tinyapps.org / blog

Change to downloads directory #

For the past several years, the downloads directory has been fenced off via basic access authentication due to legitimate sysadmin tools like Atomic Web Server and X-Pass being flagged as malware (a quick scan of the downloads directory shows that the false positives have only increased in the interim).

Kristof kindly wrote in with a compelling argument for encrypting the archives instead:
archive.org cannot archive your great site this way. I think it is so much worth preserving.

I suggest use zip password instead. Imagine this:

as it is now:

* 20 years from now, in 2034, a user finds the archive of your site and finds a great tiny tool with open source, all backed up on your site!
* the tool has no homepage as of 2014 anymore. your site is the only backup!
* web.archive.org cannot archive the page because of the http auth. the backup is NOT archived
* the user in 2034 is sad because this gem of history is lost

if you switch to a zip-password way:

* in 2014 user finds the archive of tinyapps.org at web.archive.org
* the tool has no homepage archived. it was down in 2005.
* (the archive of) your site has the only backup
* the user downloads the zip. archive.org could archive it automatically
* the user cannot open the zip because it is password protected
* the user finds the archived faq of your site, obtains the password
* the user in 2034 can still reach the glow of the great tiny tool!

TinyApps.Org is of such great value that I think it should really be preserved to further generations. For many tools this site is the only source now, because the original is already lost.

Best regards,
Kristof (Nacsa)
Convinced by this sound logic (and being rather weak on the side of flattery), basic access authentication has been removed from the downloads directory and all files therein have been encrypted and compressed using the 7z format; the password can be found in the FAQ. So long as this method is equally effective at keeping misguided virus scanners at bay, it seems to strike a better balance between access and appeasement.

(For the few who might be interested in how the change was made:
  1. Used the aforementioned PeaZip to batch convert and encrypt all existing files in /downloads
  2. Used the following regex to find all instances of href="/downloads/.exentsion"> and replace extension with 7z:
    Search: (href="/downloads/.*?)\..*?">
    Replace: \1.7z">
  3. Uploaded archives and HTML to server
  4. Disabled ngx_http_auth_basic_module in nginx.conf and reloaded (nginx -s reload))

/misc | Nov 29, 2014

Subscribe or visit the archives