You will definitely be a pioneer if you try this. Unfortunately, I don't think it's possible to predict exactly what you can expect. You might want to investigate Plasma Active for when you're running in full touch mode.

Yeah, I'm leaning towards the carbon instead. I don't know how the switch from keyboard to touchscreen when flipped over would work in linux.

Those always interested me also.

woodsmoke

This hardware looks very interesting from a KDE point of view. I see something here that's already software wise been implemented in KDE distros. Switching from one type of hardware to another type of hardware - with the same piece of gadget.

Many have been puzzled with it, me included, but isn't this the exact kind of job that "Activities" would handle? One side you would have the default desktop, flipping the lid-screen 180 degrees, triggers switching to a "plasma-active-like" activity - makes total sense.

I've said it before, KDE/Qt is the best DE around, not because it offers the best solution - but because it offers a toolbox for numerous solutions, for the users and the developers.

Thinking further; If Lenovo were smart they should ship a couple of these to KDE dev community and let them tinker with it. I would think that this is a hardware manufacturer the size and market share* the KDE community should consider a long term partnership with. Lenovo need to make a bold decision (which this flip-top actually is, it only need the best OS on it - ofc a KDE distro)

*NOTE* Looking at Lenovo market share - I'm completely and utterly wrong about their market share - they are actually the second largest PC vendor in the world - guess I'm still living in 2001
I'll keep my thoughts above on the fact that my own reading and research on Lenovo hardware, I don't have any confidence in their hardware (unlike the rest of the world lol ) so that I would suggest anyone to choose Lenovo. I'd recommend any of the 4 other top 5 candidates, HP, Acer, ASUS & Dell (possibly even a Mac)

*going back to hardware review reading - that's not 10 years old lol *

b.r

Jonas

Remember that Lenovo was originally IBM's personal computer division before they sold it. The old IBMs had top of the line hardware, and the Thinkpad series by lenovo continues that tradition. I've owned the original IBM machines and I own a couple of the Lenovo thinkpad machines and they are all very well made with very good hardware. I can't speak for the less expensive options (the "ideapad" series for example), but they should at least be on par with the Dells and HPs of the world.

And yeah, if they shipped me one, I'd be overjoyed to tinker around and try to make it work

Carefully check the specs of Lenovo laptops that are non-ThinkPads. Sometimes they'll scrimp in odd areas to shave a few dollars off the price. I've seen some models that have only a 10/100 Ethernet interface, for example.

Opened up my Yoga 2 Pro yesterday and the thing looks amazing - tried kubuntu from a usb stick but out-of-the-box experience is not the best. I'm sure KDE will rule on this machine but maybe not just yet.

I ordered a Thinkpad T440s on 15th Dec, was told 15+3 days. Still waiting! The staff at Lenovo are always very polite when I call, but customers really shouldn't have to chase them to find out what's happening!

I expect it'll be worth the wait, though.

I didn't go for a touch screen with mine, for the gorilla arm reason. I just don't think I'd use it, and I don't want my screen covered in fingerprints either! I expect battery life is better without a touch screen, too.

I did put NFC on as an option: if I can get that working with my tablet that'll be perfect for me!

Feathers

NFC worries me because it seems ripe for poor implementation security.

Charlie Miller demonstrates NFC attacks at Black Hat 2012:
https://media.blackhat.com/bh-us-12/...ace_Slides.pdf
http://media.blackhat.com/bh-us-12/B...surface_WP.pdf

NFC Forum responds:
http://www.nfcworld.com/2012/08/01/3...lnerabilities/

Just read those links, interesting stuff.

I didn't realise NFC doesn't require user interaction in some cases, that's strange.

Since someone would actually have to be close to my device to crack it, I'm not particularly concerned.

That probably made you cringe, but seriously... I'm more concerned about systems I don't control with loads of personal data on that make nice juicy targets (ha! Target!) for crackers, than someone specifically targeting me... that's a lot of effort for minimal reward, plus more risk since they can't do it remotely.

I'll not be using NFC for any financial stuff like Google Wallet; I think the convenience of being able to transfer URLs from tablet to laptop outweighs the risks for me personally.

What say you? I'm willing to be convinced otherwise.

The driver for your NFC is a closed-source binary blob. Like with most aspects of a mobile device, you have little control over what's going on behind the scenes, because there is so much more "behind the scenery" (reuse permitted, lol) there than on traditional desktops and laptops.

If you don't intentionally use the NFC to transmit anything other than URLs, there's no reason to believe that the NFC would do otherwise. But you can't truly verify it. This is a risk decision you must make for yourself. (My decision for my phone and tablet: NFC is always disabled. Location sensors are disabled except when I need them, like when I open Maps. Other sensors are left at defaults.)

Now as to your worry about being a target... I believe you already have some experience in this regard, no? While you personally may have little utility to an attacker, your computer has great utility if it can be exploited and converted into a zombie for a botnet. Every computer with an Internet connection shares this potentially great utility. It is disingenuous to believe that no one is out to get you.

Are there no free drivers for NFC? Genuine question, I'll actually be shocked if the answer is "no".


Yeah, unfortunately that's true. Mostly of my own making though, wouldn't you agree? I had to change the defaults to make those programs insecure enough to be susceptible.

Anyway, the type of attacks that I've received have been remote attacks over the internet... you've switched half way through your argument from talking about NFC vulnerabilities, where the attacker is local, to the commonplace interwebz type.

I'm not saying that the internet connection isn't vulnerable, just that it's surely much more difficult to infect a computer via NFC, both due to the technical aspects (not many people would know where to start) and the fact that you'd need some hardware to do the infecting that is local to the target machine, you can't just "do it from China" if you'll permit the cliché. So why bother? Infecting a computer via NFC in order to use it in a botnet... is improbable enough that the utility that NFC provides to me outweighs the risk.

Ready for a shock? Visit https://developers.google.com/android/nexus/drivers. All you get are closed-source binaries. If you build your own Nexus AOSP ROM from source and stop there, most of the hardware won't function. You need to include these drivers in your ROM build.

For non-Nexus phones, it's even worse: the manufacturers (HTC, Nokia, et al) don't provide any downloads at all. The ROM cookers on XDA have to extract the hardware drivers out of existing factory ROMs.

True.

Wait. Nobody engages in full-on analysis and counter-argument on web forums! You're just supposed to shout your opinions as if they were facts and go nah-nah-nah-nah-nah-nah when someone disagrees! LOL. Actually, I think you and I may be operating under different definitions of "local." I view NFC as non-local: the other party in the NFC conversation is certainly near, but is also certainly outside my device. So yes, while the attacks you've experienced have been delivered via the worldwide series of tubes, ... (continued in next reply)

...it is entirely within the realm of possibility to envision an NFC-equipped device that has been remotely infected via some other vulnerability. This device may carry a payload designed to transparently intercept NFC communications after decryption and then forward the clear text over some control channel. Such channels have included DNS to be especially stealthy. Do not underestimate the ability of bad guys to make your computer behave in ways you cannot predict.

One additional point, since we're in the mode of friendly analysis of arguments: arguing from "not many people would know where to start" isn't a strong position. Attackers often have a luxury defenders do not: time. Attackers are usually the earliest to know about vulnerabilities -- after all, it's sort of their job

This is prime example of good risk assessment. And I'd agree: right now, January 2014, such an attack is unlikely. You should not stop using NFC for your purposes just because I'm worrying about how NFC can be abused. Remember, these kinds of worries are my real job.

I was actually thinking about the Kubuntu side of things, but I guess it doesn't matter - it only takes one part of the couple to be compromised for you to have a problem!

Well... you (and the rest!) have raised the bar in this forum, I don't think either one of us could get away with that kind of thing for very long! Everyone's wasting their time in that kind of conversation, anyway, since nobody is listening.

Yeah, true. That's possible, but there are so many things that could go wrong with that piece of malware: the original infection method has to work, and the NFC interception method also has to work. Relating this back to your presentation where you mentioned attack surfaces, imagine you're a malware author: flip it over and call it a "detection surface" rather than an "attack surface" - you've just provided antivirus vendors and hackers with more points of reference to identify the infection and remove it.

Also, I know this isn't what you were arguing, but it's relevant: consider a piece of malware whose infection vector is NFC... an infection that spread through NFC probably wouldn't spread very far, (today, 2014!) since most people don't link a long chain of NFC devices together. I actually don't know anyone, even in my relatively technology literate (engineers, mainly) circle who has used NFC more than a handful of times out of curiosity. So at most, the typical user has two devices that they will touch together to use NFC.

You're right there, I was trying to make a point about the probability rather than the feasibility of an attack like this.

Thanks

I hope your _other_ job has nothing to do with those emails

Feathers