Search

Items tagged with: CURL

#curl

As always, I will live-stream a #curl release presentation at 10:00 CET (09:00 UTC) tomorrow on my twitch channel: twitch.tv/curlhacker

curlhacker - Twitch

I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.
Twitch
#curl

The list of top #curl sponsors remains the exact same release after release...
curl top sponsors Jan 2026: Haxx, wolfSSL, Fastly, TeamViewer, GitHub, kirei, IBB, Elastic
#curl

I spend a ridiculous amount of my time on #curl security these days. Because I think that's my responsibility.

something something open source sustainability

#curl

buckle up and prepare for an unload of *six* CVEs against #curl getting published tomorrow, severity low and medium
#curl

The year's 6th day just started and we just clocked in our 8th hackerone report on #curl for the year.

This doesn't work.

#curl

less than 24 hours to the next #curl release...
#curl

#fosdem #curl

#curl

on the fourth day of the year and we have already disclosed 6 Hackerone reports against #curl

This can only end one way.

#curl

#curl

First day of new year: two #curl vulnerability reports received. Both identified real bugs, neither is a security problem.
#curl

#curl

#curl

26 years ago, on December 28 1999, we migrated the main #curl source code from self-hosted to Sourceforge.

It was the new hot thing. Imagine the idea of a dedicated service devoted to nothing but hosting code!

We then kept the code there for ten years (on CVS). A period when the distributed version control systems really exploded.

#curl

No strcpy either.

daniel.haxx.se/blog/2025/12/29…

#curl


no strcpy either

Some time ago I mentioned that we went through the curl source code and eventually got rid of all strncpy() calls. strncpy() is a weird function with a crappy API. It might not null terminate the destination and it pads the target buffer with zeroes.
daniel.haxx.se
#curl

#curl hackerone update: one more vulnerability was confirmed legit and we have six pending CVEs now.

Only one of the submitted issues remains in triage but I'm advocating closing as N/A.

#curl

I'm submitting lovingly hand-crafted 100% organic reports to #curl #hackerone
#curl #hackerone

I’ve heard #curl is a thing among Fediverse inhabitants. Will this help me get accepted to your tribe?
Shampoo bottle that states “curl expression”
#curl

One right doesn't fix 100 wrongs. I'm happy for you and for #curl, but this doesn't change my opinion about #github and #microsoft in the slightest.
#github #microsoft #curl

strcpy density in #curl source code
a graph showing the strcpy density in the curl source code, going from above 2 per KLOC in the early 2000s to zero in the end of 2025
#curl

Not sure, I know there was this one time when the employees got to vote for projects to sponsor and #curl was one of them.
#curl

Number of hackerone reports on #curl doubled since last year
#curl

I spent many hours yesterday debunking another hackerone report against #curl.

It's such a good sigh of relief when the ultimate conclusion is that it is not a vulnerability. (disclosed soon of course)

#curl

GitHub is a top sponsor of #curl. They make a real difference. Can you say the same about whoever you work for?
#curl

#curl

#github #curl

@bagder should make phonecovers for #curl

  • Yes (0%, 0 votes)
  • Absolutely (0%, 0 votes)
  • Absolut! (0%, 0 votes)
  • Where to I buy it (100%, 1 vote)
  • Fan också! (0%, 0 votes)
1 voter. Poll end: 1 week ago

#curl @daniel:// stenberg://

Probably old news but my mind is always blown by all the stuff #curl can do. I had zero idea that curl has a —form argument that lets you simulate filling out a form, complete with a file upload. Let me automate a super annoying task for a friend with a dead simple bash script.
#curl

#curl

#curl @cpu

#curl

#codeberg #curl

I ordered 6,000 new #curl stickers.
#curl

Microsoft: „1 engineer, 1 month, 1 million lines of code“

That would mean @bagder
rewriting 5 #curl projects into Rust in a month.

Microsoft revising the „rewrite over a weekend“ meme to it actually taking them 6 days. For a person they have not hired yet. With tools they still have to invent.

If you are a MS customer, you‘d better start putting more money into Copilot right away!

theregister.com/2025/12/24/mic…


Microsoft wants to replace its entire C and C++ codebase, perhaps by 2030

: Plans move to Rust, with help from AI
Simon Sharwood (The Register)
#curl @daniel:// stenberg://

If you have ideas for a new #curl sticker design, let me know. I'm about to order a new batch soon.

Logo images to play with: curl.se/logo/

#curl

Basically the only way to get #curl stickers (without printing your own set) is to approach me when I show up somewhere to talk.

The next big chance is at #FOSDEM where I usually give away **thousands** of curl stickers.

It is always fine to pick a few extra to hand out to your friends and grandparents.

#fosdem #curl

#curl

1. User complains to #hackerone that I named his *previous* name when he renamed himself to a silly name after I banned them in a #curl report filed back in October.

2. Hackerone asks me to respond on their support forum, on which I have no account. Grrr. I refuse to.

3. Replying to the hackerone email about this instead, I get a bounce saying they don't accept emails on support@hackerone ...

Kill me now.

(The user who submitted this report was going by the name "b4sh0ne" up until their last comment when they renamed to this new name. Unfortunately, the HackerOne interface does not properly show this. We banned the user nonetheless.)
#curl #hackerone

Joshua Rogers on his bug bounty experiences in 2025.

Positive for #curl, kafka-esque for all others mentioned. ‚BugCrowd‘ seems to a typical level-1 support company living on denials.

(Joshua also reported on Apache and pbly other projects where he could talk to the maintainers. I take #curl here as an example for FOSS projects interested in actually securing things.)

joshua.hu/2025-bug-bounty-stor…

My 2025 Bug Bounty Stories

A recap of my 2025 bug bounty experiences, featuring failures and stories from Google Cloud, GitHub, Vercel, Opera, and others.
Joshua Rogers (Joshua Rogers’ Scribbles)
#curl