XSF Discussion - 2019-06-28

  1. fippo

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20843 -- this expat vulnerability would probably get more attention if it was called "billion dots"...

  2. flow

    praise the fuzzer

  3. flow

    Now the question is if other XML parser suffer from a similiar issue

  4. Zash

    flow: The multiple colon thing?

  5. jonas’

    praise the fuzzer and pass the ammunition

  6. flow

    Zash, yep

  7. edhelas

    > XEP-0410 Damn I didn't noticed that we're above 400 now

  8. edhelas

    oh, the whole MIX package is also 04**

  9. goffi

    yes, and we have sadly missed to do a "XEP-0404 Not Found"

  10. Zash

    That's 28 no?

  11. goffi

    right, we should have redirected there.

  12. eevvoor

    ;)

  13. Zash

    https://mailarchive.ietf.org/arch/msg/ietf-announce/illMk4Mi2aB94Gj4ubwY3ngZbEU Common logging format of interest to folks here?

  14. jonas’

    that is a super fancy rendering of a Draft: https://quiclog.github.io/internet-drafts/draft-marx-quic-logging-main-schema.html

  15. jonas’

    they stole our new XEP style! ;)

  16. Zash

    !

  17. jonas’

    and here people say XMPP is behind on fanciness!

  18. Zash

    I sorta imagined PCAP as logging format at some point.

  19. jonas’

    pcap is binary though

  20. jonas’

    reminds me I need to look into how much you can twist CAP (Common Alerting Protocol, XML based) into conveying (IT) infrastructure alerts

  21. Zash

    pcap is binary, true. reading traces in wireshark isn't that bad, I'm just missing some way to braid in normal log messages.

  22. jonas’

    can lnav read pcap?

  23. jonas’

    being python (I think?) and there being scrapy, I suspect there may be a way to make that work

  24. Zash

    Hehe, why not?

  25. debacle

    Who edits https://xmpp.org/software/libraries.html ? I would like to see "libstrophe" (http://strophe.im/libstrophe/) for the C programming language there. There is only strophe.js, the JS variant of it.

  26. moparisthebest

    I think you can put in a PR on the GitHub

  27. wojtek

    debacle: actually it's there, but it lacks timestamp (has to be bumped every year) therefore it's not included -- you can do PR for this file: https://github.com/xsf/xmpp.org/blob/master/data/libraries.json

  28. jonas’

    debacle, https://github.com/xsf/xmpp.org/tree/master/data#software-directory-readme

  29. debacle

    I always have difficulties with github. Either I don't like it or they don't like me :-)

  30. jonas’

    you can also send a patch to me ;)

  31. debacle

    jonas’, that sounds better ;)