{"id":15372022,"url":"https://github.com/bagder/log","last_synced_at":"2025-04-15T12:32:03.522Z","repository":{"id":38681093,"uuid":"402746080","full_name":"bagder/log","owner":"bagder","description":"Daniel's weekly report of what he's been up to and might do next!","archived":false,"fork":false,"pushed_at":"2023-01-13T22:37:17.000Z","size":302,"stargazers_count":19,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-28T21:12:30.462Z","etag":null,"topics":["curl","diary","report","weekly","wolfssl"],"latest_commit_sha":null,"homepage":"https://bagder.github.io/log/","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bagder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-03T11:26:26.000Z","updated_at":"2024-03-10T02:00:29.000Z","dependencies_parsed_at":"2023-02-09T17:31:31.349Z","dependency_job_id":null,"html_url":"https://github.com/bagder/log","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bagder%2Flog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bagder%2Flog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bagder%2Flog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bagder%2Flog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bagder","download_url":"https://codeload.github.com/bagder/log/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249072349,"owners_count":21208175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["curl","diary","report","weekly","wolfssl"],"created_at":"2024-10-01T13:49:25.538Z","updated_at":"2025-04-15T12:32:03.263Z","avatar_url":"https://github.com/bagder.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Daniel's weekly report\n\n[Subscribe](https://lists.haxx.se/listinfo/daniel) to this as email.\n\n# January 13, 2023\n\n## weekly\n\nThis report, my weekly report, is now possible to subscribe to as a weekly\nemail. [Subscribe here](https://lists.haxx.se/listinfo/daniel)\n\nI was already emailing this to some receivers and I decided I might just as\nwell open this up for anyone who wants to. I have not fully decided yet, but I\nmight switch over to do email only soon. Let me know if this would be a\nproblem for you.\n\nThe emails are and will be [archived\nhere](https://lists.haxx.se/pipermail/daniel/)\n\nI might need to experiment a little with the exact formatting of the report\nas maybe markdown is not ideal for emails.\n\n## httpd tests\n\nThe initial PR with Stefan Eissing's work on yet another test suite for curl\nwas merged. This new test suite is designed and intended to much better allow\nh2 and h3 testing with potentially large amount of parallel transfers.\nSomething the existing test suite is really bad at.\n\nThis new test suite is still in its early days, but should help us not only\ntest and verify h3 going forward on its way to become non-experimental but\nwill also help us test and polish h2 functionality. A proper test suite make\nthings so much better!\n\n## vacation\n\nI will be away from computers and spend the next two weeks mostly offline\nwithout much ability to watch the project or even read email. If anything\nappears in the project in the meantime that needs my help or input it will\njust have to wait until I get back.\n\nI have not had this long planned total offline vacation from curl in many\nyears. It's also a little bit like a test how well things can run in my\nabsence. According to stats, I merged 81% of all commits during the last\ntwelve months and authored 56% of them.\n\nIf you need me for anything in my absence, please consider waiting until I get\nback before you ask, email or file that issue to make the pile of backed up\nstuff for when I get back a little less intimidating.\n\nI'll be back in time to work on the 7.88.0 release.\n\n## feature freeze\n\nThe curl feature freeze was originally meant to happen on January 18th but due\nto my vacation I decided to call it early and close the proverbial gates\nalready this weekend before I leave for my vacation.\n\nThis is going to become an *extended* feature freeze because after the next\nrelease (7.88.0 on February 15th) there will not be another feature window but\nonly bugfixes again until March 20 when we intend to ship **curl 8.0.0.**...\n\n## HTTP/3 steps\n\nOn our path towards removing the **experimental** tag from the curl HTTP/3\nsupport, we decided to tweak the options for how users ask for it. The\n`--http3` option will be transitioned over to asking for HTTP/3 but also do a\nfallback to an earlier HTTP version in case HTTP/3 doesn't work. We believe\nthis is what most users will want, since so many servers don't do HTTP/3 yet\nand also because quite a few organizations and companies block UDP\ntraffic. curl will do h3/h2 attempts happy eyeballs-style: start an h3 attempt\nat the same time as the h2/h1 attempt, with the latter only slightly delayed\nto give h3 a minor preference. The first one that then succeeds to connect\nwins and will be used for the transfer.\n\nA new `--http3-only` option is also introduced. Of course both of these\ncommand line options have their corresponding values for the libcurl\n`CURLOPT_HTTP_VERSION` option.\n\nTo better allow for even more HTTP versions in the future (yes I believe such\nwill come, eventually), I will probably change the command line tool options\nfor this before we remove the experimental label. A `--http-versions` or\nsimilar option could maybe be a single replacement for several of the old HTTP\nversion selector options. I'll get to work on that when I get back from\nvacation.\n\n## AAAA\n\nSeveral friends have pointed out to me that many websites that I host (like\n`lists.haxx.se` and `libssh2.org`) don't have working IPv6 connectivity while\nthey are announcing AAAA entries in DNS. And yeah, I know about this annoyance\nand this week I invested some time to solve it but again I had to admit defeat\nfor now.\n\nWe run a setup with nginx as reverse proxy and each separate domain/website in\nits own docker container, which when things work is a really convenient and\nneat way to compartmentalize everything so that each website is separately\nsetup, configured and truly can't interfere with the others. But the downside\nis that the IPv6 and networking setup is a little complicated and I haven't\nyet worked out what to do to get it working. I will work on it more going\nforward.\n\nFor the biggest websites I run (`curl.se` and `daniel.haxx.se`) this is not a\nproblem because they are fronted to the world by Fastly and they offer proper\nIPv6 functionality.\n\n## Crashes\n\nWe have had a few crashes reported recently that revealed the boring truth\nthat they happen because (some) applications subtly *abuse* the libcurl API\nand call `curl_global_cleanup()` while there are still some transfer in\nprogress. This is clearly documented as not to be done. However, quite clearly\nthis has been possible without any major drawback for a long time so now when\ncrashes suddenly occur after an upgrade to the latest curl release, users\nunsurprisingly blame libcurl for this since \"it worked fine with older\nversions\".\n\nWe ended up changing the code around a bit in an attempt to again make\n`curl_global_cleanup()` a little less likely to go belly-up in these\nsituations. Not the least because the crash that happens is not very easily\ndetected to happen because of this mistake.\n\n## podcast\n\nI am starting an English-speaking podcast together with some fellow Swedish\nopen source peeps. Names and details will follow later.\n\n## Blog posts\n\n - [Copyright without years](https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/)\n - [My weekly report on email](https://daniel.haxx.se/blog/2023/01/10/my-weekly-report-on-email/)\n - [Selecting HTTP version (three)](https://daniel.haxx.se/blog/2023/01/12/selecting-http-version-three/)\n\n## Coming up\n\n- Two weeks of vacation (with no weekly reports)\n\n# January 8, 2023\n\n## Copyrights\n\nInstead of bumping curl copyright year ranges to show 2023, we decided to\nremove the years completely! This means that we have now finally made the last\nupdates of copyright years in curl source headers and feels like a relief.\n\n## GSKit\n\nA discussion fired up in the curl camp about the future and handling of the\nTLS backend called GSKit, primarily used on the systems formerly known as\nAS/400 (nowadays called IBM i). We don't have any CI builds for this and when\nwe break the code it can take a long time until someone notices. Not at good\nsituation for code that handles security related things for curl.\n\ngskit is now mentioned as deprecated and is subject for removal, but there are\nnoises being made and there is hope that it will be rescued and brought up to\nshape so that we can avoid ripping it out.\n\n## noproxy\n\nThe concept of specifying `NO_PROXY` to exclude certain hosts from using a\nproxy is not defined by any standard and spec. (Stan Hu wrote [this nice\nsummary of the\nsituation](https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/)\ntwo years ago.)\n\nIt was pointed out that curl supports a list of **space**-separated patterns\nin addition to the more common **comma**-separated list. Allowing just space\nfor this is more of an accident and has now been marked as deprecated and the\nsupport of those will be removed... in 18 months. Most implementations agree\nthat comma is the correct separator.\n\n## HTTP\n\nStefan's HTTP work has continued and we have worked a bit on the aftermath of\nthe most recent refactor as a few regression turned up. There is a little more\nwork needed to get the msh3 HTTP/3 backend back to functionality, but we are on\nit.\n\nStefan is working on a huge new test suite for HTTP/2 and HTTP/3 which is\ngoing to help us make sure we can remove the experimental tag from HTTP/3\nsupport later this spring.\n\n## HTTP/3\n\nAs a step towards enabling HTTP/3 support for everyone we have also started to\ndiscuss exactly how users would like to ask for HTTP/3 and how to do fallback\nproperly in case HTTP/3 doesn't work - as we expect HTTP/3 to not be too\nwidely supported just yet plus the fact that lots of companies and\norganizations actively block UDP and therefore prevents QUIC from working.\n\nWe also want to be able to transition into having such options enabled by\ndefault at some future point when HTTP/3 is prevalent to motivate it.\n\nRight now, we aim at doing h3/h2 connections a little happy eyeballs style:\nstart the h3 attempt a short moment before we start a parallel h2 attempt, and\nthen we go with the connection that succeeds first.\n\n## Blog posts\n\n - nothing this week\n\n## Coming up\n\n- 10 days until feature freeze\n- my last week before a two week vacation\n- wolfSSL team meeting\n\n## Feedback\n\n[Comment here](https://github.com/bagder/log/discussions)\n\n# Older weekly reports\n\n[here](all.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbagder%2Flog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbagder%2Flog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbagder%2Flog/lists"}