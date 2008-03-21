from the same-old-M$ dept.
Developer Gavin L Rebeiro has posted a five-part article series at Techrights on how to deal with the ongoing Raspberry Pi fiasco by salvaging existing hardware with a replacement operating system.
He covers the background, the technical principles, some methods for mitigation, proposes using NetBSD in place of the GNU/Linux, Raspberry Pi OS. Finally, he walks through installation of NetBSD.
We don't want to be spied on; what happens when we're faced with an operating system that spies on people? We throw it in the trash where it belongs! I am boycotting the Raspberry Spy myself (you're free to join me in doing so) but I don't want people to waste hardware that they already have. So we're going to walk through an interesting path of installing a different operating system on the Raspberry Spy; I want to show you a few things that will empower you to take greater control over your computing.
We'll gently walk through and explore the following: how to install an operating system on an embedded device (a Raspberry Spy, in this case) over a USB-to-UART bridge (UTUB). This is the main project we've got on our hands. Don't worry if you've never touched embedded systems before; everything here is accessible to people with a modest set of prerequisite knowledge and some basic apparatus.
We'll delve into things with more depth as we move forward with our project; if you don't understand something when you first encounter it, just keep reading.
NetBSD might be a bit of a leap for some, so it should be noted that there are other GNU/Linux distros for the Raspberry Pi which do not include the problems addressed above.
The focus of the series is on individual privacy, but a parallel threat exists for institutions because, after the recent changes, any use of Raspberrry Pi OS will show up at their most hostile competitor, Microsoft. The company has had a do-not-lose-to-Linux-at-any-cost attitude for decades and has various slush funds available to fund attacks. EDGI was one such program which did a lot of damage around the world and has been described in fair detail in the Comes v Microsoft case.
Previously:
(2021) Raspberry Pi Users Mortified as Microsoft Repository that Phones Home is Added to Pi OS
Several sites are covering an incident affecting Raspberry Pi OS deployments since last week. Quietly, without disclosure or warning, a package added a Microsoft repository and OpenPGP key to the system. The latter effectively gives the former full root access, in principle, to the whole system. The former checks in with Microsoft's servers any time APT refreshes its cache.
$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
How to know if you're affected/infected already:
$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main
Issue has been taken with both what has been done and how it has been deployed. The official explanation is, for now, that resource hog Visual Studio was to be made available by default on the Raspberry Pi for development for their first entry into microcontrollers, the Raspberry Pi Pico. This is in spite of the established presence of many light weight editors and IDEs alredy[sic] available through vetted repositories. Not to mention the package could have been added to the established, vetted repositories. Threads on the topic over at the Raspberry Pi Forum are quickly locked by moderators and then deleted.
(Score: 2, Informative) by Anonymous Coward on Monday March 08, @11:08PM (2 children)
You have to read too much of this post to determine that this is related to the update to Raspberry Pi OS which added the PPA for Visual Studio Code. This title might be appropriate if someone was running the 'Fiasco' micro kernel on a PI, but its just not very specific and way too opinionated. I suggest the title "Guide for migrating to NetBSD in reaction to Raspberry Pi OS adding MS PPA".
If you want to stick closer to the current title, do with "A response to Raspberry Pi OS adding the a Microsoft PPA".
We want the title to indicate to reader that this is related to the Microsoft PPA, and Raspberry Pi OS. When I initially read it, I assumed this story was covering some new issue related to the Raspberry Pi hardware. Even now I'm not sure this article is actually about the PPA issue, or something else from the summery here.
Full disclosure: I'm a Microsoft employee, and a long time desktop Linux user. I have biases on this subject. I do think adding the VS Code PPA via meta-package and not via silent install would have been a better approach, however I think we need a bit of Hanlon’s Razor here. I don't think the Raspberry Pi intended to spy on anyone with this change, and it would be better to work constructively on educating people on better ways to do things than saying "Raspberry Spy", "salvaging existing hardware", "fiasco" etc. While I'm happy to have a guide for setting up NetBSD, could be be more educational and constructive, at least in our titles and summaries here on Soylent news?
(Score: 1, Insightful) by Anonymous Coward on Monday March 08, @11:32PM
》 I don't think the Raspberry Pi intended to spy on anyone with this change,
Correct, it's Microsoft who intended to spy with this change.
(Score: 1, Insightful) by Anonymous Coward on Monday March 08, @11:32PM
Not only is the TFS (and presumably TFA as well) unnecessarily inflammatory, I believe it to be incorrect as well.
"any use of Raspberrry [sic] Pi OS will show up at [...] Microsoft" - no, the specific act of attempting to obtain the list of available updates (via apt update or similar) will show up at Microsoft, unless you first modify the apt sources list. There are plenty of uses of the Raspberrry Pi OS that don't involve checking for updates. The way it's written makes it seem like there are currently rootkits installed, that all mouse movements or keypresses are all sent to Microsoft - which to be fair, with their apt source in there, they could totally push out an OS update containing such a rootkit due to the way that apt sources are trusted. But call a spade a spade, not a lethal weapon - yes you could use a spade to kill someone but the escalation in language isn't conductive to being taken seriously.
A lot of things should have been better. It should have been opt-in, and it should be clearer for how to disable once added, and the response by Raspberry Pi staff could have been done differently to not fan the flames. But this kind of escalation doesn't seem helpful either.
(Score: 3, Insightful) by Anonymous Coward on Monday March 08, @11:20PM (1 child)
It appears to me that the author is a bit confused and mistakes Raspbian, the 'official' operating system for raspberry pis, with Raspberry Pi, the hardware. The name-calling of it being a 'raspberry spy' is unwarranted and uncalled for to say the least. It looks like someone wanted to drive a little bit more traffic to their obscure blog by being sensationalist, methinks.
if Raspbian OS is such a big problem, why not use https://raspi.debian.net/ [debian.net] which is as pure a Debian as you'll get for a Pi, or any other one of the GNU/Linux distro's that run on the pi? I've been running that on my Pi's for almost an eternity and you don't hear me kicking up a stink like the author does...
I'm no big fan of microsoft (anymore), but the whole "boo hoo, they added a repo for VSCode and it are the WORST!1!1!eleven" is a bit over the top. You don't like it, go ahead and remove that repo from /etc/apt/sources.list.d/ and quit your whining. It's a 'tinkerer device' anyway so go and fucking tinker with it... The worst that can happen is you having to reflash your sd card.
Was that whole adding of an MSFT repo ill-advised?
Was it badly communicated? Yes
Was it dealt with badly? Yes
But remember: never attribute to malice that which is adequately explained by stupidity.
And thus: is it an underhanded attempt at secretly taking over the world and spying on your every move on your precious Raspberries? C'mon man, gimme a break...
Question (not a complaint) for the SN editors: Where the heck do these link to? Part 1 (http://techrights.org/2021/03/05/raspi-paper/) claims that there all sorts of outbound links to nefarious things done by the Raspberry Pi Foundation and by Microsoft, but for the life of me, I cannot find those links. That page literally says "The following links go over some of the news coverage from TR:" and while I see a listing of items, they ain't links.
(Score: 0) by Anonymous Coward on Monday March 08, @11:35PM
You Microsoft shills sure are verbose today. You got caught... own up.
(Score: 3, Interesting) by takyon on Monday March 08, @11:35PM
Next Raspberry Pi CPU Will Have Machine Learning Built In [tomshardware.com]
