×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FTP Is 40 Years Old

timothy posted about 3 years ago | from the why-when-it-was-a-boy dept.

The Internet 253

An anonymous reader writes "FTP celebrates its 40th birthday tomorrow. Originally launched as the RFC 114 specification, which was published on 16 April 1971, FTP is arguably even more important today than when it was born. Frank Kenney, vice president of global strategy for US managed file transfer company Ipswitch, said that the protocol we know as FTP today is 'a far cry from when Abhay Bushan, a student at MIT, wrote the original specifications for FTP.' According to Kenney, the standard has grown from 'a simple protocol to copy files over a TCP-based network [to] a sophisticated, integrated model that provides control, visibility, compliance and security in a variety of environments, including the cloud.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

253 comments

Oh please (5, Interesting)

Anonymous Coward | about 3 years ago | (#35835692)

FTP is a hideous protocol. The client connects to the server with one TCP connection, and then when a file (or directory listing) is requested, the server opens up another TCP connection back to the client. This is a nightmare for firewalls. There is also passive mode where the client initiates the second connection to the server, but it is only slightly less hideous.

As awful as HTTP is, it is infinitely better than FTP. Sadly HTTP is mostly one way, but these days for anything that isn't being broadcast to the public (the web), you are betterm off using ssh/scp.

Let FTP die already.

mod parent up (1, Insightful)

Uksi (68751) | about 3 years ago | (#35835738)

Unless the TFA is talking about SFTP (which it isn't), there is no reason to laud anything positive about FTP. Other than it was a straightforward protocol and it served us well, back in the day.

Re:mod parent up (0)

olsmeister (1488789) | about 3 years ago | (#35835790)

Don't be a moron. That's like saying the Model T was a piece of shit.

Re:mod parent up (2)

BagOBones (574735) | about 3 years ago | (#35835828)

Quote FTFA "Join us in a toast to FTP - at 40 years of age, it’s lasted well and looks like it will remain a relevant technology for years to come."

That is like saying we should still be driving the Model T and expect it to still be around.

Re:mod parent up (0)

Anonymous Coward | about 3 years ago | (#35835884)

I drive a Model T you insensitive clod!

Re:mod parent up (0)

Anonymous Coward | about 3 years ago | (#35836708)

I drive a Model T you insensitive clod!

Sure you do. Pics or it didn't happen, you fucking liar.

Re:mod parent up (1)

machine321 (458769) | about 3 years ago | (#35836070)

Please post photos of your 1971 Ford Model T. I suspect the closest you'll be able to get is a 1984 IBM Model M.

Re:mod parent up (1)

jd (1658) | about 3 years ago | (#35836282)

Whilst I don't own a Model T or a car from 1971, I would personally prefer any of the cars from the Brighton Rally anyway. Much classier.

Re:mod parent up (1)

jd (1658) | about 3 years ago | (#35836274)

Compared to other cars of that vintage, it was. Ford sold mass-produced cars that were stocked high and sold cheap. The Fry's or Walmart of the car industry. They were popular because people could afford them, not because they worked well.

Re:mod parent up (1)

hairyfeet (841228) | about 3 years ago | (#35836634)

I don't know about that, as the 70s Ford trucks were pretty decent, and the Maverick was a great car to trick out. You could manage to squeeze some insane motors in that little thing!

As for TFA...if it ain't broke? For files where you don't care about security, like say plopping some Linux ISOs on a server somewhere then FTP is as good as any. It does make me curious though: Is there any tech still in widespread use that is that old or older?

Re:mod parent up (3, Informative)

jd (1658) | about 3 years ago | (#35836256)

I agree (though if you are going to consider sftp, please also consider ftps), but it has been surprisingly durable. Rivals, historically, have included fsp, scp, rsync, uucp, WAIS, gopher and ftpmail. Some, like WAIS and gopher, also provided a far superior interface to the traditional FTP client.

Of these, scp and rsync are the only ones still in use today and I don't know of any anonymous FTP sites that provides scp, though I think kernel.org provides rsync.

About the only significant change to FTP since it began was that people used to use archie to find programs. (Archie, for those too young to remember, was a search engine specifically for anonymous FTP sites. You gave it a regexp, it gave you every site that had files that matched and the full directory path of those files. Because it was specialized, there was no risk of clutter. Equally, there was no chance it would survive into the era of web crawlers and generalized search engines.

Re:mod parent up (2, Funny)

Anonymous Coward | about 3 years ago | (#35836600)

I agree (though if you are going to consider sftp, please also consider ftps), but it has been surprisingly durable. Rivals, historically, have included fsp, scp, rsync, uucp, WAIS, gopher and ftpmail. Some, like WAIS and gopher, also provided a far superior interface to the traditional FTP client.

Of these, scp and rsync are the only ones still in use today and I don't know of any anonymous FTP sites that provides scp, though I think kernel.org provides rsync.

About the only significant change to FTP since it began was that people used to use archie to find programs. (Archie, for those too young to remember, was a search engine specifically for anonymous FTP sites. You gave it a regexp, it gave you every site that had files that matched and the full directory path of those files. Because it was specialized, there was no risk of clutter. Equally, there was no chance it would survive into the era of web crawlers and generalized search engines.

) . . . . . . whew!

Re:mod parent up (-1)

Anonymous Coward | about 3 years ago | (#35836662)

Of these, scp and rsync are the only ones still in use today and I don't know of any anonymous FTP sites that provides scp, though I think kernel.org provides rsync.

Why would they provide scp? There is absolutely no need - they use http. There is no need for security at this layer because you are supposed to check PGP signatures. This is the same as debian using http to distribute updates. They would never bother with https or scp (or ftp) since http handles file transfers perfectly, and then they can check signatures inside the app (apt-get/aptitude).

Re:Oh please (3, Informative)

BagOBones (574735) | about 3 years ago | (#35835800)

FTP is evil for simple firewalls but most advanced firewalls can rewrite the control commands or read them to open the right ports.
SFTP is something totally different, but since it uses a tunnel it isn't that bad for firewalls.
FTPS is the a nightmare! It has the random port problems of FTP but also encrypts the commands so there is no way for the firewall to figure out what ports will be used.

Re:Oh please (1)

gad_zuki! (70830) | about 3 years ago | (#35835996)

Huh? I use FTPS all the time with Filezilla server and connect with a variety of FTPS clients and never have issues. This is through a variety of firewalls- expensive cisco's and sonicwalls and cheapo netgears and linksys.

Both FTP and FTPS require passive mode to work properly and a passive range forwarded. That's it. Once configured correctly on the server-side there's nothing else to do.

Honestly, it scares me that vanilla FTP is so widely used and the defacto way to transfers files for so many services. Its completely unencrypted. Its a shame the browser makers never supported FTPS like they did HTTPS.

Re:Oh please (1)

ibbie (647332) | about 3 years ago | (#35836198)

Honestly, it scares me that vanilla FTP is so widely used and the defacto way to transfers files for so many services. Its completely unencrypted.

Er, not everything needs to be encrypted. Having it as an option is great, but for non-sensitive data (e.g., source code that I'm already making available to the world) I'll take the protocol with the lower overhead.

Re:Oh please (1)

Goaway (82658) | about 3 years ago | (#35836224)

Your password is usually pretty sensitive data.

Re:Oh please (1)

Anonymous Coward | about 3 years ago | (#35836712)

Only anonymous FTP should be in the clear, and I can't think of a single reason why anonymous FTP always needs to be encrypted.

Re:Oh please (1)

clarkcox3 (194009) | about 3 years ago | (#35836306)

Yes, many things can be left unencrypted; your password is not one of them. Using FTP for anything other anonymous FTP is irresponsible and stupid.

Re:Oh please (1)

Leebert (1694) | about 3 years ago | (#35836352)

Yes, many things can be left unencrypted; your password is not one of them. Using FTP for anything other anonymous FTP is irresponsible and stupid.

Eh, there are ways to do it that are reasonable in terms of risk. For example, one-time passwords.

I wouldn't recommend it, but to dismiss it outright for that reason isn't correct.

(Disclaimer: As a former firewall administrator in a scientific computing facility, I hate FTP.)

Re:Oh please (1)

morgan_greywolf (835522) | about 3 years ago | (#35836464)

In fact, I can think of a major automotive company that still does exactly that: you sign in via https, get your one-time password, and then initiate the transfer with ftp.

Absolutely hideous, but it works.

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836618)

Non-sensitive data is still sensitive to undetected corruption when not encrypted or checksummed. Your ISP or anyone inbetween can sniff out exactly what you're downloading. IMO the entire IP stack should be mandatory encrypted.

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836692)

FTP is evil for simple firewalls but most advanced firewalls can rewrite the control commands or read them to open the right ports.

In the biz, we call that "Deep Packet Inspection" which is generally considered to be both fragile [1] and evil in itself [2].

[1]: It requires the protocol be completely understood without confusing the firewall, add a few newer or non-standard commands and things don't work so well anymore. Even worse, the firewall software needing to understand the protocol is stupid in itself since it only works for protocols that the firewall knows, what about every other protocol that requires similar hacks? You going to add DPI for those too? (consider older PC games that don't handle NAT well, every one has a different proprietary protocol).

[2] DPI is a gateway drug to throttling and blocking various protocols regardless of use case and port used. [See BitTorrent]

Re:Oh please (1, Insightful)

DarkOx (621550) | about 3 years ago | (#35835910)

Defense in depth in all but really Firewalls suck, and break the Internet. Its not FTP that is broken its systems that need firewalling that are. That said there is no operating system in common use, Linux included, that should not be behind a firewall, at the very least a local software based one.

  The control channel being on a separate socket from the data channel allows FTP to do things like XFTP where a client can broker a transfer between servers without needing to participate in it.

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836400)

Defense in depth in all but really Firewalls suck, and break the Internet.

That's like saying "Doors suck, they keep my girlfriend from coming over and I can't get mail." Firewalls don't break anything, and having something that can inspect traffic and maintain stateful connection information at your gateway is by definition never a bad thing. Give your girlfriend a fucking key and cut a slot for the mail. Open the ports you need and trust the source IPs you need to. Leaving your front door wide open when your house is full of a lot of valuable shit is not the answer.

Re:Oh please (1)

Anonymous Coward | about 3 years ago | (#35835994)

What you are describing is not a requirement for FTP.
It was just the initial default...

Any modern FTP client can work in "passive mode", that can use the same TCP connection for everything.

Next time, please check your facts.

Igor

Re:Oh please (1)

hedwards (940851) | about 3 years ago | (#35836168)

The issue there is that passive mode works, unless the server is behind a firewall. Which it should be, if you're only serving up files and web pages, there's absolutely no good reason to have any more ports open than you absolutely need to, and having extra ports open is just plain silly. And since FTP mandates that those ports be randomly assigned there's no good way of knowing which ports are going to be used.

Re:Oh please (1, Insightful)

cheater512 (783349) | about 3 years ago | (#35836396)

Using a firewall to close ports is the most ridiculous thing ever.

Just tell the bloody program that opened the port not to open it!

If you actually do that, the firewall isn't needed because you actually have a clue and configured the system correctly.

Re:Oh please (1)

Goaway (82658) | about 3 years ago | (#35836238)

Next time, read the post you are replying to to the end before wielding your keyboard in anger.

Re:Oh please (1)

Leebert (1694) | about 3 years ago | (#35836382)

Next time, please check your facts.

Funny, for someone who just got his facts wrong about how passive mode works. There are still two TCP connections in passive mode. Essentially, it's just flipping the listener on the data connection from the client to the server.

Re:Oh please (1)

Anonymous Coward | about 3 years ago | (#35836094)

FTP is a hideous protocol. The client connects to the server with one TCP connection, and then when a file (or directory listing) is requested, the server opens up another TCP connection back to the client. This is a nightmare for firewalls. There is also passive mode where the client initiates the second connection to the server, but it is only slightly less hideous.

True, but remember that firewalls were invented about twenty years after FTP (Cheswick and Bellovin, 1998). Heck, FTP was invented three years before even TCP (1974) and a decade before IP (1981) was defined.

Remarkably resilient design. Also, while firewalls certainly causes breakage, so does NAT.

Re:Oh please (1)

evilviper (135110) | about 3 years ago | (#35836218)

Active mode FTP is hideous where NAT is involved, because it requires the server to initiate an active connection to the client.

Sadly, passive mode is horrible because it uses ephemeral ports on both ends, so you have no way to easily allow ftp and nothing else.

This leaves you in the situation of absolutely requiring an ftp proxy, because you only allow active mode on site, but passive mode is needed to get off site...

FTP is a nightmare. It has only remained because A) no command line HTTP file transfer clients ever sprang up, and B) The OpenSSH folks didn't allow you to choose unencrypted data connections for "anonymous" and non sensitive data. Either of the two would blow FTP out of the water so fast it would make your head spin. FTP is just that horrible.

I will say, however, it's very simple. It only becomes complex when you try to tack on all the failed protocols that attempt to add encryption to it, poorly, and still have the original bad design of FTP. SFTP is worlds better by comparison.

Re:Oh please (5, Informative)

Mad Merlin (837387) | about 3 years ago | (#35836244)

no command line HTTP file transfer clients ever sprang up

Let me introduce you to wget [gnu.org] and curl [curl.haxx.se].

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836384)

"sprang up" is the key phase

Re:Oh please (1)

Culture20 (968837) | about 3 years ago | (#35836506)

no command line HTTP file transfer clients ever sprang up

Let me introduce you to wget [gnu.org] and curl [curl.haxx.se].

"sprang up" is the key phase

Okay, introduce wget or curl to a website of ill-repute.

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836576)

For which you need to know the name of the file you want already. Not true with FTP, especially back in the pre-web days.

Re:Oh please (3, Insightful)

ukemike (956477) | about 3 years ago | (#35836246)

Lots of people grousing about how awful FTP is. I bet not one of you will ever write a piece of software that is still hugely popular and under active development 40 years later.

Re:Oh please (3, Insightful)

lenroc (632180) | about 3 years ago | (#35836514)

Lots of people grousing about how awful FTP is. I bet not one of you will ever write a piece of software that is still hugely popular and under active development 40 years later.

Except, FTP isn't a piece of software. It's a Protocol. As far as I can tell from a cursory search, no particular FTP daemon is still in wide use that was written 40 years ago.

Re:Oh please (1)

Darinbob (1142669) | about 3 years ago | (#35836262)

Except it was designed back before people had firewalls, or had even thought about firewalls. It's easy to criticize something in hindsight (why'd the make the first wheel out of stone, that's stupid).

Re:Oh please (0)

Anonymous Coward | about 3 years ago | (#35836316)

Except it was designed back before people had firewalls, or had even thought about firewalls. It's easy to criticize something in hindsight (why'd the make the first wheel out of stone, that's stupid).

Oh please, nobody is criticizing it for what it was THEN. It's forty years later, we have firewalls, and business processes that rely on data getting from point A to point B need more control and follow-through than what FTP by itself provides.

Re:Oh please (1)

Spykk (823586) | about 3 years ago | (#35836278)

Don't forget that the format of the directory listing isn't defined in the spec so it varies from server to server. Try pointing a GUI based FTP client at an IBM 4694 controller sometime...

The cloud? (4, Insightful)

socsoc (1116769) | about 3 years ago | (#35835700)

Do we really need to bring buzzwords like the cloud into this? It's a file transfer protocol, aptly named, for transferring data to another system. It could be in a cloud or in a cave for all I care, as long as it has port 21 open.

Re:The cloud? (4, Funny)

mikkelm (1000451) | about 3 years ago | (#35835802)

Of course we do. It's imperative in today's business environment to deploy file transfer protocols based on integrated models that work in the cloud with compliance. Just imagine what FTP was like before it had compliance in the cloud. I don't get how anyone got anything done.

Re:The cloud? (1)

istartedi (132515) | about 3 years ago | (#35836458)

I don't get how anyone got anything done.

I'm not cognizant of how team members brought elements to completion under that scenario. FTFY.

Re:The cloud? (1)

MoellerPlesset2 (1419023) | about 3 years ago | (#35836226)

Do we really need to bring buzzwords like the cloud into this?

Well let's see.. the guy who said it is...

vice president of global strategy

Ah well there you are. He's a VP. So yes, I believe he really does need to bring buzzwords into everything. He's probably contractually obligated to.

...and it shows (1)

vanyel (28049) | about 3 years ago | (#35835712)

I'd instead say "and in internet years, that's about 400 years, and it shows. retire the poor thing already!" It's a royal pain for firewalls and it sends text in the clear. Move into the 21st century and use scp...

Correct Name (1)

studarus (251872) | about 3 years ago | (#35835728)

The correct name is Abhay Bhushan (not Bushan).

Re:Correct Name (0)

Anonymous Coward | about 3 years ago | (#35835986)

The correct name isn't written with English letters so there will be variation in how it's spelled using this alphabet.

Happy birthday FTP (4, Funny)

suso (153703) | about 3 years ago | (#35835742)

Now die!

Re:Happy birthday FTP (1)

timeOday (582209) | about 3 years ago | (#35836092)

It is dead. FTP was once the majority of all bandwidth used on the Internet. It was overtaken by http... in 1995! [ai4fun.com]

Re:Happy birthday FTP (1)

jd (1658) | about 3 years ago | (#35836294)

But almost nobody sends files via http. Way too primitive. FTP is still king there, followed by torrent.

Re:Happy birthday FTP (1)

thegarbz (1787294) | about 3 years ago | (#35836770)

Rapidshare, megaupload, oron, upload.me, depositfiles, and many others would disagree with you. FTP is not king of the file transfer world. How many times recently have you used it compared to downloading an update usually via a HTTP connection from some updateserver somewhere?

I have used FTP exclusively for connecting to a web server and putting files on there. I do that maybe once every 2 months. Now at 100 hits per day average I wonder... how much of my website gets transferred via FTP compared to HTTP?

The effects of middle-age software ... (2)

dkleinsc (563838) | about 3 years ago | (#35835750)

When software gets to be around 40 years of age, wrinkles that were once minor are more and more apparent, what was once new and exciting isn't so much anymore, and it gets rather set in its ways and resistant to change. Decisions made in its youth often become a cause of later regret, and there's a certain amount of jealously of those who are now doing the same job it once did but in a snazzier way.

But at the same time, it's likely to be far more established and dependable than its younger counterparts. You can count on it getting the job done, one way or another. It won't be flashy, but it will work.

Re:The effects of middle-age software ... (1)

McGiraf (196030) | about 3 years ago | (#35836164)

"But at the same time, it's likely to be far more established and dependable than its younger counterparts. You can count on it getting the job done, one way or another. It won't be flashy, but it will work.
"

That's what she said.

Re:The effects of middle-age software ... (1)

Goaway (82658) | about 3 years ago | (#35836248)

But at the same time, it's likely to be far more established and dependable than its younger counterparts

But I thought we were talking about FTP?

Re:The effects of middle-age software ... (0)

Anonymous Coward | about 3 years ago | (#35836472)

-Uhh, Honey? Is that you?

Re:The effects of middle-age software ... (1)

Tim the Gecko (745081) | about 3 years ago | (#35836526)

You can count on it getting the job done, one way or another.

  • one way - correctly copying your binary files
  • another - corrupting them if you are in ASCII mode by mistake

So parent is correct - it works one way or another!

Biased much? (4, Insightful)

BitHive (578094) | about 3 years ago | (#35835754)

Asking the vice president of global strategy of a company built around its FTP client to comment on the relevance of FTP is a bit like asking an Adobe marketing executive about the importance of Flash, no?

Re:Biased much? (2)

Dhalka226 (559740) | about 3 years ago | (#35835852)

It's biased, yes. But that doesn't necessarily mean "wrong" or "without value."

If somebody can build a business around FTP, I think that's a testament to its relevancy right there. And who better to comment on it than somebody who deals with it and clients who use it every day?

I wouldn't ask the guy if his product is the best on the market, but as a comment on the underlying protocols... why not?

Re:Biased much? (2)

mikkelm (1000451) | about 3 years ago | (#35836050)

Anyone can build a business around any concept, regardless of value or worth. Success isn't necessarily a testament to the value of the product or its constituent elements. This is a good example of that.

Happy Birthday, Pirates! (0)

Anonymous Coward | about 3 years ago | (#35836240)

I wonder when the first technical breach of copyright happened over FTP... How many hours/days after the prototype application(s) was born do you think more than fair use passed over the first FTP connections?

I'd say we've probably got the 40th birthday of Internet Piracy some time this year, anyhow. =)

I used to think back as a schoolboy that ... (0)

Anonymous Coward | about 3 years ago | (#35835822)

FTP stood for freaking tricky protocol because it did so much 'wonderful' stuff for me downloading pron.

Too bad (0)

Anonymous Coward | about 3 years ago | (#35835834)

that the grand FTP sites like Walnut Creek didn't last this long. RIP cdrom.com, RIP gamehead, RIP happypuppy, RIP filefactory, RIP gamesdomain, and RIP sunet.se (they closed off their games sections)

If only there had been archiving attempts on FTP sites like those... not cheap port 80 http copies!

Re:Too bad (3, Informative)

grnbrg (140964) | about 3 years ago | (#35835958)

that the grand FTP sites like Walnut Creek didn't last this long. RIP cdrom.com, RIP gamehead, RIP happypuppy, RIP filefactory, RIP gamesdomain, and RIP sunet.se

n00b.

RIP wsmr-simtel20.army.mil

Kenny Should Learn History (3, Informative)

Rantastic (583764) | about 3 years ago | (#35835840)

According to Kenney, the standard has grown from 'a simple protocol to copy files over a TCP-based network [to] a sophisticated, integrated model that provides control, visibility, compliance and security in a variety of environments, including the cloud.

Actually, FTP predates TCP by 10 years and 679 RFCs. Hint: TCP is defined in RFC 793.

Re:Kenny Should Learn History (4, Informative)

Rantastic (583764) | about 3 years ago | (#35835862)

Correction: FTP is only 3 years older than TCP. Still, it predates TCP and is really damn old.

Re:Kenny Should Learn History (1)

jd (1658) | about 3 years ago | (#35836298)

Which is why we should scrap TCP and UDP, using SCTP and DCCP instead.

Re:Kenny Should Learn History (2)

Dahamma (304068) | about 3 years ago | (#35835962)

Actually, TCP was first defined as an RFC in RFC 675 [ietf.org]...

Still, 10 years or 3 years, as you say FTP was clearly not originally specified to work over TCP...

Re:Kenny Should Learn History (0)

Anonymous Coward | about 3 years ago | (#35836096)

FTP as used in arpanet "production" was really RFC542. That was what existed in operations over NCP then later TCP. There were also a RJE (remote job entry) RFC used to submit jobs in mostly IBM land.

it's time to send ftp to where gopher is (1)

spectrum- (158197) | about 3 years ago | (#35835906)

ftp was great in it's day. But it's insecure and outdated now and better protocols exist. For system administrators it is a pain to manage with plain text passwords etc. It should be consigned to the history books for better replacements like scp or sftp etc

Re:it's time to send ftp to where gopher is (1)

Rantastic (583764) | about 3 years ago | (#35835928)

it's time to send ftp to where gopher is

Only if we can bring back Archie, Veronica, and WAIS.

Already posted; posted again. (-1)

Anonymous Coward | about 3 years ago | (#35835972)

FTP should be taken out back and shot in the head. Then the corpse should be burnt. Then it should be dismembered and scattered to the four corners of the world, just to be sure it doesn't come back as a zombie or a vampire or something.

USE. S. GODDAMNED. F. FREAKING. T. DAMN IT. P.

No, there are no excuses. 'BAAW I R GIVING ACCESS 2 USRS AN DEY CAN C OTHR DIRECTUREEZ' is the only remotely plausible excuse I've ever heard, and it's completely lame. chrooted FTP is hardly secure; certainly not any more secure than the stupidly-easy-to-set up chrooted SFTP.

STOP USING FTP OR I'M GOING TO PUNCH YOU IN THE FACE. I MEAN IT.

Old is Gold (0)

Anonymous Coward | about 3 years ago | (#35835976)

Not Intented To Be A Factual Statement

Why all the hate? (1)

SpeZek (970136) | about 3 years ago | (#35836134)

Not everything needs to be secure; every OS has an FTP client built-in, and FTP works with minimal overhead. It's just one tool to do a job.

It was different world (1)

Anonymous Coward | about 3 years ago | (#35836208)

There was a very small number of systems on the ARPA netwok, we were trying to build simple and workable connections between different architectures (8,12,16,32,36 bit hardware). Also many differnent operating systems. FTP, Telnet, RJE, Mail etc were all buit with a very differnt trust model than today. As mentioned it was NCP as the basic transport protocal not TCP/IP. FTP as used was from RFC 542, the RFC mentioned here predated and was first attempt to discuss it. 542 was work of a committee that had folks from many sites with different architectures (system and hardware). There was an assumption of trust and an end to end connection model. The concept of 'internet' was much later. TCP/IP was much later. In many ways a much nicer/simpler world.

Nothing against FTP, (2)

drfreak (303147) | about 3 years ago | (#35836372)

but I need to say SFTP is the only option in today's world of HIPAA and net neutrality. FTP-SSL, still, is just another layer over the already ubiquitous FTP.

Yes, SFTP is yet another wrapper against FTP, but it is much more secure compared to FTP over SSL. SSL only offers limited encryption options. SFTP, on the other hand, can encrypt data flowing over public keys with encryption streams 1024-bit or higher.

The wrong FTP (2, Informative)

Anonymous Coward | about 3 years ago | (#35836390)

The FTP we know today originated in RFC 765, published June 1980, and was designed to work over TCP. RFC 114 defines a completely different protocol for file transfer that has nothing to do with FTP.

Exactly one advantage to FTP - FXP (5, Interesting)

Just Some Guy (3352) | about 3 years ago | (#35836404)

The only nonsucky thing about FTP is that you can use FXP [wikipedia.org] to transfer files between two remote servers without piping it through your client. For example, suppose you have FTP logins on two servers and each has a nice, fast Internet connection. You are on dialup and need to copy database backups from one server to the other. You can use FTP to tell the first to upload to the second's IP address, and tell the second to recv a file from the first's IP address. Nothing but the status messages go through your poor local modem.

You can do the same with by ssh'ing to the first server and scp'ing a file from it to the second, but that requires generating keypairs and copying the public keys around. If you're nitpicky about having separate keypairs on each SSH client machines (and you really should be!), and you have 20 hosts, then you'd have to copy 19 public keys to each machine. With FTP+FXP, you need an FTP login on each of the hosts. That's especially nice if the sending server is a public repository where you don't have anything but anonymous FTP access.

This isn't exactly a killer feature for most people, but it's kind of slick if you ever actually need it.

Re:Exactly one advantage to FTP - FXP (0)

Anonymous Coward | about 3 years ago | (#35836498)

Why are you comparing clear text and encrypted protocols? FTP doesn't handle keys and ssh, being encrypted... needs them.
= > point ... moot

but, yea that feature is nifty...

Only if I could ssh to server1 and request file from server 2, while on dialup (56k @ 199X, could have been early 2K), from my home PC ... hehe

Re:Exactly one advantage to FTP - FXP (1)

Just Some Guy (3352) | about 3 years ago | (#35836542)

Not everything has to be secure. Maybe it's an Ubuntu ISO. Maybe it's a GPG-encrypted file. And as I pointed out, maybe you're downloading some from a public server where you have no privileges beyond a plain ol' anonymous FTP account.

Yes, scp is nicer than FTP - if you can use it. That's not always true, and it's not always even an advantage.

Re:Exactly one advantage to FTP - FXP (1)

Jaime2 (824950) | about 3 years ago | (#35836690)

Unfortunately, the same feature makes it possible to cause an FTP server to mount an attack on any server on your behalf.

It's the lowest common denominator (2)

hawguy (1600213) | about 3 years ago | (#35836416)

As recently as 5 years ago, I set up an FTP server for use by a number of financial firms to send orders into a specialized stock trading system

$100M worth of orders were FTPed into that system using PGP encrypted text files (with public key fingerprints verified via telephone to make sure that all of the keys were valid). IP filtering was used to give a small additional layer of security.

This system was set up in a short period of time (3 weeks from inception including writing the file spec and setting up the servers) and FTP was the one thing that all parties could count on having (client operating systems included Windows, various flavors of Unix, IBM VM, and I think one customer had Tandem Nonstop). Pushing files via HTTP PUT is possible, but it's a lot easier to script an FTP file transfer.

Alternatives to FTP (0)

Anonymous Coward | about 3 years ago | (#35836436)

What are some alternatives to FTP that are fast and non CPU-intenstive (i.e. no encryption)?

One advantage? (1)

metalmaster (1005171) | about 3 years ago | (#35836452)

After 40 years the protocol is known well enough that developers can make it work on just about any system that needs file transfer. Its not exactly the fastest method, but I can transfer media from my PC to my PS3. I wouldnt be surprised if a few of the file transfer software packages for media players use some implementation of FTP.

FTP doesn't need you or your opinion (1)

dsmithhfx (1772254) | about 3 years ago | (#35836462)

Get a life, STFU. FTP just works. Do you hate that? If you have something truly better, it will replace FTP. Otherwise...

Still beats the hell out of bittorrent (2)

countertrolling (1585477) | about 3 years ago | (#35836540)

With ftp I can download whole folders with boatloads of files and more folders, and the rest my network stay up just fine. Transfer speeds are top notch. It lets other traffic through.. Bittorrent? I might put it on when I crash for the night.

ftp through a nice private tunnel.. hasn't failed me yet..

security (1)

spidr_mnky (1236668) | about 3 years ago | (#35836628)

FTP ... provides ... security ...

I viewed the conversation on this topic mostly to see the revulsion at that series of words. There isn't enough. I would be pissed to see that statement anywhere, and probably mention something about fact-checking. It's on the front page of slashdot. There's no way timothy didn't look at it, recognize that it is a bald faced lie and that everyone here would know it, and endorse it anyway. What the hell?

FTP hasn't evolved. It's been replaced. As others have pointed out, there's https for the masses, and sftp for the ssh-inclined. There's bit torrent for efficiently distributing load. If you want to talk about history, great. If you want to claim that FTP is a good protocol today, I disagree. If you want to tell me that it's secure, you can just get fucked.

The three "generations" of FTP (5, Informative)

ftexperts (2042636) | about 3 years ago | (#35836638)

Here's a little more background on the various generations of the FTP protocol.

First Generation (1971-1980)

The original specification for FTP (RFC 114) was published in 1971 by Abhay Bhushan of MIT. This standard introduced down many concepts and conventions that survive to this day including: ASCII vs. "binary" transfers, Username authentication (passwords were "elaborate" and "not suggested" at this stage) , "Retrieve", "Store", "Append", "Delete" and "Rename" commands, Partial and resumable file transfer , A protocol "designed to be extendable", Two separate channels: one for "control information", the other for "data", and Unresolved character translation and blocking factor issues

Second Generation (1980-1997)

The second generation of FTP (RFC 765) was rolled out in 1980 by Jon Postel of ITI. This standard retired RFC 114 and introduced more concepts and conventions that survive to this day, including: A formal architecture for separate client/server functions and two separate channels, Site-to-site transfers, Passive (a.k.a. "firewall friendly") transfer mode and The 3-digits-followed-by-text command response convention. ...and RFC 765 was replaced by RFC 959 (which formalized directory navigation) in 1985.

Third Generation (1997-current)

The third and current generation of FTP was a reaction to two technologies that RFC 959 did not address: SSL/TLS and IPv6.

Most FTP software now conforms to RFC 2228 for FTPS. Oddly enough, there are still a LOT of file transfer packages that still don't have IPv6 or EPSV support. The RFCs beyond IPv6 and EPSV support are pretty well baked, so if you're still dealing with a vendor without those attributes, consider that a big red flag.

Also keep an eye on draft-ietf-ftpext2-hash and draft-peterson-streamlined-ftp-command-extensions - that's where the action is in FTP today.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...