med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

355
active users

#libxml2

0 posts0 participants0 posts today
JdeBP<p><span class="h-card" translate="no"><a href="https://mastodon.world/@davidnjoku" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>davidnjoku</span></a></span> <span class="h-card" translate="no"><a href="https://social.ridetrans.it/@Andres4NY" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Andres4NY</span></a></span> </p><p>It isn't. Because of recent events with <a href="https://mastodonapp.uk/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a>, the discussion has arisen once again, in the open source world, of how much businesses who rely upon projects that are both gratis and libre are freeloading off volunteers, and dressing doing so up in security theatre. Security theatre that holds within it a threat against the livelihoods of those volunteers.</p><p>And in addition to that there are the businesses whose own livelihoods are built around desperately finding as many things to classify as security problems as they can, to gain a reputation as a problem finder, without lifting a finger to fix any of them in any way. Because no-one is apparently checking their reputations as problem fixers.</p><p>* <a href="https://lwn.net/SubscriberLink/1025971/73f269ad3695186d/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lwn.net/SubscriberLink/1025971</span><span class="invisible">/73f269ad3695186d/</span></a></p><p><a href="https://mastodonapp.uk/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodonapp.uk/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a></p>
Skunnyk<p>About <a href="https://mastodon.social/tags/Libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Libxml2</span></a> usage in core products (macos, chrome, windows...) "The point is that libxml2 never had the quality to be used in mainstream browsers or operating systems to begin with. [...]. Originally it was kind of a growth hack, but now these companies make billions of profits and refuse to pay back their technical debt, either by switching to better solutions, developing their own or by trying to improve libxml2." <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913#note_2439345" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.gnome.org/GNOME/libxml2</span><span class="invisible">/-/issues/913#note_2439345</span></a></p>
Philipp :geeko: :natenom:<p>The lone volunteer maintainer of <a href="https://digitalcourage.social/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a>, one of the open source ecosystem’s most widely used XML parsing libraries, with an excellent rant about how Apple, Google, Microsoft and their BigTech Bros exploit <a href="https://digitalcourage.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> software and the volunteers behind it:</p><p><a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913#note_2439345" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.gnome.org/GNOME/libxml2</span><span class="invisible">/-/issues/913#note_2439345</span></a></p>
Eve Ventually<p><a href="https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports" rel="nofollow noopener" target="_blank">libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden</a></p><blockquote><p>The lone volunteer maintainer of libxml2, one of the open source ecosystem’s most widely used XML parsing libraries, has <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913" rel="nofollow noopener" target="_blank">announced</a> a policy shift that drops support for embargoed security vulnerability reports.</p></blockquote><p>I've taken heat in other venues for talking about this kind of thing when there's been an overreaction to a <strong>near miss</strong> <em>caused</em> by overreliance on a project that isn't getting support from the organizations that rely on it.</p><p>There's not one here yet. Maybe big tech can pay attention this time?</p><p><a href="https://toot.cat/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a></p>
Nico Rikken<p>I tried validating <a href="https://mastodon.nl/tags/Docbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docbook</span></a> v5 using <a href="https://mastodon.nl/tags/xmllint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xmllint</span></a> from <a href="https://mastodon.nl/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a> via <a href="https://mastodon.nl/tags/RelaxNG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RelaxNG</span></a> and <a href="https://mastodon.nl/tags/Schematron" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Schematron</span></a> but wasn't successful. The RNG validation threw unexpected errors and the Schematron validation threw an internal error. It could be my source file, but it seems fine. Does somebody here have a working setup or tips to share?</p>
Steven Hilton<p>At $DAYJOB, we have an admin <a href="https://mastodon.online/tags/Rails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rails</span></a> app and one feature is displaying a large block of text to the user, akin to a log file. We run that through the `sanitize` helper in the view for safety. Yesterday I learned that the <a href="https://mastodon.online/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a> library used by <a href="https://mastodon.online/tags/nokogiri" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nokogiri</span></a> has a soft-limit of ten million characters per text node. In this environment, excess text gets silently truncated. You can go higher, but the Rails/Loofah <a href="https://mastodon.online/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a> doesn't support that.</p><p><a href="https://mastodon.online/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ruby</span></a> <a href="https://mastodon.online/tags/rubyonrails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rubyonrails</span></a> <a href="https://mastodon.online/tags/webdevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdevelopment</span></a> <a href="https://mastodon.online/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Barry Schwartz 🫖<p>I found at least one spot where there is work towards my <a href="https://masto.ai/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a> for <a href="https://masto.ai/tags/Dlang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dlang</span></a> efforts. It is right next to some <a href="https://masto.ai/tags/ATS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATS</span></a> code for parsing s-expressions. :) (I might still use that instead of either JSON or libguile, now that I have found it.)</p>
Barry Schwartz 🫖<p>Hmm. Maybe I should attempt to make an automatically generated interface from <a href="https://masto.ai/tags/ATS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATS</span></a> to <a href="https://masto.ai/tags/libguile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libguile</span></a>, as I did for an interface from <a href="https://masto.ai/tags/Dlang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dlang</span></a> to <a href="https://masto.ai/tags/libxml2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libxml2</span></a>. (The latter is sitting somewhere in my ‘chemoelectric’ repository. It is constructed mostly by Awk scripts. But I’ll probably use Object Icon instead, this time.)</p>