Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Csonicgo

Members
  • Content count

    5008
  • Joined

  • Last visited

About Csonicgo

  • Rank
    OPL Goddess

Recent Profile Visitors

6044 profile views

Single Status Update

See all updates by Csonicgo

  1. This is in blogs so little jerks can't find it as easily, but I still want the community's input on this. I've been reviewing maps lately, so consider this a blog entry.

    Now before I start this entry I'm sure you all know the little jerk known as "Terry" that uploads jokewads on /idgames from time to time. Most of them are immature, unplayable maps.

    A lot of people have asked who Terry was, and was simply told to ignore him, and he'll "go away". That's rapidly becoming impossible to do. Instead of labeling his maps as jokewads, Terry now uploads zip-bombs under a dozen alternate names. Let me explain what that is.

    A Zip bomb is a malicious compressed file that exploits compression techniques to compress a huge file of gibberish into a small size.

    A recent PWAD that does this is "Dementia". It can be downloaded here.

    This Zip is 4272 KB. Let's unzip that.

    See that huge number? that's over 500 Megabytes of uncompressed garbage.

    This isn't the worst offender. There was a previous wad (that has since been removed) that unzipped to a whopping 1 GIGABYTE in size. It was distributed as a WAD in a compressed PK3 file, which meant that ZDoom was loading the entire WAD into memory. While modern machines wouldn't find this an issue (just an annoyance), it still is a pretty dickish thing to do.

    I have no idea how this guy is getting under the radar. Surely there is some way to check these wads before they get into /idgames. But I'd call for a more radical solution: A check for this in source ports. since Eternity Engine now has ZIP support, this is now something I would like to brainstorm about. The issue is checking the entries of a WAD file without having to extract the whole blasted thing from a zip file, and from what I've read, that is close to impossible.

    1. Show previous comments  15 more
    2. myk

      myk

      According to README.INCOMING:

      code:
      Array
      But either Ty isn't doing that lately, or considers these WADs "unpack correctly". Probably the former, since he deletes those that are reported. What we should do is simply report them and encourage people to do the same. People finding these things and not even bothering to report them is just silly.

    3. Phobus

      Phobus

      He still checks accompanying text files to ensure they have an e-mail address at least, as I feel afoul of that one recently when uploading a community project :P

    4. Csonicgo

      Csonicgo

      myk said:

      According to README.INCOMING:

      code:
      Array
      But either Ty isn't doing that lately, or considers these WADs "unpack correctly". Probably the former, since he deletes those that are reported. What we should do is simply report them and encourage people to do the same. People finding these things and not even bothering to report them is just silly.


      given that he'd have to extract the PK3-bombs too (which is another layer of crap for which to take into account) it'd be pretty tedious.

      I think people are reporting it, but they constantly get reuploaded under new names, "authors" and methods of packing.

×