PC/XT killer pokes

[reenigne]

I've got my XT set up so that I can remotely run programs on it from a laptop in a different room of my house, get results back over the serial connection and also remotely power-cycle it.

One thing I've been thinking about doing with this setup is putting it online so that anybody who wants to can do the same thing - I suspect there a few people here who would find that useful for profiling code, writing emulators and generally poking into the less well-known behaviors of the machine.

I'm worried about the possibility of killer pokes, though - I don't want someone to be able to run code which will damage the machine. It won't be connected to a monitor, so there's no worries about stuffing bad values into the CRTC registers and breaking flyback transformers. I have a capture card I can connect to the composite output of the CGA so that people can see what's on the screen. I'll probably also limit how long programs can run, both to avoid tying up the machine with crashed programs, and also to avoid wearing out floppies by leaving the motor spinning for too long.

One thing that is a concern is the possibility of reprogramming the 8255 PPI IO lines that are supposed to be inputs to instead be outputs and driving them to different voltages than they would otherwise be, causing overly large currents to flow. Has anybody actually done this and determined if it actually does or doesn't damage anything? Would it have been standard for devices like this to include current-limiting resistors on their output circuits? I checked the datasheet but it was inconclusive. I suppose if that is a real problem I could remove the 8255 and replace it with a daughterboard containing the 8255 and some resistors on the output pins.

Do you know of any other killer pokes for the XT?

If I ever finish my cycle-exact emulator, I suppose I could use it to check for any hostile behavior, but then any software-detectable inaccuracy in the emulation could be used by an attacker to determine if they were running on the emulator or the real hardware and deploy the payload only on the real hardware. And if it is perfectly accurate then it would make running programs on the actual hardware rather pointless (although still cool!)

 

[pearce_jj]

It's a very cool concept!

I'd be more worried about the thing catching fire, or at least any lurking RIFA filter caps making their presence known

 

[vwestlife]

Not necessarily "killer", but on a 5150 PC you can switch the cassette motor relay on and off so rapidly that it sounds like a buzzer!

 

[Chuck(G)]

How does your stuff do something that a commerical package, say, PC Anywhere doesn't do?

 

[reenigne]

I'd be more worried about the thing catching fire, or at least any lurking RIFA filter caps making their presence known

The original power supply failed soon after I got it and I replaced its board with one from a modern PSU so I'm not too worried about that. I've had it running for weeks at a time with no issues.

 

[reenigne]

Not necessarily "killer", but on a 5150 PC you can switch the cassette motor relay on and off so rapidly that it sounds like a buzzer!

True - that relay could probably get damaged doing that for too long. I'd be doing this with an XT though, and that doesn't have a relay.

Somebody should make a piece of music for the 5150 which uses the cassette relay and the PC speaker to do (sort-of) 2-channel sound. Add in floppy drive stepper motors and it might even go up to 4!

 

[per]

I don't think changing inputs to outputs would do much, as the only case that may have been problematic was if an output was connected directly to the 5V line. The thing with TTL logic is that current flows from inputs to the output when the output is in the "low" position, but when the output is "high"; it just prevents current from flowing at all. If connecting an output to an output, the worst thing you could get is an ground-to-ground connection.

The worst thing that can happen is problably that someone may fiddlie around with the DRAM refresh timer, leave the beeper on at a some annoying frequency, or somewhat break the state of the OS.

 

[reenigne]

How does your stuff do something that a commerical package, say, PC Anywhere doesn't do?

I didn't know that there was a version of PC Anywhere that ran on such old machines!

One thing my setup does that I'm sure no commercial package does is the trick of loading code over the keyboard port (using the manufacturing test/diagnostic routine early in the BIOS startup sequence) to boot the machine very quickly after a power cycle. I can skip the RAM test and be running user code in less than a second, which is very handy when debugging software that has a tendancy to crash the machine a lot.

 

[reenigne]

I don't think changing inputs to outputs would do much, as the only case that may have been problematic was if an output was connected directly to the 5V line. The thing with TTL logic is that current flows from inputs to the output when the output is in the "low" position, but when the output is "high"; it just prevents current from flowing at all. If connecting an output to an output, the worst thing you could get is an ground-to-ground connection.

Ah, that is interesting and good to know - thanks! In that case I might try it out and see what happens.

The worst thing that can happen is problably that someone may fiddlie around with the DRAM refresh timer, leave the beeper on at a some annoying frequency, or somewhat break the state of the OS.

I can (and do) remotely power-cycle the XT, and it'll be controlled from another (more modern) machine which is connected to the internet (and which won't be running any anonymous code). So no user supplied code should be able to get the system into a state from which it can't recover.

Disconnecting the speaker would probably be wise, though.

 

[per]

Disconnecting the speaker would probably be wise, though.

Maybe you could monitor it from the host (more recent computer) and send/display/play the waveform at the client side?

 

[reenigne]

Maybe you could monitor it from the host (more recent computer) and send/display/play the waveform at the client side?

Yeah, that would be even better, and probably not very difficult either (especially if I'm already sending back screen captures).

 

[Chuck(G)]

PC Anywhere debuted for the 5160--and there quite a number of similar programs, Remote (from the makers of Crosstalk), Carbon Copy,...the list is pretty long.

The idea was that a support outfit could manipulate a customer's system over a phone line to see what was the matter and quite possibly, fix it. In the 80's, remote PC access was a minor "killer app". Another big thing was that a user could install the software and phone home to use his system. Because of low comms (typically not more than 2400 bps) bandwidth issues, you usually had to explicitly (via keystrokes) request the contents of a graphics screen.

But yeah, it's been done.

 

[Great Hierophant]

I do not think you could use the cassette output and the PC speaker as a crude 2-channel output because whatever is being sent to the speaker will also be sent to the cassette output.

However, rapid on & off switching may burn out the PC cassette motor relay.

 

[Trixter]

Do you know of any other killer pokes for the XT?

I don't know of any other than deliberately blowing up monochrome monitors with whack 6845 values, but that won't affect your proposed setup.

I think that anyone who WOULD know any killer pokes we haven't thought of is either dead, or a member of this forum and wouldn't want to destroy a vintage machine. I wouldn't worry.

 

[Trixter]

Somebody should make a piece of music for the 5150 which uses the cassette relay and the PC speaker to do (sort-of) 2-channel sound. Add in floppy drive stepper motors and it might even go up to 4!

Why stop there? Music Construction Set mixes four channels of pulsewave and can output it over the cassette interface, so there's 4 more voices for you ;-)

Sadly, stepper-motor music is not possible on the PC; the hardware isn't flexible enough IIRC.

 

[vwestlife]

Somebody should make a piece of music for the 5150 which uses the cassette relay and the PC speaker to do (sort-of) 2-channel sound. Add in floppy drive stepper motors and it might even go up to 4!

Somewhere I have a Christmas music & graphics demo written for BASICA which uses the cassette relay to simulate the sound of a ticking grandfather clock (as animated on the screen).

 

[barythrin]

I'd be more concerned with folks who don't know enough to do killer pokes but someone immature that might delete all files, try to write a virus, or another immature trick writing a reboot.com with debug then adding that to autoexec. Given I suppose you could give access with credentials which might limit some abuse. I wonder what sort of filtering you could do for remote commands? One would think you could potentially block commands like format, del, etc or run off of a write protected floppy disk. This is where emulators are handy. Disposable and quickly restorable environments. Have you see that java dosbox? Actually there's apparently a larger project too JPC seems to also be an x86 emulator in a java environment. I believe the classicdosgames.com uses the jdosbox app. I recall quitting one of the games and being back and a dos prompt. I echo'd to a file just out of curiosity and it wrote, refreshed the webpage and confirmed yes it reloads itself from a compressed zip or such each time.

 

[reenigne]

But yeah, it's been done.

I think the novel thing here would not so much be controlling a computer remotely, as putting a vintage machine online so that anyone in the world with an internet connection can use it.

 

[reenigne]

I do not think you could use the cassette output and the PC speaker as a crude 2-channel output because whatever is being sent to the speaker will also be sent to the cassette output.

Yeah, they're both driven from the PIT channel 2. But I was thinking of using the actual cassette relay to make clicking noises, rather than the cassette output itself.

Somewhere I have a Christmas music & graphics demo written for BASICA which uses the cassette relay to simulate the sound of a ticking grandfather clock (as animated on the screen).

Like that! Wow, vwestlife, could you get a video of that program running? That would be fun to see and hear.

However, rapid on & off switching may burn out the PC cassette motor relay.

True. I remember making buzzing noises with the cassette relay in the BBC Micros at primary school. Even though they never used tapes, I was too afraid of breaking the relay to run that program for very long.

 

[reenigne]

I think that anyone who WOULD know any killer pokes we haven't thought of is either dead, or a member of this forum and wouldn't want to destroy a vintage machine. I wouldn't worry.

I'm erring on the side of caution here, as I think it would be foolish to underestimate the lengths that the Anons of the world will go to for "Lulz", especially if I put the machine online and it goes viral.