bagder

bagder , 15 hours ago to random

Here's a user in the wild who was bitten by the Apple "backdoor" in #curl:

https://github.com/curl/curl/discussions/14009

bagder , 10 days ago to random

closing hackerone reports as not applicable without mercy on a Saturday night

bagder , 11 days ago to random

The #curl website has been hosted by #Fastly CDN for over seven years now. I cannot ask for a better service and a friendlier company to help us.

Starting now they offer a free tier. https://www.fastly.com/pricing/

Here's my blog post from seven years ago: https://daniel.haxx.se/blog/2017/05/02/a-curl-delivery-network/

bagder , 15 days ago to random

Experimental HTTP/3 support is soon coming to #curl on #debian. Brace for impact! https://curl.se/mail/distros-2024-06/0000.html

bagder , 18 days ago to random

On this day ten years ago, we lost our innocence as the former single page HTTP/1.1 specification (RFC2616) "exploded" into six separate new documents (RFC7230 and family). We could then no longer pretend HTTP was a simple protocol.

In June 2022, it was again updated:. "RFC 9110 and family". The spec is now split up into five main documents: semantics, caching and separate specs for each version: 1.1, 2, 3.

Those five documents hold 143,000 words combined. HTTP is not easy.

bagder , 21 days ago to random

"maybe we need this in the future" is a bad idea for writing good code. If we need that flexibility in the future, other things will have changed as well. Better do it then, not complicating matters now.

Turning down needlessly flexible code like a boss.

bagder , 26 days ago to random

#Windows users running stupid scanners now contact us for support regarding CVE-2023-46218 which the scanners say affects #curl 8.4.0 shipped by Microsoft.

It would, if their version was built to use #iibpsl, a prereq for this CVE, which #Microsoft does not.

Security scanners. A snake oil business.

https://curl.se/docs/CVE-2023-46218.html

bagder , 1 month ago to random

When #Mozilla created their new logo with :// in it, the team behind reached out to me and asked if I had any objections since #curl already was using :// in our logo.

I did not object - I approved of it. I think it validated our logo choice and I am jealous they have a name that can hold :// integrated the way they do.

(I was employed by Mozilla at the time)

bagder , 1 month ago to random

“I could rewrite #curl”

Here's my collection of some less cheerful quotes to keep me firmly grounded. Blogged three years ago today:

https://daniel.haxx.se/blog/2021/05/20/i-could-rewrite-curl/

bagder , 1 month ago to random

Remember to take the #curl user survey 2024 - if you can spare a few minutes.

https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/

bagder , 1 month ago to random

What's (open source) maintaining?

bagder , 1 month ago to random

Please consider donating a few minutes of your time and answer the #curl user survey 2024:

https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/

bagder , 1 month ago to random

It has been a long time coming, but I've made it official:

"Daniel no longer answers questions on stackoverflow. Use a dedicated public curl forum for accurate and timely answers about anything #curl. "

(yes, speaking about myself in 3rd person)

https://stackoverflow.com/users/93747/daniel-stenberg

bagder , 1 month ago to random

"To me, the latest is the latest my OS provides me. If #curl maintainers dont care about pushing the latest into the OSes they support, it's not me to blame. I think curl maintainers should push Centos to provide the latest to all users. What's the purpose of you fixing multiple bugs and security holes if you dont spend time to make it available to the broader audience?"

We are obviously all just too lazy.

https://github.com/curl/curl/issues/13546

bagder , 1 month ago to random

Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the median first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.

I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.

We take security seriously.

bagder , 2 months ago to random

#libcurl has proudly served as the HTTP(S) engine in #git for nineteen years now.

bagder , 2 months ago to random

Nine years ago today, a #curl command line was prominent on an even larger display...

https://daniel.haxx.se/blog/2015/04/24/curl-on-the-nasdaq-tower/

bagder , 2 months ago to random

When in my car, I found myself in my car.

bagder , 2 months ago to random

#curl is just the hobby

https://daniel.haxx.se/blog/2024/04/22/curl-is-just-the-hobby/

bagder , 2 months ago to random

I was reminded of the great #Cisco security fix of 2019

#curl

bagder , 2 months ago to random

Nowadays when I post something on my blog I almost always have to delete one or more comments that are highly offensive or outright attacking me verbally.

Can't we all just be friends instead?

bagder , 2 months ago to random

Verified #curl.

Don't trust. Verify.

https://daniel.haxx.se/blog/2024/04/10/verified-curl/

bagder , 2 months ago to random

ln -s [one] [two]

the arguments are done in the same order as if you would have done it with cp.

Yes, it really is that easy. You can stop worrying about it now.

bagder , 2 months ago to random

I suppose his book should've given us a hint

bagder , 3 months ago to random

in case you too want to cross-stitch it