Notices by daniel:// stenberg:// (bagder@mastodon.social), page 7

If you want to read the behind-the-scenes report and discussions about the most recent (legitimate) #curl #CVE, it has now been disclosed.

This is how we work on security reports.

https://hackerone.com/reports/2072338

What does Daniel look like when he's engaged in explaining #curl to an audience? Like this. From myconf May 2023.

#jq did its first release in 5 years yesterday, now under a brand new github org and everything:
https://jqlang.github.io/jq/

Bogus CVE follow-ups

tldr: MITRE refused to take it down. NVD lowered the score by a lot.

https://daniel.haxx.se/blog/2023/09/05/bogus-cve-follow-ups/

#curl #CVE

Scary sounding email in my #inbox...

"Subject: Thief

Who are you bc I don't know you you are a thief and until I get my babies returned home I will not stop trying any way I can to bring them home. You are a liar and just as bad as they. Whoever they are. Take your code off my devices"

Anton Zhiyanov made an interactive text version of my "Mastering the curl command line" video.

You can even run curl examples directly from the article.

https://antonz.org/mastering-curl/

#curl is 9100 days old today

9 days to the next #curl release

The #curl #wget Venn diagram https://daniel.haxx.se/blog/2023/09/04/the-curl-wget-venn-diagram/

Which HTTP version does the server support? #curl

(slide from tonight's presentation)

Mastering the #curl command line with Daniel Stenberg

https://youtu.be/V5vZWHP-RqU?si=V3oqgE49YhvTWYS4

(3h39!)

Slides: https://www.slideshare.net/DanielStenberg7/mastering-the-curl-command-linepdf

#wget 2.1.0 is released: https://lists.gnu.org/archive/html/bug-wget/2023-08/msg00019.html

bust just so that you know and to keep my hubris in check. It's no big deal.

Next week on Aug 31 I will do my super long #curl class: "Mastering the curl command line" live on Twitch, also recorded for later watching.

Expect 2.5 hours or so of non-stop #curl command line talk. By me.

https://daniel.haxx.se/blog/2023/08/08/mastering-the-curl-command-line/

now at 153 slides

"CVE-2020-19909 is everything that is wrong with CVEs"

A claimed "9.8 CRITICAL" flaw in #curl that does not exist.

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

curl 8.0.0 https://daniel.haxx.se/blog/2023/03/20/curl-8-0-0-is-here/ - on #curl's 25th birthday we ship 8.0.0. Six security vulnerabilities and 130 bugs are fixed.

Twenty-five years of curl: https://daniel.haxx.se/blog/2023/03/20/twenty-five-years-of-curl/ - 3600 words on the biggest events in #curl history, year by year.

In my time zone this is now #curl's 25th birthday.

If you want to send along your congrats or curl related memories, consider doing it here: https://github.com/curl/curl/discussions/10465

In about 8 hours there will be a new curl release. In 10 hours there will be a curl release video. There will be blog posts and there will be an online celebration starting in 18 hours.

This is the day. Thanks for flying #curl.

I argue we (#curl) should NOT pay docker. Not give in to extortion. This might mean that someone else soon suddenly will register our name and can serve whatever image they want there. 5 *billion* pulls indicate there's a user or two that might fall victim for this.

That's on docker, not us.