Using sys-usb as music hub

[Franz]

With Qubes release 3.x, having USB controller(s) default assigned to sys-usb and Xen meddling checking shared resources between different USB controllers, it is even more difficult than R2 to use external USB music hardware, either for output or input.

So I wonder: why not using sys-usb as a music hub? Everything is already assigned and all you have to do is plug in external USB devices.

Well, now all music I'm playing on other hardware are mp3 downloaded from internet, which means sources that I cannot control and eventually compromised. So this may result in compromising sys-usb. Consequences? I do not know, but I do know that the color of sys-usb is default red, so this may not be a mayor problem.

What do you think?

I have seen that default sys-usb does not has a sys-net VM. It may be possible to leave it as it is, playing music saved on a USB medium, or it may be even more convenient to connect sys-usb to a sys-net VM to directly play music from youtube, internet radios, etc. Would you do that?

Best

Fran

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- From a security perspective, I think you're right. sys-usb and sys-net
(in some cases, they may be combined) should be assumed to be
compromised, which means that we should assume that an attacker could
be using sys-usb to do anything (including play music files). If we're
already assuming that an attacker could be doing this, why shouldn't
you (the actual owner of the system) not do it yourself, if you want to?

- From a practical perspective, your performance may not be very good if
memory balancing is disabled and a low amount of memory is assigned to
the VM, so you may want to adjust this. (You wouldn't adjust this to
benefit an attacker, though, so the analogy may start to break down
here.)

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXd8pHAAoJENtN07w5UDAwqJYP/2n4dkvRYPinkD0XpBlrvE5Y
mGAZ5r9ILgngl+J1GnbsSsVZ1LroxuB5IeRfoZKNIJ6YvpSXfrDzg3bo1L/9jP8y
ItpynJyyZB5VPN7d3QVLgbjef0M1efOgNGz0LppowbmZVCbYqniE3m0bKvbbPGPp
2VFM+qS6jkWiTQxsiGzPiDH0nCiMV7DO5V8Sin84gsWpi+C7/MAC/aE0pXqabPXB
7krqH6gSV73cXMOTjVrlMdtudoVShC0GrTvUEnLgjZekGkAat/6t/QgNXYtg85Ba
0b2SeRZYL0jbQvbRJdrzkRl7sPc/MNBo6SAaIYAE7m80lBRLfNmHCR+2KZfFO1oB
4OCK5MzwMCSedZACntEz6YIxo5EmuIcXJhit3Lch4YNaWoVLlWpiPZuEV0Zde7MN
ygJJqL7OT1uJJiwBIMSP8nDigz0noyGsmKAS4ETD8G1dCAmxQUUObsvl8gqnrPyh
o+Y+aXr4OkYVK4U5fZVZAxNtyuhZXzy1Qy9CxsAJJEODIr7kWq0SLKudCJQrOKyc
6bpNO6kj4tKx/2J3hh7tsOHrm5CJAgdohN97lbEKHjMNJSp3vuCa6Hb3t9xhmBgS
g19C/WyeScqFjiNUqX+PvAEo/mleu2+npXlR6LpeITCtgdgQuoeIuN3EMvbgIZo7
kF6sJ6taZjwyPDOEOKSk
=vWLK
-----END PGP SIGNATURE-----

[Franz]

Thanks Andrew, the most lightweight music player I could find is Deadbeef, which is even portable, so no need to install it in template. It works perfectly with the default memory setting of sys-usb. I had to install also pavucontrol in template to be able to rise the volume in sys-usb beyond the maximum of Deadbeef.

Really great sound now with very little work!! :-)) My dogs are alarmed hearing loud music in my room.

Just a small detail, is there a way to use QM "run command in VM" to launch the script that starts portable Deadbeef?

Best

Fran

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sounds like it should be pretty straightforward to do that. Maybe
something like:

qvm-run sys-usb /home/user/deadbeef.sh

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXeLHMAAoJENtN07w5UDAwhqsQALIRpT/Ji90XWV3zGaVwpkzu
VR3xDnmn3WJFw0xqQ38P+TFDEHPZ+VvBHvaIPQx0jj/NILDZqKs6CCfoiMidlFM+
UpInMxWXLHOay/cOLaX9fFGhkBCCt0mYpUa0MS4AatF7+pZqqp7x3tQjHJ5b9x9S
XRJnjq6OIJ7h0jKFfjVufekFIY1o5U3w85abmnIIyVtZEwgt71FZO+GvMtJN6Pjb
OIOfsoe4Q1lvsKMCy1/0j0UNT1CKaStUs0LiUEBZetdGG9Vdh8tS7PM8zzXz8XfR
1Jg0veqzdcni2h2WrUvBRetUeUahgkVHGBtBTAMHz1prC9CEc8jOgrUZQ2rKfc1S
EJokDqYL9T0bz3sZe3f+UyP4QztyCGHRixGAXO8IAiW6Tv6PG/sNpsEwKwMBDf+C
52/M2L22EZp1LuidFpQ++a8qh1PdrZaWvUX0dcCxFJgA63xbRtaXWDAInZD1VC4g
DeNKfuqKvbFpV61+oVYda23wSNQOV1y9wsy49cBvxJpFcZInCCpGRSMHPc9SHiAy
obNJsTngKKVmWq6XrsiSDRHI36qRqJd0fv7JVEn01XnNB34hLQLsiFXy5IW394zy
govNi8MGZ9M7Edk5ZDJJijXvzckYc6ELRMSKoMGmEpfOpy+nghiKZBqIf+pBsx81
7JrJQ6y14dHq9lGcjuBS
=Mc5u
-----END PGP SIGNATURE-----

[Franz]

Well this runs in Dom0, not using Qubes manager "run command in VM", which, if opened in sys-usb, works directly is sys-usb.

Using "run command in VM" if you write "gnome-terminal" it opens a terminal, you write "firefox", it opens  firefox. But I have never been able to run a sh script this way.

Or am I misunderstand what you wrote?

Best

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Both ways should work. (I tested again just now to confirm.) Perhaps
you forgot to make your script executable or something?

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXeTVWAAoJENtN07w5UDAwwCQP/1VB02W/WlbLPtm0Zl1BUCAx
ABeQrI+4Z6ZSJzmeu9VDFaxr9vDsIW0dSvJsaAlLuh8VQc8OqIFORuuSQgCkWeCR
zjLmjR/om0YL5S7Wsv4zZ8BzlOZn+WTC2ID74gxPh+Vx1nfCfeC7eBzrahfgEVOh
kOGvDRlhR9QQWkz2xQBo80zTaNu+R681PSE8PmXGDc27OFvU0GKq8b+5ctIFDPYJ
OyznmAlVeu9hXciCAIhQXlIusK7oNmQlsikHcEU20igDGAMKXH+vzty95M5eZU7t
Jcv7Xj1PIchZ3tP7RgjfX/NSVFPj46f2HT0cPbTXUXVdK5hjB5zH8RHuQIPPM36O
NsyhNdvcBukqjqUsDacFtIr28eFPTRrurxK3O0mhWG9JxgRNLaTXmnmuDh+NV4WW
4TYahQvvHT8Kl8nYE8NQrMC6vSqBxJlpDy9xoHsnP6Jk3dOkj0qBAiHX2NQQuokv
kYxcdETgXnDqywym538B5M9l4OBLOGdv+0lj4wyhA2Ygw6BHSCXfqUp8RFUFkpGC
CcL8uzQazomE94vOV+lPJzTDWpeBP2RVNqpUuJ8CBD3Qai4RzozNxStviVK+Yctu
GyKxJ4A6B7Q/KsmSh32BNblDNePH1dAwdpnKkdiPW6thgaTI4zZoQAZUBfGJxZBK
kTsTM22OcfagJz70T+I/
=eipM
-----END PGP SIGNATURE-----

[Franz]

Yes I forgot to make it executable. Many thanks