Security updates for Friday
Security updates have been issued by AlmaLinux (idm:DL1), Debian (gegl and haproxy), Fedora (ffmpeg, firefox, freeipa, python-pip, rust-astral-tokio-tar, sqlite, uv, webkitgtk, and xen), Oracle (idm:DL1, ipa, kernel, perl-JSON-XS, and python3), Red Hat (git), SUSE (curl, frr, jupyter-jupyterlab, and libsuricata8_0_1), and Ubuntu (linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-6.8, linux-fips, linux-gcp-fips, and l … ⌘ Read more

@bender@twtxt.net curl -s gopher://… does that for you.

Security updates for Thursday
Security updates have been issued by Debian (chromium and mariadb-10.5), Oracle (firefox, ghostscript, git, go-toolset:ol8, golang, kernel, krb5, mingw-freetype and spice-client-win, nodejs:20, nodejs:22, perl-CPAN, python36:3.6, rsync, varnish, and varnish:6), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (curl and python3), SUSE (apache-commons-beanutils, apache2-mod_security2, avahi, buildkit, ca-certificates-mozilla, cloud-regionsrv-client, cloud-regionsrv-client, py … ⌘ Read more

Security updates for Monday
Security updates have been issued by Debian (espeak-ng, kitty, kmail-account-wizard, krb5, libreoffice, libvpx, net-tools, python-flask-cors, symfony, tcpdf, thunderbird, and twitter-bootstrap3), Fedora (chromium, dropbear, firefox, gstreamer1-plugins-bad-free, python-tornado, systemd, and thunderbird), Mageia (coreutils, deluge, glib2.0, and redis), Oracle (firefox, kernel, and systemd), Red Hat (firefox, kernel, kernel-rt, varnish, varnish:6, and zlib), SUSE (bind, curl, dnsdist, … ⌘ Read more

Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel and kernel-rt), Debian (firefox-esr, libvpx, net-tools, php-twig, python-tornado, setuptools, varnish, webpy, yelp, and yelp-xsl), Fedora (xen), Mageia (cimg and ghostscript), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, thunderbird, and unbound), Red Hat (firefox, mingw-freetype and spice-client-win, pcs, and varnish:6), Slackware (curl and mozilla), SUSE (apparmor, containerd, dnsdist, go1.23-openssl, go1.24 … ⌘ Read more

人人都需要一個 HTTP proxy 來 debug
前言介紹了作爲前端工程師如何使用 HTTP proxy 來進行 debug，超越了 DevTools 的限制。今日文章由前端早讀課 @huli 分享。身爲每天都要與網頁打交道的前端工程師，熟悉 DevTools 的使用是相當合理的。每當接 API 出問題時，就按下快捷鍵打開 DevTools，切到 Network 分頁，找到紅色的那一行，右鍵複製成 cURL 粘貼到羣裏面，讓後端自己找找問題。但不 ⌘ Read more

This code displays the last 10 lines of a twtxt feed without a full dowload.

FEED_URL="https://twtxt.net/user/prologic/twtxt.txt"
MAX_RANGE=$(curl -sI $FEED_URL | grep -i 'content-length' | awk '{print $2}' | tr -d '\r')
MIN_RANGE=$((MAX_RANGE - 5000))

curl -s --range "$MIN_RANGE-$MAX_RANGE" "$FEED_URL" | grep -v -e '^#' -e '^$' | head -n 10

My self-response!

@prologic@twtxt.net @david@collantes.us

#twtxt

Security updates for Thursday
Security updates have been issued by AlmaLinux (expat), Debian (chromium, commons-vfs, firefox-esr, php-horde-editor, php-horde-imp, and thunderbird), Fedora (corosync, firefox, nextcloud, and suricata), Mageia (curl and upx), Oracle (emacs, fence-agents, freetype, kernel, libreoffice, libxml2, nginx:1.24, podman, python-jinja2, and tigervnc), Red Hat (firefox and python-jinja2), SUSE (assimp, ffmpeg-4, firefox, ghostscript, GraphicsMagick, libxslt, and tomcat), and Ubuntu … ⌘ Read more

@andros@twtxt.andros.dev Can you reproduce any of this outside of your client? I can’t spot a mistake here:

$ curl -sI 'http://movq.de/v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:17 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

$ curl -sI 'https://movq.de/v/8684c7d264/gimp11%2D1.png'
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131798
Content-Type: image/png
Date: Wed, 19 Mar 2025 19:53:19 GMT
Last-Modified: Wed, 19 Mar 2025 17:18:07 GMT
Server: OpenBSD httpd

$ telnet movq.de 80
Trying 185.162.249.140...
Connected to movq.de.
Escape character is '^]'.
HEAD /v/8684c7d264/.html%2Dindex%2Dthumb%2Dgimp11%2D1.png.jpg HTTP/1.1
Host: movq.de
Connection: close

HTTP/1.1 200 OK
Connection: close
Content-Length: 2615
Content-Type: image/jpeg
Date: Wed, 19 Mar 2025 19:53:31 GMT
Last-Modified: Wed, 19 Mar 2025 17:34:08 GMT
Server: OpenBSD httpd

Connection closed by foreign host.
$ 

ditatompel releases ‘xmr-remote-nodes’ v0.2.1
ditatompel1 has released xmr-remote-nodes 2 version 0.2.13 with a fix for CVE-2024-453384, new features and updates:

”`

• fix: CVE-2024-45338 in #173
  
• feat: Added tor hidden service via HTTP header
  
• feat: Added more information on monero node details page
  
• feat: Added curl example command to Node details modal and page
  
• feat: Store hashed user IP address when submitting new node
  
• build(de … ⌘ Read more”`

You can check bitcoin by curl rate.sx

working on my bookmarks tool, I found out that http(s)://domain.tls is not a valid resource, but http(s)://domain.tls/ is, as you can see here: https://stackoverflow.com/a/2581423

I suppose that internally the wget/curl or whatever client you are using is redirecting it?

curl rate.sx Its time for cryptocurrencies to crash down.

Image

curl: (3) URL rejected: Malformed input to a URL function. Writing sender in bash was BAD idea

@kat@yarn.girlonthemoon.xyz both scripts are here under the names ‘getlyr’ and ‘now playing’ if you wanna try them out yourself, just make sure you have gum installed (also curl and jq but most people have those i think) https://git.sr.ht/~chasinglightning/dotfiles/tree/main/item/home/.local/bin

@kat@yarn.girlonthemoon.xyz i’ve really wanted to make one of those sites you can curl that’s terminal friendly but looks different on the browser like how does wttr.in do it… magic

@prologic@twtxt.net Perfect, thanks. For my own future reference: curl -H ‘Accept: application/json’ https://twtxt.net/twt/st3wsda

https://github.com/lwthiker/curl-impersonate added support for Edge and Safari a while ago and I didn’t realize. Very cool!

** 📸 Photo **

Image

Pretty cool how one can post to the Internet with a single curl command.

@prologic@twtxt.net - I do not want to nag about it - but did you find some way to post image through curl? (Or could you share the almost-working solution that you tried?), if you have not had time - then that’s fine too. I want to start looking into it again :)

@prologic@twtxt.net I think the API is is fine :). But to be honest - one thing that would help me is a commandline curl example on how to upload a image, I take these curl commands through a converter that makes it into libcurl c++ code which I then use :) If you could help me with such a image upload curl example then I’d appreciate it! (I’m currently missing media upload).. And having that feature would be great! :)

@prologic@twtxt.net I will give it a shot today, that and to show attached images in the status would be great to have. I just need to figure out the curl for posting image, then the rest would be easy to implement :) I would use that a lot since I often post photos and such.

Okay, so I spent about one hour setting up cmake, fltk and libcurl for c++, got all that running now.
I still need to fix the cmake script a bit, but I have a working verison now with this.
I will now add the same curl stuff I had in rust in c++, then work on the gui and all that.
So I will drop rust, and go for c++ instead, much easier for me. Was worth a try in rust, but for now that’s not for me to be honest, I much faster and better in c++.

can I post on yarn through curl?

@prologic@twtxt.net

#!/bin/sh

# Validate environment
if ! command -v msgbus > /dev/null; then
    printf "missing msgbus command. Use:  go install git.mills.io/prologic/msgbus/cmd/msgbus@latest"
    exit 1
fi

if ! command -v salty > /dev/null; then
    printf "missing salty command. Use:  go install go.mills.io/salty/cmd/salty@latest"
    exit 1
fi

if ! command -v salty-keygen > /dev/null; then
    printf "missing salty-keygen command. Use:  go install go.mills.io/salty/cmd/salty-keygen@latest"
    exit 1
fi

if [ -z "$SALTY_IDENTITY" ]; then
    export SALTY_IDENTITY="$HOME/.config/salty/$USER.key"
fi

get_user () {
    user=$(grep user: "$SALTY_IDENTITY" | awk '{print $3}')
    if [ -z "$user" ]; then
        user="$USER"
    fi
    echo "$user"
}

stream () {
    if [ -z "$SALTY_IDENTITY" ]; then
        echo "SALTY_IDENTITY not set"
        exit 2
    fi

    jq -r '.payload' | base64 -d | salty -i "$SALTY_IDENTITY" -d
}

lookup () {
    if [ $# -lt 1 ]; then
    printf "Usage: %s nick@domain\n" "$(basename "$0")"
    exit 1
    fi

    user="$1"
    nick="$(echo "$user" | awk -F@ '{ print $1 }')"
    domain="$(echo "$user" | awk -F@ '{ print $2 }')"

    curl -qsSL "https://$domain/.well-known/salty/${nick}.json"
}

readmsgs () {
    topic="$1"

    if [ -z "$topic" ]; then
        topic=$(get_user)
    fi

    export SALTY_IDENTITY="$HOME/.config/salty/$topic.key"
    if [ ! -f "$SALTY_IDENTITY" ]; then
        echo "identity file missing for user $topic" >&2
        exit 1
    fi

    msgbus sub "$topic" "$0"
}

sendmsg () {
    if [ $# -lt 2 ]; then
        printf "Usage: %s nick@domain.tld <message>\n" "$(basename "$0")"
        exit 0
    fi

    if [ -z "$SALTY_IDENTITY" ]; then
        echo "SALTY_IDENTITY not set"
        exit 2
    fi

    user="$1"
    message="$2"

    salty_json="$(mktemp /tmp/salty.XXXXXX)"

    lookup "$user" > "$salty_json"

    endpoint="$(jq -r '.endpoint' < "$salty_json")"
    topic="$(jq -r '.topic' < "$salty_json")"
    key="$(jq -r '.key' < "$salty_json")"

    rm "$salty_json"

    message="[$(date +%FT%TZ)] <$(get_user)> $message"

    echo "$message" \
        | salty -i "$SALTY_IDENTITY" -r "$key" \
        | msgbus -u "$endpoint" pub "$topic"
}

make_user () {
    mkdir -p "$HOME/.config/salty"

    if [ $# -lt 1 ]; then
        user=$USER
    else
        user=$1
    fi

    identity_file="$HOME/.config/salty/$user.key"

    if [ -f "$identity_file" ]; then
        printf "user key exists!"
        exit 1
    fi

    # Check for msgbus env.. probably can make it fallback to looking for a config file?
    if [ -z "$MSGBUS_URI" ]; then
        printf "missing MSGBUS_URI in environment"
        exit 1
    fi


    salty-keygen -o "$identity_file"
    echo "# user: $user" >> "$identity_file"

    pubkey=$(grep key: "$identity_file" | awk '{print $4}')

    cat <<- EOF
Create this file in your webserver well-known folder. https://hostname.tld/.well-known/salty/$user.json

{
  "endpoint": "$MSGBUS_URI",
  "topic": "$user",
  "key": "$pubkey"
}

EOF
}

# check if streaming
if [ ! -t 1 ]; then
    stream
    exit 0
fi

# Show Help
if [ $# -lt 1 ]; then
    printf "Commands: send read lookup"
    exit 0
fi


CMD=$1
shift

case $CMD in
    send)
        sendmsg "$@"
    ;;
    read)
        readmsgs "$@"
    ;;
    lookup)
        lookup "$@"
    ;;
    make-user)
        make_user "$@"
    ;;
esac

🤔 curl -s https://www.frogorbits.com/ | htmlq -p main | bat -l html

curl https://raw.githubusercontent.com/jointwt/we-are-twtxt/master/we-are-twtxt.txt | grep -v '^niplav ' | field 2 | xargs curl ^/dev/null | grep niplav here we go

I tried removing a flag from curl, and now tweets are downloading to the cache folder now. I think. will have to wait for folks to say stuff.

You see these proper quotes/apostrophes in my posts? They’re not curling themselves.

Expired: squatting in the squat rack. Tired: curling in the squat rack. Wired: Running curl(1) from your phone while in the squat rack

Detecting the use of “curl | bash” server side | Application Security https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

@mdom@domgoergen.com my own custom client I wrote, I use cron to run the update my timeline every 20 mins. My update process also processes 10 curl calls at time. I did that to save time when I poll everyone.

@mdosch@mdosch.de: Yes, #txtnish uses curl and can therefore handle all curl supported protocols.

One thing for sure on this project I’m working on, being able to run multiple CURL requests at once has been a real time saver.

Use the x-use-gopher header on your http proxies.. “curl -sI https://codevoid.de | grep ^x-u” bitreich.org, r-36.net, taz.de are already there. #gopher

Had to update my client to use CURL so I could get @mekon@sdf.org twtxt file via gopher

Also using curl with txtnish means I can pull from tons of protocols, #gopher #onion…

Okay, i dumped the wget backend from #txtnish, curl works better and providing the same interface with both was hard.

Okay, i dumped the wget backend from #txtnish, curl works better and providing the same interface with both was hard.

@tomas@bootlog.org Something is still broken, every clients but curl works for https. The ppl in #curl bet it is some ssl option.

@tomas@bootlog.org Something is still broken, every clients but curl works for https. The ppl in #curl bet it is some ssl option.

@tomas@bootlog.org Something weird is happening when i want to curl your twtfile: Empty reply from server. Browsers works fine.

@tomas@bootlog.org Something weird is happening when i want to curl your twtfile: Empty reply from server. Browsers works fine.

If you don’t have wget, #txtnish can also use curl via http_backend=curl

If you don’t have wget, #txtnish can also use curl via http_backend=curl

Already registered with ?

Already registered with ?

@kdave@kdave.github.io Not that i endorse anything like that, but one could always just .

@kdave@kdave.github.io Not that i endorse anything like that, but one could always just .