Zip bombs: Blown up out of proportion?

A Vice.com article has brought fresh publicity to an old trick. The so-called “Zip bomb” is a Zip file with a fantastically high compression ratio. Researcher David Fifield created a 46-megabyte file that expands into 45 petabytes. That’s a compression ratio of about a billion. Fifield’s own article provides a lot more technical information.

The article says such files are “so deeply compressed that they’re effectively malware.” That strikes me as a bit of an exaggeration. “Nuisanceware” seems more accurate, if there’s such a word. However, they could be used in a denial of service attack. They could crash a server or browser, and the work removing the expanded files could cause some downtime. A Zip bomb might be a setup for another attack, tying up system resources and distracting administrators.
Continue reading

The tape obsolescence problem

An ABC News Australia article calls attention to the problem of archives on magnetic tape. Author James Elton clearly knows something about digital preservation issues, as the article goes beyond the usual generalities and hand-wringing.

Tapes, on the other hand, can only be read by format-specific machines.

And dozens of formats of magnetic tape were created through the last century — one-inch, two-inch, various versions of Betamax.

Continue reading

Web archiving and languages

Web archiving is difficult. Few sites consist entirely of static, self-contained content. Most use JavaScript, often from external sites. Responsive pages are designed to look different in different environments. An archive needs to make a snapshot that reflects its appearance at a given point in time, but what exactly does that mean? Should an archive pick an appearance for one reasonable set of parameters, or should it try to keep the page’s dynamic nature? Will the fact that it’s an archive rather than an interactive browser affect what the server gives it?
Continue reading

Aside

JHOVE 1.22 is now available from OPF.

When ebooks die

Microsoft’s eBook Store is closing. According to the announcement, “starting July 2019 your ebooks will no longer be available to read, but you’ll get a full refund for all book purchases.” This shows a basic truth about DRM book purchases: you don’t actually own your copy. You can use it only as long as the provider supports it. It was honest of Microsoft to refund all “purchases,” but digital oblivion eventually awaits all DRM-protected materials.

Andy Ihnatko once told me that DRM is safe because “Amazon will be around forever.” It won’t. The fact that a company as big and stable as Microsoft is abandoning support for its DRM-protected products reminds us that all such products exist only as long as the provider has sufficient motivation and ability. It’s questionable whether Amazon’s protected ebooks from today will be readable in 2050, let alone “forever.”
Continue reading

HTML mail is a terrible idea — but at least please do it right

Originally email consisted just of text messages. They were straightforward to read. It was very hard to send malware in a convincing way, since the recipient would have to extract any malicious attachment and run it by hand. There was a hoax in 1994 warning of the alleged “Goodtimes virus”, which caused a lot of merriment among the computer-literate. The only “virus” was the hoax email itself, which the less computer-literate forwarded to all their friends.

Then came HTML mail, a huge advance in email insecurity. Now malicious URLs could hide behind links or even be opened automatically. It could include JavaScript to exploit client weaknesses and trick recipients. Today, almost everyone recognizes these advantages, and malware and phishing by email are multi-billion-dollar businesses.

Doing it right, or not doing it at all

Even so, there are good and bad ways to create HTML mail. Continue reading

JHOVE 1.22 Release Candidate 2

JHOVE 1.22 Release Candidate 2 is available today (April 2).

An issue which was noted but isn’t fixed in this release is the handling of the command line parameters. I don’t think that code has changed significantly since I worked on it. It’s so old that it was already there when I took over the project in 2005, so don’t blame me. :) Hopefully version 1.23 will have revamped command line handling using a modern code library.

JHOVE online hack week

Open Preservation Foundation has scheduled an online hack week for JHOVE. The focus for this one will be on development. Another hack week is planned for September, focusing on documentation. JHOVE just keeps going and going, and this is a chance for volunteer Java developers to reduce its issue list.
JHOVE logo

PDF/A-4

It looks as if I’ll have a little input into the upcoming PDF/A-4 standardization process; earlier this month I got an email from the 3D PDF Consortium inviting me to participate, and I responded affirmatively. While waiting for whatever happens next, I should figure out what PDF/A-4 is all about.

ISO has a placeholder for it, where it’s also called “PDF/A-NEXT.” There’s some substantive information on PDFlib. What’s interesting right at the start is that it will build on PDF/A-2, not PDF/A-3. A lot of people in the library and archiving communities thought A-3 jumped the shark when it allowed any kind of attachments without limitation. It’s impossible to establish a document’s archival suitability if it has opaque content.
Continue reading

Files that Last: 50% off!

Read an Ebook Week I’m participating in Smashwords’ “Read an Ebook Week Sale,” from March 3 to March 9, 2019. During that time, Files that Last will be available for 50% off! Don’t miss your chance to learn about “digital preservation for everygeek” at a low price.