#curl finally updated to latest and greatest on #sailfishos in my repository https://build.sailfishos.org/package/binaries/home:nielnielsen/curl?repository=sailfish_latest_armv7hl
#curl finally updated to latest and greatest on #sailfishos in my repository https://build.sailfishos.org/package/binaries/home:nielnielsen/curl?repository=sailfish_latest_armv7hl
Welcome calm329 as #curl commit author 1431: https://github.com/curl/curl/pull/20322
»curl — Projekt beendet Bug-Bounty-Programm:
curl-Maintainer @bagder hat das Ende des Bug-Bounty-Programms angekündigt. Unbrauchbare KI-Meldungen nahmen wohl überhand.«
Ach was die KI ist künstlich aber nicht intelligent oder was nun?!?? Ich bin sogar der Meinung, dass dies was die KI angeht noch das rel. kleinste "Problem" ist. Schade dass deswegen das curl Bug-Bounty aufgelöst wird.
#curl #ki #bugbounty #unbrauchbar #ai #uberhang #ausserkontrolle #it #ittools
"This is a vulnerability"
"No, it isn't"
"Yes, it is"
"Prove it!"
"Ok, it may not be now...
...but it is a trap for future developers!"
Security reporting for the utterly deranged.
#curl
»curl — Projekt beendet Bug-Bounty-Programm:
curl-Maintainer @bagder hat das Ende des Bug-Bounty-Programms angekündigt. Unbrauchbare KI-Meldungen nahmen wohl überhand.«
Ach was die KI ist künstlich aber nicht intelligent oder was nun?!?? Ich bin sogar der Meinung, dass dies was die KI angeht noch das rel. kleinste "Problem" ist. Schade dass deswegen das curl Bug-Bounty aufgelöst wird.
#curl #ki #bugbounty #unbrauchbar #ai #uberhang #ausserkontrolle #it #ittools
Meanwhile, we have now added 4 lines of code for every line of code still remaining in #curl
This means that on average, every single line of production code has been touched four times. Written once, then updated three more times. And yeah, some lines of course many more times than average, and some less so.
added a median plot to the average #curl source code complexity graph
I understand #curl project decision to stop the #bugbounty and leave #hackerone. The torrent of #AIslop has become unbearable.
https://github.com/curl/curl/pull/20312
I will continue to report vulnerabilities to the project whether it has a bug bounty or not.
It's about sustainability too. #curl is a small project. We cannot spend multiple hours every day arguing with people who want money for having found what is perhaps a bug - but often is not even that.
It drains us. It drowns us.
Onward and upward!
We are at *twenty* hackerone submissions so for #curl far this year. Zero of them a confirmed vulnerability.
@bagder Shld I submit a #hackerone submission for #curl, identifying hackerone as a DoS attack vector for the project, recommending depreciation?
We are at *twenty* hackerone submissions so for #curl far this year. Zero of them a confirmed vulnerability.
I understand #curl project decision to stop the #bugbounty and leave #hackerone. The torrent of #AIslop has become unbearable.
https://github.com/curl/curl/pull/20312
I will continue to report vulnerabilities to the project whether it has a bug bounty or not.
It is our moral imperative to consider the "real world" and actual users when assessing the possible security impact of a reported #curl issue. If we deem that there is likely to be zero affected users, then we do more damage than good by insisting on doing the secure dance for the issue.
Then we end up with a severity level that is below LOW, and then we treat it as a bug instead. For the good of mankind.
Ayder – HTTP-native durable event log written in C (curl as client)
https://github.com/A1darbek/ayder
#HackerNews #Ayder #HTTP-native #durable #event #log #C #curl #client #technology #open-source
To be frank: the report quality on Hackerone is so low by now that the #curl team decided to make CVEs based only on the coolness of the reporter‘s username.
💁🏻♂️😌
