@bagder@mastodon.social
@bagder@mastodon.social avatar

bagder

@bagder@mastodon.social

Internet protocols geek at wolfSSL. I lead the curl project. I don't know anything.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bagder, to random
@bagder@mastodon.social avatar

Daniel's weekly report May 17, 2024

https://lists.haxx.se/pipermail/daniel/2024-May/000064.html

survey, trurl, TLS 1.3, renovate, release prep, dot onion, graph, slides

bagder, to random
@bagder@mastodon.social avatar

#curl, #Tor, dot onion and SOCKS

https://daniel.haxx.se/blog/2024/05/17/curl-tor-dot-onion-and-socks/

bagder,
@bagder@mastodon.social avatar

@metric_hen then again, transparent proxying always, I say always, end up causing pain sooner or later...

bagder, to random
@bagder@mastodon.social avatar

Welcome Andrew as #curl commit author 1271: https://github.com/curl/curl/pull/13625

bagder, to random
@bagder@mastodon.social avatar

Welcome Juliusz Sosinowicz as commit author 1270: https://github.com/curl/curl/pull/13680

bagder, to random
@bagder@mastodon.social avatar

On the website, you can find 92 video presentations on all things curl: https://curl.se/docs/videos/

Almost 68 hours in total.

bagder, to random
@bagder@mastodon.social avatar

Welcome Antoine Bollengier as commit author 1269: https://github.com/curl/curl/pull/13666

bagder, to random
@bagder@mastodon.social avatar

To use with , use --socks5-hostname or the socks5h:// scheme for the hostname set with -x / --proxy.

curl has worked fine for Tor transfers for decades.

Those options make curl tell the proxy to do the name resolving instead of doing it itself.

bagder,
@bagder@mastodon.social avatar

@spv such "hacks" can't work for normal TCP clients for .onion names for example. But sure, if you want to access a public site on "the other side" of Tor, then it works as well. Just a little pointless.

bagder,
@bagder@mastodon.social avatar

@a000d4f7a91939d0e71df1646d7a48 @spv then how does torsocks work for curl with .onion?

bagder,
@bagder@mastodon.social avatar

@spv @a000d4f7a91939d0e71df1646d7a48 oh right, of course. If torsocks itself can resolve the host, it can just intercept getaddrinfo() and return the suitable IP back to the tool it runs. Sorry, I was clearly not thinking all the way here!

bagder,
@bagder@mastodon.social avatar

@notroot okay: https://daniel.haxx.se/blog/2024/05/17/curl-tor-dot-onion-and-socks/ 😁

bagder, to random
@bagder@mastodon.social avatar

I took my wooden tiles out to meet my lawn and now I have an image for my release presentation next week.

bagder, to random
@bagder@mastodon.social avatar

In the #curl project, being written in C, we always work on simplifying the code. One way is to use more internal helper functions and avoid direct use of some functions that are often involved in C mistakes/vulnerabilities.

To measure how this develops, we count number of these function calls used per every thousand lines of code. Over time.
In a graph.

bagder,
@bagder@mastodon.social avatar

@efi normally they would grow at the same rate as the number of lines and I don't find that too interesting.

I might try a version that adds two plots with the absolute numbers against a second Y axis.

bagder,
@bagder@mastodon.social avatar

@efi this is number of lines of code over time

bagder,
@bagder@mastodon.social avatar

@janvhs I would not call what curl does as "memory management", I would call it helper functions for managing dynamic buffers. And yes, I believe that is common for many C programs.

jpmens, to random
@jpmens@mastodon.social avatar

mdBook is a command line tool to create books with Markdown. It is ideal for creating product or API documentation, tutorials, course materials or anything that requires a clean, easily navigable and customizable presentation.

https://rust-lang.github.io/mdBook/

https://github.com/rust-lang/mdBook

bagder,
@bagder@mastodon.social avatar

@antondollmaier @jpmens it does not lack PDF rendering these days...

bagder,
@bagder@mastodon.social avatar

@jpmens can recommend. I use it for https://everything.curl.dev/

bagder, to random
@bagder@mastodon.social avatar

In the #curl project, we spend 3.3 days/day on running tests - around 140,000 tests per commit/PR. In addition to what every developer runs in their own systems of course.

Our test failure rate in CI jobs is at 0.004%, which is annoyingly high when running this many tests.

Data from Dan Fandrich's curl up 2024 talk: https://www.youtube.com/watch?v=TxNdAm845Ts

bagder, to random
@bagder@mastodon.social avatar

Today, exactly nine years ago, RFC 7540 shipped: HTTP/2.

https://daniel.haxx.se/blog/2015/05/15/rfc-7540-is-http2/

bagder, to random
@bagder@mastodon.social avatar

Say hello to 0.13!

https://github.com/curl/trurl/releases/tag/trurl-0.13

bagder, to random
@bagder@mastodon.social avatar

We are 7 days from the next #curl release.

bagder, to random
@bagder@mastodon.social avatar

Please consider donating a few minutes of your time and answer the #curl user survey 2024:

https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/

bagder,
@bagder@mastodon.social avatar

at 829 responses now. You are all awesome!

bagder, to random
@bagder@mastodon.social avatar

  1. do not assume that URLs will be treated the same cross user-agents.

  2. do not assume that IPv4-mapped IPv6-addresses can be written in octal.

Another day. Another security report against #curl we could close.

https://hackerone.com/reports/2493548

bagder,
@bagder@mastodon.social avatar

@vastodon thank you. Yes, it does take a significant amount of time and effort ... but luckily, sometimes we can get more value out of single issues by sharing the lessons with a wider audience after the fact.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • ethstaker
  • Youngstown
  • vwfavf
  • slotface
  • rosin
  • ngwrru68w68
  • khanakhh
  • PowerRangers
  • provamag3
  • Durango
  • everett
  • mdbf
  • modclub
  • cisconetworking
  • osvaldo12
  • GTA5RPClips
  • tacticalgear
  • cubers
  • normalnudes
  • Leos
  • tester
  • megavids
  • All magazines
    •