Navigation

Language Selection

Search

Heads up: Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

Submitted by Roy Schestowitz on Thursday 4th of February 2021 04:45:18 PM Filed under

Truth to be told, RPis is not 100% opensource. Like Intel and AMD CPU/GPU, it comes with a binary closed source firmware too. However, that doesn’t mean, install unwanted software repo and gpg keys secretly on your device without your knowledge. That is what malware does, and hence Linux and the opensource community are upset. I hope they will fix it. Check out Reddit thread with many more suggestions. RPis/OS maintainer should have published a blog post about such a notable change, and doing so without informing RPis users is not great. What do you think? Let us know in the comment section below.

Login or register to post comments
Printer-friendly version
5998 reads
PDF version

Raspberry Pi Users Mortified As Microsoft Repository That Phones

Submitted by Rianne Schestowitz on Thursday 4th of February 2021 06:04:46 PM.

Raspberry Pi Users Mortified As Microsoft Repository That Phones Home Is Added To Pi OS

One of the software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system put out by The Raspberry Pi Foundation. It has been around since 2015 without too much complaint. However, a recent update has some Raspberry Pi OS users up in arms over a key change involving Microsoft.

The latest update installs a Microsoft apt respository on all any machine running Raspberry Pi OS, and does it without any admin consent. As discovered by Reddit user fortysix_n_2, the official reason is an endorsement of Microsoft's integrated development environment (IDE), Visual Studio Code (VSCode), which is fine and dandy. However, it's claimed this even gets installed on headless devices that used a light image without a GUI. As a result, every time you do an "apt update" on your Pi device, the OS pings Microsoft.

Microsoft INFILTRATES Raspberry Pi OS

Submitted by Roy Schestowitz on Thursday 4th of February 2021 10:16:34 PM.

Microsoft INFILTRATES Raspberry Pi OS

Alan Pope: Pitchforks set to Stun

Submitted by Roy Schestowitz on Friday 5th of February 2021 06:45:55 PM.

Alan Pope: Pitchforks set to Stun

The ‘community’ of Linux users has a bit of a problem. It’s not really a community at all. The Linux ‘community’ is a bunch of individuals who have an affinity for running the OS. But there’s a whole set of people who don’t self-identify as part of that community, because they’re just using the thing as a tool, like you’d use a Dremel. I’m not aware of “Dremel User Groups” but then it wouldn’t surprise me if they exist, and there are splinter groups who eschew the electric devcies for more manual ones, probably.

Similarly there’s no real wider single ‘Free Software’ community either. There’s the Popular People’s Front of FSF and the People’s Popular front of Open Source who believe fundamentally different things and target different users. It’s a giant sliding scale, like any community of meatbags.

The ‘Linux Community’ is really more like the Borg with a terrible HSDPA+ connection back to the Borg Cube, pulling in different directions, believing their instructions are utterly correct and serving the same Borg Queen.

So when the Raspberry Pi developers added a new repository containing proprietary software by default to the OS they recommend, some sections of the Linux Community freaked out. Many of those who have a historical dislike of Microsoft as a company, hate the very idea of them encroaching on the Linux world. Some developers have ragequit GitHub when the Microsoft acquisition went through, others mirrored their repos as a hedge if GitHub went “bad”. People will block Microsoft IP addresses in their router to prevent perceived data leaks. Some will concoct elaborate conspiracy theories involving back-room deals which must have happened for developers to accept Microsoft may have changed.

[...]

I’m somewhat torn on this. Having seen backlash when we’ve done things in Ubuntu in the past, communication has almost always been a failing in the strategy. That said, I don’t think the ‘Linux community’ are covering themselves in glory, the way they’re speculating and spinning this. Maybe the Raspberry Pi Foundation should have better documentation of the expectations and limitations of what Pi OS will do, and won’t. The lack of such a covenant doesn’t give them carte blanche, but it is their product. You can choose not to use it if you want.

More from Ubuntu people

Submitted by Roy Schestowitz on Friday 5th of February 2021 10:31:45 PM.

Stephen Michael Kellat: Lay Down The Pitchfork [Ed: Ubuntu made deals with Microsoft and killed off its community, so it's hardly surprising that the Ubuntu 'community' (like Canonical staff) now defends Raspberry Pi doing the same]

Of course, we then reach the unhappy lands in our computer-related realm. Alan Pope touches upon this in his blog post relative to a controversy concerning Raspberry Pi OS. I concur with Alan wholeheartedly.

There comes a point at which we can fight wars over who is the most of pure of heart and deed yet find that nobody wins. Sometimes compromises need to be made in life. Sometimes we don't all have the same goals in life. Alan points out that Raspberry Pi OS is not the same as a more general purpose Ubuntu/Xubuntu/Kubuntu/Lubuntu. There's nothing wrong with that.

If you want more freedom on a Raspberry Pi you can always run NetBSD or some other distro. The infamous DistroWatch has many choices. Choice is wonderful.

Microsoft's take

Submitted by Roy Schestowitz on Saturday 6th of February 2021 09:52:02 PM.

Microsoft repo silently added to Raspberry Pi OS, folks begin the freak out [Ed: Microsoft spinners mock people who worry about a company that calls them "cancer"]

The most recent update has silently added a Microsoft repo to Raspberry Pi OS and its users are not happy.

Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

Submitted by Roy Schestowitz on Sunday 7th of February 2021 12:29:49 PM.

Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

Raspberry Pi is a little useful computer for learning programming and building projects. It comes with Debian Linux based modified operating system called Raspbian. It is the most widely installed OS on RPi. In a recent update, the Raspberry Pi OS installed a Microsoft apt repository on all machines running Raspberry Pi OS without the person’s or admin’s knowledge. Every time a Raspbian device is updated by having this repo, it will ping a Microsoft server. Microsoft telemetry has a bad reputation in the Linux community. Let us see why and how this matters to Linux users.

Microsoft Compromising Raspberry Pi

Submitted by Roy Schestowitz on Sunday 7th of February 2021 09:09:26 PM.

Microsoft Compromising Raspberry Pi

A couple more

Submitted by Roy Schestowitz on Monday 8th of February 2021 09:21:10 AM.

Raspberry Pi OS added a Microsoft repository without informing users

Specifically, Microsoft can identify Raspberry Pi OS users when they access certain services, such as Bing or GitHub (owned by Microsoft), and then build a profile to deliver targeted advertising with that information. One of the main software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system released by The Raspberry Pi Foundation. It's been around since 2015 and this recent update with Microsoft software is a game changer. Free software is not the same as proprietary software, and Linux users tend to keep that in mind.
Raspberry Pi OS added a Microsoft repository without informing users

Specifically, cybercity.biz publishes that the update comes with a code which refers to the Redmond signature package http://packages.microsoft.com/repos/code/dists/stable/main/binary-arm64/Packages, as you can see in the image below.

Linux-based Raspberry Pi OS is secretly installing a Microsoft

Submitted by Rianne Schestowitz on Monday 8th of February 2021 12:36:11 PM.

Linux-based Raspberry Pi OS is secretly installing a Microsoft repo

Raspberry Pi owners are being warned that the officially supported Raspberry Pi OS installs a Microsoft repo without notification.

A recent update to the Debian Linux-based operating system -- previously known as Raspbian -- secretly installs a Microsoft apt repository that can call home to the company's servers. For anyone concerned about telemetry in general, or who is trying to avoid contact with the Windows maker, this is clearly not good news and raises questions about trust.

Raspberry Pi OS added a Microsoft repo...

Submitted by Rianne Schestowitz on Monday 8th of February 2021 07:15:23 PM.

Raspberry Pi OS added a Microsoft repo. No, it’s not an evil secret

We were recently alerted to something of a tempest in a teapot: when the Raspberry Pi Foundation made it easier to install Microsoft's Visual Studio Code development environment, some Linux users mistook it for a sort of Mark of the Beast, with concerns being raised about telemetry and "what Microsoft repo secretly installed without your knowledge."

It's true that an update recently pushed to Raspberry Pi OS added a Microsoft repo to Raspberry Pi OS systems—but it's not true that it added any actual packages whatsoever.

Microsoft talks...

Submitted by Roy Schestowitz on Monday 8th of February 2021 08:09:06 PM.

Raspberry Pi and Visual Studio Code: A great combination [Ed: Microsoft propagandist Simon Bisson (longtime Microsoft mole in the media) now egging on Raspberry Pi to foist Microsoft's proprietary software on users, even against their will]

Raspberry Pis are everywhere. From the tiny new Pico microcontroller to the low-cost desktop PC that's the Raspberry Pi 400, the ARM-based single board computer is a powerful tool that works as well in education as it does as an IoT device. Pis have been to space, track aircraft around the world, manage home media collections, run development Kubernetes clusters, and much more. If it can be done on a computer, it'll be done on a Pi.

Linux OS secretly installs Microsoft repo on Raspberry Pi

Submitted by Roy Schestowitz on Wednesday 10th of February 2021 08:22:01 AM.

Linux OS secretly installs Microsoft repo on Raspberry Pi

Nasty story or technical necessary? In the Raspberry Pi community, there is a shit storm, after an update of the Raspbian operating system secretly installed a Microsoft repo. This repo triggers a ping on a Microsoft server with every update.
Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

With this repository present in your system, every time you perform an update a ping to a Microsoft server is automatically performed. The Redmond house, therefore, will know that you are using the Raspberry Pi operating system, that maybe you have one and your IP address. Profiling that will become more and more accurate by browsing GitHub, Bing, and so on.
Raspberry Pi OS Faces User Pushback After Inclusion of Microsoft Repo After Update

One concern from users is that Microsoft might gather information on the device in use, such as an IP address, then link this to other information to create a targeted advertising profile. For those users who actively attempt to operate below the radar, this could serve as a method of identification.

But for many users, there are bigger issues in play.

First, many users expressed disappointment that an open-source project would update its source repositories without informing the users. Second, that the update adds the Microsoft repository to existing installations is also causing anger.

Today's coverage of RasPi blunder

Submitted by Roy Schestowitz on Thursday 11th of February 2021 10:07:21 AM.

Users Upset as Raspberry Pi OS Now Pings a Microsoft Server During Updates

Any Raspberry Pi users concerned about having the Microsoft repo installed on their computer does have options to avoid it by selecting an alternative OS. Wikipedia offers an extensive list of options. There's also now a big question mark hanging over what else will be added to the official operating system without warning in future, and what that means for trust.
The Raspberry Pi Foundation secretly installed a Microsoft repository

Several days ago the news was released that as part of a recent update in Raspberry OS, the Raspberry Pi Foundation installed a Microsoft repository on all single board computers that trusted it, without the knowledge of their owners.

The maneuver has not gone unnoticed within the community of Linux that is stepping up to oppose lack of transparency and telemetry and Raspberry Pi board users are discussing including a call to the Microsoft repository on Raspberry Pi OS, plus the addition of a Microsoft GPG key for reliable package installation.
Raspberry Pi is calling up Microsoft

Linux people dont like it when the sources.list in Linux is modified without consent -- putting it right up there with killing your first born, so they are extremely miffed.
Does your Raspberry Pi phone call home at Microsoft?

“People didn’t have the opportunity to learn about the new rap until it was added to their sources, along with the Microsoft GPG key. To put it mildly, not very transparent. And in my opinion, not how to act in the world of open source, “- wrote a Reddit user Fortysix_n_2.
Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

And here’s the Microsoft repository added silently.

More in Tux Machines

Librem 14 First Boot

The Librem 14 supports our Pureboot bundle. This includes software based on Heads and Coreboot and a hardware security device called a Librem key. It’s a compelling way to verify your OS has not been tampered with. While most GNU/Linux distros can be installed on the Librem 14, the two supported OSs are PureOS 10 and QubesOS. PureOS 10 code name Byzantium is our flagship OS with security and convenience at its core. QubesOS is a bit less convenient but adds extra software security for those that need it.

DRM and Graphics

Review of Igalia Multimedia activities (2020/H2)

Regarding digital protected media playback, we worked to upstream OpenCDM, support with Widevine, through RDK’s Thunder framework, while continued with the usual maintenance of the others key systems, such as Clear Key, Widevine and PlayReady.
Turnips in the wild (Part 1)

Running games and benchmarks is much more exciting than trying to fix a handful of remaining synthetic tests. Turnip, which is an open-source Vulkan driver for recent Adreno GPUs, should already be capable of running real world applications, and they always have a way to break the driver in a new, unexpected ways.
[Older] Freedreno now supports OpenGL 3.3 on A6XX

I recently joined Igalia and as a way to familiarize myself with Adreno GPUs it was decided to get Freedreno up to OpenGL 3.3. Just recently, Freedreno exposed only OpenGL 3.0. The big jump in version required only two small extensions and a few fixes to get rid of most crashes in Piglit since almost all features were already supported.
GRVK 0.4 Released For Running AMD's Mantle API Over Vulkan

While AMD's Mantle graphics API development has been suspended for more than a half-decade already with the Vulkan API successfully taking off, the open-source GRVK project continues to let Mantle unofficially live on by re-implementing its interfaces over Vulkan. GRVK was started during the pandemic last year and continues maturing in being a more capable Mantle implementation on top of Vulkan. With today's GRVK 0.4.0 release, this Mantle API re-implementation can now run the Star Swarm demo that was one of the original demos for showcasing this AMD API alternative to Direct3D 11 and OpenGL. While Star Swarm is now running with GRVK, the performance is admittedly very low at this point and there are other known issues.

Compact Whiskey Lake embedded PC supports Linux

Portwell’s fanless, Linux-friendly “WEBS-21G0” embedded PC has a 15W TDP 8th Gen Core CPU and offers dual GbE, dual displays, triple USB, dual M.2, and ruggedization features. American Portwell has announced a rugged, 8th Gen Whiskey Lake based embedded computer based on its NANO-6051 Nano-ITX board. The WEBS-21G0 system supports Ubuntu, Yocto, Wind River, and Windows 10 IoT Enterprise running on Core i5 or i3 chips. Based on the NANO-6051 support list, this would suggest Intel’s quad-core Core i5-8365UE (1.6GHz/4.1GHz) and dual-core, 2.2GHz/3.9GHz Core i3-8145UE, both with 15W TDP.

Linux GUI Apps Comes to Windows 10 via WSL [Announcement]

Microsoft announced and provided information about running Linux GUI Apps in Windows 10 via WSL. Here are the details.

Latest News

New Netrunner 21.01 ‘XOXO’ Worthy of Hugs and Kisses

When I last visited the ever-changing Netrunner distribution, I said that Netrunner Linux still went its own way. That was its twentieth rebirthday upgrade over its then 10-year history in late February 2020. The same is true for Netrunner 21.01 XOXO — now with more modern trappings. Today, the two-month-old Netrunner XOXO release is something much more reminiscent of the 1990’s Linux Netrunner’s look and feel. That is not necessarily a bad thing. Netrunner XOXO is a good fit for your general computing needs. In its present form, the developers should stop the constant rebuilding and let this well-running operating system find its audience. I suspect that Netrunner Linux’s sordid history of changes suggested it was not a reliable choice with its own staying power. It clearly has the right stuff to make it a success as a modern desktop with a tinge of yesteryear to give it more classiness. Netrunner — at least until its next unexpected change — is still a Debian-based distribution with a highly refurbished KDE desktop loaded with extra applications, multimedia codecs, Flash, and Java plugins. It has its own look and feel. The result is an enhanced desktop that is very user-friendly on top of a set of controls to make tweaking it fun and efficient.

today's howtos

How to create Cloudwatch alarms for a Lambda Function on AWS

There are various invocation metrics, performance metrics, and concurrency metrics available for Lambda functions in Cloudwatch to monitor. Invocation metrics are the outcome of an invocation and binary in nature, performance details about a single invocation are provided by Performance metrics.
How to Install SQLite and SQLite Browser on Ubuntu 20.04

Sqlite is a lightweight but feature-rich database management system that is widely used in embedded systems like mobile devices. It is basically a relative database management system used for storing structured data in large tables. Other Major Database Management Systems in this series include Microsoft’s SQL Server, MySQL, PostgreSQL, IBM’s DB2, and Oracle Database. Being open-source, SQLite source code can be modified as per the requirement of developers. It is also available for free use in both commercial and non-commercial projects. SQLite runs without the need for a separate server process. Since no server is required for setting up SQLite, an SQLite database instance can be created just like opening a file. It is a C library that has direct access to its stored files. The whole database system is contained in a single library. It is integrated directly into the host program. It is fully compliant with ACID. It uses minimum system resources. With the SQLite browser, we can directly manipulate the files in the SQLite database. It is open source. DB Browser is an example of an SQLite browser. It can be used for creating and editing database files. With the visual interface of a DB browser, you do not need to remember SQL commands. This feature makes it more flexible for new users as well as for developers.
bullseye: doveadm as unprivileged user with dovecot ssl config
How to install JetBrains Rider on Linux

In this guide, we’ll show you how to download and install JetBrains Rider on Linux. However, before we begin, please note that you will need to create a JetBrains account. To do that, head over to their website.
How to use the Nano text editor on Linux

There are many different text editors on Linux, and the community is quite passionate about this subject. However, one text editor stands out from the rest as the easiest to use, especially for beginners. That text editor is Nano.
How to install the Brave Browser on Deepin 20.2

In this video, we are looking at how to install the Brave Browser on Deepin 20.2.
How to install Firefox ESR on a Chromebook in 2021

Today we are looking at how to install Firefox ESR (Extended Release Cycle) on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

Kernel: HiSilicon and AMD Energy Monitoring Driver

CPU Cluster Scheduler Continues To Be Worked On For Linux With Promising Results

HiSilicon engineers continue working on a cluster scheduler that could help the performance of certain x86 and ARM platforms on Linux. HiSilicon has been pursuing this "cluster scheduler" for the Linux kernel in order to enhance the performance of the Kunpeng 920 ARM server chip that has six or eight clusters per NUMA node and each cluster being comprised of four CPU cores with shared L3 cache access among the clusters. But there is also the possibility of this scheduler helping some x86 hardware too, like Intel's Jacobsville is noted for its clusters of Atom cores. The HiSilicon Linux kernel work now up to its sixth round of patches is for exposing this topology and having a CPU scheduler to properly/efficiently deal with the layout. The goal with the scheduler is for spreading unrelated tasks among the multiple clusters to reduce contention and then to also gather related tasks within a cluster for improving cache affinity.
AMD Energy Monitoring Driver Slated To Be Removed From The Linux Kernel - Phoronix

As a surprise and big disappointment, the "amd_energy" driver that exposes AMD EPYC server CPU energy monitoring metrics under Linux for being able to calculate the per-core and package power consumption and more is now set to be removed from the mainline Linux kernel. The removal of this driver sadly isn't for a case like it's being replaced by some superior solution but rather a disagreement in the exposing of the energy data. Last year as a result of the PLATYPUS power attack Linux restricted access to such data to root/privileged users.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Collabora

FOSS Post

Gnu Planet

FOSSLinux

Phoronix

OpenSource.com

Kde Planet

Fedora Magazine

Mozilla