[Daniel's week] May 5, 2023

Daniel Stenberg daniel at haxx.se
Fri May 5 16:18:27 CEST 2023

Hi friends.

Another week ends and again things happened.

## Bluesky

I got myself an invite for Bluesky this week, the Twitter wannabe replacement
that claims to be federated but runs on a single server. With just above 50K
users it is a wasteland and only a rare few of "my people" are there to follow
and talk to. It looks and feels very much like Twitter. It also mysteriously
lacks support for #tags and some other basic fundamentals. From my point of
view, it offers almost nothing Mastodon does not already have and does
better. I suppose competition is still good.

## Fireside chat

I participated on a "fireside chat" panel on "open source inflection points"
together with two other OSS maintainers on a meeting with GitHub on Tuesday. I
usually don't mind helping out and sharing my views and opinions and how it
can be to run and maintain open source. It is also interesting and educational
to meet and hear experiences and lessons from other fellow maintainers.
Sometimes their stories are identical to mine, and yet sometimes their
experiences and takes are the opposite. There are certainly many ways to do
open source!

## CVEs as JSON

I wrote up scripts for the curl website this week that convert and provide all
previous curl security advisories as JSON objects [1]. I also let myself get
talked into providing git commit ranges for when the flaws were introduced and
fixed - the exact commits, and that turned out to be quite a lot of work.
Still cool info to provide so I spent a few hours on it and I think that info
is now provided for most CVEs dating back to at least 2016. I will try to
continue to spend some effort and update a few every now and then to at least
provide the info that is easy to dig up.

Now let's see what people can do with this!

## distros

"Solar Designer", the head honcho over at the distros mailing list took "the
curl case" [5] over to the oss-security making list [2] to get a feel for what
people think and want in regards to the "exception" from the rules I am asking
for on curl's behalf. Or perhaps I would even prefer a downright rule change,
but that seems further away.

The discussion did not exactly go wild (right now there has been *one* reply),
which makes me think that we will probably end up getting allowed to continue
sending curl security notifications to the distros list even in the future.
As we have a pending curl release coming on the 17th and we have security
vulnerabilities to disclose for that, we will soon need to send out those

## Stockholm Tech Show

I did a brief appearance on Stockholm Tech Show [3] on Wednesday and did a
presentation about curl in a large room with fair amount of empty
chairs. Still, I enjoyed it and I got some positive feedback afterwards.

## More talk

On Thursday I talked curl again - in the Stockholm offices of a Swedish
organization that shall remain unnamed here. This time I drew parallels with
how HTTP and Open Source *also* has taken off and gotten wide adoption in
similar style and fashion that curl has grown since the mid/late 1990s. It
felt appreciated and lots of developers in audience freed me of many curl
stickers in the post-talk pause.

## Ny Teknik

A few weeks ago I welcomed a reporter from the Swedish magazine Ny Teknik into
my home, together with a photographer. This week that interview was published
as both a web article and a podcast episode [4]. Just beware that they are
both in Swedish.

## Coming up

- sending security advisory notifications to distros!
- record a fossified episode?
- I'll be at myconf [6] Thu/Fri next week. I will speak on the 11th.
- start getting ducks in order for pending release

## Links

[1] = https://daniel.haxx.se/blog/2023/05/05/cve-as-json/
[2] = https://www.openwall.com/lists/oss-security/2023/05/03/2
[3] = https://stockholmtechshow.se/
[4] = https://www.nyteknik.se/tech/dagen-da-mozilla-gar-under-kommer-att-vara-dalig-for-hela-webben/2052214
[5] = https://daniel.haxx.se/blog/2023/03/29/pre-notification-dilemmas/
[6] = https://myconf.io/

See you next week!


  / daniel.haxx.se

More information about the daniel mailing list