Beware of Microsoft repro taking over your Pi

Loading thread data ...
Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW napis'o:
Thx for this one!
Reply to
Nikolaj Lazic
The article doesn't give the obvious solution, of simply editing the /etc/apt/sources.list file and removing the microsoft repo line.
My own view on this (and I don't run current versions of raspbian, I'm no fan boy), is that there is no malignant intent, they were careless and hadn't thought it through. As any follower of the rpi forums will know, they can be thin-skinned about criticism, and have got a bit defensive about this.
They are currently altering the repo priorities so that no package in the Raspberry Pi OS repo's can be installed by "accident" from the Micro$oft repo. - a very sensible precaution. It doesn't stop the call to the MS repo. every "apt update" though (unless you remove the repo from the sources.list file!).
Jim
Reply to
Jim Jackson
Op 08-02-2021 om 17:54 schreef TCW:
Also
formatting link
Reply to
A. Dumas
Just a bit, yeah..
Reply to
A. Dumas
Non-issue.
It's for VS Code. A bundled and IME a very useful application *.
Many other applications provide the same kind of telemetry for their developers to catch errors. I doubt it does anything unless ye run the program, which does self-update in normal use so it does need to know an Apt repository.
Even this program (thunderbird) has that. If you run it, you will notice T&C's to be agreed.
Should we ditch all connected applications because we don't understand them?
*
best thing MS ever wrote, IMO.
They even open sourced it. Apache Eclipse picked it up, and I use this browser based variant of it from docker running under node.js / electron.
formatting link
--
Adrian C
Reply to
Adrian Caspersz
Just fired up thunderbird for the first time on Linux desktop and there were no T&C's to be confirmed.
Reply to
Jim Jackson
Well, Linux and MS have never played nice together and even with Windows WSL/WSL2, there's obviousness to what MS is up to. I'm not putting on my tin hat just yet but MS didn't get to it's market share by being nice guys. Just my 2 cents.
Reply to
TCW
You may be right, but I have no idea what MS intentions are. My comments where just about the RPI people.
Reply to
Jim Jackson
And there we agree. =)
Reply to
TCW
When it crashes for the first time, you'll be be asked to confirm if you would like to submit developer logs.
--
Adrian C
Reply to
Adrian Caspersz
You are at least asked! I think Firefox does the same.
I noticed that thunderbird (v68) displays
formatting link

which of course gives them a heads up to the fact you have fired up thunderbird, and some extra info. - version, locale, OS, build and maybe (I assume) that it a debian build. I'd prefer to be asked before loading and displaying something from outside my box.
In preferences I didn't find anything to stop html emails loading remote content - the main way of tracking if you've read that commercial email you received. However, it appears that thunderbird does do the right thing there see
formatting link

"Remote Content in Messages
Email messages can contain remote content such as images or stylesheets. To protect your privacy, Thunderbird does not load remote content automatically, but instead shows a notification bar to indicate that it blocked remote content."
Thanks for making me look more at thunderbird; but I'll stick to my text only MUA.
Reply to
Jim Jackson
Plus, a relatively small open source project asking for crash logs is a bit different to bloody Microsoft being pinged every time you update your Pi.
Reply to
A. Dumas
Dana Tue, 9 Feb 2021 09:35:08 -0000 (UTC), Jim Jackson napis'o: [snip]
True. I only use my slrn to read news posts. :)
Reply to
Nikolaj Lazic
Ok, I goofed.
OK.
There is a lot more. If you open up "about:telemetry" in either firefox or thunderbird (via Help->Troubleshooting Information, look for telemetry data), you can openly see the depth of their data collection.
Actually, I'm somewhat bowled over how much detail is in the troubleshooting information screen for Thunderbird, which surely must make it easy for their developers to identify problems. Why wouldn't you give them that ability?
If you, say, have issues with identifying Linux audio cards - it may be an easy place to look!!!
Most other HTML mail clients do the same thing.
However, the original accusation is that a company that makes 'connected' applications, is doing it solely for nefarious reasons. I'm not really much sold on that.
No worries.
--
Adrian C
Reply to
Adrian Caspersz
In addition to the mitigation instructions near the bottom of that article, it should be possible to comment out the packages.microsoft.com line in /etc/apt/sources.list.d/vscode.list and make the file immutable. I did that earlier today, and it appeared to stick but not cause problems.
HTH
--
Robert Riches 
spamtrap42@jacob21819.net 
 Click to see the full signature
Reply to
Robert Riches
Yawn. If you don't install any packages from the repo you'll be fine. It seems to be stuff to do with moby.
--
Brian Gregory (in England).
Reply to
Brian Gregory

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.