| 1 |
Am Sun, 19 Mar 2017 11:35:44 +0100 |
| 2 |
schrieb tuxic@××××××.de: |
| 3 |
|
| 4 |
> On 03/19 11:20, Kai Krakow wrote: |
| 5 |
> > Am Sun, 19 Mar 2017 09:57:22 +0100 |
| 6 |
> > schrieb tuxic@××××××.de: |
| 7 |
> > |
| 8 |
> > > On 03/19 09:37, Kai Krakow wrote: |
| 9 |
> [...] |
| 10 |
> [...] |
| 11 |
> [...] |
| 12 |
> [...] |
| 13 |
> [...] |
| 14 |
> > > |
| 15 |
> > > Hi Kai (that's a rhyme! :) |
| 16 |
> > |
| 17 |
> > Yeah, I know that one... If you are from Germany, you'll also get |
| 18 |
> > why my former nick (some years ago) was "Shark" :-) |
| 19 |
> > |
| 20 |
> > > I have installed Virtualbox already and use the Linux Image I |
| 21 |
> > > installed there for banking purposes only. Feels more secure. |
| 22 |
> > |
| 23 |
> > So something like application virtualization... You could maybe run |
| 24 |
> > in an isolated container, only exposing the xserver or run inside a |
| 25 |
> > nested xserver. It would probably greatly reduce startup times and |
| 26 |
> > not waste a complete image. |
| 27 |
> > |
| 28 |
> > > I would prefer the WIndows-in-a-(virtual)box-solution) as you |
| 29 |
> > > do -- if I would own a Windows installation disc. But do not. |
| 30 |
> > |
| 31 |
> > Well, you can easily get an image from MS using a Linux browser. |
| 32 |
> > Just go to the Windows 10 download page. It will show a selection |
| 33 |
> > form to choose the ISO instead of the nasty downloader they present |
| 34 |
> > to Windows browsers. Then install this inside the VM. Even if not |
| 35 |
> > activated, it runs for 1-2 hours before shutting down which should |
| 36 |
> > be enough for most purposes you'll need it for. |
| 37 |
> > |
| 38 |
> > If you already activated a Windows installation with your MS |
| 39 |
> > account, with some luck your Win10 VM may even become digitally |
| 40 |
> > activated (this happened to me). No cracks involved. Should be |
| 41 |
> > legal enough. ;-) |
| 42 |
> > > But it is good to know, that the wine-workaround would either |
| 43 |
> > > work or fail too early to damage anything. |
| 44 |
> > |
| 45 |
> > I tried some, and all failed because they didn't even find the |
| 46 |
> > device. The ones that worked where either network based (flashing |
| 47 |
> > via IP protocol) or using other simple interfaces (COM or LPT). |
| 48 |
> > |
| 49 |
> > > Is there anything important to know before doing an emerge |
| 50 |
> > > of wine (need I more than app-emulation/wine?) -- I have |
| 51 |
> > > literally no experience with this emulator - the flashing |
| 52 |
> > > tool is a 32bit gui application...) ??? |
| 53 |
> > |
| 54 |
> > Wine = wine is no emulater ;-) |
| 55 |
> > |
| 56 |
> > Actually, it's the Windows API implemented as .so files plus an EXE |
| 57 |
> > loader to enable the kernel to run PE binaries (instead of ELF). So |
| 58 |
> > nothing is emulated, it's running native. There's also a thin layer |
| 59 |
> > of drivers implemented to transform API calls to native kernel |
| 60 |
> > interfaces, like HID (for input devices). So everything connecting |
| 61 |
> > to simple HID-USB should also work (some custom USB hardware just |
| 62 |
> > implement a HID interface, it's simple and cheap). |
| 63 |
> > |
| 64 |
> > If your applications work depends on if the required parts of the |
| 65 |
> > API had been implemented (including the bugs that exists between |
| 66 |
> > different versions of Windows). |
| 67 |
> > |
| 68 |
> > So, with this knowledge, you simply emerge wine with the useflags |
| 69 |
> > that look useful to you. If you don't need graphics (DirectX) or |
| 70 |
> > don't want to apply your linux GUI theme to Windows apps, you can |
| 71 |
> > ignore the staging useflag. Wine can be compiled with both 64bit |
| 72 |
> > and 32bit support. |
| 73 |
> > |
| 74 |
> > After installation, get familiar with the winecfg utility. It allows |
| 75 |
> > mapping unix path to Windows drive letters. And it allows to set |
| 76 |
> > Windows version per EXE you run (to expose different API bugs and |
| 77 |
> > behavior to your application). Also, you can set DDL overrides |
| 78 |
> > (which is what Windows itself uses when you run applications in |
| 79 |
> > compatibility mode, or when you put DLL overrides manually in the |
| 80 |
> > registry). Tho, here you can decide between native (native DLL on |
| 81 |
> > filesystem) or builtin (*.dll.so file from Wine), and the order in |
| 82 |
> > which they are tried. |
| 83 |
> > |
| 84 |
> > You may also run with different WINEDEBUG settings if you want to |
| 85 |
> > work out problems. There are fixme lines which usually show stub |
| 86 |
> > implementations of API calls (functions that do nothing, and are |
| 87 |
> > there just to return success or fail). You can use it like this: |
| 88 |
> > |
| 89 |
> > # WINEDEBUG=-all wine your-exe-file.exe |
| 90 |
> > |
| 91 |
> > If you'd like to easily manage different Wine prefixes, I'd |
| 92 |
> > recommend using PlayOnLinux - it's not only useful to games. It |
| 93 |
> > also has a long list of scripted installers for installing popular |
| 94 |
> > Windows extensions that you may need (fonts, VB runtimes, C |
| 95 |
> > runtimes) in different versions. |
| 96 |
> > |
| 97 |
> > And then, maybe you want to use winetricks, tho it may be a bit |
| 98 |
> > tricky to run this with PlayOnLinux because it will default to the |
| 99 |
> > non-PlayOnLinux wine prefix. Easy work-around: Launch a commandline |
| 100 |
> > shell from within PlayOnLinux and run winetricks there. |
| 101 |
> > |
| 102 |
> > With PlayOnLinux you can easily reset or discard wine prefixes if |
| 103 |
> > you messed up. Also, you can see each prefix as some sort of |
| 104 |
> > compatibility profile you individually crafted per Windows |
| 105 |
> > application you are running. |
| 106 |
> > |
| 107 |
> > -- |
| 108 |
> > Regards, |
| 109 |
> > Kai |
| 110 |
> > |
| 111 |
> > Replies to list-only preferred. |
| 112 |
> > |
| 113 |
> > |
| 114 |
> |
| 115 |
> Hallo Kai, |
| 116 |
> |
| 117 |
> jupp - ich bin aus Deutschland...die Sache mit dem "Shark" |
| 118 |
> ist ja nett! :) |
| 119 |
> |
| 120 |
> Yepp - I am from germany...the "Shark" nickname is nice! :) |
| 121 |
> |
| 122 |
> The problem with "secure banking" is two sided: First it has |
| 123 |
> to be secure from the technical point of view and secondlu |
| 124 |
> -- in case of being hacked -- the "experts" |
| 125 |
> from the credit institute has to be convinced, that everything |
| 126 |
> was done to secure the banking tasks. |
| 127 |
> In latter case a "complete isolation" via Virtualbox seems |
| 128 |
> more intuitively to be understood than more advanced |
| 129 |
> setups with the same technical degree of security. |
| 130 |
> See here for more: |
| 131 |
> https://www.heise.de/newsticker/meldung/Hacker-brechen-aus-virtueller-Maschine-aus-3658416.html |
| 132 |
|
| 133 |
Well, according to your setup, your concept should be to stop hackers |
| 134 |
from breaking into the virtual machine or its communication... ;-) |
| 135 |
|
| 136 |
So it only works if you jail all your applications inside of containers |
| 137 |
or VMs - and do not use the base (outside) system for anything else |
| 138 |
than starting VMs and containers. |
| 139 |
|
| 140 |
To do it right, you should not put the security sensitive actions |
| 141 |
inside of a VM but the potentially unsecure actions, like surfing the |
| 142 |
web or reading mails. Your concept is broken by design. ;-) |
| 143 |
|
| 144 |
> Back to bussiness: Wine wth a 32bit flashtool is not suitable for me, |
| 145 |
> since I am running a pure 64bit (no multilib) Gentoo setup. |
| 146 |
|
| 147 |
Multilib is pretty easy these days since having ABI useflags. Tho, |
| 148 |
switching and migrating can be a hassle due to conflicts. I've done |
| 149 |
that step a while ago to run Steam in linux. |
| 150 |
|
| 151 |
If you enable a multilib profile and then emerge wine with ABI32 |
| 152 |
useflags, it should pull in only those packages for multilib rebuild |
| 153 |
that are needed. Of course, first compile the kernel to support 32bit |
| 154 |
user space. |
| 155 |
|
| 156 |
> I think I have to send the charger to the vendor |
| 157 |
> for updateing it...sigh. |
| 158 |
|
| 159 |
Then, use VirtualBox and, with a Linux browser, download the Win10 ISO |
| 160 |
directly from Microsoft. Windows can be run in evaluation mode for up |
| 161 |
to 180 days (starting with 30 days, you can use a builtin command line |
| 162 |
tool from MS to maybe extent that period). Just don't enter a product |
| 163 |
key during installation. |
| 164 |
|
| 165 |
German link: |
| 166 |
https://www.microsoft.com/de-de/software-download/windows10 |
| 167 |
|
| 168 |
Do not select the "single language" download: It does not have the |
| 169 |
German version. |
| 170 |
|
| 171 |
You may not even need to install Windows. In the setup screen, select |
| 172 |
the language, then press Shift+F10 to launch a command line window. Now, |
| 173 |
attach a USB stick with the flashing tool and firmware, pass it through |
| 174 |
to the VM using USB-passthrough in VirtualBox, find the correct |
| 175 |
driver letter, and you should be good to go: If the tool doesn't need |
| 176 |
any drivers, it should work. COM ports should be available. Otherwise, |
| 177 |
close the command window and just install Windows for the sole purpose |
| 178 |
of one-time-flashing. Or try installing the drivers by putting them on |
| 179 |
the USB stick and running setup.exe: As long as no reboot is required, |
| 180 |
it should work. I think you cannot run the device manager from there |
| 181 |
because it is not available in the pre-installation environment. |
| 182 |
|
| 183 |
Past the evaluation period, Windows will simply put a black background |
| 184 |
and shut down every few hours. |
| 185 |
|
| 186 |
-- |
| 187 |
Regards, |
| 188 |
Kai |
| 189 |
|
| 190 |
Replies to list-only preferred. |
Archives