https://github.com/curl/curl/commits/1886260a95f442d947b4d1f...
https://github.com/curl/curl/commit/97164e99deda1b47f8f483cd...
https://github.com/curl/curl/commit/784a8ec2c1a3cc4bd676077a...
https://github.com/curl/curl/commit/1886260a95f442d947b4d1fc...
https://nvd.nist.gov/vuln/detail/CVE-2025-0725
This highlights that no one's time is ever wasted. An experiment that was once insulted and condemned as pointless turned out to be the small spark that triggered a series of quiet code fixes. However, I feel for the hackers in other projects who pointed out vulnerabilities only to be dismissed because the maintainers didn't want to pay up, only for them to secretly apply the fixes anyway. Fortunately, curl is not that unethical.
lopanapol•1h ago
Upon reviewing the HackerOne reports following the experiment, it was found that many remained categorized as "Not-applicable" or "Spam," including even a "Happy New Year" message from a novice hacker. It is unfortunate that such an individual had to be bluntly taught a lesson by the reality of the world.
These events demonstrate that being human does not vary in direct proportion to technological knowledge. However, one can see the clear effort by the curl team to protect their open-source project, which has a massive user base. A successful hack would result in immense damage, making their sacrifice highly commendable in my view. Yet, this attempt to protect also creates a divide between the defenders and those who cause them to waste their invaluable time.
Personally, I believe everyone's time is valuable—both the curl maintainers and the new programmers attempting to use AI to generate income, or even those with the intent to spam. Even if the spammers are devalued, with their time considered less worthy than those trying to protect the world, it still reflects our inherent humanity.
What is interesting is that reading the comments in the various related links reveals the true identity and character of the commenters. Personally, I do not feel angry or affected by those words, but rather feel sympathy, wondering what led them to become that way. Ultimately, it shows that AI is still not intelligent enough.
If anyone is interested, you can follow and read these related links:
https://news.ycombinator.com/item?id=42361299
https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-s...
https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d...
https://thenewstack.io/curls-daniel-stenberg-ai-is-ddosing-o...
https://redmonk.com/videos/daniel-stenberg-ai-onslop/
And many more—I am sure you can find them yourself. Ultimately, I want to offer my support to open-source projects in overcoming this issue. I also feel for the "little hackers" who have been cursed at and trampled upon by the myth of judging human value. I want them to try looking from another perspective—the developer's side—where an overwhelming workload can cause a breakdown and expose human vulnerability.
I will continue to monitor how the AI Slop problem concludes. Personally, I believe this experiment was worth it; it created a ripple effect that made the world realize the gravity of the situation. However, things might only improve after the Iran war, as the world is currently focused on much heavier and more violent issues. I just hope curl doesn't have a vulnerability that could end up triggering a nuclear explosion.
I am open to every opinion. It reflects who you are and a sense of humanity that AI simply cannot replicate. You can criticize me or say whatever you like; I won't feel anything toward it. However, doing so might help some people see this truth.
Best,
Napol Thanarangkaun