Is curl API that good? It looks a little weird to me, for example, you need to set URL as an "option", and it is not "optional" despite the name. Wouldn't it be better to pass URL and method to "curl_easy_perform" function?
Also, curl seems to have no built-in function to save data? The user has to implement write callback themselves?
Also, regarding options, curl uses a single function for setting options of different types (numbers, booleans, strings) so typing for an option value cannot be used. Is that a good idea? What C developers usually use in such cases?
Unfortunately C libraries aren't known for their use of strong typing or the "make invalid states unrepresentable" paradigm, and C itself is very weakly typed so it's not even feasible to write strongly typesafe APIs in C.
Why should a transport library deal with storing data? And you can crique the design I guess, but it works and it works well. Sometimes that is enough.
I believe CURL is built into Unreal as the HTTP library of choice for desktop platforms. Just to add to the mindboggling number of games that may rely on it.
I would advocate an additional method of supporting open source: contributing. Doesn’t even have to be features. Bug fixes or docs are amazing. Heck even opening really good issues where it’s clear the dev spent time getting a good reproduction. Daniel is a full time maintainer who would benefit from additional income. Many small projects have maintainers that a few dollars might be helpful but help would be more helpful.
I went to some open source confs to promote a book I wrote (https://howtoopensource.dev) and free service (https://www.codetriage.com) and asked people working at booths for large companies if they can contribute to open source at their day job. Only one person had a positive example and in that case their team was literally blocked on the fix and there was no workaround. The rest seemed confused about why they should be spending work time to report issues or fix bugs. Some genuinely didn’t realize that was helpful and that “contributing to open source” doesn’t just mean releasing and maintaining your own code.
So yes, please fund the software you use, also time and attention is valuable too.
Last tip: If you want to make a habit of it, get it tracked like regular work. “Hey, is feature X done, can we move this card over?” …”Actually I still need to report an upstream issue before we are totally done, I’ll make another work item for it and get it checked off today”. If you feel like you would get pushback for that, then start smaller, by filing issues and talking about it after the fact. Most other engineers and quite a few managers see this as going above and beyond for your job.
>And how many of them are donating to or sponsoring the cURL project?
A lot of them are likely using it as part of a game engine that they pay for, those game engines should be supporting the curl project, assuming you believe they have an obligation to do so.
This post (just thinking of use of Unix tools within game software) reminds me of that bug a few years back within steam itself that accidentally deleted user’s root directories
* it's got a license that allows it to be embedded
* it's well known amongst game devs
* its deals very well with all the mind-numbingly uninteresting network issues game devs don't care about
It's mostly used for analytics, fetching news, RSS feeds etc. Seperate proprietry libs are used for the CDN side of game dev.
Basically it works and the gamedev industry is incredibly conservative about new/different tech. Alas it's also greedy. I know of games making $1 million a day that pay nothing in to the curl.
Then don't choose a super permissive license like BSD/MIT.
I was reading The Wealth Of Nations by Adam Smith recently (1776), and one passage stuck to me: that the regular market works because it is driven by the inherent self-interest and egoism of humans, while only beggars expect to earn a living out of the goodwill of the people.
I love free software, but it makes no sense as a business model. If you want to make money out of free software while avoiding leeches, use a serious license. AGPL3, MPL2.0 or EUPL. The entire ecosystem of permissive licenses is pushed, hard, by companies themselves, and perpetuated by their naive employees. Hence the creation of the corporate-friendly Open Source Initiative (OSI) that has completely eaten the lunch of the FSF.
Those licenses are all a joke. If I need a library like libcurl for a commercial application, then GPL, AGPL, EUPL and even LGPL are non-starter. MPL-style licenses are fine, but it doesn't really make you any money, it just forces me to publish my patchset for the library (except not really [1])
The solution really is to use a serious license. Add a "if you make more than $X you owe us $Y" clause. Or use a Qt-style dual-license, where your users can buy their way out of the GPL, this way you can keep the moral high ground of using a "FSF-approved license". But putting yourself in a position where your work can be easily exploited and then complaining when it is is ridiculous.
[1] MPL works on a per-file basis. Technically I can extend it the library with a new file that contains no MPL code and won't have to release it. The LGPL has protections against this, is worse in other ways.
> But putting yourself in a position where your work can be easily exploited and then complaining when it is is ridiculous.
Ridiculous is a strong adjective to use in this case, naïve would work much better without adding a harsh judgment to people who don't share your worldview. I could say the same: your position is ridiculous by only believing that humans are incapable of cooperation without having something to gain from it, such position only exist due to a system we are beholden to, not due to absolute human nature.
The "Big Tech used my stuff and now I'm sad" story has happened so many times that it is ridiculous. You should be aware of this possibility before releasing your stuff under a permissive license. And the proposed alternative is often copyleft, which doesn't make you any money and dissuades people from using your project. You need to understand these implications before jumping in.
> your position is ridiculous by only believing that humans are incapable of cooperation without having something to gain from it
I do believe that. They're always a motivation to gain something, even if it's the pride that you've helped financially support a project you believe in.
My worldview is irrelevant though, the issue here is corporate structure, not human nature. It's difficult to convince a company to pay for something that is free, especially when the button says "Donate" and not "Buy". And even if you do, for a high-value FOSS component, the amount paid will never reflect the actual value they gained from it - think YouTube and ffmpeg, Apple and FreeBSD, or any SaaS and Linux.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version.
IANAL, this is just my interpretation.
- There's no way to comply with this when developing for a closed platform - e.g. iOS or any video game console.
- There's no way to comply with this if you need to sign your code for whatever reason.
- It's very difficult to comply with this if you have to ship a single binary and cannot dynamically link - e.g. Android with an .apk package.
MPL and EUPL don't make you money but they are in the spirit of free software while not being viral and forcing everybody to buy into the socialistic ideals of free software.
A company can keep closed source their own extension to your project, but any modification to the project itself gets shared with the community, no exception. In ways it's more libre than GPLv2, without forcing big money to bend to your idealistic will (because they won't, and will just avoid using your software).
Of course you can write your license, but either you do it seriously and pay $x,000 a lawyer to do it for you, or you write legal nonsense. In both cases the result is any company will just skip using your software because they have better things to do than review your custom license. There is a real people choose pre-made licenses for open source.
> Then don't choose a super permissive license like BSD/MIT.
One big problem is that you cannot encode all possible wants and wishes into a legal document.
Laurence Lessig, founding member of Creative Commons, wrote in Code 2.0 (1999) about four elements that regulate behavior online: Laws, norms, markets, and technology
- *Code/architecture* – the physical or technical constraints on activities (e.g. locks on doors or firewalls on the Internet)
- *Market* – economic forces
- *Law* – explicit mandates that can be enforced by the government
- *Norms* – social conventions that one often feels compelled to follow
It also doesn’t help that OSI and FSF operate as though they are each other’s biggest enemies instead of all the other threats out there.
I feel like the definitions of “Free” and “Open” are too binary and lack nuance. I wish for something more, an open “score”, for example. Sure the Hipocratic license isn’t permissive but the only limitation it imposes is predicated on committing human atrocities as defined in legal code by the Geneva convention. So maybe it’s “closer” to MIT then say the “business source license” which is actively restricting commercialization.
Or to put it another way: If we want software devs to choose licenses that are closer to their actual goals (like CC-BY-NC) then we need to find ways as a community to distinguish these projects as better than pure closed source, proprietary software. Because right now FSF and OSI classify both the same.
I do a ton of open source but I don’t beg. I negotiate with my employer to find a common goal that advances the business and the community.
Companies don’t donate out of (pure) goodwill. Lots of talks about risk mitigation. Even if they don’t donate money, the devs who rely on dependencies can still donate time as they choose (within limits).
Don't know about wget, but curl also provides libcurl [0] so you can embed it on your software. Also curl supports a wider range of protocols, as can be seen on [0].
libwget exists too, and is licensed under LGPL. The wget/wget2 tool itself is GPL3 licensed. The "MIT" license is less complicated to comply with than LGPL, but that's probably not why it's getting chosen.
curl is a library, unlike wget, it's truly cross-platform, and it handles pretty much everything http-related that you can throw at it, in many cases better than the "native" HTTP implementations of the OS or game development framework.
cURL is nice because it's an HTTP request tool that's got about three decades of all the minutia built into it. It's got a CLI and a library, and it runs on every operating system you might develop for.
I think a big difference is that the author is pretty darn proud of cURL and brags about it often, and that curl's license is more permissive than wget's GPL.
However, it is extremely common because it works on any platform. It's great at filling in for platforms where you don't get forced to use the first party one (like Xbox).
There's Unity and Unreal games on the steamdb listing, but there's also several other proprietary engines, both big (Source, RED) and small (all sorts of small indie games)
does this invalidate the idea? i get the core idea, there _are_ some libraries that nobody has ever heard of but for example used in just a few places, one of them being lets say jquery and that creates a misleading example of being some super popular library.
curl is not one of these examples, it is very, very, widespread.
Any person who's used an Internet-connected device has likely had curl involved. I'd be proud too if my work was one of the backbone components to modern society.
If you want billion dollar corporations to pay you then you should probably include a clause "this is free unless you're a billion dollar corporation in which case you have to pay me" in the license.
Ah but then it's not free software and the FSF will frown at you, because billion dollar corporations are people too. Tough luck.
Why not let the man be proud of his work? I'd be if I were in his shoes.
Out of curiosity, if that bothers you, for whatever reason — why'd you come into this thread? Wouldn't it have been better for everyone involved to just skip it?
Why are you so upset about it? Curl is big and it's being used literally everywhere while having little to no appreciation from corporations who use it, just like ffmpeg
And when a cve is found everyone yells and says why doesn't someone rewrite it in rust. It is freakishly huge, and the tests and fuzzing are very good at this point. I do wonder if there isn't a subset of the functionality that is used much more frequently that we could RiR.
Why shouldn't he be proud of his tool that is basically the default tool for doing and describing anything HTTP-related (and not just HTTP-related)? That is used on almost any platform people are using?
Boost is super heavy, and I've heard people refer to it's inclusion of solutions as a sign of a poor game programmer (I do not give such judgement, but just passing that sentiment along).
Furthermore, it seems to use "set option" function with magic values to control in-memory cookie storage which is even weirder: https://curl.se/libcurl/c/CURLOPT_COOKIELIST.html
Also, curl seems to have no built-in function to save data? The user has to implement write callback themselves?
Also, regarding options, curl uses a single function for setting options of different types (numbers, booleans, strings) so typing for an option value cannot be used. Is that a good idea? What C developers usually use in such cases?