[qubes-users] Re: Installing qubes-window-tools makes win7 HVM GUI unusable
On Friday, 3 February 2017 14:48:03 UTC+1, Jarle Thorsen wrote: > I have now found the very slow GUI described in my previous thread > https://groups.google.com/d/msg/qubes-users/gzS8Zc9StxQ/gSwEC-fdFAAJ to be a > direct result of installing the qubes-windows-tools into the VM. > > That's why I'm starting a new thread focusing on this problem here. > > After initial install of a brand new win7 VM everything works "just fine", I > can drag windows across the desktop even when running VM in max resolution, > without any delay. > > However after installing qubes-windows-tools and rebooting it is like I am > running a totally different OS. If I try to drag a window from one place to > the other there is a delay of more than a second before the window is moved > to the new location. Using qubes-windows-tools 3.2.1 or 3.2.2 make no > difference. > > Which log files should I look into (post here?) to track this down? I have exactly the same problem. Do you have found a solution? I'd like to hear from you. Greetz, Sander -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a862056-fe96-4c6c-81cd-e31b1c4a69e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
On Tuesday, May 16, 2017 at 11:33:41 PM UTC-4, cooloutac wrote: > On Tuesday, May 16, 2017 at 9:31:50 PM UTC-4, Andrew David Wong wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > On 2017-05-16 01:24, cooloutac wrote: > > > On Sunday, May 14, 2017 at 11:09:25 PM UTC-4, Andrew David Wong > > > wrote: On 2017-05-14 21:38, cooloutac wrote: > > On Sunday, May 14, 2017 at 3:48:04 PM UTC-4, Andrew David > > Wong wrote: > > >>> > > > > What do you mean? Are you suggesting that qvm-backup has > > "more attack vector" than an encrypted KeePassX (or whatever) > > database? Why? No, I think it's actually the opposite. An > > attacker could feed you a malformed database file, which you > > believe is your authentic database file. If it's not > > authenticated, you won't be able to tell. When you try to > > decrypt and open it with KeePassX, it could try to compromise > > KeePassX. qvm-backup is designed to protect against this > > class of attack. I'm not sure what you mean. If an attacker > > has a copy of your encrypted database and subsequently gets > > the key/passphrase to that database, she can then decrypt > > the database regardless of what you subsequently do. > > > > Are you saying that you would render the contents of the > > database worthless by changing every password stored in that > > database? How would you know to do this? Are you assuming > > that you'll somehow know the instant your database has been > > compromised? What if the attacker changes some or all of your > > passwords before you do? What if you have persistent > > passwords (e.g., not for online accounts) that can't be > > rendered useless in this way? > > > > > > Well if they can do that to one file, couldn't they do that > > to alot more others if backing up the whole vm? I would think > > one file is alot easier to check. Since that whole vaultvm is > > only dedicated to that one file for me anyways, and I don't > > have custom configs or scripts in it. > > > > > > > > No. With qvm-backup-restore, the entire backup blob is checked for > > > integrity and authenticity. That check will fail if any bit in the > > > blob has changed. Since the blob is encrypted, an attacker won't > > > be able to tell what individual files are in it, unless you divulge > > > that information in some other way. > > > > > One cool thing I saw about paranoid mode is it take into > > account things in user directories that are not even user > > data to begin with. so ya I back up other vms that way > > especially templates, and especially vms with custom configs. > > or vms with just alot of data in alot of diff folders out of > > convenience. > > > > But for the vault I just do the single file. > > > > And so say if the database file is malware, what do you mean > > by qvm-backup would prevent it? > > > > > > > > Suppose you take your encrypted database file and store it > > > somewhere (e.g., cloud storage, HDD in a safe deposit box). Suppose > > > that an attacker secretly replaces that file with a malicious one > > > without your knowledge. The next time you decrypt that database > > > file, it silently compromises your client or VM and leaks your > > > passphrases through side channels or does other nasty things. > > > > > > If you had instead backed up the entire VM with qvm-backup, you > > > would immediately know, upon trying to restore from the backup, > > > that it was not the same trusted file that you had originally > > > created, since Qubes would inform you that the integrity and > > > authenticity check had failed when you entered your passphrase. > > > > > > Now, if your password manager also uses authenticated encryption > > > for its database files, then that's fine, but as far as I know, > > > most don't. > > > > > And yes "rendering it useless by changing every password". > > We are talking of the times you suspect it, have a hunch, if > > you think you can never tell when you are compromised then > > what else is there to go on? > > > > > > There's nothing wrong with acting on a hunch. In some cases, it may > > > be obvious that a VM or whole system has been compromised, but > > > there's no way to know for certain that a VM or whole system has > > > *not* been compromised. > > > > > and what else can be done? > > > > > > > > Use Qubes OS. Compartmentalize. Use Paranoid Mode. :) > > > > > > > > > So you are saying qvm-backup will know if an attacker has switched > > > up the backup file, which is well and good. But I'm assuming the vm > > > or file is already compromised before backing it up in the first > > > place. > > > > > > > Oh, that's a quite a different scenario from what I had in mind, then. > > > > > Also apparently qvm-backup ha
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
On Tuesday, May 16, 2017 at 9:31:50 PM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-05-16 01:24, cooloutac wrote: > > On Sunday, May 14, 2017 at 11:09:25 PM UTC-4, Andrew David Wong > > wrote: On 2017-05-14 21:38, cooloutac wrote: > On Sunday, May 14, 2017 at 3:48:04 PM UTC-4, Andrew David > Wong wrote: > >>> > > What do you mean? Are you suggesting that qvm-backup has > "more attack vector" than an encrypted KeePassX (or whatever) > database? Why? No, I think it's actually the opposite. An > attacker could feed you a malformed database file, which you > believe is your authentic database file. If it's not > authenticated, you won't be able to tell. When you try to > decrypt and open it with KeePassX, it could try to compromise > KeePassX. qvm-backup is designed to protect against this > class of attack. I'm not sure what you mean. If an attacker > has a copy of your encrypted database and subsequently gets > the key/passphrase to that database, she can then decrypt > the database regardless of what you subsequently do. > > Are you saying that you would render the contents of the > database worthless by changing every password stored in that > database? How would you know to do this? Are you assuming > that you'll somehow know the instant your database has been > compromised? What if the attacker changes some or all of your > passwords before you do? What if you have persistent > passwords (e.g., not for online accounts) that can't be > rendered useless in this way? > > > Well if they can do that to one file, couldn't they do that > to alot more others if backing up the whole vm? I would think > one file is alot easier to check. Since that whole vaultvm is > only dedicated to that one file for me anyways, and I don't > have custom configs or scripts in it. > > > > > No. With qvm-backup-restore, the entire backup blob is checked for > > integrity and authenticity. That check will fail if any bit in the > > blob has changed. Since the blob is encrypted, an attacker won't > > be able to tell what individual files are in it, unless you divulge > > that information in some other way. > > > One cool thing I saw about paranoid mode is it take into > account things in user directories that are not even user > data to begin with. so ya I back up other vms that way > especially templates, and especially vms with custom configs. > or vms with just alot of data in alot of diff folders out of > convenience. > > But for the vault I just do the single file. > > And so say if the database file is malware, what do you mean > by qvm-backup would prevent it? > > > > > Suppose you take your encrypted database file and store it > > somewhere (e.g., cloud storage, HDD in a safe deposit box). Suppose > > that an attacker secretly replaces that file with a malicious one > > without your knowledge. The next time you decrypt that database > > file, it silently compromises your client or VM and leaks your > > passphrases through side channels or does other nasty things. > > > > If you had instead backed up the entire VM with qvm-backup, you > > would immediately know, upon trying to restore from the backup, > > that it was not the same trusted file that you had originally > > created, since Qubes would inform you that the integrity and > > authenticity check had failed when you entered your passphrase. > > > > Now, if your password manager also uses authenticated encryption > > for its database files, then that's fine, but as far as I know, > > most don't. > > > And yes "rendering it useless by changing every password". > We are talking of the times you suspect it, have a hunch, if > you think you can never tell when you are compromised then > what else is there to go on? > > > > There's nothing wrong with acting on a hunch. In some cases, it may > > be obvious that a VM or whole system has been compromised, but > > there's no way to know for certain that a VM or whole system has > > *not* been compromised. > > > and what else can be done? > > > > > Use Qubes OS. Compartmentalize. Use Paranoid Mode. :) > > > > > > So you are saying qvm-backup will know if an attacker has switched > > up the backup file, which is well and good. But I'm assuming the vm > > or file is already compromised before backing it up in the first > > place. > > > > Oh, that's a quite a different scenario from what I had in mind, then. > > > Also apparently qvm-backup has not taken every file into account or > > there would be no need for paranoid mode. > > I think you might be misunderstanding Paranoid Mode. VMs that you > restore using Paranoid Mode may (still) be compromised. > > > I still believe having to only verify the integ
[qubes-users] Re: how to check integrity about DVD
On Tuesday, May 16, 2017 at 11:27:29 PM UTC-4, cooloutac wrote: > On Tuesday, May 16, 2017 at 5:42:16 PM UTC-4, hg...@e.shapoo.ch wrote: > > I verified signature about qubes ISO file by gpg.Then I burned it to DVD. > > But I can't trust that DVD was burned without corruption. > > So I want to verify integrity against the DVD too. > > > > Is someone know how to verify signature against DVD? > > > > > > At moment, I want my privacy to be protected. > > https://mytemp.email/ > > The option before you to verify integrity. Should do it it automatic if not > make sure it selected. I meant before you install in the options menu. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07c1a641-c2d6-4f70-894c-a46a9514212f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to check integrity about DVD
On Tuesday, May 16, 2017 at 5:42:16 PM UTC-4, hg...@e.shapoo.ch wrote: > I verified signature about qubes ISO file by gpg.Then I burned it to DVD. > But I can't trust that DVD was burned without corruption. > So I want to verify integrity against the DVD too. > > Is someone know how to verify signature against DVD? > > > At moment, I want my privacy to be protected. > https://mytemp.email/ The option before you to verify integrity. Should do it it automatic if not make sure it selected. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f907876-8282-4465-a72d-113a1fa44b0c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] how to check integrity about DVD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-05-16 16:42, h...@e.shapoo.ch wrote: > I verified signature about qubes ISO file by gpg.Then I burned it to DVD. > But I can't trust that DVD was burned without corruption. > So I want to verify integrity against the DVD too. > > Is someone know how to verify signature against DVD? > > > At moment, I want my privacy to be protected. > https://mytemp.email/ > I'm not aware of a method to gpg --verify an ISO directly from a DVD after it has been burned, but you can re-create the ISO from the DVD, [1] then gpg --verify the re-created ISO. [2] [1] https://www.thomas-krenn.com/en/wiki/Create_an_ISO_Image_from_a_source_CD_or_DVD_under_Linux [2] If you're worried that the re-created ISO might not truly represent what's on the DVD because you're worried that your software environment might be compromised and lying to you, then I'd point out that the same compromised software environment could also lie to you about the results of verifying the DVD directly. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJZG6pOAAoJENtN07w5UDAwf7YP/R3gWzc2mW6GVsq2844zpg89 HhoskgCi3MZF3pdMYMjnteW8JFLUZf2e8+ow4XWmVu8IevnbDucjEm7WvNV3YnDh D0HFy0e1eujnqi4gCtYqpHtV+kWZ+zMho+LX4Dq29y2FHEpdmFWSx3Ga6LLpMnSN uI2XmjVp8Vw1cxJGkch8hyDnAbVOOOAMdPN5XBy35OfsJUAutSxFua7p7uu7EBgb BV2syv1UE+9Hqcy32Pwd2dvOM3ltVfXj8POQ0sBBovpm4ujW0A/aCvKSsJvyOIi9 Z0PqpudpkoxcBxPSLa/oPor6S2UQqJJeLoRPxjFJWThrfNbwKO6kn9jAfJgmdTQ+ /IduIrLYTw2tOoGMn0Cknj9D6/Z4QUdXp94+bKT+hfNFpo1Fp74AAIrHuM1PW4iJ J8xVm+3OUywEYbhbqIdk4TakrmZR5QSJi6jKVwIJTPruxRIswRM5w/C66KSzrdmg wCtgH5Ac1HwRhvaJjG44+/CPLlJlJhQy1MhjIWWX+1FHULunNSJyJs0h56790MBA Pwrwml9ifjGHRDmrsZKfNydVm4FEvTIHWBLjSjEPjs3z3Brzak56Imw3j4WlxFYp wPfCLUBrUTgLXt+UEWixmzUHio79y/cmnzZASoGsDR4vcv9mIgsngNsC37Dgc50r AceMgYRugTRLgUiNaBA6 =xE79 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa0cecdd-df29-b31a-4928-1c8cee2f20ad%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-05-16 01:24, cooloutac wrote: > On Sunday, May 14, 2017 at 11:09:25 PM UTC-4, Andrew David Wong > wrote: On 2017-05-14 21:38, cooloutac wrote: On Sunday, May 14, 2017 at 3:48:04 PM UTC-4, Andrew David Wong wrote: >>> What do you mean? Are you suggesting that qvm-backup has "more attack vector" than an encrypted KeePassX (or whatever) database? Why? No, I think it's actually the opposite. An attacker could feed you a malformed database file, which you believe is your authentic database file. If it's not authenticated, you won't be able to tell. When you try to decrypt and open it with KeePassX, it could try to compromise KeePassX. qvm-backup is designed to protect against this class of attack. I'm not sure what you mean. If an attacker has a copy of your encrypted database and subsequently gets the key/passphrase to that database, she can then decrypt the database regardless of what you subsequently do. Are you saying that you would render the contents of the database worthless by changing every password stored in that database? How would you know to do this? Are you assuming that you'll somehow know the instant your database has been compromised? What if the attacker changes some or all of your passwords before you do? What if you have persistent passwords (e.g., not for online accounts) that can't be rendered useless in this way? Well if they can do that to one file, couldn't they do that to alot more others if backing up the whole vm? I would think one file is alot easier to check. Since that whole vaultvm is only dedicated to that one file for me anyways, and I don't have custom configs or scripts in it. > > No. With qvm-backup-restore, the entire backup blob is checked for > integrity and authenticity. That check will fail if any bit in the > blob has changed. Since the blob is encrypted, an attacker won't > be able to tell what individual files are in it, unless you divulge > that information in some other way. > One cool thing I saw about paranoid mode is it take into account things in user directories that are not even user data to begin with. so ya I back up other vms that way especially templates, and especially vms with custom configs. or vms with just alot of data in alot of diff folders out of convenience. But for the vault I just do the single file. And so say if the database file is malware, what do you mean by qvm-backup would prevent it? > > Suppose you take your encrypted database file and store it > somewhere (e.g., cloud storage, HDD in a safe deposit box). Suppose > that an attacker secretly replaces that file with a malicious one > without your knowledge. The next time you decrypt that database > file, it silently compromises your client or VM and leaks your > passphrases through side channels or does other nasty things. > > If you had instead backed up the entire VM with qvm-backup, you > would immediately know, upon trying to restore from the backup, > that it was not the same trusted file that you had originally > created, since Qubes would inform you that the integrity and > authenticity check had failed when you entered your passphrase. > > Now, if your password manager also uses authenticated encryption > for its database files, then that's fine, but as far as I know, > most don't. > And yes "rendering it useless by changing every password". We are talking of the times you suspect it, have a hunch, if you think you can never tell when you are compromised then what else is there to go on? > > There's nothing wrong with acting on a hunch. In some cases, it may > be obvious that a VM or whole system has been compromised, but > there's no way to know for certain that a VM or whole system has > *not* been compromised. > and what else can be done? > > Use Qubes OS. Compartmentalize. Use Paranoid Mode. :) > > > So you are saying qvm-backup will know if an attacker has switched > up the backup file, which is well and good. But I'm assuming the vm > or file is already compromised before backing it up in the first > place. > Oh, that's a quite a different scenario from what I had in mind, then. > Also apparently qvm-backup has not taken every file into account or > there would be no need for paranoid mode. I think you might be misunderstanding Paranoid Mode. VMs that you restore using Paranoid Mode may (still) be compromised. > I still believe having to only verify the integrity of a single > file is better then a whole vm. > Well, the backup is itself a single file. > Although this discussion makes me think maybe when loading the > possibly compromised keepassx file I should load it in a disposable > just to get the passwords, but not open it in the
[qubes-users] how to check integrity about DVD
I verified signature about qubes ISO file by gpg.Then I burned it to DVD. But I can't trust that DVD was burned without corruption. So I want to verify integrity against the DVD too. Is someone know how to verify signature against DVD? At moment, I want my privacy to be protected. https://mytemp.email/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494970932337-322211b7-79bd7da6-a7257b48%40e.shapoo.ch. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: strange behaviour: Win 7 HVM :: Excel working in Debug, but not in Seamless Mode
Am Dienstag, 16. Mai 2017 08:27:45 UTC+2 schrieb PR: > [...] > > I've also seen that my Outlook profile gets destroyed sometimes I seamless > mode. > I think that there is something wrong with the user folder redirection to a > private disk when working in seamless mode. > > C:\Users\MyUsername has a link to D:\ this has been done when installing > Qubes Tools. > I'll try to remove this redirection and keep all files within the windows > image (C:) to look if this produces another result. > > Any feedback on this topic would be very helpful. I think I damaged my windows HVM trying to uninstall and reinstall Qubes Tools. As I don't want to rebuild, I would to know how to proceed looking at the error messages from the Log files. In order to troubleshoot the problem with accessing files in my user folder when working in seamless mode, I have startet my windows HVM with a fedore iso and moves D:\Users back to C:\Users, so that all files are now located in the windows image, not the Qubes Private image file. I uninstalled Qubes Tools, rebooted and tried to reinstall but now the installr is stopping with the following error message: "The installer has encoutered an unexpected error installing this package This may indicate a problem with this package. The error code is 2753" In the log file I have a line: Error 0x80070643: Failed to install MSI package I have tried this various times, rebooted several times - still the same problem. I'm trying to install the same Qubes Tools Version I had installed before (Qubes Tools for Windows 3.2.2.3). Any hint what might be the problem - P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/453fb8b0-1b24-4791-8204-fd2649e985e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[hentsche...@gmail.com: Re: [qubes-users] Trusted PDF]
On Tue, May 16, 2017 at 10:21:37AM -0400, Chris Laprise wrote: > On 05/16/2017 10:06 AM, Chris Laprise wrote: > > On 05/15/2017 06:46 PM, Sam Hentschel wrote: > > > Hey All, > > > > > > Another question, why is it that the qvm-convert-pdf function returns a > > > file that is slgihtly fuzzy? > > > > > > I keep lots of copies of important documents that I want to convert to > > > secure pdfs since they don't need to have anything other than an image. > > > However, I need them to be as clear as possible so I can print them back > > > out as if they were the original. > > > > > > Using qvm-convert-pdf currently makes a really fuzzy copy. How can I > > > fix this (if at all)? > > > > > > > > > The line that does the rendering in qpdf-convert-server looks like this: > > > > pdftocairo $INPUT_FILE -png -f $PAGE -l $PAGE -singlefile $(basename > > $TEMP_PNG_FILE .png) > > > > No resolution is specified and the pdftocairo man page says the default > > res is 150 PPI. You could add the -r parameter for more resolution, > > though you may also have to adjust MAX_IMG_WIDTH and HEIGHT in > > qpdf-convert-client. > > > > I created a Qubes issue for this: > > https://github.com/QubesOS/qubes-issues/issues/2812 > > -- > > Chris Laprise, tas...@openmailbox.org > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Thanks, I was wondering if it was issue worthy or not. I didn't know if it was something that could be fixed. I may go ahead and try to patch qvm-convert-pdf then (if I have a free day or two) seems like it should be relatively easy (with the information you gave me). I feel I would just add the option to specify the resolution via a -r flag (or as part of the arguments), and still allow just the pdf for backwards compatability. -- Respectfully, Sam Hentschel FD6A 2998 5301 B440 D26B 7040 69D1 CE58 6FA5 BB5A -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170516170258.GB1011%40Personal-Email. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [qubes-users] Trusted PDF
As a workaround, I believe I have somehow converted the PDF for a larger paper (e.g. A4 instead of A3). I don't remember it much, though. Of course, the conversions should be done in some DVM. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a69cffc6-79ae-4446-82ae-cd97dc7dcf20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Games on Qubes + Whonix
Hello, The main issue with games on Qubes OS is it does not support GPU virtualization at all. So whatever you use (Whonix, Debian, Ubuntu, Fedora, Windows…), you'll get just software rendering. For 3D games, this limits performance very much. Maybe some systems will differ in performance of 3D rendering, but it will be probably far inferior performance. For example, I was able to run Smokin' Guns (quite old game) on quad-core Sandy bridge i7-2670QM CPU at 1600*900 with occasional lags and about 80% CPU load on all the cores. I was using Debian 9. On Windows 7, even the game menu was very laggy and totally unusable on the same hardware. You will probably also have issues with mouse input. The game cannot grab the mouse. As a workaround, you can use VNC on loopback and play with input proxy a bit. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/64e6be40-4198-4c5a-a244-2dad4bcde27f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trusted PDF
On 05/16/2017 10:06 AM, Chris Laprise wrote: On 05/15/2017 06:46 PM, Sam Hentschel wrote: Hey All, Another question, why is it that the qvm-convert-pdf function returns a file that is slgihtly fuzzy? I keep lots of copies of important documents that I want to convert to secure pdfs since they don't need to have anything other than an image. However, I need them to be as clear as possible so I can print them back out as if they were the original. Using qvm-convert-pdf currently makes a really fuzzy copy. How can I fix this (if at all)? The line that does the rendering in qpdf-convert-server looks like this: pdftocairo $INPUT_FILE -png -f $PAGE -l $PAGE -singlefile $(basename $TEMP_PNG_FILE .png) No resolution is specified and the pdftocairo man page says the default res is 150 PPI. You could add the -r parameter for more resolution, though you may also have to adjust MAX_IMG_WIDTH and HEIGHT in qpdf-convert-client. I created a Qubes issue for this: https://github.com/QubesOS/qubes-issues/issues/2812 -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c1b74af-5983-f99d-c8e8-a71d2815c091%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accessing available applications from CLI?
On Tue, 2017-05-16 at 06:26 -0700, Patrik Hagara wrote: > On Fri, 2017-05-12 at 08:39 +0200, Johannes Graumann wrote: > > Is there a way to use the CLI to > > > > 1) access what apps a VM has available > > You can find the .desktop files for all available > programs here: > > /var/lib/qubes/vm-templates//apps.templates/ > > > 2) which of them should be shown in the menue? > > And when you enable a particular app in an AppVM, the > .desktop file template is copied over to > > /var/lib/qubes/appvms//apps/ > > and all instances of %VMNAME% from the template's > .desktop file get replaced by the AppVM's name. > > Sadly, I am not aware of any "proper" Qubes CLI tool > to facilitate the above steps. You can, however, > launch the GUI version of app selector -- it's called > `qubes-vm-settings`, and optionally takes a VM name > and the settings tab name as arguments, eg: > > qubes-vm-settings personal applications Thank you for your insight. I was hoping for more comfortable CLI tools, as I am managing my entire setup using ansible ... I shall go and investigate the files you point out. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494950909.1714.1.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trusted PDF
On 05/15/2017 06:46 PM, Sam Hentschel wrote: Hey All, Another question, why is it that the qvm-convert-pdf function returns a file that is slgihtly fuzzy? I keep lots of copies of important documents that I want to convert to secure pdfs since they don't need to have anything other than an image. However, I need them to be as clear as possible so I can print them back out as if they were the original. Using qvm-convert-pdf currently makes a really fuzzy copy. How can I fix this (if at all)? The line that does the rendering in qpdf-convert-server looks like this: pdftocairo $INPUT_FILE -png -f $PAGE -l $PAGE -singlefile $(basename $TEMP_PNG_FILE .png) No resolution is specified and the pdftocairo man page says the default res is 150 PPI. You could add the -r parameter for more resolution, though you may also have to adjust MAX_IMG_WIDTH and HEIGHT in qpdf-convert-client. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9a4a257-f2a5-4914-9e72-c2a7a7a441b3%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Trusted PDF
On 05/16/2017 02:33 AM, Bernhard wrote: Hey All, Another question, why is it that the qvm-convert-pdf function returns a file that is slgihtly fuzzy? I keep lots of copies of important documents that I want to convert to secure pdfs since they don't need to have anything other than an image. However, I need them to be as clear as possible so I can print them back out as if they were the original. Using qvm-convert-pdf currently makes a really fuzzy copy. How can I fix this (if at all)? Hi Sam, I have no answer to this. Instead I add another remark. After conversion, I always do pdfimages infile outbase for file in outbase*; do convert $file $file.tif; done for file in outbase*; do tesseract $file $filep.pdf -l lang pdf; done pdftk cat outbase*.pdf cat output final.pdf which makes again a full-text searchable PDF. It looses 60% of its over-size at the same time. Bernhard Thanks for that tip. I wonder if anyone has looked at scraping the original text out of the pdf during conversion... returning it to the VM with only safe text allowed and then combining with the sanitized pdf. Qubes already has some text-sanitizing code, so the basic idea should be sound. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b847b1a1-a942-2f27-8d9a-900145a48118%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accessing available applications from CLI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 2017-05-12 at 08:39 +0200, Johannes Graumann wrote: > Is there a way to use the CLI to > > 1) access what apps a VM has available You can find the .desktop files for all available programs here: /var/lib/qubes/vm-templates//apps.templates/ > 2) which of them should be shown in the menue? And when you enable a particular app in an AppVM, the .desktop file template is copied over to /var/lib/qubes/appvms//apps/ and all instances of %VMNAME% from the template's .desktop file get replaced by the AppVM's name. Sadly, I am not aware of any "proper" Qubes CLI tool to facilitate the above steps. You can, however, launch the GUI version of app selector -- it's called `qubes-vm-settings`, and optionally takes a VM name and the settings tab name as arguments, eg: qubes-vm-settings personal applications HTH - -- Patrik -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJZGv3sAAoJEFwecd8DH5rl/asQAIFw77Bwcn2K6Wj09lDEXbaW IhyZ1+J8Sw7kdeYmdeXfHIYijyrc9wIYdSjhCqiyrNw65uZ6RuW78dp/x26t3uMj 8krSDHX0AA8Bykj2wBZ+SjEGQUPXSZEiIE+MZiydRbzv7elSrpepSprdujur9oWe /MRqLaNjI8OHvVWfWJ3r0arIecPvqzAtjx+N72WAGMWNTjwWp0AmaHbicoFeNM+N sTb6Ej464jNfA52fTGnEhrxXzAI1xG0FbQ7JB9YAy6zT07/ELRmHSic4t/S+gGFc b8YBx87TucJRNoVwUUoTMN3IrVlgOotDMn0ABXEPK0c4urbMHvjCr29ucYmLY4o7 mWKtH7cmMaT6sCeDQlitLn1CC/b7coq0zAKe/bzBL1wKAEwj1C5AfP/jdgqd89D7 //Z1evBctlxoez18gtjhgBqv5sRtnCG6tm1YyiPdi/ZFxyvvnkiv07KyQz/oUYBn KnJ7R0kYXa2BMTJV3PaNRX6uLTVxqtybCdcZJxTuQHu7XIRVm+Dgir8wtrfXdwt0 Zb4N8xnHAGQg+wfkz4045ooOKsfNU1M5UcO2zfCiMallGzqpB1Bkv4UMv22Kkb8Y NguSy2rfFnVr0qtRGHIYt07OH/O3eps31eBaLfDM5kcyhlK11h3UGXkzEnwVJBZI PoLqXt6gqZJEK4naAFnB =lqg8 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/606bf98f-acfa-41a9-a3fe-dd4bb02da7b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Accessing available applications from CLI?
On Fri, 2017-05-12 at 08:39 +0200, Johannes Graumann wrote: > Hi, > > Is there a way to use the CLI to > > 1) access what apps a VM has available > > and > > 2) which of them should be shown in the menue? > > Sincerely, Joh > No insight, anybody? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1494947077.1740.0.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to Open Keepass (locates in vault AppVM) in a disposable AppVM
'PR' via qubes-users [2017-05-16 11:01 +0200]: > I am able to launch Keepass from my vault AppVM: > > [user@vault ~] qvm-run '$dispvm' keepass > > this opens up keepass in a new disposable App VM. > How can I pass my keepass file to this AppVM, so that it will be opened. "qvm-open-in-dvm path/to/file.kdbx" to open in a new DispVM "qvm-open-in-vm vmname path/to/file.kdbx" to open existing VM. But why would you want to open your Keepass file in another VM? You can copy any text (username, password, ...) from one VM's clipboard to the Qubes clipboard with ctrl+shift+c and move it from there to another VM's clipboard with ctrl+shift+v. -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170516112340.5j2v2wzaa6qmw5ax%40bestemt.no. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
'Piit' via qubes-users [2017-05-16 10:49 +0200]: > qubes-pass brought my attention to pass(wordstore) which I haven't > heard of before. I've setup pass in my vault AppVM, which I am > currently using to host my credentials with Keepass. This works quit > well, even, when this involves some Copy&Paste. Use the -c flag to copy the first line of a pass file (usually the password) to the clipboard (e.g. "pass -c somedirectory/somepassfile"). Then copy the contents of the clipboard to the Qubes clipboard with ctrl+shift+C. > Testing out pass I realized that pass can only store username & > passwords but no other information. Often I want to store username + > password + emailadress (which I have used during registration) and > maybe additional information like a comment with a customer nr. > > Can this be done with pass or a workarround which is using pass to > store the credentials and store the metadata at another location. I'd > like to keep all information together. Yes. "pass edit somedirectory/somepassfile" opens that file in your default text editor. You can add as much information as you like. See "Data Organization" on https://www.passwordstore.org/. -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170516111904.jxvilgw6xbehkkjz%40bestemt.no. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to Open Keepass (locates in vault AppVM) in a disposable AppVM
Hello, I tried to open my Keepass file which is located in my vault app vm in a disposale AppVM. I am able to launch Keepass from my vault AppVM: [user@vault ~] qvm-run '$dispvm' keepass this opens up keepass in a new disposable App VM. How can I pass my keepass file to this AppVM, so that it will be opened. I tried... [user@vault ~] qvm-run '$dispvm' keepass /home/user/Documents/MyKeepass.kdbx ... but this didn't worked. Does this approach offers any additional benefits then running applications within vault? - P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e81a8cc8-ae29-4b4d-8a22-2e45ab809e7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows VM hangs at first install from USB
Hi again, I just created a template VM and want to start it with an windows iso file. I copied the iso on a USB and inserted it in the Computer. I mounted the usb to /media/usb. Now i used the command: qvm-start [qube-name] --cdrom=.. path to iso. Then the VM started and then it hangs at Starting Windows. I don't see the windows logo yet. Does anyone know what is happening? Greetz, Sander -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25f745bf-65d0-46ef-b806-b8274acad2f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
Hello, maybe somewhat off-topic, but the question came up after following this topic. Am Sonntag, 7. Mai 2017 16:50:35 UTC+2 schrieb Manuel Amador (Rudd-O): > Building on the excellent pass (https://passwordstore.org), it gives me > great pleasure to announce the initial release of qubes-pass — an > inter-VM password manager and store for Qubes OS. > > Check it out here! > > https://github.com/Rudd-O/qubes-pass qubes-pass brought my attention to pass(wordstore) which I haven't heard of before. I've setup pass in my vault AppVM, which I am currently using to host my credentials with Keepass. This works quit well, even, when this involves some Copy&Paste. Testing out pass I realized that pass can only store username & passwords but no other information. Often I want to store username + password + emailadress (which I have used during registration) and maybe additional information like a comment with a customer nr. Can this be done with pass or a workarround which is using pass to store the credentials and store the metadata at another location. I'd like to keep all information together. - P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9931d609-9d7b-480e-aa9d-989eb92187ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows Disposable VM
Hi People! I'm busy trying to make a Windows disposable VM. Well i'm now writing this post so, i can't get it to work.. Does anyone know if it is possible to make a Windows disposable VM? I'd like to hear from you. Greetz Sander. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40be7714-edc8-45c9-8106-3122486f426f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.