02.02.21

Gemini version available ♊︎

Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences

Posted in GNU/Linux, Microsoft, Security at 9:11 am by Dr. Roy Schestowitz

Video download link

Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices

SEVERAL years ago the thugs from Microsoft marked the Raspberry Pi Foundation for death or defection, as they had done OLPC a decade earlier.

Raspberry PiMicrosoft is a cult that does not tolerate anything that’s not Microsoft. Those who seriously think that Microsoft “loves Linux” are deeply deluded or bribed/misled by (or like) the Linux Foundation. Microsoft has long faked “love” just to get closer to what it’s trying to destroy (or take over, then destroy).

“Microsoft has, via the package repository, defacto root access.”
      –AnonymousThe video above provides technical and objective truth about claims I received last night. Microsoft is now spying on a lot of Raspberry Pi devices and these devices are happy to push proprietary software for Microsoft.

How did that happen? Why was there no disclosure or warning?

Are you already ‘infected’? Here’s how to check. We’ve reproduced this on two devices so far. The operating system (this might be applicable to more):

$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

How to know if you’re affected/infected already:

$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main

We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

Raspberry Pi logo“Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”

Here in Techrights we’ve long warned about adding Microsoft to sources (e.g. to install proprietary software like Edge). This isn’t just another company; it’s the company looking to undermine GNU/Linux and it’s also blackmailing the platform using patent lawsuits (yes, still). It loves Windows, not “Linux”.

A poor work-around or fix (to the above):

sudo rm /etc/apt/sources.list.d/vscode.list
sudo touch /etc/apt/sources.list.d/vscode.list
sudo chattr +i /etc/apt/sources.list.d/vscode.list

But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

sudo dpkg -S /etc/apt/sources.list.d/vscode.list
dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list

We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

“We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.”“Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

“Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

“This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.”

“We need to slaughter Novell before they get stronger….If you’re going to kill someone, there isn’t much reason to get all worked up about it and angry. You just pull the trigger. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger.”

Former Microsoft VP James Allchin

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. Harald said,

    February 3, 2021 at 4:01 am

    Gravatar

    Not sure what you did, but I can’t reproduce this, maybe it’s your kubic that installs the microsoft repository to use the vc as “default” editor.

  2. SaveDave said,

    February 3, 2021 at 1:20 pm

    Gravatar

    I just updated one of my Pi’s that hadn’t been updated for a little while, based on this article. Watching the update process I saw this snippet:

    Setting up raspberrypi-sys-mods (20210125) …
    Adding vscode repo…
    Setting up raspberrypi-kernel (1.20210108-1) …

    So it appears to be coming from raspberrypi-sys-mods.
    Following that:
    zcat /usr/share/doc/raspberrypi-sys-mods/changelog.gz
    raspberrypi-sys-mods (20210125) buster; urgency=medium

    * Add Microsoft’s VS Code repo on upgrade

    — Serge Schneider Mon, 25 Jan 2021 16:03:24 +0000

    That’s your answer for how it got there, and seemingly who submitted the change. I’m not particularly worried, as Wolfram used to be included… but also easy to remove. I think it is reasonable to be skeptical of the motivations of Microsoft and such. However, it seems like this must be some effort to provide Visual Studio on the Pi. Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team. I would imagine they likely received some funding as well, to make it mutually beneficial. I’d be more worried if they start messing with the kernel or other core packages.

  3. Canta said,

    February 3, 2021 at 8:14 pm

    Gravatar

    > Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team.

    I would concede that, if the common use case for the PI were “desktop replacement”, or even maybe “portable replacement”. We all know that’s hardly the case. And even in that case, VSC would hardly be even a decent choice for the rpi compared to available software like Geany that runs wonderful on a pentium 3 with 512MB of ram.

    This is either Microsoft doing its usual, or another irresponsable and absolutely unnedded trend aligment. Want VSC? Go download it, like you did in your distro or in your non-GNU setup. There’s no need for any forced microsoft repo.

  4. rdt said,

    February 4, 2021 at 8:50 am

    Gravatar

    Replacing vscode.list by a dummy immutable file seems like an over-reaction. A “quisling” at raspberrypi isn’t responsible, it’s the executive board. And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

  5. Canta said,

    February 4, 2021 at 1:08 pm

    Gravatar

    > And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

    No, rdt: when people like me don’t want something from Microsoft, we come to the GNU/Linux ecosystem. It’s part of our history and our culture. Our reactions come from that, not from “technical differences”.

DecorWhat Else is New

  1. Links 22/9/2021: Google 'Upstream First' in Linux and New Maui Report

    Links for the day

  2. Links 22/9/2021: Mesa 21.2.2, GNOME 41 Released

    Links for the day

  3. Socially- or Corporate- or Centrally-Controlled Surveillance, Censorship and Throttling is Not Media

    The 'social control media' situation is getting out of hand; in YouTube, for example, there's a broad revolt against strict editorial control by Google and in Twitter it seems like ordinary users aren't shown so much to people who actually "follow" them

  4. Links 22/9/2021: Panfrost's OpenGL ES 3.1 Conformanc and NovProg 3.2.0

    Links for the day

  5. IRC Proceedings: Tuesday, September 21, 2021

    IRC logs for Tuesday, September 21, 2021

  6. Agents of Monopoly: WIPO is Lobbying for or Reinforcing Microsoft Monopoly by Pushing Its Proprietary Software and Formats

    The World Intellectual Property [sic] Organization — like the EPO (where António Campinos outsourced IT systems to Microsoft) — is choosing the most notorious/corrupt ‘tech’ ‘company’ (cult) instead of open standards and, as the links above show, this is nowadays done inside the United States and outside the United States as well, raising legal questions/ire

  7. Links 21/9/2021: Windowsfx 11, New Chrome, and LF PR Noise

    Links for the day

  8. [Meme] The EPO-EUIPO “Good Brother” Network

    Jobs as bribes at the EPO and EU(IPO) are a lingering problem

  9. Links 21/9/2021: Samba 4.15 and Ubuntu 14.04/16.04 Support for 10 Years

    Links for the day

  10. Richard Stallman's First Public Talk (Delivered in Person) in Years, Now With a Free Format

    Full talk now available. The organisers of the conference have uploaded to YouTube, so we’ve converted everything to a free/libre format (and last night only an excerpt was published here).

  11. [Meme] The Best Quality Propaganda

    The António Campinos-led EPO is still a never-ending propaganda machine; the media isn’t fact-checking or investigating anything, so of course that propaganda goes largely unchallenged and the propagandists (like Joff Wild) profit from it

  12. Preparations for the Next Series and Further Improvements in IPFS and Gemini

    Gemini space (or Geminispace) continues to expand quite rapidly and we're utilising alternatives to the Web in order to improve access to information; at the moment EPO publications are our priority

  13. Links 21/9/2021: Peg-E 1.3.0, CUPS 2.4 Coming Soon

    Links for the day

  14. IRC Proceedings: Monday, September 20, 2021

    IRC logs for Monday, September 20, 2021

  15. Links 20/9/2021: Emmabuntüs Debian Edition 4 1.00, DXVK 1.9.2, and NVIDIA 470.74 Graphics Driver

    Links for the day

  16. Richard Stallman's Talk in Ukraine Two Days Ago (in Person)

    Richard Stallman explains his stance on Invidious (released under the AGPLv3) in his new (in-person) talk

  17. Microsoft and the EPO: A History of Threats and Suppression Against the Free Press

    Bribed and blackmailed media isn't covering EPOnia's corruption anymore; somebody should, but that's not as easy as it may seem on the surface (not even for a distant outsider)

  18. [Meme] The B4 Summit: Baltic Benoît Battistelli in Belarus

    It should not be surprising that when Benoît Battistelli and António Campinos get to 'fix' their own election by the EPO‘s Administrative Council that very same Administrative Council will later rubber-stamp virtually every proposal of theirs, even unlawful proposals

  19. Links 20/9/2021: Telegram Desktop 3.1, Arcan as Operating System Design

    Links for the day

  20. [Meme] Looting Europe and Taking Away From the Office

    The staff of the EPO is being robbed by corrupt officials, who arrogantly assume that they can get away with anything (because they have facilitators all over Europe)

  21. IRC Proceedings: Sunday, September 19, 2021

    IRC logs for Sunday, September 19, 2021

  22. Formally Challenging the EPO and Microsoft for Apparent Efforts to Suppress Reporting With Evidence of Crimes, Including Violations of EPO Data Protection Guidelines

    The largest cross-institutional European den of corruption, the EPO, will be hearing from lawyers and hopefully from public officials too. The criminal behaviour is long overdue for review and the Administrative Council too should be investigated (for repeatedly abetting this behaviour, for personal gain).

  23. Links 20/9/2021: Linux 5.15 RC2 and pgAdmin 4 5.7 Released

    Links for the day

  24. [Meme] Warning - Tree Felling in Progress

    Warming up for our next EPO series

  25. Links 19/9/2021: Sparky 2021.09, Whisker Menu 2.6.0, HarfBuzz 3.0, and gThumb 3.12

    Links for the day

  26. EPO Management is Hiding Under the 'Cloud' While Violating Privacy Laws

    Facing a barrage of scrutiny for outsourcing the EPO's systems to Microsoft, the EPO has just arranged yet another expensive PR stunt, looking to somehow 'normalise' the unacceptable and the likely illegal

  27. Maintenance and Development Updates

    We've been doing a lot of work on the back end (or operations) of Techrights, more so this past month, and we're almost ready to resume the normal publication pace

  28. [Meme] Microsoft Says Its Paying Clients (Like EPO) Don't Violate Privacy Law

    The ever-so-docile EPO will gladly oblige when companies like Microsoft lie about the legality of their industrial espionage operations, masked as “clown” computing (and other buzzwords)

  29. Coming Soon: EPO Series on Lawlessness

    Some time soon we’ll start an important series about the EPO, seeing that the management of the EPO is panicking and trying to put out the fire created by prior ones (more on that shortly)

  30. Links 19/9/2021: Jolla's Sailfish OS 4.2 and FreeBSD Technology Roadmap

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts