Can’t trust them since the multiple spyware incidents. Fool me four times, shame on me
Eg,
> But it did more than that. It injected a self-signed root HTTPS certificate, which allowed them to hijack any and all encrypted traffic
Different incident
> This malware was hidden in the laptop's firmware, and abused the anti-theft feature in Windows 8 and 10. Whenever the laptop booted up, the executable would be extracted from the firmware at boot-up and installed
> Lenovo cannot install any bloatware on its laptops without customers' express agreement, under the terms of its settlement with the Federal Trade Commission (FTC) over the Superfish scandal.
> On top of a $3.5 million fine that the company agreed to pay in September, Lenovo will now be required to obtain express consent from consumers before any preinstalled software is able to run on a laptop, as well as provide an easy means of uninstalling any Lenovo tools.
This is the only thing stopping me from buying an X1 Carbon. I had decided to buy a Dell Latitude instead, but apparently Dell did something similar [1], so now I don't know what to buy. Maybe a Huawei? AFAIK they haven't been caught in these shenanigans yet, but I still don't feel comfortable with them for some reason.
It depends. If you wan't to run linux, then on your location. If you want to run Windows, i can't help you. As others have allready mentioned, take a look at System76 if you reside in the US. Another option would be https://puri.sm/
I've been buying Fujitsu laptop for all of my friends, relatives, and family for the last 10 years, and all the issues I've had is one dead fan and one shitty touchpad. Tough, reliable, no bloatware, "Made in Japan" sticker... why does nobody in the US talk about Fujitsu laptops?!
What a shame. I was about to recommend Dell as an alternative, based on GitLab's public documentation that recommends it for GitLab employees and indicates decent linux support. [1]
I made the mistake of sticking with Lenovo due to the expectation of good Linux support, and while most stuff works, I can't say I'm particularly impressed. Aside from a loud fan (not sure if that is due to poor Linux support or just a property of the device), the service in the Lenovo online store was impressively bad. Wrong descriptions of the hardware, insane shipping dates that were pushed out over and over, refusing to simply remove the unavailable component without cancelling the order and going to the back of the queue, and last but not least, Lenovo defrauded me by first having me jump through hoops to claim their 'best price warranty' promise then simply refusing to honor it altogether.
I actually have an X280 in my hand. The reason why wanted it was so I would get 5 years of international warranty on it. Turns out most countries don't actually accept the accidental damage coverage from another country(I paid about $600-$700 in coverage, so for the first 3 years it's no better than an AppleCare, which is international as well).
Also when I wanted to switch it for an X1C because the new ones came out while I was waiting for the stock to arrive(and well they shipped me the wrong model without LTE). They wanted to charge me 15% restocking fee not only on the device, but also on Tax and Insurance.
Currently my touchpad randomly dies when the device goes into sleep. I suspect it's related to some recent firmware update that happened.
The amazing premium Lenovo warranty that everyone talks about must have been before my time.
But given that I want international coverage, I really don't know what options I have. Currently it seems better to just buy a framework laptop, save my money on the insurance and just pay for parts as I go.
It's refreshing to buy a nice laptop from a linux vendor who are maintaing their own (ubuntu based) distro and actually shipping a very polished gnome experience.
Edit: Forgot to mention they ship with coreboot too.
Using preinstalled OS is weird. Just reinstall it front the scratch. Issue with Lenovo was that their BIOS injected their malware anyway. Dell is not so advanced.
I wouldn't use the preinstalled OS anyway, no matter if it's Linux or not. The good thing about them offering Linux is that they must ensure hardware compatibility (though I don't recall it having been a problem with Thinkpads) and be ready to give some support, and I also would expect the machine to cost a bit less for using a free OS.
Honest question: how does this firmware spyware affect Linux? If I get a ThinkPad and overwrite the pre-installed OS with my own, would spyware like this be able to do anything on Linux?
I guess they could do the same thing, extract some binary from the firmware pre-boot and inject it to /boot to mess with the boot process... but does that give them viable persistence and ability to do stuff in Linux once the OS is booted?
The "anti-theft" firmware exploits a Windows misfeature where the BIOS can include stuff that Windows will simply install automatically at boot. So it wouldn't directly affect Linux just yet. But firmware can do other shenanigans that would render any system fundamentally insecure (e.g. via SMM).
This thread is about Linux. I know they have been caught for spyware on Windows more than once.
Has there been anything similar bad as worse Intel ME by Lenovo on lower level? (Serious question, I don't know)
I would buy a Linux machine from them mainly to know that drivers exist for all components and not to pay the Microsoft tax (symbolic reason, I don't think you really see a difference in price). I would still install my own Linux as I prefer it. So their spyware would not apply to me, I'd hope.
Of course ideally one should not support shitty vendors. Unfortunately all of them are, just in different ways.
Edit: Well, maybe System76 is not shitty. But they are expensive and still seem to have no European support whatsoever. So not an option for me either.
That makeuseof article from six years ago has little or no relevance to any new ThinkPad you might buy today.
Lenovo's consumer and business divisions are best thought of as nearly separate companies within one conglomerate.
Lenovo (formerly Legend) sold laptops and desktops for years before they acquired IBM's personal computer business. But they didn't just buy the ThinkPad name, the people came along with it.
The old Lenovo became the consumer group, and the IBM team became the business group. It's very common to find different approaches on hardware and software between the two lines.
As an obvious example, every ThinkPad (with some recent exceptions) has a TrackPoint, but no other Lenovo machine does.
This applies to software too. If you see something bad that happened on Lenovo consumer machines years ago, it's very unlikely that it affected ThinkPads. It just wasn't the same people making these kinds of decisions.
The ThinkPad team's bread and butter is not individuals like you or me, it's corporate customers who buy hundreds or thousands of machines at a time - and have IT staff who scrutinize the hardware and software.
The 2015 makeuseof article made three points. Let me address them in reverse order.
(3) BIOS-Based Malware. The source for that reporting is this Ars Technica article:
Near the bottom of the page is a list of the affected models. Note that they were only consumer machines, not ThinkPads.
(2) SuperFish. This was really stupid on Lenovo's part, but again, it was the consumer team who did this. The ThinkPad team would never have allowed something like that, and didn't.
(1) Lenovo Is Spying On You. Some guy bought two refurbished ThinkPads in 2014 and claims they had some Windows spyware. And this is somehow supposed to have anything to do with a Linux ThinkPad you may buy today? Give me a break.
Full disclosure: I am a major ThinkPad fan. I got my first one in 1998, and I have four of them within arm's reach right now: an X1 Extreme and X1 Carbon from work, and my personal P1 and old Yoga 460. Also have a mostly retired W520 and X220 Tablet in the other room, and a few older busted machines. I'm always happy to talk ThinkPads with anyone. :-)
Lenovo's case design does not provide support for the USB-C connectors. The only support is the connector's attachment to the motherboard. If the port is damaged, the motherboard must be replaced.
If you only use USB-C ports with the laptop securely on a table or in a stand, this is not an issue. Sitting the laptop vertically on the floor, with the charger plugged in, and having it tip over onto a chair leg was enough to break the port loose. If you are used to Apple laptops, which provide significant support for USB-C connectors via the case, this may come as a surprise.
If you are coming from a lifetime of Apple laptops: primary cooling is done through the bottom of the laptop. Using it on a lap, pillow, carpet, blanket, etc may adversely impact performance / increase fan noise.
Other than these use-case specific issues, I've enjoyed the laptops. Get the upgraded screens if it fits your budget -- the low cost screens are intended for bulk purchases for corporate use and feel like using a laptop from 10+ years ago.
Current Lenovos: P1 (2020), X1 Carbon (2018), T14s (2019).
Edited to add note about Apple's cases providing USB-C connector support.
I think that pre-installed Linux also means that company is going to provide some customer support, be it BIOS fixes or maybe addressing a driver issue after an OS update.
Without such support it was common to simply get “an unsupported OS” reply, which will necessarily limit how popular product is with non-tech people.
Yep. I've had my X1 Carbon for eighteen months and keep receiving firmware updates via lvfs. Every piece of hardware, fingerprint reader included, works flawlessly out of the box with Fedora.
Does this mean they ensure power-save / sleep works correctly along with using a dock in all sorts of configurations?
I am using a T460s and have always had problems a) the device draining more power on Linux than on Windows; and b) docking/un-docking while sleeping causing a subsequent boot failure.
I have a T590 whose USB driver crashes whenever it's hooked up to a specific combination of daisy-chained monitors through USB-C, causing the laptop to become unresponsive and requiring a hard reboot.
Who knows? I know better than to try Lenovo support, ultimately it'll be a bug in some chipset driver that's "supported", and I haven't got time to debug it.
Lenovo is still far away from Dell in this regard. None of Lenovo's top of the line Thinkpad workstations allow you to choose Ubuntu. The example you've sent has Ubuntu 18.04 which is over 3 years old and not the latest LTS version. It's a pathetic half-assed attempt from Lenovo and they're gonna have to do a lot better if they want to get in to Linux laptop market.
Interesting. I picked the T series [0], as that would be what I would purchase, and it comes with Ubuntu 18.04. I thought they had made a big announcement where they were working with Fedora to get Fedora shipping as their Linux option at the tail end of last year?
Yes although that is the X series, I've been browsing after my comment and had noticed that there is a mix and some seem to be Ubuntu and some Fedora, which is great.
I also appreciate that they are saying that everything should work, including the fingerprint reader which is one thing I'm a little bitter about the XPS series. They'll sell you a laptop that is Linux compatible, but not everything will work.
I have the X1 9th gen.running Ubuntu 21.04. As of now, my Microphone doesn't work, and the get the speakers to be adequate was a challenge (some Dolby Atmos thing). They specify "Linux" as the OS but not which distribution. I'd love to see how the setup is in "Linux" so that the audio system works well.
Other than that, it's a stellar machine. 32GB ram in that form factor and keyboard goes a long way.
Readit News
Eg,
> But it did more than that. It injected a self-signed root HTTPS certificate, which allowed them to hijack any and all encrypted traffic
Different incident
> This malware was hidden in the laptop's firmware, and abused the anti-theft feature in Windows 8 and 10. Whenever the laptop booted up, the executable would be extracted from the firmware at boot-up and installed
https://www.makeuseof.com/tag/now-three-pre-installed-malwar...
Secondary source that mentions FTC fines
> Lenovo cannot install any bloatware on its laptops without customers' express agreement, under the terms of its settlement with the Federal Trade Commission (FTC) over the Superfish scandal.
> On top of a $3.5 million fine that the company agreed to pay in September, Lenovo will now be required to obtain express consent from consumers before any preinstalled software is able to run on a laptop, as well as provide an easy means of uninstalling any Lenovo tools.
https://www.itpro.co.uk/desktop-hardware/29396/lenovo-settle...
God, the laptop market is awful.
[1] https://www.eff.org/deeplinks/2015/11/superfish-20-now-dell-...
Slimbook was mentioned, they are in the UK IIRC.
If you are somewhere else, https://www.tuxedocomputers.com/ might have something for you.
No reset can fix it. They have to replace the motherboard. They had it four months before I finally got them to just replace the machine.
I made the mistake of sticking with Lenovo due to the expectation of good Linux support, and while most stuff works, I can't say I'm particularly impressed. Aside from a loud fan (not sure if that is due to poor Linux support or just a property of the device), the service in the Lenovo online store was impressively bad. Wrong descriptions of the hardware, insane shipping dates that were pushed out over and over, refusing to simply remove the unavailable component without cancelling the order and going to the back of the queue, and last but not least, Lenovo defrauded me by first having me jump through hoops to claim their 'best price warranty' promise then simply refusing to honor it altogether.
[1] https://about.gitlab.com/handbook/business-technology/team-m...
Also when I wanted to switch it for an X1C because the new ones came out while I was waiting for the stock to arrive(and well they shipped me the wrong model without LTE). They wanted to charge me 15% restocking fee not only on the device, but also on Tax and Insurance.
Currently my touchpad randomly dies when the device goes into sleep. I suspect it's related to some recent firmware update that happened.
The amazing premium Lenovo warranty that everyone talks about must have been before my time.
But given that I want international coverage, I really don't know what options I have. Currently it seems better to just buy a framework laptop, save my money on the insurance and just pay for parts as I go.
It's refreshing to buy a nice laptop from a linux vendor who are maintaing their own (ubuntu based) distro and actually shipping a very polished gnome experience.
Edit: Forgot to mention they ship with coreboot too.
https://badssl.com/dashboard/
Or Japanese. I personally don’t like Sony, but they and Fujitsu are alternatives to crapware from the PRC too.
I look forward to using Linux on them shortly.
I guess they could do the same thing, extract some binary from the firmware pre-boot and inject it to /boot to mess with the boot process... but does that give them viable persistence and ability to do stuff in Linux once the OS is booted?
But the problem is working with a vendor that has a track record for compromising its customers.
How do you know they aren't inserting backdoors in the firmware?
The problem is the lack of trust.
To be fair, I'm still spotting an X1, but next time I might consider librem, or something else.
Has there been anything similar bad as worse Intel ME by Lenovo on lower level? (Serious question, I don't know)
I would buy a Linux machine from them mainly to know that drivers exist for all components and not to pay the Microsoft tax (symbolic reason, I don't think you really see a difference in price). I would still install my own Linux as I prefer it. So their spyware would not apply to me, I'd hope.
Of course ideally one should not support shitty vendors. Unfortunately all of them are, just in different ways.
Edit: Well, maybe System76 is not shitty. But they are expensive and still seem to have no European support whatsoever. So not an option for me either.
I thing Dell is amongst the top choices nowadays with regards to Linux laptops.
P.s. I miss the old Thinkpads (the IBM era)
Lenovo's consumer and business divisions are best thought of as nearly separate companies within one conglomerate.
Lenovo (formerly Legend) sold laptops and desktops for years before they acquired IBM's personal computer business. But they didn't just buy the ThinkPad name, the people came along with it.
The old Lenovo became the consumer group, and the IBM team became the business group. It's very common to find different approaches on hardware and software between the two lines.
As an obvious example, every ThinkPad (with some recent exceptions) has a TrackPoint, but no other Lenovo machine does.
This applies to software too. If you see something bad that happened on Lenovo consumer machines years ago, it's very unlikely that it affected ThinkPads. It just wasn't the same people making these kinds of decisions.
The ThinkPad team's bread and butter is not individuals like you or me, it's corporate customers who buy hundreds or thousands of machines at a time - and have IT staff who scrutinize the hardware and software.
The 2015 makeuseof article made three points. Let me address them in reverse order.
(3) BIOS-Based Malware. The source for that reporting is this Ars Technica article:
https://arstechnica.com/information-technology/2015/08/lenov...
Lenovo followed up quickly with a description of the security issue and provided a removal tool:
https://support.lenovo.com/us/en/product_security/lse_bios_n...
Near the bottom of the page is a list of the affected models. Note that they were only consumer machines, not ThinkPads.
(2) SuperFish. This was really stupid on Lenovo's part, but again, it was the consumer team who did this. The ThinkPad team would never have allowed something like that, and didn't.
(1) Lenovo Is Spying On You. Some guy bought two refurbished ThinkPads in 2014 and claims they had some Windows spyware. And this is somehow supposed to have anything to do with a Linux ThinkPad you may buy today? Give me a break.
Full disclosure: I am a major ThinkPad fan. I got my first one in 1998, and I have four of them within arm's reach right now: an X1 Extreme and X1 Carbon from work, and my personal P1 and old Yoga 460. Also have a mostly retired W520 and X220 Tablet in the other room, and a few older busted machines. I'm always happy to talk ThinkPads with anyone. :-)
Dead Comment
Lenovo's case design does not provide support for the USB-C connectors. The only support is the connector's attachment to the motherboard. If the port is damaged, the motherboard must be replaced.
If you only use USB-C ports with the laptop securely on a table or in a stand, this is not an issue. Sitting the laptop vertically on the floor, with the charger plugged in, and having it tip over onto a chair leg was enough to break the port loose. If you are used to Apple laptops, which provide significant support for USB-C connectors via the case, this may come as a surprise.
If you are coming from a lifetime of Apple laptops: primary cooling is done through the bottom of the laptop. Using it on a lap, pillow, carpet, blanket, etc may adversely impact performance / increase fan noise.
Other than these use-case specific issues, I've enjoyed the laptops. Get the upgraded screens if it fits your budget -- the low cost screens are intended for bulk purchases for corporate use and feel like using a laptop from 10+ years ago.
Current Lenovos: P1 (2020), X1 Carbon (2018), T14s (2019).
Edited to add note about Apple's cases providing USB-C connector support.
I don't plan on using the pre-installed Linux, but I appreciate that they're confirming that Linux works with the laptop and all its components.
Without such support it was common to simply get “an unsupported OS” reply, which will necessarily limit how popular product is with non-tech people.
I am using a T460s and have always had problems a) the device draining more power on Linux than on Windows; and b) docking/un-docking while sleeping causing a subsequent boot failure.
Who knows? I know better than to try Lenovo support, ultimately it'll be a bug in some chipset driver that's "supported", and I haven't got time to debug it.
[0] https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-t-ser...
I also appreciate that they are saying that everything should work, including the fingerprint reader which is one thing I'm a little bitter about the XPS series. They'll sell you a laptop that is Linux compatible, but not everything will work.
Actually the X series seems to let you pick you Linux flavour. https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x1/X1...?
Other than that, it's a stellar machine. 32GB ram in that form factor and keyboard goes a long way.