schmatzler wrote on 2020-05-13, 17:03:FTP is a pretty shitty protocol imho. It's hard to implement this in a secure way because of all the port shenanigans and as soo […]
Show full quote
imi wrote on 2020-05-13, 01:17:why are they removing FTP support? what has it been replaced with?
FTP is a pretty shitty protocol imho. It's hard to implement this in a secure way because of all the port shenanigans and as soon as you run an FTP server you will get hammered with requests from idiots trying to get in and take control of it. It also lacks in speed when transferring a multitude of small files.
There are much better protocols for file transfers like rsync, SFTP or in some cases even WebDAV.
Simple serving of files can be done over HTTPS and if you need a good file index, install a tool like h5ai on your webserver. Done.
There really is no need for browsers to still support FTP. Let it die already.
FTP did have one advantage over HTTP from a security perspective, though: out-of-band signaling. Had HTTP been originally designed to have the control commands and the actual data transmitted over separate ports, like with FTP, then things like cross-site scripting would never have been an issue. (Of course, since it was initially just intended to serve up static documents, that wasn't considered to be necessary at the time.)
I know this has since been mitigated in a different way in more recent HTTP revisions, and you do make a valid point about the multiple ports being a maintenance headache for server admins.
But most of your concerns pertain tot the server-side of FTP. So why not first keep FTP client support in the browsers as a clearly deprecated feature for awhile, with a (even more noticeable?) warning icon in the URL bar indicating an insecure connection, like what's being done with bare HTTP (non-HTTPS) connections? Yeah, FTP should eventually be removed, but they can at least sunset it more gradually.
At least such a warning icon and/or a clearer advance deprecation notice could have been a queue to the legacy/retro/vintage computer enthusiast community to start downloading and safeguarding public FTP sites, knowing they would be going down soon.
OTOH, perhaps we should have realized this and acted on it in an organized fashion much earlier.
I guess I'm just a little annoyed with Google's action waking up so many sleeping dogs in the hardware manufacturing industry. "Oh wait, don't we still have some old public FTP servers up, serving outdated no-longer-supported crap? Quick, let's pull the plug on them and save unnecessary expenses. Nah, who cares about migrating all of that old stuff any more?"