From jhildebr@cisco.com Wed Apr 10 07:39:46 2013 Return-Path: X-Original-To: json@ietfa.amsl.com Delivered-To: json@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8C0C21F92B2 for ; Wed, 10 Apr 2013 07:39:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O5xkZdkMOjh0 for ; Wed, 10 Apr 2013 07:39:45 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 8EFCE21F93B4 for ; Wed, 10 Apr 2013 07:39:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=204; q=dns/txt; s=iport; t=1365604785; x=1366814385; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=uwDvOJscPNMXBG3W6eHBVTS94YDvNI9ljcGR1XOvraE=; b=ATj3UVJfJJnyNFtO3IKJoQbMLrITlsPMosCYiUqQB8lt0gFk+2R4ODAm syYiJq038/gR7dmxq7/IaDBprxPFCBizsQTsKPhozf7N3m36Bk6crUt6V PKETIb3/whXJzRlC/SKyaoEHhPss61hiesXGlDwiTIq1w4NIF/qlsv6As o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjwLAK14ZVGtJXG9/2dsb2JhbABQgwY2gmS+QwIBgQ8WdIIhAQQ6UQEqFEInBBsBiAsMnTihLo5PFoMYYQOoDoMLgig X-IronPort-AV: E=Sophos;i="4.87,447,1363132800"; d="scan'208";a="197163331" Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-8.cisco.com with ESMTP; 10 Apr 2013 14:39:45 +0000 Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id r3AEdjNW029661 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Wed, 10 Apr 2013 14:39:45 GMT Received: from xmb-rcd-x10.cisco.com ([169.254.15.181]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.02.0318.004; Wed, 10 Apr 2013 09:39:45 -0500 From: "Joe Hildebrand (jhildebr)" To: "json@ietf.org" Thread-Topic: Minutes from IETF86 JSON BoF Thread-Index: AQHONfk+Z6CHXvOxoEWB41wSoW6+rg== Date: Wed, 10 Apr 2013 14:39:44 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.2.130206 x-originating-ip: [10.21.68.64] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Json] Minutes from IETF86 JSON BoF X-BeenThere: json@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 14:39:46 -0000 I finally posted minutes from the BoF: http://www.ietf.org/proceedings/86/minutes/minutes-86-json Please send comments or corrections to the list, and note action items. --=20 Joe Hildebrand From johnsonhammond1@hushmail.com Sat Apr 27 15:47:16 2013 Return-Path: X-Original-To: json@ietfa.amsl.com Delivered-To: json@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C743D21F98FB for ; Sat, 27 Apr 2013 15:47:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.469 X-Spam-Level: X-Spam-Status: No, score=-2.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MHirD8WC8gKQ for ; Sat, 27 Apr 2013 15:47:15 -0700 (PDT) Received: from smtp2.hushmail.com (smtp2a.hushmail.com [65.39.178.237]) by ietfa.amsl.com (Postfix) with ESMTP id DA87F21F98E8 for ; Sat, 27 Apr 2013 15:47:14 -0700 (PDT) Received: from smtp2.hushmail.com (smtp2a.hushmail.com [65.39.178.237]) by smtp2.hushmail.com (Postfix) with SMTP id B0C67E7D43 for ; Sat, 27 Apr 2013 17:45:40 +0000 (UTC) X-hush-relay-time: 214 X-hush-relay-id: b1bd903faba185ee07e5a0ed3a1fde37 Received: from smtp.hushmail.com (w5.hushmail.com [65.39.178.80]) by smtp2.hushmail.com (Postfix) with ESMTP for ; Sat, 27 Apr 2013 17:45:40 +0000 (UTC) Received: by smtp.hushmail.com (Postfix, from userid 99) id 7DE73E6739; Sat, 27 Apr 2013 17:45:40 +0000 (UTC) MIME-Version: 1.0 Date: Sat, 27 Apr 2013 13:45:40 -0400 To: json@ietf.org From: johnsonhammond1@hushmail.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="UTF-8" Message-Id: <20130427174540.7DE73E6739@smtp.hushmail.com> Subject: [Json] Biggest Fake Conference in Computer Science X-BeenThere: json@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Apr 2013 22:47:16 -0000 Biggest Fake Conference in Computer Science We are researchers from different parts of the world and conducted a study on the world’s biggest bogus computer science conference WORLDCOMP ( http://sites.google.com/site/worlddump1 ) organized by Prof. Hamid Arabnia from University of Georgia, USA. We submitted a fake paper to WORLDCOMP 2011 and again (the same paper with a modified title) to WORLDCOMP 2012. This paper had numerous fundamental mistakes. Sample statements from that paper include: (1). Binary logic is fuzzy logic and vice versa (2). Pascal developed fuzzy logic (3). Object oriented languages do not exhibit any polymorphism or inheritance (4). TCP and IP are synonyms and are part of OSI model (5). Distributed systems deal with only one computer (6). Laptop is an example for a super computer (7). Operating system is an example for computer hardware Also, our paper did not express any conceptual meaning. However, it was accepted both the times without any modifications (and without any reviews) and we were invited to submit the final paper and a payment of $500+ fee to present the paper. We decided to use the fee for better purposes than making Prof. Hamid Arabnia (Chairman of WORLDCOMP) rich. After that, we received few reminders from WORLDCOMP to pay the fee but we never responded. We MUST say that you should look at the above website if you have any thoughts to submit a paper to WORLDCOMP. DBLP and other indexing agencies have stopped indexing WORLDCOMP’s proceedings since 2011 due to its fakeness. See http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the conferences of WORLDCOMP and notice that there is no listing after 2010. See Section 2 of http://sites.google.com/site/dumpconf for comments from well-known researchers about WORLDCOMP. The status of your WORLDCOMP papers can be changed from scientific to other (i.e., junk or non-technical) at any time. Better not to have a paper than having it in WORLDCOMP and spoil the resume and peace of mind forever! Our study revealed that WORLDCOMP is a money making business, using University of Georgia mask, for Prof. Hamid Arabnia. He is throwing out a small chunk of that money (around 20 dollars per paper published in WORLDCOMP’s proceedings) to his puppet (Mr. Ashu Solo or A.M.G. Solo) who publicizes WORLDCOMP and also defends it at various forums, using fake/anonymous names. The puppet uses fake names and defames other conferences to divert traffic to WORLDCOMP. He also makes anonymous phone calls and tries to threaten the critiques of WORLDCOMP (See Item 7 of Section 5 of above website). That is, the puppet does all his best to get a maximum number of papers published at WORLDCOMP to get more money into his (and Prof. Hamid Arabnia’s) pockets. Monte Carlo Resort (the venue of WORLDCOMP for more than 10 years, until 2012) has refused to provide the venue for WORLDCOMP’13 because of the fears of their image being tarnished due to WORLDCOMP’s fraudulent activities. That is why WORLDCOMP’13 is taking place at a different resort. WORLDCOMP will not be held after 2013. The draft paper submission deadline is over but still there are no committee members, no reviewers, and there is no conference Chairman. The only contact details available on WORLDCOMP’s website is just an email address! Let us make a direct request to Prof. Hamid arabnia: publish all reviews for all the papers (after blocking identifiable details) since 2000 conference. Reveal the names and affiliations of all the reviewers (for each year) and how many papers each reviewer had reviewed on average. We also request him to look at the Open Challenge (Section 6) at https://sites.google.com/site/moneycomp1 Sorry for posting to multiple lists. Spreading the word is the only way to stop this bogus conference. Please forward this message to other mailing lists and people. We are shocked with Prof. Hamid Arabnia and his puppet’s activities http://worldcomp-fake-bogus.blogspot.com Search Google using the keyword worldcomp fake for additional links. From derhoermi@gmx.net Sat Apr 27 17:06:54 2013 Return-Path: X-Original-To: json@ietfa.amsl.com Delivered-To: json@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E57521F9917 for ; Sat, 27 Apr 2013 17:06:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJm4lda9VJqd for ; Sat, 27 Apr 2013 17:06:53 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8D721F9916 for ; Sat, 27 Apr 2013 17:06:52 -0700 (PDT) Received: from mailout-de.gmx.net ([10.1.76.16]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0M1Cg2-1Ulhel2unQ-00tDor for ; Sun, 28 Apr 2013 02:06:51 +0200 Received: (qmail invoked by alias); 28 Apr 2013 00:06:51 -0000 Received: from p54B4E90F.dip0.t-ipconnect.de (EHLO netb.Speedport_W_700V) [84.180.233.15] by mail.gmx.net (mp016) with SMTP; 28 Apr 2013 02:06:51 +0200 X-Authenticated: #723575 X-Provags-ID: V01U2FsdGVkX1+cZSYZ9pac9bZeyKHC6p04gR4gRe0oRrUaC42JO7 ohMUdQCS3zY5i3 From: Bjoern Hoehrmann To: Bjoern Hoehrmann Date: Sun, 28 Apr 2013 02:06:54 +0200 Message-ID: <9kpon8th73ivv3ii83mgpthkfdu7oq40rj@hive.bjoern.hoehrmann.de> References: <370C9BEB4DD6154FA963E2F79ADC6F2E2795A91E@DEN-EXDDA-S12.corp.ebay.com> In-Reply-To: X-Mailer: Forte Agent 3.3/32.846 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Cc: "Hill, Brad" , "json@ietf.org" Subject: Re: [Json] Fixing / removing the safe-for-eval() regex X-BeenThere: json@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Discussion related to JavaScript Object Notation \(JSON\)." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Apr 2013 00:06:54 -0000 * Bjoern Hoehrmann wrote: >* Hill, Brad wrote: >>If a new WG is chartered to update 4627, fixing or removing the >>safe-for-eval() regex should be on the charter. >> >>There are now several known ways to break out of this regex: >> >>http://www.thespanner.co.uk/2011/07/25/the-json-specification-is-now-wrong/ >>http://blog.mindedsecurity.com/2011/08/ye-olde-crockford-json-regexp-is.html > >This should have been filed as erratum back in 2011, and should be filed >as an erratum immediately. I've filed http://www.rfc-editor.org/errata_search.php?rfc=4627&eid=3607 for the latter. I note that there is an error in the blog posting, with +{ "valueOf": self["location"], "toString": []["join"], 0: "javascript:alert(1)", length: 1 } you cannot bypass the validation code because `length` contains `g` and `h`, and the validation code disallows that; but quoting `"length"` gets around that, and I've independently confirmed this in Internet Explorer 9 with the code in the erratum. The former does not seem to be a valid issue. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/