Post on 29-Nov-2014
description
curl and new technologies
March 5, 2013
Daniel Stenberg
Email: daniel@haxx.seTwitter: @bagderWeb: daniel.haxx.seBlog: daniel.haxx.se/blog
● Free Software● Network hacker● Embedded developer● Consultant
Before
Now
Then
How?
Questions?
Interrupt!
What is curl?● curl and libcurl● Transfer data using application
protocols
Put in more wordscurl is a command line tool for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.
500 million users
Really 500 million users?● Mac OS X● TVs● IOS● Linux● Games● Version control
systems
● PHP sites● ...
One day 15 years ago...● Scratched an itch
Contributors over time● 1000+ in total● Increasing linearly
Number of committers● 74 unique within 12 months● 125 within 24● 174 within 36
Mailing lists● 4900 mails during 2012● curllibrary has 1300+ subscribers
Lines of code
Bug reports● Not counting them sent per mail● ~1200 submitted during 13 years● one new report every 4th day
>130 companies use curl
bl a Adobe, AOL, Apple, Blizzard, CERN, Cisco, Electronic Arts, Facebook, Garmin, Google, IBM, LG, Linden Labs, McAfee, Motorola, Nortel, Oracle, Palm, Panasonic, Philips, Polaroid, RBS, Research in Motion, RSA Security, SanDisk, SAS Institute, SEB, Siemens, Sony, Spotify, Sun, Swisscom, Symantec, Toshiba, Vmware, Yahoo...
42 bindings
Ada95, Basic, C++, Ch, Cocoa, D, Dylan, Eiffel, Euphoria, Falcon, Ferite, Gambas, glib/GTK+, Guile, Haskell, ILE/RPG, Java, Lisp, Lua, Mono, .NET, ObjectPascal, Ocaml, Pascal, Perl, PHP, Postgres, Python, R, Rexx, Ruby, Scheme, SLang, Smalltalk, SPForth, SPL, Tcl, Visual Basic, Visual FoxPro, Q, wxWidgets, XBLite
131 releases● bimonthly release cycle
16 security problems● Security is hard● Problems are unavoidable● Deal with them properly
It is personal
I've given this project some 10000 spare time hours, I started it, I lead it, I've done the design and most of the development.
How can it not be personal?
How does it run?● Volunteers● Reviews by mail● Mailing list driven● Test suite and autobuilds● Small core team
When is it done?● How long is a rope?● When is the last bug found?● When do we stop adding
functionality?
New Technology● Internet, protocols and file
transfers evolve● Curl has to evolve along● You can help!
Happy Eyeballs● Dualstack behaviors● RFC6555● Basically two connect attempts
at once
DANE● DNSBased Authentication of
Named Entities (DANE)● RFC6698● Because SSL's CA system is
broken● Resolver dependency● Should use a lib
SRV/URI records● DNS based hints to find (web)
servers● In use by nonHTTP protocols● Latency penalties● Tricky resolver dependencies
HTTP pipelining● Present in HTTP 1.1, RFC2616● Riddled with server problems● Circumvents latency issues● Coming soon!
HTTP2 (SPDY)● Discussed in IETF's httpbis WG● Based on SPDY/3● SCTP and SSH like with multiple
streams within a physical TCP connection
● Spindly vs spdylay
New HTTP auth● Passwords must die● Existing auth methods are full of
problems● Digest relies on MD5● But... browser basically don't do
HTTP auth
SSL to proxy● SSL over proxy is usually done with
a HTTP CONNECT over plain HTTP● Increase privacy within
organizations● Supported by Chrome● Tricky because of SSL backends
… and much much more!● It never ends● Transports are fundamental to
Internet● curl transports the Internet
How?● Companies fund features● Individuals fix problems
● Join us and help out!
Thank you
Daniel Stenberg <daniel@haxx.se>