cURL and libcurl, Network, Open Source, Security

public suffixes list

I noticed the new site publicsuffix.org that has been setup by the mozilla organization in an attempt to list public suffixes for all TLDs in the world, to basically know how to prevent sites from setting cookies that would span over just about all sites under that “public suffix”.

While I can see what drives this effort and since we have the same underlying problem in curl as well, I have sympathy for the effort. Still, I dread “having to” import and support this entire list in curl only to be able to better work like the browsers in the cookie department. Also, it feels like a cat and mouse race where the list may never be complete anyway. It is doomed to lack entries, or in the worst case list “public suffixes” that aren’t any such public suffixes anymore and thus it’ll prevent sites using that suffix to properly use cookies…

There’s no word on the site if IE or Opera etc are going to join this effort.

Update: there are several people expressing doubts about the virtues of this idea. Like Patrik Fältström on DNSOP.

cURL and libcurl

curl 7.18.2 and lunch

Just minutes ago I uploaded the curl and libcurl 7.18.2 package to the curl site. There are a few new changes that people might just like, but most importantly there are many bug fixes.

And by a happy coincidence, a bunch of #curl visitors (the irc channel on freenode) are going to meet up for lunch on tuesday next week (June 10th) in Stockholm, Sweden. If you’re a curl hacker or curl fan and in the proximity that day, feel free to get in touch and join us!

cURL and libcurl

curl needs a fresh take on command line options

1 Comment

I just posted about this on the curl-users mailing list and I’ll just echo it here to reach a slightly larger audience:

One of the not so good behaviors of curl is how many of the command line options work when being repeated: toggling on/off.

We’ve got bug reports about this in the past and I know for a fact that this behavior has burnt more than one guy who’s tried to set default options for curl in their .curlrc etc. When they then re-use the same option on the command line or in a script, it effectively disables the option again…

I’d like this corrected. I want people to be able to explicitly enable and disable features with the command line options. I think the toggling is very rarely useful and something we can just abandon – unless we can figure out a way to keep it for backwards compatibility when we introduce the new behavior.

I’m willing to sacrifice some backwards compatibility to get this done, but I would of course like to hurt as few users as possible.

I’m very interested to get ideas and feedback from you guys on how we can accomplish this!

My first thoughts on how to do this, is simply to convert all the current options to enable options and then introduce a new concept that negates the option. Like -v or –verbose to enable verbose, and –no-verbose to disable verbose.

Any bright ideas?

Update: my suggestion above is what has now been committed targeted for the upcoming 7.19.0 release…

Technology

A drawing made from dots

2 Comments

I read an article at The Register about a Swede called Erik Nordenankar who decided to “paint” the world’s largest painting by packing a GPS in a suitcase and tracking where it goes then download the data and let the computer show the track with a line. Thus, by sending the bag in a creative way he’ll end up with a self portrait of GPS tracks.

Is this the same GPS technology that already has problems indoors of very many buildings? The GPS system that I bet will have a very hard time to function when flown around inside the luggage compartment of a modern jet airplane? I have a feeling that drawing will mostly be a lot of dots to draw lines between…

According to the article, this is a publicity stunt made by DHL.

Electronics, Open Source

Openmoko freeruns Qt

Back at FSCONS ’07, I asked the guy doing the Openmoko presentation about whether they are going GTK or Qt, as his talk mentioned both and he didn’t really spell it out on what horse they were putting their money on. He then thought it was a really funny question and went on to explain how the Openmoko is like a small computer that can run anything you want. A bit like he was educating us that embedded devices do have CPUs that can run actual software. As if they wouldn’t have a main branch and a main development selecting one of these particular toolkits…

Many moon laps later, I discussed Openmoko with a friend over a few stouts at Snaxx 18, and he explained how he’d got one of the dev boards a long time ago and had kept up and tried a lot of versions of it and that it basically never worked to even make simple phone calls. He gave me the impression that perhaps the project wasn’t really that well run if it after this long still don’t have even the most basic functionality present and running stable.Dash Express

Therefor I was happy to listen to TWIT 143 about the Dash Express and them telling me about it being based on the Openmoko platform. It felt like solid proof they are moving in the right direction then, so at least parts of the project must be functioning!

Then, to round it up it was with a big grin I read about the recent news that they are abandoning GTK and are now going to use E17 and Qt instead. Not a trace of any “this is like a small computer it can run anything” talk now (although I do understand that the statement was just something from this person and not any public endorsement from the project or so). This very same Ars Technica article says the first Openmoko based phone called Freerunner is going into “mass production stage next month” (that would be June 2008).

Personally, I can still see how making Rockbox run as an application on an Openmoko device would be a very cool thing.

Mail

Mail turned unreliable

I’ve always been proud of my ability to read and respond to email in a swift and reliable manner. I read and write emails every day, and most days I read mails more or less immediately as they land in my inbox.

However, during the recent year or so I’ve noticed that I’m no longer a reliable mail recipient. The amount of spam I get has made me tighten the screws so hard I get my share of false positives. The kind of mails that I need to rescue from my spam bin as they will otherwise suffer the death by delete. But how many do I miss? How often do I lose legitimate mails?

On some of the mailing lists I participate in, the spammers have started to send posts with my email in the From: field (circumventing the subscribers-only limitation), leading to me having to set my own mails as moderated to prevent spam to get posted… 🙁

Mail, Open Source

alpine in, pine out

2 Comments

As one of the last living dinosaurs on the planet still using text-based email clients, I realized that pine has been replaced by alpine and I upgraded to that. When doing some reading up on the subject, I noticed that there’s another old grumpy guy still using this client. I’m not sure exactly what that says…

Anyway, the upside of this switch is that this client is now distributed under a proper open source license (Apache license 2.0), as that’s what I’ve been getting in my face from mutt users for years when I’ve explained what I use! (I mean the complaint that pine wasn’t proper open source)

cURL and libcurl, Electronics

curl by sony

I got the latest Linux Journal issue (#170, June 2008) the other day and while reading through it I fell over the article about a guy who found a GPL license agreement among the papers for his brand new Sony TV.

… and there he also mentioned that they use curl! Fun! Apparently in their “Bravia Internet Video Link” product. Whatever that is… “Stream, browse and watch internet video and much more on your compatible BRAVIA® HDTV with the BRAVIA® Internet Video Link. It’s like extra channels for your new HDTV.

tech, open source and networking