this post was submitted on 23 Oct 2023
338 points (95.7% liked)
Technology
59454 readers
4928 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
To bad that Raspberry Pi lost its cool, when they began to "cooperate" with Microsoft, and grant Microsoft access to your device.
Edit:
As answered to another user about the issues of the Microsft repo:
The raspberry pi came preinstalled with a Microsoft developer tool, which resided in a Microsoft controlled repo.
Now Microsoft has root access to your system, whenever you make any kind of upgrade, and can change dependencies for that tool to anything in their repo. Basically granting a third party control over your raspberry pi.
The worst is that it's very difficult to prevent, you may look up guides to prevent Microsoft repo, and even these solutions have shortcomings.
https://arstechnica.com/gadgets/2021/02/raspberry-pi-os-added-a-microsoft-repo-no-its-not-an-evil-secret/
On top of that, this enabled telemetry which is borderline illegal in EU.
It also means you ping Microsoft with every use of your package manager, granting Microsoft very useful information on a competing OS, plus giving them information you may not wish to give them.
You may consider all these issues as non issues, but I do not.
Edit:
It did not come preinstalled.
Can you support your claim? Raspberry py offers a Linux based computer and you can install whatever the hell you want on it.
Yeah I’d like a source too because what they said makes no sense. The immature way they responded to criticism of someone they hired is a good reason to be turned off of the pi, no need to actually make up something ridiculous.
I think they're referring to that one time they installed a Microsoft repo on Raspbian without permission.
Thanks, that makes more sense. According to an article on ars it doesn’t actually install anything so I don’t see their problem. All they have to do is comment out the line or just use a different distribution.
It was removed a month later anyway. Now VSCode can be installed through the main Raspbian repo.
OK they apparently did, but apparently they did it silently, at least I never noticed, maybe because I switched to Debian?
I actually thought it was still there!
https://forums.raspberrypi.com/viewtopic.php?t=306597
But you are right they did it after about a month. If only they had owned up to it. Or at least announced it more clearly.
I think the main problem is just screwing with the system like that without permission. I mean, I know I was pretty pissed off when I found a Microsoft repo in my sources one day. It's not like it was a standard update or anything.
I love the "overly paranoid" label, when you're talking about a repo than can alter "real system packages".
In what world is this OK?
That’s not the same as their claim that Microsoft software was pre installed and has access to your system which is what I’m arguing was incorrect.
https://forums.raspberrypi.com/viewtopic.php?t=303549
https://arstechnica.com/gadgets/2021/02/raspberry-pi-os-added-a-microsoft-repo-no-its-not-an-evil-secret/
Explain how adding a Microsoft repo that doesn’t actually install anything is the same as giving Microsoft access to your device?
OK if i must...
The raspberry pi came preinstalled with a Microsoft developer tool, which resided in a Microsoft controlled repo.
Now Microsoft has root access to your system, whenever you make any kind of upgrade, and can change dependencies for that tool to anything in their repo. Basically granting a third party control over your raspberry pi.
The worst is that it's very difficult to prevent, you may look up guides to prevent Microsoft repo, and even these solutions have shortcomings.
https://arstechnica.com/gadgets/2021/02/raspberry-pi-os-added-a-microsoft-repo-no-its-not-an-evil-secret/
On top of that, this enabled telemetry which is borderline illegal in EU.
It also means you ping Microsoft with every use of your package manager, granting Microsoft very useful information on a competing OS, plus giving them information you may not wish to give them.
You may consider all these issues as non issues, but I do not.
Edit:
It did not come preinstalled.
It didn’t come pre installed with the tool. It only had the repo. Did you even read your own link?
Corrected.
https://forums.raspberrypi.com/viewtopic.php?t=303549
https://arstechnica.com/gadgets/2021/02/raspberry-pi-os-added-a-microsoft-repo-no-its-not-an-evil-secret/
Ha! I mean yeah Micro$oft is bad but honestly, VScode is so useful. Unless you’re a Vim hardcore VScode is the way to go imo.
Lots of things to criticize rPi foundation for, but this is just goofy BS.
Not the foundation. They're not the ones who've funked up the product, it was and is the stupid profit-driven sister corporation to which they've outsourced design and manufacturing. The foundation exists only for educarional stuff now.
My wife still uses the hardware, but with only Debian on it.
Personally they lost me, fucking up like that, I don't trust them.
You keep posting this article but it explains clearly why it's not a big deal.
I just found the article to prove that it happened.
You then have to ask why it wasn't announced, and why they changed the practice?
There are several problems about it, which I stated elsewhere in this thread. You may think they are not an issue, and that's OK.
But I DO think it's a serious issue, in part for the reasons stated previously.
Now I think I'm out of here, this is not something that actually has my interest anymore, since we use Debian on our old Pi's , and will not buy any more.
There was also a Windows 10 IOT build for Raspberry Pi. Basically a stripped down Windows without a desktop for embedded uses. Nobody was forced to use it and probably very few people ever did.
As for this repo it looks like a build of VS Code which is just a popular text / programming editor.
Just read the article. That's bad.
I don't care that I can remove the repo, I'd still have to block MS to prevent an RPi update from re-adding a repo that can replace core files.
What kind of BS is that author peddling? The bottom line is "if it can be done, it's a bad thing", that goodwill argument is a bunch of whitewashing.
Plus, I don't WANT VS on my Pi. The "help learning students" argument is also BS. VS is difficult to install because it's not native, and this is a reality for tech users. Better approach would be clear documentation on how to install VS, explaining the how's and why's along the way. If it's "too hard" to write such documentation or for students to follow it, then that person is clearly not qualified to write it.
I've written TONS of docs just like this for enterprise app deployment. It's SOP there. If a test unit fails to successfully rebuild a system using my docs, it's not the tester's fault, it's a fault of my docs not being complete or clear enough.
Every enterprise has teams that document everying to the extreme for disaster recovery - the idea being that anyone technical can walk in and rebuild an entire system from your docs.
Thanks for the link.
I don't get it. From what I can tell, they added
/etc/apt/sources.list.d/vscode.list
with a third-party MS repository . . . and that's it. You can now dosudo apt install code
and get VS Code installed. If you don't want VS Code, then don't install it. At worst, Microsoft gets a log entry of you downloading the package list every time you dosudo apt update
.I don't really like VS Code, myself, but it's becoming something of an industry standard. Even in environments that are otherwise Linux-based. Lots of my coworkers use it even though we deploy on Linux. Making it easier for students to install is understandable.
I'm also confused, and I say this as someone who uses Debian as their main driver.
Based on that URL, this only applies to RaspberryPi OS but you're in no way required to even use it.