slim-plugins - Spotty, MusicArtistInfo
mherger's Profile: http://forums.slimdevices.com/member.php?userid=50
BTW I'm pretty sure Apple effectively dropped that requirement before it
was ever enforced.
https://cheapsslsecurity.com/blog/apple-to-extend-the-ios-app-transport-security-ats-time-duration/
owner of the stuff that used to reside at http://www.tux.org/~peterw/
Note: The best way to reach me
baxoza wrote:
> What a pity :(
> My IT Specialists has internal policy: Every trefic should be secure.
> I intent to control LMS from PC. Becouse RPI is connected to the
> internet it makes ability to hack the Windows over not secured
> connection - port 9000 opened etc.
> RPI and PC are behind
It's not clear to me how you're using your LMS. I would support the idea
of encrypting traffic on public networks. But is this a requirement for
your LAN? The Pi does access the internet, yes. But it's not accessible
from the internet if configured correctly. You're saying that it was
behind a
baxoza wrote:
> Is possible to add to LMS a Secure protocol for http and CLI commands?
No, not without additional software (eg. revers proxying through
nginx/apache or the like).
And then I just have to add my standard warning: don't open up your LMS
to the internet. I wouldn't even do so
baxoza wrote:
> Hello everyone.
> I am looking for email (or other contact) of slimserver (picoreplayer
> LMS) author. I have technical question for Him.
> Thanks a lot.
> /Baxoza
>
> Ps.
> I didn't find it in any licence/info files in picorePleyer distribution.
Licensing for packages is
What exact aspect do you need information for? You might want to just ask here.
> Am 24.02.2018 um 16:53 schrieb baxoza
> :
>
>
> Hello everyone.
> I am looking for email (or other contact) of slimserver (picoreplayer
> LMS) author. I have technical
50 matches
Mail list logo