Follow

Raspberry Pi OS has turned into spyware for M$:
github.com/RPi-Distro/raspberr

And yes, they add M$'s repository key to APT's trusted database and add their repo to APT's repo list.
Without asking.
Or informing you via a NEWS file.

So now every time you do "apt[itude] update", M$ will know about it.

This isn't the first time that the Foundation changed your sources.list without asking: x0f.org/@FreePietje/1037994382

Fuck that.

This is soo freaking bad.
You'd think that over the years they'd learn a bit on how works. But I guess not.

raspberrypi.org/forums/viewtop
rpdom: "Repos should not be added to a system without permissions from the owner/administrator." 👌

jamesh (): "where do you draw the line on stuff changed during an install or upgrade." ... "Do you say 'No changes to configs at all' which basically makes updates not work?" 🤦‍♂️

Declare as conf file and use debconf.

If only Debian would've ever had to deal with system upgrades with possibly accompanying configuration file modifications.

Or Eben Upton on :birdsite:
twitter.com/EbenUpton/status/1

"Sorry: I can't understand why you think this was a controversial thing to do. We do things of this sort all the time without putting out a blog post about how to opt out."

Wow. Just wow.
Ever heard of Embrace, Extend and Extinguish?

Only to push a certain editor which they want to use by default for Pico.

Also, M$ adding their non-free 'code' program in the 'main' section ...

*headdesk*

RPF thought it was good to blog about 'it' after all:
raspberrypi.org/blog/visual-st

.. by a M$ snake-oil sales representative.

"VS Code is a free, open source developer text editor"

That is "free" as in beer, not freedom. And yes, the code is available, so technically open source, but you can't distribute the binary.

So technically he isn't lying.
But this also proves you (still) can't trust anything that comes from M$.
And shame on for giving this credence.

And through the comments I learned that VS Code is an Electron app.

Maybe we should start a fundraiser so M$ can rewrite it in a proper way?

But what actually pisses me off the most is this:

Linux isn't hard to learn.
Linux becomes hard to learn, when you first learn something else and then have to unlearn that first in order to learn the new thing.
Then it is different from what you know and that makes it hard.

That is why M$ and Apple give their software (almost) for free to elementary schools, so children get locked in early.

The FOSS community has done a LOT for and and now RPF is helping M$ lock kids in too

🖕 🖕 🖕

@FreePietje The posts by "gsh" (Raspberry Pi Engineer & Forum Moderator) are also telling:

"So there's nothing wrong here, as other's say, it's just the repo, you don't have to install anything from it and we won't have a dependency on anything from Microsoft in the Debian / Raspbian or Raspberry Pi repositories"

That's complete horseshit. What if MS decides to host a "openssh-server" package in their repo with whitelisted MS keys? You know, to make life easier for their support employees.

@kekcoin
Indeed.
Hence: "This is soo freaking bad.
You'd think that over the years they'd learn a bit on how works. But I guess not."

@kekcoin
It looks like the worst aspect, like you mentioned, may get addressed:

github.com/RPi-Distro/raspberr

Several people explain, imo extremely polite, what is wrong with it and how to remedy that (including a DD mentioning using NEWS.Debian ;P) ... and that still got his feelings hurt.

But that he needs to be educated about these things, while he's been building/maintaining RPF deb packages for years now, is just sad.

@kekcoin @FreePietje it’s a bit different than what you are describing github.com/RPi-Distro/raspberr Debian devs have voiced concern and they have been heard.

@wa__em @FreePietje Do note the timeline; the first comment on that issue by the devs conceding there might be a bit of a problem (github.com/RPi-Distro/raspberr) was posted after my remark here. So at the time of writing, my criticism was accurate.

@wa__em

It wasn't when I reported about it.
It really annoyed me that RPF didn't think of the scenario as @kekcoin described. After so many years, they should have known.

And I actually referenced that issue myself here: x0f.org/@FreePietje/1056743555

@kekcoin @FreePietje If I don't have to install anything from it, why would I have it then? OFF it goes!

@carl @FreePietje The argument is that they want to make it easier to install things from MS... I wonder how much they got paid.

@kekcoin @FreePietje Yeah, but I sure do not want to install ANYTHING from MS. And I would like to be asked FIRST, thank you very much.

@carl @kekcoin
The RPF makes choices which I wouldn't make, but do make sense when you view it in light of *their* primary goal:
get kids interested in computers and electronica.

I'm not going to excuse the way that they did it or their dismissive and belittling response to valid criticism.
I also stand by my point that they should have known and done better. Asking permission to add a 'random' repo is one of them.

I will not assume malice though.
I 'know' some more/longer then I can tell.

@FreePietje O U C H. The fundamental problem I have with this is that #RaspberryPi is adding something third-party to the trusted keyring. In no way is that right.

I have been meaning to try out the #ROCK64 (AES acceleration onboard, which rpi doesn't have!) and looks like this will be what pushes me to it. Too bad they don't have an 8GB version though.

@jgoerzen
Had they asked for informed consent then this would've been a non-issue.
A bit more troubling is that they/RPF can't see/understand that people have a problem with their actions.

If you haven't bought the board and you can afford it, the RockPro64 is probably a better choice. And get proper cooling.
The RockPro64 appears to have better kernel support.

The RPi/RPF were actually doing good with upstreaming stuff.
AFAICT Pine64 does absolutely nothing in that regard (no SW, only HW).

@FreePietje EEE... I know about it!
Although, while Amazon and Google are far into the Extinguish phase with AWS and ChromeOS, Microsoft seems stuck in the Embrace phase and they have been for a while... VS Code is a nice editor. For an educational purpose distribution, it makes sense. I prefer that than students using chromebooks.

@strider
I think they (and everyone else) should urge people to use Vim.

I have never tried VS Code and it may indeed be a nice non-free editor. And RPF could've easily done it in a way that would've been a non-issue:
asking for informed consent.

But they didn't.

And tell M$ that the editor needs to be in the non-free section of their archive as it is not Free Software.

@FreePietje I switched to vs code after using vim for more than 10 years. Using vim to teach programming is a cruel thing to do.

BTW, the RPF didn't make this an issue. Linux users pushing FUD did.

@strider
My Vim remark was (kind of) tongue in cheek.
I don't think they should be pushing any text editor. I don't like that they are doing it and a non-free one to boot.

All I've reported is factual and either found out by me or verified by me.
If you put a GPG key in the post-install script of a package and add it to APT trusted database and modify sources.list WITHOUT asking or informing, the RPF deserves all the scorn wrt that.
It's a security risk and disrespectful to your users.

@FreePietje so you're basically saying that MIT is non free or is that also tongue in cheek? github.com/microsoft/vscode

@strider
github.com/RPi-Distro/raspberr
"Correct me if I am wrong, but I believe there are parts of VS Code that aren't entirely open - microsoft/vscode-cpptools#5980. Otherwise, we would just take vscodium or do our own builds."

and also github.com/RPi-Distro/raspberr
"Not if you want access all the features and extensions. Unfortunately it looks a bit like the Chrome vs Chromium situation."

by XECDesign who is the person that added the dubious post-install script.

@FreePietje I have one -rPi - but I never let it online; only use it as a utility-linux thing.

@FriendofBernie
That works too.
You can get online with it, but the one thing you need to avoid like the plague is raspberrypi-sys-mods.
Or just get rid of the raspberrypi.org repo altogether.
Raspbian(.org) is run by a Debian Developer (plugwash) and ~ just recompiles the Debian packages for RPi (1 architecture).

Or do as @jvalleroy suggested, use an image from raspi.debian.net/ which only contains things from . And you can be sure that Debian would never pull crap like that :)

@FreePietje
Thank you for the link and info. I will try one of those images. I mostly used it for Kodi. Last time I dl the raspOS it was the "basic" bc I knew that Raspberry official was for kids and had a lot of limitations, like you can't change the DNS from ggl's 8888.

@jvalleroy

@FreePietje is raspbian deprecated or something? i've never heard of raspios
@georgia @FreePietje It's just rebranded raspbian. They want to distance themselves from debian so the can shill licensed software

@abloo @georgia

See the toot I linked earlier.

The RPF should've done a 'rebranding' from the start, because before that, raspbian referred to various different things.
The majority of software in RaspiOS still comes from raspbian.org and there's absolutely nothing wrong with that.
Some software package do come from raspberrypi.org and that's where the problem lies, including what I reported in OP.

@FreePietje
While #Microsoft is a better company than some years ago they're still labelled as the #blackknight as they haven't stopped some of their evil ways. Other companies are more evil these days, in different ways: one dropped its motto "Don't be evil" some years ago, the other locks people in comfortable #GoldenPrisons

@FreePietje Argh. The RPi is such a cool little computing device, but things like that make it unusable for everyone who wants to have at least a little bit of security, and of course for literally the whole industry. Can't install something like the RPi into production lines if shit like this happens.

@KopfKrieg
You can run (pure) on them and someone mentioned Gentoo works too. Likely Arch does too and likely other distributions as well.

@FreePietje @KopfKrieg I can't fathom why you would ever need a distro that isn't #Debian at this point, but any distro that supports arm or arm64 should work.

@BalooUriza @FreePietje You all do realize that I'm talking about industrial applications? I can't just switch distros, I have to use the official one (also because we don't use Raspberry Pis but their industrial version which requires special kernel support).

@ajeremias
With a headline like that, I won't bother reading the rest as the author is obviously clueless.
x0f.org/@FreePietje/1056799636

ECMAScript was M$'s thing vs Netscape's JavaScript. Netscape has long gone, which leaves only ECMAScript. ECMAScript was there before there were "open source javascript communities", so I don't see a 'takeover' here. I love his top picture though.

@FreePietje "lock in early" is Adobe's strategy too—it's not so much that (modern) creative open source tools like Krita and Blender are so hard to use compared to Adobe's monsters, but everyone is used to Adobe's so it's always "but this is haard!" because it is different to use

@orionwl @FreePietje isn't that also why marketing is generally aimed at younger audiences? Get them while they are impressionable and make them a customer for life.

@mep1911 @orionwl @FreePietje Look at what google is doing with chromium (migrating features to chrome-only) now that the entire ecosystem has become a chromium derivative. Using VSCodium is just as big of a mistake as using VSCode.

@kekcoin @mep1911 @orionwl
Yep, you first need to get a foot in the door. From that you can Extend and Exterminate. And the RPF has given them that.

And I believe them when they say they haven't been paid for that. That makes them dumb af as well.

@FreePietje @mep1911 @orionwl I'll invoke Grey's law; "Any sufficiently advanced incompetence is indistinguishable from malice."

@kekcoin @mep1911 @FreePietje that's up to you of course

just be aware that in the case of open source, freely licensed software, you're not spiting anyone by "i'm not using your software"

someone you completely disagree with could make software that is useful to you and it shouldn't really matter

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!