Is Microsoft Spying on your Raspberry Pi?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

a couple weeks ago i noticed when running apt-get upgrade on one of my pi projects that a new repository was added it was a little bit odd because linux distributions don't typically inject new repositories like this and it was even stranger because this particular repository was for vs code from microsoft a number of people started asking me about this on twitter and elsewhere so i thought i'd go over the situation in this video it's especially appropriate since the pi foundation just posted an article on their blog about visual studio code coming to the raspberry pi but that post didn't address any of the controversy surrounding this change so what happened exactly and why are people angry well in late 2020 microsoft released a version of vs code their popular mostly open source code editor for the raspberry pi then in early february this year the raspberry pi os team added an automatic update that installs microsoft's gpg key and a microsoft repo source on all raspberry pi's running pios now whenever someone on pios runs apt update the pi will reach out and check microsoft's app server for any updates vs code is not installed by default at least not yet and i hope it won't be especially on the lite version of ios and the amount of data microsoft can get from this apt configuration is minimal but that's not really the main concern people have with this action first let's talk about vs code there are some concerning things there from purely a philosophical perspective by default it has telemetry that sends out system and usage information to microsoft if you install it this telemetry is annoying at best and concerning if you care about privacy the telemetry can be disabled but most people would rather have it be opt-in versus opt-out worse than that vs code source code is open source but the binary you install is not since it includes some extra bits that are only built in by microsoft outside of their public source tree this makes vs code non-free software and the fact that it's not marked that way by being marked as a non-free app repository is against the norm for linux packaging at least in the debian world many in the community pointed out that vs codium is truly open source end to end and would be a worthy inclusion in the free and open source spirit there aren't any giant corporations pushing that project so why not include vs codium in the default repositories and recommend people install it instead well i know microsoft would love to have more inroads into the educational computing community since right now they're practically invisible in the makerspace vs code on the pi could allow them to more directly integrate microsoft services like azure iot into people's projects thus making it less appealing to use competing iot services like those from amazon i won't speculate on the relationship microsoft has with the raspberry pi foundation or raspberry pi trading ltd but i'm guessing there is some incentive for microsoft besides just goodwill especially considering the official raspberry pi blog post showing how to use vs code on the pi was penned by a senior cloud advocate from microsoft who's involved in promoting azure's iot platform but why did people get so fired up about this it's the raspberry pi foundation's right to add software they believe will be well used and loved by their users right well like i said many pi users noticed a microsoft repository being added to their raspberry pi's unannounced and when they followed the breadcrumbs back to the raspberry pi sysmod's github repository the code that did the automatic push wasn't even present for further auditing until days after this whole thing happened what's more when users posted their concerns to the raspberry pi forums many threads about the situation were locked or deleted and to be fair to the forum moderators if someone posts a heated message that adds some extra fuel to add to conspiracy theories or creates a hostile message that isn't particularly fair to everyone involved i can understand removing those messages but legitimate questions were also removed like why was the repository being added with no prior announcement or opt-out instructions or why was the repository not being marked as non-free since it contains a proprietary application from microsoft and sure you can just not install the s-code but the apt repo is still pushed to your pi unless you explicitly ignore it which is hard to do if you don't know it's actually coming it doesn't help though when someone asked eben upton about the situation on twitter this was his take on the situation he said i can't understand why you think this was a controversial thing to do we do things of the sort all the time without putting out a blog post about how to opt out now i can't imagine someone like even who's been in the industry for years not seeing what's controversial about something from microsoft being automatically added to a linux os without any user interaction or prior warning sure microsoft's been coming around to the open source way slowly but surely but pios is built on linux and most in the linux community aren't willing to give microsoft a free pass they have to earn their standing in the open source community and pushing non-free software into educational linux based computers isn't the way finally many people argue you're fine with android and alexa collecting all your information so why not microsoft not only is that a false equivalence many who share these concerns don't use alexa or android for exactly that reason so don't argue that because some popular products from google and amazon don't respect people's privacy microsoft should get a free pass now reeling things back in there are some people making a mountain out of a molehill i don't think the pi foundation has any nefarious plans here and i don't think microsoft is going to be injecting software in pies anytime soon hopefully assuming the best intent i can see the argument for vs code being one of the most popular and accessible code editors and the desire to have it easily available to anyone using a raspberry pi i've run a local development survey for the drupal community for three years now and it's amazing how quickly vs code has surpassed all but one or two other code editors in usage at least for web-based projects from the raspberry pi foundation's perspective vs code is one of if not the most popular code editors and making it easy to install on the raspberry pi is a worthy goal if you want people to consider using the pi as their main computer and it's not like the pi foundation is scot-free in terms of being 100 free and open source pies still require a closed source binary blob for its boot process and things like the gpu and that's been a thorn in the side of the pi open source community for many years as a pragmatic programmer i understand the motivations behind this inclusion but it does erode some of the trust i have in the pi foundation to be good stewards of raspberry pi os it's not that hard to teach someone the three or four terminal commands to add a third party repository to the raspberry pi and i'd much rather the pi foundation teach people that new knowledge then force a repository on everyone will i still use raspberry pi os yes i'm using both the 32-bit and 64-bit versions every day for a lot of different projects but will this action cause me to consider ubuntu for pi or any of the other arm linux builds more often most definitely before i wrap up i'll show you how you can remove all this microsoft stuff from your raspberry pi if you're running raspberry pi os run these three commands which are also in the video's description for you to copy and paste these commands remove the vs code repository and microsoft's gpg key and then update your apt caches to make sure there are no traces left so to wrap things up the raspberry pi foundation's mission is education and they've been focused on simplicity and targeting the mainstream in what they do focusing solely on pure free and open source software can lead to missed opportunities but it does also taint the message of being good stewards in the open source community i'm mixed on this decision i'd much rather the pi foundation give people the knowledge of how to install vs code or other applications like it by teaching them how to use apt to install it instead of forcing a new repo for a tool that relatively few pies will ever get installed but could microsoft and raspberry pi collaborate on something together that would actually be interesting to me well what if microsoft let me run windows for arm on the raspberry pi microsoft already allows windows on tiny underpowered intel-based sbcs so why can't i legally run windows for arm on the pi and why not give people a free license when using it for education or hobby work the ball's in your court microsoft until next time i'm jeff gearling i can't see any reason why people would be angry about this video is against the norm for linux packaging at least oh i love me some raspberry pi that's probably not right to put in somebody's walk around upstairs which are also in the videos i'm mixed on this decision decision targeting computer well that went well

Info

Channel: Jeff Geerling

Views: 109,697

Rating: undefined out of 5

Keywords: raspberry pi, foundation, ltd, trading, company, microsoft, code, vscode, visual studio code, visual studio, open source, free, foss, oss, software, licensing, debian, raspbian, raspberry pi os, pi os, license, non-free, repository, repo, gpg, key, inject, malware, distribute, ms, vscodium, rpi

Id: OnA_s9IBSmA

Channel Id: undefined

Length: 9min 9sec (549 seconds)

Published: Mon Feb 15 2021