Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-12 Thread Matteo

> It looks like fullscreen can't do "attacks" on dom0 and other VM's,
but it can do something like keylogging, just visually from the screen
instead, perhaps something akin to taking frequent light sized
screenshots and then sending the screenshots over the internet.

This is possible both if the VM is in full screen mode or "small/normal"
mode. The vm can also key log the keyboard but only for keys sent to
that vm (so only while it is focused).
(while on a normal pc the kwylogger would be for the whole pc, here an
infected vm can keylog itself).

> But this is supposedly only a problem if fullscreen can be executed
from within the VM itself, so as long as the "controls" for fullscreen
remains in a secure domain, such as dom0 keybinds, it should remain
safe, as the moment you use dom0  to stop fullscreen, the VM has no
means to keep up its attack to keylog screenshots. I suppose that's what
is meant by these words, maybe there is more to it. But it seems quite
harmful if you don't mind an attacker knowing what movies you are
watching, and even then, in this case it probably makes no difference if
using fullscreen or not anyhow, as the non-fullscreen can be keylogged
as well. So I suppose, as long you don't do anything in other windows,
that has sensitive information, while you use fullscreen, we're safe.
>
> Unless I've misunderstood something?
>
The vm can go fullscreen if you allow it from vm permissions, (just
click youtube fullscreen button).

The problem is NOT if a vm can keylog (byscreenshot or by keyboard), if
you open a virus a vm can keylog in both ways both if is fullscreen or not.

the problem is HOW do you know in which vm you are?
if you are not in fullscreen mode is as easy as watch the window title.
but if is in fullscreen mode you can't tell where you are.
and what if the vm draw a fake start menu?
take this for example:
https://textslashplain.com/2017/01/14/the-line-of-death/
go down you will see a fake paypal window inside the real browser.
but that is not a paypal browser window on chrome, is a photo in the
website!
that is the problem that qubes aim to solve by preventing fullscreen.
attacking qubes is not easy as the attacker to simulate your desktop
must know what background and installed apps you have, what are your
template and vm names.

note that (unlike normal pc windows/linux) in qubes if you have an
infected vm with keylogger you don't care very much if you insert
sensitive data in other vm it will not be keylogged.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6635d1e-dcc5-8e5b-a44a-f70be0b28315%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha

@awokd
On Sunday, February 11, 2018 at 1:37:58 PM UTC+1, awokd wrote:
> On Sun, February 11, 2018 12:01 pm, Yuraeitha wrote:
> 
> > Quote:
> > "Why is full screen mode potentially dangerous?
> > If one allowed one of the VMs to “own” the full screen, e.g. to show a
> > movie on a full screen, it might not be possible for the user to know if
> > the applications/VM really “released” the full screen, or if it has
> > started emulating the whole desktop and is pretending to be the trusted
> > Window Manager, drawing shapes on the screen that look e.g. like other
> > windows, belonging to other domains (e.g. to trick the user into entering
> > a secret passphrase into a window that looks like belonging to some
> > trusted domain)." /quote-end.
> 
> I think this is saying that when you run an application full screen, it
> could pretend to act like Qubes and draw fake applications to trick you
> into thinking you weren't running the application any more, but your
> desktop.
> 
> It shouldn't have any access to other windows though, even in full screen.

Indeed, it seems like this must be the case. If so, it seems to be a case where 
an attacker needs to fill in potentially lacking information to pull off an 
attack on the screen, in order to social engineer and trick people into typing 
sensitive information on the screen in a fake window.

Still though, this is completely undone if the control of the screen is taken 
back by dom0. So it should be impossible to do this once fullscreen is 
withdrawn, which usually happens when a person stops watching a movie or stream.

- I suppose it can still be harmful if alt+tab out of fullscreen without 
stopping fullscreen.
- or if a legit popup of whatever kind appears and a person forgets about the 
fullscreen in the background and leaves it running. 
- or if multiple of monitors, and its fullscreen on one of them, can it then 
reach the other monitors? 

But is it really like this though? How does it work here, does a fullscreen 
still have control of the fullscreen if it's put in the background behind other 
non-fullscreen windows? In this case, if true, it would give an attacker the 
ability to control the screen and make whatever appear on it, even if it's in 
the background or maybe even if on another screen while working on a second 
screen. Would an attacker be able to make changes to the work screen which 
isn't in fullscreen mode?

But I suppose whichever case it is, it hardly matters if a person always 
remembers to take back fullscreen with action from dom0, so that the AppVM 
looses its ability irregardless of what kind of attack is going on in the 
AppVM. 

But it would be interesting to know if a fullscreen window can keep drawing 
pixels on the screen, even if it's for whatever odd reason has been put in the 
background etc. while still in fullscreen mode.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adcb7955-0d80-4c14-bc65-e605c5f0d0fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread 'awokd' via qubes-users
On Sun, February 11, 2018 12:01 pm, Yuraeitha wrote:

> Quote:
> "Why is full screen mode potentially dangerous?
> If one allowed one of the VMs to “own” the full screen, e.g. to show a
> movie on a full screen, it might not be possible for the user to know if
> the applications/VM really “released” the full screen, or if it has
> started emulating the whole desktop and is pretending to be the trusted
> Window Manager, drawing shapes on the screen that look e.g. like other
> windows, belonging to other domains (e.g. to trick the user into entering
> a secret passphrase into a window that looks like belonging to some
> trusted domain)." /quote-end.

I think this is saying that when you run an application full screen, it
could pretend to act like Qubes and draw fake applications to trick you
into thinking you weren't running the application any more, but your
desktop.

It shouldn't have any access to other windows though, even in full screen.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f64fad8b4037175a038e0b210a1c883.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
One example of usefulness is taking Qubes and turn it into a SmartTV. While 
Qubes isn't designed for this, in this age with screens having microphones and 
webcames, voice control, and what not, I do prefer to simply make sure 
SmartTV's have no internet access, and then install a secure OS like Qubes OS 
on a small computer. This is what I helped do for my friend and why I was 
looking for this command.

Essentially most controls is done with a mouse and a remote keypad. Keyboard is 
kept hidden away unless needed for updates and so on. But the idea is to easy 
put Streaming videos on fullscreen, in order to use Qubes as a secure SmartTV.

The keybind can be useful elsewhere I'm sure, it's just about being creative. 
Also now that I have the command available, I changed it to a more convenient 
key on my own Qubes system now that I had the command available.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06028041-d068-4d0a-a041-888bcd8ffc89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
@Matteo

On Sunday, February 11, 2018 at 9:18:16 AM UTC+1, Matteo wrote:
> > Does anyone know the 'alt+space+f'(fullscreen) command, or where to find 
> > it? Or are there none available in /bin /usr/bin or similar?
> 
> i think that you have to press that keys on the keyboard, is not a
> terminal command (in fact you can't find in /usr/bin)
> 
> if you press alt+space bar a menu should pop up, the same menu can be
> seen by clicking in the title bar of the window, from there you can see
> maximize, minimize, close, and probably also fullscreen that can be
> quickly selected with f.
> 
> note that qubes by default doesn't allow fullscreen, unless you enable
> it. also usually websites and programs have a easily accessible
> fullscreeen button (youtube).
> 
> but i'm not sure about what you want to do.
> hope it helps

Your words about security kept nagging at me on repeat, so I had a second look 
at what is written about the security topic of fullscreen. It's slightly 
different from what I remember, but it doesn't seem like it can expose dom0 and 
other VM's still though, but may still be harmful indeed. 

Quote: 
"Why is full screen mode potentially dangerous?
If one allowed one of the VMs to “own” the full screen, e.g. to show a movie on 
a full screen, it might not be possible for the user to know if the 
applications/VM really “released” the full screen, or if it has started 
emulating the whole desktop and is pretending to be the trusted Window Manager, 
drawing shapes on the screen that look e.g. like other windows, belonging to 
other domains (e.g. to trick the user into entering a secret passphrase into a 
window that looks like belonging to some trusted domain)." /quote-end.

It looks like fullscreen can't do "attacks" on dom0 and other VM's, but it can 
do something like keylogging, just visually from the screen instead, perhaps 
something akin to taking frequent light sized screenshots and then sending the 
screenshots over the internet.

But this is supposedly only a problem if fullscreen can be executed from within 
the VM itself, so as long as the "controls" for fullscreen remains in a secure 
domain, such as dom0 keybinds, it should remain safe, as the moment you use 
dom0  to stop fullscreen, the VM has no means to keep up its attack to keylog 
screenshots. I suppose that's what is meant by these words, maybe there is more 
to it. But it seems quite harmful if you don't mind an attacker knowing what 
movies you are watching, and even then, in this case it probably makes no 
difference if using fullscreen or not anyhow, as the non-fullscreen can be 
keylogged as well. So I suppose, as long you don't do anything in other 
windows, that has sensitive information, while you use fullscreen, we're safe. 

Unless I've misunderstood something?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7cacb64f-6e72-4e17-8340-0c48344dfaf1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
On Sunday, February 11, 2018 at 11:09:39 AM UTC+1, donoban wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Have you tried 'alt+F11' on XFCE?
> 
> It's default hotkey in XFCE for fullscreen and you can modify it using
> configuration editor.
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqAFlcACgkQFBMQ2OPt
> CKXVORAAn/Y8CO2whwLHDAZhSr/1dPpk4aWvS6elpcEA8eO1ahfPOCLVrchbye0I
> 4BN42XHfUEDfzzquiYu57nO0k6KoNWrvaoe4DlywaQ1ZC38mPEPpu0CGrknxGoLY
> EWMiWHL3pMEflZPzUEJXFYAbgHEsWOyihaLkv8ofKHWxIhnMkTEmqwwxIiW0TCdo
> hFuejDuSTWC4z+aBOwGHOs9y7wlzo4FknJpEL3FOA4A4qDQZmGHzuKjDqi09h1Ac
> anuGOL8Y0eYt/fhJjeOhLsKpv1oaEDDs8pHHted3385U6OSdjlPeVHN4GgAOdNxu
> GcsfMdPWBZgNUj9pZTIJlXOSTlqwpExU/ateBOKMbauATeZ7iGIXO6XsM3kT1Uvw
> ss/AIEQ3qkXlcueOO6XsCpY+AiOmoNJ/p7CVn58TBBW42w/3x4XLXTwLOK8scnLn
> /2Yw/chFWlzLsTozFZC84ARtUHo0Sb3z/FqeQocc+77QCxgNhYfm/WCig6crcCLV
> LFF8n4pZY8mOPQEwEQWjoJADH1mcU0OcJA7cqQkYAms4w8xIcPH4/iIHN3x4FK5j
> XqQTQ7QdBVCdAkP/ssntQS4lQzn8XKKK9Vlo1bk0oFKMPASJScN/O8ZzYi5EtJDW
> BLrornMjWqf+5YD8TAd/OJfB42oY2bWUyWp384i8EBQc1dm/FVQ=
> =7znw
> -END PGP SIGNATURE-

I didn't know alt+f11 could do that too, definitely good to know. 

I've already found a fix btw, I'm not sure if you read my post above or is just 
providing extra info. I apologize if I wrote a bit too much to make it a TL:DR, 
I understand if so. I'll put a TL:DR version below.

(Must be scripted and keybinded to work something else than the terminal).
wmctrl -r :ACTIVE: -b toggle,fullscreen 

or 

(Must be scripted together to chain both commands and keybinded to use on a 
focused window).
xdotool key space+alt
xdotool key f 

Both will do exactly what alt+space+f or alt+f11, but usefulness is that it can 
be keybinded to whichever keybind, in particular useful if not having a 
keyboard available or if seeking easier keybind choices, whatever ones needs 
may be.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f42dd524-27e7-4be6-bf98-67d60f4c83bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread donoban
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Have you tried 'alt+F11' on XFCE?

It's default hotkey in XFCE for fullscreen and you can modify it using
configuration editor.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqAFlcACgkQFBMQ2OPt
CKXVORAAn/Y8CO2whwLHDAZhSr/1dPpk4aWvS6elpcEA8eO1ahfPOCLVrchbye0I
4BN42XHfUEDfzzquiYu57nO0k6KoNWrvaoe4DlywaQ1ZC38mPEPpu0CGrknxGoLY
EWMiWHL3pMEflZPzUEJXFYAbgHEsWOyihaLkv8ofKHWxIhnMkTEmqwwxIiW0TCdo
hFuejDuSTWC4z+aBOwGHOs9y7wlzo4FknJpEL3FOA4A4qDQZmGHzuKjDqi09h1Ac
anuGOL8Y0eYt/fhJjeOhLsKpv1oaEDDs8pHHted3385U6OSdjlPeVHN4GgAOdNxu
GcsfMdPWBZgNUj9pZTIJlXOSTlqwpExU/ateBOKMbauATeZ7iGIXO6XsM3kT1Uvw
ss/AIEQ3qkXlcueOO6XsCpY+AiOmoNJ/p7CVn58TBBW42w/3x4XLXTwLOK8scnLn
/2Yw/chFWlzLsTozFZC84ARtUHo0Sb3z/FqeQocc+77QCxgNhYfm/WCig6crcCLV
LFF8n4pZY8mOPQEwEQWjoJADH1mcU0OcJA7cqQkYAms4w8xIcPH4/iIHN3x4FK5j
XqQTQ7QdBVCdAkP/ssntQS4lQzn8XKKK9Vlo1bk0oFKMPASJScN/O8ZzYi5EtJDW
BLrornMjWqf+5YD8TAd/OJfB42oY2bWUyWp384i8EBQc1dm/FVQ=
=7znw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d2a0bd6-dc7b-b18e-017f-def9c3e3f05b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
On Sunday, February 11, 2018 at 9:51:56 AM UTC+1, Yuraeitha wrote:
> On Sunday, February 11, 2018 at 9:18:16 AM UTC+1, Matteo wrote:
> > > Does anyone know the 'alt+space+f'(fullscreen) command, or where to find 
> > > it? Or are there none available in /bin /usr/bin or similar?
> > 
> > i think that you have to press that keys on the keyboard, is not a
> > terminal command (in fact you can't find in /usr/bin)
> > 
> > if you press alt+space bar a menu should pop up, the same menu can be
> > seen by clicking in the title bar of the window, from there you can see
> > maximize, minimize, close, and probably also fullscreen that can be
> > quickly selected with f.
> > 
> > note that qubes by default doesn't allow fullscreen, unless you enable
> > it. also usually websites and programs have a easily accessible
> > fullscreeen button (youtube).
> > 
> > but i'm not sure about what you want to do.
> > hope it helps
> 
> In Qubes 4 I never had to enable it btw, oddly, it just works. 
> 
> I've solved the problem since posting, I was looking the entirely wrong place 
> all along, but new ideas for clues came along after I had posted. So I 
> deleted the topic since it had no views/posts at the time anyway and was 
> resolved. But it seems it wasn't deleted after all x) But thinking it over 
> again, perhaps this can help others looking to solve this too.
> 
> I've found two methods to solve it, although the second is only half solved. 
> It was a bit like treasure hunting, here's the results.
> 
> 1'st approach:
> wmctrl -r :ACTIVE: -b toggle,fullscreen 
> If this is written in dom0 terminal, or any AppVM terminal, then the window 
> will go fullscreen. This is the one one may want if keybinding, and pressing 
> an active keybind while another window of choice is active. Write a .sh 
> script file in dom0, and save the command. Then it's just a matter of using 
> dom0 keybinding to activate it. Which gives much more flexibility to 
> alt+space+f, for example changing it to alt+f or numpad at the other side of 
> the room for remote pre-configured controls, i.e. using Qubes as a large 
> screen on a distance. It has many uses, just use ones own imagination to find 
> one. Also I believe this is the command Qubes uses internally when pressing 
> alt+space+f, but I did not manage to confirm that. Also another variant is to 
> use; 
> wmctrl -r :SELECT: -b toggle,fullscreen 
> This variant essentially turns ones mouse into a click to fullscreen 
> whichever window one may pick with the mouse. One can still keyboard alt+tab 
> between windows, without loosing the pointer to click, if the window is 
> buried under the other windows. But for keybinding purposes, the ACTIVE 
> variant is better suited than SELECT, at least for my own needs.
> 
> 2'nd approach:
> This is only half solving the problem, but simply writing in dom0, 'xdotool 
> key alt+space' will bring up the XFWM4 popup menu, though I did not find a 
> way to "chain it" to then select the last key, "f". But since I had the above 
> solution already, I did not venture deeper to solve it, it needs the last 
> step if anyone wants to use this approach. I'm personally content with the 
> 1st approach though, it solves everything for my own needs.
> 
> 
> On the security side of things, then dom0 controlled fullscreen "should" be 
> fine, for as long it stays in the control of dom0, and not the VM. If the VM 
> can change the fullscreen, it's my understanding it can exploit the user in 
> social hacking. But if you control which VM has access to fullscreen, then 
> you can also limit this issue, and are less likely to fall victim. That's my 
> understanding, it may be I misunderstood the attack vector, but I think its 
> correctly understood. The reason full-screen is bad, as I've understood it, 
> is that social hacking can happen when you least expect it, so if you 
> manually enter fullscreen, for a VM with limited and locked-down purposes, 
> i.e. heavily firewalled with one of few purposes to the internet, then you're 
> much less likely to fall victim to screen social hacks. Do feel free to 
> correct me if I'm wrong about that, though, I don't think the security is any 
> different than using alt+space+f, since it's essentially the same thing, and 
> also controlled from dom0.

Just got a new idea to solve the 2nd approach of the two to archive the same 
result (ironically after I posted the above, this seems to be a theme laltely 
>.<). But now both approaches works, whichever one prefers over the other.

write a .sh script and put in;
xdotool key space+alt
xdotool key f 

That's it, it was surprisingly simple to fix, it works smoothly like wmctrl 
does too. 

If anyone wants to do this themselves, then remember to change executable and 
owner if you accidentally wrote it in sudo for root ownership of the file you 
put in the home folder. 

sudo chown your-username '/path-to-script.sh'
chmod +x '/path-to-script.sh'

Then keybind your script, but remember 

Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
On Sunday, February 11, 2018 at 9:51:56 AM UTC+1, Yuraeitha wrote:
> On Sunday, February 11, 2018 at 9:18:16 AM UTC+1, Matteo wrote:
> > > Does anyone know the 'alt+space+f'(fullscreen) command, or where to find 
> > > it? Or are there none available in /bin /usr/bin or similar?
> > 
> > i think that you have to press that keys on the keyboard, is not a
> > terminal command (in fact you can't find in /usr/bin)
> > 
> > if you press alt+space bar a menu should pop up, the same menu can be
> > seen by clicking in the title bar of the window, from there you can see
> > maximize, minimize, close, and probably also fullscreen that can be
> > quickly selected with f.
> > 
> > note that qubes by default doesn't allow fullscreen, unless you enable
> > it. also usually websites and programs have a easily accessible
> > fullscreeen button (youtube).
> > 
> > but i'm not sure about what you want to do.
> > hope it helps
> 
> In Qubes 4 I never had to enable it btw, oddly, it just works. 
> 
> I've solved the problem since posting, I was looking the entirely wrong place 
> all along, but new ideas for clues came along after I had posted. So I 
> deleted the topic since it had no views/posts at the time anyway and was 
> resolved. But it seems it wasn't deleted after all x) But thinking it over 
> again, perhaps this can help others looking to solve this too.
> 
> I've found two methods to solve it, although the second is only half solved. 
> It was a bit like treasure hunting, here's the results.
> 
> 1'st approach:
> wmctrl -r :ACTIVE: -b toggle,fullscreen 
> If this is written in dom0 terminal, or any AppVM terminal, then the window 
> will go fullscreen. This is the one one may want if keybinding, and pressing 
> an active keybind while another window of choice is active. Write a .sh 
> script file in dom0, and save the command. Then it's just a matter of using 
> dom0 keybinding to activate it. Which gives much more flexibility to 
> alt+space+f, for example changing it to alt+f or numpad at the other side of 
> the room for remote pre-configured controls, i.e. using Qubes as a large 
> screen on a distance. It has many uses, just use ones own imagination to find 
> one. Also I believe this is the command Qubes uses internally when pressing 
> alt+space+f, but I did not manage to confirm that. Also another variant is to 
> use; 
> wmctrl -r :SELECT: -b toggle,fullscreen 
> This variant essentially turns ones mouse into a click to fullscreen 
> whichever window one may pick with the mouse. One can still keyboard alt+tab 
> between windows, without loosing the pointer to click, if the window is 
> buried under the other windows. But for keybinding purposes, the ACTIVE 
> variant is better suited than SELECT, at least for my own needs.
> 
> 2'nd approach:
> This is only half solving the problem, but simply writing in dom0, 'xdotool 
> key alt+space' will bring up the XFWM4 popup menu, though I did not find a 
> way to "chain it" to then select the last key, "f". But since I had the above 
> solution already, I did not venture deeper to solve it, it needs the last 
> step if anyone wants to use this approach. I'm personally content with the 
> 1st approach though, it solves everything for my own needs.
> 
> 
> On the security side of things, then dom0 controlled fullscreen "should" be 
> fine, for as long it stays in the control of dom0, and not the VM. If the VM 
> can change the fullscreen, it's my understanding it can exploit the user in 
> social hacking. But if you control which VM has access to fullscreen, then 
> you can also limit this issue, and are less likely to fall victim. That's my 
> understanding, it may be I misunderstood the attack vector, but I think its 
> correctly understood. The reason full-screen is bad, as I've understood it, 
> is that social hacking can happen when you least expect it, so if you 
> manually enter fullscreen, for a VM with limited and locked-down purposes, 
> i.e. heavily firewalled with one of few purposes to the internet, then you're 
> much less likely to fall victim to screen social hacks. Do feel free to 
> correct me if I'm wrong about that, though, I don't think the security is any 
> different than using alt+space+f, since it's essentially the same thing, and 
> also controlled from dom0.

"or any AppVM terminal" scratch those 4 words out, I don't know why I wrote 
these, when its neither feasible nor secure to do it inside an AppVM <.< but it 
of course only works in dom0 terminal from a technical/practical perspective 
too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85a01587-3aff-4002-8db1-53ff290ff20a%40googlegroups.com.
For more 

Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Yuraeitha
On Sunday, February 11, 2018 at 9:18:16 AM UTC+1, Matteo wrote:
> > Does anyone know the 'alt+space+f'(fullscreen) command, or where to find 
> > it? Or are there none available in /bin /usr/bin or similar?
> 
> i think that you have to press that keys on the keyboard, is not a
> terminal command (in fact you can't find in /usr/bin)
> 
> if you press alt+space bar a menu should pop up, the same menu can be
> seen by clicking in the title bar of the window, from there you can see
> maximize, minimize, close, and probably also fullscreen that can be
> quickly selected with f.
> 
> note that qubes by default doesn't allow fullscreen, unless you enable
> it. also usually websites and programs have a easily accessible
> fullscreeen button (youtube).
> 
> but i'm not sure about what you want to do.
> hope it helps

In Qubes 4 I never had to enable it btw, oddly, it just works. 

I've solved the problem since posting, I was looking the entirely wrong place 
all along, but new ideas for clues came along after I had posted. So I deleted 
the topic since it had no views/posts at the time anyway and was resolved. But 
it seems it wasn't deleted after all x) But thinking it over again, perhaps 
this can help others looking to solve this too.

I've found two methods to solve it, although the second is only half solved. It 
was a bit like treasure hunting, here's the results.

1'st approach:
wmctrl -r :ACTIVE: -b toggle,fullscreen 
If this is written in dom0 terminal, or any AppVM terminal, then the window 
will go fullscreen. This is the one one may want if keybinding, and pressing an 
active keybind while another window of choice is active. Write a .sh script 
file in dom0, and save the command. Then it's just a matter of using dom0 
keybinding to activate it. Which gives much more flexibility to alt+space+f, 
for example changing it to alt+f or numpad at the other side of the room for 
remote pre-configured controls, i.e. using Qubes as a large screen on a 
distance. It has many uses, just use ones own imagination to find one. Also I 
believe this is the command Qubes uses internally when pressing alt+space+f, 
but I did not manage to confirm that. Also another variant is to use; 
wmctrl -r :SELECT: -b toggle,fullscreen 
This variant essentially turns ones mouse into a click to fullscreen whichever 
window one may pick with the mouse. One can still keyboard alt+tab between 
windows, without loosing the pointer to click, if the window is buried under 
the other windows. But for keybinding purposes, the ACTIVE variant is better 
suited than SELECT, at least for my own needs.

2'nd approach:
This is only half solving the problem, but simply writing in dom0, 'xdotool key 
alt+space' will bring up the XFWM4 popup menu, though I did not find a way to 
"chain it" to then select the last key, "f". But since I had the above solution 
already, I did not venture deeper to solve it, it needs the last step if anyone 
wants to use this approach. I'm personally content with the 1st approach 
though, it solves everything for my own needs.


On the security side of things, then dom0 controlled fullscreen "should" be 
fine, for as long it stays in the control of dom0, and not the VM. If the VM 
can change the fullscreen, it's my understanding it can exploit the user in 
social hacking. But if you control which VM has access to fullscreen, then you 
can also limit this issue, and are less likely to fall victim. That's my 
understanding, it may be I misunderstood the attack vector, but I think its 
correctly understood. The reason full-screen is bad, as I've understood it, is 
that social hacking can happen when you least expect it, so if you manually 
enter fullscreen, for a VM with limited and locked-down purposes, i.e. heavily 
firewalled with one of few purposes to the internet, then you're much less 
likely to fall victim to screen social hacks. Do feel free to correct me if I'm 
wrong about that, though, I don't think the security is any different than 
using alt+space+f, since it's essentially the same thing, and also controlled 
from dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e3d8c54-6940-4c1a-830a-807ad76c897c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Matteo

> Does anyone know the 'alt+space+f'(fullscreen) command, or where to find it? 
> Or are there none available in /bin /usr/bin or similar?

i think that you have to press that keys on the keyboard, is not a
terminal command (in fact you can't find in /usr/bin)

if you press alt+space bar a menu should pop up, the same menu can be
seen by clicking in the title bar of the window, from there you can see
maximize, minimize, close, and probably also fullscreen that can be
quickly selected with f.

note that qubes by default doesn't allow fullscreen, unless you enable
it. also usually websites and programs have a easily accessible
fullscreeen button (youtube).

but i'm not sure about what you want to do.
hope it helps

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73852f83-babb-e8e8-afed-072ce052612d%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-10 Thread Yuraeitha

Does anyone know the 'alt+space+f'(fullscreen) command, or where to find it? Or 
are there none available in /bin /usr/bin or similar?

Maybe an approach to change the keybind if the command is not available?

Much appreciated, 
Yu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c45bafc-a754-4f16-a635-c0fc39122a9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.