Raspberry Pi OS has turned into spyware for M$:
And yes, they add M$'s repository key to APT's trusted database and add their repo to APT's repo list.
Or informing you via a NEWS file.
So now every time you do "apt[itude] update", M$ will know about it.
This is soo freaking bad.
You'd think that over the years they'd learn a bit on how #Debian works. But I guess not.
rpdom: "Repos should not be added to a system without permissions from the owner/administrator." 👌
jamesh (#RPF): "where do you draw the line on stuff changed during an install or upgrade." ... "Do you say 'No changes to configs at all' which basically makes updates not work?" 🤦♂️
Declare as conf file and use debconf.
If only Debian would've ever had to deal with system upgrades with possibly accompanying configuration file modifications.
Or Eben Upton on
"Sorry: I can't understand why you think this was a controversial thing to do. We do things of this sort all the time without putting out a blog post about how to opt out."
Wow. Just wow.
Ever heard of Embrace, Extend and Extinguish?
Only to push a certain editor which they want to use by default for #RPi Pico.
RPF thought it was good to blog about 'it' after all:
.. by a M$ snake-oil sales representative.
"VS Code is a free, open source developer text editor"
That is "free" as in beer, not freedom. And yes, the code is available, so technically open source, but you can't distribute the binary.
So technically he isn't lying.
But this also proves you (still) can't trust anything that comes from M$.
And shame on #RPF for giving this credence.
But what actually pisses me off the most is this:
Linux isn't hard to learn.
Linux becomes hard to learn, when you first learn something else and then have to unlearn that first in order to learn the new thing.
Then it is different from what you know and that makes it hard.
That is why M$ and Apple give their software (almost) for free to elementary schools, so children get locked in early.
🖕 🖕 🖕
@FreePietje The posts by "gsh" (Raspberry Pi Engineer & Forum Moderator) are also telling:
"So there's nothing wrong here, as other's say, it's just the repo, you don't have to install anything from it and we won't have a dependency on anything from Microsoft in the Debian / Raspbian or Raspberry Pi repositories"
That's complete horseshit. What if MS decides to host a "openssh-server" package in their repo with whitelisted MS keys? You know, to make life easier for their support employees.
It looks like the worst aspect, like you mentioned, may get addressed:
Several people explain, imo extremely polite, what is wrong with it and how to remedy that (including a DD mentioning using NEWS.Debian ;P) ... and that still got his feelings hurt.
But that he needs to be educated about these things, while he's been building/maintaining RPF deb packages for years now, is just sad.
@kekcoin @FreePietje it’s a bit different than what you are describing https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42 Debian devs have voiced concern and they have been heard.
@wa__em @FreePietje Do note the timeline; the first comment on that issue by the devs conceding there might be a bit of a problem (https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42#issuecomment-773407383) was posted after my remark here. So at the time of writing, my criticism was accurate.
I'm not going to excuse the way that they did it or their dismissive and belittling response to valid criticism.
I also stand by my point that they should have known and done better. Asking permission to add a 'random' repo is one of them.
I will not assume malice though.
I 'know' some more/longer then I can tell.
I have been meaning to try out the #ROCK64 (AES acceleration onboard, which rpi doesn't have!) and looks like this will be what pushes me to it. Too bad they don't have an 8GB version though.
Had they asked for informed consent then this would've been a non-issue.
A bit more troubling is that they/RPF can't see/understand that people have a problem with their actions.
If you haven't bought the board and you can afford it, the RockPro64 is probably a better choice. And get proper cooling.
The RockPro64 appears to have better kernel support.
The RPi/RPF were actually doing good with upstreaming stuff.
AFAICT Pine64 does absolutely nothing in that regard (no SW, only HW).
That works too.
You can get online with it, but the one thing you need to avoid like the plague is raspberrypi-sys-mods.
Or just get rid of the raspberrypi.org repo altogether.
Raspbian(.org) is run by a Debian Developer (plugwash) and ~ just recompiles the Debian packages for RPi (1 architecture).
See the toot I linked earlier.
The RPF should've done a 'rebranding' from the start, because before that, raspbian referred to various different things.
The majority of software in RaspiOS still comes from raspbian.org and there's absolutely nothing wrong with that.
Some software package do come from raspberrypi.org and that's where the problem lies, including what I reported in OP.
While #Microsoft is a better company than some years ago they're still labelled as the #blackknight as they haven't stopped some of their evil ways. Other companies are more evil these days, in different ways: one dropped its motto "Don't be evil" some years ago, the other locks people in comfortable #GoldenPrisons
@FreePietje Argh. The RPi is such a cool little computing device, but things like that make it unusable for everyone who wants to have at least a little bit of security, and of course for literally the whole industry. Can't install something like the RPi into production lines if shit like this happens.
i dont think there is a coincidence... 🤨
@FreePietje "lock in early" is Adobe's strategy too—it's not so much that (modern) creative open source tools like Krita and Blender are so hard to use compared to Adobe's monsters, but everyone is used to Adobe's so it's always "but this is haard!" because it is different to use
@mep1911 @kekcoin @orionwl
There is. And they don't intend to use that: https://github.com/RPi-Distro/raspberrypi-sys-mods/issues/42#issuecomment-773446923
@orionwl @mep1911 @FreePietje I agree that this is true often, but this is not universally true. Look at the current state of the web; google has de facto complete control over the direction of web standards. The entire browser ecosystem, aside from a rounding error, is either chromium-based or firefox, which is mostly google-funded.
@orionwl @mep1911 @FreePietje Google are in a perfect position to do EEE, and in fact they are already doing so by pulling features out of chromium (and into chrome) that derivative browsers (foolishly) relied on. This strategy isn't new. And this VSCode thing has all the ingredients to take on a similar role in the IDE world.
@kekcoin @orionwl @mep1911
I've used the Debian build of Chromium for a while (as secondary browser) as it disabled various anti-privacy 'features' in chromium. About a year ago I concluded that this was just a losing game. And while open source, (afaict) g👀gle controlled everything. The amount of 'questionable' things G👀gle has done these last couple of years, made me ditch it then. Because of the context.
That G👀gle moved sync from chromium to Chrome was therefor completely expected by me.
@FreePietje @orionwl @mep1911 Yeah when the whole Sync scenario played out my first response was just a jaded "what did you expect? that service uses google servers, it was proprietary all along, it should never have been in chromium in the first place!". But it was pointed out to me later that downstream browsers also used this function and now lost access.
> it should never have been in chromium in the first place!
Excellent point, I had actually overlooked that.
By putting it in chromium all downstream browsers would normally have it, making the sync with android seamless for far more users, thus locking users in.
@FreePietje @orionwl @mep1911 Not just "locking users in", but also "locking browser vendors in". This is pure speculation but it wouldn't surprise me if vendors decided to make the switch to chromium-based partially because this function came included. At the very least they never bothered building their own, which they might have were it not for the inclusion.
And now all those non-chrome users get presented with the choice to create a new vendor-specific sync account or switch to chrome.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!