●● IRC: #techbytes @ FreeNode: Friday, February 05, 2021 ●● ● Feb 05 [02:38] schestowitz > I want to apologise for taking so long to let you know. As [02:38] schestowitz > you know too well, it's very hard to trust people [02:38] schestowitz > (especially with something like this). So I hope you accept [02:38] schestowitz > that apology. I trust you enough now to know that we're on [02:38] schestowitz > the same side. [02:38] schestowitz I saw some dodgy actors over the years in our orbit. I still have suspicions about some. The only other person whom I allow full access to our server I've known for about 15 years (online) and have cordial/amicable relations with. [02:38] schestowitz I am pretty certain targeting of pro-privacy persons is done in the ad hominem sense (attempts to discredit), the spying sense, and infiltration-for-subversion sense. Maybe I will write something to that effect one day. RMS trusted far too many people whom he should have have trusted. He does trust me, however, and some people try to seed doubt in his mind. That never worked. [02:38] schestowitz https://www.reddit.com/r/duckduckgo/comments/lcapgs/well_this_is_concerning/ [02:38] -TechBytesBot/#techbytes-www.reddit.com | Well this is concerning : duckduckgo [02:41] schestowitz " [02:41] schestowitz website certificate not valid, anybody else? [02:41] schestowitz 4 [02:41] schestowitz User avatar [02:41] schestowitz level 2 [02:41] schestowitz citysmartie [02:41] schestowitz 16 hours ago [02:41] schestowitz Firefox is warning me the site is not secure so it isn't just you. [02:41] schestowitz 2 [02:41] schestowitz Continue this thread [02:41] schestowitz User avatar [02:41] schestowitz level 2 [02:41] schestowitz MaT4w8b2UmFX [02:41] schestowitz 10 hours ago [02:41] schestowitz Yes. Should be safe to load. Just don't sign in or click links on websites that don't have a valid cert. It's not much different than loading HTTP instead of HTTPS. [02:41] schestowitz Someone correct me if I'm wrong. [02:41] schestowitz 1 [02:41] schestowitz User avatar [02:41] schestowitz level 1 [02:41] schestowitz MaT4w8b2UmFX [02:41] schestowitz 10 hours ago [02:41] schestowitz https://outline.com/6zBUCs [02:41] -TechBytesBot/#techbytes-outline.com | Outline - Read & annotate without distractions [02:41] schestowitz Here is the actual article, ran through the Outline service so you don't have to worry about the invalid site certificate. [02:41] schestowitz 2 [02:41] schestowitz User avatar [02:41] schestowitz level 1 [02:41] schestowitz Complete_Signal_Loss [02:41] schestowitz 8 hours ago [02:41] schestowitz hilarious that a very old article, with inaccurate accusations that have already been debunked many time, hidden behind an insure web site. also, no way that i'll click on that outline.com link, no telling how many trackers are hidden there. [02:41] schestowitz 1 [02:41] schestowitz User avatar [02:41] schestowitz level 2 [02:42] schestowitz MaT4w8b2UmFX [02:42] schestowitz 4 hours ago [02:42] schestowitz Outline.com is a service that parses out the main images and text of an article, removing all the excess ads and sidebars. I'm sorry you've never heard of it until now. [02:42] schestowitz They still have standard trackers (like pretty much all websites) that are easily blocked by basic privacy addons like uBlock Origin. [02:42] schestowitz " [02:49] schestowitz x http://calpaterson.com/latency.html [02:49] -TechBytesBot/#techbytes-calpaterson.com | Where's the fastest place to put my server? How much does it matter? [02:49] schestowitz # strawman. that's NOT a thin site ● Feb 05 [05:29] *genr8_ has quit (Quit: Leaving) ● Feb 05 [06:29] *GNUmoon has quit (Ping timeout: 268 seconds) ● Feb 05 [07:48] *GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon) has joined #techbytes [07:59] *bumperSteff (~kennawedd@titan.pathogen.is) has joined #techbytes ● Feb 05 [08:00] Techrights-sec there have been waves of heavy loads on TR but it has remained available [08:00] Techrights-sec AFAIK the whole time [08:01] Techrights-sec Ok. I'll reenable the primitive monitoring here, but have no audio for it [08:01] Techrights-sec any more. [08:01] Techrights-sec ] [08:03] schestowitz had to restart TM when I woke up (apache daemon only), realising it was having uptime problems. [08:21] *Akee has quit (Quit: Bye, loosers !) [08:26] *Akee (~Akee@217.ip-137-74-196.eu) has joined #techbytes [08:30] *bumperSteff has quit (K-Lined) [08:54] schestowitz
  • [08:54] schestowitz
    Heads up: Microsoft repo secretly installed on all Raspberry Pis Linux OS
    [08:54] -TechBytesBot/#techbytes-www.cyberciti.biz | Heads up: Google to drop support for all Chrome on 32-bit Linux distributions - nixCraft [08:54] schestowitz
    [08:54] schestowitz

    It seems RPi foundation officially recommends MS IDE, and hence this was included Raspberry Pi OS. They should keep this to GUI image for kids or anyone who wish to to learn Python and other stuff using VS Code. Most Linux geeks and power users use RPi as a git server or adblocker and so on as a headless server. There is always a trust issue when unwanted software repo configured and gpg keys are installed [08:54] schestowitz secretly, which is the main issue. What other problems Linux users may face: [...]

    [08:54] schestowitz

    [...]

    [08:54] schestowitz

    It seems that it contains VS Code IDE for your Raspberry Pi. Now keep in mind this is a server with a lite image, and there is no need to install this on my old RPi 2. Naturally, it made many Linux users unhappy. To make matters worse, the official Raspberry Pi forums admins quickly locked down and deleted the topic threads, claiming it was Microsoft bashing.

  • ● Feb 05 [09:14] *liberty_box has quit (Ping timeout: 240 seconds) [09:14] *rianne__ has quit (Ping timeout: 264 seconds) [09:23] *MinceR has quit (Ping timeout: 260 seconds) [09:32] *MinceR (mincer@unaffiliated/mincer) has joined #techbytes [09:46] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [09:46] *rianne__ (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [09:59] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes ● Feb 05 [10:00] *rianne__ has quit (Remote host closed the connection) [10:25] *liberty_box has quit (Ping timeout: 272 seconds) [10:25] *rianne has quit (Ping timeout: 276 seconds) [10:57] schestowitz https://soylentnews.org/article.pl?sid=21/02/05/0354252 [10:57] -TechBytesBot/#techbytes-soylentnews.org | Raspberry Pi Users Mortified as Microsoft Repository that Phones Home is Added to Pi OS - SoylentNews [10:58] schestowitz " [10:58] schestowitz Quietly, without disclosure or warning, a package added a Microsoft repository and OpenPGP key to the system. [10:58] schestowitz Yeah, that's shady as hell. [10:58] schestowitz The latter effectively gives the former full root access, in principle, to the whole system. [10:58] schestowitz Um.. what? To use an apt repository, you generally add a public gpg key to the keyring, so the automated apt system can verify packages are untampered with. Anyone using a debian-based distro has done this hundreds of times. How is that granting anything root access? [10:58] schestowitz The former checks in with Microsoft's servers any time APT refreshes its cache. [10:58] schestowitz Otherwise known as polling the upstream repository during 'apt-get update' to see if there are any changes to download? ie, working as intended, just like every other repo in the system? [10:58] schestowitz Don't get me wrong, I hate microsoft more than the next guy, but based on the information provided in the summery this is mountain-out-of-molehill if ever I've seen it. [10:58] schestowitz -- [10:58] schestowitz - D [10:58] schestowitz Reply to This [10:58] schestowitz Re:Alarmist much? (Score: 0) by Anonymous Coward on Friday February 05, @04:16AM (1 child) [10:58] schestowitz Re:Alarmist much? (Score: 2, Informative) [10:58] schestowitz by Anonymous Coward on Friday February 05, @04:20AM (#1109182) [10:58] schestowitz Um.. what? To use an apt repository, you generally add a public gpg key to the keyring, so the automated apt system can verify packages are untampered with. Anyone using a debian-based distro has done this hundreds of times. How is that granting anything root access? [10:58] schestowitz Because Microsoft can force an update package that will be picked up automatically. For example, they can sign an updated kernel, advertise it on their repo and have the update be pushed automatically with a regular apt upgrade. [10:58] schestowitz For once none of this is Microsoft's fault but rather it's a fundamental design failure in APT. Trust should never be an all-or-nothing matter as it is right now with Debian package system, updates from a different signer should require an explicit user permission to install. [10:58] schestowitz Reply to This Parent [10:58] schestowitz Re:Alarmist much? (Score: 4, Informative) [10:58] schestowitz by Anonymous Coward on Friday February 05, @06:49AM (#1109215) [10:58] schestowitz or once none of this is Microsoft's fault but rather it's a fundamental design failure in APT. Trust should never be an all-or-nothing matter as it is right now with Debian package system, updates from a different signer should require an explicit user permission to install. [10:58] schestowitz You can pin packages to particular repos, so you can prevent anything except that one MS malware package from being able to be installed from MS repos*. This feature has existed for decades. [10:58] schestowitz It is rare that Debian systems use 3rd party repos except local repos controlled by the user (using 3rd party repos defeats the point of a distribution where the packages are curated by the maintainers and trustworthy). But, apt is quite capable, and can handle this use case. [10:58] schestowitz No package will be installed / upgraded from malware.microsoft.com unless you manually force it except, the package microsoft-vscode will auto upgrade from malware.microsoft.com unless a package of the same name is available from the main repo. Change Pin-Priority to change the policy to your liking. See 'man apt_preferences' [10:58] schestowitz /etc/apt/preferences.d/microsoft-malware: [10:58] schestowitz Package: * [10:58] schestowitz Pin: origin malware.microsoft.com [10:58] schestowitz Pin-Priority: 1 [10:58] schestowitz Package: microsoft-vscode [10:58] schestowitz Pin: origin malware.microsoft.com [10:58] schestowitz Pin-Priority: 500 [10:58] schestowitz Apt is extremely capable. If you find yourself wishing that apt could do X, it is quite probable that reading the docs you will find that apt already can do X. [10:58] schestowitz Unless rasbian included a preference file like above, then I think that the criticism is warranted. Even if you think MS is fantastic and great, least privilege is safer, and not restricting what MS repo can install only adds risk. [10:58] schestowitz *Usually pinning is used to safely mix stable, backports, testing, unstable and/or experimental packages on the same system, but you have to use common sense when doing this e.g., anything that pulls in glibc from unstable on a stable base system is not something that you can safely mix into your stable system even with pinning. [10:58] schestowitz Reply to This Parent [10:58] schestowitz Re:Alarmist much? (Score: 0) by Anonymous Coward on Friday February 05, @07:03AM [10:58] schestowitz Re:Alarmist much? (Score: 2) [10:58] schestowitz by RedGreen (888) on Friday February 05, @04:24AM (#1109184) [10:58] schestowitz They are ignorant assholes with a piss poor attitude towards their users. I just got banned from their for saying it was my GD computer and it is none of their business doing anything to it without my permission. They cannot even bothered to do proper development, this below in Debian gets a package sent back to the maintainer, them being told, hey clown we do proper development here we need your changes listed. [10:58] schestowitz root@raspberrypi:/home/seeder1# apt changelog raspberrypi-bootloader [10:59] schestowitz E: Failed to fetch changelog:/raspberrypi-firmware.changelog Changelog unavailable for raspberrypi-firmware=1.20210201-1 [10:59] schestowitz Now you going to install that, slimy pieces of shit already upgraded it once with my knowledge or permission already. [10:59] schestowitz -- [10:59] schestowitz "I modded down, down, down, and the flames went higher." -- Sven Olsen [10:59] schestowitz Reply to This Parent [10:59] schestowitz Re:Alarmist much? (Score: 2) [10:59] schestowitz by RedGreen (888) on Friday February 05, @04:27AM (#1109185) [10:59] schestowitz without my knowledge. that should be [10:59] schestowitz -- [10:59] schestowitz "I modded down, down, down, and the flames went higher." -- Sven Olsen [10:59] schestowitz Reply to This Parent [10:59] schestowitz Re:Alarmist much? (Score: 2, Insightful) [10:59] schestowitz by Eratosthenes (13959) on Friday February 05, @07:36AM (#1109230) [10:59] schestowitz The lack of a USB boot is a tell. This platform will not end well. Who the hell does only proprietary bootloaders? [10:59] schestowitz Reply to This Parent [10:59] schestowitz Re:Alarmist much? (Score: 2) [10:59] schestowitz by RedGreen (888) on Friday February 05, @10:20AM (#1109249) [10:59] schestowitz It boots from usb the morons have upgraded the firmware to allow it, flaky as hell for some. Just like the rest of the effort by them clowns. I have managed to solve the morons doing whatever the hell they want with my machine with Ubuntu on my SSD. I use a chainload the sd card boots the machine and the OS runs from the SSD. Tomorrow I try a Debian install out with a debootstrap method I am just reading about now. [10:59] schestowitz root@zeus-pi:~# uname -a [10:59] schestowitz Linux zeus-pi 5.8.0-1013-raspi #16-Ubuntu SMP PREEMPT Thu Jan 14 06:28:38 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux [10:59] schestowitz -- [10:59] schestowitz "I modded down, down, down, and the flames went higher." -- Sven Olsen [10:59] schestowitz Reply to This Parent [10:59] schestowitz Hidden files, hidden motives (Score: 5, Informative) [10:59] schestowitz by canopic jug (3949) Subscriber Badge on Friday February 05, @04:51AM (#1109194) Journal [10:59] schestowitz The files are supposedly added by a post-installation script in one package, thus avoiding being listed in any of the package manifests. Give it a try: [10:59] schestowitz $ ls -1 /etc/apt/trusted.gpg.d/microsoft.gpg /etc/apt/sources.list.d/vscode.list [10:59] schestowitz /etc/apt/sources.list.d/vscode.list [10:59] schestowitz /etc/apt/trusted.gpg.d/microsoft.gpg [10:59] schestowitz $ dpkg -S /etc/apt/trusted.gpg.d/microsoft.gpg [10:59] schestowitz dpkg-query: no path found matching pattern /etc/apt/trusted.gpg.d/microsoft.gpg [10:59] schestowitz $ dpkg -S /etc/apt/sources.list.d/vscode.list [10:59] schestowitz dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list [10:59] schestowitz Try to guess which package is responsible for those two added files? None are listed. Someone went out of their way to obfuscate the origins of the two files. So, yes, shady as hell. [10:59] schestowitz Then there is the question of why the Visual Studio source code could not have been added upstream to the normal Debain repositories. That would have been the expected approach should they have had any good intentions with this move, especially given the past and current history of the company involved. [10:59] schestowitz So, yes, again, shady as hell. [10:59] schestowitz Also, normally radical licensing, behavior, or privacy changes require at least a click-through agreement to pretend to notify the end users. That didn't happen. [10:59] schestowitz So, yes, yet again, shady as hell. [10:59] schestowitz -- [10:59] schestowitz Money is not free speech. Elections should not be auctions. ● Feb 05 [11:00] schestowitz Reply to This Parent [11:00] schestowitz Re:Hidden files, hidden motives (Score: 2) [11:00] schestowitz by sjames (2882) on Friday February 05, @06:34AM (#1109212) Journal [11:00] schestowitz Then there is the question of why the Visual Studio source code could not have been added upstream to the normal Debain repositories. That would have been the expected approach should they have had any good intentions with this move, especially given the past and current history of the company involved. [11:00] schestowitz Possibly because it would have then been marked clearly as nonfree. [11:00] schestowitz Reply to This Parent [11:00] schestowitz Re:Alarmist much? (Score: 4, Insightful) [11:00] schestowitz by sjames (2882) on Friday February 05, @06:06AM (#1109208) Journal [11:00] schestowitz Once you get your repo slipped in by any means, you are on the honor system not to add a package that grants you root access to everything. That's why some bristle at the repo being added so quietly. [11:00] schestowitz Reply to This Parent [11:00] schestowitz Re:Alarmist much? (Score: 3, Insightful) [11:00] schestowitz by Arik (4543) on Friday February 05, @06:51AM (#1109216) Journal [11:00] schestowitz "Once you get your repo slipped in by any means, you are on the honor system not to add a package that grants you root access to everything. That's why some bristle at the repo being added so quietly." [11:00] schestowitz And this is also why you should never accept automatic updates, period. [11:00] schestowitz Once you do, then all someone has to do is either takeover, or impersonate, your upstream and you are pwned. [11:00] schestowitz It's far too insecure a design to be used for anything but a plush toy, and a good argument can be made against even that exception. [11:00] schestowitz -- [11:00] schestowitz The *other* sort of Marxist. [11:00] schestowitz Reply to This Parent [11:00] schestowitz Re:Impersonation (Score: 0) by Anonymous Coward on Friday February 05, @09:05AM [11:00] schestowitz Re:Alarmist much? (Score: 2) [11:00] schestowitz by aristarchus (2645) on Friday February 05, @06:55AM (#1109217) Journal [11:00] schestowitz but based on the information provided in the summery [11:00] schestowitz Based on the information provided, Winter is coming. Or, at least, autumn with an Eternal September. Why is Microsoft always presaged with typos and misspellings? Are they all illiterate coding bastards? [11:00] schestowitz -- [11:00] schestowitz Tu Quoque, o Buteo buteo? https://www.jpost.com/international/false-claims-in-syria-biden-will-start-war-as-us-presence- [11:00] -TechBytesBot/#techbytes- ( status 404 @ https://www.jpost.com/international/false-claims-in-syria-biden-will-start-war-as-us-presence- ) [11:00] schestowitz Reply to This Parent [11:00] schestowitz here is the official response (Score: 2, Interesting) [11:00] schestowitz by Anonymous Coward on Friday February 05, @04:18AM (#1109180) [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=301068 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Why is vscode / ms repo added without asking to headless server apt repo? - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302231 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Microsoft VSCode repositories installed without user consent + packages use wrong component - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=302277 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Anyone noticed the SUDO UPDATE is pulling Microsoft files - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302403 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Microsoft Repo installed on a LINUX based os? - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302422 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | New MS trusted source after update? - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302504 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | [Article] Microsoft repo secretly installed on all Raspberry Pis Linux OS - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302581 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Questions and feedback about VSCode being added to APT - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302585 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | GPG key installed secretly! DANGER - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302588 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Raspberry forum censorship (locking and locking) - Raspberry Pi Forums [11:00] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=302591 [raspberrypi.org] [11:00] -TechBytesBot/#techbytes-www.raspberrypi.org | Microsoft GPG key suggestion - Raspberry Pi Forums [11:00] schestowitz They locked the first one and then all duplicate threads. [11:01] schestowitz https://www.raspberrypi.org/forums/viewtopic.php?f=62&t=302070 [raspberrypi.org] [11:01] -TechBytesBot/#techbytes-www.raspberrypi.org | Temporary closure of Off Topic - Raspberry Pi Forums [11:01] schestowitz Coincidentally, the off-topic discussion forum is locked because of Russian bots. [11:01] schestowitz Reply to This [11:01] schestowitz Re:here is the official response (Score: 2) [11:01] schestowitz by RedGreen (888) on Friday February 05, @04:31AM (#1109187) [11:01] schestowitz And they banned the users for very little said, I certainly stood up for my right to have my GD property left being alone not some idiot putting his garbage on it. Commented on how the defenders of the disgusting behaviour were always there to defend the indefensible, as is always the case on the internet. The forces wanting to spread misery have many allies amongst us. [11:01] schestowitz -- [11:01] schestowitz "I modded down, down, down, and the flames went higher." -- Sven Olsen [11:01] schestowitz Reply to This Parent [11:01] schestowitz Forums shut (Score: 0) by Anonymous Coward on Friday February 05, @07:07AM (1 child) [11:01] schestowitz Good ol' Lock and Delete (Score: 1, Insightful) [11:01] schestowitz by Anonymous Coward on Friday February 05, @04:27AM (#1109186) [11:01] schestowitz You know it's quality when dissenting posts get locked and deleted. [11:01] schestowitz I believe that's how the Arch Linux forums introduced systemd. [11:01] schestowitz Reply to This [11:01] schestowitz Re:Good ol' Lock and Delete (Score: 1) by Eratosthenes on Friday February 05, @07:18AM [11:01] schestowitz Surveillance maneuvers (Score: 4, Interesting) [11:01] schestowitz by canopic jug (3949) Subscriber Badge on Friday February 05, @04:42AM (#1109190) Journal [11:01] schestowitz Like with their takeover of GitHub, this action provides a comprensive geographical survey of their competitor(s). With this "update" M$ gets a full overview of how many active, updated Raspberry Pi running Raspberry Pi OS (formerly Raspbian) there are and where they are located. [11:01] schestowitz Then there are the surveillance considations caused by Visual Studio itself. It contains substantial amounts of telemetry and this move may well put the Raspberry Pi Foundation on the wrond side of the GDPR even if the servers are inside Europe. And, of course, Brexit will have complicated that substantially. [11:01] schestowitz -- [11:01] schestowitz Money is not free speech. Elections should not be auctions. [11:01] schestowitz Reply to This [11:01] schestowitz Comment Below Threshold [11:01] schestowitz Relative (Score: 2) [11:01] schestowitz by deimios (201) Subscriber Badge on Friday February 05, @05:06AM (#1109199) Journal [11:01] schestowitz "resource hog Visual Studio Code" - Not to defend it but those who call it a resource hog haven't worked with Eclipse, Netbeans and Visual Studio. [11:01] schestowitz Sure it is a resource hog compared to vim but let's not go overboard. [11:01] schestowitz Also this whole thing stinks, why did they go specifically with the MS build on MS servers? There are plenty of community builds like VSCodium that work just as fine. [11:01] schestowitz Reply to This [11:01] schestowitz Re:Relative (Score: 2) [11:01] schestowitz by leon_the_cat (10052) on Friday February 05, @06:12AM (#1109210) Journal [11:01] schestowitz I tried eclipse about 10 years ago. Still waiting for it to load. [11:01] schestowitz Reply to This Parent [11:01] schestowitz Re:Relative (Score: 3, Informative) [11:01] schestowitz by lte (7062) on Friday February 05, @07:06AM (#1109221) [11:01] schestowitz Microsoft forbids you from using the C# debugger (vsdbg) with anything other than VS, VS for macOS, and their build of VSCode. So if you wish to write .NET Core applications it's your only real choice as MS push a notification asking you to install their C# extension upon opening a .cs file. There is a Samsung debugger but I'm not sure if there is support for it in VSCode. [11:01] schestowitz With their current push of ".NET runs on anything!" I wouldn't be surprised if it's down to that. Fun fact: the .NET runtime also sends telemetry by default, at least on macOS and Linux. [11:01] schestowitz Reply to This Parent [11:01] schestowitz Re:Relative (Score: 1) by exa on Friday February 05, @08:12AM [11:02] schestowitz Option (Score: 3, Insightful) [11:02] schestowitz by Mojibake Tengu (8598) on Friday February 05, @05:31AM (#1109204) Journal [11:02] schestowitz Go FreeBSD, young man. [11:02] schestowitz https://www.freebsd.org/where/ [freebsd.org] [11:02] -TechBytesBot/#techbytes-www.freebsd.org | The FreeBSD Project | Download FreeBSD [11:02] schestowitz -- [11:02] schestowitz The edge of cannot be defined, for it is beyond every aspect of design [11:02] schestowitz Reply to This [11:02] schestowitz Re:Option (Score: 1) by engblom on Friday February 05, @06:30AM [11:02] schestowitz Re:Option (Score: 3, Interesting) [11:02] schestowitz by Mojibake Tengu (8598) on Friday February 05, @08:20AM (#1109236) Journal [11:02] schestowitz YMMV, I observe 12.2 for RPi3, and heard about work progress in current on sdio/wifi for 4. [11:02] schestowitz Anyway, what the Raspbian team did is pure betrayal dishonorable. [11:02] schestowitz Trust is a non-renewable resource. [11:02] schestowitz -- [11:02] schestowitz The edge of cannot be defined, for it is beyond every aspect of design [11:02] schestowitz Reply to This Parent [11:02] schestowitz E,E,E (Score: 4, Insightful) [11:02] schestowitz by PinkyGigglebrain (4458) on Friday February 05, @06:38AM (#1109213) [11:02] schestowitz Embrace: completed [11:02] schestowitz Extend: in process [11:02] schestowitz Extinguish: to be scheduled [11:02] schestowitz -- [11:02] schestowitz "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master." [11:02] schestowitz Reply to This [11:02] schestowitz dpkg (Score: 2, Interesting) [11:02] schestowitz by exa (9931) on Friday February 05, @08:15AM (#1109234) [11:02] schestowitz On a slightly positive note, this might push Debian folks to add some simple&reasonable config-meddling functionality right into `dpkg`. Lintian is literally screaming at maintainers not to install put custom stuff to /etc/apt, why not push the warning that the package sucks much closer to the users? [11:02] schestowitz Reply to This [11:02] schestowitz " [11:36] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [11:37] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes ● Feb 05 [12:45] *rianne has quit (Ping timeout: 240 seconds) [12:46] *liberty_box has quit (Ping timeout: 276 seconds) ● Feb 05 [14:21] *GNUmoon2 (~GNUmoon@gateway/tor-sasl/gnumoon) has joined #techbytes [14:23] *GNUmoon has quit (Ping timeout: 268 seconds) [14:30] Techrights-sec Ok. Added some monitoring with weak sound, [14:30] Techrights-sec It has to be manuall started here, for now. [14:30] Techrights-sec The PIA seems to softpedal the situation slightly. [14:31] schestowitz I don't know the author of this. I hoped it would be Moody when opening the link [14:31] Techrights-sec there have been waves of heavy loads on TR but it has remained available [14:31] Techrights-sec AFAIK the whole time [14:31] Techrights-sec Ok. I'll reenable the primitive monitoring here, but have no audio for it [14:31] Techrights-sec any more. [14:32] Techrights-sec Moody is more on top of things. Chen is ok but misses some points rather [14:32] Techrights-sec often. [14:33] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [14:33] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [14:37] Techrights-sec In this case he seems to downplay the severity. [14:37] Techrights-sec This incident is several steps worse than what happened a while back with [14:37] Techrights-sec Ubuntu and its telemetry. [14:37] Techrights-sec The RPF is making things worse by trying to downplay the whole thing. [14:37] Techrights-sec It looks like their approach is to lock and delete as many threads [14:37] Techrights-sec as they can get away with and are planning on trying to wait it out. [14:37] Techrights-sec The surface has only been scratched. There is some depth to this incident. [14:37] schestowitz hopefully somebody like Intel whisleblowers will come out with some docs to explain the fuller context [14:38] schestowitz whistleblowers are rare, but as RPF finds out, trust is a rare commodity [14:39] Techrights-sec It would take only a little. However, M$ has probably tied the money [14:39] Techrights-sec it gave to RPF to some nasty requirements including non-disparagement [14:39] Techrights-sec clauses and non-disclosure clauses., on top of everything else. [14:39] schestowitz they win either way. Either they take over or RPF collapses, which is likely what they want. Like OLPC repelling everyone left. [14:44] Techrights-sec They really, really went out of their way to squander the enormous [14:44] Techrights-sec trust the community had in RPi. However, we have to remember that [14:44] Techrights-sec one of the continuous side goals of M$ is to drive wedges between [14:44] Techrights-sec communities and community members. [14:44] Techrights-sec Yes, the OLPC was a big-ass warning to RPF. [14:44] Techrights-sec Same with the long-ass trail of dead companies that somehow thought [14:44] Techrights-sec that just they would be the first to partner with M$ and survive anyway. [14:44] Techrights-sec There is still time for Eben to dismiss the board members involved and fire [14:44] Techrights-sec the culpable staff and their managers. [14:44] schestowitz Maybe those people took a personal bribe on the side for the cult... in which case even sacking would not harm them [14:46] Techrights-sec By the time people left the OLPC, Intel and M$ had already entered it. [14:46] Techrights-sec Bribe or status, either way there is at least one quisling in the group and [14:46] Techrights-sec some naive fools, however technically skilled they may be otherwise. [14:46] Techrights-sec Again, what makes them think they will be the first to survive [14:46] Techrights-sec a partnership (of sorts) with M$? [14:48] Techrights-sec "500,000 999,999" [14:48] Techrights-sec https://www.raspberrypi.org/about/supporters/ [14:48] Techrights-sec # I would be very surprised if there was not both a non-disparagement [14:48] Techrights-sec # clause and a non-disclosure agreement or other similar limitations [14:48] Techrights-sec # attached to the money; [14:48] Techrights-sec # didn't M$ Frontpage used to have a license prohibiting its use [14:48] -TechBytesBot/#techbytes-www.raspberrypi.org | Our supporters - Raspberry Pi [14:48] Techrights-sec # in making web pages critical of M$? [14:48] Techrights-sec # see: http://www.microsoftvolumelicensing.com/userights/Downloader.aspx?DocumentId=1095 [14:48] Techrights-sec # scan for 'disparage' [14:48] Techrights-sec https://github.com/RPi-Distro/raspberrypi-sys-mods/blob/master/debian/raspberrypi-sys-mods.postinst#L42-L63 [14:48] -TechBytesBot/#techbytes-github.com | raspberrypi-sys-mods/raspberrypi-sys-mods.postinst at master RPi-Distro/raspberrypi-sys-mods GitHub [14:48] Techrights-sec https://github.com/XECDesign [14:48] -TechBytesBot/#techbytes-github.com | XECDesign GitHub [14:48] Techrights-sec # whoever is this microsofter's supervisor, plus whoever signed off [14:48] Techrights-sec # on the deal itself, all need to go ● Feb 05 [15:02] *rianne has quit (Ping timeout: 276 seconds) [15:02] *liberty_box has quit (Ping timeout: 256 seconds) [15:21] *tr_guest|68803 (51002695@gateway/web/cgi-irc/kiwiirc.com/ip.81.0.38.149) has joined #techbytes [15:22] *tr_guest|68803 (51002695@gateway/web/cgi-irc/kiwiirc.com/ip.81.0.38.149) has left #techbytes [15:30] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [15:31] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes ● Feb 05 [16:10] *liberty_box has quit (Ping timeout: 240 seconds) [16:10] *rianne has quit (Ping timeout: 240 seconds) [16:36] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [16:36] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes ● Feb 05 [17:17] *liberty_box has quit (Ping timeout: 240 seconds) [17:17] *rianne has quit (Ping timeout: 240 seconds) [17:28] *rianne (~rianne@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes [17:29] *liberty_box (~liberty@host81-154-168-60.range81-154.btcentralplus.com) has joined #techbytes ● Feb 05 [19:05] Techrights-sec apachectl graceful might be a better , smoother way to restart and won't affect [19:05] Techrights-sec the legitimate connections as much [19:05] schestowitz I guess the graceful restarts would be more of a concern for ecommrce sites ● Feb 05 [23:46] schestowitz > So have been there. [23:46] schestowitz > Here's a little link to techrights - :) [23:46] schestowitz > [23:46] schestowitz > https://raspbian.io/ [23:46] schestowitz > [23:46] -TechBytesBot/#techbytes- ( status 500 @ https://raspbian.io/ ) [23:46] schestowitz > You are awesome, you know! and appreciated!!!!