ts_block VS Main

> Is there something inherently insecure about remote desktops, or is MS software here known to be particularly insecure...

Exposing RDP to the Internet directly has been frowned-upon because of the attack surface being presented, there's no two factor "story" out-of-the-box, and you're opened up to brute force attempts on cruddy user passwords.

Older versions of the Microsoft Remote Desktop Protocol had a much larger attack surface than current versions. The current versions with Network Level Authentication (starting in Windows Vista/Server 2008) present a smaller attacks surface. Older versions used "homegrown" Microsoft crypto, whereas current versions use TLS.

Disclosure: I made a FLOSS fail2ban-like tool for RDP many years ago[0]. I had a situation where I was forced to expose RDP to the Internet and I didn't like having it open w/o some protection against brute force attacks. This tool happens to still works in Server 2022 and will slow the velocity of brute force attacks. I still highly recommend not exposing RDP directly to the Internet anyway.

(The ts_block tool is missing some fairly essential functionality that I never got around to implementing. It works fine and is really easy to install but some things are sub-optimal.)

[0] https://github.com/EvanAnderson/ts_block

My old ts_block[0] project does something similar to yours, albeit for RDP only and with much less sophisticated customization.

I opted to go with a WMI Event Sink rather than polling the Event Log. I've never done a benchmark to see which architecture would use less CPU, but I can say the WMI event sink causes nearly instantaneous reaction.

As an aside: I'd love to hear if somebody tries ts_block on Windows Server 2022. It works fine on 2012 R2 thru 2019 but I've never tried it on 2022.

[0] https://github.com/EvanAnderson/ts_block

The perspectives in the comments on this article re: WiX XML source and Windows Installer being difficult are interesting to me. Like I said elsewhere, I overcame that learning curve so long ago that I can't put myself in a position where it seems daunting now.

To be fair, though, an MSI to install a 10 files in "C:\Program Files\AppName", register a couple .NET assemblies, create a couple of shortcuts, and throw a few values into the registry would amount to <100 lines of XML.

Here's a years-old WiX 2.0 syntax source file to install 4 files in "C:\Program Files\appname" and run an EXE embedded in the MSI to install a service: https://github.com/EvanAnderson/ts_block/blob/master/MSI/ts_...

I've only seen "thousands of lines" of WiX source when dealing programs that install a ton of files, or put scads of entries in the registry.

Most of the MSIs with WiX are based on a simple skeleton generated from a template, and using "includes" generated by the "candle" tool.

Understanding the Windows Installer and the WiX source feels analogous to what I see in "modern" web development-- a bunch of tools that developers use, seemingly without understanding what they do, to create a massive pile of edifice into which original code is finally placed.

(merged) ScoopInstaller/Main #4757 kubescape: Update url and binary naming

As I see it, part of the drive behind tools like Scoop is to overcome the limitations of the binary-shipping strategy common to Windows developers. They are successful at this, I agree, but only partially successful. They come from the tradition of programs like Ninite, which were explicitly built as ways to make the binary approach suck less than it did before.

I see the success of these programs as essentially stemming from the insertion of user interests in the form of a maintainer-like process. Sure, they're still working with the binaries, but the actual process of installing and managing these binaries is controlled by users, for users: https://github.com/ScoopInstaller/Main/tree/master/bucket

This means that you get moderation and in many cases modification to the behavior of the program. In a freeware environment like Windows that's full of shitware, at the very least you can in many cases strip out the ads. That's absolutely not nothing, but at the end of the day it comes from a group of user-maintainers stepping up and saying to developers that no, you cannot simply do whatever you want on my system with your software. That's ... sort of the whole point of a software distribution, in the Linux world!

When I want the latest version of a CLI tool on Linux, I simply `pacman -S package`. That's it; one command. I don't see how it could be any simpler or better than that, and on top of that I'm getting the benefits of moderation and integration with the rest of my system. Perhaps you are emphasizing latest version here, and hinting that you don't get that on Linux distros? That depends entirely on the distro; a software distribution is (roughly) a collection of user interests. An Arch user wants (and gets) the latest versions of all upstream software. A Debian user does not want this or see constant updating to the latest version as an advantage, so that's not what they get.

Here is the definition: https://github.com/ScoopInstaller/Main/blob/master/bucket/avr-gcc.json

Those are all automated by the auto-update script.

Check Merged PRs https://github.com/ScoopInstaller/Main/pulls?q=is%3Apr+sort%... and you will see that the last non-bot one was merged 17 days ago.