Not to be a nitpicker, but that site looks like a cheesy rip-off of Apple... Why do companies insist on doing this? Be original. Personally, I like the Asus laptops with a Costco return policy. 2 years only, but no hassle.

Look at this picture, particularly the bezel right below the screen, reflecting the keyboard... what is with all that warping????
http://www.system76.com/product_images/serval-8f6a631ac4a249b.png

Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.

It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.

So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.

Windows 2000 did this flawlessly in 1999. My powerbook did it flawlessly in 2002.

My Ubuntu 9.10 and Gnome XFCE desktops still cannot do this properly today.

X is needed for many things in enterprise... SPECTRUM, polling, whatever. Great. Run X when you need it, use something that isn't a terrible piece of junk the rest of the time.

It's time to bin X.

-db