How'd you like to listen to dot net rocks with no ads? Easy? Become a patron for just five dollars a month. You get access to a private RSS feed where all the shows have no ads. Twenty dollars a month, we'll get you that and a special dot net Rocks patron mug. Sign up now at Patreon dot dot net rocks dot com. Hey Carlin Richard. Here. As you may have heard, NDC is back offering their incredible in person conferences around the world. NDC Copenhagen is happening August twenty seventh through the
thirty first. Go to NDC Copenhagen dot com for more information. DC Porto is happening October sixteenth through the twentieth. Go to Dcporto dot com to register and check out the full lineup of conferences at NDC Conferences dot com. Hey there, this is Jeff Fritz, the purple Blazer guy from Microsoft, letting
you in on a little secret about my friend Carl Franklin. You know, the guy who started dot net Rocks, the first podcast about dot net in two thousand and two, The guy who's been teaching blazer on YouTube since twenty twenty. Yeah, that Carl Franklin. Well, Carl's joined up with the folks from CODE in a Castle to teach a week long hands on Blazer class at Are you ready to get this? At a castle slash villa in Tuscany. It's sort of a luxury vacation with Blazer learning built in. Carl's calling
it the Blazer master Class. You'll learn Blazer from the ground up, finishing the week with the ability to build and deploy Blazer applications. Since the training happens for only four hours in the morning over six days, you can bring your significant other, your partner with you and you should right This part of Italy is absolutely beautiful. There's so much to see and do, and and Larry and Marco from Code in a Castle or organizing daily activities both at the
castle and in the area. The castle is in the Marema, a less touristed region of Tuscany, offering both classic Tuscan hill country as well as easy access to the Etruscan Riviera, with sublime local food, wine and olive oil around every corner. Breakfast is included every day. There will be two communal dinners at the castle, book ending the experience, and most other meals and all activities are included. And did I mention you'll learn Blazer in person from
Carl Franklin. Listen, space is limited and for very good reason. This is quality training in a beautiful setting. Go to code in Acastle dot com slash Blazer twenty twenty three that's bla z O R two zero two three to take advantage of this amazing opportunity to join Carl in Tuscany for an unforgettable week of La dolce vita while advancing your programming skills in this important new technology. Hey guess what it's time for dot net Rocks again. This is Carl Franklin
and this is Richard Campbell again again. No, not more dot net Rocks Show eighteen fifteen nine. Can you believe it? Yeah, I guess we've got to make a plan for nineteen hundred. Yeah, well you're you're doing show nine hundred of run As Radio soon. Yeah. Run As nine hundred is the first week of October, so wow, and uh yeah, I've got to I think we're just gonna be a little silly, But that's fine. Half hour silly, never heard anybody? Yeah, yeah, you guys
are doing a good good thing over there. It's going great. Yeah, well, you know Gary, you and Park is here and we're gonna be talking chocolated of course. And so I found something. The timing was perfect on this because I just learned about it a couple of weeks ago. Roll the crazy music for Better No Framework awesome, all right man? When he got our friends Simon Kropp from down on that yea, yeah, he wrote this great little tool called wind d bloat. Oh my goodness, okay,
a dot net tool that removes the bloat in Windows eleven. This seems awesome and scary at the same time. Oh, it's so cool. You've used it, it's so cool. Yeah. Yeah, And you can include or exclude things. But there's like a whole bunch of bloatware that's that's in there. If you don't specify what to exclude, there's just a whole bunch of stuff, you know, Xbox game bar game, Xbox game speech window. Do you ever use that in Windows? No? Yeah, all these widgets
and whiteboard you know what. I have been using his clip champ. Clip chat is pretty cool. Yeah, that is cool. But Quartana can die, that's fine. Yeah, but you can you can tell which ones you want to exclude, So, like you nice, you take the big thing, like Skype was on the list, and I actually use Skype to communicate with some guys. You know, still got a few folks left in the Skype world. Huh yeah, but you can. He just added that feature.
Okay, exclude Skype. That's cool, It's very cool. So yeah, I have a couple of machines around the house that I need to deep bloat. So this is all stuff to add to your chocolate script size is back. Yeah. It's kind of like the anti chocolatey right chocolate. It puts us in deep blow takes it out. Okay, yeah, that's you can do both at the same time. I think that's that's called progress. So anyway, exclude teams, how tempting, How tempting. I can't.
I'm afraid I'm moving into teams more and more and more. Well, you know, we're finally cutting off the old pots lines that we use through the telas for dot net rocks, you know, back when that was a thing. Oh yeah, I remember, sure, And so I've been lifting the phone numbers, putting them through a service called voipe ms, and then forwarded him onto teams calling, So now my phone's actually ring on teams. The main upside being you get to use a team's office phone like a CCX six
hundred, which is very cool device. Yeah. I was watching a baseball game yesterday. The Red Sox are playing Kansas City, and I just forgot. Like in the dugout, the guy picks a phone off the wall right with a little coily cord and holds it to his I'm like, why is he doing what? Thing? It's not a thing? A thing? That's enough of that. That's what I got. Who's talking to us? Richard grabbed a comment off of show sixteen eighty seven. That's a show we did
with one Rob Reynolds. Maybe you've heard of him about this product called chocolate. Nobody talks about this, but you know, all the way back in twenty twenty, we should run of the reasons, I asked Gary back because it's been a while since we've talked about this and picking a comment comes from
Ga Prague Man presuming the Ga is like Georgia. But he says, and he's referencing something in the show is a sixteen eighty seven so a little while ago where he says it seems silly to say, but I'd recommend caution with clipboard History or any other these clipboard tools. If you copy secrets like API keys and stuff, they'll sit in the history. Obviously true, just as handy as history is. Nothing is free. But with regards to chocolate.
As someone who spends a little more time with Linux equal systems, I've always been confused as to why Windows doesn't have a package manager built into it. It's true, I mean his wind get now, but we'll talk to Gary
about that later. I love using chocolate on new machines to get them up and running very quickly, to the point where I've created the dot Net Global tool, which I run on a fresh install of Windows, which, among other things like setting up group policies such leaves chocolate to install with the dash y argument the majority of my required applications. But I'm going to have to look into the chocolate for business, as I tend to reinstall Windows on a
regular basis. Wanted to remove x client IP from my machine when the contracts end. This is a cool idea that you can say to your your customer as they are going out of the door. It's like I wiped my machine. Yeah, I'm not that. I just don't installed your stuff. I wipe my machine because I can rebuild it so quickly. Yep. I've been tempted to deliverage chocolate in the debops pipeline in the past. But if it concerned about app versions and the chocolate, he has support for version numbers,
like install this version of a package. I now easy it is for developers to install NPM packages and not bother to lock them down to specific versions. And I'm reluctant to simply hand that level of power over to the devs that I was working with. Then again, I have a chocolate package list with version numbers checked into source control. Look at this guy and using that list when provisioning new devices that would deal with that. Either way, there's lots
to think about. Yes, there is. I don't know, Gary, that sounds like one heck of a customer for you, Gaprogman, Thanks so much for your comment in A copy of music co Buy is on its way to you, And if you'd like a copy of music co Buy, write a comment on the website dot net rocks dot com or on the facebooks. We publish every show there and if you comment there and everything the show. We'll send you copy music copy and you can follow us on Twitter if you
want to. But the real fun is happening over on Mastodon. I'm at Carl Franklin at tech hub dot social, and I'm rich Campbell at mastodon don social. Send us a toute Rudy too, tutti tutti route to you. Did hear Gary Park there for a minute chiming in. I know he was laughing in the background there, but just to introduce him quickly, he works full time on Chocolatey, the package manager for Windows. If you haven't figured that out by now, Welcome back, Gary, Thank you very much,
Thank you for having me. Yes, I think it was Alan Stevens that introduced us to Chocolatey first, wasn't it Richard back in the day. Yeah, I know, you're you're right, Yeah. And then it's one of those things you just regulately revisit every so often, if not often enough. I mean, what does the impact of wind get in the chocolatey world? Because in theory, might it's a sort of addressing this. It's it's an interesting question, I mean, and it's it could be a whole topic in
and of itself. And anyone's interested in kind of where we where we chocolate you sit. My colleague Paul broad with rufically did a talk comparing like for like chocolate E to wind Get at ps comf EU in Prague I think last month month before, so Demitrius was in the room. Paul was talking away to Hims, being the main developer on wind Get. So he'd said himself it was a kind of fair and honest review in terms of what chocolate is, what wind Get is, why you would use one and why you use
the other. So if anyone's interested in that, I'll not repeat everything that Paul said, but there was lots of ins and outs why you want to use one, why you would want to use the other. The upshot was use what makes sense for you? I mean, would we want everyone to use chocolate? Sure it does, everyone want to use chocolate? No? Use what? Use what makes sense for you. It's fairly new, isn't it. It's recently new. It's it's it's been around for I think just
over two years now, I think. Yeah, So it's had it's even preview for a little bit, and then you had to enable it to have it installed on your system. Now it comes pretty much baked in. That's one of the big selling points. If you like a wind Get compared to chocolate, it's it's baked in, whereas chocolate is a separate installation. Now the packages that you install with chocolate are specifically for chocolate, like wind get can install them and vice versa. So there's a there's a little bit of
a gray area there so to put it in contact. So so chocolate is a the package manager and it needs what I grew for hard to as an up keg. Some people call that a new package. It's an up keg. It's it's a fancy ZIP file that contains the instructions on what you're actually installing. Wind Get is driven by a set of manifest that are hosted on a GitHub repository. So there's there's not actually a package as such. It's more of a manifest as this is what you're going to do. So it's
like difference there in terms of functionally how it works. The reason I said it was a gray area is there is the concept of wind get UI, which is a user interface that can install packages or applications from wind Get Chocolate, and I think scoop Scoop being one of the other package managers Windows has, so you can in theory have a kind of centralized interface for doing things like that. And there is discussions around whether Chocolate could install wind get packages.
So from Chocolate you could define a source that is a wind get repository and be able to install manifests from there. So there's lots of discussions around this. There was also the new deav Box was at dead box is what it's called, or dead tooling, where we could integrate with Chocolate within the new ecosystem that Microsoft creating. So there's all sorts of ways that you can have crossover between the two. And that's why I'm saying when I use what
makes sense for you. Some packages that Chocolate can install, wind Get the Minute isn't able to because of the way that the package is deployed. It might be a ZIP file you need to extract and then do some work on the extracted files. I wouldn't get manifest at the Minute can't handle that level
of complexity. Where it's a Chocolate package is at its heart a power shell script, so you can do anything that you want or need within the Chocolate package for getting that application installed, and we sure remind everybody that the name chocolatey came out of reaction to new Get right New Get New Get it did the plan that well, a long story there that Rob could tell you all the details about. But yes, it came from originally from a joke,
a throwaway comment, and yeah whatever. Ten years later, twelve years later, chocolate is here and still being used. So it's it's a fun history of when you go back to it. Yet you know, sometimes jokes get out of control. Nah, that wouldn't happen here when we talked to Rob
back in twenty twenty. So admittedly three years ago, I think Chocolate for Business was brand new, Like it's been an open source project all along, but you had you had an opportunity to make a commercial component because folks wanted to pay you and get a certain level of service and that kind of thing. Can you sort of get us up to speed because it's been three years, I'm sure stuff is different. Yeah, So just a little bit history. So, as you said, chocolate is an open source project has been
around for since twenty eleven, and then it's grown from there. And then what Rob did is he kind of looked at the landscape software things were. He was working at Puppet at the time. He saw that there was a market for as you say, support as well as additional functionality. So what he did was he created a Kickstarter and went to see is there are enough
interest in this thing that is Chocolately. The kickstarter was successful. Off the back of that, Chocolate Software Inc. Came about, and then based on discussions that Rob and I had while I was an open source contributor to Chocolately, I ended up starting working with him full time, and then since then the team's grown and what we've been able to do is establish a business features
on top of the open source functionality that we provide. So we have what we refer to as the Chocolate License extension, so that's it's a chocolate package, you install it as a chocolate package, and then that opens up other businesslike functionality that you might want, whether it's automatically creating packages using package Builder, whether it's using a central deployment mechanism for packages across all the machines in
your environment using Chocolate Central Management. All of those become available once you start one of the business skews, if you like. Within Chocolate I guess that's the benefit of being chocolate. When it comes to developing new versions and products, you can just install that stuff the way you saw everything with chocolate exactly.
I mean, chocolate yourself is a chocolate package. Now there is a little bit of a chicken in an egg situation there, because the initial deployment is a chocolate package, but you haven't quite got chocolate yet, So there's a little bit of hand holding with manually extracting as it filed to get it installed when you first install it. But yeah, there's definitely an inception moment when I'm using chocolate. You do in Charles install chocolates right, like suddenly
Leo DiCaprio appears and everything gets really slow. But one of the common asks kind of related to that. One of the common asks we've had is why is there not an MSI for chocolate? Why can't install chocolate of yet via an MSI. The original answer to that was, well, it's a chocolate package, why would you want to install it with ms with an MSI.
Yeah, but recently we have actually created that now, so there is an MSI for chocolate, and that's what you can actually do if you want to do wind get install chocolate and that will put chocolate on your system using wind get as the mechanism to deploy it. And that's what I kind of funny. And the reciprocal of that is if you need to, you can do chocolate install wind get. It works both ways. So all right, so you are in your full inception moment there. It's beautiful. Really, yeah,
So we do have three years of catching nev to do. I imagine how though it seems simple, like it's just it's stall, Why do you need to work on this so much? So the core part of the last few years has been about ramping up the team, getting the team up to speed, as well as building into our infrastructure much more testing, much more verification that everything's working the way we expected to, and on top of that, also doing development work on top of it. So one of the biggest
pieces of work that we've been undertaking lately is an upgrade. I hope you're sitting down from this, but it's an upgrade from dot net four to dot net four point eight. Who yeah, so for the longest time. So chocolate chocolate one of the one of the driving forces behind chocolate, or the one of the driving things that Chocolate is all about is backwards compatibility and always
working the way that people expected to work. Right. So, Chocolate up to an including version two point which we've recently just released, required as a minimum dot Net framework four point zero because we wanted to ensure compatibility all the way back to the earlier operating systems that folks were still using Point having shipped in twenty ten. Yeah, yeah, yeah, it's I mean, it's
a long tail. But with the idea was that we wanted the bare minimum of footprint that was required to install Chocolate to then allow provisioning of the applications that you want on that machine. Sure, so you three five one folks have got to upgrade, now do you have too? Yes? So that undertaking it was not an easy one, Let's put it that way. There was lots of dependencies. There was lots of changes that also involved an uplift
to Carl kind of mentioned it earlier in terms of new get. Chocolate itself has a dependency on the new get client libraries. So part of the uplift from one point zero to two point zero was, well, we're finished with that version of new get client. Is that I don't want to say how
old it was. It was quite old. But we have upgraded to the one of the most recent versions of the new Get client libelies, and with that that's brought additional functionality that the new Get team have created and made available for new Get dot ex. So we've now got support for semantic version v two version numbers, we've got support for other things that we wouldn't have had before doing that uplift. And then more importantly, we've uplifted everything to dot
Net Framework four point eight. So now it was a base you need four point eight installed in order to use chocolately now, but it's the time has come, all right, because refresh my memory, guys, because it's been a while since. Here's the dot Net framework for Windows. You know,
the dot net framework, but there was a version. You know, they're trying to keep side by side compatibility the whole time, whereas you know, you could have multiple versions of the dot net framework all installed in whatever programs using it. But there was one that replaced another, right was it? Or that replaced three five one or yeah, I was thinking about exactly that. It's like, when do we start getting side by side execution? It was it not four to four point five. I don't, I don't recall.
I think you're right. I was just thinking when the challenges of getting off of four is that it didn't allow side by side execution. That actually came later. Yeah, it was a replacement. Yeah, you always had to replace. And so now you know, getting up to four point eighties like you can do side by side execution. It's not that big of a deal. I thought you could always do side by side with a dot net framework, except for that one version that had to replace the existing one because
of some dependency reason. It might have been one point one. But yeah, I mean it's always been sort of side by side execution, but they were it was harder or easier, like you know, they're they you know, people fought pretty hard to run like three, five and four side by side. I'm so used to CORA now that I don't even remember. It's
not something you think about it anymore and haven't for a while. Well, one of the interesting things that happened recently I was at NDC Oslo and Isaac Levin was doing a talk on all the new things that are in dot neet core and why you want to use it. It was a great talk, but one of the things that he did during it was one of these put your hands up, who's using dot net seven? And pretty much everyone in the room put up the hands dotnet seven and he gradually went down and down
and down and down. He got to four point eight, fewer hands, and then he eventually got down to four point oer and literally no one else in the room said that they were using four point zer and I was like, yep, I'm still easing it. It's in production exactly, So it was it was time to do it. So they say the big uplift from one point zero, which was our first major milestone, was literally the uplift
of all of the component or products to four point eight. Because it's not just chocolate you see a lie, there's chocolate license extension, chocolate agent, chocolate, gooey chocolate, guey license extension, all those impotents. Indeed, we have been told a couple of times that we misnamed that product that should have been gooey chocolate ye supposed to chocolate gooey. But chocolate still works. I mean adjectives in a row. Yeah, you really don't need to mangle
a product too much. Just for the puns right, yeah, gets it gets to a point at some point. But I could see that. You know, there's certainly plenty of folks on four point eight like it. They're not going anywhere that that version of windforms is pretty solid. They you know, they there's there are challenges in getting off of quote unquote standard framework. And if you've got a big dependency on ASP dot Net web forms, if you or Windows for dependency on on WCF, you know, like those are
just not simple things to unentangle. So there are certain Windows graphics libraries that are only available on Windows. I had to use the dot Net framework recently for a screen tools LIBE that I did on the dot Net Show. And the whole of this was to automate browser interaction. So you can load up a browser, go full screen, and now it's predictable where things are going
to be. So you can search for texts with OCR the tests or act library, and you can search for graphic you know, take PNGs and say hey, do you see this pngg anywhere right here? And then you can simulate clicks and in keys send keys, which is in Windows forms. So anyway, I ended up using the dot Net framework for that and it was great. Yeah, I had a great time with that. Yeah, I wonder if I would have fond memories of four point eight. Like it's been
a while, it's like, oh does this feel good? Right? I remember it's just like spending go back and work in windforms for a minute. Yeah, it's cool. You come to appreciate that windforms was the exception. Like no designer is good except for windforms. I mean, there's definitely things that because I work on something I open other opens projects that have made the jump to dot net corepe, you come back to working on chocolate, which
is probably working full time. Even things like we're we're still not yet on the new CSPOD format, so we don't have the benefit of the shrinking of the cspod format because we haven't made the jump to building with dot neet build yet. It's still ms build that we're using under the hood, so there's
elements there that are still we're working. We're working through that path to get onto the newer tooling to allow us to get the benefits that come with it, but for the minute, we're still So if you've got you've got some of our cs pod files are quite big, right, But we that's the way they are. We can't change them quite yet because again, one of the tenants of Chocolate is that it's it continues to work, it continues to
be backward compatible as much as we can. So we have to be we have to pick and choose our battles in terms of what we're looking to upgrade two. And as you say, I mean dot nee framework four point eight, it's a it's a it's stable, it does what it does. You can still code against it. Do you miss some of the new shiny started coming out and dot net Core absolutely, but it's still it's still functional,
it does what it does, it's tried and tested. So we although we've had discussions around what needs to happen in terms of bringing Chocolate Cli to dot net Core, that's not something we're planning yet. I mean, it's something we're starting to speak about. Some of the folks in the community are speaking
about it and kind of dipping their toes in the war. And in fact, one of the one of the core contributors to the uplift to dot net four point eight and then you get quite libraries, it was a open source contributor. I was doing that work. I know that he's spiked out what needs to happen in terms of bringing in Chocolate to dot neet core, but there are some of the complexities in terms of how we do things with reflection
and app domains and things. When we load in the license extension, that becomes complicated and dot net core because some of that was taken away, right, so for sure, and again we have to figure out how we can do all the things that we currently do in that new environment as well. So it's it's been an interesting, interesting time. So Gary, Sometimes when you want to install an execute amwn Windows, it just having the executeable to
install. Just having the installer requires that you're logged in and you've got you went through a process and you downloaded this saying in other words, it's not publicly available for anybody to just go to that vendor's website and download it, which is the modern way to do it right. Just make the download free and then when you set it up, that's when you register and put in
your serial numbers and all that. Does Chocolate require that these packages are public or can I make a package out of my own exc that I had gotten through? That means so there's lots of things in there, so let's make it down a little. Yeah, So Chocolately as a product or as an application in its own right, chocolately will let you package whatever you want.
So if that's your own x EXC, that's your proprietary exc that requires licenses to install, etc. Chocolately will allow you to create a NUPKEG or a new package that represents that package, and that will allow you to install it
as you need to. Where it kind of crosses over into what's allowed and what's not allowed is if you then try to take that package and push it to Chocolate Community repository, then that wouldn't be allowed because at that point you're violating the terms of that application or the proprietary license it goes with that. So that's where the double edged sword that is package moderation that we have.
We've got automated systems that kick in for doing validation, verification, scanning of viruses, etc. And then there's a human moderator at the end of it as well. At the point that human moderator comp came along, they would likely say we can't take this package because it's got a proprietary exc in it. The license doesn't allow or redistribution, et cetera, et cetera, et cetera. But the nice thing about chocolate is there's nothing to stop you taking
that nupkeg and hosting it in your own internal repository. So you could use Nexus or artifactory or prog it and have your own internal repository or packages that you would use in conjunction with the Chocolate community to repository, so you'd still be able to do chocolate, install your package, but it would only live
within your environment and not anywhere else. Could I use a private repository like a private GitHub repository something along those lines, that I could install it from the internet, so I wouldn't have to have it locally on my machine. So the term or repository is one of those overused terms. It means lots of things, lots of people. You actually mean file share what I'm referring
to. There is a repository that has a new get v two or a new get v three endpoint associated with it, so either an o data endpoint or a Jason endpoint that allows you to query for those packages and then download and install them. So that's when I said Nexus provides a repository that does all of that, and you install it in house, you host it in house, and you can push and push and pull all your packages from there. Get hub does have a get hub package repository, so you can host
and you get packages on there. The only slight drawback with that is it does require but it maybe fits into your scenario, is it does require authentication. Sure, it is an extra repository. You can have an anonymous authentication to it within your environment. So no, you absolutely could do that, but it's not a repository in the sense of a get repository. It would be a new get V two or a new get V three repository that we
have those packages on. So what is your recommended way for having a local repository within an organization? So it might go to one the one that I mean we have. That question comes up quite a lot of times, and we don't We don't say that this is the golden standard, this is the one that you use, And there isn't a chocolatey repository. There's not the
one that probably describes it best. Pro get has the concept of the making a dissemination with whether it's a new get package or whether it's a chocolatey package. But it's hard. It's only really it's wording, it's not there's nothing really to distinguish without really looking at it, that this is a new get package and this is a chocolate package. But pro get does at least try to separate those two things in terms of what you're trying to set up.
But like I say, Nexus, Artifactory, pro Get all provide in house and then repositories. But there's other systems like cloud Smith or feed dot io or I hesitated the same my Get because I don't know if you saw my Get went away for like two days and a kind of complete blackout. But my Get back in the day was the go to standard for online hosting of packages and then they scared everybody. Yes, So in terms of the question, I mean, it depends on how you want to set it up.
Pro Get needs a sequel server incident behind it because it's that's where it stores it. Nexus does it via Java database under the hood that's running in process. So it kind of depends on your invironment where you want to host it, but it's definitely ways that you can do it. And then at that point You've then got your own curated list of packages that have been sanctioned by
your ops team living in your internal environment. But you still got access to the topic immunity to pository if you wanted to install the packages from there, right, I mean, yeah, then I have enough of a tinfoil hat on to go to say, hey, if I'm operating an infrastructure, I want to control over all those packages, so they're going to use my repository.
At the same time, it's like that's also a lot of overhead to keep those up to date, test and so forth, Like let's go tap and let's go tap common repositories, Like do you do you see any real patterns around this? Should you really only be using the private repository for private software and commercial you know, open repositories for retail software. You know that
are other people are maintaining. You've kind of hit the nail on the head there in terms of once you kind of own a package, there's an element of background work that needs to happen to keep that package up to date. So how do you do that on the floor. So one of the one of the great things about chocolate is the chocolate community that helped keep the over ten thousand packages that we have up to date with the newest package versions,
et cetera. Lots of packages use an automating updating system called AU, so within I think it's not the normal schedule is about six hours. So within six hours typically a package that's using AU will have been updated automatically by scraping the website knowing that there's a new website available, push out a new version and it's updated. So as an organization, you might want to take advantage
of that. You might want to know when a package is of an updated on the community repository to then pull it into your own internal environment because you want to bring it into your DMZ, you want to install it, you want to make sure that it does what it does, et cetera, and then make it available to everyone within your organization. So what we see folks
doing is using some business functionality that we provide. So we've got we've got a system called package Internalizer that will take a package from a community say community pository, download it and it will do go through a process of internalization. So what do I mean by that? A chocolate package normally is when you break it down it is a power shell script that is a list of instructions. It's go to this URL, download this EXC, run this EXC,
do a bunch of other stuff, and then finish. But from an IT perspective, you've then got a dependency on that out external URL. So what the package internalizer allows you to do is it will find the URL, it will go and download that EXC, and then it will rebundle the EXC into the nupkeg. So then you've got what we refer to as an embedded package.
That embedded package, that nupkeg has everything that you need to install that application offline, completely offline right, which means it may have gone and gotten more things if there are external dependencies. So again, so yes, the packing internalizer will say I want to install no Paplist plus, but no papist plus needs these dependencies in order to make it work. So pack internalizer would
download and internalize each of those dependencies. So what you get at the end of that is four or five six snap kegs that you then put onto your internal repository. Once you've gone through your due diligence on your DMZ, you make sure it installs what you want to install, etc. You then promote it into your internal repository, and at that point all of your other machines
have access to it. So you're taking advantage of the community repository being maintained and updated, but you're still working in essentially isolation with your opsle on as you said, knowing what you're installing, but also having to take advantage of all of that work and use the some of the business features to keep your repository up to date. Very cool, and with that, I'm going to ask you guys to hold on for just a second while we pause for these
very important messages and we're back. You're listening to Dot and it Rocks. I'm Carl Franklin, that's Richard Campbell, and that's Gary. You and Park we're talking chocolate and Richard, you look like you had a question, but if you didn't, I yeah, I was going to say, why haven't you made a repository service then, because you've done everything else. So it's
it's something that we've spoken about. It's not something that we have committed to, but we have heard it from some of our customers that they want they want that system that we can currently do, but they want someone else to do it for them. They want to have all of the package internalized, they want to have the package available, they want to have to have a commitment in terms of SLAS, in terms of when they'll be available, when
the package the applications have been released. The short answer is there's quite a lot of infrastructure behind that. There's quite a lot of there's certifications that we use a company would need to have in order to provide that service, et cetera. So it's is it is a goal, but it's not a goal that it's certainly it's not Tomordel, Let's put it that way, right.
Sure, I also see there's a SaaS product here, right, It's like that will run the propository for you, will even maintain a certain level of update. We could provide update services for you, like not that I think. I mean, I'm pretty sure we're off the rails for Don Rocks.
But from our runs perspective, I'm like, I can see this. So what I can say is like, in terms of what we kindently got in terms of the infrastructure for our open source repository that is Chocolate Community Postray, we have some of the building blocks and in terms of the functionality that's been added into the business version of chocolate. We have the building blocks that you can stitch all these things together and one in your own environment. But we
could absolutely provide that as as you said, sas offering or something. But we're not quite there in terms of getting to that level. But maybe one day is what I can say there. Yeah, it's it's a reasonable speculation. And you know that. I know you're listening to Don Rox, so you know, there's been an ongoing theme of how to open source projects become
self funding, self sustainable. You've had several years of chocolate for business, which I think you charge a fair price for and I suspect you've got some customers for it, Like, is that carrying the ball these days? Are you guys? Okay? Yeah, I mean we've we've been we've been busy. I mean, COVID obviously had its uh impact, and there was there was ripples that we saw going through it. But I mean, yeah, we're we're we're we're hiring folks at the minute and the team is growing.
It's continuing to pay my mortgage, which is what I'm here for. Features It's kind of what I need, right We're we're we're we're happily working away. We're getting new new customers coming in and we were featured on Lightness. Tech Tips showcased us recently and showed off what chocolate is and how it can be used, and we saw a flood of people coming in. So, yeah, people hear about us. People. We've got a very the support team is very good at what they do. They've got a very much a
white glove approach. They'll they'll get on a call with you, they'll help you set it up. We've got what we refer to as a quick setup process where we'll spin up a VM man ager that has chocolately and all of the business components installed for you, so you can take that for a spin, see whether you like it, and then you can either continue with it in the cloud or you could bring it on premise. So no, we've got we're busy at the minute, and there's no shortage. There's no shortage
of things to do. There's not there's not enough hours in the day. Until you use the word Linux in in some award that you got, was it Linux or it's it's Linus tech tipsips out of Vancouver, by the way, Okay, because it's a pack. It's for Windows and Linux tech tips as a show. Yeah I got correct. So so to clarify that though, So chocolately is a Windows package manager, but it is compiled under Mono,
so it can run on Linux and it can run on Mac. But then why would you want to do that because they have their own package. So a lot of people, depending on their workflows, they might be creating an application and they want to create bundle it as a Chocolate package. So you would install Chocolate on Linux, you would run the Chocolate pack command and the Chocolate push command. Because the rest of your bill has happened on Linux or Mac. You just want to do that last part, which is to
move over. That's why we produce. There's a Docker image available for Chocolate, so you can you can Docker pool Chocolate and then at that point you can be running Chocolate on your Mac depending on what you're doing. So there's there's definitely a use case for it, but it's not You certainly wouldn't do Chocolate install visual Studio code on a Mac because that's just that wouldn't work. Think on the Mac, you might have to call it something like tablown for
Brochet or whatever. Yeah, they are the luxury tech brand. Absolutely, yeah. I mean it's it's pretty funny. So what do we what do we need to know? Other features, things you're working on, places people should be looking. So there's been there's been some there's been some interesting work developed in terms of Chocolate just in the recent times. So we have made some additional extension points. So we have we've always Chocolate has always had this
concept of extensions. That's that's how the Chocolate license extension works. But in the recent releases of Chocolate, we've included some additional functionality for providing extension points for additional what we refer to as source runners, as well as providing mechanism
mechanisms to do validations. So what I'm referring to there is that we might at the minute, Chocolate supports source runners for installing Windows features installed source runners for our installing but enabling or disabling Windows features, for installing Ruby packages, for installing Python packages. But there are other obvious sources that we want to have support for as well. We kind of spoke about it earlier, one of them being win get as a source dot Net Global Tools as a source
Windows Store as a source. So then you've kind of got this single pane of glass in terms of doing Chocolate install all the things as well as then doing chocol export all the things. So then you want to take this machine and you want to put it over here, you can do a Chocolate export of everything that's on your machine and then immediately do a chocolate install of everything and put it onto that other machine. Is that the mythological just read my
configuration and make it And I say mythological for reason? Is there ever of times I've heard the signal? We can say that exact thing. So there's obviously caveats to that. There are certain things we can't do. But Chocolate has knowledge of quite a bit of your system because it's responsible for putting a lot of things onto your system. So taking that and making that an exportable artifact to then bring over to this machine and then trust install it, that's
something that's happening. We're currently working on a new version of our Chocolate Central Management, So that's the single pane of glass visualization of all the things that are installed in your machines across your environment. So there's a new version of that content being worked on. So that's the one that allows you to say, there's a new version of no Path plus plus, I need to install
it on fifty machines within Chocolate Central Management. You create a deployment and then it'll just push it out to all the machines and just trying to levelize all the versions of Acrobat in a given organization, like my Lord. There's a philosophical conversation here about when is an application an application? Right Like if you if I could literally go to a machine that's never seen chocolate before, install some piece of chocolate and say, okay, give me a manifest for this
machine, you're essentially detecting what's an application. I mean, going to program and features is probably not enough. You should run win deeploat first though. So that's one of the interesting things about what Chocolate package is a standard format. It's an up key because as it for, it has some additional metadata. But what you put into that chocolate package is completely up to you. You could put an e XC and MSI. You could put a parachel script
that deploys are register key. You could put an EXC a standalone e XC. You could put just the one that I always give us. An example is I've got a Chocolate package for my get config because I never remember what that is. But I want the same get config on every single machine, So I just do chocol install get thirteen dot get config and then it runs the get commands to set up my machine. Yeah, that is not an
app. That's not an app. But the benefit of doing it as a Chocolate package is when I do Chocolate list, I'll see that that package was installed, I'll see what version it was, and I'll know what version of my get config I have installed in that machine. So when something doesn't work the way I want it to, oh, I have an upgraded my get confic, so I can do Chocolate upgrade, get thirteen, get config and I've got the right thing and play. So by packaging it all up into
that standard format, you can literally put anything in there you want. It doesn't have to be an application. It's a package because Chocolate is a package manager and managers packages that just happened to install application of our aplications, but not always correct. It doesn't have to be. It could be. It could be placing a word a document on a folder somewhere, and I suspect we've talked about this before. But literally you can set up a set of
package says I need my DEV install on this machine. It's that the whole machine. It's just like the things that you do for DEV. Go get those exactly. That's a bunch of different products and a bunch of configurations, and off we go. And I say, at that point, you then know what version of that configuration package was deployed, you know what version of
that application package was installed. And then you've got that again. I've said it again that that pane of glass, single pane of glass about knowing what is deployed on your system as opposed to trust relying on agin with programs. Because that's one of the things that we do within one of the business features is that we'll add entries into adronew programs when a chocolate package is installed.
So if you have if you happen to be using another reporting tool to say what's installed in machine, you get better visibility by installing as a chocolate package because we'll add an entry into adennew programs for the package. So you actually have a programs and features entry that says my gidaboration number thirteen. Yes, And if you hit uninstalled on that entry and adenew programs, it will run
Chocolate one install that package. Right. But again, depending on what reporting tools you're using, you get better visibility by installing via Chocolate because it will report on the packages in the same way that it's getting information about all the other applications are installed. And just to be very clear, can Chocolate detect that there is software already installed on this machine that it didn't deploy through a package? Yes, okay for certain tools, So what we do that?
So there's a whole mediu of that. There's gonna be tent of exceptions here, but essentially so, if you were to do Chocolate list, it will give you a list of packages that are installed. But if you do Chocolate list dash include programs I think it is, it will give you a list of here's the packages that are installed, but here are all the entries and
add remue programs that I don't know about. Right. And then if you wanted to in the business version, you could do a Chocolate sink and it will take that application and move it under Chocolates management to then allow you to continue upgrading that package with Chocolate by sinking the two things together all right now, and then literally I want to play the spooky music here. You transformed
the relationship that piece of software. That's really interesting. So I said that that one's an interesting one when you get into it, because not all entries and add remue program actually represent a single package, because there might be multiple entries in there that are all one package. So there's again there's some caveats
there, and you have to take care of what you're doing there. But essentially you can bring a application that's installed on your machine under Chocolates management through will sync command. Yes, now the ways there are also ways of doing it in the open source version, but again we provide that functionality in the business version to make it easier for folks. Yeah, and it's very fair
to say, like use this with caution. Yes, it's good to get started with, but rap you're going to be way happier if you just get into the routine of always using Charcoal packages starting from exactly that. And then there's because then Chocolatey is the package manager. But then you build on top of that with some form of configuration management systems. So whether you're using a puppet, a chef, an answable, you use that to help deploy across
your environment as well. So there's we like to say that chocolate will work with everything. We have tie ins and ad ins for the majority of the configuration management systems out there, but at the end of the day, it is just an EXC. So if you can shell out to an EXC and do that work, you can do that through any sort of endpoint management system that you wanted to use. Do you get any pushback from folks, say, not wanting four point eight around, like just make this running corp?
No, we haven't said. We haven't seen too much of that since since the release. So we released back in where we now were released in me so we've got a few we had a few months and we haven't had much pooh back from a four point eight perspective. No, So the fours you're willing to go four point eight, Yes, it's really a question of hey, we've been living in Core. Why are you asking me to have standard framework on these machines. There's that, Yes, exactly, there's definitely.
So that's the double eyed sorts. We picked four point eight because it's the stable version, it's the one that's they're not going the last for the last one. So we've we've pulled up to that one and some parts we've made compatible if you like, as we moved to dot net core, so we're we put ourselves in a good position to make that jump up to the next version. But as as there's always the case, there were things that came
up after the two point or release that we had to immediately fix. So there was things we had to work through, et cetera, et cetera. But there are still, like I said, are still plans ultimately to move it to got net core to get all those advantages that come with it. But at the same time, we know that there are folks using Windows Server two twelve and they still have all the version of PowerShell and they still want
things to work. So it's there was an interesting story where I had to dig into the internals of power Shell three with assistant management assemblies because it didn't work properly on Windows Server two thousand and twelve. It worked final Windows Server
two thousand and sixteen. So it's a we know that folks are still there, so again we want to continue to support them and make the chocolate available to them so they can pin onto one point X of chocolate rather than making the jump to two point x if they wanted to, because we're supporting both at the minute. Yeah, twenty twelve comes out of support, like now
we're waiting, We've got a checklist to say it finally comes off. But yeah, Gary, what's the difference between the free version and the pro version? The pro versions one hundred bucks a year, I think, right, correct. So really the pro version came about from the kickstarter. So if you wanted to be a Kickstarter and you wanted to help the project grow, the pro version was the kind of the de facto way of doing that. It was a way of saying, I want to support you, and here
are some of the features. So some of the business features are available in the professional version, but there are levels. It goes up from there. So you know, there's certain features in the pro version, but other versions they provide more features on top of that. So for instance, so I guess I'm asking one are those features because you know, try to convince me
to spend the money. So absolutely, I mean there are different skews of Chocolately, there's the free version, obviously, there's the pro version, and then there's the business version. So as a probe customer who just wanted to have at some additional features. On top of that, there are things like additional parachel functions, So we provide in the open source version a bunch of command let's allow you to install chropolicy packages. But in the version there are
advanced powerchel commandlets. We're doing things like installing and managing Windows services. So if you wanted to create packages that install the Window service, the Chocolate package commandlets can help with that. There's package reducer. It's kind of a big one, Windows out of the boxes, reasonably bloated. Going back to your d bloat wind bloat you spoke about earlier, So you end up with you download an MSI, you and run the MSI. It puts a bunch of
files over here, and then it drops other stuff over here. The end result is you've maybe got that same MSI and the same excs living all over the place. So package reducer attempts to reduce the number of files that are extracted and the number of files that are dropping your file system. So again
it just automatically does that for you. Package through all. That was an interesting feature that some folks wanted in the professional version, but they're maybe working on a limited bandwidth in Valiant, so they don't want Chocolate to take all the bandwidth when it's downloading packages, so you can actually throttle it at a certain level for the bandwidth that being used by Chocolate. A runtime malware protection
out of the box with Chocolate open source. When someone pushes a package the Chocolate Community pository, we will scan that contents of that package through virus Total. But if you wanted to have a run time installation, at the installation time protection against what's being installed, you can configure your own generic virus scanner and have that do a scan on the package before it gets installed on your machine. The cdn cash that's a big one. As I mentioned before when
I spoke a package internalizer. One of the one of the reason you want to package internalizers. It sometimes that you are l that you downloaded that MSI from goes away, it changed, it gets redirected, so it doesn't work anymore. So the cdn cash is our way of saying, we'll keep a
copy of that MSI or that EXC. So with the license version, the pro version, you'll always have access to that EXC or that MSI rather than it going away and being four to forward there's other things, different pricing for students, etcetera. So there's quite a few features in there. Features. We're always looking to what we can bring in. So we're starting to see
some of the features that we've got in the business version. We are looking to see them kind of trickling down into the pro version as well, because we've we've we've had them, we've established them, and now we've got bigger and better features and some of the other business offerings. So we are starting to think about what features can we bring down into the pro version as well. So it is something we are looking at. Absolutely how many machines can
I manage with the pro version? It's eight up to eight cool. The important thing there is it's kind of hard to say this, but we don't monitor that because we can't wantitor that chocolate he doesn't phone home. We've got no way of saying that you've only got it on eight machines rather than eighty,
So there's nothing to stop you installing on more than eight. We wouldn't want you to do that, we wouldn't encourage that, but yeah, the license for up to eight machines within your own This feels like a family service I've got exactly. Because if you've got eight workstations for yourself, you've got your you've got you. But if you have a family where everybody's got a computer, you know, at least a laptop each, like as the family
administrator, this is a nice service for you. Yeah. I mean, it's one of those things that once you have it, and once you have it up and running, it can be as simple as choco up grade all on a whole machine. So you're dropping in past it goes, you're dropping a past your mum's house, you're dropping a past your auntie's house. Chocolate up grade all while you're there, and it's it's, it's done. So
that's fine. Yeah, it can be. It's quite appealing when you once you've got to sell, once you've done that initial upfront work of knowing what packages you want, et cetera, you're in a position to keep them up to date. Yeah. Yeah, yeah, and and that's where stuff like throttle and stuff forth. It helped because you know, yes, I've got a family member with limited bandwidth, so let's take it easy on them, that kind of thing. But yeah, definitely, it's it sounds pro ish.
I am a family, I T administrator kind of exactly. I mean we've all well we've all we all get those questions at Christmas time and can you just fix this for me? Well here, oh, I'm so glad you're here. You get to eat by meat loop, But first, can you fix my printer? Exactly, that's it. I used to have that
T shirt. No, I will not fix your printer. Yeah. But also, I mean the math makes sense, but ninety six dollars a year because it's sixteen fifty per machine when you go business and eight machines would be like one hundred and thirty dollars, So like it's it's a reasonable deal. Although let's face it, like sixteen bucks per machine for see four beasts not that expensive. That's fine. Yeah, for a way to keep your machines up to date orderly and have a painted glass that sees what's going on with
them. Like this is a good product. And one of the things that comes with it once you have enough seats as well, it's the support aspect as well, you can force a support team. We've got a very quick turnaround in terms of getting back to folks, and as I said, we've got that kind of white glove approach in terms of bringing them up to speed and knowing what they want to do with it and making sure that chocolate is they need in their environment. So yeah, definitely courage people to reach out
if they're interested in sure. I mean, we're everywhere, We're on the discords, we're on the I was going to say Twitter, but it's not Twitter anymore. If you have you got any questions, feel free to reach out. But absolutely, it's it's amazing how broken all that has gotten. It doesn't even bear thinking about it, really doesn't. It's agonizing. Really makes me sad. All right, Kerry, what's next for you? For
me? More chocolate stuff at the minute. But I am an avid contributor to open source projects, so I've got it to do list that is growing and growing and growing. I just think you find time to get around to it. But I am heading over to Sweat Tug conference over and screening in October, so looking forward to speaking at that one. But yeah, other than that, just spending time with the kids in the family and finally just loving life. So yeah, sounds good. Well, keep on doing that
chocolately thing. It's great much all right, and we'll talk to you next time on dot net rocks. Dot net Rocks is brought to you by Franklin's Net and produced by Pop Studios, a full service audio, video and post production facility located physically in New London, Connecticut, and of course in the cloud online at pwop dot com. Visit our website at dt n et r o c ks dot com for RSS feeds, downloads, mobile apps, comments, and access to the full archives going back to show number one, recorded
in September two thousand and two. And make sure you check out our sponsors. They keep us in business. Now go write some code. See you next time. Got a middle band body s Summer time bart. My bed is hard than my pass present b