[Daniel's week] August 4, 2023
daniel at haxx.se
Fri Aug 4 16:39:09 CEST 2023
This week took off at nothing but full speed.
As mentioned last week, the curl feature window is now open and we have merged
a series of new features this week. I highlight a few below.
The window will stay open for another two weeks but I expect the activity to
cool down a little now.
Stefan Eissing added a new function call to the library (curl_global_trace)
and a new command line option to the tool (--trace-config) when we rearranged
internals and now allows better and more network tracing to get logged even
when curl/libcurl is built without debug . When users are doing complicated
transfers and in some case a large amount of parallel ones and there is a
problem, actually being able to log more details greatly enhances our chances
to help out and to understand and analyze the issues.
We introduce a new variable concept to the curl command line parsed in 8.3.0,
and I both wrote a blog post and did a video explainer about it .
I even added a section about it to "everything curl" 
This is a way to use variables in config files and at the same time provides
new fancy features to allow users to create better command lines with less
work-arounds or half-baked external solutions glued on.
Today it finally happened: "Accepted curl 8.2.1-1 (source) into
unstable". Debian did a seven versions curl bump in one go. I am glad.
I refreshed the old graph  showing C mistakes vs non-C mistakes in reported
curl vulnerabilities. In particular I made the details about early history up
until 2000 get reflected accurately. I also changed the plots to shows little
bubbles for every moment in time those flaws were shipped in code.
I also improved the "vulnerability severity" graph  with similar circles on
the lines for each vulnerability. This graph now has each plotted line stop at
the last reported vulnerability of their corresponding severity. Makes it
clearer and easier to view than before.
Two awesome lines of inquires are in progress:
One is to develop new HTTP/3 related features to make curl and libcurl even
better in this area. The other is an offer from me/us to maintain a particular
curl port. Both very exciting project I think and I hope to be able to share
more details and names about these in the near future.
I will keynote the PyCon conference in Stockholm in November .
## coming up
- libcurl turns 23 years old on Monday
- decide on a date for an online curl up in September?
 = https://github.com/curl/curl/pull/11421
 = https://daniel.haxx.se/blog/2023/07/31/introducing-curl-command-line-variables/
 = https://everything.curl.dev/cmdline/variables
 = https://curl.se/dashboard1.html#c-vulns
 = https://curl.se/dashboard1.html#high-vuln
 = https://www.pycon.se/
More information about the daniel