Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW <> napis'o:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Thx for this one!

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-08, Nikolaj Lazic <nlazicBEZ_OVOGA@mudrac.ffzg.hr> wrote:

Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW <> napis'o:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Thx for this one!

The article doesn't give the obvious solution, of simply editing the /etc/apt/sources.list file and removing the microsoft repo line.

My own view on this (and I don't run current versions of raspbian, I'm
no fan boy), is that there is no malignant intent, they were careless
and hadn't thought it through. As any follower of the rpi forums will
know, they can be thin-skinned about criticism, and have got a bit
defensive about this.

They are currently altering the repo priorities so that no package in
the Raspberry Pi OS repo's can be installed by "accident" from the
Micro$oft repo. - a very sensible precaution. It doesn't stop the call
to the MS repo. every "apt update" though (unless you remove the repo
from the sources.list file!).

Jim

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 08/02/2021 16:54, TCW wrote:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Non-issue.

It's for VS Code. A bundled and IME a very useful application *.

Many other applications provide the same kind of telemetry for their
developers to catch errors. I doubt it does anything unless ye run the
program, which does self-update in normal use so it does need to know an
Apt repository.

Even this program (thunderbird) has that. If you run it, you will notice
T&C's to be agreed.

Should we ditch all connected applications because we don't understand them?


* best thing MS ever wrote, IMO.

They even open sourced it. Apache Eclipse picked it up, and I use this
browser based variant of it from docker running under node.js / electron.

https://theia-ide.org/

--
Adrian C

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

Op 08-02-2021 om 17:54 schreef TCW:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Also https://www.reddit.com/r/linux/comments/lbu0t1/microsoft_repo_installed_on_all_raspberry_pis/

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-08 18:43, Jim Jackson wrote:

As any follower of the rpi forums will
know, they can be thin-skinned about criticism,

Just a bit, yeah..

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-08, Adrian Caspersz <email@here.invalid> wrote:

Even this program (thunderbird) has that. If you run it, you will notice T&C's to be agreed.

Just fired up thunderbird for the first time on Linux desktop and
there were no T&C's to be confirmed.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2/8/2021 11:43 AM, Jim Jackson wrote:

On 2021-02-08, Nikolaj Lazic <nlazicBEZ_OVOGA@mudrac.ffzg.hr> wrote:

Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW <> napis'o:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Thx for this one!

The article doesn't give the obvious solution, of simply editing the /etc/apt/sources.list file and removing the microsoft repo line.

My own view on this (and I don't run current versions of raspbian, I'm
no fan boy), is that there is no malignant intent, they were careless
and hadn't thought it through. As any follower of the rpi forums will
know, they can be thin-skinned about criticism, and have got a bit
defensive about this.

They are currently altering the repo priorities so that no package in
the Raspberry Pi OS repo's can be installed by "accident" from the
Micro$oft repo. - a very sensible precaution. It doesn't stop the call
to the MS repo. every "apt update" though (unless you remove the repo
from the sources.list file!).

Jim

Well, Linux and MS have never played nice together and even with Windows WSL/WSL2, there's obviousness to what MS is up to. I'm not putting on my
tin hat just yet but MS didn't get to it's market share by being nice
guys. Just my 2 cents.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-08, TCW <> wrote:

On 2/8/2021 11:43 AM, Jim Jackson wrote:

On 2021-02-08, Nikolaj Lazic <nlazicBEZ_OVOGA@mudrac.ffzg.hr> wrote:

Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW <> napis'o:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Thx for this one!

The article doesn't give the obvious solution, of simply editing the
/etc/apt/sources.list file and removing the microsoft repo line.

My own view on this (and I don't run current versions of raspbian, I'm
no fan boy), is that there is no malignant intent, they were careless
and hadn't thought it through. As any follower of the rpi forums will
know, they can be thin-skinned about criticism, and have got a bit
defensive about this.

They are currently altering the repo priorities so that no package in
the Raspberry Pi OS repo's can be installed by "accident" from the
Micro$oft repo. - a very sensible precaution. It doesn't stop the call
to the MS repo. every "apt update" though (unless you remove the repo
from the sources.list file!).

Jim

Well, Linux and MS have never played nice together and even with Windows WSL/WSL2, there's obviousness to what MS is up to. I'm not putting on my
tin hat just yet but MS didn't get to it's market share by being nice
guys. Just my 2 cents.

You may be right, but I have no idea what MS intentions are. My comments
where just about the RPI people.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2/8/2021 3:52 PM, Jim Jackson wrote:

On 2021-02-08, TCW <> wrote:

On 2/8/2021 11:43 AM, Jim Jackson wrote:

On 2021-02-08, Nikolaj Lazic <nlazicBEZ_OVOGA@mudrac.ffzg.hr> wrote:

Dana Mon, 8 Feb 2021 10:54:30 -0600, TCW <> napis'o:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Thx for this one!

The article doesn't give the obvious solution, of simply editing the
/etc/apt/sources.list file and removing the microsoft repo line.

My own view on this (and I don't run current versions of raspbian, I'm
no fan boy), is that there is no malignant intent, they were careless
and hadn't thought it through. As any follower of the rpi forums will
know, they can be thin-skinned about criticism, and have got a bit
defensive about this.

They are currently altering the repo priorities so that no package in
the Raspberry Pi OS repo's can be installed by "accident" from the
Micro$oft repo. - a very sensible precaution. It doesn't stop the call
to the MS repo. every "apt update" though (unless you remove the repo
from the sources.list file!).

Jim

Well, Linux and MS have never played nice together and even with Windows
WSL/WSL2, there's obviousness to what MS is up to. I'm not putting on my
tin hat just yet but MS didn't get to it's market share by being nice
guys. Just my 2 cents.

You may be right, but I have no idea what MS intentions are. My comments where just about the RPI people.

And there we agree. =)

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 08/02/2021 19:45, Jim Jackson wrote:

On 2021-02-08, Adrian Caspersz <email@here.invalid> wrote:

Even this program (thunderbird) has that. If you run it, you will notice
T&C's to be agreed.

Just fired up thunderbird for the first time on Linux desktop and
there were no T&C's to be confirmed.

When it crashes for the first time, you'll be be asked to confirm if you
would like to submit developer logs.

--
Adrian C

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-09, Adrian Caspersz <email@here.invalid> wrote:

On 08/02/2021 19:45, Jim Jackson wrote:

On 2021-02-08, Adrian Caspersz <email@here.invalid> wrote:

Even this program (thunderbird) has that. If you run it, you will notice >>> T&C's to be agreed.

Just fired up thunderbird for the first time on Linux desktop and
there were no T&C's to be confirmed.

When it crashes for the first time, you'll be be asked to confirm if you would like to submit developer logs.

You are at least asked! I think Firefox does the same.

I noticed that thunderbird (v68) displays

https://live.thunderbird.net/thunderbird/start?locale=en-US&version=68.11.0&channel=default&os=Linux&buildid=20200721201500

which of course gives them a heads up to the fact you have fired up thunderbird, and some extra info. - version, locale, OS, build and maybe
(I assume) that it a debian build. I'd prefer to be asked before loading
and displaying something from outside my box.

In preferences I didn't find anything to stop html emails loading remote content - the main way of tracking if you've read that commercial email
you received. However, it appears that thunderbird does do the right thing there see

https://support.mozilla.org/en-US/kb/remote-content-in-messages

"Remote Content in Messages

Email messages can contain remote content such as images or stylesheets.
To protect your privacy, Thunderbird does not load remote content automatically, but instead shows a notification bar to indicate that it
blocked remote content."

Thanks for making me look more at thunderbird; but I'll stick to my
text only MUA.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 09-02-2021 10:35, Jim Jackson wrote:

On 2021-02-09, Adrian Caspersz <email@here.invalid> wrote:

On 08/02/2021 19:45, Jim Jackson wrote:

On 2021-02-08, Adrian Caspersz <email@here.invalid> wrote:

Even this program (thunderbird) has that. If you run it, you will notice >>>> T&C's to be agreed.

Just fired up thunderbird for the first time on Linux desktop and
there were no T&C's to be confirmed.

When it crashes for the first time, you'll be be asked to confirm if you
would like to submit developer logs.

You are at least asked!

Plus, a relatively small open source project asking for crash logs is a
bit different to bloody Microsoft being pinged every time you update
your Pi.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

Dana Tue, 9 Feb 2021 09:35:08 -0000 (UTC), Jim Jackson <jj@franjam.org.uk> napis'o:
[snip]

Thanks for making me look more at thunderbird; but I'll stick to my
text only MUA.

True. I only use my slrn to read news posts. :)

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 09/02/2021 09:35, Jim Jackson wrote:

On 2021-02-09, Adrian Caspersz <email@here.invalid> wrote:

On 08/02/2021 19:45, Jim Jackson wrote:

On 2021-02-08, Adrian Caspersz <email@here.invalid> wrote:

Even this program (thunderbird) has that. If you run it, you will notice >>>> T&C's to be agreed.

Just fired up thunderbird for the first time on Linux desktop and
there were no T&C's to be confirmed.

Ok, I goofed.

When it crashes for the first time, you'll be be asked to confirm if you
would like to submit developer logs.

You are at least asked! I think Firefox does the same. >
I noticed that thunderbird (v68) displays

https://live.thunderbird.net/thunderbird/start?locale=en-US&version=68.11.0&channel=default&os=Linux&buildid=20200721201500

which of course gives them a heads up to the fact you have fired up thunderbird, and some extra info. - version, locale, OS, build and maybe
(I assume) that it a debian build. I'd prefer to be asked before loading
and displaying something from outside my box.

OK.

There is a lot more. If you open up "about:telemetry" in either firefox
or thunderbird (via Help->Troubleshooting Information, look for
telemetry data), you can openly see the depth of their data collection.

Actually, I'm somewhat bowled over how much detail is in the
troubleshooting information screen for Thunderbird, which surely must
make it easy for their developers to identify problems. Why wouldn't you
give them that ability?

If you, say, have issues with identifying Linux audio cards - it may be
an easy place to look!!!

In preferences I didn't find anything to stop html emails loading remote content - the main way of tracking if you've read that commercial email
you received. However, it appears that thunderbird does do the right thing there see

https://support.mozilla.org/en-US/kb/remote-content-in-messages

"Remote Content in Messages

Email messages can contain remote content such as images or stylesheets.
To protect your privacy, Thunderbird does not load remote content automatically, but instead shows a notification bar to indicate that it blocked remote content."

Most other HTML mail clients do the same thing.

However, the original accusation is that a company that makes
'connected' applications, is doing it solely for nefarious reasons. I'm
not really much sold on that.

Thanks for making me look more at thunderbird; but I'll stick to my
text only MUA.

No worries.

--
Adrian C

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 2021-02-08, TCW <> wrote:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

In addition to the mitigation instructions near the bottom of
that article, it should be possible to comment out the
packages.microsoft.com line in
/etc/apt/sources.list.d/vscode.list and make the file immutable.
I did that earlier today, and it appeared to stick but not cause
problems.

HTH

--
Robert Riches
spamtrap42@jacob21819.net
(Yes, that is one of my email addresses.)

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

On 08/02/2021 16:54, TCW wrote:

https://betanews.com/2021/02/08/linux-based-raspberry-pi-os-secret-microsoft-repo/

Yawn.
If you don't install any packages from the repo you'll be fine.
It seems to be stuff to do with moby.

--
Brian Gregory (in England).

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)