I was in my second year of University and really needed a computer for my studies. My last machine had been an Amiga A1200, which I adored, but sadly was going to be too much work to get it into a useful state for studies. I bought my first PC - a Thinkpad T40 brand new. I was intrigued about the 'embedded securiy subsystem'. Back then things like this seemed cool and exciting to me. I set a password, excited that I could lock the system at such low level. It rebooted, I typed in the password, and it beeped at me an error. I typed it in again, and got another beep. I remember starting to sweat. Third time it worked. I must have typo'd something, so I immediately unset it and never did that again.
Older laptops tend to have all sorts of hacks, master passwords and whatnot, because they realized these scenarios happen and with physical access and enough time it's generally game over any way.
I wish this were possible with current-day phones. I've had multiple instances of a friend or relative either buying or getting handed an older iphone, and if the previous owner did the responsible thing of resetting the phone beforehand, it will refuse to get past initial setup without a stable wifi connection and the previous owner's icloud credentials. Tracing down the previous owner and getting them to change their password or disable the "find my" feature for this one time operation is harder than you'd think, especially if it was passed down multiple hands or the account is from a different person (and the original owner was never aware). In some of these instances we've had no choice but to throw the brick away.
It's not a complete brick; if you give up iCloud and all associated Apple services, you can get a root shell (assuming checkra1n is unpatched on your device & iOS version) and delete the locks and end up with a phone that works fine if you can get an alternative app store on it (which you can if you're able to get a root shell in the first place)[0][1]
It looks like checkra1n is more limited in that case[0][1] so I'm not sure if there are any workarounds that can get you the whole way. I would ask in their bugtracker: https://github.com/checkra1n/BugTracker
Hence the serializing of individual parts on the iPhones nowadays. If you take your iPhone to a store that sources stolen parts, the phone will flag it.
It obviously doesn't stop the supply chain of stolen parts but it makes it so legitimate consumers will ask questions and legitimate stores will be less likely to buy stolen phones for parts.
It's interesting that the ostensible reason for serializing the parts is of great benefit to Apple by basically killing off second-hand parts and third-party repair shops, much like its ostensible privacy-related reasons for locking down ads in the App Store have massively enhanced its own Ads business while crushing its competitors.
In this case, Apple has forcibly become the gatekeeper for all parts, both used and new, and has plausible reasons for why this is good for the customer. It's really quite brilliant.
The responsible thing is for the owner to log out of iCloud before selling the device or giving it away. Google Android works the same way AIUI: if your device is logged into Google and you reset from recovery or bootloader, you'll need to input these credentials due to FRP.
Extremely few people are even aware this is a thing, let alone know how to reset a phone in a way that won't essentially brick the device. I'm not too familiar with how google does it, but considering the average android device is easier to unlock while retaining full functionality, and I've managed to help someone bypass it by setting up a captive portal, I've had less issues with it than with iphones.
The tradeoff is very reasonable: People need to actively engage in the process of relinquishing control over a device that's essentially become an extension of the mind
When said "extension of the mind" is wiped, there's nothing left to lose but monetary value. I agree this was an anti-theft tactic, but in my opinion it does more harm than good given the amount of people that will forget their credentials, throw/give it away without decoupling it, servers that will shut down in the long run (rendering the devices inoperable), and etc.
The idea is that ownership needs to be transferred in a structured and conscious way. A factory reset is not an ownership transfer and Apple are not keeping those operations separate.
For a number of years I used to buy BIOS locked thinkpads off ebay for pittance, do this and sell them again as working. Made a small fortune. Most of them were from ex corps who just pulled the disks out and the disposal company didn't know how to do it.
Eventually my wife got fed up of boxes of bits of laptops everywhere.
Fun, years ago I bought a T60 and I locked it by accident only to spend the night trying to fix it.
I used the same method described here and I actually remember this page http://www.ja.axxs.net/t60_t60p.htm
I had a post on Reddit shit it and people kept finding years later. I would receive a message every once in a while about it, until they stopped completely.
The ASUS Zephyrus series (I'm on a 2022 G14) are fantastic if you can get past the mild gamer aesthetic. Great magnesium build. Lots of keyboard travel. Tons of ports (USB-A, HDMI, etc.) Touchpad works great on Linux, but wake from suspend results in mild bork on the current kernel (fans won't turn on at all, speaker amplifier stays shut off so audio is very quiet) on. Patches resolving this are available [1] and will likely be mainlined in 6.1 [2]. Performance from the AMD CPU/GPU and Micron SSD is bonkers awesome. You can get around 10 hours of use on Linux with conservative backlight settings and disabling the discrete GPU. To top it off, many components are easily replaced. I just upgraded the memory in mine from 16GB to 40GB (the is a socketed SODIMM and 8GB of soldered on memory, so I replaced the 8GB SODIMM).
The m.2 NVME drive is also upgradeable, as is the wireless card. My only real complaint is that the display suffers from backlight bleed along the edges in my unit. That said, the display is also pretty dang great: anti-glare coated, high-refresh, bright, and color accurate.
Yeah, after years of stagnation, the offers for X86 laptops are finally amazing and I expect them to get even better next year with mobile Ryzen 7000 and RDNA 3 APUs moving to 5nm, and who knows, maybe mobile 13th Gen Intel and RTX 4000 could also be good.
My current 13" Ryzen 5800 laptop is no slouch but its Vega iGPU is a bit too long in the tooth for any kind of games, screen could be brighter and battery life could be better. I'm very excited for a laptop upgrade next year.
I usually don’t even consider laptops with dedicated nvidia graphics because dealing with nvidia drivers is more hassle than gain (I don’t do anything gpu-intensive and the intel gpu is enough for me).
A physical mux means you can effectively shut down the dedicated graphics but still drive outputs with the intel embedded gpu. And save battery.
The laptop I have does have a "MUX switch" but is controlled in software. As far as I understand, the benefits of the MUX switch are primarily to graphics performance when working with the discrete GPU. At any rate, my laptop (G14 2022) is all AMD and I haven't had any trouble with the amdgpu drivers on recent Linux kernels.
The MNT Reform 2 has a mechanical keyboard with a nice feel (and it's using off-the-shelf switches so you can replace them if you'd prefer), but it has a weird layout.
The most recent laptops with an actual nice Thinkpad keyboard were X220 or T420, everything after that is chiclets.
> The most recent laptops with an actual nice Thinkpad keyboard were X220 or T420, everything after that is chiclets.
I agree that the Sandy Bridge era (2011) ThinkPads were the last to have a proper 7 row keyboard layout, but there's slightly more to it.
ThinkPad keyboards are made by a variety of OEMs. For the 2011 models, the manufacturers were NMB, Chicony and Alps. The consensus within the ThinkPad enthusiast community is that keyboards from NMB offered the best typing feel, followed Chicony and finally Alps.
You can tell if you have a NMB keyboard by carefully prising off one of the keycaps: if you see a red rubber dome, it's a NMB keyboard. (grey = Chicony; white = Alps). Each keyboard manufacturer has a unique part number (FRU - field replaceable unit in the IBM/Lenovo parlance). Online sellers often mix and match FRUs, so it can't be relied upon to get the NMB keyboard - you need to ask the seller what colour the domes are. The NMB keyboards are sadly becoming more rare and expensive by the day.
FWIW, chiclet machines often had better feel than the 7-row predecessors. E.g. T440p with non-backlit keyboard. This is due to improvements in chassis design - the T440p's magnesium alloy rollcage was solid underneath the keyboard, resulting in 0 keyboard flex.
Agreed. Of course the *40 series had a unique feature of getting security and infra architect consultants to slam them repeatedly on the office desks in clients' offices, due to their special and innovative combined top trackpad / trackpoint buttons :D
(I hear ThinkPad is trying that a abomination again, which means my t25 may have to live another 5 years)
Possibly; I did drop it from large height onto hard floor once, and ever so slightly cracked a corner. A little black sugru fixed it up like new. It survived 3 years of weekly travels before covid otherwise, and several years of young kids since, so I'm hopeful that case won't be a problem.
You can also mod an X230 or a T430 with a xx20 keyboard, which is worth it as the CPU/GPU and USB ports are all a decent upgrade. You need to flash the embedded controller though, to remap the keys - also worth it, to use a third-party battery. The process is not too difficult, you just need to compile the stuff, make a bootable flash drive, and boot from it - no soldering etc.
I think some people are doing mobo swaps (a tiny chinese group called something 51) so you can keep the T60 shell and have a gen 10 core i5 or similar.
The Thinkpads retain good feel until the *30 series. They are 'chiclet', but having had a T40, T60p and X230, I am confident the X230 has the best feel and same travel. The depth of travel continued to the T450 and T450s, but the feel dropped off by then.
There is a gaming laptop with mechanical keys also.
A related question: I very much enjoy the keyboard of my T550 and would like to have some similar USB or wireless Keyboard with German layout, numpad and backlight for my PC as well. Lenovo does not offer anything that matches all these criteria. Any recommendations from other brands?
I got "lucky" with a T60 I bought for €25 last year - only the HD was password-locked (I think there are up to 3 levels of password security possible on the T60), so I solved the problem by replacing the HD with a (higher-capacity) spare I had lying around.
It's cool how shorting pins seems to be a common hack for accessing devices. The way to jailbreak the Nintendo Switch also involves shorting the pins that connect the main device to the detachable controllers.
I believe in the case of the Nintendo Switch, it's an intentional feature to enter a special boot mode, where as here, it kinda looks like it might be a trick rendering some kind of memory unreadable.
Those of you from an even earlier era might remember "lkwpeter" and "alfarome". An era of relative freedom, when security was still only for "keeping honest people honest"...
Nice writeup. It's brought back memories of resetting bios boot passwords on even earlier laptops by shorting out two of the parallel port pins with (iirc) the right value of resistor.
> "...These laptops are classics, but they are really starting to show their age. I’ve even encountered issues like the WiFi chip causing lots of trouble, with the connection being very spotty and borderline unusable."
Is it really a case and there is a reason for WiFi chip degradation?
A friend of mine have found a fun way to bypass the bios password of thinkpads. With some trial and errors, you short some pins on bios eeprom at the right time so it will read all 0xff’s. It just happen to be that all 0xff’s means the bios password is not set.
How would one have figured this out? I assume only because it's documented in a service manual? Would this be within the BIOS if one disassembled the code?
What is an robust business grade solution to BIOS passwords? Didn't write enterprise grade because we have dozens of PCs, not thousands or tenthousands Open source friendly solutions preferred. We use only Linux, no Windows.
We use a password generator, but it happens that some machine cannot be unlocked. We don't assume malice, but the biggest error source is probably data enter error when setting it. You cannot see what you type and in real life it has happened that obviously the same typo was made twice, but later we have not been able to guess what it was.
We have considered that. Not really convincing given the security track record of Intel ME. But of course if you run Intel you cannot avoid it anyway, so whether having it idling or using it actively makes a huge difference who knows.