Hacker News new | past | comments | ask | show | jobs | submit login

I had the same reaction upon learning that curl can talk LDAP.



That's really cool. TIL.

Also, curl can talk ftp, upload and download. Which is super useful when dealing with legacy things.


WHAT


If I download the latest version of curl.exe for Windows, I will find that all of these subsystems are enabled:

  C:>curl --version
  curl 8.2.1 (x86_64-w64-mingw32) libcurl/8.2.1 OpenSSL/3.1.2 (Schannel) zlib/1.2.13 brotli/1.0.9 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.55.1 ngtcp2/0.18.0 nghttp3/0.14.0 libgsasl/2.2.0
  Release-Date: 2023-07-26
  Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
  Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd
However, Microsoft also distributes its own version of curl.exe, with vastly less capability:

  C:\>cd temp

  C:\Temp>curl --version
  curl 8.0.1 (Windows) libcurl/8.0.1 Schannel WinIDN
  Release-Date: 2023-03-20
  Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
  Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets
I don't know why Microsoft removes all of this functionality. They should not do this.


Very straightforward reason: less capabilities for naughty executables to "live off the land" from.

Kind of like the sysadmins removing any scripting languages and compilers from servers to avoid giving rogue processes any leg up. It's legitimately making it harder for baddies to exploit a way in. ...Though it's never been easier to package your own interpreter (micropython or equivalent), so I don't expect it slows people down much.

In the mindset of MS: legit devs should package their own tooling, and baddies shouldn't get the freebies.


I didn't really think about it from that perspective. It makes sense.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: