Technology

69548 readers

3554 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

553

I use Zip Bombs to Protect my Server (idiallo.com)

submitted 2 days ago by [email protected] to c/[email protected]

102 comments fedilink hide all child comments

The one-liner:

dd if=/dev/zero bs=1G count=10 | gzip -c > 10GB.gz

This is brilliant.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 31 points 2 days ago (3 children)

Anyone who writes a spider that's going to inspect all the content out there is already going to have to have dealt with this, along with about a bazillion other kinds of oddball or bad data.

[–] [email protected] 1 points 13 hours ago

If you have billions of targets to scan, there's generally no need to handle each and every edge case. Just ignoring what you can't understand easily and jumping on to the next target is an absolutely viable strategy. You will never be able to process everything anyway.

Of course, it changes a bit if some of these targets actually make your bot crash. If it happens to often, you will want to harden your bot against it. Then again, if it just happens every now and then, it's still much easier to just restart and continue with the next target.

[–] [email protected] 6 points 1 day ago

That's the usual case with arms races: Unless you are yourself a major power, odds are you'll never be able to fully stand up to one (at least not on your own, but let's not stretch the metaphor too far). Often, the best you can do is to deterr other, minor powers and hope major ones never have a serious intent to bring you down.

In this specific case, the number of potential minor "attackers" and the hurdle for "attack" mKe it attractive to try to overwhelm the amateurs at least. You'll never get the pros, you just hope they don't bother you too much.

[–] [email protected] 26 points 1 day ago (1 children)

Competent ones, yes. Most developers aren't competent, scraper writers even less so.

[–] [email protected] 2 points 1 day ago

That's true. Scrapping is a gold mine for the people that don't know. I worked for a place which crawls the internet and beyond (fetches some internal dumps we pay for). There is no chance a zip bomb would crash the workers as there are strict timeouts and smell tests (even if a does it will crash an ECS task at worst and we will be alerted to fix that within a short time). We were as honest as it gets though, following GDPR, honoring the robots file, no spiders or scanners allowed, only home page to extract some insights.

I am aware of some big name EU non-software companies very interested in keeping an eye on some key things that are only possible with scraping.