random updates

docs/FAQ

@@ -1,4 +1,4 @@
-Updated: December 22, 2003 (http://curl.haxx.se/docs/faq.html)
+Updated: March 16, 2004 (http://curl.haxx.se/docs/faq.html)
                                   _   _ ____  _
                               ___| | | |  _ \| |
                              / __| | | | |_) | |
@@ -90,7 +90,7 @@ FAQ
   with URL spelled in uppercase to make it obvious it deals with URLs. The
   fact it can also be pronounced 'see URL' also helped, it works as an
   abbrivation for "Client URL Request Library" or why not the recursive
-  version: "Curl is a URL Request Library".
+  version: "Curl URL Request Library".
 
   Curl supports a range of common Internet protocols, currently including
   HTTP, HTTPS, FTP, FTPS, GOPHER, LDAP, DICT, TELNET and FILE.
@@ -101,7 +101,7 @@ FAQ
   NOTE: there are numerous sub-projects and related projects that also use the
   word curl in the project names in various combinations, but you should take
   notice that this FAQ is directed at the command-line tool named curl (and
-  libcurl the library), and may therefore not be valid for other curl
+  libcurl the library), and may therefore not be valid for other curl-related
   projects.
 
   1.2 What is libcurl?
@@ -109,16 +109,16 @@ FAQ
   libcurl is a reliable and portable library which provides you with an easy
   interface to a range of common Internet protocols.
 
-  You can use libcurl for free in your application even if it is commercial
+  You can use libcurl for free in your application, be it open source,
-  or closed-source.
+  commercial or closed-source.
 
   1.3 What is cURL not?
 
-  Curl is *not* a wget clone even though that is a very common misconception.
+  Curl is *not* a wget clone. That is a common misconception.  Never, during
-  Never, during curl's development, have we intended curl to replace wget or
+  curl's development, have we intended curl to replace wget or compete on its
-  compete on its market. Curl is targeted at single-shot file transfers.
+  market. Curl is targeted at single-shot file transfers.
 
-  Curl is not a web site mirroring program. If you wanna use curl to mirror
+  Curl is not a web site mirroring program. If you want to use curl to mirror
   something: fine, go ahead and write a script that wraps around curl to make
   it reality (like curlmirror.pl does).
 
@@ -181,9 +181,8 @@ FAQ
   curl. We do this voluntarily on our spare time.
 
   We get some help from companies. Contactor Data hosts the curl web site,
-  Haxx owns the curl web site's domain and sourceforge.net hosts several
+  Haxx owns the curl web site's domain and sourceforge.net hosts project
-  project services we take advantage from, like the bug tracker, mailing lists
+  services we take advantage from, like the bug tracker.
-  and more.
 
   If you want to support our project with a donation or similar, one way of
   doing that would be to buy "gift certificates" at useful online shopping
@@ -281,8 +280,7 @@ FAQ
 
   2.4. Does cURL support Socks (RFC 1928) ?
 
-  There is limited support for SOCKS5 for curl built with IPv6 support
+  Yes, SOCKS5 is supported when curl is built with IPv6 support disabled.
-  disabled.
 
 
 3. Usage problems
@@ -478,7 +476,7 @@ FAQ
   requests properly. To correct this problem, tell curl to select SSLv2 from
   the command line (-2/--sslv2).
 
-  There has also been examples where the remote server didn't like the SSLv2
+  There have also been examples where the remote server didn't like the SSLv2
   request and instead you had to force curl to use SSLv3 with -3/--sslv3.
 
   4.2. Why do I get problems when I use & or % in the URL?
@@ -577,21 +575,26 @@ FAQ
 
   The first part is to avoid having clear-text passwords in the command line
   so that they don't appear in 'ps' outputs and similar. That is easily
-  avoided by using the "-K" option to tell curl to read parameters from a
+  avoided by using the "-K" option to tell curl to read parameters from a file
-  file or stdin to which you can pass the secret info.
+  or stdin to which you can pass the secret info. curl itself will also
+  attempt to "hide" the given password by blanking out the option - this
+  doesn't work on all platforms.
 
   To keep the passwords in your account secret from the rest of the world is
   not a task that curl addresses. You could of course encrypt them somehow to
   at least hide them from being read by human eyes, but that is not what
   anyone would call security.
 
-  Also note that regular HTTP and FTP passwords are sent in clear across the
+  Also note that regular HTTP (using Basic authentication) and FTP passwords
-  network. All it takes for anyone to fetch them is to listen on the network.
+  are sent in clear across the network. All it takes for anyone to fetch them
-  Eavesdropping is very easy.
+  is to listen on the network.  Eavesdropping is very easy. Use more secure
+  authentication methods (like Digest, Negotiate or even NTLM) or consider the
+  SSL-based alternatives HTTPS and FTPS.
 
   4.8 I found a bug!
 
   It is not a bug if the behavior is documented. Read the docs first.
+  Especially check out the KNOWN_BUGS file, it may be a documented bug!
 
   If it is a problem with a binary you've downloaded or a package for your
   particular platform, try contacting the person who built the package/archive