The #curl summer of bliss continues to be great and even greater. You realize the pressure possible 24/7 security reports exert when it is gone.
Recommended.
The #curl summer of bliss continues to be great and even greater. You realize the pressure possible 24/7 security reports exert when it is gone.
Recommended.
my week: https://lists.haxx.se/pipermail/daniel/2026-July/000161.html
post-release, bliss, graphs, website, NTLM, wcurl
I accidentally found a name in the curl 4.6 release notes (from July 1998) that was never added to the THANKS document. Did that just now.
#wcurl is now two years old!
Upcoming Change: NTLM Removal in Git (libcurl) – Impact to Azure DevOps Server Customers
CVE issue stats for the first 6 months of the year, by vendor, sorted by quantity:
2308 "vendor": "Linux",
1752 "vendor": "Google",
1308 "vendor": "n/a",
843 "vendor": "Microsoft",
495 "vendor": "OpenClaw",
445 "vendor": "Oracle Corporation",
395 "vendor": "Adobe",
340 "vendor": "Red Hat",
310 "vendor": "Apache Software Foundation",
284 "vendor": "Apple",
I gotta change my talk where I say “we are #2” as that’s not the case by far anymore. Hopefully the other vendors get their act together and start properly reporting all CVEs to the system, not just the ones that they feel like submitting…
And the numbers for OpenClaw is quite impressive, nice to see someone take responsibility there :)
"Order a burned CD of your own public GitHub repo. Yes, a real physical disc you can hold in your hands, no download required."
Here's the form: https://forms.cloud.microsoft/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR6G-c11n8yFDlQmk4B-QjDxUQkdTTjZLU0EyTFFRV1E3NVRTVTRTWjRHMy4u&route=shorturl
"You're a commercial user of libcurl who use it for free and you ask a volunteer to fix your problem on his spare time?"
Sometimes I need to say it.
My completely unsolicited advice for "security researchers": maybe just use your real name and NOT invent another "cool" hacker alias next time?
Signed your old and grumpy maintainer
We do not accept #curl vulnerability reports over email. Not sent to my private email either. See https://curl.se/dev/vuln-disclosure.html
The mythos report for #curl 2026-05-06 made public:
https://gist.github.com/bagder/c9b83a19f30e82e41b11f6315465b17a
The CRA is not about open source - https://nesbitt.io/2026/07/01/the-cra-is-not-about-open-source.html
Is it time for another #curl graph? 70, 80 and 90 of all commits were done by this many authors, over time
"the expenditure of European organisations on cloud and software services at around €400 billion per year for 2024. Of this spending, €330 billion went to US companies, representing 83% of the market share held by a small number of players of a single nationality"
The source PDF: https://www.cigref.fr/wp/wp-content/uploads/2026/05/Cigref-Asteres-Cloud-Software-Price-Rises-Europe-2026.pdf
ah, they mean this is what Europeans spend on proprietary software per year, which of course can be more than the EU budget
RE: https://fosstodon.org/@Gina/116839161275729604
This number keeps being repeated, but what if you look up the *total* EU budget spending for 2026 and compare that with this number?
Something does not add up.
It's only a few hours so far, but I CAN FEEL THE BLISS already!😎
Over the last 30 days, the curl.se website delivered 2.75TB/day on average, which for the first time puts it over 1 petabyte/year rate.
over the last 28 days, curl.se links have appeared in 3.83 million google search results.