Notices by daniel:// stenberg:// (bagder@mastodon.social)

When you need to shrink your SVG images to their bare minimum, this is an awesome resource: https://svgomg.net/

make a photo realistic embroidered wall piece with the words "never expect two independent URL parsers to treat every URL identically"

okay, that failed

"again without repeating any words"

*ripping my eyes out*

This is not working. The number of #hackerone report submissions for #curl in 2025 is going through the roof, while the quality is going through the floor.

And the year isn't over yet.

Today, twenty-nine awesome years ago, httpget 0.2 shipped. Unfortunately, both the source and the changelog for this release have been lost in time (like tears in rain).

httpget was the precursor to what later would become #curl

The internet, and the web, was different in 1996.

@kaia you can still apply your own intelligence and good sense, using AI doesn't have to also mean giving up

new day, new slop

curl.se is now at 78 terabytes/month

You can subscribe to the Daniel weekly emails. Terribly nerdy details on what I've worked on last week. About curl, open source, security and related ramblings. No sales. No ads. For free.

https://lists.haxx.se/mailman/listinfo/daniel

I am probably getting old, but the idea to cram in lots of events in Brussels the entire week before FOSDEM is not getting my thumbs up. Or well, you can have them but I won't be there.

A regular FOSDEM already wears me out on its own. Being at the European Open Source Awards on the Thursday before FOSDEM is stretching it but I will do it.

Adding *more* events to my agenda that week would probably kill me.

Did I mention I'm old? Leave me alone.

Made with AI. Of course.

DHH launches something he says is Open Source but isn't. https://world.hey.com/dhh/fizzy-is-our-fun-modern-take-on-kanban-and-we-made-it-open-source-54ac41b6

Matt Mullenweg calls it false advertising: https://ma.tt/2025/12/dhh-open-source/

All this I learned from Dries Buytaert: https://dri.es/source-available-is-not-open-source-and-that-is-okay

Addressing Linux’s Missing PKI Infrastructure

"we’re starting the development of upki: a universal PKI tool. This project initially aims to close the revocation gap through the combination of a new system utility and eventual library support for common TLS/SSL libraries such as OpenSSL, GnuTLS and rustls"

https://discourse.ubuntu.com/t/addressing-linuxs-missing-pki-infrastructure/73314

@arichtman did you forget to read the linked article?

Debating security researcher on Hackerone like any normal Sunday. You?

These are two of my favorite memes about companies putting AI into everything.

if you have any additional favorite ones you want to share, I wouldn't mind a few more to spice up one of my coming talks with....

@p A) is that really the only company on that page that might have questionable ethics? I think most of them are. B) I don't "associate myself" with them. They use curl.

Reminder. #curl runs in all your devices. So I made a slide to show some of them.

(yeah, I've used and shown this slide numerous times before and I will probably do it again...)

@4diejungs there are many more than 3 billion devices running curl...

"Hi Daniel,

cURL is an awesome tool and based on your website, you seem like an awesome guy!

Thank you,
[name]"

On Linux, if I want a library that can produce a nice stack trace on demand with function name + line number in my C code, which is your recommended choice?