[laumars]

I get that many techies can live without Dropbox and it's ilk (myself included), but NOBODY should ever be advocating FTP. It's insure (no encryption - unless you're talking about FTP(E)S, but that introduces it's own issues), it's broken by design (no clear client/server relationship which can cause issues for NATing and filewalls (particularly if running with TLS), output specs depend on the host OS (eg directory listings), no automatic way of differentiating between text and binary data so modern FTP clients have to guess from file extensions (picking the wrong mode will break your files)). ?FTP is outdated - from a bygone era we no longer compute in and thus by modern standard it's become horrible in every conceivable way.

Thankfully we have SFTP which natively supports chroot (not all FTP servers do), key-based logins (more secure) as well as passwords, compression, and no fuzzy callback ports like in FTP. Also sshfs is pretty handy too.

If one needs "anonymous FTP" then you can also throw HTTPS into the list of better solutions: TLS encryption, compression, smarter handling of MIME types, and again no stupid fuzzy callback ports.

I don't often say things this strongly, but FTP should die.

[gumby]

FTP needs no defending -- it was really useful in 1979, but times have changed (e.g. I suspect every machine on the Internet uses an 8-bit byte). One point you wrote surprised me though:

> no clear client/server relationship which can cause issues for NATing and filewalls (particularly if running with TLS)

Really, crocks like NAT and stateful firewalls should die. Layers 4 and below are inherently peer-peer -- the net should not treat endpoints differently (i.e. should not privilege some over others). That simply encourages a "client" or "consumer" mentality in both the technical and social senses.

[martinald]

The thing is while NAT is horrible for what you're saying, it probably did more to improve security than anything else, which wasn't it's primary goal.

I remember what the internet was like when ADSL/cable models first came along. Everyone was getting pwned none stop. Any RCE could easily be applied by scanning a consumers DSL/cable IP pool and you'd be able to hit a very high %age of them.

NAT totally stopped this.

[laumars]

It was the firewalling that stopped those attacks. Granted you could argue that the firewalls only came popular in households because routers were shipped to address a need for NATing but pragmatically we really should have been installing firewalls on our PCs in the pre-router days of the internet.

[gumby]

> The thing is while NAT is horrible for what you're saying, it probably did more to improve security than anything else, which wasn't it's primary goal.

Are you defending NAT? It sounds like a Vietnam era construction: you had to destroy the Internet in order to save it.

We now have a seemingly entrenched tree-structured (i.e. centralized) network again, the very 1960s architecture we tried so hard to get away from.

[jlgaddis]

... and yet billions (?) of dollars are moved around every day using this technology "from a bygone era" (transferring CSV files for ACH transfers, etc.).

I'm not a big fan of FTP and hardly ever use it any more, but it does what it was designed to do and still manages to work pretty well considering how much everything else around it has changed.

[laumars]

Have you seen the list of requirements used for FTPing ACH transfers? It uses TLS (something that isn't part of the original FTP specification - what little of one there was) to transfer PGP encrypted files (something that wasn't even invented when the FTP specification was written) and even with all these extra steps put in there's still a lot of ways the process can easily fall apart. I've spent enough time building systems that interact with these kinds of banking systems to know that using FTP isn't doing themselves any favours. In fact the whole process of working with ACH files is a complete mess and saying ACH still uses FTP doesn't really improve the validity of FTP - it just demonstrates more technology that really should have been depreciated before now.

I'm not the sort of person who advocates new technology for the sake of new technology. I normally get annoyed at the constant reinvention of wheel however some older tech is just bad and FTP is one of those. It got the job done when it was first written but it made a bunch of mistakes along the way. Mistakes we've learned from and have since written a thousand better transfer protocols. So it's about time people laid FTP to rest.

[dispose13432]

It will when windows file explorer will support sftp out of the box