Heads up: Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

[tehpope]

Raspberry Pi is a little useful computer for learning programming and building projects. It comes with Debian Linux based modified operating system called Raspbian. It is the most widely installed OS on RPi. In a recent update, the Raspberry Pi OS installed a Microsoft apt repository on all machines running Raspberry Pi OS without the person’s or admin’s knowledge. Every time a Raspbian device is updated by having this repo, it will ping a Microsoft server.

https://www.cyberciti.biz/linux-news/heads-up-microsoft-repo-secretly-installed-on-all-raspberry-pis-linux-os/

 

[MarvinTheParanoidAndroid]

Is there even a point or purpose to this other than just compromising security and invading privacy? I guess the questions about Raspberry Pi being truly secure just got an answer.

 

[TheShedCollector]

Is there even a point or purpose to this other than just compromising security and invading privacy? I guess the questions about Raspberry Pi being truly secure just got an answer.

It was never meant to be secure or private. The Raspberry Pi and it's related operating system was meant to be cheap, easily expandable and compatible with hundreds of programming languages for children and amateur robotics fans to get some practice.

Anyone expecting privacy will use something like TailsOS. Anyone using Raspbian as a privacy OS is a fool.

 

[Pee Cola]

If that isn't a good reason to run RISC OS on a RPi, I dunno what is.

 

[Spedestrian]

Heads up: paranoid autists chimp out over nothingburger, treat everyday software behavior as a massive security breach.

Is there even a point or purpose to this other than just compromising security and invading privacy?

Literally all they did was add a Microsoft code repo to the list of repos that apt install uses to look for packages and add the GPG key required to verify the authenticity of packages received from said repo. They did this so that people could use apt install to install VS Code IDE. It's entirely unsurprising that they'd add that repo since the Raspberry Pi Foundation officially endorses the software.

They didn't compromise anyone's security or invade anyone's privacy. The update was part of a publicly-announced change to the raspberry-pi-sysmods package — the code that adds the repo and GPG key is in the postinstall script. The only way this repo was added to anyone's Raspberry Pi without their knowledge is if they blindly updated that package without reading the changelog, i.e. were so careless that they've lost all right to bitch about privacy and security.

Shit, it's not even a big deal to have this repo on your list unless you're a tinfoil pantshitter who cares about Microsoft knowing that there's a Raspberry Pi at whatever IP address you're running it on. If you use any Microsoft software you're already giving them similar information, and quite possibly a lot more unless you've gone out of your way to lock shit down. Anybody who's concerned enough about Microsoft to be upset by this change should already be blocking Microsoft's shit at a firewall level anyway.

The Raspberry Pi is a mass market "learn to code" box. Microsoft Visual Studio is an incredibly popular IDE, especially in educational settings. Raspbian updated their software to make it easier for people to install the "learn to code" IDE on their "learn to code" box. As a result, a bunch of people who apparently didn't learn to code very well decided to collectively shit their pants over nothing. That's all that happened here.

 

[Dante Alighieri]

"Secretly installed"

 

[Trans Fat 41g]

News at 11: Microsoft is inserted into just about everything. Hey wait how long running was their project to unify products and services across the board? Shit I guess it really isn't news anyways!

Snark aside this is a nothingburger as said above.

 

[Spasticus Autisticus]

What a terrible invasion of privacy! Boycott Raspberry Pi!

Posted using Tapatalk for Android

 

[Sam Losco]

Heads up: paranoid autists chimp out over nothingburger, treat everyday software behavior as a massive security breach.


Literally all they did was add a Microsoft code repo to the list of repos that apt install uses to look for packages and add the GPG key required to verify the authenticity of packages received from said repo. They did this so that people could use apt install to install VS Code IDE. It's entirely unsurprising that they'd add that repo since the Raspberry Pi Foundation officially endorses the software.

They didn't compromise anyone's security or invade anyone's privacy. The update was part of a publicly-announced change to the raspberry-pi-sysmods package — the code that adds the repo and GPG key is in the postinstall script. The only way this repo was added to anyone's Raspberry Pi without their knowledge is if they blindly updated that package without reading the changelog, i.e. were so careless that they've lost all right to bitch about privacy and security.

Shit, it's not even a big deal to have this repo on your list unless you're a tinfoil pantshitter who cares about Microsoft knowing that there's a Raspberry Pi at whatever IP address you're running it on. If you use any Microsoft software you're already giving them similar information, and quite possibly a lot more unless you've gone out of your way to lock shit down. Anybody who's concerned enough about Microsoft to be upset by this change should already be blocking Microsoft's shit at a firewall level anyway.

The Raspberry Pi is a mass market "learn to code" box. Microsoft Visual Studio is an incredibly popular IDE, especially in educational settings. Raspbian updated their software to make it easier for people to install the "learn to code" IDE on their "learn to code" box. As a result, a bunch of people who apparently didn't learn to code very well decided to collectively shit their pants over nothing. That's all that happened here.

Thank you. Saved me from having to type something less well worded.

This bit from the article is just

1. By using forced MS repo on my RPi 2, MS controls the software I install. For example, when I run `apt install app,` I will get an app distributed and modified by MS. Maybe they will not do anything evil, but I don’t want anything to do with them.

Like, fucking what? None of that is true. Having a repo added does not allow the owner of that repo to control the software you install. It literally only matters if you're installing software FROM that repo, which in this case, is probably only VSCode. And if you use VSCode, you already know it's a Microsoft product.

Even better that it's followed up by this:

2. Hardcore Linux users like me (or anyone who works in infosec/IT) will never trust Microsoft or Raspberry Pi OS to install such a repo secretly.

Yeah, some hardcore Linux user you are when you clearly have no fucking clue how and what repos are and do. Holy shit. With people like this in "infosec/IT" it's no wonder all these companies databases keep getting hacked or leaked.

 

[Yotsubaaa]

Heads up: paranoid autists chimp out over nothingburger, treat everyday software behavior as a massive security breach.

Came into this thread to say this, but you said it better than I could.


For real, the nixCraft guy needs to calm down with this shit. He absolutely came off as a raving paranoid fuckwit in this Raspberry Pi VS Code thing. Glad to see some of the comments on his blog were calling him out about it before he shut it down.

Also VS Code is fucking awesome. Let me guess what code editor he uses oh wait, of course. You never have to guess with these people, they'll tell you right away. All the time, and repeatedly.

 

[moocow]

Also VS Code is fucking awesome. Let me guess what code editor he uses oh wait, of course. You never have to guess with these people, they'll tell you right away. All the time, and repeatedly.

vim's aight. Dog shit for software development though. VS Code is better suited for dev work. The real patrician's choice is still IntelliJ IDEA, though.

 

[Yotsubaaa]

vim's aight. Dog shit for software development though. VS Code is better suited for dev work. The real patrician's choice is still IntelliJ IDEA, though.

Absolutely. IntelliJ IDEA remains the gold standard. And if JetBrains came out with their own version of a "standalone text editor that has some of the code-completion/syntax highlighting/context awareness/etc features of the full IDE (although obviously not all) but lets you quickly double-click a code file in Explorer to open it without fucking spending two whole minutes trying to create a fictitious 'project' for this one file that you just wanted to quickly check", I'd be a JetBrains extremist forever. (EDIT: Apparently they've got LightEdit now that does this, which is news to me and seems like what I want. It looks like I'd have to configure it, but I'll check it out and hopefully it's cool enough.)

You still can't print (as in, on physical paper, from a printer) from VS Code without some dodgy Marketplace extension, and it shits me to no end. But otherwise VS Code does exactly what I want in a standalone quick code editor for viewing files on-the-fly, or for small coding stuff that doesn't merit making a complete bells-and-whistles IntelliJ project.

 

[Andy Bandy Man]

Bruh, i never want to live in a world where I get my tech news from a place called "cybercity.biz"

Is this a fundemental flaw of the hardware on the PI, or specifically some of the images?

 

[Yotsubaaa]

Bruh, i never want to live in a world where I get my tech news from a place called "cybercity.biz"

Is this a fundemental flaw of the hardware on the PI, or specifically some of the images?

It's specific to the one image (Raspberry Pi OS/Raspbian). And it's not even a flaw.

 

[XMassAllYearRound]

And just like that my TOR node has gone offline.
RIP hiddenhamsterdance.onion

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

Heads up: paranoid autists chimp out over nothingburger, treat everyday software behavior as a massive security breach.


Literally all they did was add a Microsoft code repo to the list of repos that apt install uses to look for packages and add the GPG key required to verify the authenticity of packages received from said repo. They did this so that people could use apt install to install VS Code IDE. It's entirely unsurprising that they'd add that repo since the Raspberry Pi Foundation officially endorses the software.

They didn't compromise anyone's security or invade anyone's privacy. The update was part of a publicly-announced change to the raspberry-pi-sysmods package — the code that adds the repo and GPG key is in the postinstall script. The only way this repo was added to anyone's Raspberry Pi without their knowledge is if they blindly updated that package without reading the changelog, i.e. were so careless that they've lost all right to bitch about privacy and security.

Shit, it's not even a big deal to have this repo on your list unless you're a tinfoil pantshitter who cares about Microsoft knowing that there's a Raspberry Pi at whatever IP address you're running it on. If you use any Microsoft software you're already giving them similar information, and quite possibly a lot more unless you've gone out of your way to lock shit down. Anybody who's concerned enough about Microsoft to be upset by this change should already be blocking Microsoft's shit at a firewall level anyway.

The Raspberry Pi is a mass market "learn to code" box. Microsoft Visual Studio is an incredibly popular IDE, especially in educational settings. Raspbian updated their software to make it easier for people to install the "learn to code" IDE on their "learn to code" box. As a result, a bunch of people who apparently didn't learn to code very well decided to collectively shit their pants over nothing. That's all that happened here.

VS Code is an Electrum based tumor.

The cancerous faggots who run Raspbian ruined their shitty fork, already sabotaged by the Debian transition to systemd, by including some nonsense that likely doesn't even include the only Microsoft code you should install on a Linux box, Powershell.

Death to Poettring
Death to Raspbian

 

[Spedestrian]

VS Code is an Electrum based tumor.

The cancerous faggots who run Raspbian ruined their shitty fork, already sabotaged by the Debian transition to systemd, by including some nonsense that likely doesn't even include the only Microsoft code you should install on a Linux box, Powershell.

Death to Poettring
Death to Raspbian

Really? You think Raspbian ruined their fork by including the URL to the VS Code repo to make it easier for people to install it if they want to? Excuse me for a moment.

Hahahahahahahaha How The Fuck Is Repo Sperging Real Hahahaha Nigga Just Don't Install Code From That Repo Like Nigga Comment Out The URL Haha

 

[byuu]

The Raspberry Pi is a mass market "learn to code" box. Microsoft Visual Studio is an incredibly popular IDE, especially in educational settings. Raspbian updated their software to make it easier for people to install the "learn to code" IDE on their "learn to code" box. As a result, a bunch of people who apparently didn't learn to code very well decided to collectively shit their pants over nothing. That's all that happened here.

Does VS Code even run well on a Pi? It's extremely bloated and the Pi is very limited.

 

[⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛]

Does VS Code even run well on a Pi? It's extremely bloated and the Pi is very limited.

You can get the Pi 4 with 8gb of RAM, which is probably enough to load at least one, maybe even two Electrum apps.

 

[Maurice Caine]

Came into this thread to say this, but you said it better than I could.


For real, the nixCraft guy needs to calm down with this shit. He absolutely came off as a raving paranoid fuckwit in this Raspberry Pi VS Code thing. Glad to see some of the comments on his blog were calling him out about it before he shut it down.

Also VS Code is fucking awesome. Let me guess what code editor he uses oh wait, of course. You never have to guess with these people, they'll tell you right away. All the time, and repeatedly.
View attachment 1899169

Do we have a thread on GNUtards?