A Tale Of A Trailing Dot
Trailing dots on host names in URLs is the gift that keeps on giving. Let me take you through a dwindling story of how the dot is handled differently in different places through the stack of an Internet client. The evil trailing dot.
HTTP/3 is the to-become next generation of the HTTP protocol family. This version is similar to HTTP/2 in features, and is most different than its predecessor primarily by the fact that HTTP/3 will only be done over QUIC.
QUIC is a new reliable transport protocol that could be viewed as a sort of next generation TCP.
HTTP/3 explained is a free and open booklet describing the HTTP/3 and QUIC protocols.
Web version: https://http3-explained.haxx.se/en/
The protocol that’s been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3.
When the work took off in the IETF to standardize the protocol, it was split up in two layers: the transport and the HTTP parts. The idea being that this transport protocol can be used to transfer other data too and its not just done explicitly for HTTP or HTTP-like protocols.
GAAAAAH curl vuln disclosure vuln
The encrypted email pointed out to me in clear terms that there was information available publicly on the curl web site about the security vulnerabilities that we intended to announce in association with the next curl release, on March 21.
know how to use git correctly
Keeping time delayed secrets secret is hard.
Fewer mallocs in curl
The old curl did 263 times the number of allocations the current does for this example. Or the other way around: the new one does 0.37% the number of allocations the old one did…
Simple changes, big improvement.
Lesser HTTPS for non-browsers
Browsers do all sorts of things to keep https connections secure. Most other clients do not. Why can’t we all just get along?
6 hours of bliss
The elusive time between release and first bug report. In this case, a pretty bad failure of the random number system.
curl security audit