Email or username:

Password:

Forgot your password?
62 posts total
Show previous comments
AinarG

@bagder, a clear and informative write-up, as always! One nitpick:

> There simply were no users asking for it and there were barely no developers interested or knowledgeable enough to work on it.

That “barely no” part should probably be “barely any” or, perhaps, “no”?

daniel:// stenberg://

I have actually had #GitHub #Copilot enabled for me for free for several years and I can tell you the exact number of times I have used it: zero (0)

Melissa :verified_trans:​

@bagder I've been told by some people to give it another try. But I feel like I'd just end up spending more time reviewing and/or rewriting generated code..

The other day I watched a friend generate some code with it, then they proceeded to remove 4 out of the 5 lines it generated, and finally replace the last remaining line entirely :neocat_laugh_sweat:

daniel:// stenberg://

Out of the 561,454 projects OpenSSF has listed in their criticality_score project, for which they generate a "criticality score" for each single one, a certain hobby project is currently clocking in as number 100. (yeah, I mean #curl)

github.com/ossf/criticality_sc

daniel:// stenberg://

another hobby project by some Finish guy is ranked number one

daniel:// stenberg://

Hey,

#curl -v google.com as a metal song is a must see and hear experience. A masterpiece. I just love it.

youtube.com/watch?v=atcqMWqB3h

Show previous comments
Greener77176 ✅ ⏚ ᓚᘏᗢ ☢️

@bagder i wonder hope that curl can really get a metal music by this command line but it couldn't !

Deception, but i really appreciate this part of great smile in my morning ...

I enjoy it and it give britght my day.

Sandro Gauci

@bagder \m/ not only is this fun music, but greatly adds to my curl appreciation levels

Show previous comments
naught101

@bagder your best year is (number of year's lines of code remaining X years later)/(number of lines written in that year)

iliazeus

@bagder I think this one turned out to be the most informative one, or at least it piques my curiosity the most.

I think I'll try following along this graph with curl's version history at hand. For example, I now wonder what kind of refactoring happened around late 2011 - the older code amount drops rather sharply there :)

daniel:// stenberg://

Sorry for leaking content from there, but hey. 😀 #curl

Working on putting @ladybirdbrowser networking on top of curl (cc @bagder) 🐞🥌

Massive speed-up compared to our old HTTPS stack (that we built from scratch for SerenityOS).

Uncached load of my For You page goes from 38 sec to 8 sec!
Show previous comments
Gregory

@bagder oh I wanted follow Andreas on Mastodon but it turns out he doesn't have an account here 😢

Billy O'Neal

@bagder you did the filtering of the cesspit for us, this is fine

daniel:// stenberg://

Beware, there is an ongoing spambot attack in #GitHub issues in several projects were random people suggest "the fix" is to download a random file from mediafire.com. Like this:

screenshot from a curl issue where users suggest suspicious downloads to "fix the issue"
Show previous comments
Björn Fahller

@bagder ah, I got one of those. It seemed to be of low enough priority to safely ignore for the moment, but I now know to ignore it forever. Thanks.

Paul Barker

@bagder I saw one of those yesterday within a minute of someone opening an issue on one of my repos.

Bruno Philipe

@bagder mediafire dot com? that's a name I haven't heard in a long long time

Show previous comments
Kornel

@bagder PHK said if he was the NSA and wanted to undermine encryption on the Internet, an easy way would be to contribute patches with misleading docs, obfuscated code, and deceptive/insecure defaults to create the OpenSSL's API.

youtu.be/fwcl17Q0bpk?t=1690

rsalz

I could not resist either :)

daniel:// stenberg://

Thank you Crowdstrike for helping to illustrate that Open Source is not the problem.

Show previous comments
Jim Fuller

@bagder very challenging situation ... distributed system design is hard.

DELETED

@bagder And your evil tool curl that downloads malware 😂 ...(if someone is stupid enough to CURL whatever URL)

daniel:// stenberg://

Ads on the web don't actually *need* user tracking. Browsers don't *have to* cooperate with those who want to surveil us.

Show previous comments
scrottie (he/him/they)

@bagder always thought that when apps demanded access to the microphone to work, or demanded location, there should be a "yes but send fake data" option. The OS/browser/whatever should be on my side there. If the webpage coordinates so heavily with third party ad networks that the page won't load without ad metrics, then be on my fucking side here and send fake data. Spam the spammers. Is that so wrong?

:blahaj: Why Not Zoidberg? 🦑

@bagder Said it before; a lot of the time pages I like ask me to disable my adblocker.

I do so, but then the page still don't recognize that the adblocker is off as long as you still block trackers.

So then I enable my adblocker again, because fuck them.

Andrij Glyko :ua_tryzub:
@bagder well, no, but the marketologists made people believe that :cirno_what:
daniel:// stenberg://

Some of the emails I get are truly sad reflections of the complicated and rather sorry state of things we are in. Like this.

(also, apparently #curl is used in another popular game)

"Rainbow 6 Siege Activation issue"

bagder.github.io/emails/2024/2

Show previous comments
p

steam normally stores the serial/cd key in the settings for that particular game
@bagder

primalmotion

@bagder also, my printer is not working. please fix asap

dbread

@bagder "the state of things we are in"

Is this overcomplicated things? Or even complex things? Or just shite with some platform for games?

daniel:// stenberg://

Daniel's weekly report April 26, 2024

lists.haxx.se/pipermail/daniel

CI breakage, curl up, docker, hobby, codesonar, feature freeze

a pillow with a cross-stitched pattern saying curl is just the hobby of some guy...
daniel:// stenberg://

Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.

Submit your suspected curl securirty issue here: hackerone.com/curl

daniel:// stenberg://

bonus graph: fixed/introduced vulnerabilities in #curl over time:

Show previous comments
Lori Olson

@bagder

First up, thanks for your hard work on curl.

Second, I’m going lean into PUT being at least as appropriate as POST on that ad.

😉

Mark Pauley

@bagder PUT is WevDAV specific no? Generally we use POST for this sort of thing.

daniel:// stenberg://

Apparently San Francisco gets to enjoy #curl command lines in ads...

Show previous comments
Import Antifascist

@bagder Despite working in IT and cybersecurity for nearly 40 years is there still hope left for me that my first thought was "That's an odd way to apply for a Masters in Fine Art" a couple milliseconds BEFORE I thought "Multifactor Authentication"?

josh

@bagder@mastodon.social @traecer@techhub.social Nobody in San Francisco enjoys anything. They’re not happy unless they have something to complain about.

David Zaslavsky

@bagder I am no stranger to weird techy ads in Silicon Valley but that's a new one lol

daniel:// stenberg://

and in case you missed it: with the new addition of --ech, #curl now supports 259 command line options

Paul_IPv6

@bagder

uh, congrats? :)

this does bring to mind the internal Sun april fools memo detailing the formation of a new Sun division to support options to "ls"...

Alexey Skobkin

@bagder
Finally!

Now I have my closure ❤️

daniel:// stenberg://

I was reminded of the great #Cisco security fix of 2019

#curl

a config file showing how it returns a 403 error if the user agent contains the word "curl"
Show previous comments
daniel:// stenberg://

I posted this image on LinkedIn as well, and the stats there tells me that Cisco is in fact now the third most common employing company among the viewers... (only beaten by AWS and Microsoft)

linkedin.com/posts/danielstenb

jn

@bagder takes a real hacker to bypass that one :p

Go Up