@bagder@mastodon.social
@bagder@mastodon.social avatar

bagder

@bagder@mastodon.social

Internet protocols geek at wolfSSL. I lead the curl project. I don't know anything.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bagder, to random
@bagder@mastodon.social avatar

Someone mentioned another OS. #curl has run on these 93 operating systems. Do you know of one not yet mentioned?

bagder, to firefox
@bagder@mastodon.social avatar

"Did any user in the world want a user tracking and ad platform baked directly into their browser? Probably not, but this is Google, and they control Chrome, and this probably still won't make people switch to Firefox."

https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/

I stick to

bagder, to random
@bagder@mastodon.social avatar

Making it harder to do wrong

#curl is written in C. We try to write better C to reduce the risk of future vulnerabilities.

https://daniel.haxx.se/blog/2023/12/13/making-it-harder-to-do-wrong/

bagder, to random
@bagder@mastodon.social avatar

Today we got what must be the most alarming first line in a newly file sec issue to #curl:

"To replicate the issue, I have searched in the Bard about this vulnerability"

... followed by a complete AI hallucination where Bard has dreamed up a new issue by combining snippets from several past flaws. Creative, but hardly productive.

Closed as bogus.

bagder, to random
@bagder@mastodon.social avatar

Next week on Aug 31 I will do my super long #curl class: "Mastering the curl command line" live on Twitch, also recorded for later watching.

Expect 2.5 hours or so of non-stop #curl command line talk. By me.

https://daniel.haxx.se/blog/2023/08/08/mastering-the-curl-command-line/

bagder, to random
@bagder@mastodon.social avatar

Another bogus #curl #CVE is now in the wild: https://www.cve.org/CVERecord?id=CVE-2023-52071

bagder, to random
@bagder@mastodon.social avatar

"CVE-2020-19909 is everything that is wrong with CVEs"

A claimed "9.8 CRITICAL" flaw in that does not exist.

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

bagder, (edited ) to cisco
@bagder@mastodon.social avatar

I was reminded of the great security fix of 2019

bagder, to random
@bagder@mastodon.social avatar

We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:

https://hackerone.com/reports/2199174

bagder, to random
@bagder@mastodon.social avatar

has now paid 71,400 USD in bug-bounties.

For security.

bagder, to random
@bagder@mastodon.social avatar

Do NOT. I repeat. Do NOT remove curl.exe from your Windows System32 folder to silence a (stupid) security scanner. It will lead to tears and sorrows.

And if you do, please don't ask me for help when you've broken your Windows install. I can't fix that.

bagder, to random
@bagder@mastodon.social avatar

I maintain a comparison table. vs other "download tools". Tell me what's missing/wrong in it: https://curl.se/docs/comparison-table.html

(the screenshot here is a partial)

bagder, to random
@bagder@mastodon.social avatar

I never used any of the modern AI tools for writing code, copilot etc. I'm old. Traditional. Using emacs. And I write my code manually - like a cave man.

bagder, to random
@bagder@mastodon.social avatar

Upon learning that #curl has no bug bounty for website issues, the person refuses to tell us what the problem is because "I think there is no benefit for me"

Yeps, these people exist.

bagder, to random
@bagder@mastodon.social avatar

Attempt 1. What happens when you invoke #curl. In a single picture.

bagder, to random
@bagder@mastodon.social avatar

The updated 100 operating systems #curl has run on. (Dropped two, added two)

bagder, to random
@bagder@mastodon.social avatar

"The issue was detected by our new AI-powered vulnerability scanner" ...

AAAAAAA

https://github.com/curl/curl/issues/12983

bagder, to random
@bagder@mastodon.social avatar

Please don't make this a new trend. 😕

(issue closed by bot because the user filing the issue has not starred the repository...)

bagder, to random
@bagder@mastodon.social avatar

Tell me my mistakes and omissions in my vs venn diagram

bagder, to random
@bagder@mastodon.social avatar

ln -s [one] [two]

the arguments are done in the same order as if you would have done it with cp.

Yes, it really is that easy. You can stop worrying about it now.

bagder, to random
@bagder@mastodon.social avatar

How I made a heap overflow in #curl

Let me talk CVE-2023-38545 a bit

https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

bagder, (edited ) to random
@bagder@mastodon.social avatar

Number of planets known to have run #curl: 2

bagder, to random
@bagder@mastodon.social avatar

This is the Siemens EQ900.

This baby runs .

bagder, (edited ) to random
@bagder@mastodon.social avatar

A user is rude and DEMAND a change to your project, but after lots of back-and-forth a slightly different improvement is landed. Should the person get credit for their "report"?

bagder, to random
@bagder@mastodon.social avatar

if you feel that my critique of the Gemini protocol spec is totally out of line, then maybe address those details in your response. You don't have to tell me that I'm a horrible person.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • modclub
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • GTA5RPClips
  • tacticalgear
  • normalnudes
  • tester
  • osvaldo12
  • everett
  • cubers
  • ethstaker
  • anitta
  • provamag3
  • Leos
  • cisconetworking
  • lostlight
  • All magazines
    •