"Alternate mode" allows the Type C jack and cable to act as a conduit for an entirely different protocol(Displayport and MHL have previously been announced, Intel's announcement presumably means that thunderbolt is along for the ride); but only if the system has the hardware necessary to implement whatever the other protocol is, and that hardware is suitably connected to the Type C jack in question. It doesn't actually give a USB 3.1(gen1 or gen2, yes there's that difference as well) device the ability to natively handle the other protocol in the USB silicon, merely to politely carry it from one end to the other, if the upstream device can generate it and the downstream device can accept it.
So, when you combine this with the inevitable variations in how much power is available(spec allows for up to 100watts; but given that very few laptops, much less littler widgets, even have a hundred watt brick for their own needs, it is clearly the case that most Type C ports will be good for substantially less); a Type C port can do almost anything; but is required to do effectively nothing beyond acting as a USB 2 slave device and not starting any fires when plugged in. It might have full USB 3 silicon, it might not. It might support 10GB/s traffic, it might only handle half that; it might deliver 100 watts of power on request, it might be incapable of doing much besides browning out without a powered hub to protect it. It might have implemented one or more 'Alternate mode' protocols, it might support none.
It will certainly be exciting, at least...
Since this is bullshit, we simply treat it as axiomatically true, which sidesteps what would otherwise be a tedious and difficult matter of 'proof'.
If there's potentially malware that embeds itself hard enough to resist a disk wipe, or even replacement, you have to worry about the prior owner's security, incompetence, potential malice, etc. And that's even if you aren't cool enough to have the NSA 'implant' teams intercepting your mail.
Given the size of the secondary market for things with firmware in them(ie. basically all computer parts more sophisticated than cables; and even some of the cables these days), I'm a bit surprised that this hasn't already become an epic clusterfuck. Especially with scary little things like LOM modules, which are full computers, most commonly with independent NICs, that you graft right into the brainstem of your servers. Flooding the market with poisoned LOM cards/modules seems like the sort of thing that might even be worth it for a commercially minded criminal, much less a nation state looking for juicy secrets.
Any bets on what other purposes they have in mind? FPGAs with one or more QPI links built in, for fast interconnect with Xeons? Xeons with FPGAs on die? Intel NICs with substantially greater packet-mangling capabilities, at full wire speed, thanks to reconfigurable logic?
Merely producing FPGAs on a nice process is logical; but could also be done just by selling them fab services. They presumably have a plan that goes beyond that.
Aren't we all smart enough to turn off the adware during install? I even know some old people who turn off "add-ons" that they don't need.
Well, given that adware 'offers' still get injected into installers, I'm going to use my incredible mental thinking skills to hypothesize "no, we aren't".
Aside from that, even if you don't get hit by the adware, having to defang an installer just to use a program leaves the indistinguishable taste of pure sleaze in your mouth for the rest of the process(looking at you, Oracle and the Ask.com toolbar...)
Sourceforge is dragging the GIMP project's name through the mud by bundling this shit, even if they don't hit anyone. That alone is more than enough to be displeased by.
Not as good as a true hardware write protect(in theory, a suitably capable attack might be able to emulate USB HID or ACPI button events); but much more likely to actually happen than anything that requires cracking the case or increasing the BoM.
If I'm attacking systems for the data on them, or to MiTM/trojan/keylog the users of the systems; grab banking credentials and the like; mac users are a conveniently self-selected group of people atypically worth harvesting. Sure, there are a bunch of underemployed baristas with degrees in Individuality using the macbook pro that mommy and daddy bought them to watch movies in their dorm room; but as a whole, thanks to the higher prices, users of OSX devices skew upmarket pretty substantially(iOS devices have some of the same effect; but much less, since at least an iPhone 5c or the like is probably available as the 'free'-with-usurious-contract model on most telcos).
If you are attempting a corporate/institutional intrusion, macs vary in value: they are way, way, less common, frequently absent entirely; but where they are present, their minority status often means very limited integration into the enterprise's legion of 'security' products, IDSes, and everything else that the Windows users complain is causing logins to take 30 minutes. This makes them handy 'beachhead' systems, especially if they are loaded up with Office, Adobe Malware Runtime, and similar stuff that may well have cross-platform or partially shared libraries of vulnerabilities; but much reduced vigilance on OSX clients.
"Previous owner" isn't a scary vulnerability for exploits that live at the OS level; all the refurb stuff typically gets wiped once by the refurb house during their testing process, and re-imaged when it reaches the customer; but it is damn scary for firmware-level exploits. Especially motherboard firmware(HDD firmware exploits are scary; but taking out the HDD and shredding it, then replacing it with another low-capacity-everything-is-on-the-network-anyway boot disk is at least cheap); which compromises the system at a scary-deep level, and also compromises the component that makes up most of the value of the computer.
Without a good OS-level vector, preferably with a nice internet infection capability, it isn't a good candidate for a pandemic; but if this sort of firmware fuckery makes the used market about as reliable as buying street drugs, it will have a major impact.
It's not an easy target; the computer system that ends up replacing your radiologist or your lawyer or whatever will likely have cost far, far, more to develop than the human it replaced did to raise and train(even if you count the human's recreational spending); but the computer's ability to do work will just keep increasing if you buy more silicon, while the human doesn't scale. If you could hire a single radiologist and make him more productive just by buying additional office chairs, you probably wouldn't bother with the robot.
It's just not a terribly nice solution.
Mental health and substance abuse social work looks to be doubly golden. Because the takeover by machines will surely increase the number of unemployed people with mental health and substance abuse problems.
Depends on the political climate: if some bleeding heart is calling the shots, sure; but if it's tough-on-crime time, then the rapidly maturing world of combat robotics will be tapped to provide low-cost 'treatment' solutions to these populations.