DyslexicAtheist 282 days ago [-]
A hundred million cars run curl yet Daniel Stenberg is unable to get a visa for the US.


jonahhorowitz 282 days ago [-]
Damn. You'd think he'd be eligible for an O1. https://www.uscis.gov/working-united-states/temporary-worker...
DyslexicAtheist 282 days ago [-]
yepp. I can't imagine how horrible this must feel not being given entry and not get any useful feedback to work with either. I'd be contemplating all types of conspiracies against me.
esotericn 282 days ago [-]
I doubt it.

It's fairly well known, worldwide, that US immigration is farcical. People do stuff like wipe their devices because otherwise your guys might think it's reasonable to steal all of their data.

Annoying? Sure. Conspiratorial? eh. Their loss.

pmiller2 282 days ago [-]
> not get any useful feedback to work with either.

Sounds vaguely like a job interview. I'm reminded of the guy who wrote homebrew, yet couldn't get hired at Google.

Scoundreller 282 days ago [-]
He doesn’t need a visa, he’s a Swede and covered by Visa Waiver Program.

He applied for an ESTA and was denied, but you only need an ESTA to come to USA by air/sea.

From what it seems, DS had an approved ESTA, didn’t check its status before leaving for another US trip and found out at check-in that it was cancelled.

DS could still try coming by land via Canada (or Mexico). Not sure if there are any cases out there of ESTA denials that were non-issues at a land crossing though...

At least any denial is face to face and may offer some relevant information. Future Mozilla All Hands, if in Canada, should be within a 1-2 hour drive of USA.

callalex 282 days ago [-]
Do you think this kind of behavior from our government will continue to keep the US in the epicenter of tech innovation?
Scoundreller 282 days ago [-]
I’m not USian... but no.

DS should apply for a Canadian ETA (equivalent of ESTA) just to see if he gets approved. The two governments share a lot of info...

The EU is working on its own “it’s not a visa, but it’s basically a visa” system for visa-exempt people to fly there.

Scoundreller 282 days ago [-]
Edit: it looks like he did apply for a visa and is still waiting since his ESTA rejection said he was ineligible for the Visa Waiver Program. So I guess showing up at a land border is a non-starter.
theandrewbailey 282 days ago [-]
I thought it was more people complaining that they "have toyota corola". https://daniel.haxx.se/blog/2016/11/14/i-have-toyota-corola/
andyidsinga 282 days ago [-]
that is so interesting : developer puts email addr in license.txt; normal end user finds the only email addr in the whole UI and emails tech support request.
kbenson 282 days ago [-]
Well, the tech support requests are likely better than the hacking accusations he gets.[1]

1: https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warnin...

ozim 282 days ago [-]
Seems like haxx domain is not great for interfacing with non technical people. I would even bet it could also be the case if he uses haxx email domain for US visa, he is not getting one...
therein 282 days ago [-]
Likely a combination of that and a quick search of his email matches malware source code since they'll likely have curl.h in there.
andyidsinga 282 days ago [-]
wow - true that..

> Also, I have yet to figure out how to unhack the hackers from my Instagram so if you change your mind and want to restore my Instagram to its original form as well as help me secure my account from future privacy breaches, I'd be extremely grateful.

Scoundreller 282 days ago [-]
I had my phone number buried in my personal website. I also posted some articles about useful phone numbers.

Somehow I would get calls, or people commenting with their account numbers.

I don’t know why people thought my default theme was the bank or a federal government, but that they did.

ratsbane 282 days ago [-]
That just reminds me of the time I tried (and finally succeeded) in using curl at a BigCorp around 2004. I had to convince layers of non-technical management that this tiny, elegant, free, simple solution was better than an expensive and unwieldy commercial alternative. I finally wore them down and I wouldn't be surprised if the curl solution is still quietly working away at thousands of their locations.
lultimouomo 282 days ago [-]
If you've ever had to Google information about using libcurl you've most probably noticed how so many people ask questions and get answers by Daniel himself.

These answers are always very helpful and polite, doesn't matter if the question is smart or stupid.

Daniel seems a very nice person just as he's a great programmer, and I think curl success is due to its quality as much as it's due to how Daniel cares about it's users.

jaxtellerSoA 282 days ago [-]
Not sure if this is good thing? I know as the dev you are excited about it. But if I can gain access to the hardware using curl in my car, then I can download anything I want to my car.
ISL 282 days ago [-]
That is good, if it is your car.

With power comes responsibility, of course.

jaxtellerSoA 282 days ago [-]
>With power comes responsibility, of course.

Fair enough.

>That is good, if it is YOUR car. (emphasis added)

This my concern, if I can download anything I want to MY car, how hard/easy would it be for me to do it someone else's car?

thecatspaw 282 days ago [-]
thats more a "how did you get access to my car" issue though, and not neccessarily a curl issue.

If you are in a position where you can execute something on an appliance, all bets are off

piptastic 282 days ago [-]
rentals, leases

pretty easy

rzzzt 282 days ago [-]
You wouldn't download a car... to your car.
282 days ago [-]
beamatronic 282 days ago [-]
100 million cars can connect to the Internet?
devy 282 days ago [-]
Probably. Cars today are more connected - most of them have modems since the 2G wireless era (a lot of times you are probably unaware it's there.)
woodrowbarlow 282 days ago [-]
and most of the modems are active, even if the owner has not activated the extra services which require the modem. if your manufacturer can remotely enable onstar or navigation or other internet-services in your car without requiring that you bring it back in to the service center for activation... then you have an IoT car.
ac29 282 days ago [-]
>most of them have modems

Any source on this? Sounds interesting. There's only so many reasonable places you could put an antenna, given that vehicles are mostly metallic. So, if so many cars are have cell modems, they should be easy to find.

I'm aware of OnStar, but that certainly doesn't cover "most" cars. GM has less than 20% of the US market [0].

[0] https://www.statista.com/statistics/239607/vehicle-sales-mar...

petters 282 days ago [-]
> There's only so many reasonable places you could put an antenna

You have pretty good reception inside your car, right? So does your car.

devy 281 days ago [-]
> Any source on this?

I have an engineer friend who works on the 2/3G modems for a German automotive brand. He told me anecdotally many years ago. And the public generally learned from the security breaches and vulnerability exposures. Here is one:


As you can see in the article above, by "most" I meant pretty much everybody. Just like gorilla glass are standard for smartphones, car connectivity is a standard feature on modern cars, and it doesn't cost much to the manufacturers to add that on - given the upstream auto suppliers producing these TCUs (telematics control unit) in a massive scale, which is also why all these car brands were affected (sourced from the same supplier.) And they can up-sell connectivity based subscription features with higher profit margin.

londons_explore 281 days ago [-]
Surely the manufacturer still has to pay for cell service for that modem. That's typically billed on a per GB and per line basis.

Would the manufacturer want to be paying a few dollars per car per month just in the hope the user might upgrade to OnStar later?

devy 278 days ago [-]
It's usually a wholesale deal like what those MVNO are getting for the initial period of a new car and then car owners pay for the full service price later. The Big three wireless carriers want those IoT contacts as much as the automotive manufacturers, since those are also counted as subscribers and generating recurring revenues.
devy 282 days ago [-]
The other day I was working to build a minimal docker image with a command line tool to interact with http protocol to download a SDK. Other than curl and wget, are there any other commonly used *nix tools for that purpose?
funkymike 282 days ago [-]
s3m4j 282 days ago [-]
aria2 https://aria2.github.io/

But maybe keep to what's installed by default in your image ?

shmerl 282 days ago [-]
Does it mean actual CLI curl client or libcurl library?
eddieroger 282 days ago [-]
He didn't say, but I have to assume libcurl since my Android-based head unit doesn't offer me a terminal emulator with curl, but does make HTTP calls.
2400 282 days ago [-]
What do they use it for generally? Downloading updates?
wink 282 days ago [-]
Might be as simple as opening a website and reading some text. Technically also "downloading" - but why not use curl for any http-based reading of data.
Matthias247 282 days ago [-]
I would just say "interacting with all kinds of backend services".

That can be everything from OTAs to weather services, vehicle assistance services, positioning things, etc. Every feature of a "connected car" might be powered by a HTTP-based backend. And if the application inside the car is written in C/C++, using libcurl is a reasonable thing for interacting with those.

funkymike 282 days ago [-]
I have noticed that the CD database in my car gets updated once in a while. A CD that it previously did not have track data for started being recognized at one point. It clearly doesn't fetch the data on demand based on observation, but it does get occasional updates.
jackhack 282 days ago [-]
currently: entertainment systems (audio streams, weather forecasts, traffic/route planning navigation, etc.)

Eventually: spying on the passengers and turning the operator's behavior profile into an alternate revenue stream.

lordlimecat 282 days ago [-]
> spying on the passengers

I'm not familiar with this functionality of curl. Is there some undocumented flag for that?

fhood 282 days ago [-]
There are also a bunch of libraries that use curl, when the task is simple it is often the best solution.
NVRM 282 days ago [-]
Hey, I use curl too in my apps!

Programming level: tesla

informatimago 282 days ago [-]
So the guy gets his self-esteem shoot. In the meantime, if wget had been used, with its GPL license instead of the MIT-like license, those products would have to come not with a notice and his email, but with the sources of the derived work, that would allow customers and users: 1- to check that the software does what it should do (and for example, that it doesn't fudge the pollution benchmarks), 2- to hire programmers to correct bugs or add features to that software running on the devices they OWN, 3- to learn about those systems, and generally allow them or the providers of their choice to perform maintenance, instead of having to use the authorized maintenance and tools if at all possible, amongst other things.

So, good job man on your self-esteem shot, but too bad for the rest of us, customers or programmers, you only helped the shareholders of those companies.

funkymike 282 days ago [-]
If curl wasn't available the car companies would just implement something similar, poorly. They wouldn't open all their code just to use wget.
jaxtellerSoA 282 days ago [-]
This is the truth.

wget would never be even a remote consideration for them. They would hire a developer to write something before using a quality freely available tool that forced them to be open with their source code.

BoorishBears 282 days ago [-]
I think everyone is forgetting the 3rd option, someone the team just uses wget and ignores the license...
unrealchild 282 days ago [-]
if they use the curl binary so they have to disclose their source code? i could see using libcurl triggering the clause...but the cli tool?? i must misunderstand gpl :(
ska 282 days ago [-]
I think that comment was about why wget would never be used, not curl.
unrealchild 279 days ago [-]
oh geeeeez that’s right! thx for the correction
scandox 282 days ago [-]
What's with the whole "self-esteem" thing. People are allowed to enjoy their own achievements. It's actually a good thing within limits.
Lolibturd 282 days ago [-]
Leftists don't want this to be a reality.
cyphar 282 days ago [-]
The GPL wouldn't have relicensed the entire source tree of the car. Arguing it would doesn't make sense -- we know of many cases where similar things have happened and nobody released the source of entire products as a result. Derivative works in copyright are a very specific concept, and it's generally agreed that using the CLI interface of a program doesn't constitute a derivative work.
feral 282 days ago [-]
Or they'd have used something else to fetch files from the Internet, maybe something they wrote themselves. It wouldn't be as robust and reliable and probably it'd have security bugs.

And the car would be a little more expensive to make, this price inevitably paid by the rest of us who want to buy the car.

cryptonector 282 days ago [-]
The GNU plan once again foiled by one pesky developer who chose to use an MIT license!

As if no one could have developed a non-GPL licensed implementation.

GPL has its place, but berating those who have or would choose a non-copyleft license is not productive. We are all free to make licensing choices, are we not?

elcomet 282 days ago [-]
Except that the car companies fudging the pollution benchmarks would never use software that would require them to disclose their whole source code. At least here they are using open source tools, credit the author, and maybe some companies even contribute back to open source.
pmoriarty 282 days ago [-]
They should just be required to disclose all their source code by law regardless.
thecatspaw 282 days ago [-]
gdhbcc 282 days ago [-]
Because if you buy something you have a right to know what you're buying.

Just like I have the right to know what is in the sausages I bought for lunch, I should have the right to know what is in the .exe I bought to run my accounting system

your-nanny 282 days ago [-]
because it's much easier and more profitable to cheat than to comply with regulations like fuel efficiency standards
ams6110 282 days ago [-]
afaik, use of a stand-alone utility like wget, even if GPL-licensed, does not require GPL licensing of any other software that invokes it.

I can write a shell script that invokes wget, but that doesn't mean my shell script is subject to GPL.

I can use wget on a Windows machine, it doesn't mean Microsoft has to give me the Windows source code.

brianwawok 282 days ago [-]
Lawyers at many BigCos have a blanket ban on touching GPL.

They don't want a 10 billion dollar lawsuit to come down to the judge's interpretation of a license.

Usually licenses are on a flat good or bad list.

cyphar 282 days ago [-]
wget is GPLv3 licensed which requires you to give users all of the information (such as firmware keys or a way of replacing the firmware keys) to replace wget.

Practically speaking this would require providing access to replace the entire system (though as you say the GPL wouldn't apply to separate programs as that is generally considered to not be a derivative work from a copyright perspective).

Interestingly GPLv2 has similar but lighter requirements -- you have to provide instructions ("scripts") on how to build and install the software. But obviously many people believe that this was not strong enough to deal with firmware-locked systems and thus GPLv3 was born.

PhasmaFelis 282 days ago [-]
...Which is why wget was not used. If curl had been GPLed, the car companies would have used some other tool, or made their own.

Car manufacturers are never willingly going to use software that lets drivers hack their own cars. That sucks, but don't pretend it's the third-party software devs' fault.