Discussion
Because of the recent Notepad++ adventures I came to learn that they use libcurl for updates.
Part of their latest fixes was to change from using libcurl.dll dynamically to linking it statically "to eliminate DLL side-loading risk"
Was discussing interview questions for DevOps with my manager and he said he liked to ask how ssh works and I said "Yeah ok" and he said "or curl" and... I don't believe even the maintainers of curl understand curl 100% now. Not sure there are things it cannot do. It is basically an operating system
English:Was discussing interview questions for DevOps with my manager and he said he liked to ask how ssh works and I said "Yeah ok" and he said "or curl" and... I don't believe even the maintainers of curl understand curl 100% now. Not sure there are things it cannot do. It is basically an operating system
@mamday.bsky.social I think I can still explain fairly accurately about every piece of functionality provided by curl...
@bagder seems odd that they use it in the first place, especially for something as simple as updates, especially as a Windows-only app that would be just fine using WinInet instead 🤔
@bagder also Microsoft: "AI for all the things and lets take automatic periodic secret screenshots of every desktop in the entire world what could possibly go wrong?"
@bagder That will fix it, for sure! *benny hill theme playing*
@bagder
Sounds like Windows DLL hell still exists
@bagder that....doesn't make sense, right? Or am I missing something?
@adrianmester it's Windows. Who knows?
@bagder @adrianmester it will help.
There are a bunch of DLL attacks possible in windows, it's really messed up.
@bagder @adrianmester it doesn't make sense.
If you can replace the libcurl.dll you could also just patch the exe. Statically linking doesn't hurt anything but it surely doesn't help anything either. Security wise.
Install bonfire.mavnn.eu
Get the full app experience
