eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of specialized XML-based protocols that are an increasingly popular choice for a variety of middleware applications. It's a sprawling project implemented differently by many popular projects and services, and is used for purposes ranging from chat rooms and video conferencing to control channels for mobile devices. It combines a myriad of confusing buffet-style design options with all of the traditional weaknesses of XML security. XML parsing is a fragile art and many (if not most) implementations are vulnerable to DOS attacks, such as knocking the other users of a chatroom offline. I take a look at how those issues play out in IM clients and open source servers.