one of the worst ever "comprehensive security audits" ...
HackerOne
curl disclosed on HackerOne: Multiple Unsafe strcpy() Function...
## Summary: During a comprehensive security audit of the cURL codebase, multiple instances of unsafe strcpy() function usage were identified in cri...
I was #awarded Developer of the year yesterday (in Sweden).
daniel.haxx.se
Developer of the year
Developers Day is a recent annual Swedish gala organized by the Stockholm-based company Developers Bay. This is its third year running. They have a...
"Open Source as Europe’s Strategic Advantage" a 46-page report by the Linux Foundation
Open Source as Europe’s Strategic Advantage
Open Source as Europe’s Strategic Advantage
There's going to be more speak about AIs finding genuine security problems soon. Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)
Remember this fun URL from three years ago?
daniel.haxx.se
http://http://http://@http://http://?http://#http://
The other day I sent out this tweet As it took off, got an amazing attention and I received many different comments and replies, I felt a need to e...
 image
Having ongoing discussions about URL parsing differences as a basis for a #curl security vulnerability report made me check when I wrote my "my URL isn't your URL" blog post. *Nine years ago*. And we have not made a single move towards a solution in all this time.
daniel.haxx.se
My URL isn’t your URL
When I started the precursor to the curl project, httpget, back in 1996, I wrote my first URL parser. Back then, the universal address was still ca...
Friend and local Internet hero Patrik "paf" Fältström was voted into the Internet Hall of Fame:
Internet Hall of Fame
Patrik Fältström - Internet Hall of Fame
A steadfast pioneer of interoperability, 2025 inductee Patrik Fältström helped connect people across devices and languages.
Today is exactly twelve years ago since we created the lib/http2.c source file in the #curl source tree, and doing HTTP would never be the same again. The paradigm shift going from one transfer per connection to possibly multiple transfers per connection was massive and took many years until most of the bugs were ironed out.
My two favorite photos of me from my Open Source Summit Europe keynote last week. Pictures by Linux Foundation.
image image
Some graphs are simpler image