openconnect VS Vcpkg

A lot of software (including https://gitlab.com/openconnect/openconnect of which I'm a maintainer) uses libxml2, which in turn transitively links to libzma, using it to load and store compressed XML.

I'm not *too* worried about OpenConnect given that we use `libxml2` only to read and parse uncompressed XML…

But I am wondering if there has been any statement from libxml2 devs (they're under the GNOME umbrella) about potential risks to libxml2 and its users.

From the article:

> Ubiquitous presence of HTTPS allows you to pass your data through very restrictive middle boxes!

This is, in fact, why all — or nearly all — proprietary VPN protocols (so-called "SSL VPNs") implement a mode that initiates a tunnel via HTTPS, at least as a fallback if not as the primary mode of operation: precisely in order to have a mode of operation that works with almost any connection to the global Internet.

I'm one of the main developers of https://gitlab.com/openconnect/openconnect, which implements many such protocols, and wrote https://github.com/dlenski/what-vpn, which sniffs or identifies even more flavors of TLS-based VPN servers.

Found the solution: It's as simple, as changing the user agent with --useragent=AnyConnect. This is ridiculous. https://gitlab.com/openconnect/openconnect/-/issues/544

Source: I am one of the lead developers of OpenConnect, a popular open-source client for many corporate VPNs, and have done all of the above.

Be careful you're not using an illicit fork. https://gitlab.com/openconnect/openconnect

I personally have an openconnect server, and I patched their client to let me specify the SNI, (it's set to the server's hostname by default (https://gitlab.com/openconnect/openconnect/-/blob/master/gnutls.c#L2366), but it's optional in the anyconnect protocol spec)

Thank you, trying openconnect for multiple hours, but cannot auth, created issue about that https://gitlab.com/openconnect/openconnect/-/issues/446

If this is for anything other than AnyConnect I feel like you're better off with a t4g.nano running OpenVPN. If it's AnyConnect, you can run OpenConnect.

I had similar issue with Fortinet VPN. Try using something like https://gitlab.com/openconnect/openconnect. Run this from terminal to connect to VPN when needed. If this doesn't work search for global protect open source and there are other options.

re: C/C++ development: anybody using conda/pixi for dependency management? Here's an example of compiling a C++ SDL program using pixi and the SDL dependency from conda-forge [1].

Seems viable as a replacement for things like vckpg [2] which only builds from source.

I'm still researching this but it seems like rattler [3] is the tool to use to build/publish packages. The supported repos are: prefix.dev's own hosting, anaconda.org, artifactory or a self-hosted server.

--

1: https://github.com/prefix-dev/pixi/blob/main/examples/cpp-sd...

2: https://github.com/microsoft/vcpkg

3: https://prefix-dev.github.io/rattler-build/latest/authentica...

5.4.5 can be compromised

https://github.com/microsoft/vcpkg/issues/37197

vcpkg may expire assets after 1.5 years, so achieve long-term reproducibility you will need to cache your dependencies.... Somewhere. Not sure what the expected solution is.

https://github.com/microsoft/vcpkg/pull/30546#issuecomment-1...

There were various approaches recommended depending on our language and ecosystem. My classmates who developed using Node.js were recommended npm, and PyPI or poetry for Python. Since my program is written in C++, I was recommended to look into one of vcpkg or conan, but I ultimately did not use either package manager.

Which dependencies are not in vcpkg? We can ask them to add it. It’s pretty easy just open an issue there https://github.com/microsoft/vcpkg/issues .

./vcpkg search netcdf gdal[netcdf] Enable NetCDF support minc 2.4.03#3 MINC - Medical Image NetCDF or MINC isn't netCDF minc[minc1] Support minc1 file format, requires NETCDF netcdf-c 4.8.1#2 A set of self-describing, machine-independent data formats that support th... netcdf-c[dap] Build with DAP remote access client support netcdf-c[hdf5] Build with HDF5 support netcdf-c[nczarr] Build with NCZarr cloud storage access support netcdf-c[nczarr-zip] Build with NCZarr ZIP support netcdf-c[netcdf-4] Build with netCDF-4 support netcdf-c[platform-default-features] Enable platform-dependent default features netcdf-c[tools] Build utilities netcdf-cxx4 4.3.1#4 a set of machine-independent data formats that support the creation, acces... The result may be outdated. Run `git pull` to get the latest results. If your port is not listed, please open an issue at and/or consider making a pull request. - https://github.com/Microsoft/vcpkg/issues

The hyperscan update to vcpkg seems to have happened from 5.4.0 to 5.4.2 in this commit on Apr 20.

Dear Fictrac team, I am hoping to install Fictrac in our windows 11 x64 laptop (Visual Studio 2019, cMake 3.26.4). I followed the installation guideline on github page fictrac and used the latest vcpkg