A Tale Of A Trailing Dot
https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-dot/ [daniel.haxx.se]
2022-05-14 00:41
tags:
networking
security
standard
text
turtles
web
Trailing dots on host names in URLs is the gift that keeps on giving. Let me take you through a dwindling story of how the dot is handled differently in different places through the stack of an Internet client. The evil trailing dot.
source: L
HTTP/3 explained
https://daniel.haxx.se/http3-explained/ [daniel.haxx.se]
2019-02-05 17:37
tags:
networking
reference
standard
web
HTTP/3 is the to-become next generation of the HTTP protocol family. This version is similar to HTTP/2 in features, and is most different than its predecessor primarily by the fact that HTTP/3 will only be done over QUIC.
QUIC is a new reliable transport protocol that could be viewed as a sort of next generation TCP.
HTTP/3 explained is a free and open booklet describing the HTTP/3 and QUIC protocols.
Web version: https://http3-explained.haxx.se/en/
source: HN
HTTP/3
https://daniel.haxx.se/blog/2018/11/11/http-3/ [daniel.haxx.se]
2018-11-12 16:07
tags:
networking
standard
web
The protocol that’s been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3.
When the work took off in the IETF to standardize the protocol, it was split up in two layers: the transport and the HTTP parts. The idea being that this transport protocol can be used to transfer other data too and its not just done explicitly for HTTP or HTTP-like protocols.
source: L
GAAAAAH curl vuln disclosure vuln
https://daniel.haxx.se/blog/2018/03/14/gaaaaah/ [daniel.haxx.se]
2018-03-15 01:18
tags:
development
opsec
security
Problem:
The encrypted email pointed out to me in clear terms that there was information available publicly on the curl web site about the security vulnerabilities that we intended to announce in association with the next curl release, on March 21.
Solution:
know how to use git correctly
Keeping time delayed secrets secret is hard.
source: L
Fewer mallocs in curl
https://daniel.haxx.se/blog/2017/04/22/fewer-mallocs-in-curl/ [daniel.haxx.se]
2017-04-23 16:42
tags:
c
development
library
malloc
perf
programming
The old curl did 263 times the number of allocations the current does for this example. Or the other way around: the new one does 0.37% the number of allocations the old one did…
Simple changes, big improvement.
source: HN
Lesser HTTPS for non-browsers
https://daniel.haxx.se/blog/2017/01/10/lesser-https-for-non-browsers/ [daniel.haxx.se]
2017-01-12 04:18
tags:
browser
library
networking
security
web
Browsers do all sorts of things to keep https connections secure. Most other clients do not. Why can’t we all just get along?
source: L
6 hours of bliss
https://daniel.haxx.se/blog/2016/12/23/6-hours-of-bliss/ [daniel.haxx.se]
2016-12-23 18:46
tags:
bugfix
development
library
networking
programming
random
release
security
The elusive time between release and first bug report. In this case, a pretty bad failure of the random number system.
curl security audit
https://daniel.haxx.se/blog/2016/11/23/curl-security-audit/ [daniel.haxx.se]
2016-11-25 01:03
tags:
c
library
security