So the guy gets his self-esteem shoot. In the meantime, if wget had been used, with its GPL license instead of the MIT-like license, those products would have to come not with a notice and his email, but with the sources of the derived work, that would allow customers and users:
1- to check that the software does what it should do (and for example, that it doesn't fudge the pollution benchmarks),
2- to hire programmers to correct bugs or add features to that software running on the devices they OWN,
3- to learn about those systems, and generally allow them or the providers of their choice to perform maintenance, instead of having to use the authorized maintenance and tools if at all possible,
amongst other things.
So, good job man on your self-esteem shot, but too bad for the rest of us, customers or programmers, you only helped the shareholders of those companies.
wget would never be even a remote consideration for them. They would hire a developer to write something before using a quality freely available tool that forced them to be open with their source code.
if they use the curl binary so they have to disclose their source code? i could see using libcurl triggering the clause...but the cli tool?? i must misunderstand gpl :(
Except that the car companies fudging the pollution benchmarks would never use software that would require them to disclose their whole source code. At least here they are using open source tools, credit the author, and maybe some companies even contribute back to open source.
Because if you buy something you have a right to know what you're buying.
Just like I have the right to know what is in the sausages I bought for lunch, I should have the right to know what is in the .exe I bought to run my accounting system
Or they'd have used something else to fetch files from the Internet, maybe something they wrote themselves.
It wouldn't be as robust and reliable and probably it'd have security bugs.
And the car would be a little more expensive to make, this price inevitably paid by the rest of us who want to buy the car.
...Which is why wget was not used. If curl had been GPLed, the car companies would have used some other tool, or made their own.
Car manufacturers are never willingly going to use software that lets drivers hack their own cars. That sucks, but don't pretend it's the third-party software devs' fault.
wget is GPLv3 licensed which requires you to give users all of the information (such as firmware keys or a way of replacing the firmware keys) to replace wget.
Practically speaking this would require providing access to replace the entire system (though as you say the GPL wouldn't apply to separate programs as that is generally considered to not be a derivative work from a copyright perspective).
Interestingly GPLv2 has similar but lighter requirements -- you have to provide instructions ("scripts") on how to build and install the software. But obviously many people believe that this was not strong enough to deal with firmware-locked systems and thus GPLv3 was born.
The GPL wouldn't have relicensed the entire source tree of the car. Arguing it would doesn't make sense -- we know of many cases where similar things have happened and nobody released the source of entire products as a result. Derivative works in copyright are a very specific concept, and it's generally agreed that using the CLI interface of a program doesn't constitute a derivative work.
The GNU plan once again foiled by one pesky developer who chose to use an MIT license!
As if no one could have developed a non-GPL licensed implementation.
GPL has its place, but berating those who have or would choose a non-copyleft license is not productive. We are all free to make licensing choices, are we not?
Might be as simple as opening a website and reading some text. Technically also "downloading" - but why not use curl for any http-based reading of data.
I would just say "interacting with all kinds of backend services".
That can be everything from OTAs to weather services, vehicle assistance services, positioning things, etc. Every feature of a "connected car" might be powered by a HTTP-based backend. And if the application inside the car is written in C/C++, using libcurl is a reasonable thing for interacting with those.
I have noticed that the CD database in my car gets updated once in a while. A CD that it previously did not have track data for started being recognized at one point. It clearly doesn't fetch the data on demand based on observation, but it does get occasional updates.
Not sure if this is good thing? I know as the dev you are excited about it. But if I can gain access to the hardware using curl in my car, then I can download anything I want to my car.
that is so interesting : developer puts email addr in license.txt; normal end user finds the only email addr in the whole UI and emails tech support request.
> Also, I have yet to figure out how to unhack the hackers from my Instagram so if you change your mind and want to restore my Instagram to its original form as well as help me secure my account from future privacy breaches, I'd be extremely grateful.
Seems like haxx domain is not great for interfacing with non technical people. I would even bet it could also be the case if he uses haxx email domain for US visa, he is not getting one...
That just reminds me of the time I tried (and finally succeeded) in using curl at a BigCorp around 2004. I had to convince layers of non-technical management that this tiny, elegant, free, simple solution was better than an expensive and unwieldy commercial alternative.
I finally wore them down and I wouldn't be surprised if the curl solution is still quietly working away at thousands of their locations.
and most of the modems are active, even if the owner has not activated the extra services which require the modem. if your manufacturer can remotely enable onstar or navigation or other internet-services in your car without requiring that you bring it back in to the service center for activation... then you have an IoT car.
Any source on this? Sounds interesting. There's only so many reasonable places you could put an antenna, given that vehicles are mostly metallic. So, if so many cars are have cell modems, they should be easy to find.
I'm aware of OnStar, but that certainly doesn't cover "most" cars. GM has less than 20% of the US market [0].
I have an engineer friend who works on the 2/3G modems for a German automotive brand. He told me anecdotally many years ago. And the public generally learned from the security breaches and vulnerability exposures. Here is one:
As you can see in the article above, by "most" I meant pretty much everybody. Just like gorilla glass are standard for smartphones, car connectivity is a standard feature on modern cars, and it doesn't cost much to the manufacturers to add that on - given the upstream auto suppliers producing these TCUs (telematics control unit) in a massive scale, which is also why all these car brands were affected (sourced from the same supplier.) And they can up-sell connectivity based subscription features with higher profit margin.
It's usually a wholesale deal like what those MVNO are getting for the initial period of a new car and then car owners pay for the full service price later. The Big three wireless carriers want those IoT contacts as much as the automotive manufacturers, since those are also counted as subscribers and generating recurring revenues.
The other day I was working to build a minimal docker image with a command line tool to interact with http protocol to download a SDK. Other than curl and wget, are there any other commonly used *nix tools for that purpose?
yepp. I can't imagine how horrible this must feel not being given entry and not get any useful feedback to work with either. I'd be contemplating all types of conspiracies against me.
It's fairly well known, worldwide, that US immigration is farcical. People do stuff like wipe their devices because otherwise your guys might think it's reasonable to steal all of their data.
He doesn’t need a visa, he’s a Swede and covered by Visa Waiver Program.
He applied for an ESTA and was denied, but you only need an ESTA to come to USA by air/sea.
From what it seems, DS had an approved ESTA, didn’t check its status before leaving for another US trip and found out at check-in that it was cancelled.
DS could still try coming by land via Canada (or Mexico). Not sure if there are any cases out there of ESTA denials that were non-issues at a land crossing though...
At least any denial is face to face and may offer some relevant information. Future Mozilla All Hands, if in Canada, should be within a 1-2 hour drive of USA.
Edit: it looks like he did apply for a visa and is still waiting since his ESTA rejection said he was ineligible for the Visa Waiver Program. So I guess showing up at a land border is a non-starter.
If you've ever had to Google information about using libcurl you've most probably noticed how so many people ask questions and get answers by Daniel himself.
These answers are always very helpful and polite, doesn't matter if the question is smart or stupid.
Daniel seems a very nice person just as he's a great programmer, and I think curl success is due to its quality as much as it's due to how Daniel cares about it's users.
67 comments
[ 3.0 ms ] story [ 123 ms ] threadSo, good job man on your self-esteem shot, but too bad for the rest of us, customers or programmers, you only helped the shareholders of those companies.
wget would never be even a remote consideration for them. They would hire a developer to write something before using a quality freely available tool that forced them to be open with their source code.
Just like I have the right to know what is in the sausages I bought for lunch, I should have the right to know what is in the .exe I bought to run my accounting system
And the car would be a little more expensive to make, this price inevitably paid by the rest of us who want to buy the car.
Car manufacturers are never willingly going to use software that lets drivers hack their own cars. That sucks, but don't pretend it's the third-party software devs' fault.
I can write a shell script that invokes wget, but that doesn't mean my shell script is subject to GPL.
I can use wget on a Windows machine, it doesn't mean Microsoft has to give me the Windows source code.
They don't want a 10 billion dollar lawsuit to come down to the judge's interpretation of a license.
Usually licenses are on a flat good or bad list.
Practically speaking this would require providing access to replace the entire system (though as you say the GPL wouldn't apply to separate programs as that is generally considered to not be a derivative work from a copyright perspective).
Interestingly GPLv2 has similar but lighter requirements -- you have to provide instructions ("scripts") on how to build and install the software. But obviously many people believe that this was not strong enough to deal with firmware-locked systems and thus GPLv3 was born.
As if no one could have developed a non-GPL licensed implementation.
GPL has its place, but berating those who have or would choose a non-copyleft license is not productive. We are all free to make licensing choices, are we not?
That can be everything from OTAs to weather services, vehicle assistance services, positioning things, etc. Every feature of a "connected car" might be powered by a HTTP-based backend. And if the application inside the car is written in C/C++, using libcurl is a reasonable thing for interacting with those.
Eventually: spying on the passengers and turning the operator's behavior profile into an alternate revenue stream.
I'm not familiar with this functionality of curl. Is there some undocumented flag for that?
With power comes responsibility, of course.
Fair enough.
>That is good, if it is YOUR car. (emphasis added)
This my concern, if I can download anything I want to MY car, how hard/easy would it be for me to do it someone else's car?
If you are in a position where you can execute something on an appliance, all bets are off
pretty easy
1: https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warnin...
> Also, I have yet to figure out how to unhack the hackers from my Instagram so if you change your mind and want to restore my Instagram to its original form as well as help me secure my account from future privacy breaches, I'd be extremely grateful.
Somehow I would get calls, or people commenting with their account numbers.
I don’t know why people thought my default theme was the bank or a federal government, but that they did.
Programming level: tesla
Any source on this? Sounds interesting. There's only so many reasonable places you could put an antenna, given that vehicles are mostly metallic. So, if so many cars are have cell modems, they should be easy to find.
I'm aware of OnStar, but that certainly doesn't cover "most" cars. GM has less than 20% of the US market [0].
[0] https://www.statista.com/statistics/239607/vehicle-sales-mar...
You have pretty good reception inside your car, right? So does your car.
I have an engineer friend who works on the 2/3G modems for a German automotive brand. He told me anecdotally many years ago. And the public generally learned from the security breaches and vulnerability exposures. Here is one:
https://www.bleepingcomputer.com/news/security/security-flaw...
As you can see in the article above, by "most" I meant pretty much everybody. Just like gorilla glass are standard for smartphones, car connectivity is a standard feature on modern cars, and it doesn't cost much to the manufacturers to add that on - given the upstream auto suppliers producing these TCUs (telematics control unit) in a massive scale, which is also why all these car brands were affected (sourced from the same supplier.) And they can up-sell connectivity based subscription features with higher profit margin.
Would the manufacturer want to be paying a few dollars per car per month just in the hope the user might upgrade to OnStar later?
https://www.freebsd.org/cgi/man.cgi?fetch(1)
But maybe keep to what's installed by default in your image ?
https://daniel.haxx.se/us-visa.html
It's fairly well known, worldwide, that US immigration is farcical. People do stuff like wipe their devices because otherwise your guys might think it's reasonable to steal all of their data.
Annoying? Sure. Conspiratorial? eh. Their loss.
Sounds vaguely like a job interview. I'm reminded of the guy who wrote homebrew, yet couldn't get hired at Google.
He applied for an ESTA and was denied, but you only need an ESTA to come to USA by air/sea.
From what it seems, DS had an approved ESTA, didn’t check its status before leaving for another US trip and found out at check-in that it was cancelled.
DS could still try coming by land via Canada (or Mexico). Not sure if there are any cases out there of ESTA denials that were non-issues at a land crossing though...
At least any denial is face to face and may offer some relevant information. Future Mozilla All Hands, if in Canada, should be within a 1-2 hour drive of USA.
DS should apply for a Canadian ETA (equivalent of ESTA) just to see if he gets approved. The two governments share a lot of info...
The EU is working on its own “it’s not a visa, but it’s basically a visa” system for visa-exempt people to fly there.
These answers are always very helpful and polite, doesn't matter if the question is smart or stupid.
Daniel seems a very nice person just as he's a great programmer, and I think curl success is due to its quality as much as it's due to how Daniel cares about it's users.