
Shutting down public FTP services - JoshTriplett
https://lists.debian.org/debian-announce/2017/msg00001.html
======
raamdev
The only reason I ever remember preferring FTP over HTTP in the 1990s was
because FTP usually meant that I could resume large downloads if my connection
dropped mid-download. That was a big deal when it took several hours to
download something. That benefit largely disappeared for me as broadband got
faster and the connections became more reliable.

~~~
justinsaccount
Also disappeared when http 1.1 added range requests around 1999

~~~
hobarrera
FTP has been obsolete since 1999 thanks to ssh/sftp.

It should have died along with RSH, but people insisted on keeping it alive.

~~~
majewsky
SSH/SFTP is mostly for authenticated access. The submission is explicitly
talking about "public FTP servers" (i.e. anonymous access).

------
sitepodmatt
Echo the good riddance comment.

Psst... Someone tell CPanel Inc and all the millions of horrid cPanel shared
hosting providers which still promotes this nonsense as the default way to
manage files. It is somewhat sad when you meet a new young fresh developer
where deployment = filezilla.

~~~
throwaway2048
filezilla supports SFTP just fine (nothing to do with FTP)

~~~
TorKlingberg
It also comes with bundled malware, so be careful.

~~~
jrimbault
Not entirely true. Sourceforge bundles things with their installers.

[https://news.ycombinator.com/item?id=8849950](https://news.ycombinator.com/item?id=8849950)

But you could always get a normal installer even then, and I think (don't
quote me on that, I never really used SF) Sourceforge stopped doing that after
their acquisition ?

~~~
hannob
Sourceforge stopped it, filezilla did not. And Filezilla explicitly defended
the sourceforge practice when it was still in place. They're a very shady
project.

------
LeoPanthera
Public FTP servers were where I downloaded most of the software for my
computers, back in the 90s. There's nothing really like it anymore - you can't
have anonymous sftp.

But perhaps we don't care anymore. The web is gradually consuming all that
came before it.

~~~
ryukafalz
>There's nothing really like it anymore - you can't have anonymous sftp.

Strictly speaking there's nothing stopping someone from writing an anonymous
sftp server that lets anyone log in as a 'guest' user or similar - it's just
that nobody has (as far as I'm aware).

~~~
derefr
"Unauthenticated SSH" is basically what the git:// protocol is. I wonder if
you could use git-daemon(1) to serve things other than git repos? Or you could
just convert whatever you want to serve _into_ a git repo, I guess.

~~~
toomuchtodo
Please use IPFS instead.

~~~
derefr
IPFS requires a stateful thick client with a bunch of index data, no? Would it
be _efficient_ to, say, build a Debian installer CD that goes out and
downloads packages from an IPFS mirror? Because that's the kind of use-case
anonymous FTP is for.

~~~
toomuchtodo
Many many years ago I was on the team that managed the compute cluster for the
CMS detector at the LHC (Fermilab Tier-1).

When we would perform a rolling reinstall of the entire worker cluster (~5500
1U pizza box servers), we would use a custom installer that would utilize
Bittorrent to retrieve the necessary RPMs (Scientific Linux) instead of HTTP;
the more workers reinstalling at once, the faster each worker would reinstall
(I hand wave away the complexities of job management for this discussion).

I'm not super familiar with IPFS (I've only played with it a bit to see if I
could use it to backup the Internet Archive in a distributed manner), but I'm
fairly confident based on my limited trials that yes, you could build a Debian
installer CD to fetch the required packages from an IPFS mirror. No need to
even have the file index locally. You simply need a known source of the file
index to retrieve, and the ability to retrieve it securely.

~~~
throwanem
And a day or two to wait for the installer to finish fetching packages...

~~~
toomuchtodo
Such pessimism! Bittorrent started with only a few nodes too. It is now a
majority of internet traffic.

------
jwilk
kernel.org is shutting down their FTP servers, too:

[https://www.kernel.org/shutting-down-ftp-
services.html](https://www.kernel.org/shutting-down-ftp-services.html)

~~~
unethical_ban
Almost the exact same wording was used in the deb announcement. And it's all
true.

I'm a nostalgic kind of guy, but FTP is terrible through firewalls and
nowadays, bittorrent or http are just as well.

~~~
suls
What has changed in HTTP over the past 10, 20 years? Was there ever a clear
benefit of using FTP instead of HTTP?

Just wondering why suddenly everyone is in agreement FTP should go away ..

~~~
acdha
FTP was older and had more widespread client support in the 90s, so you were
more likely to have at least a basic client preinstalled. That's obviously
moot by now since just about everything ships with a web browser and/or
something like curl.

FTP has a standard way to list directories. Using HTTP that way would require
you to either have a well-known index file or parse HTML looking for links
which don't return text/html responses.

The downside is that FTP still has issues with firewalls – I had to
troubleshoot that earlier this month, actually – and is another service to
maintain if you are already running an HTTP server.

In the case of either single-file downloads or something like a Linux package
manager, the URLs are well known so directory listings are irrelevant. HTTP
has a number of good options for CDNs and caching, so if you care about
performance or reliability that's a turn-key service.

In the cases where directory listings were more valuable, people usually
wanted a richer UI than just a file listing, too, and there are tons of
options for that in the web world.

~~~
tinus_hn
FTP has a standard for way to request a directory listing but the format for
that listing is not specified and impossible to parse reliably

------
bradfitz
Thanks, Russ!

[https://research.swtch.com/glob](https://research.swtch.com/glob)

> but if you have an anonymous FTP server accepting glob patterns, there are
> two more fundamental questions to ask: Do you really need to run an
> anonymous FTP server anymore?

~~~
jwilk
HN discussion:

[https://news.ycombinator.com/item?id=14184528](https://news.ycombinator.com/item?id=14184528)

------
gtirloni
Good riddance to FTP. I've wasted enough time troubleshooting it in my career.

------
orionblastar
In the old days we had Windows and wanted to install Netscape or download
Linux we used anonymous ftp servers. Now Windows has a web browser installed
that we can use to download anything we want.

Anonymous ftp servers are outdated now. Like Gopher was when web browsers
teplaced them.

~~~
dexwiz
Gopher had a lot going for it over the early web. But its death knell was
University of Minnesota wanting to charge a licensing fee for it.

------
z3t4
There's really nothing stopping FTP from working on CDN's and proxies. For
public distribution Bit-torrent is far superior though. I still think
SFTP/FTP/FTPS is the best way to upload files, is there any better free
alternatives !?

------
ilamont
There are a fair number of businesses in old industries that "went digital"
10-20 years ago still have the same tech running, including FTP. I work with a
company that requires uploading files via FTP into a co-mingled directory
(everyone uses the same password). Company is a major player in my industry,
too.

I would be curious if some government services were still running FTP, judging
by the number of Y2K-era government websites I run into.

------
eleitl
But not offering [https://](https://) services, huh?

------
reacweb
yesterday, I have received a link to download some tutorial from china:
[http://pan.baidu.com/s/1sl993lV](http://pan.baidu.com/s/1sl993lV). I have
performed the download using firefox, but the connection is so bad, there are
many failures. I have tried with curl that fails also. A real nightmare. All
these problems would not exist if it was a simple ftp link: filezilla is
perfectly optimized to work around shitty connections.

And today I learn that ftp is falling in oblivion. What a sad time.

~~~
inimino
Curl is perfectly capable of resuming a download over HTTP unless the server
is doing something stupid. Blame Baidu if you like, but HTTP is not the
problem here and there is no benefit to FTP.

