daniel:// stenberg://<p>I checked the latest stats. The median time a <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> CVE lingers in code before getting reported: 2163 days (almost 6 years). The average is 2893 days (almost 8 years)</p>
Recent searches
No recent searches
Search options
Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
358active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.9
#curl
29 posts · 10 participants · 0 posts today
daniel:// stenberg://<p>does my late night habits make me commit <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> security problems at strange hours?</p><p>Not obviously.</p><p>The hour of the day with most <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> security problem commits is 14!</p><p>The top-5 bad commit hours of the day:</p><p>14:00 21 vulns<br>22:00 17<br>23:00 11<br>15:00 11<br>11:00 10</p><p>Hard to make fun graph out of...</p>
daniel:// stenberg://<p>Vulnerability distribution present in <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> code</p><p>For every moment in time, how many vulnerabilities of different severity were present in code. We know now because these vulnerabilities have been reported and fixed since then.</p><p>The peak is at 7.41.0 on 2015-02-25 with 85 vulnerabilities present!</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>shell</span></a> <a href="https://mastodon.ml/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> <a href="https://mastodon.ml/tags/profession" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>profession</span></a> <a href="https://mastodon.ml/tags/humor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>humor</span></a></p><p>Хочешь сменить профессию, но не можешь никак определиться? Узнай своё будущее через коды ОКВЭД:</p><p>```sh<br>curl -s <a href="https://classifikators.ru/assets/downloads/okved/okved.csv" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">classifikators.ru/assets/downl</span><span class="invisible">oads/okved/okved.csv</span></a> | iconv -f windows-1251 -t utf-8 | sed 's/.*;\s*//g' | sort -R | head -1<br>```</p>
daniel:// stenberg://<p>Working on a new graph.</p><p>Total severity distribution in <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> vulnerability reports</p>
defnull<p>I feel honored that <a href="https://chaos.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> depends on my multipart library (at least the curl test suite) but does it? I can find the dependency but not that it is used. I wonder how that happened :rubberduck:</p>
daniel:// stenberg://<p>I'm introducing limits per test case in <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> test suite to make sure we don't unintentionally accidentally suddenly use many more allocations or much more concurrent memory than we can allow.</p><p><a href="https://github.com/curl/curl/pull/17821" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/curl/curl/pull/17821</span><span class="invisible"></span></a></p>
daniel:// stenberg://<p>Found in the pending release notes for the coming <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> 8.15.0 release:</p><p>Public curl releases: 269</p><p>Command line options: 269</p><p>Prime time.</p>
daniel:// stenberg://<p>Welcome Piotr Nakraszewicz as <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> commit author 1388: <a href="https://github.com/curl/curl/pull/17804" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/curl/curl/pull/17804</span><span class="invisible"></span></a></p>
daniel:// stenberg://<p>The <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> user survey 2025 analysis is here.</p><p><a href="https://daniel.haxx.se/blog/2025/07/03/curl-user-survey-2025-analysis/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2025/07/03</span><span class="invisible">/curl-user-survey-2025-analysis/</span></a></p>
Stefan Eissing<p>Comparing curl's latest improvements on macOS vs Linux:</p><p><a href="https://github.com/icing/blog/blob/main/curl-platform-perf.md" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/icing/blog/blob/mai</span><span class="invisible">n/curl-platform-perf.md</span></a></p><p><a href="https://chaos.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> <a href="https://chaos.social/tags/performance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>performance</span></a></p>
daniel:// stenberg://<p>"I've never once needed to do something with it that it couldn't"</p><p>Top-notch comment in the <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> user <a href="https://mastodon.social/tags/survey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>survey</span></a></p>
daniel:// stenberg://<p>Every 6th respondent says they used <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> for 18 or more years!</p><p><a href="https://mastodon.social/tags/survey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>survey</span></a></p>
daniel:// stenberg://<p>Another glimpse from the <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> user survey 2025</p><p>users score our security handling performance high</p>
daniel:// stenberg://<p><a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> user survey 2025 respondents like Mastodon:</p>
daniel:// stenberg://<p>dear big-CDN-employee,</p><p>asking <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> API questions in private emails to me is NOT an acceptable way to get a quick response unless you also pay for said private support</p><p> / Daniel</p>
daniel:// stenberg://<p>Look, a new <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> option proposed by <span class="h-card" translate="no"><a href="https://mastodon.social/@icing" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>icing</span></a></span>: '--out-null'</p><p><a href="https://github.com/curl/curl/pull/17800" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/curl/curl/pull/17800</span><span class="invisible"></span></a></p>
daniel:// stenberg://<p>that's in particular important to keep in mind when looking at a graph like this, showing the number of known vulnerabilities per 1,000 lines of code in <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> over time:</p>
daniel:// stenberg://<p>One of my fav graphs of <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> improvement in recent years, is the one showing vulnerabilities reported separated between low/medium and high/critical.</p><p>The report frequency has gone up, but they are less critical these days.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0x00string" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0x00string</span></a></span> fascinating... </p><p>I wounder if you could imagine building an <a href="https://infosec.space/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActivityPub</span></a> client solely with tiny-<a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> and <a href="https://infosec.space/tags/bash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bash</span></a>...</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload