From daniel at haxx.se  Sat Dec  6 00:27:07 2025
From: daniel at haxx.se (Daniel Stenberg)
Date: Sat, 6 Dec 2025 00:27:07 +0100 (CET)
Subject: [Daniel's week] December 6, 2025
Message-ID: <o1182262-q09r-o8n3-6rp0-n60898o9q6q3@unkk.fr>

Hey friends!

Let me offer you a little shorter summary this week!

# December 5, 2025

## strict torture

My background project of making sure there is no more attempts to allocate
memory in curl once one call has failed, continued this week and I polished
the script and found a few more spots in the code to improve. I estimate this
is work for a few more weeks until I can finally make a pull-request out of
this.

## tiny curl webinar

I did my tiny curl webinar on Thursday. I think went well. I said what I
wanted and there were some good questions following up. The presentation is
available on YouTube [1].

## Security

We received another report (over email) accurately identifying a security
vulnerability so now we have *two* CVEs pending publication in sync with the
next curl release in early January.

We received four submissions on Hackerone this week, none of which were even a
bug.

## Examples

Someone reached out to me on Mastodon and pointed out that the libcurl
examples [3] shown on the curl.se website did not really render with ideal
colors in dark mode. Always the dark mode. I just keep forgetting to check
website things in dark mode so this came as no surprise, even if we have
rendered the examples the same way for quite a number of years by now so
obviously it is probably not a HUGE problem.

The examples are rendered into HTML using the good old tool called enscript
[4]. It however outputs the HTML using hard-coded <font color=#rrggbb> style
tags, quite obviously intended for light background.

I applied some moderate hacky scripting and now the website converts the
<font> tags from enscript into <span class="name"> tags. I created a CSS setup
for light mode that mostly mimics the old style and adjust the style sheet
somewhat for dark mode. An improvement I think. At least the contrasts are now
better. I am not really a web person, but I know enough to pretend at times!
;-)

## FOSDEM

My proposed talk for FOSDEM 2026 was accepted on the main track: "Open Source
Security in spite of AI". I already have a pretty good idea what I want to say
so I feel pretty relaxed about it.

I have also slowly started to get invites for other events in 2026 so my talks
page[2] has a few entries for next year by now.

## Coming up

- Saturday: curl feature freeze
- Saturday: curl 8.18.0-rc1 ships

## Links

[1] = https://youtu.be/1Q8CTrK4H0w
[2] = https://daniel.haxx.se/talks.html
[3] = https://curl.se/libcurl/c/example.html
[4] = https://www.markkurossi.com/genscript/

-- 

  / daniel.haxx.se