Notices by daniel:// stenberg:// (bagder@mastodon.social), page 2

Two years ago we introduced the #libcurl header API:

https://daniel.haxx.se/blog/2022/03/24/easier-header-picking-with-curl/

On this day twenty-seven years ago, I released the first #curl version. I called it 4.0 as I kept the versioning from the previous names.

The Matrix channel #curl:curl.se is now bridged to the #curl IRC channel for even more curl chatting

@dalias @astraleureka as mentioned elsewhere in this thread, it's my DNS that is "helpful"!

We got another "critical vulnerability" on #curl reported. I figured you might enjoy it.

"The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials"

Yawn. Away, away you go.

ok sorry, embarrassingly enough it was misdiagnosed by me. It is my silly DNS server that "helpfully" resolves these names for me!

I'm sitting here trying to make sure the #curl URL parser acts consistently. Which certainly is a challenge...

Inconsistent octal madness

$ ping 010
PING 010 (0.0.0.8) 56(84) bytes of data.
$ ping 010.1.1.1
PING 010.1.1.1 (8.1.1.1) 56(84) bytes of data.
$ ping 018
ping: 018: Name or service not known
$ ping 18
PING 18 (0.0.0.18) 56(84) bytes of data.
$ ping 018.1.1.1
PING 018.1.1.1 (18.1.1.1) 56(84) bytes of data.
$ ping 18.1.1.1
PING 18.1.1.1 (18.1.1.1) 56(84) bytes of data.

Also fun to see the lines of docs per 1000 lines of product code:

Only 517 lines left until 100,000 lines of documentation in the #curl git repository...

@hyc Agreed. That's one of the details I keep bringing up as a proof of rust not being very mature for system level stuff like libraries.

Remember: when you run #curl shipped by Apple with the --cacert flag it won't behave like #curl does everywhere else. As I wrote about last year. I think they're doing it wrong. They think its fine.

https://daniel.haxx.se/blog/2024/03/08/the-apple-curl-security-incident-12604/

Ten years ago on this day we went full GitHub model in #curl: pull-request style development. We have since handled over 10,700 PRs in an increasing amount of activity.

https://daniel.haxx.se/blog/2015/03/03/curl-embracing-github-more/

I'm sensing strong renewed anti-GitHub sentiments among my (non-US based) peers these days as the US is seemingly in a free-fall towards chaos.

We will of course keep prioritizing security and safety for the #curl project and its contributors and will act immediately if the signs tell us we should.

Hm...

It is now *seven* years since #Microsoft started shipping #curl as part of the Windows operating system.

https://curl.se/windows/microsoft.html

Today is also two years since "the nuget story" where I struggled to get a ten year old and vulnerable #curl version delisted:

https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/

https://everything.curl.dev/ is 114,836 words of #curl documentation for you

I know it is often repeated, but #curl is not a one man factory:

https://everything.curl.dev/project/devteam.html

Adding #curl release candidates

https://daniel.haxx.se/blog/2025/02/28/adding-curl-release-candidates/