Raspberry Pi OS has turned into spyware for M$:
And yes, they add M$'s repository key to APT's trusted database and add their repo to APT's repo list.
Or informing you via a NEWS file.
So now every time you do "apt[itude] update", M$ will know about it.
This is soo freaking bad.
You'd think that over the years they'd learn a bit on how #Debian works. But I guess not.
rpdom: "Repos should not be added to a system without permissions from the owner/administrator." 👌
jamesh (#RPF): "where do you draw the line on stuff changed during an install or upgrade." ... "Do you say 'No changes to configs at all' which basically makes updates not work?" 🤦♂️
Declare as conf file and use debconf.
If only Debian would've ever had to deal with system upgrades with possibly accompanying configuration file modifications.
Or Eben Upton on
"Sorry: I can't understand why you think this was a controversial thing to do. We do things of this sort all the time without putting out a blog post about how to opt out."
Wow. Just wow.
Ever heard of Embrace, Extend and Extinguish?
Only to push a certain editor which they want to use by default for #RPi Pico.
RPF thought it was good to blog about 'it' after all:
.. by a M$ snake-oil sales representative.
"VS Code is a free, open source developer text editor"
That is "free" as in beer, not freedom. And yes, the code is available, so technically open source, but you can't distribute the binary.
So technically he isn't lying.
But this also proves you (still) can't trust anything that comes from M$.
And shame on #RPF for giving this credence.
But what actually pisses me off the most is this:
Linux isn't hard to learn.
Linux becomes hard to learn, when you first learn something else and then have to unlearn that first in order to learn the new thing.
Then it is different from what you know and that makes it hard.
That is why M$ and Apple give their software (almost) for free to elementary schools, so children get locked in early.
🖕 🖕 🖕
@FreePietje The posts by "gsh" (Raspberry Pi Engineer & Forum Moderator) are also telling:
"So there's nothing wrong here, as other's say, it's just the repo, you don't have to install anything from it and we won't have a dependency on anything from Microsoft in the Debian / Raspbian or Raspberry Pi repositories"
That's complete horseshit. What if MS decides to host a "openssh-server" package in their repo with whitelisted MS keys? You know, to make life easier for their support employees.
It looks like the worst aspect, like you mentioned, may get addressed:
Several people explain, imo extremely polite, what is wrong with it and how to remedy that (including a DD mentioning using NEWS.Debian ;P) ... and that still got his feelings hurt.
But that he needs to be educated about these things, while he's been building/maintaining RPF deb packages for years now, is just sad.
@kekcoin @FreePietje it’s a bit different than what you are describing https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42 Debian devs have voiced concern and they have been heard.
@wa__em @FreePietje Do note the timeline; the first comment on that issue by the devs conceding there might be a bit of a problem (https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42#issuecomment-773407383) was posted after my remark here. So at the time of writing, my criticism was accurate.
I'm not going to excuse the way that they did it or their dismissive and belittling response to valid criticism.
I also stand by my point that they should have known and done better. Asking permission to add a 'random' repo is one of them.
I will not assume malice though.
I 'know' some more/longer then I can tell.
I have been meaning to try out the #ROCK64 (AES acceleration onboard, which rpi doesn't have!) and looks like this will be what pushes me to it. Too bad they don't have an 8GB version though.
Had they asked for informed consent then this would've been a non-issue.
A bit more troubling is that they/RPF can't see/understand that people have a problem with their actions.
If you haven't bought the board and you can afford it, the RockPro64 is probably a better choice. And get proper cooling.
The RockPro64 appears to have better kernel support.
The RPi/RPF were actually doing good with upstreaming stuff.
AFAICT Pine64 does absolutely nothing in that regard (no SW, only HW).
@FreePietje EEE... I know about it!
Although, while Amazon and Google are far into the Extinguish phase with AWS and ChromeOS, Microsoft seems stuck in the Embrace phase and they have been for a while... VS Code is a nice editor. For an educational purpose distribution, it makes sense. I prefer that than students using chromebooks.
I think they (and everyone else) should urge people to use Vim.
I have never tried VS Code and it may indeed be a nice non-free editor. And RPF could've easily done it in a way that would've been a non-issue:
asking for informed consent.
But they didn't.
And tell M$ that the editor needs to be in the non-free section of their archive as it is not Free Software.
@FreePietje I switched to vs code after using vim for more than 10 years. Using vim to teach programming is a cruel thing to do.
BTW, the RPF didn't make this an issue. Linux users pushing FUD did.
My Vim remark was (kind of) tongue in cheek.
I don't think they should be pushing any text editor. I don't like that they are doing it and a non-free one to boot.
All I've reported is factual and either found out by me or verified by me.
If you put a GPG key in the post-install script of a package and add it to APT trusted database and modify sources.list WITHOUT asking or informing, the RPF deserves all the scorn wrt that.
It's a security risk and disrespectful to your users.
"Correct me if I am wrong, but I believe there are parts of VS Code that aren't entirely open - microsoft/vscode-cpptools#5980. Otherwise, we would just take vscodium or do our own builds."
and also https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42#issuecomment-773446923
"Not if you want access all the features and extensions. Unfortunately it looks a bit like the Chrome vs Chromium situation."
by XECDesign who is the person that added the dubious post-install script.
That works too.
You can get online with it, but the one thing you need to avoid like the plague is raspberrypi-sys-mods.
Or just get rid of the raspberrypi.org repo altogether.
Raspbian(.org) is run by a Debian Developer (plugwash) and ~ just recompiles the Debian packages for RPi (1 architecture).
See the toot I linked earlier.
The RPF should've done a 'rebranding' from the start, because before that, raspbian referred to various different things.
The majority of software in RaspiOS still comes from raspbian.org and there's absolutely nothing wrong with that.
Some software package do come from raspberrypi.org and that's where the problem lies, including what I reported in OP.
While #Microsoft is a better company than some years ago they're still labelled as the #blackknight as they haven't stopped some of their evil ways. Other companies are more evil these days, in different ways: one dropped its motto "Don't be evil" some years ago, the other locks people in comfortable #GoldenPrisons
@FreePietje Argh. The RPi is such a cool little computing device, but things like that make it unusable for everyone who wants to have at least a little bit of security, and of course for literally the whole industry. Can't install something like the RPi into production lines if shit like this happens.
i dont think there is a coincidence... 🤨
@FreePietje "lock in early" is Adobe's strategy too—it's not so much that (modern) creative open source tools like Krita and Blender are so hard to use compared to Adobe's monsters, but everyone is used to Adobe's so it's always "but this is haard!" because it is different to use
@mep1911 @kekcoin @orionwl
There is. And they don't intend to use that: https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42#issuecomment-773446923
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!