It was in 2009. I possessed the best laptop that I had ever owned…to that point in time anyway. Small, but not cramped. A display that was beyond any adjective. “Dazzling” is what comes to mind, but many would probably categorize that as marketing hyperbole. That’s fine. That laptop lasted almost to the end of 2013 before the motherboard suffered catastrophic failure. I had received the machine already much used. I liked it so much I actually mourned my loss.
I never found one that was even close to the quality of my Lenovo X60s…until recently.
Since I haven’t talked about this to the individual involved, I hesitate to say who he is or who he works for, but holding the position of Supreme-Knower-Of-All-Things-Computer for his employer, he was able to make an extremely generous hardware donation to Reglue.
Among the items donated were seven Lenovo X220 netbooks with i5 quad processors, six gigs of RAM and 320 gig hard drives. It is a rare thing indeed for us to receive laptop donations of this caliber. I have claimed one for myself, that is until an undergrad or new graduate student needs a good laptop. Then I will prepare the one I am using for their use. I haven’t owned a laptop since 2010. I always “borrow” one from Reglue until the next one comes along.
Lather, rinse, repeat.
You may know me to be a huge fan of Lenovo laptops. Their T Series, to me, always stood for “Tank.” That’s “Tank” with a capital T. Since 2005, the IBM/Lenovo T series laptops have been the hands-down most reliable laptop we have ever placed. Right now I can bring to mind 19 or so T-42/43, T-60/61 and T-500 laptops that have been in service for at least five years. They are, in a phrase, the Energizer Bunny of laptops.
However, my love affair with Lenovo laptops, and indeed the Lenovo brand, has hit a rough patch in the past year or so. It seems that Lenovo has been up to some not-so-harmless shenanigans while building their computers. Last February, Lenovo got caught with their hand in the digital cookie jar, by poisoning their systems with what’s been named Superfish.
According to Agam Shah writing in PCWorld:
“Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.
“A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with ‘fraudulent’ business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.
“Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called ‘spyware’ in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.
“The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.”
While Lenovo claimed that this was an innocent way to increase revenue via advertisements, security experts were quick to hold up their collective hands and not allow Lenovo to get off that easy. It seems that those with criminal intent could easily turn this into a way to steal information from a Lenovo desktop via this “innocent” method.
Just about the time most folks had let that faux pas slip into the annals of the news cycle, Lenovo takes dead aim at their other foot and pulled the trigger, this time by targeting my beloved Lenovo Laptops. Oh no Lenovo…say it ain’t so. But it is.
Two weeks ago, Fortune’s Jonathan Chew wrote:
“There may be secret software on your Lenovo laptop.
“Chinese computer manufacturer Lenovo has apparently been caught secretly installing its own proprietary software on Windows PCs, and the software appears near-impossible to remove.
“Multiple users have noticed that Lenovo computers were automatically downloading an application called ‘Lenovo Service Engine’ to their machine, and, disconcertingly, the said firmware would reinstall itself even after a clean reboot of the Windows operating system was performed.”
And while activity like this is pure asshattery, it’s far from an isolated instance.
Many of you may remember that in 2005, Sony tried a similar method of stopping music “theft” by including a back door or rootkit via music CDs released under the Sony/BMG label. The main reason for planting this nefarious code on your computer was so it could phone home to Sony and report your proclivity for sharing certain Sony/BMG label CDs. It was also supposed to stop the copying of CDs, although Linux ignored the sneaky bytes and copied CDs anyway. When caught, Sony had the absolute and pure audacity to claim they had every right to insure the security on their investment by planting a rootkit on your computer.
This is where the real story gets good. Mark Russinovich, one of the co-founders of Winternals Software, discovered the Sony rootkit and broke the story on his blog. The outrage spread across the Internet in a viral story about Sony’s backstreet tactics. This is where the story is supposed to end — Good Guys 1, Bad Guys 0 — but it’s not.
Shortly after Russinovich broke the Sony scandal, he and his company were purchased by Microsoft, where Russinovich maintained his position as chief software architect. The purchase was fast; much faster than these things usually take.
Many of you will say, “So what’s the big deal Ken? Stuff like this happens every day.”
I’ll tell you why.
It wouldn’t be long until people snapped the pieces into place and the sound of slapped foreheads would reverberate around the globe. Windows, of course, is a closed source operating system. That’s not the news. The tie-in Microsoft wanted to stifle by their takeover of Winternals was this: The level and depth by which the Sony rootkit delved into Microsoft code clearly suggested Microsoft’s complicity in the matter. In other words, the next headline could have suggested that Microsoft was neck deep with Sony/BMG in planting this rootkit. The best way to keep the only person who might be able to prove this to be true was to buy him out.
Contemplating this, I enjoyed playing several scenarios out in my head. Here’s one of them:
The huge conference room is quiet with only three men present, Russinovich, Steve Ballmer and Bill Gates. Gates is standing behind Russinovich with his hands on the shoulders of the seated software genius, who stares down at the contract in front of him. The tick of the clock is abnormally loud, as is the breathing of the three men in the room.
Gates breaks the silence.
“Mark, this is an easy matter to understand. When that clock turns to 4 p.m. here in a few minutes, there will be one of two things on the contract in front of you. Your signature or the splatter of your brains.”
Ballmer snorts with laughter as Gates stands firm behind Russinovich, who scribbles his name on the document in front of him.
“Good decision Mark”, Gates says as he pats Russinovich’s shoulder. “Welcome aboard.”
Of course, in this little daydream, the employment contract he signs is leak-proof and clad by the strongest motivation in the universe — fear.
Although that scenaro was only a fun example from Melodrama 101, I still believe the basic premise to be true. Mark Russinovich was bought to keep his silence. Microsoft’s questionable business tactics and backroom deals have been business as usual for decades, so this isn’t really a stretch by any means. However, Microsoft went even further to corral Russinovich into the herd.
This from DailyTech on the 20th of June back in 2006:
“Microsoft also announced that Russinovich will be appointed as a Microsoft Technical Fellow, a title ‘awarded to someone whose technical vision, expertise, and world-class leadership is widely recognized.’ Microsoft currently has 14 Technical Fellows. Analysts are hoping that Russinovich and [Bryce] Cogswell will each add to the stability and security of future versions of Windows.”
Cogswell is Russinovich’s business partner from Winternals.
It seems to me that Microsoft paid a healthy price for his silence. Bill Gates is one of only fourteen people who have been awarded this title by Redmond, which goes to show the rarefied air in which those bearing the title reside.
So here we are. It’s 2015…we are a decade past the whole Sony debacle. But not to be outdone, Lenovo repeats a form of Sony’s idiocy, not once but twice in the same year.
Here’s the thing that gets me about this, which stands out like red paint on a black canvas: In order to bow and scrape their way out of the Superfish mess, Lenovo’s Chief Technology Officer had to admit that neither he nor anyone within Lenovo had any idea that the rouge code regularly made browser traffic information public. I may not be the sharpest cowboy on the lawn mower, but it seems to me that admitting you don’t know the key function of one of your malware applications makes you look like a four-alarm idiot.
I can see the scene as it played out in the board room now: “Idiot, bad guy, idiot, bad guy, idiot, bad guy… Wait, idiots get pity. Let’s be idiots.” And then entered into the board of directors’ meeting minutes as, “Idiots we shall be.”
This whole thing made me take a hard look into the current inventory of Lenovo laptops we have for Reglue use, not just a few minutes spent searching for other known self-inflicted wounds by Lenovo, but a few hours looking into various bios settings and releases from as far back as 2010. I made sure, at least as sure as Internet reporting allows, that our Lenovo inventory is free from known hazards.
FOSS Force has extensively covered open hardware for the past two years, not because we needed content on a slow news week or because our writers are lazy. We’ve discussed open hardware because it is quickly becoming obvious that we cannot trust a growing number of OEMs. To my way of thinking, this nasty business uncovered with Lenovo is nothing but the camel’s nose under the tent. Organizations such as the Open Compute Project (OPC) are leading the way in design and development of enterprise-level equipment.
Those who are concerned about the personal computers they purchase are not being paranoid. As hardware consumers, what guarantee do we have? Actually, the amount of accurate information pertaining to open source desktop and laptop consumer products is pretty good, and a number of us can tackle the job of building a computer from the desk up, but we are a minority. The every day computer user has no clue as to what open hardware is. Worse yet, they have no clue of the dangers that await them when the Lenovos and Sonys of the world decide to poison their computer via their hardware.
The best thing we can do is educate those around us. Outside of that, the only thing we can realistically do is not buy stuff from asshats.
When Sony was busted for their rootkit incident in 2005, I made it a point to completely boycott Sony products. There are those of you who think that product boycotts do not have any bearing on sales for that company or item, but after polling family and extended family members in Texas, it came to light that the majority of those family members were Sony customers. Almost every one of them had a large Sony appliance such as a TV or other media device. Others had two or more Sony products in their home — products they purchased due to the “reputation” of the company. They had no clue what kind of jerks are at the helm at Sony.
I made it a point to educate them and to back that information up with printed or online examples. An encouraging number of said family members vowed to follow my boycott.
In 2013, I took the time to re-poll my family and see just how much they had taken my advice to heart concerning Sony products. About 70 percent of them had purchased a new television during that period and only one of them was from Sony. Everyone else had purposely avoided Sony products. Doing the math: That eight year period had deprived Sony of just over 60K in purchases. Is that a big deal? No, not by itself. But extend that out to your families and then it can begin to make a difference.
Help keep FOSS Force strong. If you like this article, become a subscriber.
Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue