Alice Averlong🏳️⚧️oh right I need to install TCP/IP onto my windows 95 machine first
lemme find my win95 floppies
the curl download failed with a connection reset after 17 minutes and 20gb!
so I tell curl to resume it, and... the server starts over from the beginning.
MICROSOFT'S STUPID SERVER DOESN'T SUPPORT THE RANGE HEADER
anger canceled, I was just misreading curl. it did resume.
so again, why doesn't microsoft's official tool do this?
currently on attempt #8
#7 made it to 17gb (of 22gb)!
bad idea: I already MITM'd this once.
I download the file with curl and stick it on a local fast server. Then I set up mitmproxy to silently rewrite requests to their shitty server to my local one, which will be an actual server that works and doesn't randomly drop connections once out of EVERY FUCKING TIME
annoyingly I already deleted the file I downloaded earlier.
(I'm juggling laserdisc archival files right now, so my laptop has a VERY full hard drive, and I thought I was done with that file when it failed verification)
my first attempt and curling it stalled at 16mb.
not gigabytes, megabytes.
hey microsoft could I mail you some blank floppies and you just return 'em with the file on it? that might be easier at this point
I have downloaded the file and I'm now copying it onto my local server.
why didn't I just download it on my local server in the first place, so I wouldn't have to copy it across my house's network?
good question.
okay the files all moved locally so I can just make mitmproxy point it at the different URL. but I think I have been screaming at this problem enough for one day, so I'm going to stop for tonight.
the surface hub has not defeated me yet, I fight on
I lied. mitmproxy is now redirected to my local server, and Surface IT Tool is downloading from it.
annoyingly slowly, actually. Only 51Mbps? this is 22gb!
(it's probably because mitmproxy is handling all the bytes instead of letting nginx do it)
okay I have made a recovery disk by using the MITM download hack
how much do you want to bet this thing won't even boot?
it boots! it's now recovering
this may finally get us incrementally closer to a version of windows that actually works
The other can't log in because Skype is gone
1. Get the Surface IT Tools
2. Go through the whole SEMM mode enrollment with the private key and such
3. Try to create a Surface 2S MTR 22H2 recovery disk. The download will fail
3a. MITM Surface IT Tools to get the URL of the 22gb file you need.
4. actually make the recovery disk
5. Recover the Surface Hub 2.
6. It boots into Skype setup
7. Exit and log into administrator, password is "sfb"
8. Delete the Skype account and uninstall Microsoft Teams Rooms
9. Run Win11 updates
So instead you've got these instructions, which do not work:
https://learn.microsoft.com/en-us/surface-hub/surface-hub-2s-migrate-os
because the way it suggests to make a recovery image doesn't create a recovery image this locked-down fucker will boot.
Only the Surface IT Tools recovery images will boot, and Surface IT Tools can't download files worth shit, so good fucking luck getting that 22gb image
also the Surface IT Tool verifies _something_ (I wasn't able to confirm what) with the microsoft servers before it'll write you an image, even if you have the image already downloaded.
So I highly suspect this method will break in the future
You pick a shiny computer out of the garbage saying "why would anyone throw away this expensive fancy new computer?" and then slowly over the course of multiple days you Learn Why
Those two recovery images are the Win10 Teams Edition image and the Win 11 IoT Microsoft Teams For Rooms "Skype for Business" abomination.
Secure Boot is an open in the UEFI but it's locked, and the SEMM tool cannot change it.
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?)
Krita can then use the pen, with pressure sensitivity, the side button, and the eraser button. You do have to switch it to the other Touch API, though, in settings
C.I know I'm way out of date on this - the last time I installed Linux on a Windows machine was probably 2001 or so - but there were Windows programs you could fire up to start the installation of some major distros from within Windows. I don't remember what they were called, but I think they were either official tools of those distros, or at least officially blessed.
IIRC, they fiddled the MBR and did other stuff. I'm wondering, does anything like this still exist, and does it maybe do things like installing keys in the UEFI partition or other magic to deal with secure boot?
grawity@cazabon yeah, Wubi from Ubuntu used to do that. I used it for a while back in the day. It's not going to bypass Secure Boot, though (which it seems Foone's Surface doesn't allow disabling) – and it had zero support for UEFI style boot in general – Wubi would just install grub4dos and configure it to be chain-loaded specifically from WinXP's NTLDR.
(I don't think it touched the MBR? nor the VBR? I don't remember for sure, but I *think* it was ntldr->grub4dos specifically to reduce the chance of failure. Traditional dualboot would go rearranging things to do grub->ntldr instead, but Wubi was for a very non-technical audience.)
These days as far as I know Windows's BOOTMGR refuses to boot anything that isn't digitally signed as a Windows component (unlike NTLDR in WinXP where you could still add arbitrary entries), so you can no longer chain bootmgr->grub, have to boot directly into grub from the beginning.
imo, installing GRUB "from the outside" has become *kinda easier* in EFI world; the equivalent of "fiddling the MBR" on UEFI systems would be "fondling the EFI boot variables", which Windows has an API for (and you can do it through bcdedit, etc) – the bootloader lives on a FAT partition, drop grub.efi in there, add a new boot entry that points to grub.efi – but of course that grub.efi isn't "Microsoft-signed" so it still won't boot no matter what.
as I understand the Surface won't boot even the MS-signed "Shim" because the hardware deliberately lacks the "third-party" UEFI certificates... although mjg59 said elsewhere in the thread that allegedly those are now possible to install thanks to the 2023 cert rollover, which actually sounds like it would work (as soon as there's a version of Shim out there that's signed using the 2023 "third-party" cert, and not the 2011 one)
CRYSTL ⬡
Cassandrich
👻™ supreme goblin 🐊
wyattno VGA although there is a spot on the motherboard for one and an RV version of it has it populated (no chance of finding that though)
But still it's a pentium iii, and there's a composite/s-video output; could run something neat maybe
knutaf
LP🔸Light up the night
C++ Wage SlaveI had a problem where the frame rate of YouTube videos was very low on Fedora. I eventually solved it: YouTube has a setting that casts a coloured wash over the area surrounding the video window. Turning that off improved the frame rate dramatically. You might want to check that setting and make sure it's disabled.
Von Xylofon
Justin Derrick@foone I found an HP z640 workstation in the garbage room at my old office. Snagged it thinking it was dead but that it might have some good parts.
Plugged it into power and a monitor…. Booted it…. It was infected with a cryptolocker.
Powered it down, yanked the drives, wiped them on a Mac, ordered a new Firmware chip (BIOS/UEFI/whatever) and put in a RAM upgrade. Within 4 weeks, I had a blazing fast desktop running Linux. It was rare I ever got so lucky.
Sydney / Prophet 🏳️⚧️🏴
Shaula Evans@foone Flashback to the time I brough home 30 desktop towers that were being thrown out at work and for months the entire living room floor was made up of disassembled machines being cannibalized for parts to rebuild one another.
It was AWESOME.
Stories of Apple
JulieR
GreenDotGuy
Matthew Garrett
Nils Ballmann@mjg59 @foone Do you – by chance – know if it's also possible to administer the UEFI from Linux (sry, to hijack the thread)?
I haven't seen anything like this so far and I wonder if I just overlooked it. I have seen some tooling to do things like this from Windows for hardware from some vendors, but no tooling for all UEFI.
But I imagine this to be a standardized interface (with UEFI) and kinda expect that it could be possible. I just never really found the time to look more in depth.
that's a kind of security nightmare so Linux doesn't give arbitrary access that way (it's a long story). Could it be standardised? Absolutely. Nobody's done the work, though :(
Ah okay, so my expectation is correct, but I probably could not accidentally stumble over anything because the work hasn't been done, yet. I assume this is kernel upstream work?
Is it considered a security nightmare on Windows or on Linux? Because I assume it wouldn't be if it would be protected by a proper privilege security boundary.
You can set new boot entries (so you can configure boot from USB even if you don't have config for that)
Okay, the USB thing is nice.
In my setup I still have Grub in-between, therefore some of this kind of control can be exercised this way.
And I imagine the fwupdmgr to use this to directly reboot into its firmware updater.
you can install new keys if they're appropriately signed
Is that the same functionality that fwupdmgr uses to update db, dbx and friends? Or do they do this from their FW updater EFI binary? Because this sounds like one could directly update kek and the others?
Rairii 
⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️
Woozle Hypertwin
Kirby
Maddy - ADHD-powered mess 
Mitsunee[email protected] for (not) making a microsoft account 
Jux [GD] 
& - #1 fluxer shill
Tim 🎮@foone it's a touchscreen, right? Get some UnDuneII going on there: https://liquidream.itch.io/undune2
Or the holy grail for me (and the reason I looked at these big Surface things a while ago) is to get some touch-enabled The Incredible Machine play going.
