Slashdot Mirror
Somebody Tried To Convince a Raspberry Pi Exec To Install Malware On Its Devices (softpedia.com)
An anonymous reader writes: Liz Upton, Director of Communications for the Raspberry Pi Foundation, has just published an email where someone was asking how much would it cost them for the Foundation to install malware on its devices in the form of a .EXE file. The email sender was asking for a PPI [price per install] quote.
Hey, free money. Not like the PI has any permanent storage so they'd just have to stick the file on some chip somewhere, where it can't really be accessed. Not that an .exe would even be executable.
Better yet - ship every Raspberry PI with an SD card labelled "Malware - Please execute immediately."
In the land of the blind, the one-eyed man is kinky.
So after reading the email, I would have to say this headline is sensationalist, and overall bad reporting. So much so that im actually making this post, which i have never done on /.
Nowhere are they asking them to install malware, or install it without the consumers consent. Essentially what they are asking is that their application be packaged with with the pi, and the user be asked to install the software. Basically the same thing most "freeware" on the internet does. He you want our app? What about this one and this one and this one to.
Ive dealt with representatives from foreign companies before, and their command of the English language is about as excellent as google translate will allow. You have to use your brain a little when reading them, but its usually fairly easy to understand and don't leap to conclusions to create headlines like this.
Windows 10 core running on Raspberry Pi is freely available from Microsoft.
How many people have actually installed it is a different issue entirely.
I thought it was common knowledge by now, but even the 2nd link states "Raspberry Pi devices can run Windows as well, not just Linux variants." So it's kind of like distributing a .exe for your Windows 10 machine..
Sure - install it on a Linux system and include in the documentation:
"Hey! We helped subsidize the cost of your device by including malware on it. If you really, really want to run it, you can install wine but without installing that framework or some sort of Windows emulator it will not run so we felt it is a safe choice to include on the system. It is located in /tmp and will be cleaned up by a cron job after a week, and it isn't marked as executable so even if it were a Linux executable it would not run without your adjusting permissions anyhow, but we urge you out of principle to do an 'rm /tmp/scumbag-sucker-malware.exe' at your first opportunity."
Offer it at a discounted price, and the malware-free version at the usual price. As a bonus dox the malware provider. ;)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Windows has a perfectly fine package manager. When you want to install a package you simply double click setup.exe and hit enter until the window disappears. Uninstalls are easy to, you just reinstall Windows and install every package except for the one you don't want.
Given that at least Lenovo installed such on new computers a while back I would not be surprised if many producers of computers did not get a lot of such proposals,
It's just a generic form-letter email that would have been sent to an auto-generated list of any number of systems integrators and anyone else that might possibly respond. That's how the bloatware that gets included in Windows PCs ends up on there, it could be describing SymantecNortonLenovoToshibaHuluNetflixCyberlinkDellSkype7ZipAccuweatherRealTek SuperEssentialClickOnMe.
In any case there's already a malware-installer "EXE file that installs a desktop shortcut, that when clicked redirects users to a specific website" for the Raspberry Pi.
As someone who has followed RasPi since the beginning, I trust Liz Upton. She has always provided plain, unadorned truth to the best of her knowledge.
If she says someone wanted to pay them to put shit in the ice cream, I believe her. That the approach was so bold suggests to me this was not an isolated event. What we old grumpy technologists need to do is hunt these creeps down and make sure no computer is ever loyal to them again.
Bent, folded, spindled, and mutilated.
Is it? Newer Linux distros typically come with systemd, which many users consider to be malware because it's unwanted and can have a very negative impact. So it's not like Linux is any better in reality, I'm sad to say.
Holy shit, why can't people shut up about systemd? You people seem to bring it up at EVERY single opportunity, even if it's REMOTELY related.
Since you brought it up....
Complaints about systemd are like complaints about the TSA -- richly deserved, but kind of pointless, because that shit is just not going away (until it gets superceded by something even worse).
Just making sure you don't forget how bad that shit is. Works OK'ish when everything works but damn what a pain in the ass to debug when a service fails to start ..... for some reason.
All our servers have switched to BSD. Should have done this a lot sooner since BSD just makes sense when you have worked with a various Linux distros over the years .... LSB was a good idea but no one gave a fuck.
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
Well, if googelig "jessie without systemd" and then reading about 10 lines in the debian wiki is too much effort for you, then you are right that it is "too difficult". On any competence level above "incometent" this should however be acceptable, and it requires neither dangerous commands, nor even looking at any non-Debian documentation.
Sure, that the installed does not offer it is a valid concern and I have criticized that in the past rather strongly. However claiming that it is hard or risky to get Debian to run without systemd is just opening up oneself to ridicule, because it is not. Now, if you want to remove udev to have no trace from the systemd-complex left, that would be somewhat difficult, but getting rid of systemd itself is not.
Make no misrtake, I am very much opposed to the default an the missing alternative in the installer, as I think systemd is not ready for prime-time, not universal enough to be the default and has some rather questionable software engineering decision it it. But attacking it with wrong claims is not going to work well.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.