Search

Items tagged with: curl

Had a small photo session to get some new material for the #curl release slide set for the release presentation tomorrow. Daisy the cat was not impressed.
A wooden robot and tiles saying "team curl"
A wooden robot, tiles saying "team curl" and a cat looking away
#curl

The #curl eight week release cycle explained in a single image
A circle diagram explaining the different phases in the curl release cycle: cool down, feature window, feature freeze and the three different release candidate drops.
#curl

When #curl turns into an evil empire, we already have the flag done.
the curl evil empire flag. A cog, the curl symbol, a fist. In red circles on a black flag.
#curl

#curl

with 48 hours left until release, I took the mandatory #curl "release photo"
8 14 0 in wooden tiles and a curl sticker
#curl

Starting with #curl 8.14.0 coming on Wednesday May 28, the wcurl script comes bundled and gets installed on "make install".

curl.se/wcurl/

wcurl

curl.se
#curl

Me yesterday in front of a huge #curl number of lines of code graph.
Daniel on stage in front of huge graph shown behind, number of lines of code in the curl project over time.
#curl

#curl

#curl

One week from the pending next #curl release, I uploaded the final release candidate, rc3 to curl.se/rc/

Please consider taking this for a spin and verify that everything seems to work as they should.

Thanks for flying curl.

curl release candidates

curl.se
#curl

I ran a quick SFTP performance test with #curl built to use #libssh 0.11.1 vs one built that uses #libssh2 1.11.1 over a 400ms latency connection.

One of them managed to perform this at 1049K/sec, the other reached only 249K/sec.

And the winner is...

libssh2

Funny detail: I sped it up for this kind of use case **fifteen years ago** and blogged about it: daniel.haxx.se/blog/2010/12/08…


Making SFTP transfers fast

SFTP, the SSH File Transfer Protocol, is a misleading name. It gives you the impression that it might be something like a secure version of FTP, perhaps something like FTPS but modeled over SSH instead of SSL.
daniel.haxx.se
#curl #libssh2 #libssh

#curl

Google go home, you are drunk

#curl

A google "sugested answer" reading: What is the Linux equivalent of curl? Wget
#curl

I frequently drive past this mailbox and think of @bagder and #curl. I like to imagine the owners contacting Daniel for random plumbing issues after finding the curl license in their home owners insurance policy.
Midwestern United States mailbox with the word "CURL" on a sign.
#curl @daniel:// stenberg://

#curl

#curl

#curl

@bagder Essentially, #curl commit 0ae0abbe72514a75c10bfc4108d9f254f594c086 broke updating #HardenedBSD packages for certain users who use HardenedBSD behind a fully Tor-ified network (a network that uses transparent Tor proxying).

Those users were unable to update their HardenedBSD systems since the package manager uses libcurl behind-the-scenes. Some of these users live in malicious environments (malicious to human life), with actively-exploited applications.

So, this prohibition had a real negative impact, putting our users in harm's way.

If curl had a way to bypass the prohibition, we would've been able to keep our users safe.

This is why I mention #Radicle: they, too, do not support the .onion TLD by default, but can be configured to provide that support.

Radicle has three options:

  1. Default: No support, .onion domain lookups will fail.
  2. SOCKS support where .onion lookups succeed.
  3. Explicit transparent proxying support, so .onion lookups succeed

curl is missing that third option.

#curl #hardenedbsd #radicle @daniel:// stenberg://

#curl build updates: curl-for-win Windows builds are now signed with cosign. Download page now includes links to these and to GPG signatures. The latest build uses zlib-ng instead of classic zlib as an experiment. curl.se/windows
Daily builds (also for Linux and macOS) are also signed now with GPG and cosign: github.com/curl/curl-for-win/a…

daily · Workflow runs · curl/curl-for-win

Reproducible, static, curl binaries for Linux, macOS and Windows - daily · Workflow runs · curl/curl-for-win
GitHub
#curl

#Tor #HumanRights #curl #libcurl #radicle #torproject

#curl

#curl

Tor has introduced this new cool tool they call oniux. On the page announcing it they show off a #curl command line that hasn't worked for two years... since curl nowadays refuses to resolve .onion names like RFC 7686 says.

blog.torproject.org/introducin…


Introducing oniux: Kernel-level Tor isolation for any Linux app | Tor Project

Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
blog.torproject.org
#curl

#curl

and even before you ask: the graph of graphs in the #curl dashboard
A graph showing a growth of graphs to 87 over time, the number of individual plots has grown to 245. From January 2020 to mid 2025.
#curl

and: what share of the #curl code is considered how complex, over time
Graph showing an increasing share of code considered to be less complex over time.
#curl

It's been a while but here's a new graph I'm testing. Getting the complexity for every function in #curl then assigning that complexity for all lines in that function. This gives an "average complexity per source code line".

Then plot this score for curl over time.

The idea now being to push it down hard.

Source code line complexity. A plot that sits around 40-50 for about 23 years but then slightly starts to fall and is at ~25 nearing mid-2025.
#curl

#curl

#curl

yeah #curl has just 16 open issues. I'm a firm believer in not having a lot of open issues so we in fact never do. We work really hard on that. A project philosophy.
#curl

Darn, we missed the opportunity for a celebratory cake when we passed 5,000 closed issues in the #curl project
Closed: 5,006 (partial screenshot from GitHub issues for curl)
#curl

#curl

We have a CI job to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot the diff. I mean the diff is shown, but the significance of it is not.

Changing just a single letter like that in a URL hostname opens up for a world of grief.

GitHub diff output showing what looks like identical strings as being different. The right one has the Latin 'g' replaced with an Armenian 'g'.
#curl

Live the bleeding edge life, help out the #curl project and test the fresh 8.14.0-rc2 build: curl.se/rc/

(Do not use release candidates in production. They are work in progress. Use them for testing and verification only. Use actual releases in production.)

curl release candidates

curl.se
#curl

#curl

#security #AI #tech #curl #hackerone #vulnerabilities #bugreports

The Register gets the amount completely wrong, as we have paid over 86,000 USD in bug-bounties since 2019.

It's just not that visible on #curl's hackerone page since the payouts are manged by the Internet Bug Bounty since several years.

Update: I sent them a correction and they already updated the article!

#curl

Five years ago I got the chance to write "A book for my library is a book about my library". A #curl #book #review

daniel.haxx.se/blog/2020/05/07…


Review: curl programming

Title: Curl ProgrammingAuthor: Dan GookinISBN: 9781704523286Weight: 181 grams A book for my library is a book about my library! Not long ago I discovered that someone had written this book about curl and that someone wasn't me! (I believe this is a f…
daniel.haxx.se
#book #Review #curl

#curl