At some point I think it will only be fair to require --insecure for #curl to do an unauthenticated protocol transfer (unless it is localhost). For clear text http:// etc.

#curl release presentation coming up line in a few minutes on https://www.twitch.tv/curlhacker

An Open Source sustainability story in two slides. (for a coming talk of mine)

Slide 1: car brands using #curl

Slide 2: car brands sponsoring or paying for #curl support

I think this shows how nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqthygvenhfh2hruf53ggvy4rtmklkkyzd5x0avl7nemhg9gq8gdhqdhdda0 is not necessarily on our side.

https://mastodon.social/@linuxfoundation@social.lfx.dev/114993371594902597

The "HTTP1 must die" details are now public: https://portswigger.net/kb/papers/dzmxreq/http1-must-die.pdf

(via https://http1mustdie.com/)

My Open Source influencer life style pays off. Framework sent me goodies with a note...

AIfication

They managed to make "AI" feel no better than "crypto" when used in a sentence.

If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.

Just saying. In case you're thinking of submitting such a report about a command line tool in your toolbox.

But surely no sane person would. Right? Right?

On the internet, everyone is an "infosec professional".

What do you think are the primary challenges for Open Source the coming years?

Security? CRA? Financing? Maintainer burnout? Recruiting young developers? Adapting to a country-former-ally going nuts? AI slop? AI bot overload? Something else?

(I'd like some more food for thoughts for an upcoming talk)

The AI bots that desperately need OSS for code training, are now slowly killing OSS by overloading every site.

The curl website is now at 77TB/month, or 8GB every five minutes.

https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/

do you think they finally realized doing their own QUIC stack was the wrong choice?

#OpenSSL suddenly decided to provide an API for others to do #QUIC with it: https://github.com/openssl/openssl/pull/26683

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0cq07ulfyc7y2l8rczk9s36g8j65tq3m6xk9us8hr3ua4ktfmaqqeutslx never seen anyone use that with wget, see it all the time mentioning curl...

'To #curl something': to use a non-browser tool to download a file or resource from the Internet

Is there any modern software that actually appreciates or uses SIGPIPE ?

nostr:npub1sn2wrx74q8959gx66py73yz2lm57k7shvkgwjgrarhyxks602gvqgt7prw I won't deny that I have power - and with power comes responsibility. I want to use my power for good, to push things in the right direction in sync with what users want and Internet in general.

It is officially Friday, can you tell?

machine man curl ?

if #curl was an evil empire, what would the flag look like?

Black and red and fists?

The thing about me being a BDFL for #curl is that it has the D in there. I have the means and ability to push for just about anything I like. I say that I truly try to be a benevolent dictator, but then I presume quite a few dictators would say so.

Next week I will tell you all about how I view this dictatorship and how it is not quite like a dictatorship of a country since in our case, everyone could just leave if I misbehave.

Daniel's weekly report May 24, 2024

https://lists.haxx.se/pipermail/daniel/2024-May/000065.html

#curl talk, 8.8.0, reproducible, ://, graphs, c-ares, survey, bonus, curl work