02.02.21

^{Gemini version available ♊︎}

Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences

Posted in GNU/Linux, Microsoft, Security at 9:11 am by Dr. Roy Schestowitz

Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices

SEVERAL years ago the thugs from Microsoft marked the Raspberry Pi Foundation for death or defection, as they had done OLPC a decade earlier.

Raspberry Pi Microsoft is a cult that does not tolerate anything that’s not Microsoft. Those who seriously think that Microsoft “loves Linux” are deeply deluded or bribed/misled by (or like) the Linux Foundation. Microsoft has long faked “love” just to get closer to what it’s trying to destroy (or take over, then destroy).

“Microsoft has, via the package repository, defacto root access.”
–AnonymousThe video above provides technical and objective truth about claims I received last night. Microsoft is now spying on a lot of Raspberry Pi devices and these devices are happy to push proprietary software for Microsoft.

How did that happen? Why was there no disclosure or warning?

Are you already ‘infected’? Here’s how to check. We’ve reproduced this on two devices so far. The operating system (this might be applicable to more):

$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

How to know if you’re affected/infected already:

$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main

We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

Raspberry Pi logo “Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”

Here in Techrights we’ve long warned about adding Microsoft to sources (e.g. to install proprietary software like Edge). This isn’t just another company; it’s the company looking to undermine GNU/Linux and it’s also blackmailing the platform using patent lawsuits (yes, still). It loves Windows, not “Linux”.

A poor work-around or fix (to the above):

sudo rm /etc/apt/sources.list.d/vscode.list
sudo touch /etc/apt/sources.list.d/vscode.list
sudo chattr +i /etc/apt/sources.list.d/vscode.list

But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

sudo dpkg -S /etc/apt/sources.list.d/vscode.list
dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list

We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

“We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.”“Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

“Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

“This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.” █

“We need to slaughter Novell before they get stronger….If you’re going to kill someone, there isn’t much reason to get all worked up about it and angry. You just pull the trigger. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger.”

–Former Microsoft VP James Allchin

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

Harald said,

February 3, 2021 at 4:01 am

Not sure what you did, but I can’t reproduce this, maybe it’s your kubic that installs the microsoft repository to use the vc as “default” editor.
SaveDave said,

February 3, 2021 at 1:20 pm

I just updated one of my Pi’s that hadn’t been updated for a little while, based on this article. Watching the update process I saw this snippet:
…
Setting up raspberrypi-sys-mods (20210125) …
Adding vscode repo…
Setting up raspberrypi-kernel (1.20210108-1) …

So it appears to be coming from raspberrypi-sys-mods.
Following that:
zcat /usr/share/doc/raspberrypi-sys-mods/changelog.gz
raspberrypi-sys-mods (20210125) buster; urgency=medium

* Add Microsoft’s VS Code repo on upgrade

— Serge Schneider Mon, 25 Jan 2021 16:03:24 +0000

That’s your answer for how it got there, and seemingly who submitted the change. I’m not particularly worried, as Wolfram used to be included… but also easy to remove. I think it is reasonable to be skeptical of the motivations of Microsoft and such. However, it seems like this must be some effort to provide Visual Studio on the Pi. Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team. I would imagine they likely received some funding as well, to make it mutually beneficial. I’d be more worried if they start messing with the kernel or other core packages.
Canta said,

February 3, 2021 at 8:14 pm

> Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team.

I would concede that, if the common use case for the PI were “desktop replacement”, or even maybe “portable replacement”. We all know that’s hardly the case. And even in that case, VSC would hardly be even a decent choice for the rpi compared to available software like Geany that runs wonderful on a pentium 3 with 512MB of ram.

This is either Microsoft doing its usual, or another irresponsable and absolutely unnedded trend aligment. Want VSC? Go download it, like you did in your distro or in your non-GNU setup. There’s no need for any forced microsoft repo.
rdt said,

February 4, 2021 at 8:50 am

Replacing vscode.list by a dummy immutable file seems like an over-reaction. A “quisling” at raspberrypi isn’t responsible, it’s the executive board. And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.
Canta said,

February 4, 2021 at 1:08 pm

> And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

No, rdt: when people like me don’t want something from Microsoft, we come to the GNU/Linux ecosystem. It’s part of our history and our culture. Our reactions come from that, not from “technical differences”.