Search
- Open source project curl is sick of users submitting “AI slop” vulnerabilities https://arstechni.ca... #vulnerabilities #bugreports #hackerone #security #Tech #curl #AI
- Several people who reply on that LinkedIn post of mine help showing the reality distortion field - by proposing #curl "should just hire a security professional" instead of relying on a bug-bounty program. Kind of amusing.
- This is why AI is not taking our jobs, at least not yet. AI hallucinated a vulnerability in curl for a function that doesn't exist. #ai #curl #softwaredevelopment www.youtube.com/watch?v=xy-u...
- The Register gets the amount completely wrong, as we have paid over 86,000 USD in bug-bounties since 2019. It's just not that visible on #curl's hackerone page since the payouts are manged by the Internet Bug Bounty since several years.
- Over the last eleven years, 1,123 new authors have had their commits merged into the #curl git repository. The total number of authors thus grew 549% over this period.
- 特に外国籍の方とスターアップやベンチャー系を中心に「とりあえず言ってみるやってみる」をちょいちょい拝見拝聴する、んだけど。 それを「やられたり検証したりする側のコストの高さと非対称性」、改めて浮き彫りになったんじゃないかなぁ? #curl
- もうたくさんだ。もう我慢の限界だ。この狂気を断固として阻止する。1. #Hackerone で #curl のセキュリティレポートを提出するすべての報告者は、この質問に答えなければならない。「問題の発見や提出物の生成にAIを使用しましたか?」(AIを選択した場合、実際の情報に基づいた追加質問が次々と投げかけられることになるだろう)2. AIのせいだと判断したレポートを提出した報告者を、直ちにBANする。閾値に達した。事実上、私たちはDDoS攻撃を受けている。もし可能なら、この時間の無駄遣いに対して料金を請求したい。AIの助けを借りて作成された有効なセキュリティレポートは、未だに1件も見ていない
- 14 presentations from #curl up 2025 in a playlist: youtube.com/playlist?list=PLpXA… (two talks are missing because we botched the recordings)
- I'm mostly a bit miffed that #curl hasn't measurably been on the moon yet 😂
- A 1337 #curl author daniel.haxx.se/blog/2025/01...
- CVSS is dead to us daniel.haxx.se/blog/2025/01... #curl
- I've decided to do a little live-streamed #curl presentation on twitch next week: "curl from start to end". For free of course, no signup. Just show up. daniel.haxx.se/blog/2025/01...
- Documenting #curl infrastructure. What more should I include, cover and discuss in here? github.com/curl/curl/pu...
- hey, I run a little hobby project called #curl
- A twenty-five years old #curl bug
- Welcome to #curl 8.11.1 daniel.haxx.se/blog/2024/12...
- hyper in curl needs a champion. A backing vendor or distro that wants it.❤️ Why? Report after report: Memory un-safety. Is. BAD. A #rustlang HTTP backend in #curl has potential to make the internet safer. 🦀 But it needs a champion to back it, or it will go away. 🚀 seanmonstar.com/blog/hyper-i...
- Do you think we should create --show-headers the new name (alias) for #curl's --include option, to make it easier to remember and know what it does? github.com/curl/curl/pull/13987
- #curl asks: "hyper, is it worth it?" A fair question. It costs both projects to maintain the support. Generally, none of my "users" ask for it, and my lack of experience in C and a foreign code base means I can't push on it. #rustlang mastodon.social/@bagder/1122...
