User topics

Article topics

Log in Sign up

In a complete non-surprise, Mozilla hammers final nail in FTP's coffin by removing it from Firefox

Mozilla has finally expunged File Transfer Protocol (FTP) from the Firefox browser – an action already taken by other major browsers like Chrome and Edge, making Firefox 89.0 the last bastion of the protocol. The company explained yesterday that it will end FTP support in Firefox 90 as part of its drive to a browser that's all …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Wednesday 21st July 2021 11:16 GMT Antron Argaiv

fond ftp memories

In the early 90s, I worked at Data General. We engineers had just received Sun workstations, to use for schematic capture. No instruction, just dropped on our desks. We felt our way around SunOS, and discovered all the Unix tools, including nntp and ftp...and, for me, comp.os.minix. Because Unix was so much neater than Windows 3.1.

I spent a good bit of time downloading Linux floppy images of tsx-11.mit.edu and decwrl.dec.com. ftp was the way you did that sort of thing, pre-web. It was also how you got things like image and waveform manipulation tools, which you ftp'd off the author's host and compiled for your machine. No packages back then, and "open source" wasn't really a term people used. They just put the code up on their machines and you ftp'd it.

I used ftp recently to deliver design files to my PCB layout contractor. Still available on the Win10 command line...for that [almost] old-timey Unix feel...

22 0 Reply
1. Wednesday 21st July 2021 12:39 GMT Plest
  
  Re: fond ftp memories
  
  FTP is still useful for data that has not real value but without the (S) prefixed most sec bods will go ballistic if they find any FTP clients on the network. God forbid an FTP server or port 21 is found to still be open, "Nail 'em up!" the cry is heard!
  
  12 1 Reply
  1. Wednesday 21st July 2021 14:13 GMT NoneSuch
    
    Re: fond ftp memories
    
    No better protocol for ISO images.
    
    8 0 Reply
    1. Wednesday 21st July 2021 16:20 GMT Korev
      
      Re: fond ftp memories
      
      The funny thing is that Bittorrent is actually better as all the chunks are checksummed. Good luck trying to get the authorisation to actually do it though...
      
      8 0 Reply
      1. Thursday 22nd July 2021 01:27 GMT sev.monster
        
        Re: fond ftp memories
        
        It really is a shame that torrenting gets such a bad rap due to its decentralized nature allowing nasty nancies to go wild—same with any cryptocurrency no matter how beneficial. Just because miscreants misuse it doesn't mean everyone has to. I can't even use it on my home ISP without them complaining, no matter what the content of the torrent is.
        
        1 0 Reply
        
        Thursday 22nd July 2021 17:07 GMT Michael Wojcik
        
        Re: fond ftp memories
        
        Bittorrent actually makes a lot of sense within organizations, particularly if employees need to distribute a lot of large files to many recipients (such as pre-release product builds). Rather than everyone pounding on the same server or small cluster you can let employees peer-distribute. Better latency, better use of bandwidth, better resiliency.
        
        But few organizations seem to realize this. I suggested it years ago but most people here continue to use FTP (sigh)¹ or SMB (yuck) or Sharepoint (beyond yuck) for this sort of thing.
        
        We do have Filr (because it's our product), which IMO is one of the better versions of the Dropbox-style "HTTPS plus a native client if you must" approaches. But while it's pretty convenient and responsive – certainly far better than SMB – it doesn't have the peer-to-peer advantages of Bittorrent.
        
        ¹Don't get me wrong. FTP in passive mode has its uses, and it runs just fine over TLS, so this "FTP is plaintext!" panic is bullshit. FTP's use of separate data and control channels, for all the problems that causes, makes it maximally efficient for a single-server data-transfer mechanism while still being responsive to control flow. But many FTP holdouts don't bother running it over TLS, and the FTP haters have made it inconvenient for non-technical users.
        
        Fortunately Pale Moon still supports it. Firefox, Chrome, and Safari can just fuck off as far as I'm concerned. When I want a nanny I know where to find one.
        
        2 0 Reply
        
        Monday 26th July 2021 07:49 GMT sev.monster
        
        Re: fond ftp memories
        
        I hear you about SharePoint and SMB. Utterly terrible to administrate, and despite it being a Microsoft invention Windows always seems to have strange errors and hiccups when connecting to SMB shares. Of course, we're in it for the long haul now, no reason to even investigate alternatives. The higher ups want to use SharePoint for everything now, but we'll end up using both at the same time, likely with tons of needless duplicates and fragmentation.
        
        As much as I would like to use Palemoon, I still refuse to due to Moonchild's behavior. It's getting a bit long in the tooth and harder to maintain as well, so that surely doesn't help things.
        
        Can't seem to find a browser nowadays thst doesn't suck eggs through a garden hose.
        
        0 0 Reply
  2. Thursday 22nd July 2021 18:55 GMT martyn.hare
    
    FTP with IP restricted challenge/response, encrypted payloads, plus signed checksum files…
    
    There’s a lot that security bods could learn from choosing stable, well-tested software with simplified monitoring and debugging capabilities. FTP when correctly configured is still vastly safer to use than modern alternatives, complete with better performance and far less maintenance required for long term use.
    
    Separating out the mechanisms used to provide confidentiality, integrity and availability is a much better approach than the overly-complex quagmire we find ourselves with today. There’s just no two ways about it. Perfect is the enemy of good and all that…
    
    1 0 Reply
    1. Friday 23rd July 2021 11:27 GMT Charles 9
      
      Re: FTP with IP restricted challenge/response, encrypted payloads, plus signed checksum files…
      
      "Separating out the mechanisms used to provide confidentiality, integrity and availability is a much better approach than the overly-complex quagmire we find ourselves with today."
      
      NOT when you need the KISS Principle, especially when dealing with a Dave...and Daves outnumber us by at least an order of magnitude. And forget about requiring a license to use the Internet...
      
      0 0 Reply
2. Friday 23rd July 2021 11:12 GMT Dave559
  
  Re: fond ftp memories
  
  ftp.aminet.net FTW! [1]
  
  Or the name of your friendly convenient mirror: you got a good feeling for the geography of the net back then (and the sometimes non-obvious short domain names that many sites used), back in the good old days; src.doc.ic.ac.uk, ftp.uni-paderborn.de, ftp.sunsite.dk, ftp.wustl.edu, etc…
  
  It sort of did feel like you were playing the game Hacker, tunnelling all around the world to download the latest exciting new freeware or shareware programs (and mega-demos!)…
  
  [1] Of course, the aminet.net domain didn't actually originally exist way back then, as Aminet pre-dated the web, and it was the ftp sites that had all the info, and the mirror sites gained web front ends later on, so there still wasn't really a need for a canonical web presence…
  
  0 0 Reply
Wednesday 21st July 2021 11:25 GMT karlkarl

They have removed FTP before they implemented an SCP or SFTP replacement?

Should this not be logged as a bug report?

For my own software, I tend to implement replacements *before* I remove obsolete features. Does this not make sense to everyone?

26 3 Reply
1. Wednesday 21st July 2021 11:53 GMT katrinab
  
  scp and sftp are available on Windows.
  
  https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
  
  Alternatively, install Windows Subsystem for Linux and install your favourite linux distro on it.
  
  Debian and Ubuntu seem to be the most reliable on Windows from my testing. Of those, I prefer Debian.
  
  5 6 Reply
  1. Wednesday 21st July 2021 21:59 GMT Anonymous Coward
    
    Fine advice, but not relevant to the article or browser
    
    And yes, they should have added support for sftp/scp/ssh to the browsers decades ago. That they didn't isn't surprising to me. Neither would have made selling out their users to the likes of google, facebook, and twitter and more profitable so why bother. So now it's all http all the time.
    
    FTP only hung on as long as it did because lazy script kiddie web designers didn't know how to copy assets onto a webserver any other way.
    
    5 0 Reply
    1. Thursday 22nd July 2021 00:22 GMT doublelayer
      
      Re: Fine advice, but not relevant to the article or browser
      
      "And yes, they should have added support for sftp/scp/ssh to the browsers decades ago."
      
      Why should they do anything like that? SSH is a control protocol, which has very little to do with browsers. Why should a browser do the job of an SSH client when you can go get an SSH client? At least with FTP, the browser's job of downloading files is part of what FTP is for. Similarly, I don't think a browser should implement the uploading features of an SCP/FTP client, because that's not its purpose.
      
      A browser, to me, is a tool for getting files over certain protocols and displaying them to the user, and shouldn't try to do much more than that. Opinions vary on what documents a browser should display (run scripts in them, have a PDF viewer in them, etc), but I would hope that we don't also have to shove every other kind of program into that.
      
      4 0 Reply
      1. Thursday 22nd July 2021 01:29 GMT sev.monster
        
        Re: Fine advice, but not relevant to the article or browser
        
        Unfortunately for your worldview, the bog-standard web browser is no longer just something to "get files over certain protocols and [display] them to the user." It is a platform to which the entire rest of the system is exposed on, and whole applications are developed for. At this point the web browser is an abstraction layer to the rest of the system, utilized to make cross-platform applications.
        
        Not saying I like it, but that is the world we live in now.
        
        4 0 Reply
        
        Thursday 22nd July 2021 01:45 GMT doublelayer
        
        Re: Fine advice, but not relevant to the article or browser
        
        That is unfortunate, and as you probably already determined, I don't really like this. Even so, it doesn't change my original point. If the web browser is displaying a document which is effectively an application, then someone else can with great ease implement an SSH client that runs on it. There is still no reason for that to be integrated into the browser.
        
        3 0 Reply
        
        Monday 26th July 2021 07:42 GMT sev.monster
        
        Re: Fine advice, but not relevant to the article or browser
        
        I think his point was that FTP was so resilient despite being an aged protocol is because all major browser and system vendors supported it. If all major browsers had built-in SFTP support, I'm sure that would be much more common around the web, too. But with our luck, Google will bake their NaCl terminal emulator into Chrome, replete with coreutils, SSH, SCP, et al. They do so like to show it off. If I recall it's already built into Chromebooks(?)
        
        (Of course, if I had my way the web browser would be for nothing other than that, and everything else would be its own interoperable but entirely seperate application. I understand cross-platform applications are a pain without some kind of common base, but HTML/CSS/JS are certainly not the first choice I would make if I were given the chance to do it from the ground up. Nor would they be very high up the list.)
        
        0 0 Reply
    2. Thursday 22nd July 2021 01:28 GMT Bitbeisser
      
      Re: Fine advice, but not relevant to the article or browser
      
      Hey, they ditch FTP and such so they can better snoop on those people that are stupid enough to use a web browser for their email...
      
      1 3 Reply
2. Wednesday 21st July 2021 12:11 GMT Peter2
  
  Be honest; did you actually use FTP in a web browser?
  
  Web browser clients only offered the ability to download; for uploading even windows explorer was a better solution than offered by any of the web browsers.
  
  Which is a moot point, given that everybody used Filezilla for FTP sites because it was the best tool for the job.
  
  14 3 Reply
  1. Wednesday 21st July 2021 12:24 GMT karlkarl
    
    The classic one that I used from browser was ftp.idsoftware.com
    
    It was a good experience. Being able to download from a plain list of files without Javascript, adverts and other nonsense.
    
    17 0 Reply
  2. Wednesday 21st July 2021 12:49 GMT The Unexpected Bill
    
    Using FTP in a browser
    
    Yes, I absolutely still do, or at least I did until Fx 90 landed. (In fact, I pref'd it back on in Firefox 88 and 89.) Adobe in particular still maintains an FTP site with patches and other updates for software new and old. HP's FTP site is also still running, and quite handy for products they have "forgotten" about, or at least it is when they haven't helpfully purged the files from there as well.
    
    It won't be as convenient to use a standalone FTP program for quick downloads like this.
    
    14 0 Reply
    1. Wednesday 21st July 2021 23:33 GMT Yes Me
      
      Re: Using FTP in a browser
      
      But why haven't you disabled FF updates? It's not hard. (This message brought to you via Firefox 71.0.)
      
      4 3 Reply
      1. Thursday 22nd July 2021 01:34 GMT sev.monster
        
        Re: Using FTP in a browser
        
        Because people like the new shinies, including webdev monkeys that require the latest and greatest new JS features to power their incredibly streamlined and fancy Angulareact Vuenode Gruntygulp 10.3b—now requiring only 12GB of memory to function, a 10% decrease from the alpha.
        
        Oh, you want to log in to your Internet banking? Sorry, we require the latest Firefox Nightly or Chrome Canary build to use some silly function that could be backported with a single line of Mochacoffeescriptachino, but our web framework doesn't support it so we can't. Oh also, your browser must support and allow us to use your camera for our cheque scanner, and the site will mysteriously break should it not be allowed to do so.
        
        6 2 Reply
  3. Wednesday 21st July 2021 13:03 GMT ChrisC
    
    *Did* I? Yes, countless times over the years where firing up a full-fat FTP client would have been overkill.
    
    *Do* I still? On occasion, when dealing with firmware/driver updates for certain bits of hardware where the manufacturer hasn't felt the need to spend/waste any time on providing a HTML front end to their download folder, and just points you in the direction of the relevant location on their FTP site instead...
    
    10 0 Reply
    1. Wednesday 21st July 2021 16:05 GMT Charlie Clark
      
      But the problem for downloads, especially drivers, is that without encryption they're subject to MitM attacks…
      
      2 7 Reply
      1. Thursday 22nd July 2021 00:54 GMT Richard 12
        
        True
        
        But one checks the hashes post download, which would detect such shenanigans, and thus try again.
        
        A miscreant can of course easily see what you downloaded, but I can't say I'm worried about that for FTP.
        
        4 0 Reply
        
        Thursday 22nd July 2021 01:50 GMT doublelayer
        
        Re: True
        
        If you have a particularly determined MITM attacker, they'll check whether you read the hashes of the file you're downloading and switch them for the hashes of the file they're sending. I admit that's not a very likely event, but if they're already prepared to modify your download, that is a way to bypass your hash check.
        
        A larger risk is people who don't know to check for integrity or who are lazy enough that they don't, in which case there could be a security risk. Not in my opinion a strong one, but strong enough that I'll give users an encrypted method to download things.
        
        1 0 Reply
        
        Thursday 22nd July 2021 13:24 GMT Charlie Clark
        
        Re: True
        
        Where or how does FTP implement hash checking? I download loads of stuff for which there is no hash present. Fortunately, I know my software distribution system does use hash-checking.
        
        And, again, this is still not an argument against using TLS
        
        0 0 Reply
    2. Wednesday 21st July 2021 18:55 GMT foxyshadis
      
      There is no possible way that any "full fat" FTP could be more than a rounding error against a web browser today. The fattest I can think of is Filezilla, and that pops open and starts downloading in half a second, let alone lighter ones like WinSCP or ye olde WS-FTP, or on Linux the window manager's default browser.
      
      3 0 Reply
      1. Thursday 22nd July 2021 14:28 GMT ChrisC
        
        You're making the fatal assumption that I was starting off from a clean slate with neither browser nor FTP client already open...
        
        In reality, the likelihood of me already having at least one browser open is high, whilst the likelihood of me already having a FTP client open is somewhere approximating zero. In such a scenario, no matter how little effort would be required to open said client, it's still infinitely greater than the effort that wouldn't be required to open the browser that's already open and waiting to be used. Thus, overkill.
        
        0 1 Reply
  4. Wednesday 21st July 2021 16:23 GMT Korev
    
    > Be honest; did you actually use FTP in a web browser?
    
    Yes, a lot of scientific datasets are available using FTP, and it was more convenient to look at the directories in a browser than firing up an FTP client. If downloading more than a couple of files then I'd usually find the path in a browser and then automate with LFTP though.
    
    12 0 Reply
  5. Thursday 22nd July 2021 14:43 GMT oiseau
    
    ... did you actually use FTP in a web browser?
    
    Never.
    
    Many (many) years ago, when I was on the Windows side of office/desktop users, I used WS_FTP by Ipswitch.
    
    They had a freeware version for the likes of me, good software that worked beautifully well.
    
    O.
    
    0 0 Reply
  6. Thursday 22nd July 2021 16:00 GMT tiggity
    
    I used FTP in Firefox, until they broke add ons by going the chrome model, I occasionally used FireFTP addon as very nice browser addon tool for FTP upload when required.
    
    A lot of places still use FTP internally & you would be surprised how many companies still expect you to get / send data via FTP rather than via API calls in their "integration" of data between systems.
    
    ... I can even remember way back when some third party card payment / authorization systems used FTP as the interface ... there's a bit of scary for you!
    
    1 0 Reply
  7. Thursday 22nd July 2021 17:09 GMT Michael Wojcik
    
    Yes, and I still do, because I use Pale Moon, not one of the crippled "major" browsers.
    
    And when I need more functionality than LIST and GET, I use a command-line FTP client. Filezilla is fine for point-and-drool fans; I don't have time for that nonsense.
    
    0 1 Reply
3. Wednesday 21st July 2021 12:58 GMT Flocke Kroes
  
  Personal opinion
  
  I use scp and sftp when I want a secure file transfer. Using those protocols through a browser defeats the purpose. Likewise normal ftp is a sufficient security disaster that I would only consider it on an air-gapped network. Putting a cloud in the middle is as daft as requiring javascript for internet banking.
  
  4 1 Reply
  1. Friday 23rd July 2021 11:43 GMT Dave559
    
    Re: Personal opinion
    
    What's your objection to using sftp through a web browser?
    
    It sounds like nothing that sensible modular design would have any problems with.
    
    I don't use it any more, but, if I recall, because of such modular design, the Konqueror web browser could deal with sftp: URIs perfectly happily since a long time ago, and most Linux file managers also have similar features (insert obligatory grumble about how it's really a bit shit that the MacOS Finder can handle the alien smb: but not the native sftp:).
    
    At the very least, any half-decent web browser should pass-through an sftp: URI to your preferred file manager (or sftp client) if it doesn't know anything more about what to do with it.
    
    1 0 Reply
    1. Friday 23rd July 2021 13:48 GMT Charles 9
      
      Re: Personal opinion
      
      Running a protocol handler to an external program isn't the issue. Firefox still supports these so can pass them along to WinSCP or whatever. The debate was whether or not to handle the protocol internally like in the bad old days.
      
      0 0 Reply
4. Wednesday 21st July 2021 12:58 GMT Charlie Clark
  
  https is the replacement. At least as far as browsers go. Can't remember the last time I fired up a pure ftp session simply to download something. For the rest, Mozilla did go into considerable detail when they made the announcement.
  
  2 4 Reply
  1. Wednesday 21st July 2021 22:47 GMT A.P. Veening
    
    Can't remember the last time I fired up a pure ftp session simply to download something.
    
    I can still remember the time I fired up a pure command line FTP session on an AS/400 to upload something (from production), the automated FTP-tool had failed (again) in the night job.
    
    0 0 Reply
5. Thursday 22nd July 2021 20:54 GMT Colin Miller
  
  WinSCP
  
  WinSCP ( https://winscp.net/eng/index.php ) is a good tool for scp and ftp, on Windows
  
  It has two explorer-like panes, the left local and the right remote. You can also drank from the right into another explorer and vice-versa
  
  0 0 Reply
Wednesday 21st July 2021 12:00 GMT Forget It

Winscp is your friend

https://winscp.net/eng/download.php

8 0 Reply
1. Wednesday 21st July 2021 12:02 GMT Charles Calthrop
  
  Re: Winscp is your friend
  
  Yes, I greatly prefer winscp to filezilla.
  
  Ah, the joys of the mid90s, finding ftp sites full of mp3s.
  
  9 0 Reply
2. Wednesday 21st July 2021 12:41 GMT Plest
  
  Re: Winscp is your friend
  
  That WinSCP library has been so useful, lock it into PowerShell scripts and you have some very usable and flexible features for automating stuff.
  
  The guy who develops WinSCP is one of the true unsung heroes of modern IT!
  
  12 0 Reply
  1. Thursday 22nd July 2021 13:17 GMT phuzz
    
    Re: Winscp is your friend
    
    Doesn't Powershell have SCP built in already?
    
    I checked, and yup, OpenSSH (including SCP) has been part of PowerShell since the Autumn 2018 update.
    
    No diss to WinSCP though, I use it all the time, it's great.
    
    2 0 Reply
3. Wednesday 21st July 2021 18:46 GMT Anonymous Coward
  
  Re: Winscp is your friend
  
  I use winscp for FTP to upload homebrew to consoles. All on my local network and the server is started as needed.
  
  It's been a very long time since I used FTP for anything else, although I used it all the time in the innocent days of the 1990s internet.
  
  2 0 Reply
4. Thursday 22nd July 2021 07:13 GMT ecofeco
  
  Re: Winscp is your friend
  
  Thanks! Downloaded.
  
  Looks perfect.
  
  0 0 Reply
Wednesday 21st July 2021 12:03 GMT TeeCee

Root cause.

One might be driven to ask WTF it was doing in a bloody browser in the first place!

Oh yes: "Oooo. Lusers lurve this tool. I know, we'll build it into our browser and they'll use that rather than XYZ browser, 'cos they're lazy bastards who hate using the right tool for the job if it takes an extra two seconds.".

See also: Adjustable spanner / swiss army knife.

References: Bloatware. Attack surface.

5 18 Reply
1. Wednesday 21st July 2021 12:14 GMT IGotOut
  
  Re: Root cause.
  
  Yes because browsing a site then clicking a link is such a luser (how old are you?) thing to do. It is so stupid compared to browsing the site, right clicking and copying the link to get the address, opening up ftp client, setting all the required permissions and then downloading.
  
  How's the crank handle on your car?
  
  22 1 Reply
  1. Wednesday 21st July 2021 13:01 GMT Flocke Kroes
    
    Re: Root cause.
    
    The crank handle on my ftp client could get shell globs, recursively fetch directories and continue a download that had been interrupted. Some of these features may be available on modern vehicles with built in starter motors but I am sure the user interface changes with the moon. For anything non-trivial I still use wget or curl.
    
    Don't be too proud of this technological terror that has been created for you. You can still suffer the death of a thousand mouse clicks.
    
    10 1 Reply
2. Wednesday 21st July 2021 13:38 GMT rg287
  
  Re: Root cause.
  
  Zawinski's Law
  
  Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.
  
  More seriously, in the case of Firefox it came from Netscape, which was an "Internet suite" that included email, FTP, browsing, even support for Gopher. It was an era when ISPs used to give people email and free web-hosting with their internet.
  
  It was useful back then.
  
  Zawinski also said (in 1998!):
  
  We're at the beginning of an industry, and this could all turn into television again. It could be controlled by a small number of companies who decide what we see and hear. And there's a lot of precedent for that.
  
  Probably not a difficult prediction, but accurate nonetheless. Though if he'd tried to pick winners, he'd have got it wrong because at least two of them didn't exist yet.
  
  17 0 Reply
  1. Thursday 22nd July 2021 07:15 GMT ecofeco
    
    Re: Root cause.
    
    Netscape also had Composer, which I built my first websites with!
    
    And Newsgroups which I used to access usenet
    
    3 0 Reply
3. Wednesday 21st July 2021 23:36 GMT Yes Me
  
  Re: Root cause.
  
  "One might be driven to ask WTF it was doing in a bloody browser in the first place!"
  
  Because Tim Berners-Lee put it there, because in 1993 it would have been unthinkable not to support FTP, because that was where all the data was.
  
  7 1 Reply
Wednesday 21st July 2021 12:18 GMT Trigun

Not used FTP for well over a decade, mostly due to securiuty concerns. I tend to use winscp - usually over a VPN as well (depending on what I've transferring and to where).

2 2 Reply
Wednesday 21st July 2021 12:30 GMT heyrick

but there's always someone wanting to stick with legacy systems.

When you have some older machines running in their own little world, a simple protocol like FTP is useful for shifting files around.

12 0 Reply
1. Wednesday 21st July 2021 13:55 GMT Version 1.0
  
  Re: but there's always someone wanting to stick with legacy systems.
  
  I think that Kermit was better - I used it all the time about 40 years ago. The nice thing about Kermit and FTP was that they made it easy to move files between different operating environments.
  
  7 0 Reply
  1. Thursday 22nd July 2021 12:15 GMT Lil Endian
    
    Kermit!
    
    Wow! Memory lane!
    
    I can remember bodging serial cables from multiple lengths of speaker wire to transfer between machines :)
    
    Cheers!
    
    2 0 Reply
2. Wednesday 21st July 2021 14:45 GMT Charles 9
  
  Re: but there's always someone wanting to stick with legacy systems.
  
  Then SFTP would be the alternative, especially since Secure Shell is now the preferred remote login method, and SFTP uses Secure Shell as the wrapper. Meaning if you ssh onto your server, then you should be able to sftp onto it just as easily.
  
  3 0 Reply
  1. Thursday 22nd July 2021 08:23 GMT Anonymous Coward
    
    Re: but there's always someone wanting to stick with legacy systems.
    
    That's the issue. With SFTP you also give access to a shell on the system, unless other configurations are made to avoid it.
    
    With FTP you can give file access only, to specific directories. And you can still encrypt the traffic with TLS.
    
    0 0 Reply
Wednesday 21st July 2021 12:58 GMT steelpillow

Cleanliness is next to godliness

I can appreciate removing FTP from what is essentially an HTTPS client. Let's do one thing and do it well.

But I know at least one book publishing site which limits large HTTPS uploads and requires that your 1,000 page illustrated wannabee blockbuster be uploaded via FTP/SFTP. And there are all those other places where a robust connection is more important than speed.

Long live SFTP.

7 0 Reply
1. Thursday 22nd July 2021 00:26 GMT doublelayer
  
  Re: Cleanliness is next to godliness
  
  I don't think it ever supported uploads over FTP. I think that was just for downloading files or browsing the directory tree. FTP clients exist for that purpose, and they'll probably do it better than a browser does.
  
  0 0 Reply
Wednesday 21st July 2021 13:21 GMT Anonymous South African Coward

Still using plain-vanilla FTP for telemetry.

Will have to upgrade it to SFTP eventually.

4 0 Reply
1. Thursday 22nd July 2021 16:47 GMT Crypto Monad
  
  Also remember that SFTP and FTPS both exist, and are two completely different things.
  
  (One is a subsystem of SSH. The other is the regular FTP protocol, over TLS)
  
  1 0 Reply
Wednesday 21st July 2021 13:22 GMT tapanit

Firefox was not quite the last bastion to support ftp: Konqueror still does. (Just tried it in Kubuntu 20.04.)

4 0 Reply
Wednesday 21st July 2021 14:31 GMT Anonymous Coward

FTP and Firefox

I had to grit my teeth yesterday when I was forced to use M$ Internet Explorer to access an ftp site after Firefox refused.

3 1 Reply
1. Wednesday 21st July 2021 16:06 GMT Charlie Clark
  
  Re: FTP and Firefox
  
  But where I need FTP, I use a fully featured FTP client and preferably one that defaults to SFTP. FTP in the browsers comes from the days when http couldn't be relied upon for sustained connections such as downloads but that hasn't been the case for over a decade.
  
  3 0 Reply
Wednesday 21st July 2021 16:23 GMT steelpillow

Really?

From the headline hype, you'd think Filezilla is being purged too.

3 0 Reply
Wednesday 21st July 2021 20:24 GMT Mike Lewis

My memory of FTP

I once rewrote 2,650 lnes of C as a seven line shell script.

The previous programming team had written a data transfer program with its own implementation of FTP. I just used the one that was already on the UNIX computer.

10 0 Reply
Wednesday 21st July 2021 22:15 GMT Anonymous Coward

Hold your applause, please.

Like so many other parts of the Firefox browser, this was abandoned because they couldn't retain a maintainer, the code was a hot mess, and they decided it would be less work to cut it off instead of fixing it by implementing something secure or useful like scp/sftp support. RSS and live folders fell to the same axe. Thunderbird nearly got the same treatment.

That said I would love to see the day I don't have to deal with OG FTP ever again, but the entire embedded systems world is still mired in it. BTW, for those of you that just rolled your eyes, the building your in probably has dozens of them, weather you know it or not. If you have a cisco switch or phone system you probably do. Morons can't be bothered to update their firmware to support anything with support for ANY security, so does pretty much anything that supports netboot from the BIOS.

5 1 Reply
Thursday 22nd July 2021 01:26 GMT Bitbeisser

Well, there is a more or less easy way to work around and use a real FTP client.

But in general, I wonder what bozos started to make the Firefox design decisions at Mozilla. I thought that showing entries in the search field in the address bar was an April fools joke or maybe a glitch that passed through QC, but apparently, they are dead serious about this. Makes me really wonder what's next and if the last usable browser is finally going down the drain...

4 0 Reply
1. Thursday 22nd July 2021 14:58 GMT oiseau
  
  ... wonder what bozos started to make the Firefox design decisions at Mozilla.
  
  Finally ...
  
  Thank you for that. 8^D
  
  I've been bitching about exactly the same thing for three or four years now.
  
  They (them Bozos at Mozilla ...) have turned what once was a relatively decent browser with a lot of potential into a POS mess with an absurd UI.
  
  I know, it's not friday yet, but still...
  
  Have ~~one~~ three on me. ----->
  
  O.
  
  0 0 Reply
Thursday 22nd July 2021 16:38 GMT Missing Semicolon

HTTPS all the time

Is a real pain on local networks. Type (say) http://inkjet into the browser address bar, and if the HP inkjet to which I have assigned that name is having a sulk, instead of just producing an error, it a) Tries https://inkjet and then b) tries searching on google.

I now can't retry, as the original http://inkjet URL is gone. I must retype the damned thing.

1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2024