Search
Items tagged with: cURL
Last year on this day the bogus #curl CVE arrived that triggered a series of events that subsequently made #curl become a CNA.
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
docs: Clarify OpenSSF Best Practices vs Scorecard by cpswan · Pull Request #14635 · curl/curl
#14319 introduced a section to SECURITY.md titled OpenSSF Scorecard that actually documents OpenSSF Best Practices (Scorecard is a different OpenSSF project, that incorporates Best Practices, but i...GitHub
The Linux kernel is 38 million LOC. #curl is 170K. The kernel is 223 times bigger.
The Linux kernel ships 60 CVEs per week, 3100 per year.
curl ships on average 13 CVEs per year, 3100/223 = 14
== Roughly the same CVE/line of code ratio.
and here I get into a discussion about why we don't show off the "OpenSSF scorecard" in #curl
(tldr: it's wrong)
https://github.com/curl/curl/discussions/12609
Scorecard integration from Open Source Security Foundation · curl curl · Discussion #12609
Hi, Me and a group of friends want to participate in the "Secure Open Source Rewards (SOS)" program from the Open Source Security Foundation. All of us are newbies in the open source comunity contr...GitHub
option CURLOPT_TCP_KEEPALIVE doesn't work with new version · Issue #14368 · curl/curl
I did this I use curl to request to a php web api. The PHP server will take a long time to answer the request ,like 600 seconds.So,I need to keep alive to wait the reply. Old version 7.65.3 works w...GitHub
When I work a year on #curl that amounts to about 1.5 milliseconds spent on each installation.
Seems worth it.😌
"a filename when none exists"
Starting in #curl 8.10.0, curl works a little harder to come up with a filename to store the download in when -O is used.
https://daniel.haxx.se/blog/2024/08/19/a-filename-when-none-exists/
Exactly eight years ago #Microsoft made powershell open source and I *immediately* filed a pull request to remove their #curl alias...
Did not really work.
https://daniel.haxx.se/blog/2016/08/19/removing-the-powershell-curl-alias/
skip a #curl transfer
- If the target file already exists on disk, skip downloading it.
https://daniel.haxx.se/blog/2024/08/17/skip-a-curl-transfer/
I found the chosen colors hard to distinguish in the key section and map to the graphs.
#curl does actually get way more PRs than issues?!
The funding of critical open-source projects of our everyday lives has becond increasingly important. The Sovereign Tech Fund has set out to improve the situation with various programs that assist these projects as @polexa explains.
We're thrilled being joined by @bagder who shares his experiences with maintaining the #curl project and the STF.
🎧 https://focusonlinux.podigee.io/113-sovereign-tech-fund
Sovereign Tech Fund
If there is one thing that has become increasingly important in recent years, it is the funding of critical open-source projects that have long been part of our everyday lives.FOCUS ON: Linux
How to tell another US government org uses #curl?
"Subject: [ACTION REQUIRED] U.S. Department of Energy Secure Software Development Attestation Submission Request"
It is useful to understand how #curl connects to hosts. Happy Eyeballs style.
https://everything.curl.dev/usingcurl/connections/happy.html
Happy Eyeballs - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
spnego_gssapi: implement TLS channel bindings for openssl by Foorack · Pull Request #13098 · curl/curl
Channel Bindings are used to tie the session context to a specific TLS channel. This is to provide additional proof of valid identity, mitigating authentication relay attacks. Major web servers hav...GitHub
Daniel Stenberg on #curl's Journey: From C64 Demos to Internet Transfers. (I was on Nerding out with Viktor the other day.)
In #curl 8.10.0, coming on September 11, 2024, we introduce support for -vv, -vvv and -vvvv
https://daniel.haxx.se/blog/2024/08/12/verbose-verboser-verbosest/
(thanks to @icing)
more #curl help
Get documentation for a specific option with curl -h
[option]https://daniel.haxx.se/blog/2024/08/09/more-curl-help/
@markuswerle @jakob @pluralistic This is how I interpret the situation: #GitHub offers open source programs free access to GitHub actions today exactly as it did in the past. This access is limited in CPU performance and parallelism. It always was. All free CI services do this.
The #curl project was bumped to a fancier account to give us more actions powers: more CPU and more parallelism.
That is them doing us a favor and them supporting us, not the other way around.
with this knowledge we are pondering what we can to do make things less annoying for #curl on Windows.
What now takes a few milliseconds on my Linux machine, takes several seconds on Windows. Not ideal.