In another post this month, I mentioned (or will mention, depending on the publication order that EDN chooses) that I’m in the process of replacing my Microsoft Surface Pro 5 laptop with two successors, a Surface Pro 7+ (SP7+, for short) and a Surface Pro 8 (SP8), both “for Business” variants. The convoluted process by which I eventually obtained the latter system was “interesting”, to say the very least.

My wife had offered to buy me the SP8 as an early anniversary present, so I found a listed-new system on eBay for a bit more than $1,000 (that same system sells for $1,849.99 direct from Microsoft) from highly rated seller “purpletechnado,” a subsidiary of CIT Electronics. The system was listed as coming with Windows 10 preinstalled, which I assumed was a typo since SP8s shipped standard with Windows 11. And although its pictured packaging wasn’t exactly pristine:

the contents seemed brand new, un-touched and otherwise as advertised when it arrived.

When I first-time booted up the system, however, I encountered a few unforecasted glitches:

Factory-resetting the system had no resolving effect, even if I wiped the SSD and reinstalled the operating system from the “cloud”. Sooner or later, I’d get to the same nebulous login point and couldn’t proceed further in the setup process. I contacted the retailer, who said that none of the previous system buyers (the eBay posting had been for seven total available) had reported similar issues (to its credit, the seller paid for return shipping and promptly refunded my wife in full shortly after receiving the returned shipment). Only a few others were still available from the seller, so I bought one versus waiting for my wife’s refund to arrive first. You guessed it:

The story does have a happy ending: “purpletechnado” promptly paid for return shipping and refunded me in full, too, and shortly thereafter I found a comparably equipped SP8 (from another eBay storefront seller) that did have Windows 11 preinstalled and wasn’t corporate-locked…and even included an active warranty through May 2024. Bonus!

Nevertheless, what the heck happened here? First off, I believe that “purpletechnado” is innocent, albeit perhaps ignorant. My guess is that these systems came from a bulk purchase previously made by TTI’s corporate IT department, which either Microsoft or an intermediary partner had custom-configured with Windows 10 before shipping them to the company. TTI subsequently resold its excess system inventory to CIT Electronics, who either wasn’t informed of or didn’t understand what it was getting. And what did it get? The Reddit community clued me in that these systems were “enrolled in [a] corporate MDM [mobile device management] solution”. Here’s more, from one of the respondents:

How the MDM works is that once Windows checks in with Microsoft, it will put you to the MDM onboarding process. It doesn’t matter if that happens from a fresh install or even an entirely new SSD. Windows sends the device signature to Microsoft, Microsoft associates it with the MDM.

 When companies recycle stuff they are usually asked to remove it from the MDM. You could absolutely try asking them to remove it, they very well might. It’s also possible that they will come back and say “Whoa, that device was stolen!” Or they simply ignore you.

In summary: once a company’s IT enables MDM on a system, presumably leveraging a device ID stored in the TPM (trusted platform module) or encrypted in the BIOS (versus, say, just leveraging an easily-gotten-around MAC address), it’s nothing more than a paperweight for anyone else unless that company first subsequently un-enrolls the system from the MDM.

Stepping back, and speaking of TPMs, let’s remember why I’m replacing my SP5 in the first place. It’s because that particular system generation, introduced relatively recently (in mid-June 2017), was deemed by Microsoft to be non-upgradable to Windows 11, which was publicly unveiled only four years later. Why? Because although the SP5 contains a TPM, its implementation generation (v1.2) was deemed insufficient (v2 minimum necessary), and/or because its CPU and associated chipset were deemed inadequate to run Windows 11 robustly (although folks who’ve shoehorned it onto SP5s anyway report that it works just fine).

Lest you think that this is a Windows-only phenomenon, I’ll direct your attention to my long-time friends at iFixit, who report that perfectly good Macs with the ill-fated characteristic of being activated on the original owner’s account are destined only for the landfill unless they’re deactivated first. Analogies to my recently disassembled Amazon Echo Studio are apt. More generally, last weekend (as I write these words in mid-September) I updated two of my currently-in-service Macs to MacOS 12 “Monterey”; my third active system will join them on the MacOS 12-upgraded list once I return from this week’s business trip with it. What was my update motivation? MacOS 11 “Big Sur”, which they’d been running up to this point, falls off the supported-software list next Tuesday with the “gold” release of MacOS 14 “Sonoma”. That said, a year from now, ongoing support for all three of these systems will likely end with the “gold” release of the “Sonoma” successor. Their sin? The absence of Apple’s TPM-equivalent T2 Security Chip, which (non-)ironically finds convenient use in binding hardware to user accounts.

Google’s no saint, either. iFixit again, from earlier this year:

The arrival of the COVID-19 pandemic pushed school districts across the world into a massive, uncontrolled experiment in distance learning. With in-person gathering discouraged, school districts rushed to purchase computers for their students—hundreds or thousands at a time, depending on the size of the district. By and large, Chromebooks were the platform of choice. The inexpensive, lightweight devices offered districts much of what they needed: a common software platform, and access to Internet-based applications for viewing lessons, email, and chat, and so on. Shipments of Chromebooks set records in 2020, reaching 11.2 million units in Q4 2020, a 287% increase over Q4 2019. In all, more than 30.6 million units were sold that year. Three years later, however, many of those devices are nearing the end of their support. That may, in short order, force districts to discard perfectly functioning hardware and replace it for no other reason than that the manufacturer has made a business decision not to support it beyond a certain date.

iFixit’s more recent coverage on the same topic, which also got broad pickup from other media outlets, points out that already-obsolete Chrome OS-based systems are still available for sale at Amazon, Walmart and elsewhere. Google finally responded recently with a half-step extension of guaranteed support to a decade, albeit only for 2019-and-newer Chromebooks. That all said, my Google-branded Pixelbook, which launched in October 2017, is still getting updates, albeit supposedly only until mid-next year…

These multi-vendor, multi-O/S case studies are yet more reminders that buying hardware isn’t a sufficient guarantee of ongoing usage viability. Accompanying software licenses are subject to the developers’ ongoing-support whims. And when that support times out, your exposure to vulnerability-induced hacks exponentially increases from that point forward. Sure, you could port your computer over to run Linux or another open-source software platform instead. But more than 30 years after Linux’ introduction, its installation and ongoing usage remains a viable exercise for only the hard-core among us. For everyone else, there are only two choices:

1. Continue running existing compromise-prone hardware, or
2. Ship it to the dump and replace it (lather, rinse and repeat)

And Linux’ availability means nothing, of course, for folks who own smartphones, tablets, and the like. Concur with or oppose my pessimism? Let me know your thoughts in the comments.

—Brian Dipert is the Editor-in-Chief of the Edge AI and Vision Alliance, and a Senior Analyst at BDTI and Editor-in-Chief of InsideDSP, the company’s online newsletter.

 Related Content