サクサク読めて、
アプリ限定の機能も多数!
アプリで開く
●はてなブックマークって?
●アプリ・拡張の紹介
●ユーザー登録
●ログイン
●ログアウト
トップへ戻る
総合
●人気
●新着
●
IT
●
最新ガジェット
●
自然科学
●
経済・金融
●
おもしろ
●
マンガ
●
ゲーム
●
はてなブログ︵総合︶
一般
●人気
●新着
●
社会ニュース
●
地域
●
国際
●
天気
●
グルメ
●
映画・音楽
●
スポーツ
●
はてな匿名ダイアリー
世の中
●人気
●新着
●
新型コロナウイルス
●
働き方
●
生き方
●
地域
●
医療・ヘルス
●
教育
●
はてな匿名ダイアリー
政治と経済
●人気
●新着
●
政治
●
経済・金融
●
企業
●
仕事・就職
●
マーケット
●
国際
●
はてなブログ︵政治と経済︶
暮らし
●人気
●新着
●
カルチャー・ライフスタイル
●
ファッション
●
運動・エクササイズ
●
結婚・子育て
●
住まい
●
グルメ
●
お金
●
はてなブログ︵暮らし︶
●
掃除・整理整頓
●
雑貨
●
買ってよかったもの
●
旅行
●
アウトドア
●
趣味
学び
●人気
●新着
●
人文科学
●
社会科学
●
自然科学
●
語学
●
ビジネス・経営学
●
デザイン
●
法律
●
本・書評
●
将棋・囲碁
●
はてなブログ︵学び︶
テクノロジー
●人気
●新着
●
IT
●
セキュリティ技術
●
はてなブログ︵テクノロジー︶
●
AI・機械学習
●
プログラミング
●
エンジニア
おもしろ
●人気
●新着
●
まとめ
●
ネタ
●
おもしろ
●
これはすごい
●
かわいい
●
雑学
●
癒やし
エンタメ
●人気
●新着
●
スポーツ
●
映画
●
音楽
●
アイドル
●
芸能
●
お笑い
●
サッカー
●
話題の動画
アニメとゲーム
●人気
●新着
●
マンガ
●
Webマンガ
●
ゲーム
●
任天堂
●
PlayStation
●
アニメ
●
バーチャルYouTuber
●
オタクカルチャー
●
おすすめ
買ってよかったもの
﹃Daniel Stenberg - daniel.haxx.se﹄
●
人気
●
新着
●
すべて
4users
daniel.haxx.se
I have held back on writing anything about AI or how we (not) use AI for development in the curl factory. Now I can’t hold back anymore. Let me show you the most significant effect of AI on curl as of today – with examples. Bug Bounty Having a bug bounty means that we offer real money in rewards to hackers who report security problems. The chance of money attracts a certain amount of “luck seekers
●
テクノロジー
●2024/01/03 18:58
●Security
3users
daniel.haxx.se
You know I spend all my days working on curl and related matters. I also spend a lot of time thinking on the project; like how we do things and how we should do things. The security angle of this project is one of the most crucial ones and an area where I spend a lot of time and effort. Dealing with and assessing security reports, handling the verified actual security vulnerabilities and waiving o
●
テクノロジー
●2023/12/14 16:27
●security
43users
daniel.haxx.se
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH. While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw work
●
テクノロジー
●2023/10/11 15:12
●security
●あとで読む
●ネットワーク
●Linux
●セキュリティ
23users
daniel.haxx.se
We cut the release cycle short and decided to ship this release now rather than later because of the heap overflow issue we found. Release presentation Numbers the 252nd release 3 changes 28 days (total: 9,336) 136 bug-fixes (total: 9,551) 216 commits (total: 31,158) 1 new public libcurl function (total: 93) 0 new curl_easy_setopt() option (total: 303) 1 new curl command line option (total: 258) 4
●
テクノロジー
●2023/10/11 15:11
●security
●セキュリティ
●あとで読む
8users
daniel.haxx.se
On August 26 I posted details here on my blog about the bogus curl issue CVE-2020-19909. Luckily, it got a lot of attention and triggered discussions widely. Maybe I helped shed light on the brittleness of this system. This was not a unique instance and it was not the first time it happened. This has been going on for years. For example, the PostgreSQL peeps got a similarly bogus CVE almost at the
●
テクノロジー
●2023/09/06 12:51
●Security
27users
daniel.haxx.se
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system. CVE-2020-19909 On August 25 2023, we got an email to the curl-library mailing list from Samuel Henrique that informed us that “someone” had r
●
テクノロジー
●2023/08/26 12:14
●curl
●Security
●セキュリティ
●techfeed
●あとで読む
3users
daniel.haxx.se
We are back with the first release since that crazy March day when we did two releases on the same day. First 8.0.0 shipped that bumped the major version for the first time in decades. Then curl 8.0.1 followed just hours after, due to a serious mess-up in the factory lines. Release video presentation Numbers the 217th release 3 changes 58 days (total: 9,189) 185 bug-fixes (total: 9,006) 322 commit
●
テクノロジー
●2023/05/17 15:43
8users
daniel.haxx.se
First: performance is tricky and bechmarking even more so. I will talk some numbers in this post but of course they are what I have measured for my specific tests on my machine. Your numbers for your test cases will be different. Over the last six months or so, curl has undergone a number of refactors and architectural cleanups. The primary motivations for this have been to improve the HTTP/3 supp
●
テクノロジー
●2023/04/29 00:16
●curl
●performance
5users
daniel.haxx.se
Let me tell you a story about how Windows users are deleting files from their installation and as a consequence end up in tears. Background The real and actual curl tool has been shipped as part of Windows 10 and Windows 11 for many years already. It is called curl.exe and is located in the System32 directory. Microsoft ships this bundled with its Operating system. They get the code from the curl
●
暮らし
●2023/04/24 21:01
●あとで読む
17users
daniel.haxx.se
Exactly one month since the previous release, we are happy to give you curl 8.0.0 released on curl’s official 25th birthday. This a major version number bump but without any ground-breaking changes or fireworks. We decided it was about time to reset the minor number down to more a manageable level and doing it exactly on curl’s 25th birthday made it extra fun. There is no API nor ABI break in this
●
テクノロジー
●2023/03/20 19:16
●curl
●あとで読む
3users
daniel.haxx.se
Time flies when you are having fun. Today is curl‘s 25th birthday. The curl project started out very humbly as a small renamed URL transfer tool that almost nobody knew about for the first few years. It scratched a personal itch of mine, Me back then I made that first curl release and I’ve packaged every single release since. The day I did that first curl release I was 27 years old and I worked as
●
学び
●2023/03/20 14:06
28users
daniel.haxx.se
I occasionally do talks about curl. In these talks I often include a few slides that say something abut curl’s coverage and presence on different platforms. Mostly to boast of course, but also to help explain to the audience how curl has manged to reach its ten billion installations. This is current incarnation of those seven slides in November 2022. I am of course also eager to get your feedback
●
テクノロジー
●2022/11/26 09:19
●curl
●network
●ネットワーク
●あとで読む
3users
daniel.haxx.se
tldr: we stick to C89 for now. The curl project builds on foundations that started in late 1996 with the tool named httpget. ANSI C became known as C89 In 1996 there were not too many good alternatives for making a small and efficient command line tool for doing Internet transfers. I am not saying that C was the only available language, but for me the choice was easy and frankly I did not even thi
●
テクノロジー
●2022/11/18 23:08
18users
daniel.haxx.se
http://http://http://@http://http://?http://#http:// The other day I sent out this tweet As it took off, got an amazing attention and I received many different comments and replies, I felt a need to elaborate a little. To add some meat to this. Is this string really a legitimate URL? What is a URL? How is it parsed? http://http://http://@http://http://?http://#http:// curl Let’s start with curl. I
●
テクノロジー
●2022/09/09 02:02
●HTTP
●curl
●URL
●Web
●neta
●あとで読む
21users
daniel.haxx.se
On Friday January 21, 2022 I received this email. I tweeted about it and it took off like crazy. The email comes from a fortune-500 multi-billion dollar company that apparently might be using a product that contains my code, or maybe they have customers who do. Who knows? My guess is that they do this for some compliance reasons and they “forgot” that their open source components are not automatic
●
テクノロジー
●2022/01/25 08:20
●OSS
●Log4J
●security
●あとで読む
●トラブル
●セキュリティ
●企業
4users
daniel.haxx.se
There’s been another 56 day release cycle and here’s another curl release to chew on! Release presentation Numbers the 197th release 6 changes 56 days (total: 8,357) 113 bug fixes (total: 6,682) 268 commits (total: 26,752) 0 new public libcurl function (total: 85) 1 new curl_easy_setopt() option (total: 285) 2 new curl command line option (total: 237) 58 contributors, 30 new (total: 2,322) 31 auth
●
テクノロジー
●2021/08/30 12:40
91users
daniel.haxx.se
curl’s official birthday was March 20, 1998. That was the day the first ever tarball was made available that could build a tool named curl. I put it together and I called it curl 4.0 since I kept the version numbering from the previous names I had used for the tool. Or rather, I bumped it up from 3.12 which was the last version I used under the previous name: urlget. Of course curl wasn’t created
●
テクノロジー
●2021/03/20 19:46
●curl
●歴史
●あとで読む
●blog
●IT
●programming
●tech
●ニュース
●tool
10users
daniel.haxx.se
I spent a lot of time and effort digging up the numbers and facts for this post! Lots of people keep referring to the awesome summary put together by a friendly pseudonymous “Tim” which says that “53 out of 95” (55.7%) security flaws in curl could’ve been prevented if curl had been written in Rust. This is usually in regards to discussions around how insecure C is and what to do about it. I’ve blo
●
テクノロジー
●2021/03/09 20:17
●C
27users
daniel.haxx.se
tldr: work has started to make Hyper work as a backend in curl for HTTP. curl and its data transfer core, libcurl, is all written in C. The language C is known and infamous for not being memory safe and for being easy to mess up and as a result accidentally cause security problems. At the same time, C compilers are very widely used and available and you can compile C programs for virtually every o
●
テクノロジー
●2020/10/10 02:56
●Rust
●あとで読む
●programming
27users
daniel.haxx.se
This is not a command line option of the week post, but I feel a need to tell you a little about our brand new addition! --write-out [format] This option takes a format string in which there are a number of different “variables” available that let’s a user output information from the previous transfer. For example, you can get the HTTP response code from a transfer like this: curl -w 'code: %{resp
●
テクノロジー
●2020/03/18 15:32
●json
●cURL
●あとで読む
25users
daniel.haxx.se
In the afternoon of August 5 2019, I successfully made curl request a document over HTTP/3, retrieve it and then exit cleanly again. (It got a 404 response code, two HTTP headers and 10 bytes of content so the actual response was certainly less thrilling to me than the fact that it actually delivered that response over HTTP version 3 over QUIC.) The components necessary for this to work, if you wa
●
テクノロジー
●2019/08/06 08:46
●HTTP3
●curl
●QUIC
●あとで読む
21users
daniel.haxx.se
Not the entire thing, just “a subset”. It’s not stated very clearly exactly what that subset is but the easy interface is mentioned in the Chrome bug about this project. What? The Chromium bug states that they will create a library of their own (named libcrurl) that will offer (parts of) the libcurl API and be implemented using Cronet. Cronet is the networking stack of Chromium put into a library
●
テクノロジー
●2019/06/19 19:49
●browser
●google
●あとで読む
●web
●api
●network
●work
●it
52users
daniel.haxx.se
HTTP/3 explained is a collaborative effort to document the HTTP/3 and the QUIC protocols. Join in and help! Get the Web or PDF versions on http3-explained.haxx.se. The contents get updated automatically on every commit to this git repository.
●
テクノロジー
●2018/11/27 13:03
●http3
●quic
●http
●book
●network
●あとで読む
10users
daniel.haxx.se
It’s been five great years, but now it is time for me to move on and try something else. During these five years I’ve met and interacted with a large number of awesome people at Mozilla, lots of new friends! I got the chance to work from home and yet work with a global team on a widely used product, all done with open source. I have worked on internet protocols during work-hours (in addition to my
●
テクノロジー
●2018/11/19 10:21
141 users
daniel.haxx.se
The protocol that’s been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3. This was triggered by this original suggestion by Mark Nottingham. The QUIC Working Group in the IETF works on creating the QUIC transport protocol. QUIC is a TCP replacement done over UDP. Originally, QUIC was started as an effort by Google and then more of a “HTTP/2-encrypte
●
テクノロジー
●2018/11/12 06:26
●http3
●QUIC
●HTTP
●あとで読む
●protocol
●network
●web
●ネットワーク
3users
daniel.haxx.se
libcurl has done internet transfers specified as URLs for a long time, but the URLs you’d tell libcurl to use would always just get parsed and used internally. Applications that pass in URLs to libcurl would of course still very often need to parse URLs, create URLs or otherwise handle them, but libcurl has not been helping with that. At the same time, the under-specification of URLs has led to a
●
テクノロジー
●2018/09/10 11:55
●curl
●api
●あとで読む
3users
daniel.haxx.se
your case is still going through administrative processing and we don’t know when that process will be completed. Last year I was denied to go to the US when I was about to travel to San Francisco. Me and my employer’s legal team never got answers as to why this happened so I’ve personally tried to convince myself it was all because of some human screw-up. Because why would they suddenly block me?
●
テクノロジー
●2018/07/29 16:03
●trouble
●travel
6users
daniel.haxx.se
DNS over HTTPS (DOH) is a feature where a client shortcuts the standard native resolver and instead asks a dedicated DOH server to resolve names. Compared to regular unprotected DNS lookups done over UDP or TCP, DOH increases privacy, security and sometimes even performance. It also makes it easy to use a name server of your choice for a particular application instead of the one configured globall
●
テクノロジー
●2018/06/04 11:32
●network
3users
daniel.haxx.se
I arrived at the Technical Museum in Stockholm together with my two kids just a short while before 17:30. A fresh, cool and clear autumn evening. For this occasion I had purchased myself a brand new suit as I hadn’t gotten one since almost twenty years before this and it had been almost that long since I last wore it. I went for a slightly less conservative purple colored shirt with the dark suit.
●
暮らし
●2017/10/21 08:47
次のページ
このページはまだ
ブックマークされていません
このページを最初にブックマークしてみませんか?
﹃Daniel Stenberg - daniel.haxx.se﹄の新着エントリーを見る
キーボードショートカット一覧
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
●総合
●一般
●世の中
●政治と経済
●暮らし
●学び
●テクノロジー
●エンタメ
●アニメとゲーム
●おもしろ
●アプリ・拡張機能
●開発ブログ
●ヘルプ
●お問い合わせ
●ガイドライン
●利用規約
●プライバシーポリシー
●利用者情報の外部送信について
●ガイドライン
●利用規約
●プライバシーポリシー
●利用者情報の外部送信について
●公式アカウント
●ホットエントリー
●はてなブログ
●はてなブログPro
●人力検索はてな
●はてなブログ タグ
●はてなニュース
●ソレドコ
Copyright © 2005-2024 Hatena. All Rights Reserved.
設定を変更しましたx