Does anyone actually like or care for OpenSSL-QUIC support in #curl? https://curl.se/mail/lib-2025-10/0000.html

Does anyone actually like or care for OpenSSL-QUIC support in #curl? https://curl.se/mail/lib-2025-10/0000.html

I started thinking about when we should adapt #curl's progress meters to deal with > 63 bit download sizes (8192 Petabytes).

I'm thinking it might not be terribly far away when people can start downloading that. In particular when doing N super huge transfers in parallel.

Got me thinking about 128 bit math...

Daniel Stenberg - @bagder - is ready!
AI slop attacks on the curl project

We're all excited!

#EuroBSDCon #ebc25 #ebc2025 #curl

"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."

https://netstack.fm/#episode-6

I started thinking about when we should adapt #curl's progress meters to deal with > 63 bit download sizes (8192 Petabytes).

I'm thinking it might not be terribly far away when people can start downloading that. In particular when doing N super huge transfers in parallel.

Got me thinking about 128 bit math...

Twenty-four years ago on this day, Mac OS X 10.1 was released which bundled #curl with their OS for the first time.

curl 7.7.2

"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."

https://netstack.fm/#episode-6

Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.

I have already landed 22(!) bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps.

Credited "Reported in Joshua's sarif data" if you want to look for yourself

From suspicion to published #curl #CVE. The process.

https://daniel.haxx.se/blog/2025/09/18/from-suspicion-to-published-curl-cve/

From suspicion to published #curl #CVE. The process.

https://daniel.haxx.se/blog/2025/09/18/from-suspicion-to-published-curl-cve/

Time to drop support for Kerberos5 FTP in #curl

https://github.com/curl/curl/pull/18577

There's going to be more speak about AIs finding genuine security problems soon.

Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)

There's going to be more speak about AIs finding genuine security problems soon.

Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)

watch -n 600 curl -i https://www.unicode.org/versions/latest/

#shell #curl #watch #unix

#shell #curl

In this newly disclosed #curl security report it is painfully obvious how the user's "clever" idea of using an AI to write the report made the report into a impenetrable wall of text instead of simply stating the problem in a few coherent paragraphs.

https://hackerone.com/reports/3324901

On September 28, I will speak at #EuroBSDCon in Zagreb Croatia.

But more importantly, I will bring #curl stickers.

https://2025.eurobsdcon.org/