Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
KingKull2112

idgames archive problem with google chrome

Recommended Posts

I've recently been having issues with Google Chrome downloading WADs from the idgames archive. At first, it was telling me the download was insecure and now it won't download anything at all. I'm still able to download through Firefox and both are on the latest version. It seems like possibly something in the https cert is messed up, but I'm not a web developer so I'm not entirely certain. Hope this can be easily fixed and it's not super widespread.

Share this post


Link to post
12 minutes ago, Dunn & Dunn said:

I had that problem trying to download something more recently. I had to right-click the download mirrors and open it in a new tab

I just tried it and nothing happens just a blank page. This needs to be fixed.

 

Share this post


Link to post

Guys you just need to select the 'keep this download' option. It's a chrome update being overly cautious. We can trust the IDGames archive, right?

 

Chrome has a habit of pushing for security. Remember the insecure site warning a year or so ago for http port 80 sites? Similar thing.

Share this post


Link to post

web browsers aren't the only things capable of downloading from a FTP server. Specialized FTP clients like Filezilla are still a thing if you need to download from a FTP server. Browsers are just canning it because it's not a common use for them anymore.

 

FTP itself is a bit of a dinosaur protocol, with the web increasingly pushing for "secure by default" and FTP offering no security features whatsoever. It's not really a huge deal for a little Doom archive, but with the overall support for it plummeting, that bridge will have to be crossed at some point.

Share this post


Link to post

There is also a REST API for the archive that you can program against, if you are so inclined. I like tinkering, so i built a basic browser for it using javascript and a PHP proxy a while back.

 

Point is, as @SaladBadger says, ftp via a browser isn't the only way to access ftp sites. Browsers only handle ftp as a convenience and you'd get more features with a dedicated ftp client. Filezilla is excellent and free, though the UI is quite dated.

 

Also, just like http vs https, There is 'sftp' or 'secure file transfer protocol' which uses end to end encryption - but the ftp server needs to support it of course, and I guess idgames currently doesn't. 

Share this post


Link to post
13 hours ago, KingKull2112 said:

It seems like possibly something in the https cert is messed up

gamers.org simply doesn't support HTTPS yet, so nothing is "messed up" as such.

 

8 hours ago, Dunn & Dunn said:

they're really cracking down on WAD files

The type of content has nothing to do with it, and they're zipped up anyway. As others have observed this is Chrome being finicky.

 

3 hours ago, paturn said:

Does this mean we won't be able to download from /idgames ever?

No need to panic. :) First, there are plenty mirrors including several with HTTPS support. Second, our server needs an OS upgrade one of these months anyway, after that I'll set up Let's Encrypt.

Share this post


Link to post

Bit of a bump here but I did notice a change in the idgames mirrors. I too have the same problem with the downloads as I usually take either the web or the FTP downloads, and neither work anymore (there's at least no warning message from Chrome). The SSL ones seem to be fine but not the FTP or web mirrors.

Share this post


Link to post
On 11/21/2020 at 9:39 AM, Xymph said:

Second, our server needs an OS upgrade one of these months anyway, after that I'll set up Let's Encrypt.

Okay, the OS upgrade was completed early this month. Diabolución jumped the gun last week before it was ready for prime time, but yesterday I finished the transition so Gamers.org is now on https.

Share this post


Link to post

I think the issue is that some of the legacy download mirrors don't use sftp (=secure FTP, encrypted like https). If you try to left-click on these in chrome, nothing happens because Chrome is blocking the insecure transfer. It looks like Chrome is completely blocking insecure FTP now - note the greyed out 'save link as' option on right click:

 

image.png.d9e38da5784c08ac53d9fbddeb4f768f.png

 

You can copy the link address and download with a CLI FTP client, or use Firefox location bar though.

 

It's just Chrome being too fucking nanny-ish.

Edited by smeghammer

Share this post


Link to post

Something there should still work though, at least I hope so.

 

On Edgium downloads still work fine.

Share this post


Link to post

Also - you can disable this feature in Chrome:

 

https://www.minitool.com/news/how-to-stop-chrome-from-blocking-downloads.html

 

As long as you are careful and know where/what you are downloading, doing this should be fine.

 

Usual care with .exe's and downloading from unknown sources etc. and you should be fine, and use a decent up-to-date AV (Avast is good and free)

 

tl/dr -

Spoiler

 

I fully understand why Google are doing this, and for most PC users it will not really affect them at all.

 

We are coming a cropper with this purely because the aging IDGames archive was, and still is, old-school plain FTP. A quick search revealed this:

 

https://softwarerecs.stackexchange.com/questions/39297/sftp-to-ftp-reverse-proxy

 

which might be of interest to the DW webmasters? - proxying might be an answer for the DW mirror here?

 

In any event, there are several workarounds you can do locally as I noted - you could go as far as using a VM in a firewall and quarantine the downloads pending AV/antimalware analysis if you are paranoid. But that may be a bit much...

 

 

Share this post


Link to post
50 minutes ago, smeghammer said:

use a decent up-to-date AV (Avast is good and free)

 

  Hide contents

 

 

 

Goodness, ono. No no no no no no.

 

Well I mean, there are way worse alternatives, such as McAfee (wtf) or Norton, but Avast (and by extension AVG, which is just Avast rebranded now) isn't great, plus:

 

a) comes with lots of ads and crap.

b) spyware. Avast purposefully leaves some executables behind after uninstall to still spy on users and the team was excited on their forums two years ago when users discovered this. Absolutely embarrassing for a professional product...

 

I suggest Malwarebytes, Bitdefender, Kaspersky, or even the default Defender if using W10 instead.

Share this post


Link to post

Idgames beta doesn't let you download stuff for some reason. You can click the download button, but it will never start at all.

Share this post


Link to post
57 minutes ago, seed said:

 

Goodness, ono. No no no no no no.

 

Well I mean, there are way worse alternatives, such as McAfee (wtf) or Norton, but Avast (and by extension AVG, which is just Avast rebranded now) isn't great, plus:

 

a) comes with lots of ads and crap.

b) spyware. Avast purposefully leaves some executables behind after uninstall to still spy on users and the team was excited on their forums two years ago when users discovered this. Absolutely embarrassing for a professional product...

 

I suggest Malwarebytes, Bitdefender, Kaspersky, or even the default Defender if using W10 instead.

 

Fair point. I never had a problem with it, though the last time I used it was about 2 years ago - I use Ubuntu now and haven't installed an AV at all on that. 

Share this post


Link to post
25 minutes ago, smeghammer said:

Fair point. I never had a problem with it, though the last time I used it was about 2 years ago - I use Ubuntu now and haven't installed an AV at all on that. 

 

Same, also two years ago. It got borked after an update for me, then I switched it, and learned some other things in the process. Never looked back.

Share this post


Link to post
2 hours ago, Diabolución said:

Could / would you implement an HSTS header ?

 

Doomworld has this, with no preload directive:

Strict-Transport-Security: "max-age=63072000; includeSubdomains"

I considered it, but there are no user accounts or other sensitive things on Gamers.org. It already gets an 'A' on SSL Labs, is it really that important for our site to get an A+ ?

Even on Blue's News (with user accounts but few privacy-sensitive details) I used a 6-month window btw, not two years.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×