02.02.21

Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences

Posted in GNU/Linux, Microsoft, Security at 9:11 am by Dr. Roy Schestowitz

Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices

SEVERAL years ago the thugs from Microsoft marked the Raspberry Pi Foundation for death or defection, as they had done OLPC a decade earlier.

Raspberry Pi Microsoft is a cult that does not tolerate anything that’s not Microsoft. Those who seriously think that Microsoft “loves Linux” are deeply deluded or bribed/misled by (or like) the Linux Foundation. Microsoft has long faked “love” just to get closer to what it’s trying to destroy (or take over, then destroy).

“Microsoft has, via the package repository, defacto root access.”
–AnonymousThe video above provides technical and objective truth about claims I received last night. Microsoft is now spying on a lot of Raspberry Pi devices and these devices are happy to push proprietary software for Microsoft.

How did that happen? Why was there no disclosure or warning?

Are you already ‘infected’? Here’s how to check. We’ve reproduced this on two devices so far. The operating system (this might be applicable to more):

$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

How to know if you’re affected/infected already:

$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main

We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

Raspberry Pi logo “Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”

Here in Techrights we’ve long warned about adding Microsoft to sources (e.g. to install proprietary software like Edge). This isn’t just another company; it’s the company looking to undermine GNU/Linux and it’s also blackmailing the platform using patent lawsuits (yes, still). It loves Windows, not “Linux”.

A poor work-around or fix (to the above):

sudo rm /etc/apt/sources.list.d/vscode.list
sudo touch /etc/apt/sources.list.d/vscode.list
sudo chattr +i /etc/apt/sources.list.d/vscode.list

But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

sudo dpkg -S /etc/apt/sources.list.d/vscode.list
dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list

We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

“We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.”“Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

“Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

“This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.” █

“We need to slaughter Novell before they get stronger….If you’re going to kill someone, there isn’t much reason to get all worked up about it and angry. You just pull the trigger. Any discussions beforehand are a waste of time. We need to smile at Novell while we pull the trigger.”

–Former Microsoft VP James Allchin

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/02/02/microsoft-pi/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

Harald said,

February 3, 2021 at 4:01 am

Not sure what you did, but I can’t reproduce this, maybe it’s your kubic that installs the microsoft repository to use the vc as “default” editor.
SaveDave said,

February 3, 2021 at 1:20 pm

I just updated one of my Pi’s that hadn’t been updated for a little while, based on this article. Watching the update process I saw this snippet:
…
Setting up raspberrypi-sys-mods (20210125) …
Adding vscode repo…
Setting up raspberrypi-kernel (1.20210108-1) …

So it appears to be coming from raspberrypi-sys-mods.
Following that:
zcat /usr/share/doc/raspberrypi-sys-mods/changelog.gz
raspberrypi-sys-mods (20210125) buster; urgency=medium

* Add Microsoft’s VS Code repo on upgrade

— Serge Schneider Mon, 25 Jan 2021 16:03:24 +0000

That’s your answer for how it got there, and seemingly who submitted the change. I’m not particularly worried, as Wolfram used to be included… but also easy to remove. I think it is reasonable to be skeptical of the motivations of Microsoft and such. However, it seems like this must be some effort to provide Visual Studio on the Pi. Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team. I would imagine they likely received some funding as well, to make it mutually beneficial. I’d be more worried if they start messing with the kernel or other core packages.
Canta said,

February 3, 2021 at 8:14 pm

> Having a widely used development platform available on the Pi, in an easy manner, seems in line with the mission of the Raspberry Pi team.

I would concede that, if the common use case for the PI were “desktop replacement”, or even maybe “portable replacement”. We all know that’s hardly the case. And even in that case, VSC would hardly be even a decent choice for the rpi compared to available software like Geany that runs wonderful on a pentium 3 with 512MB of ram.

This is either Microsoft doing its usual, or another irresponsable and absolutely unnedded trend aligment. Want VSC? Go download it, like you did in your distro or in your non-GNU setup. There’s no need for any forced microsoft repo.
rdt said,

February 4, 2021 at 8:50 am

Replacing vscode.list by a dummy immutable file seems like an over-reaction. A “quisling” at raspberrypi isn’t responsible, it’s the executive board. And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.
Canta said,

February 4, 2021 at 1:08 pm

> And if you don’t want a microsoft repository as a source, just remove the file or comment out the relevant line.

No, rdt: when people like me don’t want something from Microsoft, we come to the GNU/Linux ecosystem. It’s part of our history and our culture. Our reactions come from that, not from “technical differences”.

What Else is New

Links 21/4/2021: VirtualBox 6.1.20, GCC 11.1 Release Candidate, Nginx 1.20.0

Links for the day
IRC Proceedings: Tuesday, April 20, 2021

IRC logs for Tuesday, April 20, 2021
Some People Who Asked to Be Removed From the Slanderous Hate Letter Against the FSF Are Still Being Denied Removal (But Not All)

I am aware of some people (evidence is in the public domain for all to see) who asked to be removed from the hate list; their requests have not yet been processed, or simply denied. Maybe they should ask again. There are silent and selective changes.
Overt Abuse and Mischaracterisations by Bully de Blanc

The campaign to ruin the FSF and silence its founder, Richard M. Stallman (RMS), goes months prior to the hate letter set up by Bully de Blanc, her boss, and the Microsoft-sponsored OSI; they just attack the licence (GPL/copyleft) and they try to redefine things for the corporations which fund them
According to StatCounter, This Month GNU/Linux Market Share on Desktops/Laptops Exceeded 2% (Based on Sites They Monitor)

StatCounter does not monitor everything and not every machine connects to the Web, but in relative terms, based on the chart above, no doubt GNU/Linux continues growing relative to other operating systems (chart plotted based on the latest raw data, rendered in LibreOffice Calc)
At the EPO, Lawlessness Has Become “a New Normal”

Without as much as a real consultation with those who are impacted (by the EPO's gross infringements) the management of the EPO rushes ahead again, enjoying zero oversight, no legal review, and no accountability or scrutiny of any kind
Links 20/4/2021: Tails 4.18 and Mark Surman in Mozilla's Board of Directors

Links for the day
Microsoft as a Censorship Machine Working to Undermine Free Software and Code Sharing (Also Sharing in General)

Microsoft is, as usual, a tool of destruction rather than creation; it seems to be better at ruining things and censoring things, notably things that compete against Microsoft or pose a threat to Microsoft's business model (and close partners, such as RIAA)
Phoronix Needs to Exercise Caution and Stay Vigilant/Careful of Microsoft

Taking note or lessons from the blunder of Raspberry Pi (back in February), Phoronix should be careful of Microsoft 'freebies' as they're never free and there are strings attached, destined to alienate longtime supporters
IRC Proceedings: Monday, April 19, 2021

IRC logs for Monday, April 19, 2021
Links 20/4/2021: EasyOS Dunfell 2.7.1, Phoronix Takes Microsoft 'Freebies', Microsoft Trying to Steal Credit for Linux on Mars

Links for the day
Richard Stallman on How UPC is a Trojan Horse for Software Patents in Europe

Dr. Richard Stallman, the Free Software Foundation's founder, offers his analysis of the Unitary Patent (or UPC) and what it means for software patents in Europe now that the EPO increases its influence over continental law
Technology Can Make Life Worse, Even in the Public Sector, Not Just the Private Sector

There are growing concerns — increasingly justified concerns as a matter of fact — that customer service is universally going away and “COVID” has become the impenetrable shield or a cover in the face of facts, laws, and basic rights
Links 19/4/2021: LibreSSL 3.3.2, OpenSSH 8.6, Firefox 88

Links for the day
Time to Move to Gemini, Wherever/Whenever Possible, as the World Wide Web is a Burden on Everybody

A 30-minute rant about what the Web has become and the promise of gemini:// (designed to simplify everything, enable self-hosting, preserve privacy, and empower communities rather than military-connected monopolies)
The Number of Signatures in the Anti-FSF Petition is Decreasing, Not Increasing

A reader has notified Techrights that belatedly, perhaps where people’s job is at risk (we’ve heard of stories and situations wherein the employer’s view and a worker’s view diverge), the GNOME Foundation/OSI did in fact remove some people from the hate letter they had set up for their monopolistic sponsors. We do, however, still see some names in there of people who asked to be removed, so it must be a very selective process. They don’t want to lose face, so they must have made it very difficult to revoke one’s name. Exceptional circumstances? We have checked to confirm, based on the available archives, and indeed that number decreased since 10 days ago, whereas 6,415 people have thus far signed the support letter (it's still growing), so we’ve just re-plotted the chart.
IRC Proceedings: Sunday, April 18, 2021

IRC logs for Sunday, April 18, 2021
How Many People Developed GNU (Maybe Hundreds) in the 1980s

Dr. Richard Stallman, the Free Software Foundation's founder, explains how code was managed and contributed in the early days of GNU
Links 19/4/2021: Linux 5.12 RC8, GNU Poke 1.2, EndeavourOS 2021.04

Links for the day
Proprietary Software (BT Hub) Has Ruined My Whole Day

While we did have some plans to publish long articles, those plans were curtailed or at least delayed due to the fact our sole device at home not to be controlled by us (a so-called 'Smart' Hub from BT) decided to break itself and by doing so bring productivity to a standstill (that firmware update, silently installed without notice or any form of consent, managed to screw with the local network)
IRC Proceedings: Saturday, April 17, 2021

IRC logs for Saturday, April 17, 2021
Tolerating the Intolerant and Lacking Tolerance for Opposing Views

The person who shouted...
Letter of Support for Richard Stallman - Doing Better in Community

"How do you support someone you’ve known for years who is unfairly attacked and publicly maligned?"
Richard Stallman on Rejecting Workplace Bureaucracy in the 1970s

Dr. Richard Stallman, the Free Software Foundation's founder, explains what inspired him to get involved in non-software matters
Renata Avila: Trying to Understand the Lynching of Stallman

Reproduced from the original
Breaking News: EDPS Admits That It is Powerless to Investigate Claims of GDPR Non-compliance at the EPO

Nobody is truly in charge at the EDPS (and in Europe at large); they say EPO is "company" and all one can do is kindly ask the EPO itself to obey the law and stop outsourcing European data to American military contractors
Links 17/4/2021: Linux 5.13 in Sight, Holland Warming up to Free Software

Links for the day
Richard Stallman Vilified by Those Who Don't Know Him, Says Sylvia Paull

Republished "In Support of Richard Stallman"
[Meme] Linux Foundation Can't Use Linux

Two examples from yesterday, highlighting what a bunch of hypocrites run the marketing operation now disguised as ‘research’; Jason Perlow from Microsoft signed/published this newsletter highlight from the failing “Linux” Foundation — a foundation that calls itself “Linux” while its newsletter is still hosted by Microsoft Windows+proprietary IIS and this latest report is made with proprietary software on a Mac
[Meme] Haters Gonna Hate, Don't Apologise to a Libelling Mob

As was already pointed out before, you cannot appease a mob by talking back to it, certainly not by issuing an apology (putting oneself in a position of weakness)