2. Growth and size
Quality and testing
Commits
Newcomers and oldies
Releases
Activity
Vulnerabilities
Users' view
Money
The last 12 months
Less Good
My role
Future
@bagder
12. operating systems
@bagder
Syllable OS TPF
Tizen
Symbian Tru64
SunOS tvOS ucLinux
Genode Hurd iOS
Integrity
Illumos
HP-UX
HardenedBSD
Haiku
z/OS
Nintendo
Switch
NonStop OS
NetWare
MorphOS MPE/iX MS-DOS NCR MP-RAS NetBSD
RISC OS
Redox
ReactOS Sailfish OS SCO Unix Serenity SINIX-Z
Qubes OS
UnixWare WebOS
vxWorks
VMS Windows
UNICOS Windows CE
Wii System
Software
AmigaOS Blackberry 10
BeOS
Android
Blackberry
Tablet OS
AIX Cell OS
Aros
IRIX LineageOS Mbed Micrium
macOS
Mac OS 9
Linux Lua RTOS
eCOS FreeRTOS
FreeBSD
FreeDOS Fuchsia
DragonFly
BSD
Cygwin
Cisco IOS
OpenBSD OS/2 OS/400
Ultrix
ipadOS
NuttX
Solaris
Xbox
System
ChromeOS
MINIX
Garmin OS
QNX
PlayStation
Portable
Plan 9
OS21
OpenStep Orbis OS
z/TPF z/VM z/VSE
Operating systems known to have run curl
Atari FreeMiNT
24. @bagder
C!
Efficient and portable!
Some security problems could be avoided using something
else
Lots of “reach” would also be avoided
Mitigations: readable code, reviews, tests, fuzzing, static
code analyzing
25. @bagder
OSS-Fuzz
Flatlined the last few years – nothing new is reported
CI-Fuzz runs a little fuzzing on every commit / PR
We need more entry points to get more out of fuzzers
42. @bagder
Top-20 curl commit authors last twelve months
840 Daniel Stenberg
64 Jay Satiro
51 Daniel Gustafsson
35 Marc Hoersken
29 Tatsuhiro Tsujikawa
27 Marcel Raad
20 Patrick Monnerat
19 Michał Antoniak
16 Josh Soref
14 Viktor Szakats
13 Fabian Keil
12 Gergely Nagy
11 Philip H
9 Harry Sintonen
8 Dan Fandrich
8 Henrik Holst
7 Gisle Vanem
6 Jacob Hoffman-Andrews
6 Jan Venekamp
6 Kevin Adler
@bagder
63. @bagder
Lessons recent vulnerabilities
C mistake mitigations might have had an effect
Flaws linger in the code a very long time until detected
Fuzzing is king
Fixing the flaws is usually straight-forward
Raised bounties thanks to Internet Bug Bounty
67. @bagder
curl.se web traffic June 2022
Fastly makes our lives easier
278 TB the last 12 months (up from 146 TB)
103.8 M requests/day on average (up from 11.4 M)
Fast web site, close to most users
No logs, no tracking, very little stats
Did I mention Fastly is good?
68. @bagder
Google trends 5-year span, worldwide
Includes wget and OpenSSL to provide references with similar projects
Wget OpenSSL curl
Snapshot from May 26 2022
73. @bagder
Finances and sponsors
curl is not a legal entity
Open Collective holds our funds
Daniel is employed by wolfSSL
wolfSSL offers commercial curl services
@bagder
82. @bagder
News in libcurl
msh3 as a new h3 backend
percent-escaping for multipart form field and file names
curl_url_strerror()
localhost is “fixed”
cookies over localhost considered secure
dropped metalink support
dropped mesalink support
Increased hyper support
86. @bagder
Daniel - a GitHub star
Recognition
Channel for previews and communication
87. @bagder
Travis CI
No longer free to use for us
Added Zuul and Circle CI
Distributed old Travis jobs to other services
Then Zuul turned bad - in a different way
89. @bagder
Less good
Flaky tests/CI still
Slow CI tests sometimes
Vulnerabilities are still reported yes but...
Still regressions, but less frequently? happens
Could use more people who stick around always
@bagder
91. @bagder
What I do here
I help keeping the vision – what curl and
libcurl should do
I do curl development and fix problems – for
fun and for customers
I support users and developers experiencing
problems or bugs.
I review code and suggestions
I’m guiding the architecture of existing and
future features
I document how things work and should work
I inform project members and “the outside
world” about news and things we work on
I aim to master the protocols curl works with
I admin and host the web site, mailing list and
random services
I often serve as a “public face” for the project.
It is sometimes said to be “mine” (it isn’t)
I talk about and “market” the project in many
places and ways
94. Everything will be networked
If it isn’t powered now, it will be soon
If it is powered, it will be networked
If it is networked, it needs Internet access
If it needs Internet access, curl can help
@bagder
@bagder
97. @bagder
TODO?
I have a personal list of things I want to work on
I hope to do more curl work for hire
What do you want to see?
98. @bagder
Talk to us!
I’m @bagder on Twitter
We’re in #curl on libera.chat IRC
File bug reports:
https://github.com/curl/curl/issues
Submit pull-requests:
https://github.com/curl/curl/pulls
Security problems:
https://hackerone.com/curl
Mailing lists:
curl-users for command line tool
questions and support
curl-library for libcurl users,
development, debugging,
architecture, new stuff.
https://curl.se/mail/