[Daniel's week] June 14, 2024
Daniel Stenberg
daniel at haxx.se
Fri Jun 14 23:13:49 CEST 2024
Hello,
I had another busy week.
## survey
I have continued to work on the curl user survey analysis this week, but it is
tedious and slow work. As I had to prioritize some other things this week the
analysis is going to take a little longer than what I hoped for previously. I
don't know yet when I might finish this.
## roffit
I released roffit 0.16 [1]. The tool for converting manpages to HTML. I use it
on several of the websites I run, the curl one perhaps being the primary one.
## trurl
I polished trurl a little, one of the new features uses a new URL parser
feature that libcurl introduces in the pending next release: 8.9.0. With this,
trurl gets the ability to set the scheme for a URL if it was only guessed and
not actually set [2]. Like for 'example.com'. This seemingly innocent little
detail was not possible before because libcurl internally always assigns a
scheme when it parses a URL. If one is not provided, it will pick one
according to heuristics.
So another release at least in sync with the curl release makes sense.
## webinar
Thursday I did a webinar called "advanced libcurl" [3] where I explained a lot
of libcurl API using details at a level that is at least not exactly beginner
level, even if perhaps also not terribly advanced.
## cmdline options
We now have no less than four new command line options merged to introduce in
the next release: --ip-tos, --vlan-priority, --mptcp and --keepalive-cnt.
Include these new ones, we are now counting 263 curl command line options.
## everything curl
I created corresponding issues [4] for everything curl about what I realized
is now currently lacking in the curl book - when we keep adding and changing
curl, it is just natural that the book needs attention to keep up. Feel free
to grab one and write an explanation. I intend to do so as soon as I get time
over.
## closed PRs
As I keep getting questions every now and then about why we close pull
requests on GitHub "instead of merging them", I decided to write a detailed
explanation [5]. It also got discussed further on hacker news [6].
## hackerone
Today we suddenly received three separate security vulnerability reports about
curl on hackerone [7]. My initial research on them have so far been that none
of them are flaws in curl. This said, I am prone to sometimes dismiss issues a
little too early and it happens that I get persuaded over time into agreeing
that they are vulnerabilities. The last word has not been said on any of these
three yet. It has been a slow period for us on hackerone recently so it felt
really surprising and unexpected that we would get three reports by different
individuals filed on the same day.
## contracts
Packaging curl for Q* has taken a small step forward as I have produced a
first test shot version to test the waters and see what more changes I need to
do to have my curl packages up to snuff. I expected to continue taking steps
forward when I get feedback on my rights and wrongs and can deliver further
test shots.
CA caching when using wolfSSL (for R*) has been merged into git and is going
to ship in the pending next release: 8.9.0.
Stefan Eissing has landed a few PRs already and there is at least one PR
pending in the rather large rework to improve curl's shutdown of TLS
connections. This is work (for N*) to minimize the TCP wait times that curl
would otherwise often end up with because it would get a TCP RST when shutting
down before the full TLS close notify dance was complete.
(company names redacted to just their leading letters)
## graphs
Okay I admit. I could not stay away so I have polished the graphs further [8].
I rewrote the docs-over-time graph, which now should be more correct, can use
cached content better but also now shows a little less documentation lines in
the end. Curious, but apparently the previous version had some bug. I also
cleaned up and rectified the backends graph to be accurate.
I also made the graphs end up in a fixed order (alphabetical per the
shortname) so no more moving around at every update.
## coming up
- Tuesday: podcast recording with awesome hosts
- Friday: midsummer's eve, Swedish national holiday
- Saturday: we enter curl feature freeze for 8.9.0
## links
[1] = https://github.com/bagder/roffit/releases/tag/0.16
[2] = https://github.com/curl/trurl/pull/314
[3] = https://youtu.be/DQcFZEQ4Iyc?si=GWaV4gSMWiz8FNJp&t=121
[4] = https://github.com/curl/everything-curl/issues
[5] = https://daniel.haxx.se/blog/2024/06/11/why-curl-closes-prs-on-github/
[6] = https://news.ycombinator.com/item?id=40644459
[7] = https://hackerone.com/curl
[8] = https://curl.se/dashboard.html
--
/ daniel.haxx.se
More information about the daniel
mailing list