Nobody needs these various serialization formats. If you have tabular data, use CSV. If you have nested data, use JSON. If space is a concern (it's probably not), use packed binary structs. If your needs can't be met by those, you probably need a database. The only shortcoming of JSON is its lack of support for comments. It would be more perfect for config files if you were able to include comments.
+Mark Hornberger Um, this talk is all about vulnerabilities in the 3rd-party parsers for these formats. So I guess the answer to "parse it first" is "watch the video, the standard parsers have code injection bugs or other vulnerabilities".
Few of many more reasons why I prefer things like FlatBuffers, Cap'n Proto, or MessagePack.
Great talk!
Who thought that making remote code execution a core feature of YAML was a good idea? Probably the same person that mandated using tabs.
Great talk.
Hey the subtitles aren't all that bad.
Why are they all in caps yet?
Nobody needs these various serialization formats. If you have tabular data, use CSV. If you have nested data, use JSON. If space is a concern (it's probably not), use packed binary structs. If your needs can't be met by those, you probably need a database. The only shortcoming of JSON is its lack of support for comments. It would be more perfect for config files if you were able to include comments.
TSV is definitely preferred to CSV
Yaml is only really useful for config files. But a format with less features would suffice
@@NabekenProG87 Such as TOML?
Why do people just dump unknown, unvetted data into their application? Shouldn't you parse it first, to make sure it isn't going to break anything?
+Mark Hornberger Um, this talk is all about vulnerabilities in the 3rd-party parsers for these formats. So I guess the answer to "parse it first" is "watch the video, the standard parsers have code injection bugs or other vulnerabilities".
Jonathan Cast I see your point. I guess that didn't occur to me. Thanks.