nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Raspberry Pi sours thanks to mining malware

WTF?

Uh, that looks more like a typical crypt password hash (in this case SHA-512) rather than an actual password.

It's a shame this worm is even a thing; recent-ish Raspbian versions warn you every time you login via SSH if you retain the default password.

I'd have expected that most folks knowledgeable enough to get a public IP directly to their Pi (even if via port forwarding) should know better, but I guess you learn something every day.

31
0
Silver badge

"recent-ish Raspbian versions warn you every time you login via SSH if you retain the default password."

Also, IIRC, Raspbian ships with sshd off by default. Turning it on is an option in the raspi-config script. It wouldn't be difficult to add a step to the script to require a password change at the same time.

There are probably conflicting requirements here. While we - and, I'm sure, the Raspbian team - know that this would be a Good Thing the device is aimed at youngsters and it's quite likely that they'd lock themselves out by forgetting the password. However, flashing a new card would be a quick fix for that.

9
0
Silver badge

Bah!

Nonono, this has been disproved on any number of El Reg comment threads per various nice Mac users; malwear and virus writers only target inferior machines with inferior operating systems. Sheer target count is of no importance whatsoever.

17
8
Anonymous Coward

Re: Bah!

Those nice Mac users who conveniently forget the regular results of the zero day hacking competitions

4
1
Silver badge
Headmaster

Re: Bah!

"Malwear"? I think you mean "malware." Although I've seen a fair number of examples of "malwear" at the mall.

10
1
Bronze badge

Re: Bah!

There are technical reasons why the Unix used on Mac is more secure than Linux.

There are quality reasons why Mac is more secure than Windows.

There are enough people with malicious intent toward Apple and its users to mount attacks - but they go for the low-hanging fruit. Apple's response to any breach would be quick.

Now playing around with Pi is great for hobbyists and nice a cheap. You can load Linux on it. But keep it off the net and don't use it for serious work where you need security.

The cost of a computer system is not the hardware - it is the software. People think they can get that for free, but won't get the protection. You get what you pay for. Software and end-user requirements should be the drivers of the industry - not hardware and prices.

1
15
Anonymous Coward

Re: Bah!

"There are technical reasons why the Unix used on Mac is more secure than Linux."

Care to enumerate ?

7
0
Bronze badge

Re: Bah!

Yes those expensive chips which can have their firmware updated coupled with CPU virtualisation is not the issue, if the malware can hack your bios, switch on CPU virtualisation and then load itself up before the main OS.

Probably explains why Stuxnet, Duqu, BadBios to name just a few names given to a suite of malicious code that exploits the unfiltered USB bus and direct hardware access provided by CPU virtualisation.

https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

HD firmware updates some going back to the 90's http://files.hddguru.com/index.php

Bios https://www.coreboot.org/

Just how many lines of machine code does it take to inject a jump to load malicious code stored elsewhere in a system where most of its USB devices like printers with updatable firmware are always plugged in?

How much spare space is on a chip allowing for any future updates?

How can your Antivirus system scan for malicious code if its stored on the chips?

Have you got a bios which can not be updated from the OS?

Software or rather the OS is just one part of the problem when you can so easily update the firmware on your chips. Long gone are the days when you had to peel the label off and expose the quartz window to UV light to blank an EEPROM before placing it in an offline programmer to reflash it.

Sometimes convenience has its pitfalls!

Question is, who is behind this malware that targets so many cpu's using different instruction sets?

3
0

Re: Bah!

The Mac uses a BSD base. Maybe nor more secure, but it is different. I can see how Linux might be bit less secure for other reasons but Windows is the existence proof for closed source not being safer.

2
1
Bronze badge

Re: Bah!

>>"There are technical reasons why the Unix used on Mac is more secure than Linux."

Care to enumerate ?<<

Yes, Linux trades off security for speed. IPC is the critical factor in security. For speed, Linux allows processes to communicate directly. In MacOS, based on Darwin with the Mach Kernel, all IPC is by default brokered through Mach and checked. Apple has some exceptions for speed. But they are the exceptions - in Linux they are the norm.

Now that is not a bad thing, but in Linux you must manage and ensure your system is protected. That is alright for servers where professionals run them and are carefully about what gets installed. End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

You did not ask about why I should say "There are quality reasons why Mac is more secure than Windows" - I guess that one is obvious!

1
8
Silver badge

Re: Bah!

"Now playing around with Pi is great for hobbyists and nice a cheap. You can load Linux on it. But keep it off the net and don't use it for serious work where you need security."

Are you really suggesting that using a Pi properly is in any way riskier than anything else *?. Good practice is what is necessary (combined with updated software). No computer is likely to be 'safe' when used incorrectly. I use ssh to access my systems from outside ( and only ssh) through an unusual port with an unusual username and certificates to reach both a pi and x86 on my home network. I'm conscious that two points are worst than one so I'm planning to have the Pi as the only access point.

Connecting your system to the internet requires some knowledge - education is necessary to discourage naive users from doing so.

* commonly available hardware.

2
0
Silver badge

Re: Bah!

> End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

Linux distro makers test the 'apps' for them and puts these in the repository - so really, end users are doubly protected.

4
0
Silver badge
Boffin

Re: Bah!

There are technical reasons why the Unix used on Mac is more secure than Linux.

Wot, like Macs having default admin:password login for the shell (maybe even no password, just ssh root@ip being enough, ICBRIW), having NOTHING in the GUI to change that, having SSH open by default (so all one needed was the IP and ability to use ssh)*, as in wide open with the Mac's GUI-using user not only unable to change anything without going to a terminal, but not even knowing that there was an issue, and not being able to change the password via the GUI's password manager (even though it said it was changing the administrator passwords)

Macs are generally more secure than Windows (but so is a wide open door!), but they've had some pretty horrifying security flaws in their time - stuff that'd make MS security devs weep with envy! **

The cost of a computer system is not the hardware - it is the software. People think they can get that for free, but won't get the protection. You get what you pay for.

Er, I'm pretty sure you can download and install OSX (anyversion) for free, with just an Apple ID and hardware to run it on (though I've only ever done it for Macs not PC's so maybe there's something in the HW requirements). So long as your box will run OSX you can download newer versions for free as well. But with Windows you have to pay a fair bit for each install, and each new version (generally - GWX aside). So by your logic, Windows must be better than Mac[scuse me while I puke just for saying those words!] because you pay a lot more for the OS!

*This was back sometime from 2006-2008, on at least one version of OSX, no idea if it's been fixed since.

** I'm sure MS's security devs think their job is to add more rediculous security flaws into the system, eg the recent Defender bugs, or the lack of testing on SMB allowing WC to get through, etc etc etc etc etc etc etc etc etc etc etc etc etc etc etc etc etc ***

*** Yes, I'm good at multitasking. I can bash Apple and MS security stupidity in the same post, all while conveniently ignoring the rest of the OS worlds!

0
0
Silver badge

Re: Bah!

End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

Rubbish. Absolute ejected-from-a-bull's-arse rubbish.

mac.softpedia.com

download.cnet.com/apps/mac/

en.softonic.com/mac

What's this about Apple "testing all the apps" hmm? Just 3 of a huge many rather untrustworthy places that have software for Macs. There's also a places I'd happily download software for WinXP from that also let you get stuff for Macs, and maybe the majority are trustworthy maybe not. But there is NOTHING stopping a Mac user from visiting a dodgy website, downloading a dodgy program, and installing it.

Stuff for Linux in general comes from a repository, and I teach converts to either use stuff in the standard repos or give me a call first. Have only once had one of those calls. Last I checked (just after I started this reply) apple.com comes a few down the list for "firefox for mac" on Google, takes the top spot for "safari for mac" but the next 3 are malware sites. Some other software searches give better results (for Apple), but they don't support my argument so I'll gloss over them, but several others also put malware sites higher in the results than Apple. Unless you can convince people to look for official sites rather than the top billed, they'll get stung.

Disclaimer : Last time I looked at the sites linked above they were quite bad for PUPs, bundled adware, and a number of other nasties that may not quite be classified as "virus" and by some not even as "malware", but still bad, and in a few cases the adware/etc was known to either open up other security holes or download other stuff that was even worse. That was over a year ago and one or more of these sites may've cleaned up their act since then, in which case I apologise for saying they're malware distributors and invite them to publicly challenge my statements on this forum, with evidence of them cleaning up their act.

2
0
Bronze badge

Re: Bah!

"Are you really suggesting that using a Pi properly is in any way riskier than anything else *?"

Yes. The Pi is meant for playing around or research into future systems. It is a good and cheap platform for that, but don't expect too much of it.

"No computer is likely to be 'safe' when used incorrectly."

That is why well-designed systems come with built in checks to make sure you don't use them incorrectly. So yes, you can attempt to do incorrect things and be stopped. The quicker you are stopped the better.

"Connecting your system to the internet requires some knowledge - education is necessary to discourage naive users from doing so."

That is the wrong approach. Computers are now widely used because we don't demand that end users need education to run systems correctly. Why should 'naive' users not use the Internet? That is exactly what they should do - the onus is on the system providers to make sure their systems are safe - at least as safe as possible.

On the other hand, I think it is the naivety of the software community that we should be wary of in their 'trust the programmer' attitudes. No you can't trust programmers - that is naive.

0
5
Bronze badge

Re: Bah!

'Linux distro makers test the 'apps' for them and puts these in the repository - so really, end users are doubly protected.'

Not sure what you mean here. Linux distributions test Linux and apps in the base release, but I don't think apps in general.

0
3
Bronze badge

Re: Bah!

"Wot, like Macs having default admin:password login for the shell (maybe even no password, just ssh root@ip being enough, ICBRIW), having NOTHING in the GUI to change that, having SSH open by default (so all one needed was the IP and ability to use ssh)*"

Sounds like you have not tested it since 2008. At one point there was no root UC. I have not heard that they brought it back.

"Er, I'm pretty sure you can download and install OSX (anyversion) for free"

Yes, but the cost of the system is the software. That software does not come for free. It is built into to cost of the box you buy. So while you might get the software installed originally for free, and get free upgrades, that has little to do with the actual cost.

0
5
Bronze badge

Re: Bah!

"End users just download whatever app they feel like. Of course Apple tests the apps for them - so really end users are doubly protected.

What's this about Apple "testing all the apps" hmm? Just 3 of a huge many rather untrustworthy places that have software for Macs"

Yes, you are right - my comments were about iOS, not about Macs. I was replying a bit out of context on that count. I don't know if I'd support MacOS going to the same strict controls as iOS.

1
2
Silver badge
Thumb Up

Re: Bah!

Yes, you are right - my comments were about iOS, not about Macs. I was replying a bit out of context on that count. I don't know if I'd support MacOS going to the same strict controls as iOS.

Oh, in that case I "withdraw my objection" at least in part (my understanding is the Apple app store is much better than Android for security, however my knowledge in these matters is rather limited!)

Thank you for the clarification.

2
1
Silver badge

Re: Bah!

'Linux distro makers test the 'apps' for them and puts these in the repository - so really, end users are doubly protected.'

Not sure what you mean here. Linux distributions test Linux and apps in the base release, but I don't think apps in general.

Everything in the standard repositories is tested and approved either by the distro maker or by someone they trust.

You can install software from outside sources (including the same 3 sites I listed in an earlier message), but in general using the "software manager" makes that unnecessary. I believe I've heard that it could be done with IOS as well, but ICBW

1
0
Silver badge

Re: Bah!

"Wot, like Macs having default admin:password login for the shell[..]*"

Sounds like you have not tested it since 2008. At one point there was no root UC. I have not heard that they brought it back.

True, I haven't looked for that in a long time.

"Er, I'm pretty sure you can download and install OSX (anyversion) for free"

Yes, but the cost of the system is the software. That software does not come for free. It is built into to cost of the box you buy. So while you might get the software installed originally for free, and get free upgrades, that has little to do with the actual cost.

I can (and have) installed OSX into a VM running on Linux. Think it was Mountain Lion IIRC but was a few years back. From what I could tell I was perfectly legitimately doing the installation (which was to test AV options for a customer), and nothing in the license prevented that (nothing I saw anyway, but if you've ever read an OS license you can understand how stuff could be missed in one reading by a non-lawyer). Unless that has changed, I could repeat the exercise should I desire to. My VM manager appears to support it fairly directly even.

IOW, I can have a machine running OSX that costs nothing but the time to get OSX installed in a VM. I've heard the term "hackintosh" as well which I guess refers to running OSX on generic PC hardware, but outside of my area of play.

0
0
Silver badge

Re: Bah!

> Not sure what you mean here. Linux distributions test Linux and apps in the base release, but I don't think apps in general.

This was in response to someone saying the same about Apple in a message about MacOS that was saying it was more secure because Apple tested stuff (when it seems he was confusing it with iOS).

In fact with Linux there are _thousands_ of programs in the distro's repository so there is little need to look for alternate sources that may be insecure, and zero need for WareZ.

2
0
Silver badge

Re: Bah!

> Yes. The Pi is meant for playing around or research into future systems. It is a good and cheap platform for that, but don't expect too much of it.

The Pi is running exactly the same operating system as is run on anything from phones and embedded devices to supercomputers. It is no more riskier than any other computer, and a lot less than many.

> That is why well-designed systems come with built in checks to make sure you don't use them incorrectly.

Who is it that defines what is 'incorrect' ?

2
0
Bronze badge

Re: Bah!

Richard Plinston: "Who is it that defines what is 'incorrect' ?"

What is correct and incorrect is decided by the system designer. Is is related to GIGO - Garbage In, Garbage Out - except we'd rather trap the garbage in and not do the computation.

This a very very important design step in any system. Define the constraints and the axioms (rules) by which the system works. It is essential documentation for understanding the system. Most programmers know of such axioms for correctness as preconditions and postconditions or assertions.

This is fundamental to software correctness and well designed systems.

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

If you haven't decided what is incorrect and conversely correct, you don't really have a system design.

0
4
Silver badge

Re: Bah!

"Computers are now widely used because we don't demand that end users need education to run systems correctly. "

Computers are now widely abused because we don't demand that end users need education to run systems correctly.

But seriously, at the present time no computer can be considered 'safe' without the user having some knowledge of the risk - no different to the rest of life really.

0
0
Bronze badge

Re: Bah!

Chemist: "Computers are now widely abused because we don't demand that end users need education to run systems correctly."

Well, either computers can be used by everyone or reserved for some high priesthood with special powers.

How much education should end users need? I do my bit for educating computer scientists, but the whole point is they learn abstraction - that is don't pass on the details to upper levels.

While I encourage people to understand all levels of computing, it should not be necessary - and if it is, we have not done our jobs properly.

Yes, we can educate users to some level - do backups, etc. But we should not depend on that, or them to do it, and then go 'oh, it was the user's fault'. That is blaming the victim.

0
4
Silver badge

Re: Bah!

"While I encourage people to understand all levels of computing, it should not be necessary - and if it is, we have not done our jobs properly."

The point is that it is necessary however much you'd like it not to be. I don't think I'd be too happy with an unskilled bus/car/train driver.

And that's before we take into account simple scamming/phishing by computer/phone or mail. We can't design/legislate for a risk-free world - people have to have an awareness of risk whatever activity is undertaken.

2
0
Silver badge

Re: Bah!

> What is correct and incorrect is decided by the system designer.

Then you don't understand what is meant by the term 'general purpose computer'. You want to have systems that are rigidly 'special purpose' and anything not specifically allowed by the 'designer' should be considered 'incorrect' and thus not allowed.

2
0
Bronze badge

Re: Bah!

Chemist: "The point is that it is necessary however much you'd like it not to be. I don't think I'd be too happy with an unskilled bus/car/train driver."

Altogether different. Passengers on the train don't need to train as a train driver in order to catch the train. So why should computer end users be required to be trained in computer science, or programming, or unix systems admin in order to use a computer. They don't.

That is abstraction - you don't need to know the details of lower layers.

Of course all users need some kind of knowledge, they do need to know some basic security practices. But even us 'experts' in security know it is much to big a subject to know everything. It is negligent on the part of systems vendors to not build security into their systems but to say the user must know what they are doing. That attitude should soon be seen as criminally negligent.

0
4
Bronze badge

Re: Bah!

Richard Plinston: "Then you don't understand what is meant by the term 'general purpose computer'. You want to have systems that are rigidly 'special purpose' and anything not specifically allowed by the 'designer' should be considered 'incorrect' and thus not allowed."

I certainly understand what is meant by 'general-purpose computer' and Universal Turning Machine. Yes, something without constraints you can do anything with - but it is exactly that power that makes them completely useless. To put other useful machines on top, you define the constraints that make them into those other machines. I suggest you read Roy Fielding's thesis which starts with the null architecture - no constraints and introduces constraints until we arrive at a useful paradigm.

https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf

Also read Tony Hoare's writings on axiomatic programming. Here's one:

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

I'll repeat - what is correct and incorrect is decided by the system designer - that is the whole basis of computer systems design.

0
4
Silver badge

Re: Bah!

"Passengers on the train don't need to train as a train driver in order to catch the train."

You miss the point. Any group of people using a particular technology need some in-depth knowledge to use it safely. I did, by the way, include driving a car which is a near ubiquitous 'skill' which in most places requires examination.

I don't expect the average user to be a security expert just to have an awareness of the basics od on-line safety. You certainly can't expect the technology to cope with all the diversity of attacks from the sophisticated to the banal.

On the other hand if you want to do something more unusual, but still reasonable, like give yourself access to your home network from outside then you do need to understand what you're doing or take advice.

3
0
Bronze badge

Re: Bah!

Chemist: "You miss the point. Any group of people using a particular technology need some in-depth knowledge to use it safely. I did, by the way, include driving a car which is a near ubiquitous 'skill' which in most places requires examination."

No, I don't miss the point at all. The point was wrong. Now we are close to having self-driving cars. What you are saying is that passengers in such a car should not only know how to drive that car, but be experts in mechanics as well.

Chemist:" I don't expect the average user to be a security expert just to have an awareness of the basics od on-line safety. You certainly can't expect the technology to cope with all the diversity of attacks from the sophisticated to the banal."

That is exactly what I expect the technology to do. We can program computers to do anything - why not stop security attacks - or better still, make the systems strong in the first place. Hacks are very, very sophisticated. We must design systems that protect the user. How do you expect the user "to cope with all the diversity of attacks from the sophisticated to the banal." It is much better to expect the technology to do that.

Chemist: "On the other hand if you want to do something more unusual, but still reasonable, like give yourself access to your home network from outside then you do need to understand what you're doing or take advice."

OK, that almost makes sense. But at the right level of abstraction. Users need to know to set passwords, etc. But maybe other authentication factors are required, like fingerprints, etc that the system prompts them for. This must be built into the technology.

0
3
Silver badge

Re: Bah!

"Now we are close to having self-driving cars. What you are saying is that passengers in such a car should not only know how to drive that car,"

Of course they'll need to able to drive - I guess it will be years before self-driving cars become trully autonomous

"We can program computers to do anything - why not stop security attacks "

You must be having a laugh now. The one thing we know is that bugs exist - where have you seen a software system that is perfect. (see the point about cars above"

"Hacks are very, very sophisticated"

Some are, some are trivial or even accidental . Many of the big 'hacks' have been by people with little skill but a lot of persistence.

2
0
Bronze badge

Re: Bah!

>>Of course they'll need to able to drive - I guess it will be years before self-driving cars become trully autonomous<<

Well, in future I'm going to ask any one I give a lift to whether they can drive or not. 'Can't drive - you're out of luck, can't come in my car'.

>>You must be having a laugh now. The one thing we know is that bugs exist<<

No laugh at all. Yes bugs exist - they can be exploited, but when we find an exploit, we patch to close that hole. That is reactive security.

I've already posted this link for someone else, but please go and read and digest and thoroughly understand the axiomatic approach to system design and programming:

https://www.cs.cmu.edu/~crary/819-f09/Hoare69.pdf

Proactive security says we put security into the system to begin with. We think about it and build systems accordingly.

What you are suggesting is to give up altogether and just resort to reactive security. Both approaches are needed.

Many attacks use well-known mechanisms - the main one is a typical C and low-level machine defect - allowing writes beyond an end of buffer. This can also be used to subvert the stack. We can design machines where this is just not allowed and a whole large category of attacks goes away. Thus we should check that a process or data structure only reads and writes into the memory that it was allocated - bounds checking.

Most people who consider themselves software designers and programmers have a hard time understanding this. They think it is just the natural order of things. Well, it's not. In networked systems and systems with many interacting processes being in security a priori is essential, otherwise we are continuing to react to things.

So if computer people find this hard to understand - how can we expect end users to be this sophisticated. Although, it is often true that explaining such things is easier to someone with no knowledge than to those who think they have knowledge.

Software verification (against bugs and defects) is closely related to security. Having machines with bounds checking, and checks for other breaches benefits both software correctness and security.

0
3
Silver badge

Re: Bah!

> 'general-purpose computer' ... you can do anything with - but it is exactly that power that makes them completely useless.

General purpose computers are not useless.

> I'll repeat - what is correct and incorrect is decided by the system designer - that is the whole basis of computer systems design.

What is correct and incorrect is decided by the _owner_ of the computer. It may well be that the 'system designer' hasn't considered that need or that usage, but the owner can do exactly what they want to.

3
0
Silver badge

Re: Bah!

"What you are suggesting is to give up altogether and just resort to reactive security. Both approaches are needed."

No I'm not I'm suggesting that at the present time ( and for how much longer ) we still need to be very careful about security.

"Well, in future I'm going to ask any one I give a lift to whether they can drive or not. 'Can't drive - you're out of luck, can't come in my car'."

That's just nonsense. It's totally irrelevant most of the time if other occupants can drive or not but I'm guessing that you'll need one for quite a while.

"We can design machines where this is just not allowed and a whole large category of attacks goes away."

Well until we do and they become the norm it doesn't matter in the slightest.

1
0
Bronze badge

Re: Bah!

>>No I'm not I'm suggesting that at the present time ( and for how much longer ) we still need to be very careful about security.<<

That was exactly your suggestion - 'we can't think of everything, so just react to it when it happens'. Machiavelli must be turning in his grave. Sun-tzu also.

>>That's just nonsense. It's totally irrelevant most of the time if other occupants can drive or not but I'm guessing that you'll need one for quite a while.<<

That is what I'm saying, please read carefully. But you started from the position of end users must know all about this or keep them away from the computer. Even us security experts can't keep up and understand it all.

Computing people really fail when the say they expect the user to be so sophisticated. No that is computing people failing to do their job. Like systems programmers also fail when they expect other programmers to need to deal with machine-level details (and hence program in C). They have failed at their job in programming the systems level.

>>Well until we do and they become the norm it doesn't matter in the slightest.<<

That is a lazy answer. Again an admission of failure. It is up to us present-day computer scientists to plan the future, which arises out of avoiding current failings.

0
1
Silver badge

change the password for the username “Pi” to

You mean "pi". (yes, I used "logical" quoting there)

0
3
Gold badge
Headmaster

Re: change the password for the username “Pi” to

I might have given you a thumbs up for the logical quoting.

(but your parenthetical remark completely blew it)

10
0
Silver badge

"Change your default user name"

You mean "change your default password".

Jeez.

10
2
Silver badge

Re: "Change your default user name"

Both.

4
0
Silver badge
Pint

"...it's a sufficiently common devuce..."

You spelled "it's" correctly, which may confuse some people.

Now, about "devuce"...

10
2
Silver badge

Re: "...it's a sufficiently common devuce..."

Covfefe?

17
0
Silver badge

Re: "...it's a sufficiently common devuce..."

*spelt

3
3

Re: "...it's a sufficiently common devuce..."

Hey how did you guess the password I use on all my Pis!

0
0
Anonymous Coward

Re: "...it's a sufficiently common devuce..."

Both 'spelled' and 'spelt' are correct but 'spelt' is little used outside the UK. 'Spelled' is the more internationally acceptable version, unless you're after the baking flour used by the Romans. I'll get my coat... ;)

3
1
Silver badge

Re: "...it's a sufficiently common devuce..."

Both 'spelled' and 'spelt' are correct but 'spelt' is little used outside the UK. 'Spelled' is the more internationally acceptable version, unless you're after the baking flour used by the Romans. I'll get my coat... ;)

If Cosby ever gets out of prison, he can start a new TV show I think.. "People downvote the darnedest things"

1
0
Silver badge

"Raspberry Pi sours"

https://www.quora.com/What-do-blueberries-raspberries-and-blackberries-taste-like

Raspberries are already sour ("sauer" being the German for "acid[ic]")

4
0
Silver badge

Re: "Raspberry Pi sours"

Raspberries are already sour ("sauer" being the German for "acid[ic]")

Indeed, that's why they're red. Raspberry juice is an indicator, and turns blue when made less acidic (you can sometimes see this happen as the juice is diluted with water when washing crockery that has contained raspberries).

0
0
Bronze badge

Re: "Raspberry Pi sours"

As in raspberry slushies? I always wondered why they were blue. Or perhaps they are just pumped full of blue dye.

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing