Language Selection

English French German Italian Portuguese Spanish

Heads up: Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

Filed under
Hardware
Microsoft

Truth to be told, RPis is not 100% opensource. Like Intel and AMD CPU/GPU, it comes with a binary closed source firmware too. However, that doesn’t mean, install unwanted software repo and gpg keys secretly on your device without your knowledge. That is what malware does, and hence Linux and the opensource community are upset. I hope they will fix it. Check out Reddit thread with many more suggestions. RPis/OS maintainer should have published a blog post about such a notable change, and doing so without informing RPis users is not great. What do you think? Let us know in the comment section below.

Read more

Raspberry Pi Users Mortified As Microsoft Repository That Phones

  • Raspberry Pi Users Mortified As Microsoft Repository That Phones Home Is Added To Pi OS

    One of the software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system put out by The Raspberry Pi Foundation. It has been around since 2015 without too much complaint. However, a recent update has some Raspberry Pi OS users up in arms over a key change involving Microsoft.

    The latest update installs a Microsoft apt respository on all any machine running Raspberry Pi OS, and does it without any admin consent. As discovered by Reddit user fortysix_n_2, the official reason is an endorsement of Microsoft's integrated development environment (IDE), Visual Studio Code (VSCode), which is fine and dandy. However, it's claimed this even gets installed on headless devices that used a light image without a GUI. As a result, every time you do an "apt update" on your Pi device, the OS pings Microsoft.

Microsoft INFILTRATES Raspberry Pi OS

Alan Pope: Pitchforks set to Stun

  • Alan Pope: Pitchforks set to Stun

    The ‘community’ of Linux users has a bit of a problem. It’s not really a community at all. The Linux ‘community’ is a bunch of individuals who have an affinity for running the OS. But there’s a whole set of people who don’t self-identify as part of that community, because they’re just using the thing as a tool, like you’d use a Dremel. I’m not aware of “Dremel User Groups” but then it wouldn’t surprise me if they exist, and there are splinter groups who eschew the electric devcies for more manual ones, probably.

    Similarly there’s no real wider single ‘Free Software’ community either. There’s the Popular People’s Front of FSF and the People’s Popular front of Open Source who believe fundamentally different things and target different users. It’s a giant sliding scale, like any community of meatbags.

    The ‘Linux Community’ is really more like the Borg with a terrible HSDPA+ connection back to the Borg Cube, pulling in different directions, believing their instructions are utterly correct and serving the same Borg Queen.

    So when the Raspberry Pi developers added a new repository containing proprietary software by default to the OS they recommend, some sections of the Linux Community freaked out. Many of those who have a historical dislike of Microsoft as a company, hate the very idea of them encroaching on the Linux world. Some developers have ragequit GitHub when the Microsoft acquisition went through, others mirrored their repos as a hedge if GitHub went “bad”. People will block Microsoft IP addresses in their router to prevent perceived data leaks. Some will concoct elaborate conspiracy theories involving back-room deals which must have happened for developers to accept Microsoft may have changed.

    [...]

    I’m somewhat torn on this. Having seen backlash when we’ve done things in Ubuntu in the past, communication has almost always been a failing in the strategy. That said, I don’t think the ‘Linux community’ are covering themselves in glory, the way they’re speculating and spinning this. Maybe the Raspberry Pi Foundation should have better documentation of the expectations and limitations of what Pi OS will do, and won’t. The lack of such a covenant doesn’t give them carte blanche, but it is their product. You can choose not to use it if you want.

  • More from Ubuntu people

    • Stephen Michael Kellat: Lay Down The Pitchfork [Ed: Ubuntu made deals with Microsoft and killed off its community, so it's hardly surprising that the Ubuntu 'community' (like Canonical staff) now defends Raspberry Pi doing the same]

      Of course, we then reach the unhappy lands in our computer-related realm. Alan Pope touches upon this in his blog post relative to a controversy concerning Raspberry Pi OS. I concur with Alan wholeheartedly.

      There comes a point at which we can fight wars over who is the most of pure of heart and deed yet find that nobody wins. Sometimes compromises need to be made in life. Sometimes we don't all have the same goals in life. Alan points out that Raspberry Pi OS is not the same as a more general purpose Ubuntu/Xubuntu/Kubuntu/Lubuntu. There's nothing wrong with that.

      If you want more freedom on a Raspberry Pi you can always run NetBSD or some other distro. The infamous DistroWatch has many choices. Choice is wonderful.

    Microsoft's take

    Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

    • Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

      Raspberry Pi is a little useful computer for learning programming and building projects. It comes with Debian Linux based modified operating system called Raspbian. It is the most widely installed OS on RPi. In a recent update, the Raspberry Pi OS installed a Microsoft apt repository on all machines running Raspberry Pi OS without the person’s or admin’s knowledge. Every time a Raspbian device is updated by having this repo, it will ping a Microsoft server. Microsoft telemetry has a bad reputation in the Linux community. Let us see why and how this matters to Linux users.

    Microsoft Compromising Raspberry Pi

    A couple more

    • Raspberry Pi OS added a Microsoft repository without informing users

      Specifically, Microsoft can identify Raspberry Pi OS users when they access certain services, such as Bing or GitHub (owned by Microsoft), and then build a profile to deliver targeted advertising with that information. One of the main software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system released by The Raspberry Pi Foundation. It's been around since 2015 and this recent update with Microsoft software is a game changer. Free software is not the same as proprietary software, and Linux users tend to keep that in mind.

    • Raspberry Pi OS added a Microsoft repository without informing users

      Specifically, cybercity.biz publishes that the update comes with a code which refers to the Redmond signature package http://packages.microsoft.com/repos/code/dists/stable/main/binary-arm64/Packages, as you can see in the image below.

    Linux-based Raspberry Pi OS is secretly installing a Microsoft

    • Linux-based Raspberry Pi OS is secretly installing a Microsoft repo

      Raspberry Pi owners are being warned that the officially supported Raspberry Pi OS installs a Microsoft repo without notification.

      A recent update to the Debian Linux-based operating system -- previously known as Raspbian -- secretly installs a Microsoft apt repository that can call home to the company's servers. For anyone concerned about telemetry in general, or who is trying to avoid contact with the Windows maker, this is clearly not good news and raises questions about trust.

    Raspberry Pi OS added a Microsoft repo...

    • Raspberry Pi OS added a Microsoft repo. No, it’s not an evil secret

      We were recently alerted to something of a tempest in a teapot: when the Raspberry Pi Foundation made it easier to install Microsoft's Visual Studio Code development environment, some Linux users mistook it for a sort of Mark of the Beast, with concerns being raised about telemetry and "what Microsoft repo secretly installed without your knowledge."

      It's true that an update recently pushed to Raspberry Pi OS added a Microsoft repo to Raspberry Pi OS systems—but it's not true that it added any actual packages whatsoever.

    Microsoft talks...

    • Raspberry Pi and Visual Studio Code: A great combination [Ed: Microsoft propagandist Simon Bisson (longtime Microsoft mole in the media) now egging on Raspberry Pi to foist Microsoft's proprietary software on users, even against their will]

      Raspberry Pis are everywhere. From the tiny new Pico microcontroller to the low-cost desktop PC that's the Raspberry Pi 400, the ARM-based single board computer is a powerful tool that works as well in education as it does as an IoT device. Pis have been to space, track aircraft around the world, manage home media collections, run development Kubernetes clusters, and much more. If it can be done on a computer, it'll be done on a Pi.

    Linux OS secretly installs Microsoft repo on Raspberry Pi

    • Linux OS secretly installs Microsoft repo on Raspberry Pi

      Nasty story or technical necessary? In the Raspberry Pi community, there is a shit storm, after an update of the Raspbian operating system secretly installed a Microsoft repo. This repo triggers a ping on a Microsoft server with every update.

    • Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

      With this repository present in your system, every time you perform an update a ping to a Microsoft server is automatically performed. The Redmond house, therefore, will know that you are using the Raspberry Pi operating system, that maybe you have one and your IP address. Profiling that will become more and more accurate by browsing GitHub, Bing, and so on.

    • Raspberry Pi OS Faces User Pushback After Inclusion of Microsoft Repo After Update

      One concern from users is that Microsoft might gather information on the device in use, such as an IP address, then link this to other information to create a targeted advertising profile. For those users who actively attempt to operate below the radar, this could serve as a method of identification.

      But for many users, there are bigger issues in play.

      First, many users expressed disappointment that an open-source project would update its source repositories without informing the users. Second, that the update adds the Microsoft repository to existing installations is also causing anger.

    Today's coverage of RasPi blunder

    • Users Upset as Raspberry Pi OS Now Pings a Microsoft Server During Updates

      Any Raspberry Pi users concerned about having the Microsoft repo installed on their computer does have options to avoid it by selecting an alternative OS. Wikipedia offers an extensive list of options. There's also now a big question mark hanging over what else will be added to the official operating system without warning in future, and what that means for trust.

    • The Raspberry Pi Foundation secretly installed a Microsoft repository

      Several days ago the news was released that as part of a recent update in Raspberry OS, the Raspberry Pi Foundation installed a Microsoft repository on all single board computers that trusted it, without the knowledge of their owners.

      The maneuver has not gone unnoticed within the community of Linux that is stepping up to oppose lack of transparency and telemetry and Raspberry Pi board users are discussing including a call to the Microsoft repository on Raspberry Pi OS, plus the addition of a Microsoft GPG key for reliable package installation.

    • Raspberry Pi is calling up Microsoft

      Linux people dont like it when the sources.list in Linux is modified without consent -- putting it right up there with killing your first born, so they are extremely miffed.

    • Does your Raspberry Pi phone call home at Microsoft?

      “People didn’t have the opportunity to learn about the new rap until it was added to their sources, along with the Microsoft GPG key. To put it mildly, not very transparent. And in my opinion, not how to act in the world of open source, “- wrote a Reddit user Fortysix_n_2.

    • Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

      And here’s the Microsoft repository added silently.

    Comment viewing options

    Select your preferred way to display the comments and click "Save settings" to activate your changes.

    More in Tux Machines

    Librem 14 First Boot

    The Librem 14 supports our Pureboot bundle. This includes software based on Heads and Coreboot and a hardware security device called a Librem key. It’s a compelling way to verify your OS has not been tampered with. While most GNU/Linux distros can be installed on the Librem 14, the two supported OSs are PureOS 10 and QubesOS. PureOS 10 code name Byzantium is our flagship OS with security and convenience at its core. QubesOS is a bit less convenient but adds extra software security for those that need it. Read more

    DRM and Graphics

    • Review of Igalia Multimedia activities (2020/H2)

      Regarding digital protected media playback, we worked to upstream OpenCDM, support with Widevine, through RDK’s Thunder framework, while continued with the usual maintenance of the others key systems, such as Clear Key, Widevine and PlayReady.

    • Turnips in the wild (Part 1)

      Running games and benchmarks is much more exciting than trying to fix a handful of remaining synthetic tests. Turnip, which is an open-source Vulkan driver for recent Adreno GPUs, should already be capable of running real world applications, and they always have a way to break the driver in a new, unexpected ways.

    • [Older] Freedreno now supports OpenGL 3.3 on A6XX

      I recently joined Igalia and as a way to familiarize myself with Adreno GPUs it was decided to get Freedreno up to OpenGL 3.3. Just recently, Freedreno exposed only OpenGL 3.0. The big jump in version required only two small extensions and a few fixes to get rid of most crashes in Piglit since almost all features were already supported.

    • GRVK 0.4 Released For Running AMD's Mantle API Over Vulkan

      While AMD's Mantle graphics API development has been suspended for more than a half-decade already with the Vulkan API successfully taking off, the open-source GRVK project continues to let Mantle unofficially live on by re-implementing its interfaces over Vulkan. GRVK was started during the pandemic last year and continues maturing in being a more capable Mantle implementation on top of Vulkan. With today's GRVK 0.4.0 release, this Mantle API re-implementation can now run the Star Swarm demo that was one of the original demos for showcasing this AMD API alternative to Direct3D 11 and OpenGL. While Star Swarm is now running with GRVK, the performance is admittedly very low at this point and there are other known issues.

    Compact Whiskey Lake embedded PC supports Linux

    Portwell’s fanless, Linux-friendly “WEBS-21G0” embedded PC has a 15W TDP 8th Gen Core CPU and offers dual GbE, dual displays, triple USB, dual M.2, and ruggedization features. American Portwell has announced a rugged, 8th Gen Whiskey Lake based embedded computer based on its NANO-6051 Nano-ITX board. The WEBS-21G0 system supports Ubuntu, Yocto, Wind River, and Windows 10 IoT Enterprise running on Core i5 or i3 chips. Based on the NANO-6051 support list, this would suggest Intel’s quad-core Core i5-8365UE (1.6GHz/4.1GHz) and dual-core, 2.2GHz/3.9GHz Core i3-8145UE, both with 15W TDP. Read more

    Linux GUI Apps Comes to Windows 10 via WSL [Announcement]

    Microsoft announced and provided information about running Linux GUI Apps in Windows 10 via WSL. Here are the details. Read more