Whenever I complain about ASN.1 there's this sort of "ASN.1 is fine" backlash and then I see shit like this: http://trac.tools.ietf.org/wg/trans/trac/ticket/14 …
@mik235 @sleevi_ @kebesays @AlecMuffett that particular property of JSON is definitely a LANGSEC violation...
-
-
@bascule@sleevi_@kebesays@AlecMuffett arguing XML vs JSON vs ASN.1 is a stupid argument. They all do too much AND not enough. -
@bascule@sleevi_@kebesays@AlecMuffett but sometimes you just need to pick a winner, make it work and move on. Life's too short. -
@mik235@sleevi_@kebesays@AlecMuffett XML and ASN.1 seem to be frequently associated with remote code execution or severe parsing bugs -
@bascule@sleevi_@kebesays@AlecMuffett that's more about the code. Look at libxml2 bugs vs Chrome/Firefox bugs. -
@mik235@sleevi_@kebesays@AlecMuffett I'm sure Chrome and Firefox do a great job, but XML is everywhere and extremely dangerous -
@mik235@sleevi_@kebesays@AlecMuffett two words: SAML XXE
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.