This is why I run Debian. I don't have time to troubleshoot my laptop and my server every time I update them. That being said, I'm kind of biased since I'm a Linux sysadmin for a factory.
And thanks to everyone who does run Arch and posts their solutions on the Arch wiki. It's extremely helpful.
They should be sending out images via flashdrive (since most machines don't have optical drives anymore). Once a box is compromised the OS cannot be trusted again. And they should send them for free. This is a huge breach of trust.
I used to be a big fan of Lenovo's Thinkpads but the quality (and keyboard) has gone downhill in recent models. Preinstalling malware is the final deal-breaker (The TFS says it was to consumer-grade machines, but doing this is a serious breach of trust).
Does anyone recommend a good enterprise-grade laptop? Something like the T400 but with a Haswell chip?
Can the bootloader be unlocked? It seems that any non-nexus devices can only be rooted through running some sort of security exploit against the running OS, which only gets you control over that OS and doesn't let you easily load a new OS.
I'd like to see a device where not only the bootloader is unlocked, but it lets you set your own signing key, re-lock it, and then only boot images you sign. I know this will not be the case for mainstream devices, but I hope there will be a market for such devices among the geek crowd.
It may be a while before the hardware becomes available, but thinking ahead even further, wouldn't it be awesome if you could replace a DIMM or a CPU without shutting down the machine? For really critical servers, this might be a good option to have at some point. It would be quite a challenge to implement something like this since the CPU and memory are so integral to the machine but it doesn't mean it can't be done.
I just got a smart TV, but I've left it entirely disconnected from the network. I connected a Debian box running XBMC to it. I trust that machine far more than whatever is running on the smart TV. The rule for my trusted network is: if I don't have root, it's not trusted. And root is a necessary, but not sufficient condition for trust. For example, my Kindle is rooted, but I still don't entirely trust it since Amazon still has remote control over it.