

Dropbox clone that uses FTP (open-source): Beta feedback appreciated - cyman

https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;iqbox-ftp&#x2F;<p>Hi everyone-
The Windows IQBox download is now available. I’m announcing it here first, so I can get feedback before the official beta release. (Link: https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;iqbox-ftp&#x2F;)<p>Features:
-Uses FTPS standard (or FTP): 100% standards-based.
-Realtime: Monitors local file changes without scanning. (When checking FTP it needs to scan, but future versions will use a changelog file.)
-Lightweight app: No Java. Made in Python, like Dropbox.
-Merge folders: Initial sync will merge local &amp; server.
-Automatically scans FTP server (optional): New files are downloaded automatically.
-Sync multiple FTP sites to different folders.
-Mac and Linux release date is now Mar 30&#x2F;2014 but alphas will be available mid-Jan.<p>I know that the Internet is littered with failed open-source Dropbox clones, or DIY solutions that are complex. That’s why I did this.
The difference is, we are laser-focused on (1) simplicity and (2) sync reliability.<p>The Plan: Make an FTPS-based client that lets you sync and share as easy as Dropbox. No special backend or non-standard protocols. Depending on demand, we’ll add local encryption. This is a long-term project. This is the beginning. For now, we just sync and link-sharing will be added later.<p>Positive and constructive feedback would be great.
Bugs can be submitted on the Google Code page:
https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;iqbox-ftp&#x2F;issues&#x2F;list
Direct Windows Download: http:&#x2F;&#x2F;goo.gl&#x2F;QlIrv5
======
skdjf
FTP has to die!

~~~
cyman
It's the only standard for file transfer we have, and it can be secure. Why
does it have to die? (NOTE: WebDav has even more issues but that's the only
other standard.)

~~~
dragonwriter
> It's the only standard for file transfer we have

No, its not.

> Why does it have to die?

Because its problematic in a whole lot of ways, and FTPS doesn't help much for
most of them. [1] identifies a lot of them (in the context of implementing a
MacFUSE filesystem, but the issues apply to most applications.)

> (NOTE: WebDav has even more issues but that's the only other standard.)

You keep using that word "only"; I do not think it means what you think it
means.

WebDAV certainly has issues, though its probably less bad, on balance, than
FTP/FTPS, but the more commonly used alternative for FTP/FTPS isn't WebDAV but
SFTP (the SSH File Transfer Protocol, _not_ the Simple File Transfer
Protocol.)

[1] [http://blog.expandrive.com/2009/02/02/ftp-considered-
harmful...](http://blog.expandrive.com/2009/02/02/ftp-considered-harmful/)

~~~
rsync
SFTP is the correct answer.

WebDAV is terrible. Run, don't walk, away from it. Nobody at apache has any
responsibility for it, the mod_dav author is totally MIA ... it's just a mess.
Further, every single DAV implementation[1] is _both_ broken _and_ completely
unique.

[1] Like DAV in Finder, or DAV in MS Word or in MS explorer, or in IE ... they
are all completely different ... and also all of them are horribly broken.

~~~
cyman
I think all this makes it clear that it is a software issue and not a protocol
issue. That is my point here. People hate FTP (or SFTP/FTP-SSL/WebDav) because
the software is implemented poorly. (NOTE: I know SFTP and FTP-SSL are
different protocols.)

~~~
dragonwriter
FTP/FTPS has serious, protocol level issues (including things that are
underspecified enough that its poor as a protocol for apps on top of, and
things that are just bad decisions.)

WebDAV arguably has fewer essential protocol level issues (aside from being
overly large and baroque) -- that is, it has fewer problems that are
_necessarily included_ in a correct implementation -- but lots of
implementation issues (which, arguably, stem largely from the spec being
overly large and baroque.)

OTOH, even to the extent that the problems (e.g., with WebDAV) are issues with
the existing software and not the protocol, the main benefit of building a
specialized app to a standard protocol is interoperability with other tools
using the protocol -- if the existing implementations are incomplete and buggy
in mutually incompatible ways, that negates the benefit of writing to the
standard.

~~~
cyman
The only reason FTP is insecure is because system admins still allow
unencrypted FTP connections. POP3 and HTTP is also insecure- it's up to the
system admin to block insecure connections.

With most FTP server software I know (such as ServU or FileZilla Server) once
you force SSL connections, the server will disconnect users on the USER
command (before sending the password) if they are connected insecurely. So
only if your system administrator _wants_ to allow insecure connections, will
you be allowed to transmit the password insecurely.

Why do people still connect using the old insecure FTP standard? _It 's the
software._

I personally think FileZilla should connect using SSL Explicit by default.
IQBox defaults to SSL, and prompts the user for a fallback. So again I think
it's a software issue, not a protocol issue.

