02.02.21

Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences

Posted in GNU/Linux, Microsoft, Security at 9:11 am by Dr. Roy Schestowitz

Video download link

Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices

SEVERAL years ago the thugs from Microsoft marked the Raspberry Pi Foundation for death or defection, as they had done OLPC a decade earlier.

Raspberry PiMicrosoft is a cult that does not tolerate anything that’s not Microsoft. Those who seriously think that Microsoft “loves Linux” are deeply deluded or bribed/misled by (or like) the Linux Foundation. Microsoft has long faked “love” just to get closer to what it’s trying to destroy (or take over, then destroy).

“Microsoft has, via the package repository, defacto root access.”
      –AnonymousThe video above provides technical and objective truth about claims I received last night. Microsoft is now spying on a lot of Raspberry Pi devices and these devices are happy to push proprietary software for Microsoft.

How did that happen? Why was there no disclosure or warning?

Are you already ‘infected’? Here’s how to check. We’ve reproduced this on two devices so far. The operating system (this might be applicable to more):

$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

How to know if you’re affected/infected already:

$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main

We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

Raspberry Pi logo“Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”

Here in Techrights we’ve long warned about adding Microsoft to sources (e.g. to install proprietary software like Edge). This isn’t just another company; it’s the company looking to undermine GNU/Linux and it’s also blackmailing the platform using patent lawsuits (yes, still). It loves Windows, not “Linux”.

A poor work-around or fix (to the above):

sudo rm /etc/apt/sources.list.d/vscode.list
sudo touch /etc/apt/sources.list.d/vscode.list
sudo chattr +i /etc/apt/sources.list.d/vscode.list

But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

sudo dpkg -S /etc/apt/sources.list.d/vscode.list
dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list

We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

“We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.”“Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

“Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

“This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.”

“We need to slaughter Novell before they get stronger….If you’re going to kill someone, there isn’t much reason to get all worked up about it and angry. You just pull the trigger. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger.”

Former Microsoft VP James Allchin

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/02/02/microsoft-pi/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Harald said,

    February 3, 2021 at 4:01 am

    Gravatar

    Not sure what you did, but I can’t reproduce this, maybe it’s your kubic that installs the microsoft repository to use the vc as “default” editor.

  2. SaveDave said,

    February 3, 2021 at 1:20 pm

    Gravatar

    I just updated one of my Pi’s that hadn’t been updated for a little while, based on this article. Watching the update process I saw this snippet:

    Setting up raspberrypi-sys-mods (20210125) …
    Adding vscode repo…
    Setting up raspberrypi-kernel (1.20210108-1) …

    So it appears to be coming from raspberrypi-sys-mods.
    Following that:
    zcat /usr/share/doc/raspberrypi-sys-mods/changelog.gz
    raspberrypi-sys-mods (20210125) buster; urgency=medium

    * Add Microsoft’s VS Code repo on upgrade

    — Serge Schneider Mon, 25 Jan 2021 16:03:24 +0000

    That’s your answer for how it got there, and seemingly who submitted the change. I’m not particularly worried, as Wolfram used to be included… but also easy to remove. I think it is reasonable to be skeptical of the motivations of Microsoft and such. However, it seems like this must be some effort to provide Visual Studio on the Pi. Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team. I would imagine they likely received some funding as well, to make it mutually beneficial. I’d be more worried if they start messing with the kernel or other core packages.

  3. Canta said,

    February 3, 2021 at 8:14 pm

    Gravatar

    > Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team.

    I would concede that, if the common use case for the PI were “desktop replacement”, or even maybe “portable replacement”. We all know that’s hardly the case. And even in that case, VSC would hardly be even a decent choice for the rpi compared to available software like Geany that runs wonderful on a pentium 3 with 512MB of ram.

    This is either Microsoft doing its usual, or another irresponsable and absolutely unnedded trend aligment. Want VSC? Go download it, like you did in your distro or in your non-GNU setup. There’s no need for any forced microsoft repo.

  4. rdt said,

    February 4, 2021 at 8:50 am

    Gravatar

    Replacing vscode.list by a dummy immutable file seems like an over-reaction. A “quisling” at raspberrypi isn’t responsible, it’s the executive board. And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

  5. Canta said,

    February 4, 2021 at 1:08 pm

    Gravatar

    > And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

    No, rdt: when people like me don’t want something from Microsoft, we come to the GNU/Linux ecosystem. It’s part of our history and our culture. Our reactions come from that, not from “technical differences”.

What Else is New

  1. German Decision on Unitary Patent/UPC Will Take Years (and It Doesn't Matter Because the Whole Thing is Dead Already)

    Kluwer Patent Blog's Dr. Bausch explains why the UPC is pretty much doomed, as it cannot be ratified any time soon and probably will never be ratified either (for a multitude of reasons, including Brexit)

  2. Techrights in Australia (IPFS and Gemini)

    Allies in Australia will help Techrights serve material from another server; we're still bettering ourselves for an era of oppressive World Wide Web

  3. Professional Troll Matthew Garrett Spreads Libel, Defamation and Slander About the Free Software Community to Entertain Microsoft and Friends

    After months of parking in our IRC channels to provoke and troll people (and try to collect 'dirt' from responses) the professional troll Matthew Garrett has been for many years shows his true colours again

  4. Links 5/3/2021: Linux 5.12-rc2 Imminent, Linux Lite 5.4 RC1 in Review

    Links for the day

  5. IRC Proceedings: Thursday, March 04, 2021

    IRC logs for Thursday, March 04, 2021

  6. Links 4/3/2021: LibreOffice 7.1.1, Cockpit 239, Many Stable Kernel Releases

    Links for the day

  7. Links 4/3/2021: Pardus 19.5 is Out and Free Software Foundation Gets Consulting Grant

    Links for the day

  8. IRC Proceedings: Wednesday, March 03, 2021

    IRC logs for Wednesday, March 03, 2021

  9. The Free Software Foundation Should Re-add Richard Stallman to the Board

    Dr. Richard Stallman is missed by many who perceive him to have been wrongly treated; putting Stallman back in the Board (at the very least) would help the image of the Free Software Foundation more than the newly-announced work with Community Consulting Teams of Boston

  10. Free Software Calling

    Fewer people are willing to "put up with the shit" given by so-called 'Big Tech', seeing that it's mostly about social control rather than enablement or emancipation

  11. Meme: EPO Management Totally Gets 'Tehc'

    The bestest patent office in the whole wide world is besting the “hey hi” (AI) cutting edge; don't worry about exam and certification integrity

  12. The EPO's Software Blunders Are Inevitable Outcome of Technically Clueless Management Which Grants Illegal Patents on Software

    The "clusterfuck" which the EPO has become is negatively affecting not only EPO staff but also stakeholders, who sink into depression and sometimes anger, even fury, at great expense to their health; this is how institutions die (for a quick but short money grab, a culmination of corruption which piggybacks half a century of goodwill gestures)

  13. Links 3/3/2021: OpenSUSE Leap 15.3 Beta, GNU Denemo 2.5, and NomadBSD 1.4

    Links for the day

  14. What Free Software Organisations Can Learn From Australia's Rape Crisis

    Reprinted with permission from Daniel Pocock

  15. Microsoft Weaponises (and Further Spreads) Racism to Distract From Its Own Incompetence (and 'Five Eyes' Collusion for Back Door Access)

    Racist Microsoft is at it again; we're meant to think that China is evil for doing exactly what the United States has been doing but more importantly we're told not to blame Microsoft for shoddy code and back doors (classic blame-shifting tactics and overt distortion of facts, as we saw in the wake of SolarWinds backdoors)

  16. GNU/Linux News Sites Need to Promote Software Freedom, Not Binary and Proprietary Blobs Merely Compiled for GNU/Linux

    There has been lots of proprietary fluff in GNU/Linux 'news' sites so far this week; it merits an explanation or clarification, e.g. why we should generally reject proprietary stuff and instead promote Free/libre alternatives

  17. Links 3/3/2021: OpenSSH 8.5 and Absolute64 20210302 Released

    Links for the day

  18. IRC Proceedings: Tuesday, March 02, 2021

    IRC logs for Tuesday, March 02, 2021

  19. Links 3/3/2021: IPFire 2.25 Core Update 154, Red Hat Satellite 6.8.4, Kiwi TCMS 10.0

    Links for the day

  20. Links 2/3/2021: KDE Plasma 5.21.2, Qt 6.1 Beta, Refund of Pre-installed Windows

    Links for the day

  21. 'GatoKeeper'/IP Kat (AstraZeneca) Still Suppressing and Censoring the Public Views or Internal EPO Talks About EPO Corruption

    The suppression of comments critical of the EPO‘s administration (especially corruption scandals surrounding António Campinos and Benoît Battistelli) is a real problem; those ought not be a taboo subject in comments (where bloggers used to speak about those issues openly and regularly)

  22. Pocock on Removing Cognitive Bias Around Consent

    Reprinted with permission from Daniel Pocock

  23. IRC Proceedings: Monday, March 01, 2021

    IRC logs for Monday, March 01, 2021

  24. Links 2/3/2021: Maui 1.2.1, RSS Guard 3.9.0

    Links for the day

  25. ZDNet Really Hates Golang (Maybe Because Microsoft Does)

    The Golang programming language seems to be the target of intense FUD campaigns from sites connected to Microsoft, so it’s likely a bit of a Nemesis/endgame to Microsoft monoculture (unlike Rust, which Microsoft has already pocketed and is actively besieging to promote Microsoft monopoly and hardware monoculture)

  26. Links 1/3/2021: KStars 3.5.2, ET: Legacy 2.77, Flameshot 0.9

    Links for the day

  27. Five Years of António Campinos Coverage in Techrights (We Correctly Predicted His Presidency in March 2016)

    We've warned about António Campinos since March of 2016; well, António Campinos isn't just EPO President right now but he's also an oppressor who demonises the union of the EPO's staff

  28. In 2021 the EPO Works for Parasites Instead of Scientists (and It Cannot Even Hide That Anymore)

    Europe's second-largest institution is working for those who attack instead of create (or those who attack actual creators, with lousy and sketchy patents as ammunition)

  29. Links 1/3/2021: Manjaro ARM 21.02 and First Linux 5.12 RC Released

    Links for the day

  30. IRC Proceedings: Sunday, February 28, 2021

    IRC logs for Sunday, February 28, 2021

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts