The document discusses curl, a command-line tool for transferring data using various application protocols, highlighting its extensive features, user base of 500 million, and over 1,000 contributors. It emphasizes the importance of continuous evolution of curl to adapt to new technologies and protocols, as well as the community-driven nature of its development. Additionally, it addresses security challenges and outlines future advancements such as HTTP/2 and improvements in authentication methods.

1. curl and new
technologies
March 5, 2013

2. Daniel Stenberg
●
Free Software
●
Network hacker
●
Embedded developer
●
Consultant
Email: daniel@haxx.se
Twitter: @bagder
Web: daniel.haxx.se
Blog: daniel.haxx.se/blog

3. Before
Now
Then
How?

4. Questions?
Interrupt!

5. What is curl?
●
curl and libcurl
●
Transfer data using application
protocols

6. Put in more words
curl is a command line tool for transferring data
with URL syntax, supporting DICT, FILE, FTP, FTPS,
Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS,
POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP,
SMTPS, Telnet and TFTP. curl supports SSL
certificates, HTTP POST, HTTP PUT, FTP uploading,
HTTP form based upload, proxies, cookies,
user+password authentication (Basic, Digest,
NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other
useful tricks.

7. 500 million
users

8. Really 500 million users?
●
Mac OS X ●
PHP sites
●
TVs ●
...
●
IOS
●
Linux
●
Games
●
Version control
systems

9. One day 15 years ago...
●
Scratched an itch

10. Contributors over time
●
1000+ in total
●
Increasing linearly

11. Number of committers
●
74 unique within 12 months
●
125 within 24
●
174 within 36

12. Mailing lists
●
4900 mails during 2012
●
curl­library has 1300+ subscribers

13. Lines of code

14. Bug reports
●
Not counting them sent per mail
●
~1200 submitted during 13 years
●
one new report every 4th day

15. >130 companies use curl
bl a Adobe, AOL, Apple, Blizzard, CERN,
Cisco, Electronic Arts, Facebook,
Garmin, Google, IBM, LG, Linden Labs,
McAfee, Motorola, Nortel, Oracle, Palm,
Panasonic, Philips, Polaroid, RBS,
Research in Motion, RSA Security,
SanDisk, SAS Institute, SEB, Siemens, Sony,
Spotify, Sun, Swisscom, Symantec,
Toshiba, Vmware, Yahoo...

16. 42 bindings
Ada95, Basic, C++, Ch, Cocoa, D, Dylan,
Eiffel, Euphoria, Falcon, Ferite, Gambas,
glib/GTK+, Guile, Haskell, ILE/RPG, Java,
Lisp, Lua, Mono, .NET, Object­Pascal,
Ocaml, Pascal, Perl, PHP, Postgres,
Python, R, Rexx, Ruby, Scheme, S­Lang,
Smalltalk, SP­Forth, SPL, Tcl, Visual Basic,
Visual FoxPro, Q, wxWidgets, XBLite

17. 131 releases
●
bi­monthly release cycle

18. 16 security problems
●
Security is hard
●
Problems are unavoidable
●
Deal with them properly

19. It is personal
I've given this project some 10000
spare time hours, I started it, I lead
it, I've done the design and most of
the development.
How can it not be personal?

20. How does it run?
●
Volunteers
●
Reviews by mail
●
Mailing list driven
●
Test suite and autobuilds
●
Small core team

21. When is it done?
●
How long is a rope?
●
When is the last bug found?
●
When do we stop adding
functionality?

22. New Technology
●
Internet, protocols and file
transfers evolve
●
Curl has to evolve along
●
You can help!

23. Happy Eyeballs
●
Dual­stack behaviors
●
RFC6555
●
Basically two connect attempts
at once

24. DANE
●
DNS­Based Authentication of
Named Entities (DANE)
●
RFC6698
●
Because SSL's CA system is
broken
●
Resolver dependency
●
Should use a lib

25. SRV/URI records
●
DNS based hints to find (web)
servers
●
In use by non­HTTP protocols
●
Latency penalties
●
Tricky resolver dependencies

26. HTTP pipelining
●
Present in HTTP 1.1, RFC2616
●
Riddled with server problems
●
Circumvents latency issues
●
Coming soon!

27. HTTP2 (SPDY)
●
Discussed in IETF's httpbis WG
●
Based on SPDY/3
●
SCTP and SSH like with multiple
streams within a physical TCP
connection
●
Spindly vs spdylay

28. New HTTP auth
●
Passwords must die
●
Existing auth methods are full of
problems
●
Digest relies on MD5
●
But... browser basically don't do
HTTP auth

29. SSL to proxy
●
SSL over proxy is usually done with
a HTTP CONNECT over plain HTTP
●
Increase privacy within
organizations
●
Supported by Chrome
●
Tricky because of SSL backends

30. … and much much more!
●
It never ends
●
Transports are fundamental to
Internet
●
curl transports the Internet

31. How?
●
Companies fund features
●
Individuals fix problems
●
Join us and help out!

32. Thank you
Daniel Stenberg <daniel@haxx.se>