daniel:// stenberg://
LightNews LightNews
banner
bagder.mastodon.social.ap.brid.gy
daniel:// stenberg://
@bagder.mastodon.social.ap.brid.gy
2.6K followers 0 following 2.4K posts
I write curl. I don't know anything.

[bridged from https://mastodon.social/@bagder on the fediverse by https://fed.brid.gy/ ]
Posts Replies Media Videos
bagder.mastodon.social.ap.brid.gy
My week: https://lists.haxx.se/pipermail/daniel/2025-November/000136.html

strict torture, backtrace, tiny curl, slop graph, stdint, AI tooling
tiny curl (with a bird)
November 28, 2025 at 10:29 PM
bagder.mastodon.social.ap.brid.gy
Added a third data-point. AI slop is currently 3x more common than confirmed vulnerabilities. And I might still have missed to mark up a few ...
November 22, 2025 at 2:43 PM
bagder.mastodon.social.ap.brid.gy
My week: https://lists.haxx.se/pipermail/daniel/2025-November/000135.html

strict torture, 3,000, Hackerone, Known risks, QUERY, Daniel uses, AI tooling
A child's drawing of a laptop showing "curl" on the screen.
November 21, 2025 at 9:53 PM
bagder.mastodon.social.ap.brid.gy
How AI help us build higher bar charts in the #curl project
Chart showing number of Hackerone submissions per year, showing 2025 being higher than all other years and yet the number of confirmed vulnerabilities is lower than the four previous years...
November 21, 2025 at 4:21 PM
bagder.mastodon.social.ap.brid.gy
One of the mysteries of the world. People sending made up reports about a service on a URL that doesn't exist...
Hello, Stored XSS can be submitted on reports, and anyone who will check the report the XSS will trigger. Description: Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Steps To Reproduce: 1- Go to https://app.curl.se/reports/custom/ 2- Click New network report. 3- On the name, enter payload: "><img src=x onerror=alert(document.domain)> 4- Click Run and save then XSS will trigger. Tested on Firefox and Chrome. Impact: The attacker can steal data from whoever checks the report. Regards, Richard
November 21, 2025 at 1:46 PM
bagder.mastodon.social.ap.brid.gy
My personal share of all this? Well, who's counting?
Top commit authors in the curl project over time. Daniel is approaching 20,000 at the end of 2025.
November 21, 2025 at 8:38 AM
bagder.mastodon.social.ap.brid.gy
We crank it up to over 3,000 this year. #curl
lots of vertical bars showing commits per year in the curl project. 2025 raises above all others with 3011 commits so far
November 21, 2025 at 8:13 AM
bagder.mastodon.social.ap.brid.gy
Four years since Apple figured we give free support to their users. https://daniel.haxx.se/blog/2021/11/18/free-apple-support/
a tweet from Apple Support: Thanks for contacting us. To get help with this issue, please reach out to Curl: curl.se/gethelp.html
November 18, 2025 at 12:04 PM
bagder.mastodon.social.ap.brid.gy
#libcurl backends, the November 2025 update
curl in the middle, lots of boxes around it explaining the backends and the third party libraries that power them
November 17, 2025 at 1:12 PM
bagder.mastodon.social.ap.brid.gy
my week: https://lists.haxx.se/pipermail/daniel/2025-November/000134.html

Feature window, RTMP, MQTTS, 1000 vs 1024, CVE, IBB, integers, strict torture, FOSDEM talk, Polhem Prize
a dumpster on which someone has written "CURL"
November 14, 2025 at 3:35 PM
bagder.mastodon.social.ap.brid.gy
my week: https://lists.haxx.se/pipermail/daniel/2025-November/000133.html

release, code, examples, everything curl, Wikipedia, still developed, wcurl
Daniel on stage in front of a giant screen showing himself - from a presentation done earlier in 2025
November 8, 2025 at 11:14 AM
bagder.mastodon.social.ap.brid.gy
While on the topic of colorful #curl graphs. Complexity distribution in the source code over time. The recent effort to simplify code in curl has been done by multiple people through the last year or so. The graph's cyclomatic complexity is the score shown by the pmccabe tool.
Graph showing complexity distribution in curl source code over time. Showing recent code being all less than 70, with large portions of time having pieces > 200.
November 6, 2025 at 8:27 AM
bagder.mastodon.social.ap.brid.gy
More than half of #curl's source code lines have been changed within the last four years. 1,101 lines from before year 2000 still remain "untouched".
Graph showing curl's source code age over time
November 6, 2025 at 7:57 AM
bagder.mastodon.social.ap.brid.gy
yes of course there is a graph of all #curl releases every done. This includes the releases done using the previous names (httpget and urlget) as well
Y axis: number of release, X axies is time. 270 release done until yesterday
November 5, 2025 at 8:25 AM
bagder.mastodon.social.ap.brid.gy
#fastly takes about 99.59% of that bandwidth.
November 4, 2025 at 1:55 PM
bagder.mastodon.social.ap.brid.gy
Educational moment on the #curl wikipedia page 😎
screenshot showing wikipedia (mistakenly) explaining the SMBS protocol as "super mario bros" instead of "Server Message Block" or SMB over TLS.
November 3, 2025 at 10:18 PM
bagder.mastodon.social.ap.brid.gy
The coming #curl release picture is of the slightly less humble kind
curl 8.17.0 said in wooden tiles with two gold medals in between
November 3, 2025 at 9:37 AM
bagder.mastodon.social.ap.brid.gy
A semi regular reminder. These are #curl's best friends. The top sponsor of November 2025.
curl sponsors Nov 2025: Haxx. Fastly, wolfSSL, TeamViewer, GitHub, kirei, elastic, IBB
November 3, 2025 at 8:20 AM
bagder.mastodon.social.ap.brid.gy
The number of lines of code in #curl has of course exploded over time, from 100 in late 1996 to almost 180,000 today, but interestingly our tests seem to generally keep up. Number of tests per KLOC is now over 12. (and yes, a single test can be very simple or […]

[Original post on mastodon.social]
A graph showing number of test cases per kloc of code in curl over time. Starting at 1 in 2001, and more than 12 in late 2025.
November 3, 2025 at 8:10 AM
bagder.mastodon.social.ap.brid.gy
sntrcpy has been banned completely from #curl since a while back, for the same reasons
graph showing strncpy density in curl code over time, zero since late 2024
November 2, 2025 at 10:25 PM
bagder.mastodon.social.ap.brid.gy
One way we work on making #curl code safer (with fewer mistakes) is by using more helper function and fewer direct calls to *alloc() and mem/strcpy().

Since reported vulnerabilities generally are really old, we can't know yet for several years if it actually […]

[Original post on mastodon.social]
Graph showing memory function call density in curl source code over time. Now at its lowest point since forever.
November 2, 2025 at 10:19 PM
bagder.mastodon.social.ap.brid.gy
October 2025 stands out in the #curl stats. The graph show commits per month since 1999.
a graph showing commits per month in curl and October 2025 reaches almost 450, more than any other month since 1999
November 1, 2025 at 9:44 PM
bagder.mastodon.social.ap.brid.gy
My week: https://lists.haxx.se/pipermail/daniel/2025-October/000132.html

planets and medals, ldap, trurl, Hackerone, Mastodon, ABI, zero issues, nominate, AIs, rc3, TIOBE, CSAF, sponsor
Daniel in front of a large facepalming inage, at Froscon earlier this year
October 31, 2025 at 3:39 PM
bagder.mastodon.social.ap.brid.gy
"Reserved identifier '__AMIGA__' may not be used"

... wat?
Reserved identifier '__AMIGA__' may not be used
October 30, 2025 at 7:52 PM
bagder.mastodon.social.ap.brid.gy
a bigger snapshot to take it in better:
"no results" when listing open issues for the curl repo on GitHub
October 30, 2025 at 8:57 AM