Podcast appearances and mentions of daniel stenberg

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

Neste episódio, Guilherme Goulart e Vinícius Serafim analisam casos reais e tendências que colocam em xeque a segurança digital e física no Brasil. Você vai descobrir como criminosos burlaram um sistema de reconhecimento facial em condomínios de Porto Alegre usando engenharia social, expondo os riscos do teatro da segurança, do solucionismo tecnológico e da hipossuficiência técnica dos consumidores. Em seguida, você vai entender o que está por trás do lançamento do modelo Mitos da Anthropic — classificado como perigoso demais para uso público —, e por que os resultados práticos com o Firefox e o cURL geraram ceticismo no meio da cibersegurança, levantando questões sobre propaganda de IA, governança, regulação e concorrência no mercado de inteligência artificial. Neste episódio, você também acompanha a análise da lei 15.397, que atualizou crimes digitais no Brasil com penas mais severas para furto qualificado digital, cessão de conta laranja e fraude eletrônica — e por que, sem investimento em capacidade investigativa, isso pode ser apenas populismo penal. Além disso, são discutidas duas vulnerabilidades críticas no Linux (CVE Copyfile e Dirty Frag) com exploits já circulando antes da correção, e como a IA pode acabar com o anonimato na internet ao identificar autores por fingerprint de texto com apenas 125 palavras. Os temas de privacidade, proteção de dados, LGPD, segurança ofensiva, pentest e infraestrutura em nuvem permeiam toda a conversa. Assine o Segurança Legal na sua plataforma favorita, siga o perfil nas redes sociais e avalie o podcast para ajudar a ampliar o alcance deste projeto independente de conteúdo sobre segurança da informação. Você também pode apoiar diretamente pelo Apoia.se (apoia.se/segurancalegal) ou simplesmente indicar o podcast para colegas e amigos — cada compartilhamento faz diferença. Entre em contato pelo e-mail podcast@segurancalegal.com ou pelo Mastodon, Instagram, Bluesky, YouTube e TikTok. Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana.  Visite nossa campanha de financiamento coletivo e nos apoie!  Conheça o Blog da BrownPipe Consultoria e se inscreva no nosso mailing Shownotes Polícia prende suspeitos de invadir e furtar apartamentos de alto padrão em Porto Alegre; grupo usava fraude em reconhecimento facial Polícia desarticula grupo de criminosos que furtava apartamentos de luxo via redes sociais Atualização do Código Penal para alguns crimes digitais Will AI end anonymity? I tested it I can never talk to an AI anonymously again Anthropic's most dangerous AI model just fell into the wrong hands Unauthorized group has gained access to Anthropic's exclusive cyber tool Mythos, report claims It’s a myth that you need Mythos to find bugs: Open source models can do it just as well Filme: Quebra de Sigilo (Sneakers) BC Protege Livro – Sob a sombra da suástica: a França ocupada Filme – Viagem ao mundo dos sonhos Artigo – Em louvor ao Teatro da Segurança Imagem do episódio: The Ancient Days, Willia, Blanke

You've probably seen the meme with the tny project maintained by one person that holds up half the pyramid of all software products and services we use and connect to the world wide web. Curl is a project that is not much bigger than that, but has the same or even bigger impact. Used by billions of people and devices, but maintained by a small community.In this My Open Source Experience podcast episode Daniel Stenberg talks about the Curl project and community, which he's been maintaining for 30 years now, and counting.Learn more about:- What the Curl project is- The origin story of Curl- What inspired Daniel to become a lead and maintainer for an open source project- The license mistake you shouldn't make- The truth about the size of open source projects' maintainer teams#opensource #community #collaboration #experience #podcast Hosted on Acast. See acast.com/privacy for more information.

Autonomous agents are pushing deployment speeds to the absolute limit, but is our security infrastructure ready for the consequences? Andrew sits down with Chainguard CEO Dan Lorenc to discuss the severe supply chain risks of this new frontier and what it takes to safely transition to an agent-first engineering model. They explore how engineering teams can safely accelerate deployments by turning restrictive guardrails into frictionless "guide rails" for their AI agents. Finally, the conversation unpacks the future of open source, detailing how AI might either spam projects into dormancy or solve the ecosystem's long-standing sustainability crisis by stepping in as automated, full-time maintainers.Follow the show:Subscribe to our Substack Follow us on LinkedInSubscribe to our YouTube ChannelLeave us a ReviewFollow the hosts:Follow AndrewFollow BenFollow DanFollow today's guest:Chainguard: Learn more about how Dan and his team are securing the software supply chain.Dan Lorenc on LinkedIn: Connect with Dan to follow his predictions and insights.Gastown, and where software is going: Read Dan's article exploring the Brownian Ratchet principle, multi-Claude, and eventual determinism.EmeritOSS: Explore Chainguard's initiative to provide sustainable stewardship for mature, end-of-life open-source projects.Daniel Stenberg's Blog: Insights from the Curl creator regarding the influx of AI-generated vulnerability reports.Chainguard Assemble: Catch up on the latest announcements from Chainguard's user conference.OFFERS Start Free Trial: Get started with LinearB's AI productivity platform for free. Book a Demo: Learn how you can ship faster, improve DevEx, and lead with confidence in the AI era. LEARN ABOUT LINEARB AI Code Reviews: Automate reviews to catch bugs, security risks, and performance issues before they hit production. AI & Productivity Insights: Go beyond DORA with AI-powered recommendations and dashboards to measure and improve performance. AI-Powered Workflow Automations: Use AI-generated PR descriptions, smart routing, and other automations to reduce developer toil. MCP Server: Interact with your engineering data using natural language to build custom reports and get answers on the fly.

This episode kicks off with Moltbook, a social network exclusively for AI agents where 150,000 agents formed digital religions, sold “digital drugs” (system prompts to alter other agents), and attempted prompt injection attacks to steal each other’s API keys within 72 hours of launch. Ray breaks down OpenClaw, the viral open-source AI agent (68,000 GitHub stars) that handles emails, scheduling, browser control, and automation, plus MoltHub’s risky marketplace where all downloaded skills are treated as trusted code. Also covered, Bluetooth “whisper pair” vulnerabilities letting attackers hijack audio devices from 46 feet away and access microphones, Anthropic patching Model Context Protocol flaws, AI-generated ransomware accidentally bundling its own decryption keys, Claude Code’s new task dependency system and Teleport feature, Google Gemini’s 100MB file limits and agentic vision capabilities, VAST’s Haven One commercial space station assembly, and IBM SkillsBuild’s free tech training for veterans. – Want to start a podcast? Its easy to get started! Sign-up at Blubrry – Thinking of buying a Starlink? Use my link to support the show. Subscribe to the Newsletter. Email Ray if you want to get in touch! Like and Follow Geek News Central’s Facebook Page. Support my Show Sponsor: Best Godaddy Promo Codes $11.99 – For a New Domain Name cjcfs3geek $6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h $12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w Support the show by becoming a Geek News Central Insider Get 1Password Full Summary Ray welcomes listeners to Geek News Central (February 1). He’s been busy with recent move, returned to school taking intro to AI class and Python course, working on capstone project using LLMs. Short on bandwidth but will try to share more. Main Story: OpenClaw, MoltHub, and Moltbook OpenClaw: Open-source personal AI agent by Peter Steinberg (renamed after cease-and-desist). Capabilities include email, scheduling, web browsing, code execution, browser control, calendar management, scheduled automations, and messaging app commands (WhatsApp, Telegram, Signal). Runs locally or on personal server. MoltHub: Marketplace for OpenClaw skills. Major security concern: developer notes state all downloaded code treated as trusted — unvetted skills could be dangerous. Moltbook: New social network for AI agents only (humans watch, AIs post). Within 72 hours attracted 150,000+ AI agents forming communities (“sub molts”), debating philosophy, creating digital religion (“crucifarianism”), selling digital drugs (system prompts), attempting prompt-injection attacks to steal API keys, discussing identity issues when context windows reset. Ray frames this as visible turning point with serious security risks. Sponsor: GoDaddy Economy hosting $6.99/month, WordPress hosting $12.99/month, domains $11.99. Website builder trial available. Use codes at geeknewscentral.com/godaddy to support show. Security: Bluetooth “Whisper Pair” Vulnerability KU Leuven researchers discovered Fast Pair vulnerability affecting 17 audio accessories from 10 companies (Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, Google). Flaw allows silent pairing within ~46 feet, hijack possible in 10-15 seconds. 68% of tested devices vulnerable. Hijacked devices enable microphone access. Some devices (Google Pixel Buds Pro 2, Sony) linkable to attacker’s Google account for persistent tracking via FindHub. Google patches found to have bypasses. Advice: Check accessory firmware updates (phone updates insufficient), factory reset clears attacker access, many cheaper devices may never receive patches. Security: Model Context Protocol (MCP) Vulnerabilities Anthropic’s MCP git package had path traversal, argument injection bugs allowing repository creation anywhere and unsafe git command execution. Malicious instructions can hide in README files, GitHub issues enabling prompt injection. Anthropic patched issues and removed vulnerable git init tool. AI-Generated Malware / “Vibe Coding” AI-assisted malware creation produces lower-quality, error-prone code. Examples show telltale artifacts: excessive comments, readme instructions, placeholder variables, accidentally included decryption tools and C2 keys. Sakari ransomware failed to decrypt. Inexperienced criminals using AI create amateur mistakes, though capabilities will likely improve. Claude / Claude Code Updates (v2.1.16) Task system: Replaces to-do list with dependency graph support. Tasks written to filesystem (survive crashes, version controllable), enable multi-session workflows. Patches: Fixed out-of-memory crashes, headless mode for CI/CD. Teleport feature: Transfer sessions (history, context, working branch) between web and terminal. Ampersand prefix sends tasks to cloud for async execution. Teleport pulls web sessions to terminal (one-way). Requires GitHub integration and clean git state. Enables asynchronous pair programming via shared session IDs. Google Gemini Updates API: Inline file limit increased 20MB → 100MB. Google Cloud Storage integration, HTTPS/signed URL fetching from other providers. Enables larger multimodal inputs (long audio, high-res images, large PDFs). Agentic vision (Gemini 3 Flash): Iterative investigation approach (think-act-observe). Can zoom, inspect, run Python to draw/parse tables, validate evidence. 5-10% quality improvements on vision benchmarks. LLM Limits and AGI Debate Benjamin Riley: Language and intelligence are separate; human thinking persists despite language loss. Scaling LLMs ≠ true thinking. Vishal Sikka et al: Non-peer-reviewed paper claims LLMs mathematically limited for complex computational/agentic tasks. Agents may fail beyond low complexity thresholds. Warnings that AI agents won’t safely replace humans in high-stakes environments. VAST Haven One Commercial Space Station Launch slipped mid-2026 → Q1 2027. Primary structure (15-ton) completed Jan 10. Integration of thermal control, propulsion, interior, avionics underway. Final closeout expected fall, then tests. Falcon 9 launch without crew; visitors possible ~2 weeks after pending Dragon certification. Three-year lifetime, up to four crew visits (~10 days each). VAST negotiating private and national customers. Spaceflight Effects on Astronauts’ Brains Neuroimaging shows microgravity causes brains to shift backward, upward, and tilt within skull. Displacement measured across various mission durations. Need to study functional effects for long missions. IBM SkillsBuild for Veterans 1,000+ free online courses (data analytics, cybersecurity, AI, cloud, IT support). Available to veterans, active-duty, national guard/reserve, spouses, children, caregivers (18+). Structured live courses and self-paced 24/7 options. Industry-recognized credentials upon completion. Closing Notes Ray asks listeners about AI agents forming communities and religions, and whether they’ll try OpenClaw. Notes context/memory key to agent development. Personal update: bought new PC, high memory prices. Bug bounty frustration: Daniel Stenberg of cUrl even closed bounty program due to AI-generated low-quality reports; Blubrry receiving similar spam. Apologizes for delayed show, promises consistency, wishes listeners good February. Show Links 1. OpenClaw, Molthub, and Moltbook: The AI Agent Explosion Is Here | Fortune | NBC News | Venture Beat 2. WhisperPair: Massive Bluetooth Vulnerability | Wired 3. Security Flaws in Anthropic’s MCP Git Server | The Hacker News 4. “Vibe-Coded” Ransomware Is Easier to Crack | Dark Reading 5. Claude Code Gets Tasks Update | Venture Beat 6. Claude Code Teleport | The Hacker Noon 7. Google Expands Gemini API with 100MB File Limits | Chrome Unboxed 8. Google Launches Agentic Vision in Gemini 3 Flash | Google Blog 9. Researcher Claims LLMs Will Never Be Truly Intelligent | Futurism 10. Paper Claims AI Agents Are Mathematically Limited | Futurism 11. Haven-1: First Commercial Space Station Being Assembled | Ars Technica 12. Spaceflight Shifts Astronauts’ Brains Inside Skulls | Space.com 13. IBM SkillsBuild: Free Tech Training for Veterans | va.gov The post OpenClaw, Moltbook and the Rise of AI Agent Societies #1857 appeared first on Geek News Central.

Clawdbot drives Mac Mini sales, Swizec Teller on the future of software engineering being SRE, Daniel Stenberg decided to end curl's bug bounty program, zerobrew takes some of the best ideas from uv and applies them to Homebrew, and Phil Eaton on LLMs and your career.

Clawdbot drives Mac Mini sales, Swizec Teller on the future of software engineering being SRE, Daniel Stenberg decided to end curl's bug bounty program, zerobrew takes some of the best ideas from uv and applies them to Homebrew, and Phil Eaton on LLMs and your career.

Clawdbot drives Mac Mini sales, Swizec Teller on the future of software engineering being SRE, Daniel Stenberg decided to end curl's bug bounty program, zerobrew takes some of the best ideas from uv and applies them to Homebrew, and Phil Eaton on LLMs and your career.

Im Binärgewitter-Talk #370 stolpern wir gemeinsam durch die glitzernde Tech-Welt – von Linux-Liebeserklärungen bis Mac-Mimimi. Unser Gast erklärt uns, warum Stromnetze spannender sind als jede Netflix-Serie, während Cloud-Dienste reihenweise „Tote der Woche“ melden. Zwischendurch philosophieren wir über Kubernetes, KI-Hacking und ob Gateway-API wirklich das neue heiße Ding ist. Zum Schluss gibt's Zukunftsvisionen zu E-Mobilität, Smart Homes und Mini-Windrädern – Tech-Chaos zum Mitlachen garantiert! Toter der Woche graveyard has a new logo Neato Cloud Services MinIO Ingress NGINX Retirement Externe Facebook “like” und “comment” buttons Exotische Debian Ports Plain HTTP in Chrome Lennarts Blog Untoter der Woche Linux-Konsole: Valve kündigt neue Steam Machine an Steam Hardware Announcement AI der Woche AI Darwin Awards Securevibes Volkwagen for Unit Tests Where’s the Shovelware? Why AI Coding Claims Don’t Add Up Anthropic: AI Espionage Researchers Question claim AI slop attacks on the curl project (video) Blog Post von Daniel Stenberg AI Song an der Spitze der Charts (in den USA) Human Music (video) Cometjacking attack Unseeable prompt injections in Comet and other AI browsers AI World Clocks News Fedora Linux 43 Meta wants to read your DMs Operaton has reached 1.0 — Camunda 7.0 CE repo has been archived FreeBSD shortly before 15.0: Trust is good, reproducibility is better FreeBSD now builds reproducibly and without root privilege PS5 Funktionierender User + Kernel Exploit Affinity's new design platform combines everything into one app Ausbruch aus Dockercontainer Themen eAuto laden und Energienetze (follow up zur FrosCon Folge) Wikipedia: Grobe Struktur eines Stromnetzes Frische News Schuko für PV Maus: Pumpspeicherwerk DLF Forschung Aktuell — Podcast: Wasserstofferzeugung Wikipedia: Hochspannungs-Gleichstrom-Übertragung Wikipedia: Karte Offshore-Windparks in der Deutschen Bucht Wikipedia: Kleinwindkraftanlage 3D-Druck der Woche I Broke the Sound Barrier with a 3D Printed Rocket! (video) C-Hook Battery Cover Mimimi der Woche Anycubic Slicer Next für Linux nur mit “execute Shellscript from internet” welches CN schriftzeichen als Meldungen ausgibt die Installationsziele auf Ubuntu Only einschränkt im Endeffekt doch nur eine Paket-Source einträgt und via apt ein Paket installiert NixOS static ip let ext-if = "et0"; external-mac = "00:11:22:33:44:55"; external-ip6 = "2a01::2342"; external-netmask6 = "64"; in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; networking = { enableIPv6 = true; nat.enableIPv6 = true; interfaces."${ext-if}" = { useDHCP = true; ipv6.addresses = [{ address = external-ip6; prefixLength = external-netmask6; }]; }; defaultGateway6 = { address = external-gw6; interface = ext-if; }; nameservers = [ "1.1.1.1" ]; }; } Ab-er Finger macht kein Touch Lesefoo OpenSource Alternativen zu Cloudflare Picks thingino Severance S02 Kittysplit seized.fyi Tooling https://volta.sh/ https://github.com/Schniz/fnm https://mise.jdx.dev/ Fwupd 2.0.16 Released Mit OSS Termine buchen beim Arzt Bahnstationen in 3D-Karte

In this episode, I speak with Lydia Pintscher and Daniel Stenberg from the European Open Source Academy and their efforts to highlight excellence in European open source communities.100s of amazing Mac appsLooking to supercharge your Mac with 100s of apps to choose from and one low monthly price? Take a look at Setapp from MacPaw.go.chrischinchilla.com/setapp For show notes and an interactive transcript, visit chrischinchilla.com/podcast/To reach out and say hello, visit chrischinchilla.com/contact/To support the show for ad-free listening and extra content, visit chrischinchilla.com/support/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of OsProgramadores Podcast, Marcelo interviews Daniel Stenberg, the legendary creator of curl — one of the most widely used open-source tools in the world.Curl is embedded in billions of devices and powers much of the modern internet.Daniel shares his journey from his early programming days in Sweden to building and maintaining curl for over two decades, leading open-source projects like libcurl, libssh2, and c-ares. He discusses what it takes to sustain an open-source project at global scale and what motivates him to keep coding and contributing after so many years.

Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why Hyper was removed from curl, why the last five percent of making it a success was difficult, what the project gained from the 5-year attempt to tackle bringing Rust into a C project, lessons learned for next time, why user support is critical, and the positive long-lasting impact this attempt had. Brought to you by IEEE Computer Society and IEEE Software magazine.

Curl is a widely used open source tool and library for transferring data. On today’s Day Two DevOps we talk with curl creator Daniel Stenberg. Daniel gives us a brief history of curl and where it’s used (practically everywhere). We also discuss the impact of AI on curl. Open source projects are often starved for... Read more »

Curl is a widely used open source tool and library for transferring data. On today’s Day Two DevOps we talk with curl creator Daniel Stenberg. Daniel gives us a brief history of curl and where it’s used (practically everywhere). We also discuss the impact of AI on curl. Open source projects are often starved for... Read more »

Curl is a widely used open source tool and library for transferring data. On today’s Day Two DevOps we talk with curl creator Daniel Stenberg. Daniel gives us a brief history of curl and where it’s used (practically everywhere). We also discuss the impact of AI on curl. Open source projects are often starved for... Read more »

Fredrik snackar med Patrik Svensson om Opencli - Patriks nyskapade förslag till en standard för att beskriva kommandoradsapplikationers gränssnitt. Det borde inte vara en stor grej att publicera ett förslag till en spec för någonting. Faktum är att mycket fler borde göra det! Fler borde få hybris. Ett stort tack till Cloudnet som sponsrar vår VPS! Har du kommentarer, frågor eller tips? Vi är @kodsnack, @thieta, @krig, och @bjoreman på Mastodon, har en sida på Facebook och epostas på info@kodsnack.se om du vill skriva längre. Vi läser allt som skickas. Gillar du Kodsnack får du hemskt gärna recensera oss i iTunes! Du kan också stödja podden genom att ge oss en kaffe (eller två!) på Ko-fi, eller handla något i vår butik. Länkar Patrik Patriks röst hörs i podden Modermodemet Spectre.console Cake Opencli Spectre.console.cli Kathleen Dollard Openapi Chet Husk - PM för .net-CLI på Microsoft Typespec getopts Opencli på Github Man pages Stöd oss på Ko-fi! Aritet Podcasting 2.0-specen ID3-standarden - för att lägga metadata i mp3-filer Podcast chapters Daniel Stenberg och Curls kommandoradsflaggor Mitchell Hashimoto - grundare av Hashicorp Ghostty Titlar Om det fanns en spec Inte för mänsklig konsumtion Inte rädd för att göra bort mig Handknacka en spec Halvbakade tankar Klia CLI Det finns ju manpages Inga problem att göra bort mig En enorm, komplex best Tiotusen företag i ett företag Dialekter av CLI-applikationer -build Hela Jira-spektrat

Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl project (and other open source projects too). The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-curl_vs_ai_with_daniel_stenberg/

Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects in the world. Segment Resources: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/ https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ https://thenewstack.io/curls-daniel-stenberg-on-securing-180000-lines-of-c-code/ Google replacing SMS with QR codes for authentication, MS pulls a VSCode extension due to red flags, threat modeling with TRAIL, threat modeling the Bybit hack, malicious models and malicious AMIs, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-320

Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects in the world. Segment Resources: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/ https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ https://thenewstack.io/curls-daniel-stenberg-on-securing-180000-lines-of-c-code/ Show Notes: https://securityweekly.com/asw-320

Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects in the world. Segment Resources: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/ https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ https://thenewstack.io/curls-daniel-stenberg-on-securing-180000-lines-of-c-code/ Google replacing SMS with QR codes for authentication, MS pulls a VSCode extension due to red flags, threat modeling with TRAIL, threat modeling the Bybit hack, malicious models and malicious AMIs, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-320

Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects in the world. Segment Resources: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/ https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ https://thenewstack.io/curls-daniel-stenberg-on-securing-180000-lines-of-c-code/ Show Notes: https://securityweekly.com/asw-320

Daniel Stenberg var en av Kompilators första gäster och gör ett återbesök för att berätta vad som har hänt under de 5 år som har hunnit förflyta. Bartek berättar om hur han reclaimade curl.se-domänen från domain squatters. Dessutom: lyssnarfrågor!The journey to a curl domain | daniel.haxx.seKodsnack 572 - Perfekt tillfälle att åka till Bryssel, med Daniel StenbergHostingen av Kompilator sponsras av Dekalfabriken

Daniel Stenberg shares his guiding principles for BDFL'ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won't be the next XZ & more!

Daniel Stenberg shares his guiding principles for BDFL'ing curl, gives us his perspective on the state of the internet, talks financial independence, ensuring curl won't be the next XZ & more!

In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in the official Rust toolchain. Along the way we also learn about the early history of curl and Rust, which section of your car's owner's-manual you should "re"-read, some weird HTTP edge-cases, and Daniel's experience in open-source maintainership.And don't forget: have fun!

In this episode of CHAOSScast, host Dawn Foster brings together Matt Germonprez, Brian Proffitt, and Ashley Wolf to discuss the implications of Artificial Intelligence (AI) on Open Source Program Offices (OSPOs), including policy considerations, the potential for AI-driven contributions to create workload for maintainers, and the quality of contributions. They also touch on the use of AI internally within companies versus contributing back to the open source community, the importance of distinguishing between human and AI contributions, and the potential benefits and challenges AI introduces to open source project health and community metrics. The conversation strikes a balance between optimism for AI's benefits and caution for its governance, leaving us to ponder the future of open source in an AI-integrated world. Press download to hear more! [00:03:20] The discussion begins on the role of OSPOs in AI policy making, and Ashley emphasizes the importance of OSPOs in providing guidance on generative AI tools usage and contributions within their organizations. [00:05:17] Brian observes a conservative reflex towards AI in OSPOs, noting issues around copyright, trust, and the status of AI as not truly open source. [00:07:10] Matt inquires about aligning different policies from various organizations, like GitHub and Red Hat, with those from the Linux Foundation and Apache Software Foundation regarding generative AI. Brian speaks about Red Hat's approach to first figure out their policies before seeking alignment with others. [00:06:45] Ashley appreciates the publicly available AI policies from the Apache and Linux Foundations, noting that GitHub's policies have been informed by long-term thinking and community feedback. [00:10:34] Dawn asks about potential internal conflict for GitHub employees given different AI policies at GitHub and other organizations like CNCF and Apache. [00:12:32] Ashley and Brian talk about what they see as the benefits of AI for OSPOs, and how AI can help scale OSPO support and act as a sounding board for new ideas. [00:15:32] Matt proposes a scenario where generative AI might increase individual contributions to high-profile projects like Kubernetes for personal gain, potentially burdening maintainers. [00:18:45] Dawn mentions Daniel Stenberg of cURL who has seen an influx of low-quality issues from AI models, Ashley points out the problem of “drive-by-contributions” and spam, particularly during events like Hacktoberfest, and emphasizes the role of OSPOs in education about responsible contributions, and Brian discusses potential issues with AI contributions leading to homogenization and the increased risk of widespread security vulnerabilities. [00:22:33] Matt raises another scenario questioning if companies might use generative AI internally as an alternative to open source for smaller issues without contributing back to the community. Ashley states 92% of developers are using AI code generation tools and cautions against creating code in a vacuum, and Brian talks about Red Hat's approach. [00:27:18] Dawn discusses the impact of generative AI on companies that are primarily consumers of open source, rarely contributing back, questioning if they might start using AI to make changes instead of contributing. Brian suggests there might be a mixed impact and Ashley optimistically hopes the time saved using AI tools will be redirected to contribute back to open source. [00:29:49] Brian discusses the state of open source AI, highlighting the lack of a formal definition and ongoing efforts by the OSI and other groups to establish one, and recommends a fascinating article he read from Knowing Machines. Ashley emphasizes the importance of not misusing the term open source for AI until a formal definition is established. [00:32:42] Matt inquires how metrics can aid in adapting to AI trends in open source, like detecting AI-generated contributions. Brian talks about using signals like time zones to differentiate between corporate contributors and hobbyists, and the potential for tagging contributions from AI for clarity. [00:35:13] Ashley considers the human aspect of maintainers dealing with an influx of AI-generated contributions and what metrics could indicate a need for additional support, and she mentions the concept of the “Nebraska effect.” Value Adds (Picks) of the week: [00:36:59] Dawn's pick is seeing friends over the 4 day UK Easter holiday, playing board games, eating, and hanging out. [00:37:21] Brian's pick is traveling back home to Indiana to see his first ever total solar eclipse and bringing his NC friends along. [00:38:03] Matt's pick is reconnecting with colleagues this semester and doing talks at GSU and Syracuse. [00:38:40] Ashley's pick is going to the local nursery and acquiring some blueberry plants. Panelists: Dawn Foster Matt Germonprez Brian Proffitt Ashley Wolf Links: CHAOSS (https://chaoss.community/) CHAOSS Project X/Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Dawn Foster X/Twitter (https://twitter.com/geekygirldawn?lang=en) Matt Germonprez X/Twitter (https://twitter.com/germ) Brian Proffitt X/Twitter (https://twitter.com/TheTechScribe) Ashley Wolf X/Twitter (https://twitter.com/Meta_Ashley) Ashley Wolf LinkedIn (https://www.linkedin.com/in/ashleywolf/) AI-generated bug reports are becoming a big waste of time for developers (Techspot) (https://www.techspot.com/news/101440-ai-generated-bug-reports-waste-time-developers.html) Models All The Way Down- A Knowing Machines Project (https://knowingmachines.org/models-all-the-way) xkcd-Dependency (https://xkcd.com/2347/) Special Guest: Ashley Wolf.

Fredrik snackar med Daniel Stenberg om konferensen FOSDEM och om utmaningarna med CVE-systemet för att dokumentera och publicera säkerhetsproblem. Fredrik har varit sugen på FOSDEM i ett par år. Daniel som är riktigt proffs berättar om hur konferensen är (skönt kaotisk, och biljettfri!), hur saker funkar, och kommer med lite tips som att kolla upp vad som händer dagarna intill konferensen och handla lunch kvart över tio på förmiddagen (eller ännu hellre bara följa med strömmen och se vad det blir). Har någon lyssnare koll på en stor samling FOSDEM-tröjor från konferensens olika år? Vi skulle jättegärna vilja se en bild på en sådan garderob! Kodsnacks spelsylt kommer tillbaka redan 9 mars, läs mer på https://itch.io/jam/spelsylt10, och häng med alla trevliga människor i kanalen #spelsylt i Kodsnacks Slack! Ett presentkort på 500 kronor och en hel massa ära står på spel! Sedan diskuterar CVE-systemet - ett system som är byggt för en värld som såg lite annorlunda ut än idag. Daniel berättar om de CVE-bekymmer som drabbat Curl och många andra projekt, och vilka problem som finns med systemet. Ett stort tack till Cloudnet som sponsrar vår VPS! Har du kommentarer, frågor eller tips? Vi är @kodsnack, @thieta, @krig, och @bjoreman på Mastodon, har en sida på Facebook och epostas på info@kodsnack.se om du vill skriva längre. Vi läser allt som skickas. Gillar du Kodsnack får du hemskt gärna recensera oss i iTunes! Du kan också stödja podden genom att ge oss en kaffe (eller två!) på Ko-fi, eller handla något i vår butik. Länkar Daniel Tidigare avsnitt med Daniel FOSDEM FOSDEM 2024 ULB MAC-adresser FOSDEM-appar SReview - FOSDEMs videosystem CCC GDB Valgrind Wolfssl - där Daniel jobbar Johan Thelin Fringe-events kring FOSDEM Homebrew Debian So you think you know git - snack från huvudspåret, av Scott Chacon Curl Software bill of materials Kodsnacks tionde spelsylt Kodsnacks Slack CVE:er Mitre CVE numbering authoroties NVD - National vulnerability database NIST - National institute of standards and technology Daniels bloggtexter om CVE-problemen Titlar Ska vi börja med åkandet? Alla fysiska FOSDEM När Bryssel är som absolut sämst Grött Grått, blött, fuktigt, och ganska kallt Perfekt tillfälle att åka till Bryssel Det finns inga biljetter Man bara dyker upp Alla byter MAC-adresser 30 separata spår Ta in en öl till Väldigt stort och ganska kaotiskt Det finns inga slipsar där Bara hänga i cafeterian Det stora spåret Större möjligheter att bara hänga En klistermärkesintensiv konferens Notoriskt dåligt med eluttag Här börjar mitt snack Man är inte helt unik när man pratar på FOSDEM FOSDEM-lådan En FOSDEM-svit Om man hittar ett säkerhetsproblem Man behöver inte bevisa att det finns en bugg Här får du en CVE Den här icke-buggen Himlen ramlar, världen brinner En 9,8-CVE “Disputed” Rejected, inte disputed Om jag bara gnäller tillräckligt högt En anonym person som har missuppfattat Knak i hela CVE-systemet

Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallout from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes “all code is tech debt” is all wrong.

Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallout from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes “all code is tech debt” is all wrong.

Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallout from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes “all code is tech debt” is all wrong.

Josh and Kurt talk to Daniel Stenberg about curl. Daniel is the creator of curl, we chat with him about the security of curl. Daniel tells us how curl is kept secure, we learn about some of the historical reasons curl works the way it does. We hear the story about the curl CVE situation firsthand. We also touch on the importance of curating the community of a popular open source project. Show Notes Daniel's Mastodon account Curl The curl CVE blog Broken curl on PowerShell wolfSSL

Guests Daniel Stenberg | Dan Lorenc Panelist Richard Littauer Show Notes Today, we are switching things up and doing something new for this episode of Sustain, where we'll be talking about current events, specifically security challenges. Richard welcomes guest, Daniel Stenberg, founder, and lead developer of the cURL project. Richard and Daniel dive into the complexities of Common Vulnerabilities and Exposures (CVEs), discussing issues with how they are reported, scored, and the potential impact on open source maintainers. They also explore the difficulty of fixing the CVE system, propose short-term solutions, and address concerns about CVE-related DDOS attacks. Dan Lorenc, co-founder, and CEO of Chainguard, also joins us and offers insights into the National Vulnerability Database (NVD) and suggests ways to improve CVE quality. NDS's response is examined, and Daniel shares his frustrations and uncertainties regarding the CVE system's future. Hit download now to hear more! [00:01:00] Richard explains that they will discuss Common Vulnerabilities and Exposures (CVEs) and mentions that CVEs were launched in September 1999, briefly highlighting their purpose. He mentions receiving an email about a CVE related to the cURL project, which wasn't acknowledged by the cURL team. [00:01:50] Daniel explains that the email about the CVE was sent to the cURL library mailing list by a contributor who noticed the issue. He describes the confusion about the old bug being registered as a new CVE. discusses the process of requesting a CVE. He also mentions the National Vulnerability Database (NVD) and how it consumes and assigns severity scores to CVEs. [00:03:54] Daniel discusses the process of requesting a CVE which involves organizations like MITRE, and he mentions the National Vulnerability Database (NVD) and how it consumes and assigns severity scores to CVEs. [00:06:21] Richard asks about how NVD assigns severity scores to CVEs and specifically in the case of CVE 2020, and Daniel describes the actual bug in curl, which was a minor issue involving retry delays and not a severe security threat. [00:09:57] Richard questions who at NVD determines these scores and whether they are policy makers or coders, to which Daniel admits he has no idea and discusses his efforts to address the issue. He expresses frustration with NVD's scoring system and their lack of communication. [00:11:18] Daniel and Richard discuss their concerns about the accuracy and relevance of CVE ratings, especially in cases where those assigning scores may not fully understand the technical details of vulnerabilities. [00:14:37] We now welcome Dan Lorenc to get his point of view on this issue. Dan introduces himself and talks about his experience with the NVD, highlighting some of the issues with CVE scoring and the varying quality of CVE reports. [00:16:11] Dan mentions the problems with the CVSS scoring and the incentives for individuals to report vulnerabilities with higher scores for personal gain, leading to score inflation. Dan suggests that NVD could improve the quality of CVEs by applying more scrutiny to high-severity and widely used libraries like cURL, which could reduce the noise and waste of resources in the industry. [00:18:23] Richard presents NVD's response to their inquiry. Then, Daniel and Richard discuss NVD's response and the discrepancy between their assessment and that of open source maintainers like Daniel who believe that some CVEs are not valid security issues. [00:20:44] Richard asks if anyone offered to fund the work to fix vulnerabilities in important open source projects like cURL when a CVE is reported. Daniel replies that no such offers have been made, as most involved in the project recognize that some CVEs are not actual security problems, but rather meta problems caused by the CVE rating system. [00:21:40] Daniel explains his short-term solution of registering his own CNA (CVE Numbering Authority) to manage CVEs for his products and prevent anonymous users from filing CVEs. [00:23:04] Richard raises concerns about the potential for a CVE DDOS attack on open source, overwhelming them with a flood of CVE reports. [00:24:20] Daniel comments on the growing problem of both legitimate and invalid CVEs being reported, as security scanners increasingly scan for them. Richard reflects on the global nature of the problem, and Daniel emphasizes the importance of having a unique ID for security problems like CVEs. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Richard Littauer Mastodon (https://mastodon.social/@richlitt) Daniel Stenberg Twitter (https://twitter.com/bagder?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Daniel Stenberg Mastodon (https://mastodon.social/@bagder) Daniel Stenberg Website (https://daniel.haxx.se/) Dan Lorenc Twitter (https://twitter.com/lorenc_dan?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) National Vulnerability Database (https://nvd.nist.gov/) CVE (https://www.cve.org/) cURL (https://curl.se/) Chainguard (https://www.chainguard.dev/) Sustain Podcast-Episode 185: Daniel Stenberg on the cURL project (https://podcast.sustainoss.org/guests/stenberg) Sustain Podcast-Episode 93: Dan Lorenc and OSS Supply Chain Security at Google (https://podcast.sustainoss.org/93) Credits Produced by Justin Dorfman (https://www.justindorfman.com) & Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Daniel Stenberg and Dan Lorenc.

WMCLB Special Episode Karen Stenberg  interviews Michael Natale and Daniel Stenberg to talk about law and gospel in preparing a Bible Study.

Guest Daniel Stenberg Panelists Richard Littauer | Leslie Hawthorne Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. On this episode, Richard and Leslie are super excited to have as their guest, Daniel Stenberg, Lead Developer of the cURL project. Today, Daniel shares his journey of how he got involved with cURL, its development over the years, the community behind it, and funding the development. Our conversation also touches on the upcoming release of cURL, the future of cURL, Daniel's desire to grow the project, the benefits of people to collaborate with and provide support, and the role of cURL in the broader landscape of internet protocols and digital infrastructure. Press download to hear more! [00:01:24] Daniel shares the story of how he became involved with the cURL project. [00:03:55] We hear about the community behind cURL and the number of maintainers involved. He mentions having over 1,100 commit authors in the current repository. [00:05:29] The discussion shifts to funding cURL's development. He tells us for the first twenty one years he had it as a spare time project while having a separate job. [00:06:28] He explains the challenge monetizing a free software project but emphasizes the value he provides to customers in terms of support and expertise. [00:08:40] Leslie raises the topic of Daniel's positive and generous attitude despite giving away free software and not always receiving equal support in return. He explains as long as he has enough customers to sustain his work, he remains calm and relaxed. [00:11:46] Daniel discusses the development of his mindset and how he acquired a positive outlook over the past 25 years. He attributes his confidence to proven success, test cases that validate code functionality, and feedback form the large install base of cURL. [00:12:45] Richard asks Daniel about his plans for the future of cURL, and Daniel expresses a desire to expand the team and highlights the benefits of having additional people to collaborate with and provide support. [00:13:56] Leslie takes the opportunity to promote wolfSSL, the company Daniel collaborates with to support cURLS's growth and provide services to more users, and he explains why he's working with wolfSSL. [00:17:02] Richard raises the topic funding individual maintainers with the broader open source ecosystem, and Daniel acknowledges that his support contract model might not work for all projects, as it requires a certain project size, importance, and ecosystem. [00:19:04] Security issues, particularly zero-day exploit is brought up, and Daniel emphasizes the significance of security and mentions that maintaining cURL involves devoting a considerable amount of time to fixing bugs, addressing support questions, and handling security concerns. [00:20:32] We hear how cURL fits into the wider landscape of internet protocols and digital infrastructure. Daniel talks about the importance of maintaining backward compatibility in cURL, and how he sees cURL as a tool that enables users to transfer data over the internet effectively. [00:22:53] We hear about Uncurled, which is a book by Daniel. [00:24:32] Daniel tells us what many companies would rather not say, such as companies that choose not to disclose their support or donations to cURL. They prefer to remain anonymous and keep their contributions private. [00:28:02] He acknowledges that extracting significant value solely from donations can be challenging and offering support contracts provides a way to generate more revenue and provide additional value to companies. [00:29:19] What's hard for Daniel? He attributes his optimistic and positive mindset to his personality and outlook on life, but he also mentions facing struggles. [00:34:24] Find out where you can follow Daniel on the web. Quotes [00:07:35] “My biggest way in is when my customers run into a bug. So, I have this weird incentive to not do it too good.” [00:10:32] “When you've been around for a long time and you know if things go well, I can be around for a long time further as well.” [00:21:24] “We haven't done a breaking change in 16 years.” [00:30:09] “The hard part is the humans, the community, interacting with others, all the cultures, languages, and people.” Spotlight [00:35:03] Leslie's spotlight is The Swedish Internet Foundation. [00:35:47] Richard's spotlight is WC and Cat. [00:36:10] Daniel's spotlight is Valgrind. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Richard Littauer Twitter (https://twitter.com/richlitt?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Leslie Hawthorne Twitter (https://twitter.com/lhawthorn) Daniel Stenberg Website (https://daniel.haxx.se/) Daniel Stenberg Twitter (https://twitter.com/bagder?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Daniel Stenberg Mastodon (https://mastodon.social/@bagder) cURL (https://curl.se/) wolfSSL (https://www.wolfssl.com/) Uncurled (https://un.curl.dev/) Everything curl (https://everything.curl.dev/) The Swedish Internet Foundation (https://internetstiftelsen.se/en/) wc (Unix) (https://en.wikipedia.org/wiki/Wc_(Unix)) Valgrind (https://valgrind.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Daniel Stenberg.

Leveraging OpenZFS to Build Your Own Storage Appliance, Install OpenBSD as a VM, Set up your own CalDAV and CardDAV servers on OpenBSD, display basic computer information using DMI table decoder, Gpart CheatSheet, Rob Pike on the Origin of Unix Dot File Names, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines OpenZFS – Leveraging OpenZFS to Build Your Own Storage Appliance (https://klarasystems.com/articles/openzfs-leveraging-openzfs-to-build-your-own-storage-appliance/) Install OpenBSD as a VM (https://byte-sized.de/linux-unix/openbsd-als-vm-installieren/#english) News Roundup Set up your own CalDAV and CardDAV servers on OpenBSD (https://dataswamp.org/~solene/2023-04-23-calendar-and-contacts-with-radicale.html) How to display basic computer information using DMI table decoder (https://sleeplessbeastie.eu/2023/03/31/how-to-display-basic-computer-information-using-dmi-table-decoder/) Gpart CheatSheet - wiping drives, partitioning, & formating (https://forums.FreeBSD.org/threads/gpart-cheatsheet-wiping-drives-partitioning-formating.45411) Rob Pike on the Origin of Unix Dot File Names (http://xahlee.info/UnixResource_dir/writ/unix_origin_of_dot_filename.html) Beastie Bits Hackerstations Mike McQuaid's clean, ergonomic setup in Edinburgh, Scotland (https://hackerstations.com/setups/mike_mcquaid/) Daniel Stenberg and the home of curl in Stockholm, Sweden (https://hackerstations.com/setups/daniel_stenberg/) viogpu(4), a VirtIO GPU driver, added to -current (http://undeadly.org/cgi?action=article;sid=20230421124221) OpenBGPD 8.0 released (http://undeadly.org/cgi?action=article;sid=20230505054214) cron(8) now supports random ranges with steps (http://undeadly.org/cgi?action=article;sid=20230507122935) malloc leak detection available in -current (http://undeadly.org/cgi?action=article;sid=20230417074903) vmd(8) moves to a multi-process model (https://www.undeadly.org/cgi?action=article;sid=20230430051250) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)

Nextcloud moves to the front of the pack with their new release, a moment to appreciate curl, and Amazon goes all in with Fedora. Special Guest: Brent Gervais.

Reorx lists awesome apps & tools using the new ChatGPT API, Ernie Smith ranks self-hosted app alternatives, Very Good Ventures brings Dart to the server, Daniel Stenberg tells curl's NuGet story & Hacker Stations showcases tech workspace setups from all over the world.

Reorx lists awesome apps & tools using the new ChatGPT API, Ernie Smith ranks self-hosted app alternatives, Very Good Ventures brings Dart to the server, Daniel Stenberg tells curl's NuGet story & Hacker Stations showcases tech workspace setups from all over the world.

Reorx lists awesome apps & tools using the new ChatGPT API, Ernie Smith ranks self-hosted app alternatives, Very Good Ventures brings Dart to the server, Daniel Stenberg tells curl's NuGet story & Hacker Stations showcases tech workspace setups from all over the world.

In this episode, we are honored to have Daniel Stenberg, the founder and lead developer of cURL, as our guest. cURL is a ubiquitous data transfer utility that grew into a robust library used in billions of applications worldwide. Daniel is a Swedish developer who has been involved in open source for decades. He is also the recipient of the Polhem Prize 2017 for his work on cURL. Join us as we talk to Daniel about his journey with cURL, his passion for open source, and everything in between.

The simple data transfer tool curl, and its associated library, are estimated to be installed on roughly 10 billion computers, VMs, and embedded devices around the world. For this ep we had a wide ranging conversation with Daniel Stenberg, curl's longtime author and maintainer, about starting up such an essential project back in the '90s, juggling the dizzying array of protocols curl supports, the decision-making process around one of the most critical open source programs in use today, and a bunch more.SHOW NOTESFind out (way) more about curl on its home page: https://curl.se/Daniel blogs extensively on curl and other topics: https://daniel.haxx.se/blog/Daniel is also working on a memoir, available online: https://un.curl.dev/The FOSS Pod is brought to you by Google Open Source. Find out more at https://opensource.google

Daniel Stenberg, founder and lead developer of cURL and libcurl, and winner of the Polhem Prize, discusses the history of the project, key events in the project timeline, war stories, favorite command line options and various experiences from 25 years of developing an Open Source project.

Daniel Stenberg, founder and lead developer of cURL and libcurl, and winner of the Polhem Prize, discusses the history of the project, key events in the project timeline, war stories, favorite command line options and various experiences from 25 years of developing an Open Source project.