This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.
$ python3 -m zipfile -e overlap.zip .
Traceback (most recent call last):
...
__main__.BadZipFile: File name in directory 'B' and header b'A' differ.Yesterday I was crafting some puzzles for my girlfriends, and I was looking for letter-based ones where I a secret word would be revealed once solved.
With this same goal, I had already once worked on an open-source JS word search generator: https://lucas-c.github.io/wordfind/
(pour les francophones …
Over the past years, on software programming projects where my end users where developers (other than myself or my team), I have tried to follow the advice of this website : keepachangelog(.com)
A changelog is defined by Wikipedia as :
a log or record of all notable changes made to a …
An automatic system for rolling a polyhedral die and taking photos of the rolls; extracting the image of just the die from those images; clustering the images of the die by which face is shown; and analyzing the results.
Have you ever wondered what happens exactly when you run pip install? This post will give you a detailed overview of the steps involved in the past, and how it all changes with the adoption of PEP-517 and PEP-518.
Chalice , a Python Serverless Microframework developed by AWS, enables you to quickly spin up and deploy a working serverless app that scales up and down on its own as required using AWS Lambda.
I just added a favicon to this site, representing a glider of Conway's Game of Life.
This GIF was made with a Python script. The source code is on GitHub, and uses Zhao Liang's gifmaze.py.
Feel free to reuse the code to make you own favicons 😉
<style> article img { transform …</style>
the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare.
Source code. This one is also a PDF : SOURCE.PDF.ZIP.JPG
From: http://taint.org
Awesome trick ! And the source code is in Python
Almost a year ago, GitHub introduced security alerts. They are an awesome feature.
They function as notifications you receive whenever a vulnerability affecting one of your project dependencies.
But long after receiving a notification, how to list all security alerts affecting your repositories ?
I didn't found an out-of-the box solution …
A SaaS company like Dropbox needs to update our systems constantly, at all levels of the stack. When it comes time to tune some piece of infrastructure, roll out a new feature, or set up an A/B test, it’s important that we can make changes and have them hit production fast.
Stormcrow feature gates :
- Are rolled out to production within 10 minutes of being changed.
- Can be used across all Dropbox systems, from low-level infrastructure to product features on web, desktop or mobile.
- Provide advanced targeting capabilities, including the ability to segment users based on data in our analytics warehouse.
pyecharts is a wrapper around echarts, a library developped by Baidu [...] the gallery, it is quite impressive.
The Python wrapper used some technics such as modules to automatically converts Python code into Javascript:javascripthon.
Some time ago, I used the overblog platform in order to create a blog for a long trip in Ireland.
Despite being sometimes very slow, it was overall a good platform, very easy to grasp for beginners. The blog is now old and unused, but before destroying it I wanted …
A wordcloud/wordmesh generator that allows users to extract keywords from text, and create a simple and interpretable wordcloud.
Why word-mesh?
Most popular open-source wordcloud generators (word_cloud, d3-cloud, echarts-wordcloud) focus more on the aesthetics of the visualization than on effectively conveying textual features. word-mesh strikes a balance between the two and uses the various statistical, semantic and grammatical features of the text to inform visualization parameters.
Features:
- keyword extraction: In addition to 'word frequency' based extraction techniques, word-mesh supports graph based methods like textrank, sgrank and bestcoverage.
- word clustering: Words can be grouped together on the canvas based on their semantic similarity, co-occurence frequency, and other properties.
- keyword filtering: Extracted keywords can be filtered based on their pos tags or whether they are named entities.
- font colors and font sizes: These can be set based on the following criteria - word frequency, pos-tags, ranking algorithm score.
Isaac Asimov:
J’ai une théorie sur les salles de bain.
Quand vous avez un appartement avec 2 personnes et 2 salles de bains, tout le monde peut profiter des salles de bains, y faire ce qu’il veut, tout le temps qu’il veut, au moment qu’il veut. Et tout le monde peut croire dans “le droit à la salle de bain”. D’ailleurs, il est clair que ça devrait être écrit dans la constitution.
Quand vous avez 20 personnes dans l’appartement, même dans le cas improbable où tout le monde croit dans le droit à la salle de bain, et même si c’est écrit dans la constitution, une telle chose ne peut exister. Il faut instaurer des horaires. Des tours. Il faut frapper à la porte et dire “t’as bientôt fini ?”. Il y aura des meilleurs horaires pour certains, et des abus.
La démocratie ne peut pas survivre à la surpopulation. La dignité humaine ne peut pas survivre à la surpopulation. Le confort et la décence ne peuvent pas survivre la surpopulation. Plus on ajoute de personnes sur Terre, plus la valeur de la vie, non seulement diminue, mais disparaît. Cela n’a aucune importance si une personne meurt, plus il y a de gens, moins l’individu compte.
Je plussoie la philosophie finale:
En plus d’apprendre Python, qu’est-ce que je peux faire d’utile ?
Envisager de ne pas faire des enfants, voir d’en adopter. Ou au minimum arrêter de se comporter comme un extrémiste religieux qui fait la promotion du Dieu Procréation comme à peu prêt tout le monde actuellement. C’est grave.
Acheter moins. Réparer. Faire avec moins. Faire sans. Ne pas faire.
Ne pas avoir de voiture. Ne pas changer tous les jours de t-shirt. Ne pas acheter le dernier gadget.
Acheter d’occasion. Donner. Libérer de l’espace chez soi, et du temps dans sa vie.
Prendre le vélo. Marcher. Acheter local. Et moins.
Réfléchir, éteindre la télé, lire, parler à ses amis face à face.
Cuisiner. Manger (beaucoup) moins de viande.
On ne doit pas viser moins de croissance. On doit viser la décroissance.
Gagner moins d’argent, faire moins de choses. Avoir une économie qui ne soit pas basée sur le plus.
Vendre moins.
Ce n’est pas l’austérité. Ce n’est pas vivre comme un homme des cavernes. Ça ne veut pas dire vivre moins. C’est juste ne pas être un parasite suicidaire.
Yesterday I've stumbled upon a very surprising bug in some Python 2 code,
related to the use of the __del__ method in a vendor library we employ at work.
Here is some minimal code that reproduces the issue I met:
class MyClass:
def __init__(self):
raise RuntimeError('Woops')
def __del__ …- What it was / was'nt designed to do?
The key takeaway should be that type hints are designed to improve developer experience, not to influence how your script evaluates. It creates happy developers, not faster code!
- What kind of type system?
- Gotchas
- Tools
- Input injection
- Parsing XML
- Assert statements
- Timing attacks
- A polluted site-packages or import path
- Temporary files
- Using yaml.load
- Pickles
- Using the system Python runtime and not patching it
- Not patching your dependencies
Crows Crows Crows est un studio de jeu vidéo créé en 2015, à l'origine entre autres du jeu complètement déjanté Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist et le créateur du studio, William Pugh, est également un des auteurs de The Stanley Parable.
En 2016 …
When I migrated this blog to Pelican, I noted one thing that I missed from Ghost: tags autocompletion, to help reusing tags I already defined in other articles.
Because nowadays I mostly use Notepad++ or vim to write my blog posts,
I found out an easy solution that works for …
At work we have a component not yet migrated to Python 3, and we recently had some difficulties diagnosing a problem with the MySQL connector.
Because we were catching the mysql.connector.errors.Error and raising a custom exception,
we were loosing the underlying stacktrace and hence couldn't troubleshoot the …