Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Oh boy, another infection vector (Score 2) 230

by His name cannot be s (#48261339) Attached to: Windows 10 Gets a Package Manager For the Command Line

'Approved' isn't the right word.

OneGet has the notion of 'trusted' repositories. We're likely to expand this concept a bit in the future, but for now, that's what it is.

Built-in package sources from reputable sources may be marked as 'trusted' by default, but the majority of sources should be 'untrusted' until the user makes that change.

The real trick is getting package provider plugins to tell OneGet the truth if a repository is trusted or not.

I suspect that we're going to have to introduce a level of trust with the package providers too, and expose this to the user ... somehow.

Comment Re: Oh boy, another infection vector (Score 1) 230

by His name cannot be s (#48261163) Attached to: Windows 10 Gets a Package Manager For the Command Line

You've got a really good point.

We're tossing around some notions about different factors that make a 'package' or 'repository' trustworthy.

I'm sure we can do some stuff with signed repositories and signed packages to detect when things 'change' and/or keep unsigned repositories 'untrusted'.

Really, our first target for this stuff is developers and admins, not my mom...

Comment Re: Oh boy, another infection vector (Score 1) 230

by His name cannot be s (#48260817) Attached to: Windows 10 Gets a Package Manager For the Command Line

Well, considering that the chocolatey provider for OneGet points to the community-controlled repository, I'll have to take that as a win :)

The concept of curated repositories is one that we're really trying to come up without screwing it up.

Regardless, with OneGet, the *user* maintains control. Which repositories they connect to, what software they install.

Comment Re:We can do that thing you like (Score 5, Informative) 230

by His name cannot be s (#48260783) Attached to: Windows 10 Gets a Package Manager For the Command Line

Actually, to be perfectly clear, OneGet isn't really a package manager.

It's a package-manager-manager -- It's a unified way of installing packages of software regardless of the how-it's-implemented-on-the-back-end.

The first real package provider plugin is a Chocolatey one. Why re-invent the wheel when the wheel already works?

The purpose here is to leverage all these different sources of software using a common set of commands and APIs.

Anything that can be represented as a 'source' of software can be plugged in on the back end. I'm aiming for plugins for NPM, Ruby Gems, Python, on top of the expected MSI, Chocolatey, NuGet, etc...

Plugins can be written by anyone, and I'm going to great lengths to make it as simple as possible -- it's about ~15 or so functions to implement and we can plug in virtually any package format or service into OneGet.

Comment Re:Respect (Score 3, Informative) 230

by His name cannot be s (#48260565) Attached to: Windows 10 Gets a Package Manager For the Command Line

[FYI -- I'm @FearTheCowboy everywhere else, my /. id is so old that my name got trimmed from "His Name Cannot Be Spoken" 15ish years ago when they did a database adjustment... ]

I have had thoughts on how to do this; I suspect that while we may not set up a repo to do that, I may hack out the instructions on how that could be done easily if one wanted to maintain their own.

It really boils down to how much time I can throw at that.

Of course, we also want it to plug into WU and WSUS, but that'll be a bit more down the road.
Communications

'This Is Your Second and Final Notice' Robocallers Revealed 235

Posted by Soulskill from the hello-sir-madam dept.
nbauman writes "A New York Times consumer columnist tracked down the people who run a 'This is your second and final notice" robocall operation. The calls came from Account Management Assistance, which promises to negotiate lower credit card rates with banks. One woman paid them $1,000, and all they did was give her a limited-time zero-percent credit card that she could have gotten herself. AMA has a post office box in Orlando, Florida. The Better Business Bureau has a page for Your Financial Ladder, which does business as Account Management Assistance, and as Economic Progress. According to a Florida incorporation filing, Economic Progress is operated by Brenda Helfenstine, with her husband Tony. The Arkansas attorney general has sued Your Financial Ladder for violating the Telemarketing Consumer Fraud and Abuse Prevention Act. The Florida Department of Agriculture and Consumer Services investigated Your Financial Ladder, but the investigator went to 1760 Sundance Drive, St. Cloud, which turned out to be a residence, and gave up. The Times notes that you can type their phone number (855-462-3833) into http://800notes.com/ and get lots of reports on them."
Security

Attacking Game Consoles On Corporate Networks 79

Posted by Soulskill from the waggle-the-wiimote-to-lock-it-down dept.
A pair of security researchers speaking at DefCon demonstrated how video game consoles, which are becoming increasingly common break room or team-building toys, can open vulnerabilities in corporate networks. "[They] found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now. In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs."

Comment Re:I'll follow them here too. :D (Score 4, Interesting) 293

by His name cannot be s (#31785372) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

I do have one question. Why, exactly, do you think that this sort of approach is likely to be easier than doing what Apple did and simply exposing a Posix API that is actually useful?

Because, even if we could get a great POSIX experience on Windows, it leaves out Windows developers.

One of my goals is to get Windows developers in the OSS game.

On top of that, there is a hell of a lot of non-POSIX open source software on Windows that needs fixing too.

Look at it this way: Would you respect someone who told you the best way to get FireFox running on Linux was to use some sort of Windows emulation layer... Like WINE? no, because FireFox *can* compile for Linux. Same thing with nearly all Open Source I encounter. I want to get the OSS quality and experience on Windows to exceed commercial developers... it needs the most love.

Like I tell people:
Working as an open source software developer at Microsoft is like being a preacher in Vegas. I figure I'm in the single most important place in the universe that I can be.

Comment Re:I'll follow them here too. :D (Score 4, Interesting) 293

by His name cannot be s (#31785036) Attached to: Microsoft's CoApp To Help OSS Development, Deployment

think you had no choice to choose the BSD license instead of the GPL. Had you chosen GPL, it is likely the project would have been immediately rejected by Microsoft.

That's not true actually.

I didn't tell anyone what license I was going to use until a few days ago, by which time they'd already signed the agreement.

In addition to that; as a Microsoft employee for Microsoft, I've contributed code to GPL, LGPL, BSD, PHP and Apache licensed projects.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close