Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is this used in production anywhere? #5

Closed
michaeleiselsc opened this issue Oct 20, 2016 · 7 comments
Closed

Is this used in production anywhere? #5

michaeleiselsc opened this issue Oct 20, 2016 · 7 comments
Labels
question

Comments

@michaeleiselsc
Copy link

Hi, I work for a large mobile app company that is interested in replacing JSON with something faster. The one disappointing thing is that colfer is written in Go and JS it looks like, which we can't use for iOS or Android (without a fair amount of finagling at least), so are there any plans for it to get ported to C/C++? Also, are there any companies that use it? It would be great to see a list of some companies that use or even their experiences, as that would really sell the format. How much security auditing has occurred?

The numbers on https://github.com/eishay/jvm-serializers/wiki are tantalizing, so I'm curious to hear more :)
@pascaldekloe
Copy link
Owner

Hi Michael,

The Java from Colfer is supposed to run on Adroid.
A C port is under development yet I haven't used that language for over 10
years. Some help would be much appreciated.

Yes Colfer is used by a few companies including a high volume stock broker.
Just like you they didn't mention the specifics and I don't ask. ^_^

Op 20 okt. 2016 8:14 a.m. schreef "Michael Eisel" <notifications@github.com

:

Hi, I work for a large mobile app company that is interested in replacing
JSON with something faster. The one disappointing thing is that colfer is
written in Go and JS it looks like, which we can't use for iOS or Android
(without a fair amount of finagling at least), so are there any plans for
it to get ported to C/C++? Also, are there any companies that use it? It
would be great to see a list of some companies that use or even their
experiences, as that would really sell the format. How much security
auditing has occurred?

The numbers on https://github.com/eishay/jvm-serializers/wiki are
tantalizing, so I'm curious to hear more :)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#5, or mute the thread
https://github.com/notifications/unsubscribe-auth/AEpEAN8iVVOS7W8A2UxuJEBOMN2aDPyeks5q1wazgaJpZM4KbwbS
.

@pascaldekloe
Copy link
Owner

I've mistaken the e-mail notification for a PM. 😁
Anyway, security is an important factor indeed. The (un)marshalling has built-in support for size limitation. I did some fuzzing for the Go implementation with './testdata/fuzz.go'. Can you recommend any C libraries for testing?

@michaeleiselsc
Copy link
Author

Check out the security work these guys did: https://capnproto.org/news/

@pascaldekloe
Copy link
Owner

Let's skip that kind of "work" here. 😉

pascaldekloe added a commit that referenced this issue Nov 9, 2016
@pascaldekloe
Mention experience registration. (issue #5)
3d56a90
@pascaldekloe
Copy link
Owner

Started a wiki to collect information.

B.t.w., after this issue was created I saw quite some activity from security experts. Was that you @michaeleiselsc and if so, would you care to share the results?

@pascaldekloe
Copy link
Owner

pascaldekloe commented Dec 10, 2016
edited

@michaeleiselsc: the C++ port is up for the next milestone. (issue #10)

@michaeleiselsc
Copy link
Author

That was not me doing the security testing :P
Thanks for the heads up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pascaldekloe @michaeleiselsc