The end of the #curl bug-bounty
Uncategorized
40
Posts
18
Posters
41
Views
-
@bagder I feel that this onslaught of AI slop reports is a DOS attack that weakens the security.
@ollej that is certainly a risk, yes
-
@poolitzer there's also this
@bagder should have looked that up first, ofc you had them ready :D
-
@nini to illustrate the point of the blog post, I should probably just say: maybe, maybe not. =)
@bagder I shall wink in your direction and touch my nose on the side in acceptance of this.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder "not even one in twenty was real" is one of the most damning things I've ever heard about the state of BBPs. that's abysmal.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder
sorry to hear the slop has ruined a good thing. hopefully HackerOne learn from this and start taking stronger steps to curb this issue. -
The bugbounty crash of 2025 in a single image (from the blog post)
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?" -
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?"
@Mae argh, I think that's just wordpress being annoying... 😕
-
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
@seanmonstar @bagder Yep... I called for exactly this from platforms: https://sethmlarson.dev/slop-security-reports#what-platforms-can-do
Primarily so that maintainers can collaborate against this sort of behavior, but also to make bad actors known.
-
@seanmonstar @bagder Yep... I called for exactly this from platforms: https://sethmlarson.dev/slop-security-reports#what-platforms-can-do
Primarily so that maintainers can collaborate against this sort of behavior, but also to make bad actors known.
@sethmlarson @seanmonstar I have a meeting with someone at Github in a few hours. I will bring this up!
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder a sad, but understandable decision
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder without reading the article I knew why 😔
Maybe submitting a repot should cost something? The people that are confident about their findings would get the reward that easily pays for that. For the slop that's just too expensive.
Sounds weird but... maybe?
-
@bagder without reading the article I knew why 😔
Maybe submitting a repot should cost something? The people that are confident about their findings would get the reward that easily pays for that. For the slop that's just too expensive.
Sounds weird but... maybe?
@tcurdt so when you read the post you can read my answer to that question!
-
@tcurdt so when you read the post you can read my answer to that question!
Sorry, I was too quick with my reply 🫣
Yeah, I can see receiving a fee being a pain, too. Especially the uneven barrier to entry feels unfair.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder Makes sense to end the paid program, given the quantity of slop it was receiving. It's too bad because paid bug bounties can be helpful in surfacing real problems, but it makes sense given the circumstances.
Kind of unfortunate to use an AI slop header image along with it, though, don't you think?
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder Where's that header image from?
-
undefined aeva@mastodon.gamedev.place shared this topic on
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
I changed it to one I like better
-
-
@scottjenson I don't think I want to summon up that vibe, though, even in the form of a common meme. It sounds creepy to people who don't know it. I'm going to change the text.
-
La prova generale è iniziata: in corso in Florida il wet dress rehearsal della missione Artemis II. Si svolgeranno tutte le attività che precedono il lancio. Se tutto andrà bene, partenza verso la Luna domenica sera (in Italia saranno le prime ore di lunedì 9)
https://www.nasa.gov/blogs/missions/2026/01/31/countdown-begins-for-artemis-ii-wet-dress-rehearsal/
-
@scottjenson It's a meme making fun of right wing nostalgia. The original had dark conspiratorial overtones -- a spooky unnamed "they" -- but the mocking memes are more silly, with old videogame screenshots or 70s tv commercials for appliances. I saw at least one white supremacist video by searching for the phrase on X, though, so I guess it's still used by right wing creeps, too.
-
lol. lmfao.
-
Trump won this district by 17%. There's a town called White Settlement in this district. It's a very red suburb of Forth Worth, considered a safe Republican seat in the Texas Senate.
I can't stop reloading the page. The gap has widened since I started watching.
-
Quizzino della domenica: Orologio triangolare
@matematica - Disponete i numeri da 1 a 12 in un orologio in un modo particolare...
