156
the Apple curl security incident 12604 | daniel.haxx.se (daniel.haxx.se)
submitted 4 months ago by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
top 16 comments
sorted by: hot top controversial new old
[-] [email protected] 40 points 4 months ago

TL;DR? > The problem is strictly speaking not even in curl code. It comes with the version of LibreSSL that Apple ships and builds curl to use on their platforms.

But because they’re Apple (right next to the Pope, for infallibility), they know best; same old story, rinse’n’repeat.

Really liked their stuff back in the day. Now? It’s another walled garden they scrabble to maintain.

[-] [email protected] 10 points 4 months ago

You know, Steve Jobs used to be a huge jerk. Then he passed away.

[-] [email protected] 7 points 4 months ago

Oh it's so much worse than that. Part One Part Two

[-] [email protected] 3 points 4 months ago

Here is an alternative Piped link(s):

Part One

Part Two

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[-] [email protected] 1 points 4 months ago

Thank you Piped bot.

[-] [email protected] -3 points 4 months ago

What day was it that you liked their stuff, and what made you stop?

[-] [email protected] 0 points 4 months ago* (last edited 4 months ago)

Apple adheres to the principle of form over function, instead of the old but still valid form follows function design principle. But TBH I never liked their stuff or their over the top big cheese attitude. So it's not a disgruntled apple user writing this.

[-] [email protected] 14 points 4 months ago

LibreSSL is the fucking bane of my existence at work. So many issues caused by the keys it spits out vs others.

[-] [email protected] 3 points 4 months ago

Never had the chance to seriously look into libressl. Do you think it would work fine if most of the world was running it rather than openssl?

[-] [email protected] 4 points 4 months ago

Probably so, but Apple is the only one I’ve encountered actually using it. The whole point is it’s supposed to be backwards compatible and it’s just not

[-] [email protected] 3 points 4 months ago

If you meant that they've dropped plenty of openssl functionality - well, the whole purpose of the fork was to refactor it into something less scary. And since it was done by OpenBSD people - they have their own approach, not always culturally compatible with enterprise usage.

[-] [email protected] 9 points 4 months ago

Anyone still using LibreSSL and not OpenSSL, has only themselves to blame. Or their company or whoever is forcing it on them.

[-] [email protected] 8 points 4 months ago

Seems from the article that LibreSSL is fine, it's about Apple patches to it.

[-] [email protected] 2 points 4 months ago

OpenBSD forked OpenSSL due to HeartBleed. OpenBSD developers are generally regarded as quite on top of their game when it comes to security, so why the "still using LibreSSL" FUD?

[-] [email protected] 4 points 4 months ago

You can follow curl's lead developer on mastodon: @[email protected], seems like a very reasonable guy.

this post was submitted on 09 Mar 2024
156 points (97.6% liked)

Technology

55960 readers
3802 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]