tl;dr:Daniel discusses a significant security flaw in curl, which he describes as the "worst security problem found in curl in a long time." The vulnerability stems from a heap overflow issue related to how curl handles SOCKS5 proxy connections with overly long hostnames. Daniel explains the technical intricacies of the flaw, its origins, and the subsequent fix.
tl;dr:"IDN, International Domain Names, is the concept that lets us register and use international characters in domain names, and by international we of course mean characters outside of the ASCII range. Recently I have fought some battles against IDN and IDN decoding so I felt this urge to write a lot of words about it to help me in my healing process and maybe mend my scars a little. I am not sure it worked but at least I feel a little better now."
tl;dr:"This adventure started with an issue where a user pointed out that the libcurl function for base64 encoding actually would allocate a few bytes too many at times. That turned out to be true and we fixed it fairly quickly. As I glanced at that base64 encoder function that was still loaded and showing in my editor window, it struck me that it really was not written in an optimal way."
tl;dr:"If you throw the above mentioned URL on any random URL parser they may reject it, like the Twitter parser didn’t seem to think it was a URL, or they might come to a different conclusion about the different parts than curl does. In fact, it is likely that they will not do exactly as curl does."
tl;dr:"Everything I know and learned about running and maintaining OS projects for three decades. I have been actively involved in OS development since the early 1990s when I discovered the phenomenon of people writing source code they give away freely for others to use and modify under a certain license."
tl;dr:"Trailing dots on host names in URLs is the gift that keeps on giving. Let me take you through a dwindling story of how the dot is handled differently in different places through the stack of an Internet client. The evil trailing dot."
tl;dr:"Easter eggs are unexpected or undocumented feature in a piece of computer software, included as a joke or bonus" and, among the enthusiast community, "people seem to generally like this concept in software and devices." Dan explains why he's against adding them into Curl.
tl;dr:Although impossible to calculate precisely, Daniel believes zlib, sqlite & libcurl are installed in "billions of devices," and the most widely used software in the world.
tl;dr:"Here’s my collection of 15 of the most common mistakes and issues people will run into when writing applications and services that use libcurl."