Remember Uncurled, my little ebook about running Open Source projects?

Remember Uncurled, my little ebook about running Open Source projects?

I switched infra behind it and now I host the thing myself. Still available on the same good old URL:

https://un.curl.dev/

for educational purposes: https://hackerone.com/reports/2823554

@tdp_org I'll be there!

strcpy can cause a buffer overflow

user finds strcpy in #curl code

user files a CRITICAL security report against #curl for using strcpy in source code. Proof? Well he did grep the code and it shows that it does indeed use strcpy...

Never a dull moment.

@Edent oh man didn't look at those before. It's like the battle of the AIs and we can clearly see which of the AIs that lost!

Waking up to a new day and running the video a few more times just for the giggles. It is just so amazing.

Hey,

#curl -v https://google.com as a metal song is a must see and hear experience. A masterpiece. I just love it.

@jwildeboer it's an old wisdom that you never get the real feedback until you do a release...

By all means, email me about your piano.

https://daniel.haxx.se/email/2024-10-29.html

I looked at the first ten minutes of the GitHub Universe intro yday and the frequency of AI getting mentioned exhausted my ears immediately and I had to shut down the stream and go do something useful. For health reasons.

Eleven years ago, the only long-lived #libcurl fork I am aware of was made: https://daniel.haxx.se/blog/2013/10/27/he-forked-off-libgnurl/

It existed for several years, but it seems to be completely gone now.

Three years ago I blogged about #OpenSSL's decision to deliberately block #QUIC progress in the world: https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/

Which is timely with the OpenSSL 3.4.0 release announced just days ago: that still does not offer a working (and performant) QUIC API. (yes, there is an attempt there but it's not production grade)

It's almost like the writing was on the wall already a long time ago.

On this day seven years ago I got A FRICKING GOLD MEDAL for my work on #curl. Real. Proper. Gold. From the hands of the Swedish king.

My night at the museum

Thursday October 19, 2017, I arrived at the Technical Museum in Stockholm together with my two kids just a short while before 17:30. A fresh, cool and clear autumn evening. For this occasion I had purchased myself a brand new suit as I hadn't gotten one since almost twenty years before this and it had … Continue reading My night at the museum →

daniel.haxx.se (daniel.haxx.se)

@hanno the server end that receives the submission would check that the "user says" field contains the same number as the base64 decoded "answer" field does. Then you can generate quite flexible problems and yet verify them. But there are other ways you can do it as well.

@hanno adding some kind of captcha often works reasonably (like a silly math question, where you can have the right answer base64-encoded in a hidden field etc), at least for a time until you need to tweak it, depending a little on how much attention the bots give your service

@grishka I have many more such examples: https://bagder.github.io/emails/

One more arrived.

In my folder with "funny" emails, I now count at least *19* emails that have been sent to me regarding Cisco Anyconnect VPN related problems.

Nineteen. Because they use #curl and the license is in there somewhere with my email address.

By all means, keep them coming. I'll keep counting!

The Stallman report

The Stallman report

Comprehensive report detailing Richard Stallman's political program in defense of sexual violence, allegations of misconduct, and the misconduct of the Free Software Foundation

The Stallman report (stallman-report.org)