spent six hours last night learning the deepest, darkest, most cursed shit imaginable about a netbook i bought for $40. information from the BEER structure
UPDATE: There is now another page to the story.
alright let's fucking go
I wrote about Phoenix Hyperspace a few days ago. I have finally obtained one of the very, very, very few machines that shipped with it, and it turns out the way it works is even more batshit nuts than I'd read.
I promise, you do want to read this whole post.
this is some of the most absolutely twisted shit ive ever read any device trying to pull. "the OS is decieved into thinking it's going to sleep when really its reality is being fundamentally altered such that it becomes someone else entirely" is an incredibly metal way to describe it. i feel permanently tainted after reading this you were right
One morning, when Gregor Samsa woke from troubled dreams, he found himself transformed in his bed into , linux
do you think the fellas over at Phoenix were giggling "how delightfully kafkaesque this will be" while performing the necessary blood ritual to summon this absolute monstrosity making this
gravis this is a magnificent piece of investigation and writing, thank you for this
This post inflicts permanent Warp. I have no fucking words. Truly the Chost Of All Time.
i like this tech and i'd like to find an excuse to use it
i wonder what cursed things uefi could do, but i've heard a lot of computers don't actually do it properly so idk if that would be useful
Hey, uh, perchance do you have the installer or know where to get a flash disk dump for Splashtop? I have an Asus ExpressGate motherboard and I just wanna see it for myself and do Linux Crimes
The only installers I have are from Lenovo and keyed to a specific model machine. You can actually get them from Lenovos driver site, but I don't know how to unpack them.
I'm certain the actual driver disc for any afflicted board would have it. What's the model?
It's an Asus P5Q Pro. I don't think I've ever seen the driver disc so it didn't occur to me to track it down and check there...
https://dlcdnets.asus.com/pub/ASUS/misc/utils/ExpressGate_V1462_XPVistaWin7.zip?model=p5q-e here it is for one of the first expressgate models. even if that doesn't work, you should be able to find it on the page for yours! select "windows xp" and then expand the software & utility section
I found my board on Asus' website and, yeah, this is the exact archive to use for my motherboard! You're amazing
I have an old i3-530 from college with a magicgate mobo and i had tried at the time to install or make the stuff work but never was able to and promptly forgot about it until this post. I think I even have the same mobo…
Just to note, this is an old InstallShield installer (checked with DetectItEasy)
I threw it into Windows Sandbox and ran setup.exe /s /x /b"c:\test", which will bring up an "Uninstall" dialog but extract an MSI file into c:\test. The MSI can either be run in the sandbox, or extracted with LessMSI
I haven't had the mental health to dig deeper but I tried running it on a too-new version of Windows and it's stuck in a not fully installed state. Been meaning to install XP on a spare HDD and try again to see if it gets installed self-contained onto the motherboard and no longer needs the Windows install that provisioned it.
It might? Looks like it's a stack of squashfs files. I can't get access to any compatible hardware in Australia but it's an interesting thing for sure.
"Windows thinks it's taking a nap, but it wakes up as someone else, leaves the house, and commits murders it has no memory of."
wholly molé
As someone with DID this sounds relatable which is terrifying
I'm not a computer scientist by any means, so I appreciate your putting in layman's terms (inasmuch as it is possible) the scope and scale of the devilry present in this device. I also have immense respect for the hours spent investigating this long-dead evil - maybe one day it will be useful in a different context.
why would phoenix do this. i mean im glad they did but why
incredible writeup, thank you. some great turns of phrase too—I loved “langolier purgatory”
this is incredible investigative work thank you for doing and sharing it. resuming a different OS from S3 is a very clever hack, and im impressed they went to the further effort of a buffered ntfs file system driver.
What I'd be curious to know is whether that temporary journaling filesystem it uses for the windows filesystems in linux mode knows about / respects locks held by windows programs [via the dwShareMode parameter / the _fsopen CRT function (though all files opened via CRT functions are locked from being deleted/renamed)]. If so, then the 'files change out from under programs' issue is fully mitigated, and it certainly seems to do enough other windows kernel shenanigans that it might take a copy of the list of all active locks.
oh, that may be the case - check out the patent linked if you wanna try to confirm this, but there is mentioning that the drivers on both sides implement oplocks. that's probably this
It sounds like they implemented their own thing rather than relying on conventional OS-level locks - their thing is more conservative in some ways (opening for write locks even if you didn't actually request a lock, probably for the best since your time window for race conditions is stretched out to forever) but could allow a file to be changed while you're in the middle of reading it.
thank you for this. still in awe that someone decided it was a good idea to reserve a quarter of physical memory for this lunatic feature on machines that had nowhere near enough to start with. absolutely spectacular commitment to the bit.
especially since the netbooks that ran real actual Linux out of the box were basically fine. i had one from HP as my primary laptop for a year or two.
I miss netbooks so much. It's impossible to get a cheap small laptop that isn't even more of a joke than during the netbook boom, and it's my preferred form factor for travel.
halfway through this post: oh my god this is Dahir Insaat Earthquake Bed for Windows
The first linux I used as any kind of daily driver was an ubuntu install in about 2010 that was somehow contained within a file on the windows system, and could access the windows filesystem at will (though it eventually corrupted itself, or was corrupted by windows). I have never seen its like again despite being fairly sure it was an official canonical product. Since then I've basically considered it a fever-dream and not really thought about it.
This is worse. Thank you so much
https://en.wikipedia.org/wiki/Wubi_(software) i had forgotten this existed so thank you for the reminder. woobey
wubi was rather cool, when it worked - and is a direct inspiration for a Linux I'm making now called "styx". biggest thing about styx is you just drag it where it goes, and make it boot - no partitioning, no bootloaders. the least dangered linux there will be really
Wubi was my introduction to Linux as well. It was nice to have a "safe" way to try out Linux without needing to need with disks and partitions.
Not to be confused with Wabi, which lets you run Windows applications inside of Linux, Solaris, or AIX. While the mechanism is entirely different, I think it's humorous that their names are only one letter different from each other.
The second version of Linux I ever used was a weird distribution called TransAmeritech which was basically this but Slackware, made to run as an app under Windows 3.1 somehow. I have no idea how it worked and I am frightened by every notion that comes to mind.
My first Linux distribution was Yggdrasil, which ran as a live CD back before that was a common feature and it also used some scary shenanigans to let you transparently treat .gz files as if they were already decompressed. It was very slow.
looked that up and fortunately it's not THAT cursed, "just" using a file in a fat-32 system to store the partition data... so yes it's cursed.
see https://web.archive.org/web/20000619162946/http://www.trans-am.com/index1.htm and http://www.linuxmisc.com/1-linux-setup/f049e8374f15b3bd.htm
Huh, I could have sworn it predated fat32. Maybe I'm misremembering and I only first used it in Win'95, not Win3.1. The computer I ran it on definitely started life running Windows 3.11 though.
i don't see any reason why fat16 wouldn't work with this -- it even advertises windows 3.1 compat, aside from adding even more cursedness because clusters.
This was also my first Linux and I had mostly forgotten it, thanks for the reminder
This post is fantastic but im also laughing because I use devilspie before streaming to just quickly arrange all my windows exactly. I had no idea it could do wild stuff like that
oh hell yeah i'm glad to hear it has Uses other than Kiosk Crap
This thing must have been so hardware dependent that I'd be surprised if it ever worked on more than a handful of machines with a very specific Intel chipset/GPU and a very limited selection of devices onboard. I'd love to see their trick applied on a machine that had a GPU with its own VRAM not directly visible to the BIOS.
In any case, I need to go look at some pictures of kittens to try and forget the horrors I just read. Thanks for that, I hate it.
im amazed that this is somehow worse than i thought and my gut instinct at exactly the point you mentioned the mystery partition was... well, actually pretty close to what's actually happening but also completely wrong
(I thought it was doing a full suspend to disk on a portion of the hidden partition and then either starting or resuming the other OS. Which is close! But I did not expect they would segment the memory into reserved regions and then flipping them around. Although I did suspect that the linux side was allocated less memory to make starting it faster, since it would have to potentially pull saved memory contents off disk)
Ditto. Halfway through, I could hear my own brain telling me "SURELY they must be using hibernate. That way Windows knows which ram is worth saving, it gets every bit of important system state on disk and it knows how to reconstitute it." There was NO WAY that they would carve A QUARTER OF THE FUCKING RAM GLFJFKFJDK just in case the Linux personality needed it.
By default it's 256 megs but that's really not that much better
I don't get this. It doesn't solve the fundamental problem of two programs accessing the same file. Just because you delayed the write until the main OS was running again doesn't seem to solve anything.
I think the advantage is that at least you can detect conflicts at this point, like the whole "you can't delete this file because it's in use by another program" - some kind of error/warning is probably better than clobbering (maybe it would give you the option to keep a backup of the modified file, in event of conflicts?)
So the hope-and-prayer would be - the Windows App has a file open, and maybe has a coherent state pushed to its file handle. A Windows minidriver syncs Window's perspective of the file, and prays that the still mounted NTFS structures are also written out well enough for Linux to do a RO-yolo mount. Linux opens maybe a sane file (or maybe not) and writes something new to a union mount. When you go back to windows, a utility tries to move everything from the union's partition over the original files. At this point, the utility slams into god knows how many "this file is already open" locks. The utility either has to bury the user in conflict prompts, or make very dangerous executive decisions on its own.
I don't see a whole lot of good guarantees that Linux opened a sane file, and if you nope out of it wrong (or it autosaves a line noise THESIS.DOC) then you are very likely to have a bad time.
This is brilliant! Hooking S3 is clever, but buffering writes to the fs and replaying them after is absolutely inspired. I love it! Thanks for writing it up
I kinda want one now, for no good reasons.
Also, i think the initial state the machine was in when you got it is the entire reason why many thought this was a good idea.
Users will absolutely destroy windows with garbage, and make it unusable. So having that alternate option meant that no matter how badly they messed it up, they could still have something that'd work until they got someone to look at it.
I'm curious, would that alternate reality been able to copy files onto USB from the Windows side of things?
jesus fucking christ
i was also expecting some sleep-to-disk shit like apparently everyone else was, but this is unhinged
I love this. As a commercial product, it's an unmitigated failure. As a piece of engineering as art, it's only matched by the JBIG2 iMessage exploit. A round of applause to whichever group of Phoenix engineers implemented this in actual reality.
there is not one word in any languages spoken on our planet that accurately describe how fucked up this is
After reading this I now believe that Modern Standby/s0ix is punishment for Phoenix's S3 sins
I own an SSD that is bootable but somehow not readable (even by dd), and this post still gave me nightmares.
The OS has halted itself, and is waiting to be told that it's time to wake up, but OSM instead proceeds to *alter the universe around it*.
This line really made me realize just how fucking incredible this post is, thank you so much
I love this terribly and I cannot put into words why so thank you for doing so for me
This is such a good post, thank you.
I can't help but imagine a bunch of new-hire CS grads who'd managed to take a good operating systems class thinking about their final assignment to write a preemptive scheduler and then simultaneously all turning to gaze hungrily at ACPI
This is a puzzle palaces of hacks that you'd expect to see in like, a MacOS-on-Windows-3.1 emulator circa 1993, not a late-2000s netbook!
my favourite variety of Tech Thing is when an astounding amount of effort, talent, and cleverness is put into an absolutely vile hack, and dear god this fits perfectly
i devoured this post, thank you so much this has renewed my love of computers and audacious hacks that we must hide from God
Wow, just, wow Also, you really outdid yourself finding something truly obscure and weird and then doing this level of analysis of it!
this is the most unbelievably cursed and beautiful software i have ever had the (dis)pleasure of reading about
haha, well
when all you have is a hammer, everything looks like a nail
[CW food, non-Vegan] ||when all you have is sour cream, everything looks like a potato||
when all you have is VC funding, everything looks like an opportunity
but seriously this is such a good writeup! we were on the edge of our seat (though that was partly the cat's fault). we really enjoyed reading about it. what a terrifying, beautiful hack.
I’d be willing to bet that the still-working BBC API is just an RSS feed, which is still alive and working despite the tech press having declared repeatedly that it’s dead. Open standards work, y’all.
I just know that "In Conclusion, What The Hell" is going to live rent-free in my brain from now on
What is this monstrosity? What did Windows 7 do to deserve this?
I had an old Asus board that had ExpressGate, and even at the time it seemed rather useless, even though it was neat.
Are you planning on uploading the recovery system up to archive.org? It'd be fun to have a bit of a play with something like that, if I could ever get my hands on the hardware (or maybe it'd work with my N250Plus..?)
that processor is incredibly capable, with a bit of love! i wrote about my vaio vgn-p at https://artemis.sh/2022/01/12/life-at-800mhz.html which uses a much earlier atom; so if you ever feel like breathing life into it with a normal linux install, maybe some of my software recommendations there will help (especially around video playback, you can for sure do 360p h264, and probably 480p).
you should definitely install a 32-bit OS even though your processor is 64-bit capable. the RAM usage difference is astronomic because everyone loves to have lots of pointers in their software.
I don't understand computers, but I know whatever happened here wasn't right.
Several Sony Vaio models had a linux-based InstantON feature also. I had a Vaio TZ and a Vaio P that both had it. And hey the Vaio P was 2008 or 2009 and an Atom just like this. jesus-pointing.gif
It was linux but I don't remember seeing anything that said Phoenix or Hyperspace when I poked around in the files.
It was also essentially pointless. It drained the battery faster than either win7 or linux. (The P shipped with Vista but I didn't keep that for long so I can't say how it compared to Vista. I think the TZ was older and probably shipped with XP) Even the Vaio TZ, which had a dvd drive and a dvd player app in the InstanON, so in theory it should make a neat stand-alone dvd player appliance, was not a more convenient media player than just booting the full OS and running a regular media player.
I never could get it to boot anything other than the supplied InstanON kernel and initrd, but I did discover that it wasn't too picky about where those files were. They just needed to reside on an ntfs filesystem (maybe fat32 would work too, I don't remember if I tried that) somewhere on the disk. I had wiped the original windows and recovery partitions, created a new small partition just for the InstanON files, the rest was linux, grub in the mbr, no trace of the original mbr or windows BCD or the rest of Windows, and the InstantON still worked.
Bill Gates killed the netbook with his scheming. Netbooks used a special low-cost version of Windows, BUT if they ever went above a certain, painfully low spec, they'd have to ship with a much more expensive version of the operating system. Ever wonder why EVERY netbook seems to adhere to the same specs, ie 2GB of RAM max and a wimpy Atom processor? That was the reason. The really early netbooks (like my Asus EEE 701) came with Linux, but Microsoft quickly squashed that, too.
Netbooks were a hugely popular format at the onset- who wouldn't want a conveniently small and cheap computer?- but they were left in an evolutionary standstill, and couldn't grow along with the rest of the industry. The reason the netbook had such a short lifespan is because Bill Gates suffocated it in its crib. These days, tablets fill a similar niche, but we'd probably be using netbooks too if not for Gates' interference.
Anyway. Ahem. I bought a Dell Inspiron at an estate sale years ago for five dollars, and the previous owner put Windows 10 on it. It ran like you would expect Windows 10 to run on a netbook with 1GB of RAM, which is to say, abysmally. I've since replaced the hard drive with an SSD and installed Recalbox, but it STILL runs like dirty dog ass thanks to the damn videos Reek-all Box forces you to watch because the front end starts. You can't turn them off, and apparently they're been upscaled to 4K, because they're 4K-ing slow on this computer. Look, guys. I know you're proud of these videos you keep smashing in my face, but they're not doing ME any good at all. They were mildly annoying on Raspberry Pi but way, way worse on a netbook, since they slow everything down to glacial speeds.
what an excellent writeup about warlock magic that does unholy things
this is incredibly fucked up. reading this was truly the highlight of my day. thank you
Haha, this was a great read. I have to admit at some point I thought this was going to be some coLinux-adjacent shenanigans — I think they ran Linux kernel code through a Windows driver? Though obviously that wouldn’t give you any battery or boot time benefits.
Damn, they... they store the context of a running os in memory... and then they create a new context for another OS... and then they restore the previous context, resume execution from where the OS last left off, oblivious to what its hardware was doing in the meanwhile... Did they... did they just invent cooperative multitasking on the OS level??? For this stupid corporate laptop gimmick??? "cooperative multibooting"?
Did the people who invented cooperative multitasking feel the same kind of horror we do on hearing this? Did they feel the same amount of shame over what they'd done to the poor programs? Or is human sympathy only reserved for big-shots like OSes?
Aside, can you please put up the installers or whatever files you can dump related to at least the dual resume thing (I don't care much for the specific linux derivative or the NTFS sync (IMO that one should remain forgotten in the recesses of history)) somewhere online, like archive.org? Doesn't matter if there's license stuff as long as all the files are in the installer, I've some practice patching DRMs on those. It could be interesting to see how it works or if it can be adapted into a general solution. (Isn't GRUB under the GPL? Shouldn't they have been required to release sources for any GRUB or GRUB-derived binaries they produced?)
re: something you said in the next post: UEFI can in fact chainload into MBR bootloaders. REFIND can do this and shows entries for any MBR bootloader drives. (Whether it needs CSM mode turned on, I'm not sure about.)
I'd love to have a play with this myself at some point. Would you be able to upload it? Maybe as an ISO (no idea how) or tar.gz?
This reminds me a bit of 'Flipper', a package for the Amstrad PCW that allowed multiple instances of LocoScript (a wordprocessor that ran on the bare metal) or CP/M to be loaded and task-switched between them. It would patch the memory detection code in each OS so they only used the memory allocated to them, and the reboot code so that a three-finger salute would bring up the task switcher rather than reboot the computer. Of course that was far simpler hardware running far simpler operating systems, so it was easier to avoid actions that could lead to things like filesystem corruption.
