[pdkl95]

Plain text protocols help keep interoperability honest and open. They also have benefits that are often overlooked, such as more easily avoiding integer overflow and endian issues.

> If you're already using a tool

Often, I'm not.

> illusion of readability

That depends entirely on the protocol design; some are better than others. Binary protocol can also be a mess. More importantly, binary protocols will always require external definitions, while some text protocols do not.

> bug-ridden and rife with security holes

Changing from readable tokens and ASCIIified intege4rs to packed binary doesn't magically fix bus or security holes.

> what do I need to do for compatibility

That's easy: use the robustness principle[1].

(and most RFC-based protocols say you should send a CRLF).

A possible argument against this could...

> how long could this line be

...also be an argument against length fields. If you want reliable parsing - a very good idea - a good argument[2] can be made to only use context-free protocols (i.e. use parser-combinators).

[1] https://en.wikipedia.org/wiki/Robustness_principle

[2] https://media.ccc.de/v/28c3-4763-en-the_science_of_insecurit...

[oldmanjay]

To anyone who takes your advice on the robustness principle, don't. Liberal acceptance is a maintenance and security nightmare. Be strict on all boundaries and provide clear errors.

[pdkl95]

The robustness principle is fine, but it does need to be strictly interpreted, which I should have mentioned. Too often robustness is used as a license to be sloppy or to abuse lenient parsers with invalid input.

Meredith covers this specific issue at 33:25 in her 28c3 talk I referenced ([2]). "Be definite in what you accept" can emulate traditional "liberal" parsers if the compatibility is strictly defined in the grammar.

I really should have phrased that better; the robustness principle is great historically, and is therefor necessary in many current protocols, but newer protocols should be using well-defined either regular grammars or deterministic context-free grammars. As Meredith and Sergey explain in that talk, moving away form Turing complete protocols would prevent an important class of exploits.