back to article RIP FTP? File Transfer Protocol switched off by default in Chrome 80

Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP). While there has been somewhat of a kerfuffle around Chrome of late, the eagle-eyed will have noted that version 80, which debuted in the stable channel yesterday, has finally disabled the …

  1. chuckufarley Silver badge

    It's been way more than a decade...

    ...since I was last disappointed because I couldn't get a file via FTP. For than last "very many" years the closest I have come to using an FTP client is the rare use of ssh's sftp command and that is always to put something and never to get anything. So I don't think I would have even noticed if I hadn't read this article.

    1. Allan George Dyer
      Mushroom

      Re: It's been way more than a decade...

      It's been almost that long since I was last horrified that a business was still running an FTP server, and wanted me to use it ("just upload your docs by ftp and we'll get it published" - me: resist temptation to check on their other projects).

      icon: it's the only way to be sure.

      1. Dan 55 Silver badge

        Re: It's been way more than a decade...

        Not really FTP's fault, they should have set up a user just for you.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's been way more than a decade...

          Or a general account with write only, no list, read, modify etc.

          1. Charlie Clark Silver badge

            Re: It's been way more than a decade...

            As has been standard for incoming for years…

            1. Allan George Dyer

              Re: It's been way more than a decade...

              @Dan 55, AC, Charlie Clark - Yes, individual accounts or an anonymous upload account would have been a reasonable solution, back when ftp was relevant. The shared upload account with full read access switched my reaction from 'ftp, how quaint' to ** horror **. It's not the fault of the protocol, but it might be a warning of a lack of current technical skills.

      2. herman Silver badge

        Re: It's been way more than a decade...

        An FTP server can be very good for certain uses. If it is configured in a split mode for uploads to one directory and downloads from a different directory, then it is perfectly fine.

        In your example, if it only allows uploads, then it doesn't need any more access control, it 'Just Works' (TM) is zero maintenance and works with any computer with zero setup required.

        Some practical examples where anonymous FTP servers work perfectly are publishing houses and PCB manufacturers.

        1. Charlie Clark Silver badge

          Re: It's been way more than a decade...

          Exactly, just set up a project to do exactly this albeit with SFTP for the transport.

      3. Anonymous Coward
        Anonymous Coward

        Re: It's been way more than a decade...

        If you're horrified then you're clearly not aware that ftp clients are very useful for automation on the command line and ergo in a back end daemon process. Browsers? Not so much. And yes, you can substitute wget on HTTP sometimes , but not when javascript is involved , which it always bloody well is these days.

        1. This post has been deleted by its author

      4. Bruce Ordway

        Re: It's been way more than a decade...

        >>a business was still running an FTP server

        I also work with one company with FTP - where browser(s) routinely failed.

        My best transfers results have come via FileZilla.

        >> temptation to check on their other projects

        As far as I can tell, they've locked FTP folders pretty tight.

        It's to a point where I can't even see my own stuff, let alone others files.

        After transfers, I must email and ask for receipt confirmations.

        For a period, file corruption was common when transferring filet to them via FTP.

        Was actually faster to burn a CD and mail it.

        Never was able to identify the source of that problem - finally just "went away" one day.

        1. Charlie Clark Silver badge

          Re: It's been way more than a decade...

          Sounds like the company doesn't have a very good setup. FTP may be insecure but is otherwise a very reliable protocol with support for partial transmission and resumption, because at the time connections were generally flaky.

          That said, depending on the size of the data being transmitted, hard copies are still often faster.

        2. Robert Carnegie Silver badge

          Corruption?

          ftp has an "ascii" mode as well as "binary". Data is treated as text, and file line-breaks and end-of-file marks are swapped for the formatting codes of the destination file system. So, different on Apple, DOS/Windows, UNIX. Consulting Wikipedia, it appears that ASCII text is treated as converted to "8-bit ASCII" when sent, then converted again on the receiving system. "EBCDIC mode" and "local mode" are escribed sounding like equivalent to "binary" with no translation of data. Or is there an ASCII-EBCDIC conversion in there?

          So, yeah, that'll blip your zipfile.

    2. jake Silver badge

      Re: It's been way more than a decade...

      That's nice and all, but who made the gookids the arbiter of what protocol I am supposed to use? Some of us don't need, nor do we want, to be protected from ourselves.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's been way more than a decade...

        Indeed, when transferring media files to/from my old humax box, you had to use ftp; it was way too underpowered to cope with sftp/scp ... (well, unless you were really quite remarkably patient)

      2. joeW

        Re: It's been way more than a decade...

        I somehow doubt you're using Chrome for anything Jake, least of all as an FTP client ;)

        1. jake Silver badge

          Re: It's been way more than a decade...

          First they came for FTP in Chrome, and I did not speak out ...

          ... Because I was not using Chrome.

    3. Plest Silver badge
      Happy

      Re: It's been way more than a decade...

      You've obviously not ever worked in finance industry lately!

      There are way too many price vendor agencies that only deal in FTP service to provide, what I will grant is public price info, but it's still quite shocking. I've converted more of our client processes from SFTP to FTP in the last 12 months though, no doubt a consequence of GDPR but it's still pretty bad out there.

  2. steelpillow Silver badge

    Still in use, just

    Have to say I mostly only use FTP because I am too lazy to switch to SFTP. But a couple of websites I use still offer it as the only way to upload very large files. Let's hope this prods them into upgrading their secure upload.

  3. Karl Vegar

    No problem.

    For anything I'd like to collect from the wild web, I'd like something more secure then FTP myself.

    And for any more serious file transfer one could use FTP for, why use your browser, there are better clients around. (And they usually support SFTO, SCP in addition.)

    But I guess it will live on for a lot of local stuff.

    PXboot, Wyse config files and similar. And probably a load of IOT stuff that really should know better.

  4. IGnatius T Foobar !

    Google's rationale...

    "...because nobody EXCEPT US should be allowed to snoop your traffic!"

  5. This post has been deleted by its author

    1. ibmalone
      WTF?

      Wait, OneDrive lets you authenticate over FTP?

      1. ibmalone

        Having now looked into it a bit, Filezilla Pro, WinSCP and others will talk to OneDrive, but it's likely they're not using FTP to do so. WinSCP is using WebDAV (you'd hope over https). What Filezilla is using doesn't seem to be listed anywhere, but as it's a Filezilla Pro feature and requires selecting "OneDrive" as the protocol I'll guess it's not FTP. This is quite useful to know if you want a bulk transfer method.

  6. Elledan
    Coat

    Guess I'm a fossil, then

    The rationale for removing features like FTP support is usually 'nobody uses it any more' and 'it's a security risk because it's not encrypted'. That seems to go hand-in-hand with wanting to disable HTTP support and switching everyone to HTTPS.

    In the olden days, when Netscape 4.7x was still relevant, and the thought of tabbed browsers not a spark in anyone's imagination yet, encrypted comms was something you used when you had sensitive data to hide, like your shopping data and creditcard details, or your online banking sessions. Now it seems everything has to be encrypted, including those cat pictures you just downloaded after a friend sent you some links via (encrypted) email. Because imagine if someone read those things.

    Your boss would be at your desk in the morning, foaming at the mouth as they slam a stack of incriminating photographic evidence of those cat pictures on your desk.

    Let's ignore for a moment the irony that in those olden days everyone told you to never use your real name online or give anyone any personal details about you. Now we have Facebook, Twitter, et al. and the rush to spill as much of our personal lives on those sites including every detail about our offspring (who haven't consented, obviously). And Facebook et al. will never suffer an embarrassing data breach or bug that makes all 'private' data 'public'. Obviously.

    What good is end-to-end encryption, Mr. Anderson, if both ends are leaky like a sieve?

    Guess I'll be over in the ol' Greyboards corner, using my 'legacy' browsers, like Pale Moon, with its quaint 'plugins' and 'FTP' support.

    Obviously my jacket is the one with the 'senior citizen' card in the pocket.

    1. Julz

      Re: Guess I'm a fossil, then

      No, let's not ignore the the irony. What about it.

      Why do the same people who spaff all their personal details willy nilly across the interweb by using uncounted apps and antisocial media sites, get all holier than thou, about a perfectly fine protocol that does exactly what it says on the tin. No more, no less.

      I'll join you in the corner making informed choices about data and how it is handled.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why do the same people who spaff all their personal details willy nilly

        I think it's the fear of death.

        ...

        no, really, they desperately try to stay relevant, disruptive, innovative, at the cutting edge of yet another pointless "breakthrough". It shuts out this unpleasant thought that, at some point, and usually rather sooner than later, all this daily, hourly, momentary obsessive news checking and status updating, bustling and energizing and busying - stops.

        btw, despite slight disapproval at such childlike bahaviour, I get all that very well, I was like that. Once ;)

    2. This post has been deleted by its author

    3. The obvious

      Re: Guess I'm a fossil, then

      Google’s rationale is “can we virtually wipe every implementation off the planet?” or “can we harvest loads of juicy data to make a profit?”

      If both of those are “no” then in the bin it goes. If they manage the first, and the second is still “no” *then* they bin it...

    4. Squared
      Big Brother

      Re: Guess I'm a fossil, then

      I think you misunderstand the point of encrypted communications on today's Internet.

      The reason we went from "encrypt sensitive info" to "encrypt everything" is primarily because (most) encryption also provides authentication.

      The average user's threat model has changed from hackers pointing an antenna at their bedroom window to governmental surveillance & censorship, leaky and unsecure network endpoints at the nearest coffeeshop, and the occasional proxy rewriting news articles on the fly.

  7. Duncan Macdonald

    If FTP is disliked what about TFTP ??

    Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting.

    A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.

    1. Sandtitz Silver badge
      Meh

      Re: If FTP is disliked what about TFTP ??

      "Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting."

      What's TFTP got to do with Chrome or other web browsers?

      A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.

      While my web browser FTP usage is pretty low these days, I don't understand what Google gains here by removing the minuscule FTP code portion from the Chromium tree. FTP is a stable, well understood simple protocol. The code probably is quite free of errors and likely requires very little housekeeping between versions.

      Can I live without FTP on a browser? Probably.

      1. John Brown (no body) Silver badge

        Re: If FTP is disliked what about TFTP ??

        "While my web browser FTP usage is pretty low these days,"

        Like you, a number of people have said that. I was thinking the same. Then a thought struck me. If I click a download link, I rarely look and check HOW the file is being downloaded. For all I know, a sizeable chunk of my downloads might be FTP links. The browser doesn't pop up a windows stating that, nor does the file download windows appear different. Maybe I'll check a bit more carefully in future.

    2. Martin Gregorie

      Re: If FTP is disliked what about TFTP ??

      No need to bother with HTTP/S and other such if you're moving on from FTP because many of the better FTP clients also support SFTP - that's an SSH variant so is encrypted - as well as FTP.

      If you're lucky, your favourite FTP client is one of them - in my case that's gFTP and it handles SFTP just fine, though it calls it SSH2. Same goes for FileZilla.

      1. ibmalone

        Re: If FTP is disliked what about TFTP ??

        What I've always been slightly uneasy about with SFTP is it requires giving users a shell account, despite the initials it's quite a different beast to FTP.

        1. bombastic bob Silver badge
          Meh

          Re: If FTP is disliked what about TFTP ??

          correct - an anonymous FTP site that ONLY allows downloads is reasonably secure. SFTP, on the other hand, gives you access to the shell, and if you don't set it up properly you can basically expose a shell to anyone who uses it... might as well include ';ssh' 'scp' and 'rsync' with your server offerings, and if you can manage to lock THOSE down in a reliable and trustworthy manner, thumbs-up to you.

          But for an archival data site - anonymous read-only ftp works JUST fine!

          ["they" got rid of gopher in a similar manner - "they" forget that not ALL of us are windows-using content consumers]

    3. Sgt_Oddball

      Re: If FTP is disliked what about TFTP ??

      Ugh.... Had to use it for the first time to get some Cisco access points updated with new firmware.

      Admittedly it was a pretty painless process but completely unsecured. Thankfully it was via a console cable so I doubt anyone else would get away with buggering around with it since that requires standing on tables with proprietary rj45 to rs-232 to usb cables plugged into the AP and a terminal machine.. Usually muttering dark thoughts after it fails for the 5th time.

    4. Daniel von Asmuth
      Coat

      Re: If FTP is disliked what about TFTP ??

      TFTP is rare on the Internets.

      It's time for Google to disable those failed protocols HTTP and HTTPS.

  8. Grogan Silver badge

    Google started making noise about this some time ago, and it was then that I dropped all Chrome(ium) based browsers and went back to Mozilla Firefox.

    There are still FTP download links out there. Some driver downloads for Windows still use FTP at the back and, and there are plenty of times I click to download a tarball from ftp servers.

    FTP is a good protocol for downloading. For one example... it inserts control markers in the stream for reliably resuming transfers. Firefox has limited support for resuming http(s) transfers, if the download fails. If it stalls and you cancel, it's game over. Chrome? Not at all.

    Google doesn't get to control my Internet.

  9. Dave 32
    Coat

    Archie

    Won't someone think of archie?

    Oh, well, I suppose the gopher is dead, along with jughead and veronica. :-(

    Dave

    P.S. I'll get my coat. It's the one with the gray beard hairs on it.

    1. jake Silver badge

      Re: Archie

      Gopher & Veronica are alive and well. See gopher://gopher.floodgap.com/1/v2 [0]. You might need a browser that doesn't stifle your choice of protocols ... may I suggest Mosaic?

      Also, my Great Aunt is not quite done publishing her life's story in Gopher. When I started teaching her, it seemed like the easiest option for what she was trying to do. That was 27 years ago, when Auntie was a sprightly 77ish.

      [0] Sorry. ElReg, in it's infinite wisdom, won't let me make that a link.

  10. rcxb Silver badge

    I used FTP just yesterday. com.mbapp.ftpserver.apk (WiFi File Transfer for Android)

    How would YOU transfer half a gig of data to an (Android) Fire TV stick? Put it on a web server then try to type in a URL via on-screen keyboard and remote control in a rather limited web browser? Nope.

    There is SimpleSSHD (which includes "rsync), but the encryption overhead on Android (Arm CPU) devices sure slows transfers down.

    com.mbapp.ftpserver isn't riddled with ads, doesn't have file-size limitations, and doesn't require a modern web browser on either end. Just run the app on one end, and copy the files via the command-line FTP client on the other.

    1. doublelayer Silver badge

      That's a perfectly fine method of file transfer, but you have various other options that don't require uploading or long URLs. Here are a few:

      1. On a machine, put up a simple webserver pointed at a directory in which the file is placed. Type the IP address only, and click the link on the directory listing page.

      2. Use an SSH client to SCP the file over.

      3. Access a local network share if you run one.

      4. Use a Bluetooth file transfer system (in many cases, bandwidth is surprisingly good).

      5. Use a cable if supported. It would work well on Android phones or media servers I've used before, but I don't know if you have that option with the Android TV device.

      Basically, any of these should be equally fine because you trust the network and both devices. Therefore, go with whatever's easiest at the time. It's only when you are operating over a network where interception or modification of the data is a worry.

  11. Anonymous Coward
    Anonymous Coward

    "FTP doesn't encrypt its traffic"

    Nor HTTP, SMTP, IMAP, POP.... but all of them, including FTP - can run inside a TLS connection.

    I routinely use FTP over TLS to let download/upload stuff from my remote servers. Often, it's better than giving an SSH user to some people - with FTP they are more "sandboxed". And it's more practical than WebDAV, and the footprint and attack surface of a FTP server is usually smaller.

    Still, no need to use FTP from a browser but when forced to.

  12. rcxb Silver badge

    Active and Passive

    The low-level details of FTP are ridiculously complex. It opens a control channel on port 21, simple enough. But then when you want to transfer a file the server side makes a request to port 20 on the client... Which modern firewalls (or NAT) don't allow. So PASV mode was invented, which lets the client make a second connection to the server, but on a RANDOM PORT, so that makes it a nightmare to reasonably firewall the FTP server systems. Most firewalls get around this by running an FTP proxy right on the firewall, because there's just no other way... No other protocol in use today is so crazy and convoluted. The old rsh/rlogin/rcp commands/protocols are a good candidate, though, but almost extinct, where FTP keeps going.

    It's a shame nobody ever put together a command-line file transfer client for HTTP transfers. HTTP has got more error/status codes than FTP, supports uploads and downloads, authenticated and anonymous connections, etc. HTTP/1.0 was a perfectly simple protocol, too. Would love to have command-line file transfers over HTTP, without crufty old FTP design decisions.

    1. Dwarf

      Re: Active and Passive

      I take it you haven't heard about wget and curl then ?

      1. rcxb Silver badge

        Re: Active and Passive

        Do either of those have "dir" "mget" and "mput" commands?

    2. Anonymous Coward
      Anonymous Coward

      Re: Active and Passive

      "it's a shame nobody ever put together a command-line file transfer client for HTTP transfers"

      I assume you don't mean wget/fetch/curl, so what do you mean by that?

    3. bombastic bob Silver badge
      Linux

      Re: Active and Passive

      yeah, the NAT stuff was worked out like 2 decades ago via netfilter, and similarly in other OSs. it's not that hard, really, to alter TCP frames and their related ACK packets. Check out the ftp protocol NAT handler for netfilter some time. Really NOT that complicated, ya know? [unless some DWEEB rips the utility functions out of netfilter, because it's "old fashioned", which would probably send Linus into an explosive meltdown]

      And, as we all know, a YUGE number of NAT routers are running Linux, and NAT'ting with netfilter.

  13. J.G.Harston Silver badge

    Who on earth uses a *BROWSER* for file access to a server? That's the very point of FTP. *FILE* transfer.

    1. GruntyMcPugh

      @J.G.Hartson

      Eh? You for example, have a web site to advertise your cool offering, be it software, images, music, whatever, then, being a kind and gracious soul, you give these away for free,.... so, you put an ftp:// link to said merch in your html, so peeps can just click on it and get the goodies. Do you expect folks to have to follow instructions, like open a CMD window (oh, wait, what if they are on a Mac or Linux, you need more complex instructions) then tell them the ftp address, and folder, and GET command?

      Hmm, or they just click.

    2. Dan 55 Silver badge

      The idea was that URIs were just that, universal, and browsers understood URIs themselves or opened another another client passing all the parameters given in the URI so everything just worked.

      Now they're just a HTTPS client (and HTTP, but maybe that'll be next on the chopping block).

  14. Denarius Silver badge

    and in the office

    so often FTP is the only way files can be moved to the abomination (no flames please) of a mainframe where it is too hard for the admins to map a linux instance filesystem into a dataset so one can use scp/rsync/sftp. Zos probably does have a native ssh client now, but for decades, legacy systems which hang around long after Use By Date has passed, have to be integrated into the ruins of Open Systems. FTP meets that need. Aside from all that, it is faster for big files with lower overheads, That still matters given how little budget is given to maintaining hardware these days..

    1. jake Silver badge

      Re: and in the office

      One of my mainframes runs Linux.

  15. a_yank_lurker

    Usage

    I haven't used FTP for several years at least knowingly. But if I need to use it there is Filezilla.

  16. Chairman of the Bored

    Whippersnappers!

    UUCP. That was a real man's file transfer protocol. Store-and-forward message passing over dialup connections. Plus email and netnews in one go! Try that with this newfangled ftp stuff!

    Admittedly most people only experienced the joy of using these tools through uudecoding pictures of, er, kitties they downloaded from Usenet using rn in the late 80's

    I'm getting seriously old.

    1. Uncle Slacky Silver badge

      Re: Whippersnappers!

      UUCP! Pah! We used to dream of UUCP! Try remote system admin and sending uuencoded binaries via CU...

      1. Chairman of the Bored

        Re: Whippersnappers!

        @Slacky - remote automated management over cu? That's badass CLI work. Try that with a browser! Me? All I could get cu to do was keep a dialup line connected despite a flaky PBX.

        Involved cursing and lots of rtfm, but I'm a stronger man for it.

      2. Anonymous Coward
        Anonymous Coward

        Re: Whippersnappers!

        CU? bah. ITP PAD!

        1. jake Silver badge

          Re: Whippersnappers!

          It's not CU, it's cu. CaSe matters ... regardless, I always preferred tip for scriptability reasons (I forget why exactly) ... at least until minicom came along.

    2. jake Silver badge

      Re: Whippersnappers!

      UUCP is still in use in the back-ends for large email and USENET operations. I'll leave it as an exercise for the reader as to why.

    3. GruntyMcPugh

      Re: Whippersnappers!

      @Chairman of the Bored

      Ah, UUCP! before we 'Internet' access, I worked at a Polytechnic, and we had JANET so I had access to the HENSA software archive,... we could interactively browse for stuff, but then had to schedule a UUCP transfer to get the .zip. Then I had to go to the PC I wanted it on, and ftp it down from the VAX.

      Then I could explore the glorious craziness of the Mandelbrot set with 'Fractal Explorer'.

      1. Chairman of the Bored

        Re: Whippersnappers!

        My uni had some sort of multiple personality disorder going on: IBM mainframe + VAX + Sun. UUENCODE was my friend, along with the conv options in dd. I miss the VAX but at the time would not have minded if a small incendiary bomb took out the IBM

  17. Anonymous Coward
    Anonymous Coward

    FTP - I've heard of it

    That's a file transfer protocol that doesn't used uniquely identifiable tracking cookies - I wonder why Google wants to kill it ?

    1. Cynic_999

      Re: FTP - I've heard of it

      Also doesn't support pop-up ads

  18. RB_

    anon@penet.fi

    anon@penet.fi is all I need to say. A fond memory!

    Back in the day (early 90's) you must remember that grabbing files that may have been > 1 MB in size was a complete ass-pain, and with the bandwidth of a 14.4K modem you appreciated the efficacy of ftp over other emerging 'net protocols like http. The right tool for the job was critical back then. Ok things have moved on but there were good reasons for ftp.

    I can understand (google) getting rid of it from Chrome, just not the reasoning. It would be better to say that they can no longer realistically support something that, frankly, a developer under the age of 40 will not wish to touch even if you paid them well. Why would you ?

    1. jake Silver badge

      Re: anon@penet.fi

      That was anon.penet.fi ...

    2. Dan 55 Silver badge

      Re: anon@penet.fi

      It's a far cry from ftpmail gateways, jumpers for goalposts, isn't it? Mmmmm. Marvellous.

    3. JimC

      Re: anon@penet.fi

      Ah yes, the system that first brought the realisation to me that anonymity on the internet was going to be 1% legitimate and 99% abuse. And that the people running such things would have their heads so far up their metaphorical posteriors that they wouldn't give a flying **** about the abuse. And so it has turned out...

      1. Anonymous Coward
        Anonymous Coward

        Re: anon@penet.fi

        Ah! But there were some gems in that 1pct of non-crap anon.penet.fi users. In the early nineties there were a number of Usenet groups where survivors of abuse would congregate, discuss, support each other. Anon.penet.fi provided truly precious anonymity for people still in very vulnerable situations. I'm truly thankful.

        Then the spammers ruined everything. Pigs always eat the roses.

    4. bombastic bob Silver badge
      Flame

      Re: anon@penet.fi

      "an ARROGANT developer under the age of 40"

      fixed it for ya!

      <rant>

      There are PLENTY of the arrogant developers under 40 out there. They do things like changing the UI into something THEY *FEEL* (not think, not customer want) is "better", THEN cram it down everyone's throat and call it "modern". And don't forget the constant 'feature creep' in otherwise useful applications until they becomes unmanageable bloatware, etc.. And, like with FTP in Chrome, they REMOVE features they don't use (or understand) because they *FEEL* they should. Nevermind what CUSTOMERS (i.e. end-users) want! Or, NEED...

      </rant>

  19. herman Silver badge

    FTP is still important to Windows users

    Anonymous FTP is still one of the two network file protocols that Windows can handle by default.

  20. sum_of_squares

    Such a fuss..

    There's no need for FTP when there's SFTP.

    That said, there's no need to abandon FTP and not keep it for backwards compatibility reasons.

    1. bombastic bob Silver badge
      Meh

      Re: Such a fuss..

      "There's no need for FTP when there's SFTP."

      _WRONG_. SFTP doesn't work anonymously. The SFTP login allows shell access (more or less) as well as access to the ENTIRE file system, not just a pre-defined tree. It would be MUCH MORE difficult to secure and lock down SFTP than it would to simply allow "no uploads" anonymous FTP to access a specific tree and NOT the entire file system!

      If you upload, yes: sftp gives a LOT of control and security to the person uploading. It also gives him access to the ENTIRE machine's file system. That's not a very good thing, really....

      For uploads I like handling them as 'POST' transactions. There are a few scripts out there (Perl CGI or php, your choice) that let you set up a server to accept file posts. Then a human would have to review the files and do something with them, unless you WANT scammers to upload their crap to your anonymous FTP and then reference it via an alias within an ad or spammed e-mail - not to mention MALWARE and worse things.

      So - ftp is FINE for anonymous download ONLY. For anything else, take the time to set up sftp or use some OTHER method (like file POST via http).

      1. Grogan Silver badge

        Re: Such a fuss..

        Yep, it's a user login. It's basically a subsystem launched by sshd. If you give users a shell that allows them access to the whole machine (no jailing of any kind, relying solely on filesystem permissions), they will have the same access with SFTP that they do with a SSH shell. It's really not for public downloading.

        I've seen (stupid) clients that restrict access to files you own when making use of SSH2/SFTP protocols but if you can log in with that, you have shell access anyway.

        Also, it's not at all like FTP. More connection overhead and no control markers in stream for resuming transfers. It's not a replacement for FTP. I use the standard sftp client (I like it... takes wildcards and uses most shell conventions) to transfer files to/from servers but if anything happens you're starting over with that 8 Gb tar archive backup etc.

  21. Spanners
    Childcatcher

    Tried FTP in a browser - didn't like it.

    It was fiddly and awkward so I went back to using it from the command prompt.

    For the last few years, I haven't even needed to do that as it has quietly faded into obscurity...

    I suspect that the children here (IT workers under 30) wouldn't have a clue!

  22. Muscleguy

    Listen up youngsters

    Gather round kiddies and Uncle Muscleguy shall tell of life before the Web. It wasn't all just email (ListServe) or Usenet*. There was, at least on the Mac, FETCH an FTP browser. People would put stuff in FTP repositories. Picture files for prettifying your folders or icons, clip art and of course Free and Shareware games. I got a lot of games that way including the Exile series whcih became Avernum by SpiderWeb Software. I think I got my first desktop version of Angband by Fetch as well. The Mac version of course had an eager dog as the icon and telling it go Fetch would cause it to run. It was a simpler, more pixellated time.

    No Bobby the Planck length wasn't longer.

  23. Luiz Abdala
    Gimp

    GetRight STILL has a full FTP client.

    I have GetRight since the dial-up era.

    It has a full FTP client, where you can fill the e-mail and password you want, it recreates a folder structure for you to peruse, and you see the FTP command-lines wheezing by as you click on stuff you want to upload and download.

    Plus, as the original intent, it can download the same file from 4 or more places (or 4 chunks from the same throttled server), checks CRC on the file, and you still COULD send the file straight to an antivirus tool as you downloaded.

    And of course, batch jobs, downloading lots of files using few ports....

    Meanwhile, all FTP servers I see these days have a HTML mirror page reproducing the FTP structure... so... these worked on a NETSCAPE NAVIGATOR.

    But Chrome wants to force you to use Google Drive, so no.... [snip].

    I'm pretty sure you don't need Chrome to do FTP, plenty good clients out there...?

  24. STOP_FORTH Silver badge
    Trollface

    Use Firefox!

    I used to use Fireftp, don't know if it is still a thing. Perhaps one of you could find out and write a curt/dismissive reply?

    1. tiggity Silver badge

      Re: Use Firefox!

      That was one of many addins that was nobbled in newer firefox when it killed old style addins

      .. and fireftp cannot be rewritten in new addin model as needs low level stuff that is unavailable.

      So, use Filezilla or some other file transfer tool (or use a very old version of firefox)

  25. Allan@#$_&-+()

    I just upgraded to Chrome 80 on Linux and FTP still works without doing anything special at all.

  26. JDX Gold badge

    I like FTP

    But I am used to using a dedicated client for it. Just the other day people were complaining that modern browsers are distracted from BROWSING with WASM et al. Surely the browser was never really intended as a FTP client either? I mean it's handy but generally browser implementations are really lame.

    Right tool for the job.

  27. Mike 16

    What next?

    Are they going to drop support for BITNET?

    How will I move my virtual card decks to my friend's virtual card reader?

  28. dboyes

    Maybe these toads need to get beyond the Unix/Windows would and deal with the real world

    The Google folks don't get out much, do they? If you have to deal with non-Unix systems, ssh and sftp are not widely available, and it's not a trivial coding exercise. FTP has been mandated as part of the TCP client suite since the 1970s, and can be relied on to be present everywhere (you may not run it, but you can bet the business do).

    For Mike, NJE over TCP isn't that hard to implement. It works just fine, supports encryption, and is completely documented. Unlike ssh/scp/sftp. If you have to look at the source code of another implementation, it's not ready to be a proper Internet standard.

  29. gormful

    Not again.

    Heck, I'm still trying to get over the demise of Kermit.

    1. jake Silver badge

      Re: Not again.

      I used kermit just last week when dialing into a system with a dead Internet connection. It still worked just fine (and I fixed the Internet connection without having to drive all the way to Merced). It would appear that the reports of kermit's death have been greatly exaggerated.

  30. gnarlymarley

    You can still switch it back on via an option or command line flag (such as --enable-ftp) but, to be honest, why would you?

    The answer is simple.anonymous FTP where people can download without a username or password is where I would care about plain FTP. Now, I can use HTTP instead to do the same thing. There have been some strides to get SSL working with compression, but until it gets good enough, FTP will suffice. Now if you ask further, any file that someone uploads to me that should not be public, has been using SFTP for a few decades now. The main reason why I prefer the plain over the secure is proxy servers can cache the files. Under secure, I do not believe anything should be cached.

  31. ScissorHands
    Devil

    Time to go to ftp.opera.com and download the whole kit-and-kaboodle, since pretty soon you'll need Opera Presto to get to it...

  32. andyL71
  33. David Crowe

    I was working on a shared hosting system and tried to set up SFTP. I was told that they blocked it entirely on their system, because it gave users ssh access, which meant that it was much more than just being able to transfer more securely. So, for a lot of uses, FTP is still the only game in town.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like