What an enlightened and rational decision-making process you're using! I mean, I can understand not buying one because you literally just don't want a gaming console. I can even understand not buying one because you disagree with the way that the company has treated its customers in the past (I boycott Sony for the same reason). But in that case, you probably would either have specified such a reason, or just not commented at all. If you had a 360 and were reasonably happy with it, what has Microsoft done that is such a deal-breaker to you?
Seems like we should be *encouraging* these pro-customer policies (not that this one matters very much; you could always have unplugged the Kinect when not gaming; now you can also do it while playing non-Kinect games). Refusing to order, or canceling pre-orders, based on the initial restrictions it would have? That's totally reasonable. But when they reverse on those restrictions, before even a single customer was affected (you haven't bought it yet - you can't, it's not available yet - so by definition you are not yet a customer of this product), that behavior should be rewarded.
Acting like a petulant child isn't going to get you what you want, here. If your goal is to show that anti-customer policies hurt the bottom line, well, you need to show some distinction between how you behave with and without those policies in place. Specifically, you need to ensure that the amount of money they get for anti-customer behavior is less than the amount of money they get for pro-customer behavior. Paying them the same amount (be that zero, or the console price) in *both* situations sends no message at all.
I would argue that reading/dev/random would be much better in this case - yeah, it might block, but you probably shouldn't be pulling large amounts of data out of the RNG. I mean, that's the whole reason we have crypto algorithms, rather than just using a ton of one-time pads; a nice short sequence of bits (128 of them, for typical AES usage) is enough. Yeah, you need IVs (or k-values for ECC) but those don't have to be *securely* random, only unique. In fact, by their very nature, they are public values. I believe you can use a counter for them if you want to. You certainly don't need a *secure* PRNG for them; the most important characteristic there is instead the period (time before it repeats itself),
For people who want a lot of "good" random numbers but don't care if they're "the best" random numbers, I suppose one could leave SecureRandom pulling from/dev/urandom and have NoThisTimeItIsReallyTrulySecureRandom[FactoryFactoryImpl on the end is optional] that reads from/dev/random instead...
That's why there's/dev/random and/dev/urandom. The problem is, they use/dev/urandom for everything, including their so-called SecureRandom implementation.
The problem is that they're using/dev/urandom when they should be using/dev/random./dev/urandom is a PRNG, and apparently (on Android, at least) not a very good one. Dalvik's SecureRandom should be using/dev/random instead - yes, it can block and cause loss of responsiveness (stop doing expensive operations on your UI thread, numbskulls...) - but they went for the less-secure option of using urandom for *everything*.
By "memory" I assume you mean storage, not RAM... there's plenty you can do to recover that space. The OS comes with a disk partition editor! Remove the recovery volume (highly recommended you back it up first in case you need it, though there are places you can download it from other people who have posted theirs online) and you'll get back several gigabytes of space, for example.
The keyboard covers aren't quite as expensive as you say, at least in the USA, but I agree that they shouldn't have been as expensive as they are.
In general though, I agree that they failed to market it well. The only other thing I'd say is that they were idiots to not put in *some* (official) way around the lockdown that disables third-party desktop apps. There's no engineering reason that such lockdown is needed. I personally think they should have embraced ARM instead of treating it as the inherently inferior or toy architecture, but even if they hadn't done that, the need for a jailbreak (and the fact that one appeared so fast) is evidence of how the OS wasn't ready for that kind of lockdown. Jailbroken RT can do a lot of things that stock RT cannot, despite there being less than a hundred app that I know of which have been recompiled (it helps that.NET apps don't *need* to be recompiled...)
For RT, 8.1 is anticipated because it brings Outlook finally.
For Win8 / RT in general, 8.1 brings a lot of improvements like better customization of the Start screen, the ability to use Start search the way people have done since Vista (which is the reason I don't give a damn about the Start screen / menu discussion; who the hell cares what the box that appears for a few milliseconds while I type the start of the name of the program I want to launch looks look?!?). It also brings better multitasking for Metro apps, and more multi-monitor improvements.
If you insist on using the horribly inefficient menu paradigm for launching programs (as opposed to just hitting the Windows key, typing a few letters, and hitting Enter), you can install one of the many Start menu replacement programs, such as Classic Start Menu (free, open source, even available for RT if you jailbreak the OS). The other advantages of Win8 are generally worth it in my opinion (better memory management, faster reboots, better automatic update handling for Windows updates, data usage tracking and automatic reduction of data usage over capped or expensive connections, synching settings across devices, better multi-monitor support even in 8.0 never mind 8.1, vastly improved Task Manager, etc.)
Access to the Play Store on Android - which is necessary for producing what most people think of as "Android" - is not free. Google charges for the "Google Apps" stuff (maps, voice, etc.) as well. Licensing costs for what most people consider to be "Android" are not far off from what licensing RT costs (and actually higher than what licensing WP8 costs, though this is about tablets not phones).
The only companies who have taken the actually free version of Android and made a successful product from it either implemented their own stores and such at significant cost (Amazon, for example) or produced very restricted devices that simply needed a mobile-friendly Linux distro to run their custom software on.
Already commented on this thread, but +1 insightful. Just because Stallman is blind to things outside his zealotry doesn't make him stupid, and he frequently raises valid concerns. Sometimes, they even turn out to be justified. It's as wrong to assume his conclusions are inaccurate as it is to assume they're accurate. It's foolish to ignore him altogether.
However, when reading what he says, do bear in mind his selective blindness and known biases. In fact, do that for everybody. There's hardly anybody out there with whom you could discuss an important, meaningful topic and have them be completely open-minded about it. People form biases. They dislike things that disagree with their worldview, and they ignore things they dislike. Stallman carries it further than most, but he also puts a lot more thought into what he says than most people - even more open-minded people - ever do.
Hardly "just for geeks" at all, actually (or, less politely, "bullshit"). Pretty much all large companies, and many small ones, require disk encryption. Many disk encryption utilities make use of TPMs (even on Linux, as the OP points out). This is already a widely-deployed use of the TPM technology.
Meanwhile, Stallman sounds off about potential evil things that it could be used for, things which there's absolutely no sign of people even working on developing. You compare a hypothetical use case to one that has been widely deployed for years, and call them both "more or less theoretical"? As if that wasn't stupid enough, you then go on to suggest that the one that *isn't* already being widely used is "the most likely to end up being implemented"?
I was too polite the first time. You are an idiot, and you are spouting bullshit. Put down the hallucinogens, do some basic research, and *then* try posting. This goes for whoever modded up that idiocy as well..
LOLwut? Every business laptop I've seen since 2006, and most workstations, have TPMs. These are used by companies with far more need for data security and tight IT restrictions than you can imagine. People who know what the fuck they're talking about (i.e. maybe 50% of the people in this discussion, the OP of this thread is one, the submitter is not) don't have any problem with TPMs because to them it's either a useful tool or an unneeded BIOS/EFI option that ships disabled by default, much like support for booting off of floppy discs.
On the other hand, lots of people use TPMs for useful things. They provide a fast hardware RNG, a place to store encryption keys, and a few other security-related features. There's plenty of software that uses them, but it's all under the control of the user (or administrator, in a corporate environment). Also, as many people have pointed out, it is trivially possible to disable the TPM.
That integration is at least partially present in Windows Mail (and Calendar) as well, allowing people to accept meeting invites and have them automatically go into the calendar, for example. I think you need Outlook for the whole "what time are all these people available at once" and similar features, though.
As an email client, the new Windows Mail has the ability to flag and unflag messages (and filter for just flagged ones), filter for Unread only, thread conversations, show all folders for a given account at once and unread count per folder, mark all mail in a folder as read, delete them all, or create new folders and subfolders. It can also mark (individual or group-selected) messages as being spam or non-spam as appropriate, and so on.
As an app, it now has pretty smooth performance (far better than the originally released version), handles a number of resolutions and aspect ratios pretty gracefully (useful for switching between Portrait and Landscape, or for snapping the app to one side, especially with the new user-controllable split ratios). Search also works pretty well.
It could still stand to be better - for example, it has no support at all for S/MIME (encryption or signing), could use more filtering options (show only messages with attachments, or only messages from a given time frame, or only large messages), could use more control over the number of messages to keep synced (for example, "synch up to 500MB to this device"), and so on. It's mostly usable now, though, which is a big step forward.
They actually are doing that. The Surface RT (and all other WRT devices) is getting the 8.1 update along with x86 Win8. RT 8.1 includes Outlook.
However, the Tegra 3 that the current Surface RT uses is a bit dated. It wasn't terribly cutting-edge even at release, and ARM chips are progressing rapidly. This is mostly just a hardware refresh much like any other.
The Outlook comment isn't saying "these new tablets will be better because they have Outlook", it's saying "part of the reason that RT devices have sold poorly is the lack of Outlook, and by the time these new tablets arrive, they will have Outlook."
The Win8 / WRT Mail app has improved hugely since release. It's still a long, long way from being a true Outlook competitor, but it's now at least as good as any other mobile client I've used (admittedly, this is nowhere near all of them, but I like it better than the one on iOS or the default on Android).
It's not unique to WP8 either; MS just happens to have issued an advisory about it. By default, I don't believe Android validates the SSL certs used for PEAP either.
First point: it didn't "forget" leap years, there was just a logic error in the special-case code that handled them. Forgot to test, perhaps, but not actually forgot. Second point: Microsoft didn't write that code. It was part of the clock module that was built into the hardware that they used. Again, perhaps they should have tested it themselves, but the clock module's code quality itself wasn't Microsoft's fault.
Assuming you don't use certificate validation for the SSL tunnel over which the MS-CHAPv2 communication occurs (which requires configuring each access point manually), then you can spoof the SSL connection (trivially), at which point it's just down to MS-CHAPv2. This algorithm boils down to three DES operations - not 3DES (which has an effective key strength of 112 bits, lower than the weakest AES key but still practically impossible to crack) but three independent and parallelizable DES operations. Each one has a key strength of 56 bits, so the total is (2^56)*3 possibilities, or about 57.585 bits of entropy. Look up CloudCracker; it can break MS-CHAPv2 via brute force in about a day by using massively parallel attacks on DES, and the keyspace just isn't big enough.
Note: "give away their credentials" is a little bit strong. Using custom hardware, CloudCracker can break MS-CHAPv2 in about a day at a reasonable cost, but it's still not feasible to do a massive attack of capturing everybody's creds unless you've got a fair bit of time and money to burn.
On the other hand, if you capture the *right* person's credentials, then that's all you need anyhow.
Oh, that was present well before XP (9x doesn't count, being an inherently single-user OS). The problem here is that the reason the timeout is at 15 minutes is because people figure that if they walk away from their machine for less time than that, there won't be an opportunity for an attacker to do much harm. And, in the vast majority of households, that's true; most people know practically zilch about computers. However, that doesn't mean it makes sense to make it *easy* to extract passwords from a machine what was left unlocked... and this Chrome "feature" does exactly that.
It's going to keep "them" (the typical class of attacker for a home PC, who is barely computer literate and has no idea how to find the tools that are needed to extract passwords out of a running system quickly) from retrieving your passwords in a few seconds. Sure, they could still do it... by Googling for a program to find the passwords, going to that site and downloading it, running it and following the steps... and that's assuming they know to look for such a program in the first place, and that the user's antivirus doesn't block it, and so on. It's also a barrier to entry; by making a dangerous activity more inconvenient, fewer people will do it.
You aren't trying to keep the NSA and FBI out, here. You aren't even trying to keep somebody like the typical Slashdot reader out, here. You're trying to keep out your nosy girlfriend who notices you left your computer unlocked while you stepped out for a piss.
For a car analogy, just because anybody who spends the time and effort to figure out how can trivially gain entrance to any car (ever gotten your keys locked in the car and called AAA?) doesn't mean you shouldn't lock the doors anyhow. It doesn't stand a chance against a determined attacker, but it will slow almost anybody down a bit, require them to do something that looks more suspicious, and will make the effort not worthwhile to the casual would-be attacker.
IE offers to delete the passwords for you, but has no built-in option to show them. They are listed in the Credential Manager, but only as *********; there's no way I can see on Win7 to extract them without digging deeper into the system or getting them one at a time out of the target sites.
The legacy folder name is still there (it's a junction, which is basically a directory hardlink, but it's still there). However, yes, as of NT6 (Vista), the default location for user profiles is the \Users\ directory on the system drive.
I would argue that the Surface Touch Cover (and to a much lesser extent, the Type Cover) qualify as new and innovative... they're certainly impressive engineering, especially when you consider their durability and stiffness (and, in the case of the Touch cover, near-waterproofness).
The funny thing is, aside from the CPU, the OS edition, and the stylus, you just described...
wait for it...
Surface RT!
Office? Yep (well, the most common pieces thereof, including Outlook with 8.1). Network resources? Yep. They won't join a domain (without some hacking; it as actually possible) but they can access domain resources. External monitors? Yep, microHDMI. Attached keyboard and mouse? Yep, standard USB host port (admittedly only 2.0, when the Pro has 3.0, but you can still use with a hub for it for KB+mouse easily). Detachable "proper clicky keyboard" (Type Cover)? Yep. Looks cool / eye-catching? Yep (most people don't even know where to look to see the difference, which is most obvious in the presence of the rim vent).
Too bad that MS crippled RT so much as an OS. It would have been nice to have a good alternative to Atom for people who want a light, low-energy Windows box, even if native programs had to be recompiled (.NET code runs fine on jailbroken RT).
Slashdot Mirror
What an enlightened and rational decision-making process you're using! I mean, I can understand not buying one because you literally just don't want a gaming console. I can even understand not buying one because you disagree with the way that the company has treated its customers in the past (I boycott Sony for the same reason). But in that case, you probably would either have specified such a reason, or just not commented at all. If you had a 360 and were reasonably happy with it, what has Microsoft done that is such a deal-breaker to you?
Seems like we should be *encouraging* these pro-customer policies (not that this one matters very much; you could always have unplugged the Kinect when not gaming; now you can also do it while playing non-Kinect games). Refusing to order, or canceling pre-orders, based on the initial restrictions it would have? That's totally reasonable. But when they reverse on those restrictions, before even a single customer was affected (you haven't bought it yet - you can't, it's not available yet - so by definition you are not yet a customer of this product), that behavior should be rewarded.
Acting like a petulant child isn't going to get you what you want, here. If your goal is to show that anti-customer policies hurt the bottom line, well, you need to show some distinction between how you behave with and without those policies in place. Specifically, you need to ensure that the amount of money they get for anti-customer behavior is less than the amount of money they get for pro-customer behavior. Paying them the same amount (be that zero, or the console price) in *both* situations sends no message at all.
You know, there's only one major console vendor that's ever pulled a stunt like that.
Hint: it's not Microsoft. And the backlash was huge.
I would argue that reading /dev/random would be much better in this case - yeah, it might block, but you probably shouldn't be pulling large amounts of data out of the RNG. I mean, that's the whole reason we have crypto algorithms, rather than just using a ton of one-time pads; a nice short sequence of bits (128 of them, for typical AES usage) is enough. Yeah, you need IVs (or k-values for ECC) but those don't have to be *securely* random, only unique. In fact, by their very nature, they are public values. I believe you can use a counter for them if you want to. You certainly don't need a *secure* PRNG for them; the most important characteristic there is instead the period (time before it repeats itself),
For people who want a lot of "good" random numbers but don't care if they're "the best" random numbers, I suppose one could leave SecureRandom pulling from /dev/urandom and have NoThisTimeItIsReallyTrulySecureRandom[FactoryFactoryImpl on the end is optional] that reads from /dev/random instead...
That's why there's /dev/random and /dev/urandom. The problem is, they use /dev/urandom for everything, including their so-called SecureRandom implementation.
The problem is that they're using /dev/urandom when they should be using /dev/random. /dev/urandom is a PRNG, and apparently (on Android, at least) not a very good one. Dalvik's SecureRandom should be using /dev/random instead - yes, it can block and cause loss of responsiveness (stop doing expensive operations on your UI thread, numbskulls...) - but they went for the less-secure option of using urandom for *everything*.
By "memory" I assume you mean storage, not RAM... there's plenty you can do to recover that space. The OS comes with a disk partition editor! Remove the recovery volume (highly recommended you back it up first in case you need it, though there are places you can download it from other people who have posted theirs online) and you'll get back several gigabytes of space, for example.
The keyboard covers aren't quite as expensive as you say, at least in the USA, but I agree that they shouldn't have been as expensive as they are.
In general though, I agree that they failed to market it well. The only other thing I'd say is that they were idiots to not put in *some* (official) way around the lockdown that disables third-party desktop apps. There's no engineering reason that such lockdown is needed. I personally think they should have embraced ARM instead of treating it as the inherently inferior or toy architecture, but even if they hadn't done that, the need for a jailbreak (and the fact that one appeared so fast) is evidence of how the OS wasn't ready for that kind of lockdown. Jailbroken RT can do a lot of things that stock RT cannot, despite there being less than a hundred app that I know of which have been recompiled (it helps that .NET apps don't *need* to be recompiled...)
For RT, 8.1 is anticipated because it brings Outlook finally.
For Win8 / RT in general, 8.1 brings a lot of improvements like better customization of the Start screen, the ability to use Start search the way people have done since Vista (which is the reason I don't give a damn about the Start screen / menu discussion; who the hell cares what the box that appears for a few milliseconds while I type the start of the name of the program I want to launch looks look?!?). It also brings better multitasking for Metro apps, and more multi-monitor improvements.
If you insist on using the horribly inefficient menu paradigm for launching programs (as opposed to just hitting the Windows key, typing a few letters, and hitting Enter), you can install one of the many Start menu replacement programs, such as Classic Start Menu (free, open source, even available for RT if you jailbreak the OS). The other advantages of Win8 are generally worth it in my opinion (better memory management, faster reboots, better automatic update handling for Windows updates, data usage tracking and automatic reduction of data usage over capped or expensive connections, synching settings across devices, better multi-monitor support even in 8.0 never mind 8.1, vastly improved Task Manager, etc.)
Access to the Play Store on Android - which is necessary for producing what most people think of as "Android" - is not free. Google charges for the "Google Apps" stuff (maps, voice, etc.) as well. Licensing costs for what most people consider to be "Android" are not far off from what licensing RT costs (and actually higher than what licensing WP8 costs, though this is about tablets not phones).
The only companies who have taken the actually free version of Android and made a successful product from it either implemented their own stores and such at significant cost (Amazon, for example) or produced very restricted devices that simply needed a mobile-friendly Linux distro to run their custom software on.
Already commented on this thread, but +1 insightful. Just because Stallman is blind to things outside his zealotry doesn't make him stupid, and he frequently raises valid concerns. Sometimes, they even turn out to be justified. It's as wrong to assume his conclusions are inaccurate as it is to assume they're accurate. It's foolish to ignore him altogether.
However, when reading what he says, do bear in mind his selective blindness and known biases. In fact, do that for everybody. There's hardly anybody out there with whom you could discuss an important, meaningful topic and have them be completely open-minded about it. People form biases. They dislike things that disagree with their worldview, and they ignore things they dislike. Stallman carries it further than most, but he also puts a lot more thought into what he says than most people - even more open-minded people - ever do.
Hardly "just for geeks" at all, actually (or, less politely, "bullshit"). Pretty much all large companies, and many small ones, require disk encryption. Many disk encryption utilities make use of TPMs (even on Linux, as the OP points out). This is already a widely-deployed use of the TPM technology.
Meanwhile, Stallman sounds off about potential evil things that it could be used for, things which there's absolutely no sign of people even working on developing. You compare a hypothetical use case to one that has been widely deployed for years, and call them both "more or less theoretical"? As if that wasn't stupid enough, you then go on to suggest that the one that *isn't* already being widely used is "the most likely to end up being implemented"?
I was too polite the first time. You are an idiot, and you are spouting bullshit. Put down the hallucinogens, do some basic research, and *then* try posting.
This goes for whoever modded up that idiocy as well..
LOLwut? Every business laptop I've seen since 2006, and most workstations, have TPMs. These are used by companies with far more need for data security and tight IT restrictions than you can imagine. People who know what the fuck they're talking about (i.e. maybe 50% of the people in this discussion, the OP of this thread is one, the submitter is not) don't have any problem with TPMs because to them it's either a useful tool or an unneeded BIOS/EFI option that ships disabled by default, much like support for booting off of floppy discs.
On the other hand, lots of people use TPMs for useful things. They provide a fast hardware RNG, a place to store encryption keys, and a few other security-related features. There's plenty of software that uses them, but it's all under the control of the user (or administrator, in a corporate environment). Also, as many people have pointed out, it is trivially possible to disable the TPM.
That integration is at least partially present in Windows Mail (and Calendar) as well, allowing people to accept meeting invites and have them automatically go into the calendar, for example. I think you need Outlook for the whole "what time are all these people available at once" and similar features, though.
As an email client, the new Windows Mail has the ability to flag and unflag messages (and filter for just flagged ones), filter for Unread only, thread conversations, show all folders for a given account at once and unread count per folder, mark all mail in a folder as read, delete them all, or create new folders and subfolders. It can also mark (individual or group-selected) messages as being spam or non-spam as appropriate, and so on.
As an app, it now has pretty smooth performance (far better than the originally released version), handles a number of resolutions and aspect ratios pretty gracefully (useful for switching between Portrait and Landscape, or for snapping the app to one side, especially with the new user-controllable split ratios). Search also works pretty well.
It could still stand to be better - for example, it has no support at all for S/MIME (encryption or signing), could use more filtering options (show only messages with attachments, or only messages from a given time frame, or only large messages), could use more control over the number of messages to keep synced (for example, "synch up to 500MB to this device"), and so on. It's mostly usable now, though, which is a big step forward.
They actually are doing that. The Surface RT (and all other WRT devices) is getting the 8.1 update along with x86 Win8. RT 8.1 includes Outlook.
However, the Tegra 3 that the current Surface RT uses is a bit dated. It wasn't terribly cutting-edge even at release, and ARM chips are progressing rapidly. This is mostly just a hardware refresh much like any other.
The Outlook comment isn't saying "these new tablets will be better because they have Outlook", it's saying "part of the reason that RT devices have sold poorly is the lack of Outlook, and by the time these new tablets arrive, they will have Outlook."
Um, WTF are you smoking? Tegra is an ARM chip. The current Surface RT (ARM) runs on the Tegra 3. The new version will, apparently, run on Tegra 4.
The Win8 / WRT Mail app has improved hugely since release. It's still a long, long way from being a true Outlook competitor, but it's now at least as good as any other mobile client I've used (admittedly, this is nowhere near all of them, but I like it better than the one on iOS or the default on Android).
About 3.7% of smartphone users.
It's not unique to WP8 either; MS just happens to have issued an advisory about it. By default, I don't believe Android validates the SSL certs used for PEAP either.
First point: it didn't "forget" leap years, there was just a logic error in the special-case code that handled them. Forgot to test, perhaps, but not actually forgot.
Second point: Microsoft didn't write that code. It was part of the clock module that was built into the hardware that they used. Again, perhaps they should have tested it themselves, but the clock module's code quality itself wasn't Microsoft's fault.
Assuming you don't use certificate validation for the SSL tunnel over which the MS-CHAPv2 communication occurs (which requires configuring each access point manually), then you can spoof the SSL connection (trivially), at which point it's just down to MS-CHAPv2. This algorithm boils down to three DES operations - not 3DES (which has an effective key strength of 112 bits, lower than the weakest AES key but still practically impossible to crack) but three independent and parallelizable DES operations. Each one has a key strength of 56 bits, so the total is (2^56)*3 possibilities, or about 57.585 bits of entropy. Look up CloudCracker; it can break MS-CHAPv2 via brute force in about a day by using massively parallel attacks on DES, and the keyspace just isn't big enough.
Note: "give away their credentials" is a little bit strong. Using custom hardware, CloudCracker can break MS-CHAPv2 in about a day at a reasonable cost, but it's still not feasible to do a massive attack of capturing everybody's creds unless you've got a fair bit of time and money to burn.
On the other hand, if you capture the *right* person's credentials, then that's all you need anyhow.
Oh, that was present well before XP (9x doesn't count, being an inherently single-user OS). The problem here is that the reason the timeout is at 15 minutes is because people figure that if they walk away from their machine for less time than that, there won't be an opportunity for an attacker to do much harm. And, in the vast majority of households, that's true; most people know practically zilch about computers. However, that doesn't mean it makes sense to make it *easy* to extract passwords from a machine what was left unlocked... and this Chrome "feature" does exactly that.
It's going to keep "them" (the typical class of attacker for a home PC, who is barely computer literate and has no idea how to find the tools that are needed to extract passwords out of a running system quickly) from retrieving your passwords in a few seconds. Sure, they could still do it... by Googling for a program to find the passwords, going to that site and downloading it, running it and following the steps... and that's assuming they know to look for such a program in the first place, and that the user's antivirus doesn't block it, and so on. It's also a barrier to entry; by making a dangerous activity more inconvenient, fewer people will do it.
You aren't trying to keep the NSA and FBI out, here. You aren't even trying to keep somebody like the typical Slashdot reader out, here. You're trying to keep out your nosy girlfriend who notices you left your computer unlocked while you stepped out for a piss.
For a car analogy, just because anybody who spends the time and effort to figure out how can trivially gain entrance to any car (ever gotten your keys locked in the car and called AAA?) doesn't mean you shouldn't lock the doors anyhow. It doesn't stand a chance against a determined attacker, but it will slow almost anybody down a bit, require them to do something that looks more suspicious, and will make the effort not worthwhile to the casual would-be attacker.
IE offers to delete the passwords for you, but has no built-in option to show them. They are listed in the Credential Manager, but only as *********; there's no way I can see on Win7 to extract them without digging deeper into the system or getting them one at a time out of the target sites.
The legacy folder name is still there (it's a junction, which is basically a directory hardlink, but it's still there). However, yes, as of NT6 (Vista), the default location for user profiles is the \Users\ directory on the system drive.
I would argue that the Surface Touch Cover (and to a much lesser extent, the Type Cover) qualify as new and innovative... they're certainly impressive engineering, especially when you consider their durability and stiffness (and, in the case of the Touch cover, near-waterproofness).
The funny thing is, aside from the CPU, the OS edition, and the stylus, you just described...
wait for it...
Surface RT!
Office? Yep (well, the most common pieces thereof, including Outlook with 8.1).
Network resources? Yep. They won't join a domain (without some hacking; it as actually possible) but they can access domain resources.
External monitors? Yep, microHDMI.
Attached keyboard and mouse? Yep, standard USB host port (admittedly only 2.0, when the Pro has 3.0, but you can still use with a hub for it for KB+mouse easily).
Detachable "proper clicky keyboard" (Type Cover)? Yep.
Looks cool / eye-catching? Yep (most people don't even know where to look to see the difference, which is most obvious in the presence of the rim vent).
Too bad that MS crippled RT so much as an OS. It would have been nice to have a good alternative to Atom for people who want a light, low-energy Windows box, even if native programs had to be recompiled (.NET code runs fine on jailbroken RT).