Several sites are covering an incident affecting Raspberry Pi OS deployments since last week. Quietly, without disclosure or warning, a package added a Microsoft repository and OpenPGP key to the system. The latter effectively gives the former full root access, in principle, to the whole system. The former checks in with Microsoft's servers any time APT refreshes its cache.
$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"How to know if you're affected/infected already:
$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main
Issue has been taken with both what has been done and how it has been deployed. The official explanation is, for now, that resource hog Visual Studio was to be made available by default on the Raspberry Pi for development for their first entry into microcontrollers, the Raspberry Pi Pico. This is in spite of the established presence of many light weight editors and IDEs alredy[sic] available through vetted repositories. Not to mention the package could have been added to the established, vetted repositories. Threads on the topic over at the Raspberry Pi Forum are quickly locked by moderators and then deleted.
(Score: 0) by Anonymous Coward on Friday February 05 2021, @04:16AM (6 children)
I concur with what you've said, but there is just this much animosity towards Microsoft from many people. There were a lot of new linux migrants due to how Win10 was pushed out.
(Score: 1, Insightful) by Anonymous Coward on Friday February 05 2021, @04:53AM
You also have to get away from systemd.
1.) Embrace
2.) systemd
3.) Extinguish
(Score: 1, Insightful) by Anonymous Coward on Friday February 05 2021, @11:28AM
I share your animosity, but let's face it: Windows 10 was first released +5 years ago. Most people can barely remember what meme they consumed 3 minutes ago, let alone remember how Win10 was shoved down throats.
(Score: 1, Disagree) by driverless on Friday February 05 2021, @11:44AM (2 children)
The Techrights article linked above is a particularly extreme example of this:
Yeah, that's definitely a rational, reasonable report on the situation. Excuse me one moment while I wipe the spittle from the person shouting that at me on a street corner off my face.
As a counterpoint, others like the Hothardware one are a lot more reasonable.
(Score: 0) by Anonymous Coward on Friday February 05 2021, @04:05PM
Glad to here your so cool about it. Hey I've got some repo keys I'd like to install on your machine. Since your so non-chalant, what email address should I send them to?
(Score: 2) by Azuma Hazuki on Saturday February 06 2021, @01:34AM
They're not wrong though. The leopard, as Nanny Ogg says, does not change his shorts. MS has always been about emrbace/extend/extinguish. They "love" Linux the way a pimp "loves" little girls.
I am "that girl" your mother warned you about...
(Score: 4, Insightful) by r_a_trip on Friday February 05 2021, @12:40PM
Don't forget us veterans who lived under MS with monopoly power and an iron fist on the computing world. I trust these clowns as far as I can see them. This is a company founded by people who would probably sell their own mother for organ harvesting if it made them some bucks.