diff options
| author | ache <ache@ache.one> | 2025-07-23 19:34:07 +0200 |
|---|---|---|
| committer | ache <ache@ache.one> | 2025-07-23 19:34:07 +0200 |
| commit | d09947512cf8dea9164cbd7b21fc7cb42a3f268d (patch) | |
| tree | b29c2b5726523618788c9e47cf5348d21c815169 | |
| parent | Fix various (diff) | |
Fix spacing
| -rw-r--r-- | notes/html_zip_bomb.md | 11 | ||||
| -rw-r--r-- | notes/zip_bombe_html.md | 2 |
2 files changed, 5 insertions, 8 deletions
diff --git a/notes/html_zip_bomb.md b/notes/html_zip_bomb.md index 17b78da..f06eda6 100644 --- a/notes/html_zip_bomb.md +++ b/notes/html_zip_bomb.md @@ -23,11 +23,11 @@ Today, I present a zip bomb [gzip and brotli that is valid HTML](/bomb.html). ## LLM Web Crawlers -The initial problem is the aggressiveness of LLM web crawlers that don't respect `robots.txt`. -The first idea that comes to mind is IP blocking. +The initial problem is the aggressiveness of LLM web crawlers that don't respect `robots.txt`. +The first idea that comes to mind is IP blocking. However, web crawlers have circumvented this restriction by using individual IPs via specialized botnets. -Another solution is therefore to exhaust the resources of the harvesters. +Another solution is therefore to exhaust the resources of the harvesters. With a zip bomb, we attempt to exhaust their RAM.[^pro] Weâre exploiting the asymmetry of the resources needed to serve the zip bomb versus those needed to detect it. @@ -49,12 +49,11 @@ So, I set myself the challenge of creating a valid HTML page containing a zip bo ## The HTML Zip Bomb -I had several ideas. +I had several ideas. First, since it's an HTML page, we start with the HTML5 doctype. - Then we try to fit the 10 MB of identical characters. -I first attempted to use [HTML classes, which can contain anything](https://shkspr.mobi/blog/2025/05/decorative-text-within-html/), but quickly the HTML comment solution seemed most practical. +I first attempted to use [HTML classes, which can contain anything](https://shkspr.mobi/blog/2025/05/decorative-text-within-html/), but quickly the HTML comment solution seemed most practical. So, I set up a small shell script (in [fish](https://fishshell.com/)) to create an HTML file with a 10 MB 'H' comment. ```bash diff --git a/notes/zip_bombe_html.md b/notes/zip_bombe_html.md index 8a69ef5..b928cf1 100644 --- a/notes/zip_bombe_html.md +++ b/notes/zip_bombe_html.md @@ -51,11 +51,9 @@ Donc je me suis posĂ© comme dĂ©fi de crĂ©er une page valide HTML qui contient un J'ai eu plusieurs idĂ©es. DĂ©jĂ , puisque c'est une page HTML, on commence avec le doctype HTML5. - Puis ensuite, on essaie de caser les 10 Mio de caractĂšres identiques. J'ai d'abord tentĂ© d'utiliser [les classes HTML qui peuvent contenir n'importe quoi](https://shkspr.mobi/blog/2025/05/decorative-text-within-html/), mais rapidement la solution du commentaire HTML m'a semblĂ© la plus pratique. - Alors j'ai mis en place un petit script shell (en [fish](https://fishshell.com/)) pour crĂ©er un fichier HTML avec un commentaire de 10 MiB de 'H'. ```bash |