Alice Averlong🏳️⚧️the curl download failed with a connection reset after 17 minutes and 20gb!
so I tell curl to resume it, and... the server starts over from the beginning.
MICROSOFT'S STUPID SERVER DOESN'T SUPPORT THE RANGE HEADER
IT'S 2026 BUY A REAL COMPUTER
anger canceled, I was just misreading curl. it did resume.
so again, why doesn't microsoft's official tool do this?
anyway I have the file now. There's a metadata JSON file that I don't have, but it looks very fakable. Then I can use the official recovery tool to build me a bootable USB drive, like it's supposed to be able to do
FUN FACT: the Surface IT Tool doesn't seem to validate any of the windows version info you give it in the JSON file!
yeah no it just failed verification. So I'm just going to try to download it, again, and again, and again, until I get lucky
it already hung
currently on attempt #8
#7 made it to 17gb (of 22gb)!
slightly tempted to automate it. watch the screen for the visible download amount, and if it hasn't changed in Xty seconds, hit cancel, restart.
cross your fingers, we're at 19gb and still climbing at 76 Mbps!
21gb!!!!
bad idea: I already MITM'd this once.
I download the file with curl and stick it on a local fast server. Then I set up mitmproxy to silently rewrite requests to their shitty server to my local one, which will be an actual server that works and doesn't randomly drop connections once out of EVERY FUCKING TIME
annoyingly I already deleted the file I downloaded earlier.
(I'm juggling laserdisc archival files right now, so my laptop has a VERY full hard drive, and I thought I was done with that file when it failed verification)
my first attempt and curling it stalled at 16mb.
not gigabytes, megabytes.
hey microsoft could I mail you some blank floppies and you just return 'em with the file on it? that might be easier at this point
my best guess for what is happening: I'm getting randomly loadbalanced onto a bunch of very overloaded servers.
I have downloaded the file and I'm now copying it onto my local server.
why didn't I just download it on my local server in the first place, so I wouldn't have to copy it across my house's network?
good question.
okay the files all moved locally so I can just make mitmproxy point it at the different URL. but I think I have been screaming at this problem enough for one day, so I'm going to stop for tonight.
the surface hub has not defeated me yet, I fight on
I lied. mitmproxy is now redirected to my local server, and Surface IT Tool is downloading from it.
annoyingly slowly, actually. Only 51Mbps? this is 22gb!
(it's probably because mitmproxy is handling all the bytes instead of letting nginx do it)
okay I have made a recovery disk by using the MITM download hack
how much do you want to bet this thing won't even boot?
it boots! it's now recovering
this may finally get us incrementally closer to a version of windows that actually works
It just showed that it was logging into a user account named "Skype"
Yeah I can't get past the setup. It gives me two accounts, Skype and Administrator, and the latter is passworded, and the former doesn't work because I can't login to a Skype account
This machine is a fractal paperweight
There are two recovery images I have that work. One of them boots to an environment that can't use the store and can't run software until it gets to the store.
The other can't log in because Skype is gone
The other can't log in because Skype is gone
The trick was installing MTR (Microsoft Teams for Rooms) and then logging into the passworded Administrator account ("sfb": "Skype For Business") and deleting the Skype account. Now it boots to 11 IoT and I can run updates
And the machine can finally, FINALLY after 4 days become useful and a real computer:
okay so if you are unfortunate enough to get a Surface Hub 2S and want to make it run Useful Windows (linux would be nice but I haven't figured out how to boot it) instead of Broken Windows, you need to:
1. Get the Surface IT Tools
2. Go through the whole SEMM mode enrollment with the private key and such
3. Try to create a Surface 2S MTR 22H2 recovery disk. The download will fail
3a. MITM Surface IT Tools to get the URL of the 22gb file you need.
1. Get the Surface IT Tools
2. Go through the whole SEMM mode enrollment with the private key and such
3. Try to create a Surface 2S MTR 22H2 recovery disk. The download will fail
3a. MITM Surface IT Tools to get the URL of the 22gb file you need.
3b. write an addon for mitmproxy to redirect Surface IT Tools to a local server you control
4. actually make the recovery disk
5. Recover the Surface Hub 2.
6. It boots into Skype setup
7. Exit and log into administrator, password is "sfb"
8. Delete the Skype account and uninstall Microsoft Teams Rooms
9. Run Win11 updates
4. actually make the recovery disk
5. Recover the Surface Hub 2.
6. It boots into Skype setup
7. Exit and log into administrator, password is "sfb"
8. Delete the Skype account and uninstall Microsoft Teams Rooms
9. Run Win11 updates
I think the fundamental problem with this device is that they ship it in a super-locked-down mode that can't do anything unless you install more software from the Microsoft Store... and as of last December it can't talk to the Microsoft Store anymore.
so the easy migration tool they had available can't be installed and even if you could install it, it wouldn't work
So instead you've got these instructions, which do not work:
https://learn.microsoft.com/en-us/surface-hub/surface-hub-2s-migrate-os
because the way it suggests to make a recovery image doesn't create a recovery image this locked-down fucker will boot.
Only the Surface IT Tools recovery images will boot, and Surface IT Tools can't download files worth shit, so good fucking luck getting that 22gb image
also the Surface IT Tool verifies _something_ (I wasn't able to confirm what) with the microsoft servers before it'll write you an image, even if you have the image already downloaded.
So I highly suspect this method will break in the future
I should just make an image of the final recovery drive it creates, and stick that on the internet archive. DD it to your own 32gb drive and bypass all the nonsense
BTW this is one of my favorite kinds of projects.
You pick a shiny computer out of the garbage saying "why would anyone throw away this expensive fancy new computer?" and then slowly over the course of multiple days you Learn Why
You pick a shiny computer out of the garbage saying "why would anyone throw away this expensive fancy new computer?" and then slowly over the course of multiple days you Learn Why
I don't think I ever really explained why this is such a pain: The boot is locked down, and it's a real idiot-light kind of system. By default the UEFI does not allow changing the OS. It boots off the internal HD or not at all (although I think if you have an external drive the right signatures that's running the same OS, it doesn't consider it a problem and will boot it? No way to check that)
You can use the Surface IT Tool (on a different machine) to make a special USB key that will reconfigure the system, based on a private key you generate, and this enables "AllowOSMigration" in the EUFI config. Basically all other UEFI options are locked down even in the special SEMM mode tool.
And once you've got SEMM mode (I don't remember what it stands for, I'm too tired to look it up, and I'm pretty sure the last M is "mode" anyway so this is a case of RAS Syndrome) it supposedly will boot from USB devices
however I was only able to find two images that it would boot from, despite what the doc pages say.
Those two recovery images are the Win10 Teams Edition image and the Win 11 IoT Microsoft Teams For Rooms "Skype for Business" abomination.
Those two recovery images are the Win10 Teams Edition image and the Win 11 IoT Microsoft Teams For Rooms "Skype for Business" abomination.
I tried a bunch of other images, linux installers and such, regular windows 10/11 installation media, nothing happens. It won't boot them, it doesn't say why, there is no way to override.
Secure Boot is an open in the UEFI but it's locked, and the SEMM tool cannot change it.
Secure Boot is an open in the UEFI but it's locked, and the SEMM tool cannot change it.
So I'm REALLY limited in what I can run on this thing.
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?)
To get a Linux to boot I think I'd need to do some UEFI hacking (like enrolling other certificates somehow) or maybe boot hacking (load grub/ubuntu install using a chainloaded NTLDR?)
but for now we're probably leaving it on Windows 11 and declaring victory. It works enough for what we plan to do with it (Draw with the Surface Pen and make House Billboards/Grocery Lists) and it means we can declare victory here
Krita seems to support the pens well if you uninstall Microsoft Teams Rooms and then assign all the buttons to "Nothing".
Krita can then use the pen, with pressure sensitivity, the side button, and the eraser button. You do have to switch it to the other Touch API, though, in settings
Krita can then use the pen, with pressure sensitivity, the side button, and the eraser button. You do have to switch it to the other Touch API, though, in settings
also I accidentally Doomrolled my roommate: She was trying to use Krita and accidentally launched Doom II fullscreen
because I had configured the eraser-button to launch Doom if you tapped it, then got distracted away before I could test or reset that
Doom II at 320x240 opening on a 3840x2560 50" display that you're half a meter from is a sight to see.
pixels the size of hams
Sparks
Neko May
Raglan Niall 
merlin / alex glow@foone Incredible
C.I know I'm way out of date on this - the last time I installed Linux on a Windows machine was probably 2001 or so - but there were Windows programs you could fire up to start the installation of some major distros from within Windows. I don't remember what they were called, but I think they were either official tools of those distros, or at least officially blessed.
IIRC, they fiddled the MBR and did other stuff. I'm wondering, does anything like this still exist, and does it maybe do things like installing keys in the UEFI partition or other magic to deal with secure boot?
grawity@cazabon yeah, Wubi from Ubuntu used to do that. I used it for a while back in the day. It's not going to bypass Secure Boot, though (which it seems Foone's Surface doesn't allow disabling) – and it had zero support for UEFI style boot in general – Wubi would just install grub4dos and configure it to be chain-loaded specifically from WinXP's NTLDR.
(I don't think it touched the MBR? nor the VBR? I don't remember for sure, but I *think* it was ntldr->grub4dos specifically to reduce the chance of failure. Traditional dualboot would go rearranging things to do grub->ntldr instead, but Wubi was for a very non-technical audience.)
These days as far as I know Windows's BOOTMGR refuses to boot anything that isn't digitally signed as a Windows component (unlike NTLDR in WinXP where you could still add arbitrary entries), so you can no longer chain bootmgr->grub, have to boot directly into grub from the beginning.
imo, installing GRUB "from the outside" has become *kinda easier* in EFI world; the equivalent of "fiddling the MBR" on UEFI systems would be "fondling the EFI boot variables", which Windows has an API for (and you can do it through bcdedit, etc) – the bootloader lives on a FAT partition, drop grub.efi in there, add a new boot entry that points to grub.efi – but of course that grub.efi isn't "Microsoft-signed" so it still won't boot no matter what.
as I understand the Surface won't boot even the MS-signed "Shim" because the hardware deliberately lacks the "third-party" UEFI certificates... although mjg59 said elsewhere in the thread that allegedly those are now possible to install thanks to the 2023 cert rollover, which actually sounds like it would work (as soon as there's a version of Shim out there that's signed using the 2023 "third-party" cert, and not the 2011 one)
CRYSTL ⬡