The T61 which is where my main experience lies has hardware whitelists for WiFi cards and restricts the internal SATA port to basic SATA speeds rather than SATA2 speeds which the chipset supports.
There are many hacked BIOSes (I use Middleton's BIOS) out there which fix this though.
However, you can disconnect the hardware pretty easy. I've done this on my T400. Took about 5 mins with a Swiss army knife screwdriver (all you need to service a ThinkPad!).
WiFi firmware can in theory allow passive monitoring and forwarding of data. This is because the WiFi card is a small self-contained embedded system.
The CPU microcode (and arguably architecture) is more difficult to modify but it's possible that the microcode for an AES round opcode could be intentionally flawed. Enough press is around not to have to explain this.
USB is the one I find interesting. Anything (webcam/keyboard/mouse) could arbitrarily register itself as an HID device and inject data into your OS.
The whole systems architecture is a mess.
I'm not suggesting we go back to discrete wire-wrapped PDP11's but something needs to be done by putting security and privacy first. That means starting again as where we are isn't good.
I do agree that it probably shouldn't be allowable; even minor pieces like webcam firmware have proven very important (see the Apple webcam firmware with no light story from a few days ago).
Plus without the requirement to release firmware for co-processors, some full machines with the potential for DMA and all sorts of nefarious concepts can exist that nobody even notices (SMC, WiFi, Bluetooth, "fan managers" and so on).
With that being said no modern CPU vendor would even think about open-sourcing their CPU microcode especially, so the FSF are stuck between a rock and a hard place. With a true "every single thing open" requirement in place, the only general purpose PC made in the last ten years or so that could hope to come close to passing would be a Chinese MIPS laptop.
Can I get a link to that webcam firmware story? I read a little bit about it, but I was looking for a more technical look into why it would be possible to enable a camera with no LED.
I always thought the sensor power was connected also to the LED, to prevent exactly that type of hackery.
I don't consider a computer properly open unless (if I had the available fab tech) I could replicate every part by spec and program everything with blueprints and documentation without breaking any bullcrap trademark or patent without just reproducing the parts verbatim (IE, using novel circuit printing, re-implement the hardware of the computer itself with no barriers and complete information, I am lenient on having short-term no direct replication proceedings, though I think those are still dumb).
The fact that seems so impossible I believe is one of the reasons our IP and information sharing ideologies are so completely fucked right now.
> WiFi firmware can in theory allow passive monitoring and forwarding of data. This is because the WiFi card is a small self-contained embedded system.
On the other hand, it would typically be detectable and would generally fail to work without significant intervention from the software on the computer. The same goes with the webcam. Theoretically, it could keep its activity LED shut down and snoop you without you knowing it, but how is it going to send data over to No Such Agency?
This is probably not sufficient for high-security matters, of course, but it is IMO good enough to ensure the privacy of a user who doesn't do anything illegal. Working past the security you get simply from running open-source software (at least as far as the peripherals are concerned) is expensive, risky and potentially intrusive enough that it isn't worth doing unless you're trying to tap into a drug dealer's computer. In which case yes, you should be thinking about something else.
> I'm not suggesting we go back to discrete wire-wrapped PDP11's but something needs to be done by putting security and privacy first. That means starting again as where we are isn't good.
More vitality in the open hardware movement would be great. This isn't meant as a way of criticizing its members; if asshole engineers like me would do something about it instead of blabbing on HN, things would probably be better.
I'm not sure it would require 'intervention from the software on the computer', by which I think you mean, the software running on the CPU. For instance it does not seem beyond the realm of possibility that firmware in your webcam could communicate over the PCI bus with firmware in your ethernet card to transmit video.
Note also that while the software running on your CPU might be beyond reproach (you carefully read every javascript file before you execute it right?), the microcode running on your cpu can do just about anything.
> For instance it does not seem beyond the realm of possibility that firmware in your webcam could communicate over the PCI bus with firmware in your ethernet card to transmit video.
IMHO, it does. The PCI bus isn't something that gets shared on a whim. The functionality you need for this would have to be built in the BIOS.
> ...but it's possible that the microcode for an AES round opcode could be intentionally flawed
I guess that you mean that it'd still give correct output, but somehow leak the key (incorrect output seems simple to detect, unless it happens for a very small set of keys, and then it seems mostly useless).
I wonder: what ways of leaking the key off the machine would you expect? I (but I'm probably not devious enough) don't see ones that aren't overly complex and don't require additional compromised peripherals. Do you?
Timing. Perhaps a malicious microcode could introduce key-dependent delays into AES encryption/decryption? That's a pretty long shot, though; given my understanding of modern CPUs it's unlikely to be possible.
Another hypothetical attack: the AES instructions could be modified to store plain text and/or keys in cache, with a specific set of innocuous opcodes and register values triggering a readout of the data. This would allow one VM on a physical server to steal keys or data from another VM on the same server.
It seems unlikely, though, due to the probability that an adversary that controls both CPU microcode and VM placement probably has access to the hypervisor.
T60p was far superior build to any MacBook ever made. My old T61 which is virtually identical had the living crap beaten out of it 10 hours a day for 5 years solid and it still works fine today. It had a new battery and a new fan and that was it.
As someone who owned severals Lenovos at work, and several MacBooks at work, from my experience 3 Lenovos broke the plastic rim of the screen and keys flew out, MacBooks have all been fine and upgraded to new ones while still working.
Long post. This should cover it. Family of 5 history of Apple and Lenovo/IBM kit:
2010 MacBook Pro (DEAD 2011 - caught fire after water spillage next to it - WTF). 2006 MacBook Pro (DEAD 2008 - logic board failure). 2007 MacBook (DEAD 2010 - logic board failure). 2006 Intel iMac (DEAD 2008 - backlight). 2007 Mac Mini (sold 2009 - worked fine at the time).
2005 IBM T43 (ALIVE - sister's daily driver). 2006 Lenovo T61 (ALIVE - backup machine - stopped using it in 2012). 2007 Lenovo T400 (ALIVE - bought 2012 second hand. My daily driver). 2008 Lenovo X200 (ALIVE - mail server because it's cheap to run).
All of the above have lived a HARD life.
The only Apple kit I have that is still alive is a 2008 iPod Nano that barely works (to be expected here). Two iPad 2's (one barely manages 2 hours on battery - replacing that will be fun!) and a brand new iPad Mini Retina.
Apple kit stinks from my experience.
I don't want to hear the favourite defence of "anecdote" to this post. Once probability. Twice coincidence. Thrice certainty.
I've had just the opposite experience. Every IBM and Lenovo laptop I've used has died or had to be replaced within a year (2 IBM and 2 Lenovo). I've had decent experience with Windows towers, but not laptops.
Now my Apple experience, having laptops going back to the Duo 280c, I've had to have two faulty batteries replaced and one screen replacement, all which were fixed within a week. That's 8 laptops over 20 years, each were passed to family members when I was finished and each worked when they were given to family friends or donated to charity.
And as you say, once probability, twice coincidence, thrice certainty. That's why I stopped buying Lenovo in 2009 and finally decided Windows and its grief was not necessary in my life.
It's s wonder you keep buying Apple kit - my experience has been almost polar opposite - still have a 2003 iBook, 2006 MB with SSD that is decent at browsing, 2008 MB Unibody running Mavericks, 2010 MB Air that's still quite snappy, a 2010 MBP with SSD upgrade running great and a Mac Mini that I just recently donated to a disadvantaged friend after upgrading to SSD.
Only failure I had was a 2004 iMac G5 that died in 2007 - that SOB was heavy, and was not missed. Personally moved to all-laptops after that.
But compiling something major are just the baby steps. What if you have to run something over a distributed cluster? Or if it relies on dozens of libraries that were written for *nixes, without consideration for the quirks of Apple? What if you want to run part of your stuff "facing the outside world"? What if your machine (and code) must run for weeks?
I've only ever administered scientific clusters in linux, but from what I've heared from people that work as admins in "we use Apple" groups (and scarce they are), it must be absolute hell.
One of the major strengths of the Mac is that they play fairly well with *nix systems. I don't know anyone who uses Macs for clusters - but Macs make really marvelous client machines for clusters.
For "outward facing" code, the Mac Pro really isn't a server, and using any workstation as a server is pretty fail. As far as uptime in weeks, my (old style) Mac Pro would be surprised to learn that it can't run for weeks at a time, given it has in the past, hammering simulations the whole time.
The point is that they're excellent client machines. You can rig up code on your Mac in R, Python, etc. and then hand it over to the cluster fairly effortlessly, at least in my experience compared to Windows.
I can only speak for myself, but at my most recent position, when we replaced my Dell with a Mac, my productivity shot up.
What you say makes sense. Now that I think of it, most of the pain that has been described to me can be attributed to the misguided notion of a professor that _everything_ must run on apple machines.
What was also notable is that most of the problems seemed to appear on the admin side of things (running the "mac servers"), while for the users, meaning the scientists programming and crunching on the machines, everything worked just fine. That of course added to the admin's frustration, as nobody could understand why they were complaining about the perfectly fine Apple-centric setup.
So Mac for the scientist and Linux for the server might quite likely produce happyness for everyone.
Yep, the new Mac Pro is going to be a pain for IT support to move to another desk or office with all its bits hanging off it.
That is, of course, if the new Mac Pro ever makes it into the enterprise given Apple's track record in that area. I always what happened to the IT manager who convinced their boss to invest heavily in a few XServes... :-)
>Or you can buy an HP Z820. OSX is pretty much moot for workstation grade machines. The software is all cross platform.
Depends on the software you use. For scientific computing, maybe.
For other tasks a Mac Pro would be used, no. Logic Pro, for example, is not cross platform. Neither is Final Cut Pro. And even if I depend on something like Adobe CC, most multimedia pros prefer to use it on the Mac, because of other benefits of using OS X.
>And wires dangling everywhere? To get anything other than comedy storage, you're going to need a pile of lightning devices hanging off it.
Or just a cable and a NAS.
But that's the outside, which is a given that you'd need multiple disks. Ever seen a video pro using just the internal HDs on his Desktop machine? Each project usally takes a whole disk by itself. Nobody uses the internal disks for 4K work.
>And don't give me all that crap about Apple being tried and tested - last MacBook Pro I had was totally unreliable.
Sure it was, as were several other units from the 1-2 million sold of the same MBP production run.
Now lets see how many unreliables you'd get from 1-2 million different self-built PCs.
Pro Tools. I've used Logic Pro: it's horridly unreliable. I no longer have a DAW in favour of a Triton as it's all I need personally but my experience with Logic was awful.
Adobe After Effects + Adobe Premiere Pro. The guys I know who use it do it on Windows because OSX is a moving target from hell. You get reliable iSCSI support on Windows and better SAN performance. Plus it's easier to get 10Gbit ethernet cards to your SAN when you have some real PCI express slots available.
They don't use internal disks but some of us do for storing virtual machines in my case.
See my other comments about how my Mac experience has gone. Also look at Apple forums. Nothing but bitching from people about endless stupid problems.
Microsoft get a bad rep for beta testing their products on the customers but if you've used iWork on an iPad recently you'll see what I mean.
Not pleased. People need to look at these problems pragmatically and stop defending something which has descended into the same hell as everything else.
Post Production Engineer/Technical Director here, built several million dollar facilities in NYC, worked lots of commercials and a few docs here and there (latest one airing on ESPN 30for30).
Very few high end pros use Adobe Premiere Pro as it's all the worst parts of Avid and FCP without the good sh!t, although the tiny one man shops seem to love it.
Any shop that is busy uses tons of firewire drives and big ass SANs, internal drives are mostly for the OS and occasionally often used assets.
Apple isn't perfect, their QC has definitely faltered as they've grown, but in Post it's a shit ton better than Windows, even facilities that aren't using FCP prefer Avid and After Effects/Photoshop for Mac. Windows is bigger in the 3D world, Linux is popular for color grading and compositing software.
Hell is a Post Facility relying on Windows. I used to know a few, never liked working for them, always seemed to cut corners if it saved a few bucks. That's fine if you're cutting web videos or local spots, but not when you're cutting Fortune 500 national brand campaigns.
As far as looking at these problems pragmatically, you can't rely on an OS that's going to crap the bed because the editors spent their down time trolling shady websites.
That's fine until you take your Pro back to apple and they don't have your configuration available and you have to wait 3 weeks for a replacement (this does happen a lot with non standard apple build to order devices). Even worse with an XServe I inherited: they couldn't replace it in warranty. Ended up with a supermicro 1U with debian on it in under 24 hours from buy to install.
My HP: redundant PSU, disks, next day service for all parts or replacement unit.
And I like it's style, and Windows won't cut it, so for me the trade offs are okay :)
Hence, depends on your definition of better. Computers are trade offs. Always have been. Your choice of trade offs is not inherently better than someone else's.
(this is academic, btw, I'm not getting any of the computers in question)
All computers are trade offs but when you start trading sensible things for appearance then it's just idiocy.
It's the Ugg boot of computers. Looks pretty and keeps your feet warm but you can't get it wet and it isn't waterproof, they fuck up your feet and fall to bits.
I'd rather have a pair of Berghaus explorers, warm and dry feet and for them to still be on one piece after a 20 mile hike (HP Z820).
Don't really care about the OS - you can get where you need to with virtualization.
better as in not needing separate power supplies and cases to have reasonable storage options. better is not needing to buy a new machine (I know, not confirmed but they never aren't offering) to upgrade components. better is having a user upgradeable storage (the ssd is not user upgradable even with tricks according to some).
While it certainly is an interesting case, stylish for some, its pure form over function. They have essentially made a Mac Pro Mini / Mac Pro iPad ... as in what you bought it what your stuck with. Want to upgrade to a new processor or newer video card, well buy a newer machine.
My question is related to the actual rounded case. Is something like it available for the PC market? I'm tired of the standard boxy-looking case on my robotics workstation.
No. The PC is a modular standardised architecture. There are no COTS components that would fit in such a case. This is by design. Apple forked their own design.
That's cool. :) But I'm sure the correct statement would be untangling messy code written in "your non-favorite language" and rewriting it in "your favorite language or management's choice based on buzzwords". :)
Is there growth in the actual number of Perl full-time positions or is it declining?
Companies obviously need Perl programmers to maintain and enhance existing systems, but we don't see or hear about any new start-ups using Perl as part of their stack.
Fwiw: I don't use Perl anymore but was a fan and love Moose and CPAN.
We're a growth stage startup hiring perl programmers to do new development in the Los Angeles area. Perl isn't the only language we use (we have some python), but it's widely used throughout our systems.
I started in a new Perl position with my current employer in 2012. We just filled another new (mostly) Perl position a few months ago. I can't speak to the total numbers of positions available, but there is work out there for sure and it's not by any stretch strictly maintenance programming.
