daniel:// stenberg://'s Avatar

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

I write curl. I don't know anything. [bridged from https://mastodon.social/@bagder on the fediverse by https://fed.brid.gy/ ]

2,815
Followers 0
Following 2,830
Posts 07.06.2024
Joined
Posts Following

Latest posts by daniel:// stenberg:// @bagder.mastodon.social.ap.brid.gy

Grrrrr. We are now looking at *three* vulnerabilities to announce with the next #curl release...

06.03.2026 13:34 πŸ‘ 6 πŸ” 1 πŸ’¬ 3 πŸ“Œ 0

After conference beer in Oslo with the Mrs. Living the open source celeb life. Not bad.

05.03.2026 16:00 πŸ‘ 9 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Three decades of curl | NDC Security Oslo 2026 Curl is a ubiquitous Internet transfer engine. An Open Source client-side library for doing internet transfers specified as URLs.

I'll talk three decades of #curl in less than an hour here at NDC Security:

https://ndcsecurity.com/agenda/three-decades-of-curl-0ugm/0m55j1o34kp

05.03.2026 07:08 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."

05.03.2026 05:50 πŸ‘ 6 πŸ” 5 πŸ’¬ 0 πŸ“Œ 1

Hello #Oslo

04.03.2026 10:15 πŸ‘ 1 πŸ” 0 πŸ’¬ 3 πŸ“Œ 0
Preview
OpenInfra Forum #21! 110/150 seats available. , Thu, May 21, 2026, 11:00 AM | Meetup ``` FΓΆr att anmΓ€la dig: Skicka ett mail till db@sarimner.com och svara pΓ₯ frΓ₯gorna: 1. Vill du ha lunch? 2. Vill du ha wrap + dricka efter eventet? 3. Vill du gΓ₯ pΓ₯ efterf

The Open Infra meetup on May 21 in Stockholm is open for registration.

I'll chip in with a light-weight blab I call "State actors, sleeper agents and plain bugs. Curl security matters."

https://www.meetup.com/openinfra-user-group-sweden/events/313615139/

03.03.2026 15:23 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
docs: stop using the word 'just' by bagder Β· Pull Request #20793 Β· curl/curl It is almost never a good word and almost always a filler that should be avoided.

and now I'm about to drop all uses of "just"... https://github.com/curl/curl/pull/20793

03.03.2026 07:40 πŸ‘ 6 πŸ” 2 πŸ’¬ 5 πŸ“Œ 1

I can tell you that this bites me just about every time I write more than two sentences. Then I go back, edit and push fixup commit and hope that I learned something. Again.

02.03.2026 21:56 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

a detail you probably didn't know: no where in any #curl documentation do we use the word "very". It is a banned word enforced by a CI check. This rule encourages us to rewrite and instead use more appropriate words. Makes us write better English.

02.03.2026 21:47 πŸ‘ 2 πŸ” 26 πŸ’¬ 6 πŸ“Œ 0

@ssg @shanselman thanks, I tend to miss the replies to the mirror-me over there...

02.03.2026 21:18 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

but I took it to the big generic security portal and submitted a report there. Let's see what happens.

02.03.2026 15:38 πŸ‘ 2 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...

😠

02.03.2026 15:35 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Original post on mastodon.social

Three years ago I blogged about #nuget serving outdated #curl packages.

They then removed the packages I found.

I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities […]

02.03.2026 15:05 πŸ‘ 11 πŸ” 28 πŸ’¬ 5 πŸ“Œ 0
curl: --max-filesize and --compressed

On #curl's --max-filesize and --compressed. Should we do something about the "compression bomb" risk?

https://curl.se/mail/archive-2026-03/0000.html

02.03.2026 08:54 πŸ‘ 5 πŸ” 3 πŸ’¬ 2 πŸ“Œ 0

We are nine days away from the pending #curl release, with 212 bugfixes merged and one pending CVE announcement.

02.03.2026 07:56 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
AI slop - Wikipedia

just noticed I'm mentioned on the AI slop wikipedia page: https://en.wikipedia.org/wiki/AI_slop

02.03.2026 07:31 πŸ‘ 9 πŸ” 7 πŸ’¬ 0 πŸ“Œ 0

IRC made me to make curl

https://youtu.be/ohzzGy5K9Dk?si=YH1JcSQ7z6-YlktW

01.03.2026 08:49 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Learn to curl 2-hour Intro Lesson poster with a picture of a curling stone

Learn to curl 2-hour Intro Lesson poster with a picture of a curling stone

Ah, nice! A local teacher providing lessons on how to make HTTP requests from the command line! πŸ˜ƒ

Er, hmm…maybe that's not it actually. Sorry @bagder, I think I got too excited there for a minute! πŸ˜…

01.03.2026 18:46 πŸ‘ 10 πŸ” 11 πŸ’¬ 3 πŸ“Œ 0

@skaverat @HisVirusness he knew how curl took off sure. His contributions I believe stopped maybe already in 1997

01.03.2026 15:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
HISTORY: mention that Rafael passed away much too early by bagder Β· Pull Request #20781 Β· curl/curl A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features - HISTORY: mention that Rafael passed away much too early by bagder Β· Pull Request #20781 Β· curl/curl

@HisVirusness https://github.com/curl/curl/pull/20781

01.03.2026 12:41 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

@HisVirusness unfortunately he is no longer with us. He died almost ten years ago.

01.03.2026 08:56 πŸ‘ 0 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

IRC made me to make curl

https://youtu.be/ohzzGy5K9Dk?si=YH1JcSQ7z6-YlktW

01.03.2026 08:49 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

then of course, I added code to the what would become the curl project already in late 1996 and I am still working on it, while Wget maintainers have been replaced several times since those early days.

28.02.2026 10:36 πŸ‘ 6 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Wget had its initial release (under a different name) in January 1996, so it has now already surpassed its 30th birthday.

curl is way behind, as it did not start its journey (under a different name) until November 11 1996

28.02.2026 10:30 πŸ‘ 12 πŸ” 1 πŸ’¬ 4 πŸ“Œ 0
Preview
index: show the curl 30 years logo by bagder Β· Pull Request #558 Β· curl/curl-www This is intended to be a temporary thing for 2026

https://github.com/curl/curl-www/pull/558

28.02.2026 10:18 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
docs: Some nitpicks by ffflorian Β· Pull Request #20748 Β· curl/curl Hi, I did the following: replaced double spaces with single space where applicable replaced "favourite" with "favorite" added language identifiers to code blocks in markdown fi...

Welcome Florian Imdahl as #curl commit author 1447: https://github.com/curl/curl/pull/20748

27.02.2026 22:06 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Three decades of curl. March 5, 2026. Daniel Stenberg. NDC Security

Three decades of curl. March 5, 2026. Daniel Stenberg. NDC Security

My week: https://lists.haxx.se/pipermail/daniel/2026-February/000147.html

vacation, security, distro meeting, curl up, NDC Security, rc, lagging, rock-solid, decomplexification, netstack, user survey, foss-north

27.02.2026 16:52 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
curl release candidates

The third and final release candidate for #curl 8.19.0 is now available at
https://curl.se/rc/

27.02.2026 08:43 πŸ‘ 2 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

@codecat insanely so

27.02.2026 08:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

curl.se over the last 30 days:

Served 77.12 TB of data at 3.81k requests/second.

95.91% of the object sizes were <1KB.
0.01% of the downloaded object sizes were 1-10MB (a tarball download)

99.69% of the content delivered was cached by the CDN.

Thanks #Fastly!

27.02.2026 08:06 πŸ‘ 9 πŸ” 3 πŸ’¬ 1 πŸ“Œ 0