
Telerik gets Fiddler unlisted from Chocolatey - Arnavion
https://chocolatey.org/packages/fiddler4
======
nlawalker
Honest question - why are people so enthusiastic about Chocolatey? Most
packages, including the Fiddler package, just run a small Powershell script
that downloads an installer from a known location (in this case
[https://www.telerik.com/docs/default-
source/fiddler/fiddlers...](https://www.telerik.com/docs/default-
source/fiddler/fiddlersetup.exe)), verifies the checksum and runs it silently.
As far as I know, it's all just wrappers on top of stuff that's always existed
in Windows Installer. Is it simply the convenience of the chocolatey.org
catalog and the ability to avoid visiting a bunch of websites looking for
installers? I thought ninite.com had that cornered for most uses.

~~~
colemannugent
People are excited to be rescued from the hell of searching the Internet for a
program you want. One of the things that regularly blows the minds of people
new to the Linux world is the ability to install anything you can remember the
name of.

While Chocolatey isn't quite there yet (it may never given the difficulty of
working around Windows), but it is way better than installing 50 programs
manually.

Ninite is great for a small selection of apps, but it is not a package manager
by any means. For quick setup, yeah it works, but you wouldn't rebuild the
installer to install one program, you may as well download the program in the
first place.

~~~
nlawalker
>> Ninite is great for a small selection of apps, but it is not a package
manager by any means.

I guess this is the root of my question, how does Chocolatey "manage packages"
above and beyond what Windows already does with Add/Remove Programs?

~~~
DavidWoof
Chocolatey is scriptable, it handles the downloads, checks the checksums, it's
easily searchable, etc.

For various reasons I don't use it much anymore, but it's really convenient to
go to a new machine after a rebuild and just run a standard script of

choco install -y vim; choco install -y python # ...another 20 lines

and I'm up and running with all my standard apps. Having to download all those
apps, verify the checksums and go through the install wizard can easily take a
couple of hours. It's especially useful if you're spinning up a lot of vms.

------
sheetjs
The related github issue [https://github.com/chocolatey/chocolatey-
coreteampackages/is...](https://github.com/chocolatey/chocolatey-
coreteampackages/issues/923) has more context:

> Telerik reached out and is asking that the Fiddler package be removed as it
> is giving direct access to a download location they no longer show on the
> site. _Since they have an information gateway to receive information prior
> to download_ , they have asked that we remove the package so that folks
> obtain the downloads directly from them.

~~~
anaisbetts
Yep, basically they don't want to allow people to download the app without
signing up for their spam

~~~
CanSpice
Turns out you don't need to enter a legit email address. Just use
joe@example.com and you're through.

------
borland
Good on them. Software vendors should be able to excercise some control over
how their software is distributed.

Also, I find any system where someone else tries to "add value" by wrapping or
aggregating a bunch of pre-existing stuff __without asking for permission from
the pre-existing owners __to be distasteful and somewhat rude.

What's the bet that Chocolately obtained prior permission from Telerik,
Mozilla, Google or any other of the software vendors to redistribute their
packages? It seems unlikely

~~~
krisdol
If software vendors are making publically available a url from which to
download packages, then as far as I'm concerned they can pound sand. What does
it matter if I fetch its contents via a shell script or a browser?

Providing a script to download binaries from the site is a completely
different thing from re-hosting and redistributing binaries without
permission. I don't use chocolatey and have no idea what the background is to
this story, so don't take this as a defense of their actions.

~~~
jlarocco
> If software vendors are making publically available a url from which to
> download packages, then as far as I'm concerned they can pound sand. What
> does it matter if I fetch its contents via a shell script or a browser?

Is there any point arguing that? If Chocolatey refused, then Telerik would
remove the public download. If Telerik insists on asking for email addresses
or showing a TOS before allowing a download, then that's what they're going to
do.

You're technically correct, but it's not a technical issue.

------
_jezell_
Wireshark is still listed, it's a lot more powerful and open source:
[https://chocolatey.org/packages/wireshark](https://chocolatey.org/packages/wireshark)

~~~
dsp1234
Does wireshark allow for editing http requests and resending them?

~~~
ZenoArrow
Not as far as I know. You can use tcpreplay for this, but it's not equivalent
to Fiddler:

[http://tcpreplay.appneta.com/wiki/overview.html](http://tcpreplay.appneta.com/wiki/overview.html)

Whilst it doesn't do everything that Fiddler does, and isn't open-source, I'd
say Postman is worth a look for playing around with HTTP requests. The user
interface is a lot more user friendly (in my opinion):

[https://www.getpostman.com/](https://www.getpostman.com/)

~~~
dsp1234
Postman doesn't quite fill the niche, because it can't see all http/https
traffic (ex: from other non-browser applications). Also, postman can't see
anything that happens to the request after it's submitted (ex: by an anti-
virus network filter).

Which is not to say that Postman is not good at what it does do.

------
slipstream-
"Please keep comments respectful as they own the IP and do not have a public
download url."

so, they want to waste their money sending spam to all the fake emails
everyone enters in their website when they reinstall windows

i think they could have thought that through a little better

~~~
dsp1234
_do not have a public download url_

The URL in question[0] provides a 200 response and an executable without
requiring authorization/authentication. That's a particularly weird definition
of "not public"

[0] - [https://github.com/chocolatey/chocolatey-
coreteampackages/co...](https://github.com/chocolatey/chocolatey-
coreteampackages/commit/ce6cb44e24f69d511f9bba3f02460548bde807a2)

[https://www.telerik.com/docs/default-
source/fiddler/fiddlers...](https://www.telerik.com/docs/default-
source/fiddler/fiddlersetup.exe)

~~~
slipstream-
I was quoting from the pinned comment on the page, by the way.

And, that is indeed a particularly weird definition of "not public", but from
my experience, par for the course when there's only a squeeze page in the way
of a download.

~~~
dsp1234
I was definitely commenting the issue (and likely Telerik's) definition of
"not public".

The two stated reasons (again, likely just citing Telerik's request), are
"they own the ip" and "it's not public" are just bogus. Linking to a publicly
accessible resource doesn't have anything to do with IP (using someone's
trademark to accurately describe the thing or direct people to it is not a
crime, at least in the US), and "it's not public" is just false, as shown.

All in all, seems like a cave on Chocolatey's part. Particularly since they
have a whole section of their FAQ dedicated to vendor distribution rights[0],
which goes through pains to show that most of the time, there is no
distribution at all (since it's just automation scripts).

This is about as silly as Telerik saying that I can't write:

"curl [https://www.telerik.com/docs/default-
source/fiddler/fiddlers...](https://www.telerik.com/docs/default-
source/fiddler/fiddlersetup.exe")

[0] - [https://chocolatey.org/docs/package-triage-process#are-
you-a...](https://chocolatey.org/docs/package-triage-process#are-you-a-
software-vendor)

------
synicalx
The last 10 years have been great for creating headlines that just sound
REALLY funny to anyone outside our industry. I just showed this to my partner
and she thought this might have been related to the Teletubbies.

Actually sometimes, reading news headlines like this sometimes makes me feel
like I'm watching an advertisement for a Plumbus from Rick and Morty.

~~~
m_fayer
I automatically read that headline as intended, didn't even smirk. I don't
want to forget the absurdity of our world and its little dramas, so thanks for
the reminder!

------
virgil_disgr4ce
Was this headline generated by a silicon valley startup name generator or
something?

~~~
jey
Apparently "Chocolatey" translates roughly as "package manager for Windows",
which also explains why the headline made no sense to me.

~~~
pwinnski
I recognized none of the three names in the title, and following the link
didn't help much either. I came back once I saw there were more comments, and
now it seems to make a little more sense.

Chocolatey is like homebrew for Windows, and Telerik is a company that makes
Fiddler, which may be something like Charles for MacOS.

Took a bit to figure all that out, though. The title reads like dadaist
poetry.

