Wandering Adventure Party

Four years since Apple figured we give free support to their users. https://daniel.haxx.se/blog/2021/11/18/free-apple-support/

"Sorry, I can't. Under the current administration I don't feel safe and comfortable with traveling to the US so I need to pass. Thanks for asking."

#curl and its website feature no trackers, no cookies, no ads, no website analytics, no telemetry, no logs. We truly don't know you and what you do with curl - unless you tell us in our annual survey.

CycloneDX cancels their bug-bounty program blaming AI slop:

"This caused a lot of extra work which is why we decided to abandon the program. Thanks AI."

Remove Bug Bounty program by lfrancke · Pull Request #786 · CycloneDX/cyclonedx-rust-cargo

We received almost entirely AI slop reports that are irrelevant to our tool. It's a library and most reporters didn't even bother to read the rules or even look at what the intended purpose of the ...

GitHub (github.com)

"thank you for your existence" - I do get lovely emails as well in my #inbox

Daniel Stenberg -- Email

The Daniel email collection

daniel.haxx.se (daniel.haxx.se)

the latest incarnation of this is someone saying that curl can be used to download a ".curlrc" into your $HOME and then curl might do bad things in subsequent invokes.

The first step is "just" to trick a user to run a curl command line doing the bad.

... if you can trick a user into running an arbitrary command, you can of course do so much more harm than just this.

If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.

Just saying. In case you're thinking of submitting such a report about a command line tool in your toolbox.

But surely no sane person would. Right? Right?