Microsoft reveals why no Surface device has Thunderbolt and why you can’t upgrade your RAM

[RedRound2]

1 hour ago, schwellmo92 said:

TB3 is not a massive feature my man. I have had it on my last 3 laptops spanning almost 4 years, I used it once when I bought an eGPU and determined the eGPU experience was trash then promptly sold the eGPU, I have not used it since. At work we have docks and they use USB 3.0 which drive the mouse, keyboard and two 24" 1080p monitors.

You're not supposed to use an RTX 2080 in your eGPU. For now, any second hand cheap grphic card can give you signifcant boost in graphics compared to the integrated graphics and that's a huge plus.

 

How does USB 3.0 protocol support two 24" monitors? And any single port solution will need thunderbolt if you remotely plan on using it to expand IO ports. For example, I plan to get a laptop with TB3 that connects to a dock with regualr sized USB ports, SD cards, ethernet, that daisy chains to an external monitor. And it also charges the laptop. That's only possible with thunderbolt, and that what mac users have been enjoying for quite a while

[Arika]

11 minutes ago, RedRound2 said:

How does USB 3.0 protocol support two 24" monitors?

Display link. 

 

My work setup is the same. Lenovo usb dock easily pushes 2 1080p displays 

[Curious Pineapple]

I just have a laptop with a bunch of ports on it, removable battery, external battery and a dock connector. No dongles, no adaptors, just a port for everything.

[GoodBytes]

1 hour ago, RedRound2 said:

Sure, it's apparently a security risk for microsoft when we have no reports of this vulnerability or explot for the past 4 years TB3 has existed on the market. Both on mac and windows

Ahem:

https://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks-macs/

https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/

 

Microsoft explaining the threat of TB brings to BitLocker

https://support.microsoft.com/en-us/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d

 

HP even made a security alert for its business customers:

http://h20195.www2.hp.com/v2/getpdf.aspx/4AA7-5807ENW.pdf

 

And Microsoft has added a security measure for TB3 security flaw in Windows 10 (disabled by default). However, ignoring any possible performance impact when enabled (probably there is as it is a software solution), when enabled, TB3 device may stop working as it needs to be compatible as well: https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt. And in the end, this is just a software patch to a hardware problem. Probably can still be by-passed.

 

Quote

Surface devices are straight up overpriced. It's even more so than Apple laptops.

 

700$ for wheels on Apple... and Surface is more expensive than Apple? heh. yea ok.

 

Overpriced? Maybe... but they are the only ones making such device, and they are selling very well.

OEMs tries or tried to make similar "more affordable" device, and they only end up with a  lackluster device in the end. making it simply not worth it for most, and people tend to just pay the extra and get the Surface model. HP was the only one that came close with their latest attempt. Still not up to the same level thaugh as the Surface.

 

Quote

Cost isnt an excuse, nor is enginnering to fit in TB3 on PCB when oter companies can easily do it.

On bigger systems. yes. No problem there. Yup, just like ITX boards which is so easy to build, based on what you say. That is why they cost a lot more, and many of them as poor locations of connectors, despite many years of experience in making the, and have to use components significantly more expensive as space doesn't allow cheaper components, especially for ITX models with OC capabilities (might get you better OC results on an ITX board than non-ultra-premium-ATX, heh).

 

Until things gets integrated, compact PCB is very costly, and is a huge puzzle to solve. Remember that saying "oh there is space here" is one thing, but you need to handle the PCB wiring which can't cross others, and its location needs to make sense. Maybe you are fine with the lazy approach:

 

 

Or like the MacBook Air which has a fan that cools nothing. 

 

And maybe you are fine with a Surface Pro with connectors behind instead of the sides, or whatever mess you can imagine. That is you. the reality is that people wants things that makes sense, and things that are properly located, or the best one can. And that is part of the puzzle to make things fits.

 

I am not saying that isn't possible, but that it is costly, for something that 99.99% of users of the device will not use.

Maybe with USB4, Microsoft will come up with something. Maybe now, they'll go "Ok let's invest in making it all fit", and "Ok, let's look into additional hardware security measures (assuming the USB standard for 4.0 doesn't have a fix)

 

Quote

C'mon, stop making lousy excuses for an incomeptant company like MS. They're neither good at making software or hardware, with all of their devices and software constantly plagues with issues, thats prettty much normalied at this point.

There is no excuse, this is how companies (any) work. You evaluate risk. That is what you do all day. So far, Surface Pro sales aren't affected by the lack of TB3, and figures shows that it has increased. So, whatever Microsoft is doing, is working for them. That is all.

 

Quote

TB3 offers massive flexibility and versatility. It's going to be compatible with upcoming USB4 spec and you can connect anything from docks to eGPUs, all of which ware useful for mass consumers once they're actually aware about it. MIcrosoft is supposed to be making the ideal futurisitc windows PCs, and yet they lack this signifcant feature is emabarassing. There's a reason why laptops like Dell XPS is the standar defacto windows laptop

You have the power connector which is a dock connector on teh Surface line product. As for Dell, HP and Lenovo, they have their own docking connector for many of its business line products. So the consumers, aren't locked out from this feature, and USB 3.0 bring enough capability for the average consumer for cheaper dock alternative, complete with multi-screen video output (thanks to, typically, DisplayLink).  Yes, TB3 is better in terms of performance, yes you can drive 5K+ displays which no one has (you are lucky to have 200$ 1080p screen at work for most places), and most consumers and gamers, have a 1080p screen.

[RedRound2]

22 minutes ago, GoodBytes said:

Ahem:

https://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks-macs/

https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/

The first link doesn't say anything about thunderbolt port. All he did mention was he used an network adaptor, which was connected via thunderbolt because there are no other ports on the mac.

 

The second link is more appropriate in this context. But macOS comes out of box with IOMMU which blocks off unrestricted access to memory. Windows however doesn't seem to at least at the time of writing in early 2019. With IOMMU, it can be bypassed, but it's not as straighforward and is more difficutly requiring you to have more sophisticated tools. Also is there any instance of this working when your laptop is locked? Macs are encrypted by default until you unlock it. The potential vulnerability here can only be exploited when you have physical access to the laptop, unlocked. At that point, you dont need thunderbolt vulnability and most windows laptops can easily be hacked. And that is Microsoft's responsibility there

 

But I'm not complaining about general software vulnability in general. There are far easier ways to get into a laptop or a computer when you have physical access and when it's unlocked. This is just microsoft forming up a dumb excuse to not spend the slightly extra amount to make their devices worthwhile.

 

The benefitsof thunderbolt far outweigh the corner case rare situation where a PC is just unlocked and lying around for anyone to actually get in, assuming they also carry around sophiticated thunderbolt network cards in their pockets 

 

[GoodBytes]

1 minute ago, RedRound2 said:

The first link doesn't say anything about thunderbolt port. All he did mention was he used an network adaptor, which was connected via thunderbolt because there are no other ports on the mac.

There is no such security issue with Ethernet, it is because of thunderbolt.

 

1 minute ago, RedRound2 said:

The second link is more appropriate in this context. But macOS comes out of box with IOMMU which blocks off unrestricted access to memory. Windows however doesn't seem to at least at the time of writing in early 2019. With IOMMU, it can be bypassed, but it's not as straighforward and is more difficutly requiring you to have more sophisticated tools. Also is there any instance of this working when your laptop is locked? Macs are encrypted by default until you unlock it. The potential vulnerability here can only be exploited when you have physical access to the laptop, unlocked. At that point, you dont need thunderbolt vulnability and most windows laptops can easily be hacked. And that is Microsoft's responsibility there

 

But I'm not complaining about general software vulnability in general. There are far easier ways to get into a laptop or a computer when you have physical access and when it's unlocked.

Great, we agree that Intel didn't care about security, despite being at its 3rd iteration.

 

Quote

This is just microsoft forming up a dumb excuse to not spend the slightly extra amount to make their devices worthwhile.

Again, as I explained, everything is risk management. They looked at their data from survey, market analysis and more, and they concluded, that at this time, it is not worth putting TB3 in the Surface Pro with a hardware security fix. And, as we can see, from the company financial reports, it didn't impact their sales. That is all.

 

Sure, you COULD make a 0 risk device. Go ahead, make a laptop with floppy drive, blue ray drive, firewire, 10x USB ports with large spacing in between each ports, water cooling system for the CPU and GPU, 5K display 240Hz, RGB LED everywhere, mechanical keyboard with a switch system to rubber dome for quite typing, best in class digitizer, TB3 with custom security chip, front and rear camera that makes the bets phone to shame, and despite a 2080Ti desktop GPU and AMD Epic desktop CPU inside with 0 throttling, you have 12h of battery life under intensive load. Guess what, that is still a high risk device, it will cost you billions to make, and it won't sale. 

[Tech Enthusiast]

So, what are the real use cases for TB then?

I don't even know if my devices ever had it,.. nor have I missed it, or even had a reason to look up if I have it.

 

Just connecting external stuff? What kind of external things need TB and are not fine with USB?

 

If I get a build in and known security issue and the tradeoff is something I don't even need or miss, that sure sounds like a bad deal.

I fully understand and support MS stance on this, unless someone can point out a reason why there absolutely must be TB for reason X. As others have pointed out, there are enough docks that can connect screens, mice, keyboards all without using TB. Then there is the question of how many people actually do use that setup (or should for that matter,... why not have a desktop right there and a laptop when out in the wild?)

[GoodBytes]

45 minutes ago, Arika S said:

Display link. 

 

My work setup is the same. Lenovo usb dock easily pushes 2 1080p displays 

Yup, Dell has a model that can push 2x 4K (3840 x 2160) monitor at 60Hz over USB 3.0

And can push a single 5K display running at 60Hz.

https://www.dell.com/en-ca/shop/accessories/apd/452-bcyt

 

 

[Morgan MLGman]

2 hours ago, Sauron said:

It's not so much about the bandwidth but rather the flexibility of a general purpose port. Docks are useful, especially for something like a surface tablet which doesn't have a lot of ports due to size and design constraints.

I agree that Thunderbolt is better, but I stand by my original statement:

19 hours ago, Morgan MLGman said:

Latest USB standards are more than enough for pretty much anything over 99% of users need in a Surface or a MacBook Air for example...

With the amount of widely-available USB-C docks and the bandwidth + versability of its latest standards, I believe it's more than enough for almost everyone in a device of that grade.

[schwellmo92]

1 hour ago, RedRound2 said:

How does USB 3.0 protocol support two 24" monitors? And any single port solution will need thunderbolt if you remotely plan on using it to expand IO ports. For example, I plan to get a laptop with TB3 that connects to a dock with regualr sized USB ports, SD cards, ethernet, that daisy chains to an external monitor. And it also charges the laptop. That's only possible with thunderbolt, and that what mac users have been enjoying for quite a while

We also run ethernet over the docks and you're actually wrong about TB being requried for charging, that's a Type-C spec.

[GoodBytes]

3 minutes ago, Tech Enthusiast said:

So, what are the real use cases for TB then?

I don't even know if my devices ever had it,.. nor have I missed it, or even had a reason to look up if I have it.

 

Just connecting external stuff? What kind of external things need TB and are not fine with USB?

Yup. You got it. Not actually useful.

You can drive:

• External GPU (but, today, as you can see, their enclosure are still expensive). Heck, even Apple had a manufcature that made an external GPU for their systems, and it sold so poorly that after a couple of months they pulled out.
• Drive a 6K display at 60Hz or drive 3x 4K displays at 60Hz or some other crazy display setup.

And that is about it.

The rest you can do via USB 3.0, including, as mentioned previously drive, "more resable" displays such as: 2x 4K display at 60Hz (via a USB dock with the appropriate DisplayLink graphic chip inside and the display output connectors for this, of course (if it has VGA only, you won't go far, is basically what I am saying). They are around $150-300 depending on the brand, and their capabilities. These unit usually includes other connectors such as Ethernet, additional USB ports, and more.

 

[schwellmo92]

16 minutes ago, Tech Enthusiast said:

So, what are the real use cases for TB then?

I don't even know if my devices ever had it,.. nor have I missed it, or even had a reason to look up if I have it.

WHAT ARE YOU CRAZY?!?! IT'S ESSENTIAL!!!! GET THUNDERBOLT!

[RedRound2]

21 minutes ago, schwellmo92 said:

We also run ethernet over the docks and you're actually wrong about TB being requried for charging, that's a Type-C spec.

Yes, because 10Gbe is very commone among peripherals, let alone laptops. Plus TB3 is 4x faster than the uncommon TB3. What's your point. Using just two or more USB ports would saturate a 10Gbe connecntion. And ethernet has a maximum of 30W. 

 

Also unless you enjoy connecting ultiple cables, you need daisy chain feature. And that's exclusive to thunderbolt spec.

 

Thunderbolt has always historically had power delivery. But USB-C also has. But when we talk about TB3, we're talking about full spec type c, while USB-C can pretty much mean anything from USB 2 with nothing else, all the way to thunderbolt 3

28 minutes ago, GoodBytes said:

There is no such security issue with Ethernet, it is because of thunderbolt.

So you're saying there are no ethernet vulnarbilities? And it's only because of thunderbolt that's possible. Point it to me in that article, because i didnt see anything referring to thunderbotl

Quote

Again, as I explained, everything is risk management. They looked at their data from survey, market analysis and more, and they concluded, that at this time, it is not worth putting TB3 in the Surface Pro with a hardware security fix. And, as we can see, from the company financial reports, it didn't impact their sales. That is all.

Not many people even buy surface. It's an overpriced. It has retained the same design for past 7 years and its consntanly plagued with software issues. And to top it off, they dont even offer features that literally everyone else offers in the segment. So your point is moot.

Quote

Sure, you COULD make a 0 risk device. Go ahead, make a laptop with floppy drive, blue ray drive, firewire, 10x USB ports with large spacing in between each ports, water cooling system for the CPU and GPU, 5K display 240Hz, RGB LED everywhere, mechanical keyboard with a switch system to rubber dome for quite typing, best in class digitizer, TB3 with custom security chip, front and rear camera that makes the bets phone to shame, and despite a 2080Ti desktop GPU and AMD Epic desktop CPU inside with 0 throttling, you have 12h of battery life under intensive load. Guess what, that is still a high risk device, it will cost you billions to make, and it won't sale. 

Yeah, but im talking about a simple thunderbolt 3 port. Which is definitely possible as demonstrated by, again, literally everybody else. Not a huge 6 line list of specs on a laptop. Stop justifying for microsoft again and again. They're not going to pay you for this.

[schwellmo92]

2 minutes ago, RedRound2 said:

Yes, because 10Gbe is very commone among peripherals, let alone laptops. Plus TB3 is 4x faster than the uncommon TB3. What's your point. Using just two or more USB ports would saturate a 10Gbe connecntion. And ethernet has a maximum of 30W. 

 

You have actually lost me I have no clue what you are talking about. USB Type-C Power Delivery spec allows the port to accept 100w of power, the exact same as TB3.

 

10Gbe would not be possible without TB3, sure. But how many people actually need 10Gbe? And if you do need it, sure get a laptop with TB3. TB3 is very niche, 99% of people don't actually need it and wont need it for years to come.

[schwellmo92]

8 minutes ago, RedRound2 said:

Thunderbolt has always historically had power delivery. But USB-C also has. But when we talk about TB3, we're talking about full spec type c, while USB-C can pretty much mean anything from USB 2 with nothing else, all the way to thunderbolt 3

Who cares about historically? USB Type-C has a specification "Type-C Power Delivery" to confirm that the port takes up to 100w. The Thunderbolt 3 Power Delivery uses the USB Type-C specification, it is not its own thing.

 

[Tech Enthusiast]

No one claims TB is not amazing.

Just like a 2000 horse power car would be amazing for buying groceries.

 

The question is: What does TB offer that warrants the security issues? Who would actually notice TBs strong points? What kind of setup is required for TB to shine, that USB can't do just as well. You can always construct a use case, no doubt. But how many people would be actually using that use case in a real environment, outside a forum for bragging rights?

 

Again. We all agree TB is amazing. We just don't seem to agree on whether it is actually needed for anything reasonable.

If you can do all you need to do without the added security issue, why would you want it anways? 

And if a certain percentage of customers don't need something with a security issue, isn't it the best thing to do... to not include it?

 

We don't know how many people refuse to buy a surface due to this, but we can have a very good guess at how many people actually need the small difference between what USB 3 can do and what only TB can do.

 

From all I gathered up to now, the group of people really NEEDING TB seems quite small. Like 1/10.000 people small, or even smaller.

Even if it was 1/1000 "big" (and that would certainly stretch it a lot), the argument to screw over the 999 people, so the 1 guy can connect a crazy 5k multi monitor setup to his tablet would certainly be a bad idea. Don't we agree on that?

[RedRound2]

2 minutes ago, schwellmo92 said:

You have actually lost me I have no clue what you are talking about. USB Type-C Power Delivery spec allows the port to accept 100w of power, the exact same as TB3.

 

10Gbe would not be possible without TB3, sure. But how many people actually need 10Gbe? And if you do need it, sure get a laptop with TB3. TB3 is very niche, 99% of people don't actually need it and wont need it for years to come.

Do I really have to quote you

 

25 minutes ago, schwellmo92 said:

We also run ethernet over the docks and you're actually wrong about TB being requried for charging, that's a Type-C spec.

I just described you the shortcoming of ethernet based docks. And again, as I said TB3 offers enough headroom for you to connect multiple USBs, SD Cards, ethernet, pretty much whatever you want in one cable. It's pretty much the ultimate expansion device. And having extra headroom is never a bad thing. You're losing nothing over it.

 

I didn't say people need 10Gbe. Read again.

[schwellmo92]

1 minute ago, RedRound2 said:

I just described you the shortcoming of ethernet based docks.

When have we ever discussed ethernet based docks? The docks connect over USB 3.0.

[RedRound2]

2 minutes ago, schwellmo92 said:

Who cares about historically? USB Type-C has a specification "Type-C Power Delivery" to confirm that the port takes up to 100w. The Thunderbolt 3 Power Delivery uses the USB Type-C specification, it is not its own thing.

Ugh, sigh. I said historically thunderbolt had power delivery, implying that thunderbolt 2 also had power delivery. Why would they add an additional lane for power when they can just make use of Type-C standard? You brought power delivery as some sort of argument when it didnt matter. That was point. Read, again

[RedRound2]

3 minutes ago, schwellmo92 said:

When have we ever discussed ethernet based docks? The docks connect over USB 3.0.

What does

"We also run ethernet over the docks" mean?

 

Okay, if we used USB 3.0 as your interface, you would saturate it with one USB 3.0 device, with SDcard, or another usb or even ethernet being useless. That's literally the definition of bottleneck that any PC enthusisats strives to avoid

[schwellmo92]

4 minutes ago, RedRound2 said:

What does

"We also run ethernet over the docks" mean?

 

Okay, if we used USB 3.0 as your interface, you would saturate it with one USB 3.0 device, with SDcard, or another usb or even ethernet being useless. That's literally the definition of bottleneck that any PC enthusisats strives to avoid

We plug ethernet cable in to the dock and then USB cable in to our laptops and we get ethernet over USB, the same way the TB3 docks with ethernet work.

[Tech Enthusiast]

PC Enthusiasts also don't try to run every device there is from their tablet tho.

You seem to argue that TB can connect everything to a single device,... that does not have anything itself.

 

Yes, that seems to be true. But who in the world would do that? That sounds like a fancy tech demo to show it is possible, but why would anyone want to do it in a real setting?

If you need several screens, a keyboard, a mouse, some external drives and SD card reader.... how about buying a device that fits the job and not go out of your way to try and make your calculator connect to enough external things at once? 

 

I just don't see the reasoning behind this idea.

In the past 12 years I have been in about 75 IT companies raging from 4 to 5000 people. And while some have used laptops they carry to work every day, they always claimed the situation to be "temporary" only until they have the money to get real machines in the office. Some had people mainly working on external customers, which obviously did have laptops for that. But I remember only 3 not having a full desktop setup anyways. Getting a full-blown Desktop + Laptop is a business expense companies just write off from taxes, while plugging in your tablet do "work" is a rarity at best.

[leadeater]

1 hour ago, Tech Enthusiast said:

Just like a 2000 horse power car would be amazing for buying groceries.

Hell yea, I want this 

 

1 hour ago, Tech Enthusiast said:

The question is: What does TB offer that warrants the security issues?

For me the thing that looks the most useful is the capability to provide PCIe lanes over it, because with that you can connect basically any device. That is a big functional difference compared to USB, not having to implement a USB interface on the device which might not actually work with what you want to do.

 

TB external RAID arrays come to mind, USB interface would cause far low IOPs performance so even if throughput was similar TB would be comparing NVMe SSD to SATA SSD IOPs wise. Not that SATA SSD IOPs performance is bad or anything, but to get that you do need the more modern USB 3.2 specs (think all of them are fine here).

 

Other examples would be things that need DMA but honestly I've seen very few things actually use TB which to me shows it's actual usefulness is limited, to me if it was solving real world limitations that people were experiencing and needed a solution for adoption would happen and quickly. I can only point to 3 usages that cover that: eGPU, Ethernet and external disk arrays (which USB 3.2 has already addressed now so only 2?).

[leadeater]

51 minutes ago, Tech Enthusiast said:

Yes, that seems to be true. But who in the world would do that?

Apple? lol

[StDragon]

2 hours ago, Arika S said:

Display link. 

 

My work setup is the same. Lenovo usb dock easily pushes 2 1080p displays 

If you can, avoid DisplayLink if you value GDI acceleration or require OpenGL or DirectX functionality. I've seen real-world problems with using that tech. Examples include but not limited to

• Browsers crashing when dragging Firefox from one monitor over to another (Intel iGPU laptop screen over the DisplayLink connected monitor)
• Slow performance with Microsoft Outlook until you go to Advanced settings and check "Disable hardware graphics acceleration"
• Google Earth not rendering.

All of those problems have workarounds or fixes that involve settings, updating the app, or installing the latest DisplayLink driver.

 

With TB docks, the monitors tap right into the iGPU. Problem solved. The real problem is the cost of TB docks over USB3 variants. But DisplayPort does not pass through USB3, that only occurs with TB.