I want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to. Right now they are connecting to it by typing in the IP address over the internet. Is there anyway that I can let them do this but not let give them access to changing my songs. Is there anyway to do this? Also what kind of damage can they do to my Empeg when they're connect to it this way?

Wow I had a typo in my subject. [censored]

want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to.

I'm trying not to sound too "holier-than-thou" about this, but this sort of music theft encouragement is just what the RIAA loves to propagandize about. You will be surprised at how many people on this bbs will take exception to this plan.

Is there anyway that I can let them do this but not give them access to changing my songs.

I don't believe so, at least not using the standard emplode software that comes with the player. Perhaps there are FTP tricks or some such that could be made to work, but a "stock" player can only download songs through emplode, and once you have access to emplode, you have full access to the player.

what kind of damage can they do to my Empeg when they're connect to it this way?

[sarcasm]None, really -- about all they can do is delete all your songs and playlists.[/sarcasm]

tanstaafl.

You can, using the Hijack software, access the songs via the Hijack web server across a network. If you use CharcoalGray99's XML interface, this is actually quite a spiffy way to connect to the empeg across the network.

However: You need to set a password in the hijack options in config.ini that would prevent read/write access to it. By default, no password is needed to modify the data if you're using hijack and you know how to set the drives RW.

Password-protecting Emplode is a different issue. I don't remember whether that can be done or not. I seem to recall that it could either be done with a config.ini option, or by configuring Hijack to prevent that kind of access on the network port (leaving USB and Serial OK for connecting with Emplode). Anyone have instructions for that part of it?

do you mean this part?

[hijack]

disable_emplode=1



Disallows emplode access via ethernet. Blocks TCP port 8300 (Emplode/Emptool) 

located here

Ah, perfect. Serves me right to get FAQ'd.

Okay, so there's your answer. Install Hijack, edit config.ini to add the disable-emplode option and to set FTP/HTTP passwords, and you're all set. For fun, install CharcoalGray99's XML interface.

thought youd like that

Greetings!

One comment about using the full XML interface. It is too powerful. There are a lot of options on there that I would not want to provide to a dorm full of people. Things like being able to change the song or playlist (very irritating if I am listening to something at the time), volume or playback controls. Worse, and I don't know if this is locked down with the hijack password, is the ability to put the player into read/write mode and reboot. Not that anyone would intentionally do something like that, it can happen by accident, and is very annoying to clean up later.

I hacked apart charcoalgrey's (and probably a lot of other peoples') code (sorry about that) to create a very minimalistic web front end, showing the player real time and linking to the built-in hijack XML interface. Not as pretty, but a lot more secure. For even greater security, you can disable the XML and only display the pages or ftp index that you allow.

To be properly secure you'd need to change the Hijack webserver to disable all the potentially dangerous commands. If you actually go to the proper URLs then you can still issue commands. Like http: //my.empeg/?NODATA&REBOOT All depends on how annoying your coworker/friends are in wanting to mess about

- Trevor

I am very paranoid. I have:

a) password
b) stripped html interface going to item "f"
c) http commands disabled
d) xml interface disabled
e) . and .. disabled
f) a mirrored symlink tree (mirrordb)

Like I said, I don't expect any malicious attacks. But I have had my playlists changed on me when listening, and had a few unexpected reboots and disk syncs (non-trivial amount of time), so I take precautions...

Yeah. Waiting for the player to finish running fsck on two 60GB drives can't be fun!
I did leave my player on the network once without a password and one of my coworkers decided to play about with the web interface. I'm sure there is some instinct built into the people I know that will automatically make them click or press the one thing which they shouldn't!

- Trevor

Yes, they are called QA Engineers !

want to have my Empeg Mark II connected to my computer via ethernet so that other people on the network in my dorm can download music off of it whenever they want to.

I'm trying not to sound too "holier-than-thou" about this, but this sort of music theft encouragement is just what the RIAA loves to propagandize about. You will be surprised at how many people on this bbs will take exception to this plan.

It sounded to me like the folks at his dorm would be his friends, and that's pretty much explicitly allowed, otherwise, we wouldn't be paying additional taxes on blank recording media that's remitted to the recording industry. That is, these are probably people to whom he would loan his CDs if they came by and asked to borrow them.

OTOH, if it's just everyone in the university, you'd probably be right.

Goodness.. all of those fancy features in Hijack, and nobody even remembers them!

Do this in the empeg's config.ini file after first installing Hijack:

[hijack]

kftpd_password=asecret  ;; lock up the FTP backdoor

khttpd_commands=0  ;; prevent fiddling with playlists

khttpd_dirs=0   ;; prevent general filesystem accesses

khttpd_files=0   ;; I forget, you may need this =1 to permit music downloads..

-ml

When using allow_commands=0 with my XML interface, the playlists page hides the empeg controlling features (fascia, remote, play/insert/etc). They will not be hidden on the home page or ftp page because the variable isn't available to me, but those pages can be easily removed.

Tom