Disclaimer: the Amazon links in this post are affiliate links.

If you are just looking for the drivers, you can find them on the Internet Archive.

Windows XP holds a special place in many retro gaming enthusiasts' hearts, serving as the perfect platform for experiencing games from the late 1990s and early 2000s. While most users opt for hardware of the era to ensure maximum compatibility with XP's drivers, there's something intriguing about running this classic operating system on more modern hardware.

I had several Intel NUC DC53427HYE devices lying around. Released in 2013, this model features an i5-3427U CPU with Intel HD Graphics 4000 and supports up to 16GB of DDR3 memory through two 8GB slots. For storage, it includes an mSATA slot. The I/O options consist of one USB 3.0 port on the front, two USB 2.0 ports on the back, Ethernet, HDMI, and two Mini Displayports. My unit also had a Wi-Fi card installed.

Windows XP extended support ended on April 8, 2014. As this Intel NUC is from 2013, it may just be old enough to run Windows XP properly.

So let's give it a shot.

Installing Windows

I created a bootable Windows XP installer USB using WinSetupFromUSB. Upon booting the installer and initiating setup, I encountered a BSOD due to missing SATA drivers.

While this could be resolved by switching to IDE mode in BIOS settings, I opted instead to use a modified Windows XP SP3 image from the Internet Archive that included built-in SATA drivers, allowing for AHCI mode operation.

The installation succeeded, leaving only standard driver installation remaining.

Installing the drivers

It took a bit of searching, but I was able to find the drivers needed to make everything work. I have created a backup of these drivers and uploaded them to the Internet Archive.

All you need to do is mount the ISO file using a tool like WinCDEmu and let the driver wizard search for removable media.

The backup contains the following drivers:

• Intel® HD Graphics 4000
• Intel® 7 Series Chipset Family SATA AHCI Controller
• Intel® Display Audio
• Intel® 82579LM Gigabit Network Connection
• Intel® Centrino® Advanced-N 6205
• Intel® Active Management Technology – SOL
• Intel® 7 Series/C216 Chipset Family Universal Serial Bus (USB) Controller – 1E31
• Intel® 7 Series/C216 Chipset Family SMBus Host Controller – 1E22
• Intel® Management Engine Interface
• Intel® Trusted Platform Module

Adding sound

Note: It is possible to get sound via HDMI without any additional hardware, if your monitor supports it

As the NUC does not come with built-in audio ports, we will need to use USB adapters. This Sabrent USB adapter that does not require drivers will do just fine.

Adding Bluetooth

While Bluetooth technically works on Windows XP, from my experience the audio latency is very big. Connecting other peripherals like mice is also hit or miss. For these reasons I do not recommend Bluetooth.

That said, if you still would like to add Bluetooth, the TP-Link UB400 V1 is confirmed to work. TP-Link still has a Windows XP driver for this product on their website. Make sure you get V1 of this product. V2 will not work. Amazon sells the UB400 as well, but it is the V2 version, even though the product description says it supports Windows XP.

Conclusion

For those interested in running Windows XP, whether for retro gaming or other purposes, the Intel NUC DC53427HYE is an excellent choice, combining compact dimensions with robust performance.

A while ago, a client I work for decided after a lot of discussions to finally drop support for IE11. Hurray!

Later, they decided to a show a nice page with an explanation to anyone who might still be using IE11 and encourage them to download a more modern browser.

But because we dropped support a while ago, we didn't test in IE11 anymore, and so any page we tried to load didn't work. Trying to make the pages work would be a waste of time, because in time they might stop working again.

So we decided to redirect all IE11 users to a simple static page.

Redirects in NextJS

Since version 9.5 it is possible to declare your redirects in next.config.js.

The redirects property accepts an async function, that returns an array of redirects.

The redirect in this array goes from the homepage to /ie_warning.html (which is a file served from the public folder), and is set to be non-permanent, meaning that the server will return a 302 HTTP status code. If permanent is set to true, a 301 code is returned instead.

module.exports = {
  redirects: async () => {
    return [
      {
        source: '/',
        permanent: false,
        destination: '/ie_warning.html',
      },
    ]
  },
}

After restarting NextJS, the homepage should redirect you to the static file. But right now this will happen in all browsers, which is not what we want.

Matching the User-Agent header

So what if we only want to redirect users that are using IE11?

That's easy! Redirects also accept a has property, that contains a list of “things” the request should contain. These can be headers, cookies or query parameters.

We will be checking against a header. the User-Agent. All IE11 user-agents contain the word Trident in their user-agent, so we can simply use a regex-like string to check if the header contains that word.

module.exports = {
  redirects: async () => {
    return [
      {
        source: '/',
        has: [
          {
            type: 'header',
            key: 'User-Agent',
            value: '(.*Trident.*)',
          },
        ],
        permanent: false,
        destination: '/ie_warning.html',
      },
    ]
  },
}

Restart NextJS again, and go to the homepage in IE11. It will still redirect you, while other browsers will not.

But right now the redirect only triggers on the homepage. You'll want this to trigger on all pages, which we'll do next.

Site-wide redirect

In order to trigger a redirect on all pages, we can make use of a regex-like string again.

module.exports = {
  redirects: async () => {
    return [
      {
        source: '/:path((?!ie11_warning.html$).*)',
        has: [
          {
            type: 'header',
            key: 'user-agent',
            value: '(.*Trident.*)',
          },
        ],
        permanent: false,
        destination: '/ie11_warning.html',
      },
    ]
  },
}

Restart NextJS one more time and now the redirect will trigger on all pages, except /ie_warning.html. The exception is required to prevent a redirect loop.

Conclusion

As you can see, it is quite easy to setup a redirect for a specific browser. Personally I had some trouble with the regex-like strings at first, but then again, regex is difficult anyway.

Hope this was helpful!

Let's say you are following a guide on the internet and it provides a command for installing a package.

sudo apt install package

Without a second thought, you copy the command and quickly paste it in your terminal. Now imagine there was a different command in your clipboard, like this one:

sudo rm -rf / *do not actually run this command!

This command forcefully and recursively deletes all your files and folders starting from the root directory. If you paste text containing a newline character in your terminal, it will automatically be executed. If your terminal has elevated permissions, because you already executed a sudo command in the same session, it will not ask for your password.

Goodbye precious data!

How can this happen?

There are three ways how websites can trick you into copying something else:

1. By using the execCommand method from the Document interface
2. By changing the clipboard data within the copy event
3. By placing hidden and/or offscreen text within the visible text

The execCommand method

If you've ever copied a command from a website, you may have noticed that some offer a button that, once clicked, copies the command for you.

These buttons use the execCommand method from the Document interface. It is deprecated and can be removed at any time, but for now it is still working.

As the name implies, it allows you to execute a command. One of the commands you can execute is copy. By executing this command you can copy the current selection to the clipboard.

An example is given below:

const hiddenInput = document.querySelector("input");
hiddenInput.value = "Text that should be copied";
hiddenInput.select();
document.execCommand("copy");

The tricky part is that malicious websites can have that button copy something completely different from what you are expecting.

So if you are on a website that you don't trust and you use one of these buttons, always double check what is currently in your clipboard by pasting it in a safe place, Notepad for example.

Changing the clipboard data within the copy event

Whenever you copy something using CTRL + C or the context menu, a copy event is fired. A handler for this event can modify the clipboard contents using the following code:

const handleCopyEvent = (event: ClipboardEvent) => {
  // Set the clipboard contents to a string of your choice.
  event.clipboardData.setData(
    "text/plain",
    "sudo rm -rf /" // DON'T RUN THIS COMMAND
  );

  // Prevent the default action from overriding the data
  // we just set.
  event.preventDefault();
};

The code should be self-explanatory but if you want a more detailed explanation I recommend reading Stop Rashly Copying Commands From Websites by Louis Petrik, where I originally read about this exploit. It also includes an example and a link to a browser extension that I have created. More on that in a minute.

Placing hidden and/or offscreen text within the visible text

When you select text on a website it becomes highlighted. You would expect that the highlighted part is exactly what you are going to copy.

The problem is that, in some cases, invisible or offscreen text will also be part of your selection, even when it's not highlighted.

Some examples that hide text but still allow it to be selected are:

• Using font-size: 0
• Moving text offscreen with absolute or fixed positioning
• Using absolute or fixed positioning in combination with transform: scale(0)

Just to name a few.

There is an example that demonstrates this trick. The commands that you see there contain a span that is moved offscreen.

How to protect yourself?

A good practice is to always double-check what is in your clipboard, by pasting it in a safe environment first. But what if your browser could warn you when your clipboard data is altered? How about a browser extension?

Meet Copy Guard

I have created a simple browser extension that does exactly that! It is called Copy Guard and its source code can be found on my GitHub. By using my extension you can let your browser warn you when a website is using the second or third method.

It injects a script which listens to the copy event. Whenever you copy something using CTRL+C or the context menu, it takes your current text selection and compares it to the data that is placed in your clipboard. Aside from that, it also checks if your text selection contains any hidden or offscreen elements.

Available for Chrome, Firefox and Edge.

A note on cryptocurrency

When I posted my browser extension on Reddit, I was told that stuff like this happens within the crypto community as well, which makes perfect sense. A website could have you copy a totally different wallet address. If you were to send your precious crypto to this address, it could be lost forever.

Something similar happened to a Reddit user once. Although this particular user probably had malware on their computer, it could also happen on the web, without any malware.

Conclusion

There are multiple ways how websites can trick you into copying something different from what you expect.

Always double-check your clipboard. My browser extension can at least warn you when something is fishy, but a good practice is to paste your selection in a safe environment first, before you paste it in your terminal.

At least do this for websites you don't trust.