ts_block VS Scoop

> Is there something inherently insecure about remote desktops, or is MS software here known to be particularly insecure...

Exposing RDP to the Internet directly has been frowned-upon because of the attack surface being presented, there's no two factor "story" out-of-the-box, and you're opened up to brute force attempts on cruddy user passwords.

Older versions of the Microsoft Remote Desktop Protocol had a much larger attack surface than current versions. The current versions with Network Level Authentication (starting in Windows Vista/Server 2008) present a smaller attacks surface. Older versions used "homegrown" Microsoft crypto, whereas current versions use TLS.

Disclosure: I made a FLOSS fail2ban-like tool for RDP many years ago[0]. I had a situation where I was forced to expose RDP to the Internet and I didn't like having it open w/o some protection against brute force attacks. This tool happens to still works in Server 2022 and will slow the velocity of brute force attacks. I still highly recommend not exposing RDP directly to the Internet anyway.

(The ts_block tool is missing some fairly essential functionality that I never got around to implementing. It works fine and is really easy to install but some things are sub-optimal.)

[0] https://github.com/EvanAnderson/ts_block

My old ts_block[0] project does something similar to yours, albeit for RDP only and with much less sophisticated customization.

I opted to go with a WMI Event Sink rather than polling the Event Log. I've never done a benchmark to see which architecture would use less CPU, but I can say the WMI event sink causes nearly instantaneous reaction.

As an aside: I'd love to hear if somebody tries ts_block on Windows Server 2022. It works fine on 2012 R2 thru 2019 but I've never tried it on 2022.

[0] https://github.com/EvanAnderson/ts_block

The perspectives in the comments on this article re: WiX XML source and Windows Installer being difficult are interesting to me. Like I said elsewhere, I overcame that learning curve so long ago that I can't put myself in a position where it seems daunting now.

To be fair, though, an MSI to install a 10 files in "C:\Program Files\AppName", register a couple .NET assemblies, create a couple of shortcuts, and throw a few values into the registry would amount to <100 lines of XML.

Here's a years-old WiX 2.0 syntax source file to install 4 files in "C:\Program Files\appname" and run an EXE embedded in the MSI to install a service: https://github.com/EvanAnderson/ts_block/blob/master/MSI/ts_...

I've only seen "thousands of lines" of WiX source when dealing programs that install a ton of files, or put scads of entries in the registry.

Most of the MSIs with WiX are based on a simple skeleton generated from a template, and using "includes" generated by the "candle" tool.

Understanding the Windows Installer and the WiX source feels analogous to what I see in "modern" web development-- a bunch of tools that developers use, seemingly without understanding what they do, to create a massive pile of edifice into which original code is finally placed.

Scoop is a command-line installer for Windows, aimed at making it easier for users to manage software installations and maintain a clean system. It's designed with developers and power users in mind but can be beneficial for any Windows user looking for an efficient way to manage software. Basically it makes our life easier when it comes to software installation of any sort. Scoop support installation for large number of software. Check it out here Scoop.

Use a package manager! Assuming Windows (since it's the odd one out), get yourself some scoop then just scoop install openjdk. No need to navigate to a website, download bundleware, click next-next-next and accidentally install a virus like some caveman from 1997. This has been a solved problem since ancient times!

Should be easy enough, I installed neovim on my windows machine with scoop (you can even get nightly if you want), it's basically a one line install. You can also do a manual install if you want, but you don't have to. It took a little fiddling for me because I wanted to install scoop as well as all applications onto my D drive rather than my C drive, but nothing too crazy. I never got NvChad on my windows machine, but I do have it on linux, and siduck (the creator of nvchad) has given good instructions for installing even on windows, so i don't think it should be a problem. Also, there's a discord for nvchad, and siduck is pretty active on there if you want to ask questions. Good luck!

I update it with Brew on macOS and Scoop [1] on Windows (but I guess it is included in other package managers such as chocolatey).

Of course, a built-in auto-updater would be good, but a packaged version is a nice workaround for me.

[1]: https://scoop.sh/

So I tried installing scoop the "normal" way for both users then ran scoop install {app} --global as per https://github.com/ScoopInstaller/Scoop/wiki/Global-Installs and got:Cannot find path 'C:\ProgramData\scoop\buckets' because it does not exist

There are a number of ways that you can install the Snyk CLI on your machine, ranging from using the available stand-alone executables to using package managers such as Homebrew for macOS and Scoop for Windows.

Scoop provides a wonderful foundation for creating a portable developer's toolkit on Windows systems.