=============================
 Caramelle dagli sconosciuti
=============================

-------------------------------------
 Ed altri buoni motivi per usare apt
-------------------------------------

Sconosciuti che offrono caramelle
---------------------------------



La saga di npm
--------------

::

   leftPad = require('left-pad')
   leftPad('foo', 5)

Okkupazione degli errori di battitura
-------------------------------------

``http://incolumitas.com/2016/06/08/typosquatting-package-managers/``

   In this blog post I will show how:

   * **17000 computers** were forced to execute arbitrary code by typosquatting
     programming language packages/libraries
   * **50%** of these installations were conducted with administrative rights
   * Even highly security aware institutions (**.gov and .mil hosts**) fell
     victim to this attack
   * a typosquatting attack becomes **wormable** by mining the **command history
     data** of hosts
   * some good *defenses* against typosquatting package managers might look
     like

Parentesi: rpm, yum ed altre varianti
-------------------------------------

Apt
---

   Those who don't know apt are forced to reimplement it. badly.

Questions?
----------

[insert obligatory cat]