Language Selection

English French German Italian Portuguese Spanish

Heads up: Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

Filed under
Hardware
Microsoft

Truth to be told, RPis is not 100% opensource. Like Intel and AMD CPU/GPU, it comes with a binary closed source firmware too. However, that doesn’t mean, install unwanted software repo and gpg keys secretly on your device without your knowledge. That is what malware does, and hence Linux and the opensource community are upset. I hope they will fix it. Check out Reddit thread with many more suggestions. RPis/OS maintainer should have published a blog post about such a notable change, and doing so without informing RPis users is not great. What do you think? Let us know in the comment section below.

Read more

Raspberry Pi Users Mortified As Microsoft Repository That Phones

  • Raspberry Pi Users Mortified As Microsoft Repository That Phones Home Is Added To Pi OS

    One of the software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system put out by The Raspberry Pi Foundation. It has been around since 2015 without too much complaint. However, a recent update has some Raspberry Pi OS users up in arms over a key change involving Microsoft.

    The latest update installs a Microsoft apt respository on all any machine running Raspberry Pi OS, and does it without any admin consent. As discovered by Reddit user fortysix_n_2, the official reason is an endorsement of Microsoft's integrated development environment (IDE), Visual Studio Code (VSCode), which is fine and dandy. However, it's claimed this even gets installed on headless devices that used a light image without a GUI. As a result, every time you do an "apt update" on your Pi device, the OS pings Microsoft.

Microsoft INFILTRATES Raspberry Pi OS

Alan Pope: Pitchforks set to Stun

  • Alan Pope: Pitchforks set to Stun

    The ‘community’ of Linux users has a bit of a problem. It’s not really a community at all. The Linux ‘community’ is a bunch of individuals who have an affinity for running the OS. But there’s a whole set of people who don’t self-identify as part of that community, because they’re just using the thing as a tool, like you’d use a Dremel. I’m not aware of “Dremel User Groups” but then it wouldn’t surprise me if they exist, and there are splinter groups who eschew the electric devcies for more manual ones, probably.

    Similarly there’s no real wider single ‘Free Software’ community either. There’s the Popular People’s Front of FSF and the People’s Popular front of Open Source who believe fundamentally different things and target different users. It’s a giant sliding scale, like any community of meatbags.

    The ‘Linux Community’ is really more like the Borg with a terrible HSDPA+ connection back to the Borg Cube, pulling in different directions, believing their instructions are utterly correct and serving the same Borg Queen.

    So when the Raspberry Pi developers added a new repository containing proprietary software by default to the OS they recommend, some sections of the Linux Community freaked out. Many of those who have a historical dislike of Microsoft as a company, hate the very idea of them encroaching on the Linux world. Some developers have ragequit GitHub when the Microsoft acquisition went through, others mirrored their repos as a hedge if GitHub went “bad”. People will block Microsoft IP addresses in their router to prevent perceived data leaks. Some will concoct elaborate conspiracy theories involving back-room deals which must have happened for developers to accept Microsoft may have changed.

    [...]

    I’m somewhat torn on this. Having seen backlash when we’ve done things in Ubuntu in the past, communication has almost always been a failing in the strategy. That said, I don’t think the ‘Linux community’ are covering themselves in glory, the way they’re speculating and spinning this. Maybe the Raspberry Pi Foundation should have better documentation of the expectations and limitations of what Pi OS will do, and won’t. The lack of such a covenant doesn’t give them carte blanche, but it is their product. You can choose not to use it if you want.

More from Ubuntu people

  • Stephen Michael Kellat: Lay Down The Pitchfork [Ed: Ubuntu made deals with Microsoft and killed off its community, so it's hardly surprising that the Ubuntu 'community' (like Canonical staff) now defends Raspberry Pi doing the same]

    Of course, we then reach the unhappy lands in our computer-related realm. Alan Pope touches upon this in his blog post relative to a controversy concerning Raspberry Pi OS. I concur with Alan wholeheartedly.

    There comes a point at which we can fight wars over who is the most of pure of heart and deed yet find that nobody wins. Sometimes compromises need to be made in life. Sometimes we don't all have the same goals in life. Alan points out that Raspberry Pi OS is not the same as a more general purpose Ubuntu/Xubuntu/Kubuntu/Lubuntu. There's nothing wrong with that.

    If you want more freedom on a Raspberry Pi you can always run NetBSD or some other distro. The infamous DistroWatch has many choices. Choice is wonderful.

Microsoft's take

Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

  • Microsoft repo secretly installed on all Raspberry Pi’s Linux OS

    Raspberry Pi is a little useful computer for learning programming and building projects. It comes with Debian Linux based modified operating system called Raspbian. It is the most widely installed OS on RPi. In a recent update, the Raspberry Pi OS installed a Microsoft apt repository on all machines running Raspberry Pi OS without the person’s or admin’s knowledge. Every time a Raspbian device is updated by having this repo, it will ping a Microsoft server. Microsoft telemetry has a bad reputation in the Linux community. Let us see why and how this matters to Linux users.

Microsoft Compromising Raspberry Pi

A couple more

  • Raspberry Pi OS added a Microsoft repository without informing users

    Specifically, Microsoft can identify Raspberry Pi OS users when they access certain services, such as Bing or GitHub (owned by Microsoft), and then build a profile to deliver targeted advertising with that information. One of the main software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system released by The Raspberry Pi Foundation. It's been around since 2015 and this recent update with Microsoft software is a game changer. Free software is not the same as proprietary software, and Linux users tend to keep that in mind.

  • Raspberry Pi OS added a Microsoft repository without informing users

    Specifically, cybercity.biz publishes that the update comes with a code which refers to the Redmond signature package http://packages.microsoft.com/repos/code/dists/stable/main/binary-arm64/Packages, as you can see in the image below.

Linux-based Raspberry Pi OS is secretly installing a Microsoft

  • Linux-based Raspberry Pi OS is secretly installing a Microsoft repo

    Raspberry Pi owners are being warned that the officially supported Raspberry Pi OS installs a Microsoft repo without notification.

    A recent update to the Debian Linux-based operating system -- previously known as Raspbian -- secretly installs a Microsoft apt repository that can call home to the company's servers. For anyone concerned about telemetry in general, or who is trying to avoid contact with the Windows maker, this is clearly not good news and raises questions about trust.

Raspberry Pi OS added a Microsoft repo...

  • Raspberry Pi OS added a Microsoft repo. No, it’s not an evil secret

    We were recently alerted to something of a tempest in a teapot: when the Raspberry Pi Foundation made it easier to install Microsoft's Visual Studio Code development environment, some Linux users mistook it for a sort of Mark of the Beast, with concerns being raised about telemetry and "what Microsoft repo secretly installed without your knowledge."

    It's true that an update recently pushed to Raspberry Pi OS added a Microsoft repo to Raspberry Pi OS systems—but it's not true that it added any actual packages whatsoever.

Microsoft talks...

  • Raspberry Pi and Visual Studio Code: A great combination [Ed: Microsoft propagandist Simon Bisson (longtime Microsoft mole in the media) now egging on Raspberry Pi to foist Microsoft's proprietary software on users, even against their will]

    Raspberry Pis are everywhere. From the tiny new Pico microcontroller to the low-cost desktop PC that's the Raspberry Pi 400, the ARM-based single board computer is a powerful tool that works as well in education as it does as an IoT device. Pis have been to space, track aircraft around the world, manage home media collections, run development Kubernetes clusters, and much more. If it can be done on a computer, it'll be done on a Pi.

Linux OS secretly installs Microsoft repo on Raspberry Pi

  • Linux OS secretly installs Microsoft repo on Raspberry Pi

    Nasty story or technical necessary? In the Raspberry Pi community, there is a shit storm, after an update of the Raspbian operating system secretly installed a Microsoft repo. This repo triggers a ping on a Microsoft server with every update.

  • Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

    With this repository present in your system, every time you perform an update a ping to a Microsoft server is automatically performed. The Redmond house, therefore, will know that you are using the Raspberry Pi operating system, that maybe you have one and your IP address. Profiling that will become more and more accurate by browsing GitHub, Bing, and so on.

  • Raspberry Pi OS Faces User Pushback After Inclusion of Microsoft Repo After Update

    One concern from users is that Microsoft might gather information on the device in use, such as an IP address, then link this to other information to create a targeted advertising profile. For those users who actively attempt to operate below the radar, this could serve as a method of identification.

    But for many users, there are bigger issues in play.

    First, many users expressed disappointment that an open-source project would update its source repositories without informing the users. Second, that the update adds the Microsoft repository to existing installations is also causing anger.

Today's coverage of RasPi blunder

  • Users Upset as Raspberry Pi OS Now Pings a Microsoft Server During Updates

    Any Raspberry Pi users concerned about having the Microsoft repo installed on their computer does have options to avoid it by selecting an alternative OS. Wikipedia offers an extensive list of options. There's also now a big question mark hanging over what else will be added to the official operating system without warning in future, and what that means for trust.

  • The Raspberry Pi Foundation secretly installed a Microsoft repository

    Several days ago the news was released that as part of a recent update in Raspberry OS, the Raspberry Pi Foundation installed a Microsoft repository on all single board computers that trusted it, without the knowledge of their owners.

    The maneuver has not gone unnoticed within the community of Linux that is stepping up to oppose lack of transparency and telemetry and Raspberry Pi board users are discussing including a call to the Microsoft repository on Raspberry Pi OS, plus the addition of a Microsoft GPG key for reliable package installation.

  • Raspberry Pi is calling up Microsoft

    Linux people dont like it when the sources.list in Linux is modified without consent -- putting it right up there with killing your first born, so they are extremely miffed.

  • Does your Raspberry Pi phone call home at Microsoft?

    “People didn’t have the opportunity to learn about the new rap until it was added to their sources, along with the Microsoft GPG key. To put it mildly, not very transparent. And in my opinion, not how to act in the world of open source, “- wrote a Reddit user Fortysix_n_2.

  • Raspberry Pi OS, update install Microsoft repo: here’s how to delete it

    And here’s the Microsoft repository added silently.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.