Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#135518 - 15/01/2003 21:02 Netowrk
Grabble
new poster

Registered: 21/11/2002
Posts: 7
I want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to. Right now they are connecting to it by typing in the IP address over the internet. Is there anyway that I can let them do this but not let give them access to changing my songs. Is there anyway to do this? Also what kind of damage can they do to my Empeg when they're connect to it this way?

Top
#135519 - 15/01/2003 21:04 Re: Netowrk [Re: Grabble]
Grabble
new poster

Registered: 21/11/2002
Posts: 7
Wow I had a typo in my subject. [censored]

Top
#135520 - 15/01/2003 22:25 Re: Netowrk [Re: Grabble]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to.

I'm trying not to sound too "holier-than-thou" about this, but this sort of music theft encouragement is just what the RIAA loves to propagandize about. You will be surprised at how many people on this bbs will take exception to this plan.

Is there anyway that I can let them do this but not give them access to changing my songs.

I don't believe so, at least not using the standard emplode software that comes with the player. Perhaps there are FTP tricks or some such that could be made to work, but a "stock" player can only download songs through emplode, and once you have access to emplode, you have full access to the player.

what kind of damage can they do to my Empeg when they're connect to it this way?

[sarcasm]None, really -- about all they can do is delete all your songs and playlists.[/sarcasm]

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#135521 - 15/01/2003 22:42 Re: Netowrk [Re: Grabble]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
You can, using the Hijack software, access the songs via the Hijack web server across a network. If you use CharcoalGray99's XML interface, this is actually quite a spiffy way to connect to the empeg across the network.

However: You need to set a password in the hijack options in config.ini that would prevent read/write access to it. By default, no password is needed to modify the data if you're using hijack and you know how to set the drives RW.

Password-protecting Emplode is a different issue. I don't remember whether that can be done or not. I seem to recall that it could either be done with a config.ini option, or by configuring Hijack to prevent that kind of access on the network port (leaving USB and Serial OK for connecting with Emplode). Anyone have instructions for that part of it?
_________________________
Tony Fabris

Top
#135522 - 15/01/2003 23:05 Re: Netowrk [Re: tfabris]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin
do you mean this part?

[hijack]
disable_emplode=1

Disallows emplode access via ethernet. Blocks TCP port 8300 (Emplode/Emptool)
located here

Top
#135523 - 15/01/2003 23:07 Re: Netowrk [Re: RobotCaleb]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
Ah, perfect. Serves me right to get FAQ'd.

Okay, so there's your answer. Install Hijack, edit config.ini to add the disable-emplode option and to set FTP/HTTP passwords, and you're all set. For fun, install CharcoalGray99's XML interface.
_________________________
Tony Fabris

Top
#135524 - 15/01/2003 23:43 Re: Netowrk [Re: tfabris]
RobotCaleb
pooh-bah

Registered: 15/01/2002
Posts: 1866
Loc: Austin
thought youd like that

Top
#135525 - 16/01/2003 04:57 Re: Netowrk [Re: RobotCaleb]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Greetings!

One comment about using the full XML interface. It is too powerful. There are a lot of options on there that I would not want to provide to a dorm full of people. Things like being able to change the song or playlist (very irritating if I am listening to something at the time), volume or playback controls. Worse, and I don't know if this is locked down with the hijack password, is the ability to put the player into read/write mode and reboot. Not that anyone would intentionally do something like that, it can happen by accident, and is very annoying to clean up later.

I hacked apart charcoalgrey's (and probably a lot of other peoples') code (sorry about that) to create a very minimalistic web front end, showing the player real time and linking to the built-in hijack XML interface. Not as pretty, but a lot more secure. For even greater security, you can disable the XML and only display the pages or ftp index that you allow.
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#135526 - 16/01/2003 05:07 Re: Netowrk [Re: pgrzelak]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
To be properly secure you'd need to change the Hijack webserver to disable all the potentially dangerous commands. If you actually go to the proper URLs then you can still issue commands. Like http: //my.empeg/?NODATA&REBOOT All depends on how annoying your coworker/friends are in wanting to mess about

- Trevor

Top
#135527 - 16/01/2003 05:36 Re: Netowrk [Re: tman]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
I am very paranoid. I have:

a) password
b) stripped html interface going to item "f"
c) http commands disabled
d) xml interface disabled
e) . and .. disabled
f) a mirrored symlink tree (mirrordb)

Like I said, I don't expect any malicious attacks. But I have had my playlists changed on me when listening, and had a few unexpected reboots and disk syncs (non-trivial amount of time), so I take precautions...
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#135528 - 16/01/2003 05:48 Re: Netowrk [Re: pgrzelak]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Yeah. Waiting for the player to finish running fsck on two 60GB drives can't be fun!
I did leave my player on the network once without a password and one of my coworkers decided to play about with the web interface. I'm sure there is some instinct built into the people I know that will automatically make them click or press the one thing which they shouldn't!

- Trevor

Top
#135529 - 16/01/2003 05:53 Re: Netowrk [Re: tman]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Yes, they are called QA Engineers !
_________________________
Remind me to change my signature to something more interesting someday

Top
#135530 - 16/01/2003 08:09 Re: Netowrk [Re: tanstaafl.]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
    want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to.

    I'm trying not to sound too "holier-than-thou" about this, but this sort of music theft encouragement is just what the RIAA loves to propagandize about. You will be surprised at how many people on this bbs will take exception to this plan.
It sounded to me like the folks at his dorm would be his friends, and that's pretty much explicitly allowed, otherwise, we wouldn't be paying additional taxes on blank recording media that's remitted to the recording industry. That is, these are probably people to whom he would loan his CDs if they came by and asked to borrow them.

OTOH, if it's just everyone in the university, you'd probably be right.
_________________________
Bitt Faulk

Top
#135531 - 18/01/2003 11:01 Re: Netowrk [Re: Grabble]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14493
Loc: Canada
Goodness.. all of those fancy features in Hijack, and nobody even remembers them!

Do this in the empeg's config.ini file after first installing Hijack:

[hijack]
kftpd_password=asecret ;; lock up the FTP backdoor
khttpd_commands=0 ;; prevent fiddling with playlists
khttpd_dirs=0 ;; prevent general filesystem accesses
khttpd_files=0 ;; I forget, you may need this =1 to permit music downloads..

-ml

Top
#135532 - 19/01/2003 15:21 Re: Netowrk [Re: mlord]
charcoalgray99
enthusiast

Registered: 14/05/2001
Posts: 279
When using allow_commands=0 with my XML interface, the playlists page hides the empeg controlling features (fascia, remote, play/insert/etc). They will not be hidden on the home page or ftp page because the variable isn't available to me, but those pages can be easily removed.

Tom

Top