1 |
Am Sun, 19 Mar 2017 11:35:44 +0100 |
2 |
schrieb tuxic@××××××.de: |
3 |
|
4 |
> On 03/19 11:20, Kai Krakow wrote: |
5 |
> > Am Sun, 19 Mar 2017 09:57:22 +0100 |
6 |
> > schrieb tuxic@××××××.de: |
7 |
> > |
8 |
> > > On 03/19 09:37, Kai Krakow wrote: |
9 |
> [...] |
10 |
> [...] |
11 |
> [...] |
12 |
> [...] |
13 |
> [...] |
14 |
> > > |
15 |
> > > Hi Kai (that's a rhyme! :) |
16 |
> > |
17 |
> > Yeah, I know that one... If you are from Germany, you'll also get |
18 |
> > why my former nick (some years ago) was "Shark" :-) |
19 |
> > |
20 |
> > > I have installed Virtualbox already and use the Linux Image I |
21 |
> > > installed there for banking purposes only. Feels more secure. |
22 |
> > |
23 |
> > So something like application virtualization... You could maybe run |
24 |
> > in an isolated container, only exposing the xserver or run inside a |
25 |
> > nested xserver. It would probably greatly reduce startup times and |
26 |
> > not waste a complete image. |
27 |
> > |
28 |
> > > I would prefer the WIndows-in-a-(virtual)box-solution) as you |
29 |
> > > do -- if I would own a Windows installation disc. But do not. |
30 |
> > |
31 |
> > Well, you can easily get an image from MS using a Linux browser. |
32 |
> > Just go to the Windows 10 download page. It will show a selection |
33 |
> > form to choose the ISO instead of the nasty downloader they present |
34 |
> > to Windows browsers. Then install this inside the VM. Even if not |
35 |
> > activated, it runs for 1-2 hours before shutting down which should |
36 |
> > be enough for most purposes you'll need it for. |
37 |
> > |
38 |
> > If you already activated a Windows installation with your MS |
39 |
> > account, with some luck your Win10 VM may even become digitally |
40 |
> > activated (this happened to me). No cracks involved. Should be |
41 |
> > legal enough. ;-) |
42 |
> > > But it is good to know, that the wine-workaround would either |
43 |
> > > work or fail too early to damage anything. |
44 |
> > |
45 |
> > I tried some, and all failed because they didn't even find the |
46 |
> > device. The ones that worked where either network based (flashing |
47 |
> > via IP protocol) or using other simple interfaces (COM or LPT). |
48 |
> > |
49 |
> > > Is there anything important to know before doing an emerge |
50 |
> > > of wine (need I more than app-emulation/wine?) -- I have |
51 |
> > > literally no experience with this emulator - the flashing |
52 |
> > > tool is a 32bit gui application...) ??? |
53 |
> > |
54 |
> > Wine = wine is no emulater ;-) |
55 |
> > |
56 |
> > Actually, it's the Windows API implemented as .so files plus an EXE |
57 |
> > loader to enable the kernel to run PE binaries (instead of ELF). So |
58 |
> > nothing is emulated, it's running native. There's also a thin layer |
59 |
> > of drivers implemented to transform API calls to native kernel |
60 |
> > interfaces, like HID (for input devices). So everything connecting |
61 |
> > to simple HID-USB should also work (some custom USB hardware just |
62 |
> > implement a HID interface, it's simple and cheap). |
63 |
> > |
64 |
> > If your applications work depends on if the required parts of the |
65 |
> > API had been implemented (including the bugs that exists between |
66 |
> > different versions of Windows). |
67 |
> > |
68 |
> > So, with this knowledge, you simply emerge wine with the useflags |
69 |
> > that look useful to you. If you don't need graphics (DirectX) or |
70 |
> > don't want to apply your linux GUI theme to Windows apps, you can |
71 |
> > ignore the staging useflag. Wine can be compiled with both 64bit |
72 |
> > and 32bit support. |
73 |
> > |
74 |
> > After installation, get familiar with the winecfg utility. It allows |
75 |
> > mapping unix path to Windows drive letters. And it allows to set |
76 |
> > Windows version per EXE you run (to expose different API bugs and |
77 |
> > behavior to your application). Also, you can set DDL overrides |
78 |
> > (which is what Windows itself uses when you run applications in |
79 |
> > compatibility mode, or when you put DLL overrides manually in the |
80 |
> > registry). Tho, here you can decide between native (native DLL on |
81 |
> > filesystem) or builtin (*.dll.so file from Wine), and the order in |
82 |
> > which they are tried. |
83 |
> > |
84 |
> > You may also run with different WINEDEBUG settings if you want to |
85 |
> > work out problems. There are fixme lines which usually show stub |
86 |
> > implementations of API calls (functions that do nothing, and are |
87 |
> > there just to return success or fail). You can use it like this: |
88 |
> > |
89 |
> > # WINEDEBUG=-all wine your-exe-file.exe |
90 |
> > |
91 |
> > If you'd like to easily manage different Wine prefixes, I'd |
92 |
> > recommend using PlayOnLinux - it's not only useful to games. It |
93 |
> > also has a long list of scripted installers for installing popular |
94 |
> > Windows extensions that you may need (fonts, VB runtimes, C |
95 |
> > runtimes) in different versions. |
96 |
> > |
97 |
> > And then, maybe you want to use winetricks, tho it may be a bit |
98 |
> > tricky to run this with PlayOnLinux because it will default to the |
99 |
> > non-PlayOnLinux wine prefix. Easy work-around: Launch a commandline |
100 |
> > shell from within PlayOnLinux and run winetricks there. |
101 |
> > |
102 |
> > With PlayOnLinux you can easily reset or discard wine prefixes if |
103 |
> > you messed up. Also, you can see each prefix as some sort of |
104 |
> > compatibility profile you individually crafted per Windows |
105 |
> > application you are running. |
106 |
> > |
107 |
> > -- |
108 |
> > Regards, |
109 |
> > Kai |
110 |
> > |
111 |
> > Replies to list-only preferred. |
112 |
> > |
113 |
> > |
114 |
> |
115 |
> Hallo Kai, |
116 |
> |
117 |
> jupp - ich bin aus Deutschland...die Sache mit dem "Shark" |
118 |
> ist ja nett! :) |
119 |
> |
120 |
> Yepp - I am from germany...the "Shark" nickname is nice! :) |
121 |
> |
122 |
> The problem with "secure banking" is two sided: First it has |
123 |
> to be secure from the technical point of view and secondlu |
124 |
> -- in case of being hacked -- the "experts" |
125 |
> from the credit institute has to be convinced, that everything |
126 |
> was done to secure the banking tasks. |
127 |
> In latter case a "complete isolation" via Virtualbox seems |
128 |
> more intuitively to be understood than more advanced |
129 |
> setups with the same technical degree of security. |
130 |
> See here for more: |
131 |
> https://www.heise.de/newsticker/meldung/Hacker-brechen-aus-virtueller-Maschine-aus-3658416.html |
132 |
|
133 |
Well, according to your setup, your concept should be to stop hackers |
134 |
from breaking into the virtual machine or its communication... ;-) |
135 |
|
136 |
So it only works if you jail all your applications inside of containers |
137 |
or VMs - and do not use the base (outside) system for anything else |
138 |
than starting VMs and containers. |
139 |
|
140 |
To do it right, you should not put the security sensitive actions |
141 |
inside of a VM but the potentially unsecure actions, like surfing the |
142 |
web or reading mails. Your concept is broken by design. ;-) |
143 |
|
144 |
> Back to bussiness: Wine wth a 32bit flashtool is not suitable for me, |
145 |
> since I am running a pure 64bit (no multilib) Gentoo setup. |
146 |
|
147 |
Multilib is pretty easy these days since having ABI useflags. Tho, |
148 |
switching and migrating can be a hassle due to conflicts. I've done |
149 |
that step a while ago to run Steam in linux. |
150 |
|
151 |
If you enable a multilib profile and then emerge wine with ABI32 |
152 |
useflags, it should pull in only those packages for multilib rebuild |
153 |
that are needed. Of course, first compile the kernel to support 32bit |
154 |
user space. |
155 |
|
156 |
> I think I have to send the charger to the vendor |
157 |
> for updateing it...sigh. |
158 |
|
159 |
Then, use VirtualBox and, with a Linux browser, download the Win10 ISO |
160 |
directly from Microsoft. Windows can be run in evaluation mode for up |
161 |
to 180 days (starting with 30 days, you can use a builtin command line |
162 |
tool from MS to maybe extent that period). Just don't enter a product |
163 |
key during installation. |
164 |
|
165 |
German link: |
166 |
https://www.microsoft.com/de-de/software-download/windows10 |
167 |
|
168 |
Do not select the "single language" download: It does not have the |
169 |
German version. |
170 |
|
171 |
You may not even need to install Windows. In the setup screen, select |
172 |
the language, then press Shift+F10 to launch a command line window. Now, |
173 |
attach a USB stick with the flashing tool and firmware, pass it through |
174 |
to the VM using USB-passthrough in VirtualBox, find the correct |
175 |
driver letter, and you should be good to go: If the tool doesn't need |
176 |
any drivers, it should work. COM ports should be available. Otherwise, |
177 |
close the command window and just install Windows for the sole purpose |
178 |
of one-time-flashing. Or try installing the drivers by putting them on |
179 |
the USB stick and running setup.exe: As long as no reboot is required, |
180 |
it should work. I think you cannot run the device manager from there |
181 |
because it is not available in the pre-installation environment. |
182 |
|
183 |
Past the evaluation period, Windows will simply put a black background |
184 |
and shut down every few hours. |
185 |
|
186 |
-- |
187 |
Regards, |
188 |
Kai |
189 |
|
190 |
Replies to list-only preferred. |