[Daniel's week] April 18, 2025

Daniel Stenberg daniel at haxx.se
Fri Apr 18 23:19:37 CEST 2025 

# April 18, 2025

Easter weekend means Friday and Monday off here in Sweden.

## feature window

On Saturday we officially opened the curl feature window and we will accept
merging new features into the master branch for the coming three weeks. I'll
write more the coming weeks if we merge anything revolutionary fun.

## foss-north

I took a train over to Göteborg already on Sunday afternoon and met up with
friends over beer and chats that evening.

At 9:00 on the Monday morning I had the pleasure and honor to deliver the
keynote [1] at the foss-north conference. I titled it "what comes after world
domination" and I talked about the current situation for Open Source from
where I see it. While lots of things are great, there are things we can
improve on.

I spiced up my presentation for the maybe one hundred and fifty attendees by
having my laptop suddenly shut itself off in the middle of it. It has happened
before and is probably because of an outdated battery or something and it was
sloppy of me to not run it with power attached. I inserted the power cable,
booted it up again and continued. Phew.

The talk was recorded but it has not been made available yet.

I took the train back on the Tuesday, skipping out on the second day of talks
to get back to work again.

## CVE

We got to have some screams in panic this week as MITRE alerted that the
funding around CVE was gone before they announced that it was somehow
maybe back again. In my personal view this underscores our needs to
change the structure of this system and take it away from being under
the control of the (nowadays totally unreliable and untrustworthy) US
government.

## OpenSSL QUIC API

ngtcp2 1.12.0 was released this week [2], introducing support for the OpenSSL
QUIC API introduced in OpenSSL 3.5. Stefan Eissing then subsequently made curl
able to build and run with such an ngtcp2 build and now we have the most
approachable way for curl users building with OpenSSL to get "proper" HTTP/3
support.

As you may recall, curl supports HTTP/3 with OpenSSL already since before, but
then using OpenSSL's QUIC implementation which has not yet proven to be really
good and thus still remains labeled EXPERIMENTAL in curl. The ngtcp2
implementation is further ahead: faster and more resource effective.

## DNS server

I wrote a dumb DNS server to use in the curl test suite [3]. I want it to be
as simple and basic as possible and basically just receive UDP data and send
back some data with minimal logic that makes a DNS resolver be able to ask it
and accept its answer.

Having a DNS server allows me to write up test cases in the curl test suite
that resolves names "for real", using the full and proper code path for that
(independent of what names it asks for) and yet return made up (local)
addresses so that curl then subsequently accesses our test servers.

I have not yet done the work, but going forward I plan to add basic HTTPS-RR
support to this server to make it easier to test HTTPS-RR going going forward.

A particular DNS related challenge for the test suite is that for curl builds
that use getaddrinfo() for resolving host names, it is mighty difficult to
trick it into using my test server for the normal A/AAAA queries - so for now
we only do this for the c-ares based resolves, as that library has a simple
API call to change the server.

## DDoS

This Friday morning I had our curl origin server the target of a DDoS attack
that last for an hour or so, during which my hosting provider null-routed it
so everything just... came to a halt. This server runs some thirty something
different websites, numerous mailing lists and all sorts of other random
services for me and my closest friends since thirty years.

Fortunately, curl.se and daniel.haxx.se are fronted by Fastly, so their CDN
made visitors of those sites mostly unaware of this interruption behind the
scenes.

I of course have no idea why or for what purpose this attack happened.
Seems so random and weird.

## Coming up

- I'll enjoy this extended Easter weekend
- add more DNS related tests with the new server
- work on tpm2 OpenSSL provider support with a customer

## Links

[1] = https://www.slideshare.net/slideshow/what-comes-after-world-domination-with-daniel-stenberg-april-2025/278035722
[2] = https://github.com/ngtcp2/ngtcp2/releases/tag/v1.12.0
[3] = https://github.com/curl/curl/pull/17015

-- 

  / daniel.haxx.se || https://rock-solid.curl.dev

More information about the daniel mailing list