MantisBT - Doomseeker
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003302Doomseeker[All Projects] Bugpublic2017-10-14 15:312017-10-14 22:10
ReporterEmpyre 
Assigned To 
PrioritynormalSeverityminorReproducibilitysometimes
StatusclosedResolutionunable to reproduce 
PlatformMicrosoftOSWindowsOS VersionXP/Vista/7
Product Version1.1 
Target VersionFixed in Version 
Summary0003302: Players are sometimes downloading zero-length files.
DescriptionTo be honest, I don't know if the problem is Doomseeker, DE, or allfearthesentinel.net. I have been seeing a lot of "Protected lump authentication failed." messages in my server console. I have been told that the downloaded file had zero size. As a player, I have had that problem, too, and I use Doomseeker, so that might rule out DE as the source of the problem.
Steps To ReproduceTry to connect to my server, either one, but Empyre's Little Server 2 gets the message more often. If you go to the website and download the files there, you will then have no trouble connecting.
Additional InformationBecause the problem might be on allfearthesentinel.net's side, I plan to make an account on their tracker and report the issue there, too.
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-10-14 15:31EmpyreNew Issue
2017-10-14 18:52WubTheCaptainNote Added: 0018559
2017-10-14 19:25WubTheCaptainNote Added: 0018560
2017-10-14 19:26WubTheCaptainNote Edited: 0018560bug_revision_view_page.php?bugnote_id=18560#r11146
2017-10-14 19:26WubTheCaptainNote Edited: 0018560bug_revision_view_page.php?bugnote_id=18560#r11147
2017-10-14 19:29WubTheCaptainNote Edited: 0018560bug_revision_view_page.php?bugnote_id=18560#r11148
2017-10-14 19:30WubTheCaptainStatusnew => acknowledged
2017-10-14 19:37WubTheCaptainNote Added: 0018561
2017-10-14 19:39WubTheCaptainNote Edited: 0018561bug_revision_view_page.php?bugnote_id=18561#r11150
2017-10-14 19:40WubTheCaptainNote Edited: 0018561bug_revision_view_page.php?bugnote_id=18561#r11151
2017-10-14 19:45WubTheCaptainPriorityhigh => normal
2017-10-14 19:52WubTheCaptainNote Added: 0018562
2017-10-14 19:52WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11153
2017-10-14 19:53WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11154
2017-10-14 19:54WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11155
2017-10-14 19:54WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11156
2017-10-14 19:58WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11157
2017-10-14 20:00WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11158
2017-10-14 20:00WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11159
2017-10-14 20:05WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11160
2017-10-14 20:06WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11161
2017-10-14 20:09WubTheCaptainNote Added: 0018563
2017-10-14 20:09WubTheCaptainSeveritymajor => minor
2017-10-14 20:14WubTheCaptainNote Edited: 0018562bug_revision_view_page.php?bugnote_id=18562#r11162
2017-10-14 20:15DrinkyBirdNote Added: 0018564
2017-10-14 20:15DrinkyBirdNote Edited: 0018564bug_revision_view_page.php?bugnote_id=18564#r11164
2017-10-14 20:21WubTheCaptainNote Added: 0018565
2017-10-14 20:25DrinkyBirdNote Added: 0018566
2017-10-14 20:25WubTheCaptainNote Edited: 0018565bug_revision_view_page.php?bugnote_id=18565#r11166
2017-10-14 20:26WubTheCaptainNote Edited: 0018565bug_revision_view_page.php?bugnote_id=18565#r11167
2017-10-14 20:37WubTheCaptainNote Added: 0018567
2017-10-14 20:39WubTheCaptainNote Edited: 0018567bug_revision_view_page.php?bugnote_id=18567#r11169
2017-10-14 20:57WubTheCaptainNote Edited: 0018567bug_revision_view_page.php?bugnote_id=18567#r11170
2017-10-14 20:58WubTheCaptainNote Edited: 0018567bug_revision_view_page.php?bugnote_id=18567#r11171
2017-10-14 21:05ZalewaNote Added: 0018568
2017-10-14 21:33WubTheCaptainNote Added: 0018569
2017-10-14 21:46WubTheCaptainNote Added: 0018570
2017-10-14 22:05WubTheCaptainNote Added: 0018571
2017-10-14 22:05WubTheCaptainStatusacknowledged => closed
2017-10-14 22:05WubTheCaptainResolutionopen => unable to reproduce
2017-10-14 22:10WubTheCaptainNote Added: 0018572

Notes
(0018559)
WubTheCaptain   
2017-10-14 18:52   
I can't reproduce this with 1.1 on Debian GNU/Linux, and without better instructions to reproduce I don't see it easy to reproduce this. I've not personally ever experienced the issue you're describing, but lump authentications failing to mismatching WADs not zero-length.

allfearthesentinel.net does create lots of redirects though, to subdomains and HTTP or HTTPS. Can't say if this is related or not.
(0018560)
WubTheCaptain   
2017-10-14 19:25   
(edited on: 2017-10-14 19:29)
I suspect there to be an user-error and a sysadmin error.

The server you mention has an URL to'http://static.allfearthesentinel.net/zandronum/wads/, [^]' which in turn is a redirect to HTTPS:

$ curl -I'http://static.allfearthesentinel.net/zandronum/wads/ [^]'
Date: Sat, 14 Oct 2017 19:21:13 GMT
Server: Apache/2.4.18 (Ubuntu)
Location:'https://static.allfearthesentinel.net/zandronum/wads/ [^]'
Content-Type: text/html; charset=iso-8859-1


When you try to access the HTTPS URL, it's a 404 Not Found in the URL:

$ curl -I'https://static.allfearthesentinel.net/zandronum/wads/ [^]'
HTTP/1.1 404 Not Found
Date: Sat, 14 Oct 2017 19:21:43 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1


Then, Doomseeker falls back to its built-in list. That is,'https://static.allfearthesentinel.net/wads/ [^]' in 1.1 which redirects to HTTPS. (This was changed to point directly to HTTPS in Doomseeker's Mercurial builds few weeks ago.)

$ curl -I'http://static.allfearthesentinel.net/wads/ [^]'
HTTP/1.1 301 Moved Permanently
Date: Sat, 14 Oct 2017 19:24:27 GMT
Server: Apache/2.4.18 (Ubuntu)
Location:'https://static.allfearthesentinel.net/wads/ [^]'
Content-Type: text/html; charset=iso-8859-1


$ curl -I'https://static.allfearthesentinel.net/wads/ [^]'
HTTP/1.1 200 OK
Date: Sat, 14 Oct 2017 19:24:09 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Type: text/html;charset=UTF-8


I would be inclined to close this ticket as invalid, but I'll leave that decision to Zalewa or Blzut3 if there's something Wadseeker doesn't do about zero-length files which I can't reproduce.

(Though irrelevant to the issue, notice the inconsistency of charset. We can't have nice things like a sane default UTF-8 charset.)
(0018561)
WubTheCaptain   
2017-10-14 19:37   
(edited on: 2017-10-14 19:40)
This AFTS server setup doesn't seem very sane anyway.

$ curl -I'https://static.allfearthesentinel.net/wads/00gsc98b.wad [^]'
HTTP/1.1 302 Found
Date: Sat, 14 Oct 2017 19:34:15 GMT
Server: Apache/2.4.18 (Ubuntu)
Location:'http://allfearthesentinel.net/zandronum/download.php?file=00gsc98b.wad [^]'
Content-Type: text/html; charset=iso-8859-1


I can't think of a good reason why a download wouldn't be served as a static file, but instead having to go through a PHP download script (parsing) and again creating more redirects or chances to man-in-the-middle attacks.

$ curl -I'http://allfearthesentinel.net/zandronum/download.php?file=00gsc98b.wad [^]'
HTTP/1.1 301 Moved Permanently
Date: Sat, 14 Oct 2017 19:36:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Location:'https://allfearthesentinel.net/zandronum/download.php?file=00gsc98b.wad [^]'
Content-Type: text/html; charset=iso-8859-1


Only after these hoops, you're given a file with appropriate Content-Length as you should. Though it took a while for the server to respond.

$ curl -I'https://allfearthesentinel.net/zandronum/download.php?file=00gsc98b.wad [^]'
HTTP/1.1 200 OK
Date: Sat, 14 Oct 2017 19:38:26 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: PHPSESSID=24q3lgqctbs7u19cuhlu1dcao3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Disposition: attachment; filename="00gsc98b.wad"
Content-Length: 14758510
Content-Type: application/octet-stream


Now again, I can't think of why you would need to store cookies for a PHP session for a static file download.

I would complain to AFTS operators first and look at the issue again after.
(0018562)
WubTheCaptain   
2017-10-14 19:52   
(edited on: 2017-10-14 20:14)
I counted 7 HTTP requests to start downloading a file from AFTS. With proper URL in the server or none at all, that would still be 5. A sanely configured server would likely have 0 or "1" redirects and at most two HTTP requests.

(More WTFs with AFTS: Different charset casing for a 404 Not Found download. Trivia: To be pedantic, the correct one is the uppercase UTF-8 registered with IANA! RFC 2231, RFC 3629, RFC 5987 emphasize this while RFC 2616 says it to be case-insensitive.)

$ curl -I'https://allfearthesentinel.net/zandronum/download.php?file=foo.wad [^]'
HTTP/1.1 404 Not Found
Date: Sat, 14 Oct 2017 19:50:26 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: PHPSESSID=k75eef08eji48fkf9eb7ul85b3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8


This 404 response is 0-bytes in length, of course. AFTS probably shouldn't do that, but they have this PHP script and server setup beyond sanity and any consistency. I'd really like to close this as invalid, but will leave that choice to Zalewa or Blzut3.
(0018563)
WubTheCaptain   
2017-10-14 20:09   
Oh, and finally: Because at first this only seems to affect a minority of (improperly configured) HTTP servers, I'm dropping the priority and severity down.
(0018564)
DrinkyBird   
2017-10-14 20:15   
WubTheCaptain: TSPG has it's own tracker at'https://thesentinel.allfearthesentinel.net/ [^]' where you should post those comments to.
(0018565)
WubTheCaptain   
2017-10-14 20:21   
(edited on: 2017-10-14 20:26)
I would at most send an email to webmaster@allfearthesentinel.net instead of a private tracker, but there's no guarantee that RFC 2142 address to be valid because Outlook MX of the domain accepts any email address for an SMTP message.

I have no time to waste for such things (which I find difficult to cooperate with). If original issue poster wants to, good: Thank you if you will.
(0018566)
DrinkyBird   
2017-10-14 20:25   
To clarify, the tracker isn't private, just kinda weirdly done: you need a TSPG account to use it.
(0018567)
WubTheCaptain   
2017-10-14 20:37   
(edited on: 2017-10-14 20:58)
Arguing here is pointless, but because I'm triggered I'll leave a note:

If (in example) your server is compromised or misbehaving on the Internet, I'm not going to register to your tracker to report the issue to you. I may not even fill an online form if you have one available. At most, I would send an email to your well-known RFC 2142 abuse@ address, or if that's invalid, the contact listed in WHOIS, and if that's also not responsive, your hosting provider if it's really necessary to reach the operator.

You may not agree with me, and that's fine. You don't have to agree with Internet standards. Even I don't agree with them sometimes. Ironically, I would prefer mailing lists over this tracker too. The point here is: You'll make it more difficult/time-consuming for both of us to cooperate when you don't.

(Am I supposed to insert a joke about "views are my own" here?)
(0018568)
Zalewa   
2017-10-14 21:05   
To be fair,'https://thesentinel.allfearthesentinel.net/login_page.php [^]' takes ages to load for me.
(0018569)
WubTheCaptain   
2017-10-14 21:33   
Ditto, but I only noticed to be experiencing this issue 5 minutes ago and not when I made my note.
(0018570)
WubTheCaptain   
2017-10-14 21:46   
I did notice an irregularity: Setting (or replacing)'https://static.allfearthesentinel.net/wads/%WADNAME% [^]' as a Wadseeker site and searching for a non-existent WAD (in this case doomseeker-bug-3302-test.wad) left Wadseeker with a failed download, progress bar running and size of 0 B. But no zero-byte file was created.

Repeat the same with'https://static.allfearthesentinel.net/wads/ [^]' and the download fails normally without running progress bar or reported download size.
(0018571)
WubTheCaptain   
2017-10-14 22:05   
Re-open with steps if you can reproduce. Hope AFTS fixes their HTTP server too.
(0018572)
WubTheCaptain   
2017-10-14 22:10   
One more note: If this is caused by/related to the "missing WADs, join anyway?" dialog that pops up sometimes while downloading WADs, that's also fixed: 0003268.