The state of curl 2024 by Daniel Stenberg from curl up 2024
bagder
34 views
79 slides
May 16, 2024
Slide 1 of 114
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
About This Presentation
Daniel talks about the state of the project.
Slide Content
2024
the state of curl
the state of curl
Growth and size
Quality and testing
Commits
Newcomers and oldies
Releases
Activity
Users' view
Money
Less Good
My role
Future
@bagder
Quality and testing
Commits
Newcomers and oldies
Releases
Activity
Users' view
Money
Less Good
My role
Future
@bagder
@bagder
26 years
26 years
@bagder
Growth and size
Growth and size
@bagder
At 167K LOC and climbing
20K more than last year
At 167K LOC and climbing
20K more than last year
@bagder@bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder
28 transfer protocols
no change since last year
28 transfer protocols
no change since last year
@bagder @bagder
28 transfer protocols
TCP
UDP
TLSSSH
QUIC
HTTP
HTTPS
TFTP
FTP
IMAP
SMTP
POP3
GOPHER
TELNET
DICT
RTSP
RTMP
SMB
LDAP
SFTP
SCP
FTPS
IMAPS
SMTPS
POP3S
RTMPS
SMBS
LDAPS
@bagder
MQTT
GOPHERS
WS
WSS FILE
file
system
TCP
UDP
TLSSSH
QUIC
HTTP
HTTPS
TFTP
FTP
IMAP
SMTP
POP3
GOPHER
TELNET
DICT
RTSP
RTMP
SMB
LDAP
SFTP
SCP
FTPS
IMAPS
SMTPS
POP3S
RTMPS
SMBS
LDAPS
@bagder
MQTT
GOPHERS
WS
WSS FILE
file
system
@bagder
36 third party dependencies
–1 +1 since last year
36 third party dependencies
–1 +1 since last year
@bagder@bagder@bagder
@bagder
operating systems
operating systems
101 operating systems
@bagder
Syllable OS TPFTizenSymbian Tru64SunOS tvOS
ucLinux
Genode Hurd
iOSIntegrityIllumos
HP-UXHardenedBSDHaiku
z/OS
Nintendo
Switch
NonStop OSNetWare
MorphOS MPE/iX MS-DOS
NCR MP-RAS NetBSD
RISC OSRedox
ReactOS
Sailfish OS SCO Unix Serenity SINIX-Z
Qubes OS
UnixWare WebOSvxWorksVMS
Windows
UNICOS
Windows CE
Wii System
Software
AmigaOS Blackberry 10BeOSAndroid
Blackberry
Tablet OS
AIX
Cell OS
Aros
IRIX
RTEMS
Mbed Micrium
macOSMac OS 9Linux Lua RTOS
eCOS
FreeRTOSFreeBSD
FreeDOS
Fuchsia
DragonFly
BSD
ROS
Cisco IOS
OpenBSD
OS/2 OS/400
Ultrix
ipadOS
NuttX
Solaris
Xbox
System
Chrome OS
MINIX
Garmin OS
QNX
PlayStation
Portable
Plan 9OS21
OpenStep
Orbis OS
z/TPF
z/VM z/VSE
Operating systems known to have run curl
Atari FreeMiNT
DR DOS
Sortix
Zephyr
watchOS
Xenix
DG/UX
ArcaOS
Wii U
SkyOS
Wear OS
MeegoMaemo Moblin
NextStep
CheriBSD
@bagder
Syllable OS TPFTizenSymbian Tru64SunOS tvOS
ucLinux
Genode Hurd
iOSIntegrityIllumos
HP-UXHardenedBSDHaiku
z/OS
Nintendo
Switch
NonStop OSNetWare
MorphOS MPE/iX MS-DOS
NCR MP-RAS NetBSD
RISC OSRedox
ReactOS
Sailfish OS SCO Unix Serenity SINIX-Z
Qubes OS
UnixWare WebOSvxWorksVMS
Windows
UNICOS
Windows CE
Wii System
Software
AmigaOS Blackberry 10BeOSAndroid
Blackberry
Tablet OS
AIX
Cell OS
Aros
IRIX
RTEMS
Mbed Micrium
macOSMac OS 9Linux Lua RTOS
eCOS
FreeRTOSFreeBSD
FreeDOS
Fuchsia
DragonFly
BSD
ROS
Cisco IOS
OpenBSD
OS/2 OS/400
Ultrix
ipadOS
NuttX
Solaris
Xbox
System
Chrome OS
MINIX
Garmin OS
QNX
PlayStation
Portable
Plan 9OS21
OpenStep
Orbis OS
z/TPF
z/VM z/VSE
Operating systems known to have run curl
Atari FreeMiNT
DR DOS
Sortix
Zephyr
watchOS
Xenix
DG/UX
ArcaOS
Wii U
SkyOS
Wear OS
MeegoMaemo Moblin
NextStep
CheriBSD
@bagder
CPU architectures
CPU architectures
28 CPU architectures
@bagder
Nios
ARMARCAlpha
Itanium
m88k
m68k
OpenRISC
RISC-VPowerPC
POWER
AVR32
MicroBlaze
s390 SPARC
x86VAXTilera
SH4
MIPS
CPU architectures known to have run curl
HP-PAETRAX LoongArch
CompactRISC
Elbrus
Xtensa z/arch
C-SKY
@bagder
Nios
ARMARCAlpha
Itanium
m88k
m68k
OpenRISC
RISC-VPowerPC
POWER
AVR32
MicroBlaze
s390 SPARC
x86VAXTilera
SH4
MIPS
CPU architectures known to have run curl
HP-PAETRAX LoongArch
CompactRISC
Elbrus
Xtensa z/arch
C-SKY
@bagder
2 planets
no change since last year
2 planets
no change since last year
2 planets
@bagder
Planets known to have run curl
@bagder
Planets known to have run curl
@bagder
12 TLS backends
-2 since last year
12 TLS backends
-2 since last year
@bagder @bagder@bagder
@bagder
259 command line options
+9 since last year
259 command line options
+9 since last year
@bagder @bagder@bagder
@bagder
305 curl_easy_setopt options
+3 since last year
305 curl_easy_setopt options
+3 since last year
@bagder @bagder@bagder
@bagder
94 API calls
+3 since last year
94 API calls
+3 since last year
@bagder @bagder@bagder
@bagder
Quality and testing
Quality and testing
@bagder
C!
Efficient and portable!
Some security problems could be avoided using something
else
Lots of “reach” would also be avoided
Mitigations: readable code, reviews, tests, fuzzing, static
code analyzing
C!
Efficient and portable!
Some security problems could be avoided using something
else
Lots of “reach” would also be avoided
Mitigations: readable code, reviews, tests, fuzzing, static
code analyzing
@bagder
OSS-Fuzz
Flatlined the last several years – nothing new is reported
We need more entry points to get more out of fuzzers
OSS-Fuzz
Flatlined the last several years – nothing new is reported
We need more entry points to get more out of fuzzers
@bagder
1834 test cases
+178 (10.7%) since last year
1834 test cases
+178 (10.7%) since last year
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder
10,051 bugfixes
+1184 (+13.3%) since last year
10,051 bugfixes
+1184 (+13.3%) since last year
@bagder @bagder@bagder
@bagder
136 CI jobs *
+15 (+12.4%) since last year
136 CI jobs *
+15 (+12.4%) since last year
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder
@bagder
Commits, frequency and whom
Commits, frequency and whom
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder
Newcomers and oldies
Newcomers and oldies
@bagder
3,151 contributors
+310 (+10.9%) since last year
3,151 contributors
+310 (+10.9%) since last year
@bagder @bagder@bagder
@bagder
1263 authors
+129 (+11.3%) since last year
1263 authors
+129 (+11.3%) since last year
Top-20 curl authors
last twelve months
855Daniel Stenberg
222Stefan Eissing
209Viktor Szakats
148Dan Fandrich
73Jay Satiro
20Patrick Monnerat
14Emanuele Torre
11Evgeny Grin (Karlson2k)
11Nicholas Nethercote
8Marcel Raad
7 Michał Antoniak
6 Christian Schmitz
6 Karthikdasari0423
6 Loïc Yhuel
6 dependabot[bot]
5 Graham Campbell
5 Philip Heiduck
5 Richard Levitte
4 Daniel Gustafsson
4 Jacob Hoffman-Andrews
@bagder
last twelve months
855Daniel Stenberg
222Stefan Eissing
209Viktor Szakats
148Dan Fandrich
73Jay Satiro
20Patrick Monnerat
14Emanuele Torre
11Evgeny Grin (Karlson2k)
11Nicholas Nethercote
8Marcel Raad
7 Michał Antoniak
6 Christian Schmitz
6 Karthikdasari0423
6 Loïc Yhuel
6 dependabot[bot]
5 Graham Campbell
5 Philip Heiduck
5 Richard Levitte
4 Daniel Gustafsson
4 Jacob Hoffman-Andrews
@bagder
Retention
Out of the all-time top-20 authors
13 authored commits within the last 12 months
17 authored commits within the last 24 months
@bagder
Out of the all-time top-20 authors
13 authored commits within the last 12 months
17 authored commits within the last 24 months
@bagder
The curl committers last 12 months
1359Daniel Stenberg
217 Viktor Szakats
139Dan Fandrich
109Jay Satiro
6Marcel Raad
3Daniel Gustafsson
3Marc Hoersken
2Michael Kaufmann
2Stefan Eissing
@bagder
1359Daniel Stenberg
217 Viktor Szakats
139Dan Fandrich
109Jay Satiro
6Marcel Raad
3Daniel Gustafsson
3Marc Hoersken
2Michael Kaufmann
2Stefan Eissing
@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
surviving authors right now
628 individual authors
89 single-line authors
99 have more than 100 lines
14 have more than 1,000 lines
3 have more than 10,000 lines
right now - will of course change
@bagder
1 Daniel Stenberg: 80555 (42.07%)
2 Stefan Eissing: 32296 (16.87%)
3 Yang Tse: 10345 (5.40%)
4 Patrick Monnerat: 8862 (4.63%)
5 Steve Holme: 8491 (4.43%)
6 Jay Satiro: 3737 (1.95%)
7 Viktor Szakats: 2819 (1.47%)
8 Nikos Mavrogiannopoulos: 1993 (1.04%)
9 Dan Fandrich: 1665 (0.87%)
10 Pavel Raiskup: 1239 (0.65%)
11 Jan Venekamp: 1086 (0.57%)
12 Nick Zitzmann: 1056 (0.55%)
13 Stephen Farrell: 1023 (0.53%)
14 Marc Hoersken: 1015 (0.53%)
15 Marcel Raad: 957 (0.50%)
16 Evgeny Grin (Karlson2k): 952 (0.50%)
17 Bill Nagel: 897 (0.47%)
18 Max Mehl: 886 (0.46%)
19 Gilles Vollant: 774 (0.40%)
20 Michael Kolechkin: 752 (0.39%)
628 individual authors
89 single-line authors
99 have more than 100 lines
14 have more than 1,000 lines
3 have more than 10,000 lines
right now - will of course change
@bagder
1 Daniel Stenberg: 80555 (42.07%)
2 Stefan Eissing: 32296 (16.87%)
3 Yang Tse: 10345 (5.40%)
4 Patrick Monnerat: 8862 (4.63%)
5 Steve Holme: 8491 (4.43%)
6 Jay Satiro: 3737 (1.95%)
7 Viktor Szakats: 2819 (1.47%)
8 Nikos Mavrogiannopoulos: 1993 (1.04%)
9 Dan Fandrich: 1665 (0.87%)
10 Pavel Raiskup: 1239 (0.65%)
11 Jan Venekamp: 1086 (0.57%)
12 Nick Zitzmann: 1056 (0.55%)
13 Stephen Farrell: 1023 (0.53%)
14 Marc Hoersken: 1015 (0.53%)
15 Marcel Raad: 957 (0.50%)
16 Evgeny Grin (Karlson2k): 952 (0.50%)
17 Bill Nagel: 897 (0.47%)
18 Max Mehl: 886 (0.46%)
19 Gilles Vollant: 774 (0.40%)
20 Michael Kolechkin: 752 (0.39%)
@bagder
Maintainers
Maintainers
The 18 in the GitHub curl org
Björn Stenberg
Dan Fandrich
Daniel Gustafsson
Daniel Stenberg
Gisle Vanem
Jakub Zakrzewski
@bagder
James Fuller
Jay Satiro
Kamil Dudka
Marc Hörsken
Marcel Raad
Max Dymond
Michael Kaufmann
Nick Zitzmann
Sergei Nikulov
Stefan Eissing
Tatsuhiro Tsujikawa
Viktor Szakats
Björn Stenberg
Dan Fandrich
Daniel Gustafsson
Daniel Stenberg
Gisle Vanem
Jakub Zakrzewski
@bagder
James Fuller
Jay Satiro
Kamil Dudka
Marc Hörsken
Marcel Raad
Max Dymond
Michael Kaufmann
Nick Zitzmann
Sergei Nikulov
Stefan Eissing
Tatsuhiro Tsujikawa
Viktor Szakats
Adding and removing
Idle members (create alumni team without rights?)
What is “idle” ?
New eager contributors?
Vague requirements
Vague responsibilities
@bagder
Idle members (create alumni team without rights?)
What is “idle” ?
New eager contributors?
Vague requirements
Vague responsibilities
@bagder
bus factor
@bagder
@bagder
@bagder
Releases
Releases
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder
Activity
Activity
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder @bagder@bagder
@bagder
Security
(separate session)
Security
(separate session)
@bagder
The users’ view
The users’ view
Annual user survey
What is used, what is ignored
What is good, what is bad
What should be added, what should be removed
How are we doing
Will run mid-May 2024
What should we ask users this year?
@bagder
What is used, what is ignored
What is good, what is bad
What should be added, what should be removed
How are we doing
Will run mid-May 2024
What should we ask users this year?
@bagder
curl.se web traffic May 2024
Fastly makes our lives easier - since 2017
454 TB the last 12 months (up from 358 TB)
720 M requests/day on average
Fast web site, close to most users
No ads, no logs, no cookies, no tracking, very little stats
Did I mention Fastly is good?
@bagder
Fastly makes our lives easier - since 2017
454 TB the last 12 months (up from 358 TB)
720 M requests/day on average
Fast web site, close to most users
No ads, no logs, no cookies, no tracking, very little stats
Did I mention Fastly is good?
@bagder
Google trends 5-year span, worldwide
@bagder
Includes wget and OpenSSL to provide references with similar projects
Wget OpenSSL curl
Snapshot from April 22 2024
@bagder
Includes wget and OpenSSL to provide references with similar projects
Wget OpenSSL curl
Snapshot from April 22 2024
GitHub
34,100 GitHub Stars
6,150 forks
15,000 git clones/day (one every 6 seconds)
@bagder
34,100 GitHub Stars
6,150 forks
15,000 git clones/day (one every 6 seconds)
@bagder
@bagder
Twenty billion installations
Twenty billion installations
@bagder
curl runs in all your devices
curl runs in all your devices
@bagder
Money
Money
@bagder
Finances and sponsors
curl is not a legal entity
Open Collective holds our funds
Daniel is employed by wolfSSL
wolfSSL offers commercial curl services
@bagder
Finances and sponsors
curl is not a legal entity
Open Collective holds our funds
Daniel is employed by wolfSSL
wolfSSL offers commercial curl services
@bagder
@bagder
Main sponsors
@bagder
Main sponsors
@bagder
@bagder
Gold sponsor
@bagder
Gold sponsor
@bagder
@bagder
Balance April 22, 2024
$158,609.10 USD
Balance April 22, 2024
$158,609.10 USD
@bagder
Top financial contributors
Top financial contributors
Expenses
curl.se hosting
curl up – travel and lodging
Stickers – getting and shipping merchandise
Development (how?)
More?
@bagder
curl.se hosting
curl up – travel and lodging
Stickers – getting and shipping merchandise
Development (how?)
More?
@bagder
Sponsored
curl.se CDN (Fastly)
CI services (Teamviewer, GitHub)
Anycast DNS (kirei)
Bug-bounty (Internet Bug Bounty)
@bagder
curl.se CDN (Fastly)
CI services (Teamviewer, GitHub)
Anycast DNS (kirei)
Bug-bounty (Internet Bug Bounty)
@bagder
curl up 2024 expenses
we failed borrowing a venue
venue fee, food, travel + lodging expenses
in the 6-7,000 USD range
@bagder
we failed borrowing a venue
venue fee, food, travel + lodging expenses
in the 6-7,000 USD range
@bagder
@bagder
Other news in and around the project
Other news in and around the project
@bagder
Removals
NSS
gskit
NTLM_WB
Removals
NSS
gskit
NTLM_WB
@bagder
EXPERIMENTAL
Graduated: HTTP/3 with ngtcp2
Added: ECH
Maturing: Hyper, rustls, WebSocket, other h3 backends
EXPERIMENTAL
Graduated: HTTP/3 with ngtcp2
Added: ECH
Maturing: Hyper, rustls, WebSocket, other h3 backends
@bagder
documentation improvements
curldown everwhere
spellchecked and proselinted
now in present tense
documentation improvements
curldown everwhere
spellchecked and proselinted
now in present tense
@bagder
audits
Trail of Bits performed a security audit of curl's
HTTP/3 components, published in February
Trail of Bits performed a security audit of curl
source code and internals, published in
December 2022.
audits
Trail of Bits performed a security audit of curl's
HTTP/3 components, published in February
Trail of Bits performed a security audit of curl
source code and internals, published in
December 2022.
@bagder
curl core team
Was never formalized before
Same as the security team for now
curl core team
Was never formalized before
Same as the security team for now
@bagder
everything curl
now under the curl org on GitHub
110,000 words
now self-hosted
https://github.com/curl/everything-curl/issues
everything curl
now under the curl org on GitHub
110,000 words
now self-hosted
https://github.com/curl/everything-curl/issues
@bagder
The curl-distros mailing list
Any discussion and subject that helps curl distributors
coordinate, cooperate and enhance curl packaging for end
users are welcome on this list!
The curl-distros mailing list
Any discussion and subject that helps curl distributors
coordinate, cooperate and enhance curl packaging for end
users are welcome on this list!
@bagder
CNA
curl now manages its own CVE Ids
OSS CNA Users Group
(more in a separate session)
CNA
curl now manages its own CVE Ids
OSS CNA Users Group
(more in a separate session)
@bagder
parse, manipulate and output URLs and parts of
URLs
@bagder
parse, manipulate and output URLs and parts of
URLs
@bagder
@bagder
Less good
Less good
@bagder
Less good
❌ Flaky CI
❌ Slow CI
❌ Vulnerabilities
❌ Regressions
❌ Test gaps
❌ Could use more people who stick around
@bagder
Less good
❌ Flaky CI
❌ Slow CI
❌ Vulnerabilities
❌ Regressions
❌ Test gaps
❌ Could use more people who stick around
@bagder
@bagder
My (Daniel’s) role
My (Daniel’s) role
@bagder
What I think I do for curl
I help keeping the vision – what curl and
libcurl should do
I do curl development and fix problems –
for fun and profit
I support users and developers
experiencing problems or bugs
I review code and suggestions
I’m guiding the architecture of existing
and future features
I document how things work and should
work
I inform project members and the
outside world about news and things we
work on
I aim to master the protocols curl works
with
I admin and host the web site, mailing list
and random services
I often serve as a public face for the
project. It is sometimes said to be “mine”
(it isn’t)
I talk about the project publicly
What I think I do for curl
I help keeping the vision – what curl and
libcurl should do
I do curl development and fix problems –
for fun and profit
I support users and developers
experiencing problems or bugs
I review code and suggestions
I’m guiding the architecture of existing
and future features
I document how things work and should
work
I inform project members and the
outside world about news and things we
work on
I aim to master the protocols curl works
with
I admin and host the web site, mailing list
and random services
I often serve as a public face for the
project. It is sometimes said to be “mine”
(it isn’t)
I talk about the project publicly
curl for
business
curl for fun
Me, curl and wolfSSL
@bagder
business
curl for fun
Me, curl and wolfSSL
@bagder
BDFL
Benevolent Dictator For Life
I am a dictator of sorts
I want to make decisions and act on them based on consensus
When possible
For life?
@bagder
Benevolent Dictator For Life
I am a dictator of sorts
I want to make decisions and act on them based on consensus
When possible
For life?
@bagder
Future
@bagder
@bagder
Everything will be networked
If it isn’t powered now, it will be soon
If it is powered, it will be networked
If it is networked, it needs Internet access
If it needs Internet access, curl can help
@bagder@bagder
If it isn’t powered now, it will be soon
If it is powered, it will be networked
If it is networked, it needs Internet access
If it needs Internet access, curl can help
@bagder@bagder
@bagder
more everywhere
@bagder
stuff
time
more everywhere
@bagder
stuff
time
@bagder
is curl sustainable?
is curl sustainable?
@bagder
We are not done yet
We are not done yet
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 34
- Slides 79
- Age 566 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views