=============================
 Caramelle dagli sconosciuti
=============================

-------------------------------------
 Ed altri buoni motivi per usare apt
-------------------------------------

Subtitles-ish
-------------

English transcript available at:

``https://www.trueelena.org/computers/articles/candy_from_strangers.html``

``http://ur1.ca/po9hp``


Sconosciuti che offrono caramelle
---------------------------------

.. image:: img/1408390295.pdf
   :align: center

``https://openclipart.org/detail/196328/poison-label-gift``

Okkupazione degli errori di battitura
-------------------------------------

``http://incolumitas.com/2016/06/08/typosquatting-package-managers/``

   In this blog post I will show how:

   * **17000 computers** were forced to execute arbitrary code by typosquatting
     programming language packages/libraries
   * **50%** of these installations were conducted with administrative rights
   * Even highly security aware institutions (**.gov and .mil hosts**) fell
     victim to this attack
   * a typosquatting attack becomes **wormable** by mining the **command history
     data** of hosts
   * some good *defenses* against typosquatting package managers might look
     like

``http://ur1.ca/poaqc`` ``http://ur1.ca/poaqj`` (archive.org)

Apt
---

   *Those who don't know apt are forced to reimplement it. badly.*

La saga di npm
--------------

``https://lwn.net/Articles/681410/``

::

   leftPad = require('left-pad')
   leftPad('foo', 5)

Debian
------

* ``https://www.debian.org/social_contract``
* ``https://www.debian.org/devel/constitution``

Contribute!
-----------

* ``https://www.debian.org/intro/help``
* ``https://fedoraproject.org/wiki/Join``
* ...

Questions?
----------

.. image:: img/20060616_IMG_0081.jpg
   :align: center

``https://commons.wikimedia.org/wiki/File:20060616_IMG_0081.jpg``