[Daniel's week] April 28, 2023

Daniel Stenberg daniel at haxx.se
Fri Apr 28 16:44:04 CEST 2023


Hello friends

## deleting

I blogged [4] about what happens if you delete curl.exe from your System32
folder on Windows because I keep receiving emails from people asking about it
and we get some amount of support questions flying in on the same topic.

It is generally a bad idea to remove system files unless you know perfectly
what you are doing. The upside here is that I received good comments to the
post that explains in details on how you should go ahead and restore your
system if you are one of those two removed curl.exe...

## speed

I ran some measurements on how a current curl compares with a curl from six
months ago and wrote up a blog post [1] about it. It runs faster now.

## STF

The three curl projects Sovereign Tech Fund has graciously funded the last six
months are now considered complete and I believe we can celebrate success in
all three of them:

  - We have a much improved HTTP/3 situation now
  - We support HTTP/2 over proxy
  - We reduced the number of known bugs by half

## native CA

It struck me that while libcurl provides the functionality since a while back,
the curl tool actually does not, so now I am proposing [2] we add two new
command line options: --ca-native and --proxy-ca-native. They then tell curl
on Windows to use the "native" OS CA store instead of the one normally
provided in a file. This, with curl on Windows built to use OpenSSL.

curl on Windows built with Schannel already does this out of the box.

## trurl

I released trurl 0.6 [3]. The initial development explosion has certainly
calmed down by now. I think it makes sense because the idea behind the tool is
fairly simple and it should not be room for a lot of development on this for
an extended time. But I also acknowledge that once you set something like this
loose, it is hard to tell exactly where it will go.

trurl celebrates a month since its birthday this weekend and 19 people have
already authored code merged into its git repository.

## security

We currently have a four reports about curl security vulnerabilities that we
work on and that are going to publish in sync with the next release. None of
them super serious. This week we were also happy to welcome Stefan Eissing as
a new member of the curl security team. Still working on setting up a
curl-notify mailing list. Drafting the rules and concepts with the team to
have it all done right.

## Coming up

- I do a "fireside chat" participating in a panel about Open Source
   maintenance and development with GitHub on Tuesday

- I talk about "curl - one of the most widely used software components" in
   Swedish on Stockholm Tech Show on Wednesday [5]

- I talk "curl and HTTP are everywhere" for a Swedish organization on Thursday

## Links

[1] = https://daniel.haxx.se/blog/2023/04/28/curl-8-is-faster/
[2] = https://github.com/curl/curl/pull/11049
[3] = https://github.com/curl/trurl/releases/tag/trurl-0.6
[4] = https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/
[5] = https://stockholmtechshow.se/

-- 

  / daniel.haxx.se


More information about the daniel mailing list