Compression bombs that use the zip formatmust cope with the fact that DEFLATE,the compression algorithm most commonly supported by zip parsers,cannot achieve a compression ratio greater than 1032.For this reason, zip bombs typically rely on recursive decompression,nesting zip files within zip files to get an extra factor of 1032 with each layer.But the trick only works on implementations thatunzip recursively, and most do not.The best-known zip bomb,42.zip,expands to a formidable 4.5 PBif all six of its layers are recursively unzipped,but a trifling 0.6 MB at the top layer.Zip quines,like those of Ellingsenand Cox,which contain a copy of themselvesand thus expand infinitely if recursively unzipped,are likewise perfectly safe to unzip once.
The giant-steps feature only pays when you are not constrained by maximum output file size.In zblg.zip, we actually want to slow file growth as much as possibleso that the smallest file, containing the kernel, can be as large as possible.Using giant steps in zblg.zip actually decreases the compression ratio.
Given that the N filenames in the zip fileare generally not all of the same length,which way should we order them,shortest to longest or longest to shortest?A little reflection shows that it is better toput the longest names last, because those names are the most quoted.Ordering filenames longest lastadds over 900 MB of outputto zblg.zip,compared to ordering them longest first.It is a minor optimization, though,as those 900 MBcomprise only 0.0003%of the total output size.
Suppose we want a zip bomb that expands to4.5 PB,the same size that 42.zip recursively expands to.How big must the zip file be?Using binary search, we find that the smallestzip file whose unzipped size exceeds the unzipped size of 42.ziphas a zipped size of46 MB.
A version of this articleappeared at theUSENIX WOOT 2019workshop.The workshop talkvideo, slides, and transcriptare available.The source code of the paper is available.The artifactsprepared for submission are zipbomb-woot19.zip.
zblg.zip renamed to zblg.odt or zblg.docxwill cause LibreOffice tocreate and delete a number of 4 GB temporary filesas it attempts to determine the file format.It does eventually finish, and it deletesthe temporary files as it goes,so it's only a temporary DoS that doesn't fill up the disk.Caolán McNamara replied to my bug report.
Tavis Ormandy points outthat there are a number of "Timeout" results inthe VirusTotal for zblg.zip(screenshot 2019-07-06).AhnLab-V3, ClamAV, DrWeb, Endgame, F-Secure, GData, K7AntiVirus, K7GW, MaxSecure, McAfee, McAfee-GW-Edition, Panda, Qihoo-360, Sophos ML, VBA32.The results for zbsm.zip(screenshot 2019-07-06)are similar, though with a different set of timed-out engines:Baido, Bkav, ClamAV, CMC, DrWeb, Endgame, ESET-NOD32, F-Secure, GData, Kingsoft, McAfee-GW-Edition, NANO-Antivirus, Acronis.Interestingly, there are no timeouts inthe results for zbxl.zip;(screenshot 2019-07-06)perhaps this means that some antivirus doesn't support Zip64?
In ClamAV bug 12356,Hanno Böck reported that zblg.zip caused high CPU usagein clamscan.An initial patchto detect overlapping filesturned out to be incompletebecause it only checked adjacent pairs of files.(I personally mishandled this issueby posting details of a workaround on the bug tracker,instead of reporting it privately.)A later patchimposed a time limit on file analysis.
If image number is specified, 7-Zip works only with that image inside WIM archive.Other images will be not changed. By default 7-Zip doesn't show image number, if there is only one image in WIM archive, or if image number is specified. But if the switch "is" specified, 7-Zip shows image number.Examples7z a archive.zip *.jpg -mx0adds *.jpg files to archive.zip archive without compression.
Each of the files in atabs.zip, utabs.zip, and ltabs.zip begins with 1952:Q1 and ends with the most recently published quarter. The series in the supplemental tables (F.100.a and L.100.a)are in stabs.zip and contain annual data for 1988 through 1993. The debt growth file (gtabs.zip) contains data from 1953 forward; the data corresponds to tables D.1, D.2, and D.3 in the release. The balance sheet file (btabs.zip) contains quarterly data for 1952 through the last complete year published.The data files were compressed with PKZIP, version 2.04; the software to expand the files is available from PKWARE's Web site.Each file name contains the number of the table in that file. For example, the data for table F.117 (seasonally adjusted flows for life insurance companies) is in the file named atab117d.prn (the "d" identifies a DOS file).Retrieving Tables from Downloaded Zip FilesTo retrieve a table, enter the command pkunzip followed by (1) the name of the ".zip" file containing the compressed table and (2) the name of the table or tables desired.For example: To retrieve the seasonally adjusted annual flows of table F.117, enter the following command (assuming the .zip file is on your C drive): C:>pkunzip atabs.zip atab117d.prn To retrieve the unadjusted quarterly flows of tables F.100 and F.105, enter the following command: C:>pkunzip utabs.zip utab100d.prn utab105d.prn To retrieve all the levels tables, enter the following command: C:>pkunzip ltabs.zipExpanded files contain a column of dates to identify a time period (in quotes). The series code (in quotes) is at the top of each column of data. In some of the longer tables, a second set of data columns is continued under the first set.Flow of Funds codes have the following elements:a two-letter code (FA, FU, or FL), which identifies whether the series is a seasonally adjusted flow, an unadjusted flow, or a levela nine-digit code, which represents sector; type oftransaction; and type of adjustment, data source, or calculationa one-letter code, which indicates the frequency (.q or .a).For example, the code FA313161105.q identifies the quarterly seasonally adjusted flow (at an annual rate) for federal government Treasury issues, which is calculated from other series in the flow of funds accounts. The unadjusted flow for the same series is FU313161105.q, and the corresponding levels series--Treasury debt, in this case--is FL313161105.q.Instructions for Reading Data into Microsoft Excel or LotusMicrosoft ExcelClick on the "File" pulldown menu Select "Open" Use the resulting dialog box to find drive and file name (use "All Files" option in the window for "List of File Types") Click "OK" In the resulting dialog box "Text Import Wizard: Step 1 of 3" Original data type: Select "Delimited" Click "Next" In the resulting dialog box "Text Import Wizard: Step 2 of 3" Delimiter: Select "Space" (and de-select any other delimiter previously selected) Treat conservative delimiters as one: De-select Text qualifier: Select " (the double-quote character) Click "NEXT" In the resulting dialog box "Text Import Wizard: Step 3 of 3," click "FINISH"
A .zip file archive includes your application code and its dependencies. When you author functions using the Lambda console or a toolkit, Lambda automatically creates a .zip file archive of your code.You can upload a .zip file as your deployment package using the Lambda console, AWS Command Line Interface (AWS CLI), or to an Amazon Simple Storage Service (Amazon S3) bucket.
In the previous scenario we have used the Code.fromAsset(path) command to create the artifact at deploy time, but with the Code.fromAsset(path) command you can also point to an existing .zip file that contains the published lambda function.
One of the main pain points when deploying a lambda function using a .zip file is the build process of the .zip file itself. In the last 2 sections, we have seen 2 alternatives for building the artifact .zip file:
Here is a sample Maya.env file for V-Ray 5 for Maya 2020 on Windows, where the .zip installation has been extracted to D:\vray_builds\vray_51020_maya2020. Place the file in C:\Users\\Documents\maya\2020 or combine its contents with the already existing Maya.env that you will find there, in case the original file is not empty.
The [STDROOT] and [PLUGINS] tags in the script are normally replaced with their directories by the V-Ray installer, but when you are using a .zip installation, you need to replace them manually. The [STDROOT] tag needs to be replaced with the full path to the vray folder in the zip file. The [PLUGINS] tag need to be replaced with the full path to the maya_vray folder in the zip. The tags are located in the following files: 041b061a72