Lenovo Ushers in a New Era of Mobile Workstation Power and Performance with Lenovo ThinkPad P50 and P70
-
@scottalanmiller said:
@johnhooks said:
So I've been thinking. Who's the bigger devil out of this mess, Lenovo who was using a channel that was given to them (which lets face it, most people would do - not all but most) or Microsoft for giving them the ability?
This is in reference to the pre Windows executed code, not superfish.
Lenovo is my feeling. Not to get into that debate (because I think agree with how this sounds) but you don't blame the gun, you blame the person who wields it. There are tons and tons of ways to be harmed out there and we can't rely on people not making weapons or tools that can be used as weapons but on the criminals who see an opportunity to do harm and leverage it.
When you put it that way with the guns, I agree.
-
@s.hackleman said:
Can someone "explain it like i'm 5" why you need this kind of power in a mobile workstation? It seems like complete overkill for me.
I'm not sure what you guys are talking about. The CPUs aren't that powerful. 32GB+ in a laptop is a minimum for me and I don't even run VMs, just multitask. If you need a workstation graphics card, however high-end, it's because you're doing 3D modeling or some other task that requires it. Developing for Oculus, for example, requires a very high end graphics card.
The idea behind a super high powered laptop is that you consolidate your workstations. You have a single laptop that replaces your desktop and you plug into monitors at the office and then take with you on the road without having to manage two different OSs, app sets, and setups.
I had to ditch the ASUS w/ the GTX 965 because it couldn't handle Oculus development. It also wouldn't allow for the use of 4 1440p monitors which I've now switched to ( ordered a stand yesterday ).
To me, these Lenovos aren't that powerful. Xeons are great at having tons of cores, not great at having blistering clock speeds.
I personally can't develop comfortably on less than a 3.5ish Ghz quad w/ HT ( somehow the 4-core i5 I had felt noticeably slower than the HT Xeon at about the same clock I'm on now ), 32GB, and specifically a Samsung SSD in rapid mode. Now that I'm finally on a legitimate graphics card and can see how dramatically it improves my computing experience I doubt I can ever shy away from that either. In fact the GTX 970 feels so nice that it's got me wondering whether I shouldn't upgrade to a 980 TI while I still can.
Just because you don't need something to get a job done doesn't mean that having it won't improve or dramatically improve your experience.
I'm actually excited about these workstations and the first UHD 17" screen I've seen. The idea of 64GB in a laptop and all of the things I could do with that is mouth-watering. You'd be surprised at how quickly professional editing and debugging tools combined w/ debugging code you're working with can saturate large amounts of RAM. I'm sure video editors, game-makers, 3D modelers, CADers, and other heavy duty pros make great use of systems like these.
For typical office peeps and light development though, you definitely don't need them. But honestly $2,000 is NOT expensive for a high-quality laptop ( not saying these are high-quality, I haven't touched one yet and I've seen a lot of shitty Lenovos at stores ), it's a bargain. You can configure some 17" Dell Precisions w/ less power than these that'll get you past $3,000 easily.
-
@creayt I have to ask what you are developing that needs 32GB of RAM.
-
@creayt said:
I'm not sure what you guys are talking about. The CPUs aren't that powerful. 32GB+ in a laptop is a minimum for me and I don't even run VMs, just multitask.
It's not that the products I develop use 32GB of RAM, it's that all of my tooling, web browsing, Creative Cloud apps, and debugging, etc. all ad up to more than 24 GB and I think rapid mode uses a handful of GB ( used to be limited to 1, I think I read that it maxes out at 10% of system as of the last few updates so somewhere around 3 GB ). There are certain projects I've written that do a heavy amount of complex relational data assembly and caching at startup and serve that from a RAM cache, so it's nice to allocate 10+ GB to that when I'm working on it, but that's not at all times. In any case, I've tried working on 8, 16, and 24 GB and inevitably get the Windows pop up that the OS is running out of RAM.
I'm excited for the days when containers come to Windows and my workstation has as much RAM as my server ( 256GB ).
-
Well considering this mornings conversation with Scott, this equipment no matter how good it looks is a non starter for me...
-
-
Bit late to the conversation.
Yoga Network Shims, any source articles of that to reference?
-
@Breffni-Potter said:
Bit late to the conversation.
Yoga Network Shims, any source articles of that to reference?
There are tons, most articles only talk about it as malware as the majority of users are unaware of the concept of a network shim. That it was a network shim was blatant as it blocked sites like MangoLassi (how it was first detected around here) by intercepting the HTTP stream and not handling io.socket calls correct (very common in older proxies, so it was immediately clear what was happening) and by the fact that even a fresh install of Windows, even a direct from Microsoft one, had the issue instantly when the only available driver for the internal network cards, the one from Lenovo, was installed. The only source of the shim was in the network driver itself!
http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/
-
From the above article:
But there’s a bigger concern that Lenovo is intercepting encrypted traffic so it can show ads on people’s computers. In the security world, this is known as a man-in-the-middle attack.
-
-
Looks like they are still at it - though in a less notorious way this time.
The long and the short - Lenovo is using a method that security companies like LoJack have been using for years to install software into windows from the BIOS.
Microsoft has made this even easier for them by creating a new connection in the UEFI that is part of Windows itself.
On the surface, something like this seems really convenient for consumers (not needed for businesses - they have IT staff to build images, etc). You scratch install the system but of course Windows doesn't have drivers for the hardware, the BIOS pushes down a version of the driver into windows and the end user doesn't have to be concerned about using another computer to find drivers (assuming the network drivers in windows aren't there).
The main bad part is inclusion of OneKey Optimizer - which is being reported as Lenovo junkware - but other than claiming to clean up some temp files, I'm not really sure what the issue with this software is.
Frankly I fully expect to see embedded drivers like this on all future systems. Manufacturers are trying to find ways to reduce their support overhead. Pushing out at least a starter driver to get the system online, then a manufacturer update tool to get the latest drivers from the manufacturer's website - this seems like a win for the consumers - as long as it's implemented correctly (think TLS connections, etc).
-
As suspected, the paid PR shills and the community fanboys are starting to come out calling anyone who things what Lenovo did "paranoid".
-
Oh right, so it's SuperFish, there isn't a third "network shim" out there.
I'd already caught up on the latest bit of fun, so much warning clients.
https://darait.co.uk/2015/08/lenovo-another-security-hole-found/
-
@Breffni-Potter said:
Oh right, so it's SuperFish, there isn't a third "network shim" out there.
Yes, Superfish was a network shim that ran a man in the middle attack not just on HTTP but with a signed SSL cert so that it could intercept secure data too like banking information.
-
@scottalanmiller said:
@Breffni-Potter said:
Oh right, so it's SuperFish, there isn't a third "network shim" out there.
Yes, Superfish was a network shim that ran a man in the middle attack not just on HTTP but with a signed SSL cert so that it could intercept secure data too like banking information.
Yeah I know what it did, Just got confused halfway through the thread in case they did it on a separate occasion.
-
@scottalanmiller said:
As suspected, the paid PR shills and the community fanboys are starting to come out calling anyone who things what Lenovo did "paranoid".
Are you saying that against what I just wrote?
The links provided above specifically mention that HP and Dell have been found to be deploying the autochk.exe as well. This isn't just a Lenovo thing.
Granted - Lenovo seems to have gone a step further with their OKO. But I can't say that OKO is crossing the line, if it's malware or tracking, etc - then it's crossing the line, otherwise...
Let's take Lenovo out of this for a second.
If Dell did this, and had a BIOS shim that installed a NIC/WiFi driver that downloaded a Dell support package - would you crucify them?
-
@Breffni-Potter said:
Oh right, so it's SuperFish, there isn't a third "network shim" out there.
I'd already caught up on the latest bit of fun, so much warning clients.
https://darait.co.uk/2015/08/lenovo-another-security-hole-found/
You said 'third'
Are you saying that SuperFish was #1
and Lenovo's driver shim was #2? -
@Dashrender said:
Are you saying that against what I just wrote?
No, I hadn't even seen that you had written anything. In SW a known semi-troll is out using terms like paranoid and claiming that Lenovo did nothing wrong.
-
@scottalanmiller said:
@Dashrender said:
Are you saying that against what I just wrote?
No, I hadn't even seen that you had written anything. In SW a known semi-troll is out using terms like paranoid and claiming that Lenovo did nothing wrong.
OK just checking after our conversation of yesterday
-
@Dashrender said:
If Dell did this, and had a BIOS shim that installed a NIC/WiFi driver that downloaded a Dell support package - would you crucify them?
No, because they don't have a track record of inexcusable behaviour. We are talking about a known malicious entity doing another thing very malicious.
Would I be happy if Dell was doing something similar? No. But if they were at least doing it with good intentions (legit drivers) it would not warrant crucifixion. If they did it to push malware? Absolutely.
