Funding Stefan’s #curl work (@icing)
https://daniel.haxx.se/blog/2024/01/09/funding-stefans-curl-work/
Funding Stefan’s #curl work (@icing)
https://daniel.haxx.se/blog/2024/01/09/funding-stefans-curl-work/
Daniel's weekly report January 6, 2024
https://lists.haxx.se/pipermail/daniel/2024-January/000048.html
AI, cmdline, h3 audit, c-ares, funding work, everything curl
Daniel's weekly report December 29, 2023
https://lists.haxx.se/pipermail/daniel/2023-December/000047.html
Christmas, FOSDEM, Everything curl, Security
On this day, fifteen years ago, we shipped #libssh2 1.0
@nixCraft wrong answers only? 😁
My proposed HTTP/3 talk for #FOSDEM 2024 was not accepted.
I made #curl's internal printf implementation about 30% faster.
The internal implementation started out because we wanted snprintf() everywhere they that was not always present. But it has also provided ways to do internal printf style functions - with the knowledge that they work the same everywhere.
Welcome to c-ares 1.24.0 https://c-ares.org/
Daniel's weekly report December 15, 2023
Everything curl, FOSDEM, no patch, code quality, business, book, Canada, h3 audit
https://lists.haxx.se/pipermail/daniel/2023-December/000045.html
If you want to help us make everything #curl even better, I've created a few issues for things that are missing from the book:
Today is 4 years since the fun Mr Robot curls reveal. https://daniel.haxx.se/blog/2019/12/10/mr-robot-curls/ #curl
7. The initial bootloader to load Rockbox was then just such a crafted HTML file that would load the correct firmware, and since it still worked after reboots it was a pretty neat hack.
8. Eventually the encryption key for the bootloader was found in the SRAM of the running device, and we could encrypt and create custom "real" bootloaders for the devices.
9. Rockbox would then boot and run natively on ipods.
The rest is history.
5. Now the exploit was rewritten to read memory, and *blink* out the contents using the LCD backlight. A LEGO construction was built and a webcam would register the binary stream of a few megabytes of memory contents. Slooooow.
6. Using this method, the USB controller memory mapped registers were found and it was similar to another device Rockbox did USB on. The memory-dump code was rewritten to instead dump the entire memory over USB.
(...)
3. The buffer in the HTML file had to be written without using a zero byte, and someone wrote a ARM assembler loop that would just write data to memory. We had a rough idea what SoC was in there, so we knew a little of what to try.
4. Eventually, one day, that operation made the LCD backlight blink! The LCD controller was found in memory.
(..)
How the first gen ipod was reverse engineered to run #Rockbox:
1. Someone figured out that when loading a particular HTML page (for viewing on the device), the device would reboot. It crashed. A buffer overflow in the HTML viewer!
2. The device remembered what it did before the crash, so it would reload the HTML page again after boot. Unless you connected to it over USB and removed the HTML file it would stick in this cycle.
(continues...)
buckle up, at this time tomorrow #curl 8.5.0 is out.
180+ bugfixes, 78 contributors, 40 authors, two CVEs. And more.
Took a lunch walk in the sun to prepare for next week
I never used any of the modern AI tools for writing code, copilot etc. I'm old. Traditional. Using emacs. And I write my code manually - like a cave man.
You'd think there would be a theoretical max we would eventually reach, but clearly we are not there yet.
101
The updated 100 operating systems #curl has run on. (Dropped two, added two)
Internet protocols geek at wolfSSL. I lead the curl project. I don't know anything.
076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.
All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.