SlideShare uma empresa Scribd logo

The state of curl 2019

Daniel Stenberg
Daniel Stenberg

Presentation from curl up 2019. The state of the curl project. In English.

Tecnologia
1 de 52
Baixar para ler offline
The state of curl 2019
The curl project 2019
Stats Mostly from 2010 or later Due to data availability Represents “the modern curl project”
Number of lines of “product code” 2010-02-09 2010-06-16 2010-10-12 2011-02-17 2011-04-22 2011-09-13 2011-11-17 2012-03-22 2012-07-27 2012-11-20 2013-04-12 2013-08-11 2013-12-16 2014-03-26 2014-07-16 2014-11-05 2015-02-25 2015-04-28 2015-08-11 2015-12-01 2016-02-08 2016-05-17 2016-07-21 2016-09-07 2016-11-02 2016-12-22 2017-02-24 2017-06-14 2017-08-13 2017-10-23 2018-01-23 2018-05-15 2018-09-04 2018-12-12 0 20000 40000 60000 80000 100000 120000 140000 160000 180000
Is a 160K a lot or a little? A dozen TLS backends Two SSH backends Three name resolver backends Feature packed; 221 command line options and 267 setopt() options More portable than most More compliant than most More feature-packed than most 25% comments
C! Efficient and portable! Some security problems could be avoided using something else Lots of “reach” would then also be avoided Mitigation: readable code, reviews, tests, fuzzing, static code analyzing
Coverity on curl – fixed defects
Coverity on curl – defects over time
OSS-Fuzz reports over time 2017-06 2017-07 2017-08 2017-09 2017-10 2017-11 2017-12 2018-01 2018-02 2018-03 2018-04 2018-05 2018-06 2018-07 2018-08 2018-09 2018-10 2018-11 2018-12 2019-01 2019-02 2019-03 0 2 4 6 8 10 12 14 16
Test cases over time 2010-02-09 2010-06-16 2010-10-12 2011-02-17 2011-04-22 2011-09-13 2011-11-17 2012-03-22 2012-07-27 2012-11-20 2013-04-12 2013-08-11 2013-12-16 2014-03-26 2014-07-16 2014-11-05 2015-02-25 2015-04-28 2015-08-11 2015-12-01 2016-02-08 2016-05-17 2016-07-21 2016-09-07 2016-11-02 2016-12-22 2017-02-24 2017-06-14 2017-08-13 2017-10-23 2018-01-23 2018-05-15 2018-09-04 2018-12-12 0 200 400 600 800 1000 1200 1400
Source vs tests over time 2010-02-09 2010-08-11 2011-02-17 2011-06-23 2011-11-17 2012-05-24 2012-11-20 2013-06-22 2013-12-16 2014-05-20 2014-11-05 2015-04-22 2015-08-11 2016-01-27 2016-05-17 2016-08-03 2016-11-02 2017-02-22 2017-06-14 2017-10-04 2018-01-23 2018-07-11 2018-12-12 0 20000 40000 60000 80000 100000 120000 140000 160000 -100 100 300 500 700 900 1100 1300 Test cases Lines of code Linesofcode Numberoftestcases
Source lines per test file since 20107.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.42.1 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 120 130 140 150 160 170 180 The y-axis is not zero-based!
Test coverage Good to know, hard to measure 72 - 78% on coveralls.io For a single TLS – SSH – resolver – config setup! Some tests too slow for coverage runs in the cloud (torture) Some code paths still hard to test with existing test suite
Daniel’s share of curl commits 2010-01-13 2010-08-10 2011-04-16 2011-11-01 2012-06-19 2013-02-06 2013-07-09 2013-12-22 2014-05-04 2014-10-29 2015-02-19 2015-08-20 2016-03-29 2016-10-24 2017-04-29 2017-09-15 2018-05-02 2018-11-23 0 10 20 30 40 50 60 70 80
Commits per release since 2010 7.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 50 100 150 200 250 300 350 400 450 500
Commits per year 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 0 200 400 600 800 1000 1200 1400 1600 1800
Commit authors in curl since 20102010-01 2010-03 2010-05 2010-07 2010-09 2010-11 2011-01 2011-03 2011-05 2011-07 2011-09 2011-11 2012-01 2012-03 2012-05 2012-07 2012-09 2012-11 2013-01 2013-03 2013-05 2013-07 2013-09 2013-11 2014-01 2014-03 2014-05 2014-07 2014-09 2014-11 2015-01 2015-03 2015-05 2015-07 2015-09 2015-11 2016-01 2016-03 2016-05 2016-07 2016-09 2016-11 2017-01 2017-03 2017-05 2017-07 2017-09 2017-11 2018-01 2018-03 2018-05 2018-07 2018-09 2018-11 2019-01 2019-03 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 0 100 200 300 400 500 600 700 First Commit Authors Total count Date Authorspermonth Authorsoveralltime
Authors per month, excluding first-timers 2010-01 2010-04 2010-07 2010-10 2011-01 2011-04 2011-07 2011-10 2012-01 2012-04 2012-07 2012-10 2013-01 2013-04 2013-07 2013-10 2014-01 2014-04 2014-07 2014-10 2015-01 2015-04 2015-07 2015-10 2016-01 2016-04 2016-07 2016-10 2017-01 2017-04 2017-07 2017-10 2018-01 2018-04 2018-07 2018-10 2019-01 0 2 4 6 8 10 12 14 16 18 20
Top-10 commit author share since forever Marc Hoersken Kamil Dudka Patrick Monnerat Jay Satiro Gisle Vanem Guenter Knauf Dan Fandrich Steve Holme Yang Tse (The rest) Daniel Stenberg 0 10 20 30 40 50 60
Top-10 commit author share since 2017 Kamil Dudka Viktor Szakats Johannes Schindelin Michael Kaufmann Daniel Gustafsson Dan Fandrich Patrick Monnerat Jay Satiro Marcel Raad (The rest) Daniel Stenberg 0 10 20 30 40 50 60
Days between curl releases since 2010 Average: 50 Median: 56 7.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 10 20 30 40 50 60 70 80 90 Max: 83 Min: 2
Bug-fixes per release since 20107.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.42.1 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 20 40 60 80 100 120 140
Bug-fixes per day since 2010February92010 April142010 June162010 August112010 October132010 December152010 February172011 April172011 April222011 June232011 September132011 November152011 November172011 January242012 March222012 May242012 July272012 October102012 November202012 February62013 April122013 June222013 August122013 October142013 December172013 January292014 March262014 May212014 July162014 September102014 November52014 January82015 February252015 April222015 April292015 June172015 August122015 October72015 December22015 January272016 February82016 March232016 May182016 May302016 July212016 August32016 September72016 September142016 November22016 December212016 December232016 February222017 February242017 April192017 June142017 August92017 August142017 October42017 October232017 November292017 January242018 March142018 May162018 July112018 September52018 October312018 December122018 February62019 March272019 0 1 2 3 4 5 6
Vulnerability reports since 2010 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 0 5 10 15 20 25
Lessons from past vulnerabilities? Integer overflows are tricky things – different architectures make them more so Most flaws linger in the code a long time until detected Fuzzing is king Fixing the flaws is usually straight-forward Bug bounties can help
Top-20 changed source files since 2010 lib/url.c lib/vtls/openssl.c lib/imap.c lib/http2.c lib/smtp.c lib/multi.c lib/pop3.c include/curl/curl.h src/tool_getparam.c lib/transfer.c src/tool_operate.c lib/http.c lib/connect.c lib/urldata.h lib/ssh.c include/curl/curlver.h lib/ftp.c lib/curl_sasl.c lib/vtls/darwinssl.c lib/vtls/nss.c 0 50 100 150 200 250
Annual user survey What is used, what is ignored What is good, what is bad What should be added, what should be removed How are we doing
How good is the project to handle 2014 2015 2016 2017 2018 3 3.2 3.4 3.6 3.8 4 4.2 4.4 4.6 4.8 5 security credit patches bug reports information newcomers minorities (According to the annual user survey)
curl’s top-5 areas according to users the libcurl API the support of many protocols documentation its availability and functionality on many platforms the quality of the products, curl/libcurl 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 2017 2018
curl’s worst-5 areas according to users project web site and infrastructure welcoming to new users and contributors the libcurl API its build environment/setup documentation 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 2017 2018
User survey 2019 Around May time frame Very much interested in feedback on where to take it and what to ask for Received 670 responses 2018 https://daniel.haxx.se/blog/2018/06/12/curl-survey-2018-analysis/
Web site traffic 2019 Fastly makes our lives easier 1.5 million requests/day (from 1.8) 41.6 TB the last 12 months Fast web site, close to most users No logs, no tracking, very little stats
[curl] 34,550 times [libcurl] 2,510 times
Google trends, worldwide search Wget rsync curl Includes wget and rsync only to provide references with similar projects
CII Best Practices https://bestpractices.coreinfrastructure.org/en/projects/63 100% passing 96% Silver 26% Gold “SHOULD have a legal mechanism where all developers of non-trivial amounts of project software assert that they are legally authorized to make these contributions”
Everyone uses curl 2019 Apps: Youtube, Instagram, Skype, Spotify, ... OS: iOS, macOS, Windows, Linux, ChromeOS, AOSP, ... Cars: Mercedes, BMW, Toyota, Nissan, Volkswagen, … Game consoles: PS4, Nintendo Switch, ... Games: Fortnite, Red Dead Redemption 2, Spider Man, … Estimate: 6 billion installationsEstimate: 6 billion installations
Done the last 12 months
Defaults (1/4) multiplexing enabled by default defaults to "2TLS" leave secure cookies alone high resolution timestamps on Windows headers output in bold
New features (2/4) DNS-over-HTTPS support URL parsing API curl_easy_upkeep() --resolve supports wildcard hosts trailing headers support for chunked transfer uploads alt-svc
Improvements (3/4) %{stderr} and %{stdout} for --write-out support for HTTP Bearer tokens IMAP changed from "FETCH" to "UID FETCH" MesaLink is a new TLS backend microsecond resolution timers for seven getinfo intervals
New setopts (4/4) CURLOPT_CURLU CURLOPT_UPLOAD_BUFFERSIZE CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS CURLOPT_DISALLOW_USERNAME_IN_URL CURLOPT_HAPROXYPROTOCOL CURLOPT_DNS_SHUFFLE_ADDRESSES (the alt-svc pair)
Everything curl 70K words, 10K lines 332 pages (PDF version) “95.1% complete” https://ec.haxx.se/
Everything curl – printed https://curl.haxx.se/book.html
Less good Flaky tests/CI Slow CI tests Vulnerabilities are still reported Still regressions, but less frequently? Could use more people who stick around
FutureFuture
Planning I can’t tell what “we” will do I have some ideas about what to do next Things change all time time Tell us what you want!
Version 8 Release every 56 days 7.65.0 is next A bump in every release gives us 35 * 56 = 1960 days until version 7.100 I want to avoid reaching 7.100 due to confusions it’ll create 1960 days == 5 years and 4.5 months == September 2024 Evolutionary, not revolutionary?
libcurl work to consider Keep up with browsers HTTP/3 and QUIC ESNI Hardcode localhost Refuse HTTP => HTTPS redirects Option to let CURLOPT_CUSTOMREQUEST be overridden on redirect HSTS "menu config"-style build feature selection
New APIs? Config file reader
curl tool work to consider Parallel transfers Support for HTTP/2 Push Master/slave mode Make --retry resume This list is identical to last year’s curl tool list!
Finally

Recomendados

Software Development Trends 2010-2011
Software Development Trends 2010-2011Software Development Trends 2010-2011
Software Development Trends 2010-2011Charalampos Arapidis
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKCrocodile WebRTC SDK and Cloud Signalling Network
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big DataSwiss Data Forum Swiss Data Forum
 
Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Christian Heilmann
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureLuqman Shareef
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
The business case for SD WAN in the enterprise
The business case for SD WAN in the enterprise The business case for SD WAN in the enterprise
The business case for SD WAN in the enterprise Colt Technology Services
 

Recomendados

Software Development Trends 2010-2011
Software Development Trends 2010-2011Software Development Trends 2010-2011
Software Development Trends 2010-2011Charalampos Arapidis
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKCrocodile WebRTC SDK and Cloud Signalling Network
 
Internet of Things and Big Data
Internet of Things and Big DataInternet of Things and Big Data
Internet of Things and Big DataSwiss Data Forum Swiss Data Forum
 
Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Enjoying the full stack - Frontend 2010
Enjoying the full stack - Frontend 2010Christian Heilmann
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureLuqman Shareef
 
IPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationIPv6 Adoption --- Acceleration
IPv6 Adoption --- AccelerationSwiss IPv6 Council
 
The business case for SD WAN in the enterprise
The business case for SD WAN in the enterprise The business case for SD WAN in the enterprise
The business case for SD WAN in the enterprise Colt Technology Services
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloréapidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloréapidays
 
Gojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applicationsGojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applicationsDaniel Zivkovic
 
Keypoints html5
Keypoints html5Keypoints html5
Keypoints html5dynamis
 
DevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTCDevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTCCrocodile WebRTC SDK and Cloud Signalling Network
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraCarlo Bonamico
 
Oracle Analytics.pptx
Oracle Analytics.pptxOracle Analytics.pptx
Oracle Analytics.pptxAYODEJIOLABOOYE1
 
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskimPLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskimPROIDEA
 
Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7Mediacurrent
 
Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013Jonathan Jeon
 
Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018Phil Wilkins
 
Astricon WebRTC Update
Astricon WebRTC UpdateAstricon WebRTC Update
Astricon WebRTC UpdateChad Hart
 
Internet6: A Digital Game Changer
Internet6: A Digital Game ChangerInternet6: A Digital Game Changer
Internet6: A Digital Game ChangerCARLOS RALLI-UCENDO
 
Mobility & Data Strategies
Mobility & Data StrategiesMobility & Data Strategies
Mobility & Data StrategiesSam Basu
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...ScyllaDB
 
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2sundararavind
 
20100614 ISWSA Keynote
20100614 ISWSA Keynote20100614 ISWSA Keynote
20100614 ISWSA KeynoteAxel Polleres
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of ServerlessAndrii Soldatenko
 
Leading Your Business To Success & The Cloud
Leading Your Business To Success & The CloudLeading Your Business To Success & The Cloud
Leading Your Business To Success & The CloudRichard Harbridge
 
mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2Daniel Stenberg
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1Daniel Stenberg
 

Mais conteúdo relacionado

Semelhante a The state of curl 2019

Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloréapidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloréapidays
 
Gojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applicationsGojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applicationsDaniel Zivkovic
 
Keypoints html5
Keypoints html5Keypoints html5
Keypoints html5dynamis
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraCarlo Bonamico
 
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskimPLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskimPROIDEA
 
Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7Mediacurrent
 
Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013Jonathan Jeon
 
Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018Phil Wilkins
 
Astricon WebRTC Update
Astricon WebRTC UpdateAstricon WebRTC Update
Astricon WebRTC UpdateChad Hart
 
Internet6: A Digital Game Changer
Internet6: A Digital Game ChangerInternet6: A Digital Game Changer
Internet6: A Digital Game ChangerCARLOS RALLI-UCENDO
 
Mobility & Data Strategies
Mobility & Data StrategiesMobility & Data Strategies
Mobility & Data StrategiesSam Basu
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...ScyllaDB
 
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2sundararavind
 
20100614 ISWSA Keynote
20100614 ISWSA Keynote20100614 ISWSA Keynote
20100614 ISWSA KeynoteAxel Polleres
 
Leading Your Business To Success & The Cloud
Leading Your Business To Success & The CloudLeading Your Business To Success & The Cloud
Leading Your Business To Success & The CloudRichard Harbridge
 

Semelhante a The state of curl 2019 (20)

Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?
 
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloréapidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
apidays Paris 2022 - The New API Challenges, Pierre-Raymond Pouligny, Bolloré
 
Gojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applicationsGojko's 5 rules for super responsive Serverless applications
Gojko's 5 rules for super responsive Serverless applications
 
Keypoints html5
Keypoints html5Keypoints html5
Keypoints html5
 
DevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTCDevCon5 (July 2014) - Intro to WebRTC
DevCon5 (July 2014) - Intro to WebRTC
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 era
 
Oracle Analytics.pptx
Oracle Analytics.pptxOracle Analytics.pptx
Oracle Analytics.pptx
 
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskimPLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
PLNOG 7: Kamil Ciukszo - Modele biznesowe na rynku operatorskim
 
Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7Introduction to HTML5/CSS3 In Drupal 7
Introduction to HTML5/CSS3 In Drupal 7
 
Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013Top 10 Web and HTML5 Predictions for 2013
Top 10 Web and HTML5 Predictions for 2013
 
Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018Oracle Developer Meetup March 2018
Oracle Developer Meetup March 2018
 
Astricon WebRTC Update
Astricon WebRTC UpdateAstricon WebRTC Update
Astricon WebRTC Update
 
Internet6: A Digital Game Changer
Internet6: A Digital Game ChangerInternet6: A Digital Game Changer
Internet6: A Digital Game Changer
 
Mobility & Data Strategies
Mobility & Data StrategiesMobility & Data Strategies
Mobility & Data Strategies
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspective
 
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
 
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
CognitiveAnalyticsWithSparkAndZeppelinMeetup-v0.2
 
20100614 ISWSA Keynote
20100614 ISWSA Keynote20100614 ISWSA Keynote
20100614 ISWSA Keynote
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
 
Leading Your Business To Success & The Cloud
Leading Your Business To Success & The CloudLeading Your Business To Success & The Cloud
Leading Your Business To Success & The Cloud
 

Mais de Daniel Stenberg

mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2Daniel Stenberg
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1Daniel Stenberg
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdfDaniel Stenberg
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022Daniel Stenberg
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022Daniel Stenberg
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022Daniel Stenberg
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curlDaniel Stenberg
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurlDaniel Stenberg
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPDaniel Stenberg
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for securityDaniel Stenberg
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurlDaniel Stenberg
 
HTTP/3, QUIC and streaming
HTTP/3, QUIC and streamingHTTP/3, QUIC and streaming
HTTP/3, QUIC and streamingDaniel Stenberg
 

Mais de Daniel Stenberg (20)

mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
 
The state of curl 2020
The state of curl 2020The state of curl 2020
The state of curl 2020
 
curl roadmap 2020
curl roadmap 2020curl roadmap 2020
curl roadmap 2020
 
curl better
curl bettercurl better
curl better
 
HTTP/3 for everyone
HTTP/3 for everyoneHTTP/3 for everyone
HTTP/3 for everyone
 
HTTP/3, QUIC and streaming
HTTP/3, QUIC and streamingHTTP/3, QUIC and streaming
HTTP/3, QUIC and streaming
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

The state of curl 2019

  • 1.
  • 2. The state of curl 2019
  • 4. Stats Mostly from 2010 or later Due to data availability Represents “the modern curl project”
  • 5. Number of lines of “product code” 2010-02-09 2010-06-16 2010-10-12 2011-02-17 2011-04-22 2011-09-13 2011-11-17 2012-03-22 2012-07-27 2012-11-20 2013-04-12 2013-08-11 2013-12-16 2014-03-26 2014-07-16 2014-11-05 2015-02-25 2015-04-28 2015-08-11 2015-12-01 2016-02-08 2016-05-17 2016-07-21 2016-09-07 2016-11-02 2016-12-22 2017-02-24 2017-06-14 2017-08-13 2017-10-23 2018-01-23 2018-05-15 2018-09-04 2018-12-12 0 20000 40000 60000 80000 100000 120000 140000 160000 180000
  • 6. Is a 160K a lot or a little? A dozen TLS backends Two SSH backends Three name resolver backends Feature packed; 221 command line options and 267 setopt() options More portable than most More compliant than most More feature-packed than most 25% comments
  • 7. C! Efficient and portable! Some security problems could be avoided using something else Lots of “reach” would then also be avoided Mitigation: readable code, reviews, tests, fuzzing, static code analyzing
  • 8. Coverity on curl – fixed defects
  • 9. Coverity on curl – defects over time
  • 10. OSS-Fuzz reports over time 2017-06 2017-07 2017-08 2017-09 2017-10 2017-11 2017-12 2018-01 2018-02 2018-03 2018-04 2018-05 2018-06 2018-07 2018-08 2018-09 2018-10 2018-11 2018-12 2019-01 2019-02 2019-03 0 2 4 6 8 10 12 14 16
  • 11. Test cases over time 2010-02-09 2010-06-16 2010-10-12 2011-02-17 2011-04-22 2011-09-13 2011-11-17 2012-03-22 2012-07-27 2012-11-20 2013-04-12 2013-08-11 2013-12-16 2014-03-26 2014-07-16 2014-11-05 2015-02-25 2015-04-28 2015-08-11 2015-12-01 2016-02-08 2016-05-17 2016-07-21 2016-09-07 2016-11-02 2016-12-22 2017-02-24 2017-06-14 2017-08-13 2017-10-23 2018-01-23 2018-05-15 2018-09-04 2018-12-12 0 200 400 600 800 1000 1200 1400
  • 12. Source vs tests over time 2010-02-09 2010-08-11 2011-02-17 2011-06-23 2011-11-17 2012-05-24 2012-11-20 2013-06-22 2013-12-16 2014-05-20 2014-11-05 2015-04-22 2015-08-11 2016-01-27 2016-05-17 2016-08-03 2016-11-02 2017-02-22 2017-06-14 2017-10-04 2018-01-23 2018-07-11 2018-12-12 0 20000 40000 60000 80000 100000 120000 140000 160000 -100 100 300 500 700 900 1100 1300 Test cases Lines of code Linesofcode Numberoftestcases
  • 13. Source lines per test file since 20107.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.42.1 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 120 130 140 150 160 170 180 The y-axis is not zero-based!
  • 14. Test coverage Good to know, hard to measure 72 - 78% on coveralls.io For a single TLS – SSH – resolver – config setup! Some tests too slow for coverage runs in the cloud (torture) Some code paths still hard to test with existing test suite
  • 15. Daniel’s share of curl commits 2010-01-13 2010-08-10 2011-04-16 2011-11-01 2012-06-19 2013-02-06 2013-07-09 2013-12-22 2014-05-04 2014-10-29 2015-02-19 2015-08-20 2016-03-29 2016-10-24 2017-04-29 2017-09-15 2018-05-02 2018-11-23 0 10 20 30 40 50 60 70 80
  • 16. Commits per release since 2010 7.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 50 100 150 200 250 300 350 400 450 500
  • 17. Commits per year 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 0 200 400 600 800 1000 1200 1400 1600 1800
  • 18. Commit authors in curl since 20102010-01 2010-03 2010-05 2010-07 2010-09 2010-11 2011-01 2011-03 2011-05 2011-07 2011-09 2011-11 2012-01 2012-03 2012-05 2012-07 2012-09 2012-11 2013-01 2013-03 2013-05 2013-07 2013-09 2013-11 2014-01 2014-03 2014-05 2014-07 2014-09 2014-11 2015-01 2015-03 2015-05 2015-07 2015-09 2015-11 2016-01 2016-03 2016-05 2016-07 2016-09 2016-11 2017-01 2017-03 2017-05 2017-07 2017-09 2017-11 2018-01 2018-03 2018-05 2018-07 2018-09 2018-11 2019-01 2019-03 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 0 100 200 300 400 500 600 700 First Commit Authors Total count Date Authorspermonth Authorsoveralltime
  • 19. Authors per month, excluding first-timers 2010-01 2010-04 2010-07 2010-10 2011-01 2011-04 2011-07 2011-10 2012-01 2012-04 2012-07 2012-10 2013-01 2013-04 2013-07 2013-10 2014-01 2014-04 2014-07 2014-10 2015-01 2015-04 2015-07 2015-10 2016-01 2016-04 2016-07 2016-10 2017-01 2017-04 2017-07 2017-10 2018-01 2018-04 2018-07 2018-10 2019-01 0 2 4 6 8 10 12 14 16 18 20
  • 20. Top-10 commit author share since forever Marc Hoersken Kamil Dudka Patrick Monnerat Jay Satiro Gisle Vanem Guenter Knauf Dan Fandrich Steve Holme Yang Tse (The rest) Daniel Stenberg 0 10 20 30 40 50 60
  • 21. Top-10 commit author share since 2017 Kamil Dudka Viktor Szakats Johannes Schindelin Michael Kaufmann Daniel Gustafsson Dan Fandrich Patrick Monnerat Jay Satiro Marcel Raad (The rest) Daniel Stenberg 0 10 20 30 40 50 60
  • 22. Days between curl releases since 2010 Average: 50 Median: 56 7.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 10 20 30 40 50 60 70 80 90 Max: 83 Min: 2
  • 23. Bug-fixes per release since 20107.20.0 7.20.1 7.21.0 7.21.1 7.21.2 7.21.3 7.21.4 7.21.5 7.21.6 7.21.7 7.22.0 7.23.0 7.23.1 7.24.0 7.25.0 7.26.0 7.27.0 7.28.0 7.28.1 7.29.0 7.30.0 7.31.0 7.32.0 7.33.0 7.34.0 7.35.0 7.36.0 7.37.0 7.37.1 7.38.0 7.39.0 7.40.0 7.41.0 7.42.0 7.42.1 7.43.0 7.44.0 7.45.0 7.46.0 7.47.0 7.47.1 7.48.0 7.49.0 7.49.1 7.50.0 7.50.1 7.50.2 7.50.3 7.51.0 7.52.0 7.52.1 7.53.0 7.53.1 7.54.0 7.54.1 7.55.0 7.55.1 7.56.0 7.56.1 7.57.0 7.58.0 7.59.0 7.60.0 7.61.0 7.61.1 7.62.0 7.63.0 7.64.0 7.64.1 0 20 40 60 80 100 120 140
  • 24. Bug-fixes per day since 2010February92010 April142010 June162010 August112010 October132010 December152010 February172011 April172011 April222011 June232011 September132011 November152011 November172011 January242012 March222012 May242012 July272012 October102012 November202012 February62013 April122013 June222013 August122013 October142013 December172013 January292014 March262014 May212014 July162014 September102014 November52014 January82015 February252015 April222015 April292015 June172015 August122015 October72015 December22015 January272016 February82016 March232016 May182016 May302016 July212016 August32016 September72016 September142016 November22016 December212016 December232016 February222017 February242017 April192017 June142017 August92017 August142017 October42017 October232017 November292017 January242018 March142018 May162018 July112018 September52018 October312018 December122018 February62019 March272019 0 1 2 3 4 5 6
  • 25. Vulnerability reports since 2010 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 0 5 10 15 20 25
  • 26. Lessons from past vulnerabilities? Integer overflows are tricky things – different architectures make them more so Most flaws linger in the code a long time until detected Fuzzing is king Fixing the flaws is usually straight-forward Bug bounties can help
  • 27. Top-20 changed source files since 2010 lib/url.c lib/vtls/openssl.c lib/imap.c lib/http2.c lib/smtp.c lib/multi.c lib/pop3.c include/curl/curl.h src/tool_getparam.c lib/transfer.c src/tool_operate.c lib/http.c lib/connect.c lib/urldata.h lib/ssh.c include/curl/curlver.h lib/ftp.c lib/curl_sasl.c lib/vtls/darwinssl.c lib/vtls/nss.c 0 50 100 150 200 250
  • 28. Annual user survey What is used, what is ignored What is good, what is bad What should be added, what should be removed How are we doing
  • 29. How good is the project to handle 2014 2015 2016 2017 2018 3 3.2 3.4 3.6 3.8 4 4.2 4.4 4.6 4.8 5 security credit patches bug reports information newcomers minorities (According to the annual user survey)
  • 30. curl’s top-5 areas according to users the libcurl API the support of many protocols documentation its availability and functionality on many platforms the quality of the products, curl/libcurl 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 2017 2018
  • 31. curl’s worst-5 areas according to users project web site and infrastructure welcoming to new users and contributors the libcurl API its build environment/setup documentation 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 2017 2018
  • 32. User survey 2019 Around May time frame Very much interested in feedback on where to take it and what to ask for Received 670 responses 2018 https://daniel.haxx.se/blog/2018/06/12/curl-survey-2018-analysis/
  • 33. Web site traffic 2019 Fastly makes our lives easier 1.5 million requests/day (from 1.8) 41.6 TB the last 12 months Fast web site, close to most users No logs, no tracking, very little stats
  • 35. Google trends, worldwide search Wget rsync curl Includes wget and rsync only to provide references with similar projects
  • 36. CII Best Practices https://bestpractices.coreinfrastructure.org/en/projects/63 100% passing 96% Silver 26% Gold “SHOULD have a legal mechanism where all developers of non-trivial amounts of project software assert that they are legally authorized to make these contributions”
  • 37. Everyone uses curl 2019 Apps: Youtube, Instagram, Skype, Spotify, ... OS: iOS, macOS, Windows, Linux, ChromeOS, AOSP, ... Cars: Mercedes, BMW, Toyota, Nissan, Volkswagen, … Game consoles: PS4, Nintendo Switch, ... Games: Fortnite, Red Dead Redemption 2, Spider Man, … Estimate: 6 billion installationsEstimate: 6 billion installations
  • 38. Done the last 12 months
  • 39. Defaults (1/4) multiplexing enabled by default defaults to "2TLS" leave secure cookies alone high resolution timestamps on Windows headers output in bold
  • 40. New features (2/4) DNS-over-HTTPS support URL parsing API curl_easy_upkeep() --resolve supports wildcard hosts trailing headers support for chunked transfer uploads alt-svc
  • 41. Improvements (3/4) %{stderr} and %{stdout} for --write-out support for HTTP Bearer tokens IMAP changed from "FETCH" to "UID FETCH" MesaLink is a new TLS backend microsecond resolution timers for seven getinfo intervals
  • 42. New setopts (4/4) CURLOPT_CURLU CURLOPT_UPLOAD_BUFFERSIZE CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS CURLOPT_DISALLOW_USERNAME_IN_URL CURLOPT_HAPROXYPROTOCOL CURLOPT_DNS_SHUFFLE_ADDRESSES (the alt-svc pair)
  • 43. Everything curl 70K words, 10K lines 332 pages (PDF version) “95.1% complete” https://ec.haxx.se/
  • 44. Everything curl – printed https://curl.haxx.se/book.html
  • 45. Less good Flaky tests/CI Slow CI tests Vulnerabilities are still reported Still regressions, but less frequently? Could use more people who stick around
  • 47. Planning I can’t tell what “we” will do I have some ideas about what to do next Things change all time time Tell us what you want!
  • 48. Version 8 Release every 56 days 7.65.0 is next A bump in every release gives us 35 * 56 = 1960 days until version 7.100 I want to avoid reaching 7.100 due to confusions it’ll create 1960 days == 5 years and 4.5 months == September 2024 Evolutionary, not revolutionary?
  • 49. libcurl work to consider Keep up with browsers HTTP/3 and QUIC ESNI Hardcode localhost Refuse HTTP => HTTPS redirects Option to let CURLOPT_CUSTOMREQUEST be overridden on redirect HSTS "menu config"-style build feature selection
  • 51. curl tool work to consider Parallel transfers Support for HTTP/2 Push Master/slave mode Make --retry resume This list is identical to last year’s curl tool list!