
Chromium: FTP resources will be marked “Not Secure” - stablemap
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
======
DonHopkins
I liked to leave a file in the top level public ftp directory called "README"
that contained just the line:

    
    
        README: No such file or directory.
    

Somebody once emailed me complaining they couldn't read that file. I told them
to run "emacs README" because emacs could solve any problem. Never heard back!

~~~
fiddlerwoaroof
He's probably still trying to quit emacs

~~~
victorNicollet
M-x vim-keys-mode, then :q ?

~~~
EGreg
[https://medium.freecodecamp.org/one-out-of-
every-20-000-stac...](https://medium.freecodecamp.org/one-out-of-
every-20-000-stack-overflow-visitors-is-just-trying-to-exit-vim-5a6b6175e7b6)

------
thinkMOAR
In my humble opinion, i find the label 'not encrypted' better fitting than
'not secure'.

[ edit after replies ]

Agreed, perhaps i unrightfully assumed people now what 'encrypted' means.
Growing up with computers i don't know any better and sometimes forget or
can't properly imagine what layman know and don't know.

~~~
cesarb
HTTPS is more than just "encrypted", it's also "authenticated". That is,
plain-text HTTP and FTP is not only "Not Encrypted", but also "Not
Authenticated"; saying "Not Secure" captures both properties at the same time.

~~~
Gracana
"Authenticated" is debatable. Someone has spent a few minutes on a third-party
website to enable the green checkbox. Whether that means they are who you
think they are is another matter.

~~~
tentaTherapist
Yeah, it's authenticated but only to the degree that you know that they own
the domain name, and there are no other guarantees that they are who they say
they are. Secure is way too strong a word.

------
Piskvorrr
Good. I'm very much surprised that FTP still exists in this century.

~~~
LarryMade2
FTP is still valid for larger files - mainly in the printing industry where
job uploads could easily be multiple hundreds of MBs, some now use 3rd party
document transfer sites but most still rely on FTP (usually with a password
access)

~~~
awestroke
You did not mention any advantage with using FTP over any other file transfer
protocol. "Multiple hundreds of MBs" is not much by todays standards, and FTP
is not especially suited to transferring large amounts of data. Literally any
other file transfer protocol is better. Like sftp or https.

~~~
robk
That's exactly it - the advantage is people don't want to change and it's
taken them years to get used to whatever ftp client they've been given or
trained on

~~~
smacktoward
Every competent FTP client I can think of can also handle SFTP and FTPS
connections. With SFTP it's just a matter of telling the client that's what
you're using so it can change to the different port; with FTPS you don't even
have to do that.

It's true that people resist change, but the change they have to swallow here
is so tiny and the upside so massive that it's darn close to malpractice to
continue giving them the option to use plaintext FTP.

~~~
victorNicollet
I once had trouble with a client who used his business data solution for
uploading data to our server (we support FTP, FTPS and SFTP, and we recommend
SFTP + keys). It was an old java-based application with no updates, no SFTP
support, and all attempts at FTPS failed in the face of certificate issues
(outdated list of CAs, no ability to force a certificate). The client had no
understanding of the issue and the technician was an expert for this specific
business application, with no ability (or willingness, maybe) to write any
sort of script or workaround outside that application.

------
snakeanus
FTP nowadays is only useful for fetching resources from very old sites.
Everyone I know has switched over to sftp and other ssh-based solutions.

------
graphememes
Today, reading the comments, I have learned that _a lot_ of hacker news
readers _do not understand_ FTP.

------
lousken
does chrome even support ftps?

~~~
forgot-my-pw
It doesn't according to the 3rd comment in the link.

------
tazeg95
because it's a language for beginners

