
A hundred million cars run curl - LinuxBender
https://daniel.haxx.se/blog/2018/08/12/a-hundred-million-cars-run-curl/
======
DyslexicAtheist
A hundred million cars run curl yet Daniel Stenberg is unable to get a visa
for the US.

[https://daniel.haxx.se/us-visa.html](https://daniel.haxx.se/us-visa.html)

~~~
Scoundreller
He doesn’t need a visa, he’s a Swede and covered by Visa Waiver Program.

He applied for an ESTA and was denied, but you only need an ESTA to come to
USA by air/sea.

From what it seems, DS had an approved ESTA, didn’t check its status before
leaving for another US trip and found out at check-in that it was cancelled.

DS could still try coming by land via Canada (or Mexico). Not sure if there
are any cases out there of ESTA denials that were non-issues at a land
crossing though...

At least any denial is face to face and may offer some relevant information.
Future Mozilla All Hands, if in Canada, should be within a 1-2 hour drive of
USA.

~~~
callalex
Do you think this kind of behavior from our government will continue to keep
the US in the epicenter of tech innovation?

~~~
Scoundreller
I’m not USian... but no.

DS should apply for a Canadian ETA (equivalent of ESTA) just to see if he gets
approved. The two governments share a lot of info...

The EU is working on its own “it’s not a visa, but it’s basically a visa”
system for visa-exempt people to fly there.

------
theandrewbailey
I thought it was more people complaining that they "have toyota corola".
[https://daniel.haxx.se/blog/2016/11/14/i-have-toyota-
corola/](https://daniel.haxx.se/blog/2016/11/14/i-have-toyota-corola/)

~~~
andyidsinga
that is so interesting : developer puts email addr in license.txt; normal end
user finds the only email addr in the whole UI and emails tech support
request.

~~~
kbenson
Well, the tech support requests are likely better than the hacking accusations
he gets.[1]

1: [https://daniel.haxx.se/blog/2016/01/19/subject-urgent-
warnin...](https://daniel.haxx.se/blog/2016/01/19/subject-urgent-warning/)

~~~
ozim
Seems like _haxx_ domain is not great for interfacing with non technical
people. I would even bet it could also be the case if he uses _haxx_ email
domain for US visa, he is not getting one...

~~~
therein
Likely a combination of that and a quick search of his email matches malware
source code since they'll likely have curl.h in there.

------
ratsbane
That just reminds me of the time I tried (and finally succeeded) in using curl
at a BigCorp around 2004. I had to convince layers of non-technical management
that this tiny, elegant, free, simple solution was better than an expensive
and unwieldy commercial alternative. I finally wore them down and I wouldn't
be surprised if the curl solution is still quietly working away at thousands
of their locations.

------
lultimouomo
If you've ever had to Google information about using libcurl you've most
probably noticed how so many people ask questions and get answers by Daniel
himself.

These answers are always very helpful and polite, doesn't matter if the
question is smart or stupid.

Daniel seems a very nice person just as he's a great programmer, and I think
curl success is due to its quality as much as it's due to how Daniel cares
about it's users.

------
jaxtellerSoA
Not sure if this is good thing? I know as the dev you are excited about it.
But if I can gain access to the hardware using curl in my car, then I can
download anything I want to my car.

~~~
ISL
That is good, if it is your car.

With power comes responsibility, of course.

~~~
jaxtellerSoA
>With power comes responsibility, of course.

Fair enough.

>That is good, if it is YOUR car. (emphasis added)

This my concern, if I can download anything I want to MY car, how hard/easy
would it be for me to do it someone else's car?

~~~
thecatspaw
thats more a "how did you get access to my car" issue though, and not
neccessarily a curl issue.

If you are in a position where you can execute something on an appliance, all
bets are off

------
beamatronic
100 million cars can connect to the Internet?

~~~
devy
Probably. Cars today are more connected - most of them have modems since the
2G wireless era (a lot of times you are probably unaware it's there.)

~~~
ac29
>most of them have modems

Any source on this? Sounds interesting. There's only so many reasonable places
you could put an antenna, given that vehicles are mostly metallic. So, if so
many cars are have cell modems, they should be easy to find.

I'm aware of OnStar, but that certainly doesn't cover "most" cars. GM has less
than 20% of the US market [0].

[0] [https://www.statista.com/statistics/239607/vehicle-sales-
mar...](https://www.statista.com/statistics/239607/vehicle-sales-market-share-
of-general-motors-in-the-united-states/)

~~~
devy
> Any source on this?

I have an engineer friend who works on the 2/3G modems for a German automotive
brand. He told me anecdotally many years ago. And the public generally learned
from the security breaches and vulnerability exposures. Here is one:

[https://www.bleepingcomputer.com/news/security/security-
flaw...](https://www.bleepingcomputer.com/news/security/security-flaws-found-
in-2g-modems-used-by-bmw-ford-infiniti-and-nissan-cars/)

As you can see in the article above, by "most" I meant pretty much everybody.
Just like gorilla glass are standard for smartphones, car connectivity is a
standard feature on modern cars, and it doesn't cost much to the manufacturers
to add that on - given the upstream auto suppliers producing these TCUs
(telematics control unit) in a massive scale, which is also why all these car
brands were affected (sourced from the same supplier.) And they can up-sell
connectivity based subscription features with higher profit margin.

~~~
londons_explore
Surely the manufacturer still has to pay for cell service for that modem.
That's typically billed on a per GB and per line basis.

Would the manufacturer want to be paying a few dollars per car per month just
in the hope the user might upgrade to OnStar later?

~~~
devy
It's usually a wholesale deal like what those MVNO are getting for the initial
period of a new car and then car owners pay for the full service price later.
The Big three wireless carriers want those IoT contacts as much as the
automotive manufacturers, since those are also counted as subscribers and
generating recurring revenues.

------
devy
The other day I was working to build a minimal docker image with a command
line tool to interact with http protocol to download a SDK. Other than curl
and wget, are there any other commonly used *nix tools for that purpose?

~~~
funkymike
FreeBSD has fetch.

[https://www.freebsd.org/cgi/man.cgi?fetch(1)](https://www.freebsd.org/cgi/man.cgi?fetch\(1\))

------
shmerl
Does it mean actual CLI curl client or libcurl library?

~~~
eddieroger
He didn't say, but I have to assume libcurl since my Android-based head unit
doesn't offer me a terminal emulator with curl, but does make HTTP calls.

------
2400
What do they use it for generally? Downloading updates?

~~~
jackhack
currently: entertainment systems (audio streams, weather forecasts,
traffic/route planning navigation, etc.)

Eventually: spying on the passengers and turning the operator's behavior
profile into an alternate revenue stream.

~~~
lordlimecat
> spying on the passengers

I'm not familiar with this functionality of curl. Is there some undocumented
flag for that?

------
NVRM
Hey, I use curl too in my apps!

Programming level: tesla

