SoylentNews is people
SoylentNews
Currently people can access FTP list and download resources hosted on FTP servers in Chrome through FTP URLs, but this may not work anymore in the near future. In a post published by Chrome engineers, there is a plan to deprecate FTP support in Chrome version 82.
The major motivation for this deprecation is that Chrome doesn't have an encrypted FTP connection support(FTPs), this raises security risk of downloading resources over FTP. Since users can access FTP URLs and download resources, there is no encryption of the data which indicates any sensitive information would be exposed to middle man attack. There are other vulnerabilities as well.
[...] The deprecation will start from Chrome version 82 planned to be released in 2020 Q2.
This discussion has been archived.
No new comments can be posted.
Google Plans To Deprecate FTP URL Support In Chrome
|
Log In/Create an Account
| Top
| 37 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
If you want to read about love and marriage you've got to buy two separate
books.
-- Alan King
(Score: 0) by Anonymous Coward on Monday August 19 2019, @02:03PM (4 children)
Burn the web down and start over now we know what we want out of it.
(Score: 5, Touché) by ikanreed on Monday August 19 2019, @02:38PM
Did you mean: Burn the web down and start over now major advertisers know what they want out of it?
(Score: 3, Insightful) by Freeman on Monday August 19 2019, @02:41PM (2 children)
Yeah, no. You're only going to get what a few major corporations want out of it. I guarantee you, it's not going to be "more privacy" or "more anonymity", but much more along the lines of more money for $BigCorp.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Monday August 19 2019, @03:55PM (1 child)
It could be better built than it is, and this would undeniably aid big corps more than normal people, but this does not mean it wouldn't be better for normal people than it currently is which is what you seem to believe.
(Score: 1, Funny) by Anonymous Coward on Monday August 19 2019, @04:16PM
It's better to be screwed by google, than to be screwed by google AND whomever finds an exploit in the byzantine glass tower of shit the web forces them to build to screw you in the first place.
(Score: 4, Interesting) by SomeGuy on Monday August 19 2019, @02:55PM (15 children)
FTP was one of the standard applications of the Internet TCP/IP protocol suite, pre-dating the web.
Browser based FTP was never on-par with proper FTP clients. Proper FTP clients usually included features such as hierarchical browsing, drag and drop, multiple file selection, managing multiple downloads, wild card selection, and more.
Still, it was often handy to be able to just click a link in a web browser instead of installing a separate client.
One could even serve up HTML pages using FTP. Back when web servers were new, expensive, and buggy, that was not such a nuts thing to do. Still useful for readmes or such. However Firefox will be removing support for that specific ability:
https://www.fxsitecompat.dev/en-CA/docs/2019/all-ftp-resources-are-now-downloaded-instead-of-being-rendered/ [fxsitecompat.dev]
On the flip side, FTP was sort of a goofy protocol. It was always such a headache getting clients connected when there were proxies or firewalls involved.
Trying to automate anything via FTP was always a headache, as it was not a very robust protocol. Something failed and you often wound up with a zero length file and no error response returned.
Lack of encryption? Cry me a river. Filezilla has supported encrypted FTP for ages. They can implement a full media player in a browser but not some file transfer protocol? What a world.
(Score: 1, Informative) by Anonymous Coward on Monday August 19 2019, @02:59PM (8 children)
You talk like it's ancient history. FTP isn't dead, yet.
(Score: 4, Informative) by DannyB on Monday August 19 2019, @03:06PM (6 children)
The FTP client is dead. Corporate IT departments reject its installation. Why? Because Source Forge in their infinite wisdumb packaged the FTP client for Windows with an installer that "bundled" all kinds of sharknado goodfulness. The FTP client wasn't the only software that they provided this crapware delivery service for. Oh, and why? Because --> Advertising! The evil that will destroy the intarweb tubes.
Wha, wu, wuh's that? Other FTP clients you say? Are there actually any? For Windoze?
Or you could just not use FTP servers, and use WinSCP clients.
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 0) by Anonymous Coward on Monday August 19 2019, @03:27PM (3 children)
Not sure if there's snark here or not... Never heard of Filezilla, CoreFTP, or CuteFTP? Not to mention WinSCP itself does in fact do FTP.
I will be pleased to know that I don't have to worry about my one inbound and two outbound SFTP streams anymore since FTP is dead. ;)
(Score: 2) by DannyB on Monday August 19 2019, @03:40PM
I was referring to FileZilla.
I did not use any <no-sarcasm> tags.
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 3, Informative) by Pino P on Monday August 19 2019, @03:41PM
When SourceForge was owned by Dice Holdings, it distributed FileZilla and a bunch of other FTP clients with "DevShare" adware attached to them. This practice lasted from mid-2013 to early 2016 and ended when BIZX took over SourceForge and Slashdot.
(Score: 2) by Runaway1956 on Monday August 19 2019, @04:24PM
Sadly, if I were to mention FTP to our "IT" guy, he would be likely to get a blank look on his face. I'm pretty sure that he doesn't know what any of those clients are for. Word comes down from corporate that "We are installing blah-blah security suite, which will be pushed to all company computers next week. Please let us know of any problems." Then, 4 months later, blah-blah security suite disappears because the un-install has been quietly pushed, without any announcements. It was obvious from day one that blah-blah security suite brought the best machines to a slow walk, and older machines to their knees. And, the IT guy? He only knew that he couldn't load his internet games, and vidyas. Didn't have a clue what was happening.
Abortion is the number one killed of children in the United States.
(Score: 3, Insightful) by Thexalon on Monday August 19 2019, @03:30PM (1 child)
Last I looked, WinSCP clients can in fact work with FTP servers.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by DannyB on Monday August 19 2019, @04:31PM
If I had an FTP server, I might have discovered that. I've only used SSH / SCP to transfer files between locations, and across OSes for a long time. On Windows WinSCP, just because. And PuTTY, just because. But on Linux, I find that the standard common terminal application can run the ssh command, and most common Linux GUI file managers can take a URL to "mount" a remote directory using nothing but the SSH server on the remote machine.
oh, and the only Linux machines have SSH. From the one and only one Windows machine that I use, but don't own, I would not even try to run an SSH server.
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 4, Interesting) by SomeGuy on Monday August 19 2019, @03:17PM
No, but there are a lot of people that would love to kill it. And this change by Google is a step in that direction.
One thing that FTP can do that "web" shit still can't is upload large files. HTTP submit forms crap out with files over a certain size/time taken and they have no way to pause resume or otherwise manage the transfer. But now that I think of it, I'm not sure web browsers even support uploading via FTP. I seem to recall IE used to offer some Active X add on that embedded an enhanced FTP client as if it were part of the browser, but obviously I never used that.
It will be interesting, Google's search engine still indexes FTP sites. Will this also change? Ah, the good old days of searching for a file name and "Index Of" to find a download without log-in restrictions or insane advertising. (The comments about promoting advertising are quite right)
(Score: 2) by JoeMerchant on Monday August 19 2019, @03:19PM
In the 1980s, I used Kermit file transfer to download update components for our CAD/CAM system from the manufacturer... why don't we have full featured Kermit support in our browsers?!!!?! /s
On the slightly more serious side, I would really like to see a "developer mode" checkbox within Chrome that at least retains whatever FTP support they do have - protect the innocent and naive from accidentally exposing their privates via FTP, but keep the feature for people who are determined to use it. There are still plenty of places which are only accessible via FTP.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 3, Informative) by JoeMerchant on Monday August 19 2019, @03:40PM (2 children)
Jerry McGuire: SHOW ME THE MONEY!!!!
Where's the ROI for supporting a niche protocol used by a small number of professionals who are all going to point to FileZilla as a superior solution anyway no matter how good a job you do adapting the browser to it?
Interesting would be to somehow integrate FileZilla as a helper app within the browser, leveraging their code and development and somehow gaining ease-of-use through integration.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 0) by Anonymous Coward on Monday August 19 2019, @04:36PM
"somehow gaining ease-of-use through integration."
What would a hybrid of an Amoeba and a Pig sound like?
(Score: 2, Insightful) by Anonymous Coward on Monday August 19 2019, @04:46PM
The real issue is that Indian/Google software is such a rat's nest that half of it breaks any time they touch anything. Otherwise, work that was already done, like FTP support is done, could stay done.
(Score: 1, Funny) by Anonymous Coward on Monday August 19 2019, @04:31PM
Dafuq are you talking about? Proper FTP clients had hash, mget, binary and get foo "|more
(Score: 2) by Username on Monday August 19 2019, @10:38PM
>Trying to automate anything via FTP was always a headache, as it was not a very robust protocol. Something failed and you often wound up with a zero length file and no error response returned.
What I did was create a MD5 hash index of all files located on server, filename|hash format inside. Then when the file was downloaded you could parse it for the file name and trim for last 32 char for hash, then check hash, and redo until 3 fails or matching hash.
(Score: 5, Insightful) by Anonymous Coward on Monday August 19 2019, @03:08PM (3 children)
“The major motivation for this deprecation is that Chrome doesn't have an encrypted FTP connection support(FTPs)”
So why the hell don’t they add support for FTPS instead of removing support for FTP?
My guess is because they don’t have a way to push advertisements over FTP.
(Score: 2) by DannyB on Monday August 19 2019, @03:41PM
DING! DING! DING!
We have a winner!
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 0) by Anonymous Coward on Monday August 19 2019, @07:18PM
Well one reason is that FTPS doesn't actually work on most people's networks[1] so it is kind of silly to implement support for a protocol that basically nobody can even use, and everyone who actually cares about making FTPS work probably doesn't care about it being supported by chrome.
[1] Since the control messages are encrypted, stateful firewalls cannot inspect packets to associate the transfer connections with the control connection like they often do with regular FTP.
(Score: 0) by Anonymous Coward on Tuesday August 20 2019, @04:07AM
Or accept cookies that track and/or authenticate downloads.
(Score: 3, Interesting) by Gaaark on Monday August 19 2019, @03:47PM (2 children)
wget -c
saved my life and got me distro hopping on dial-up. Without that amazing "-c" i couldn't get an entire distro in one night: with it, i was able to split it up over a couple nights. What a sweetie -c is.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Funny) by Runaway1956 on Monday August 19 2019, @04:29PM (1 child)
Yeah, but I wish you had told me about that around 1999 or so. I desparately NEEDED something like that then, and knew nothing about it. :^(
Abortion is the number one killed of children in the United States.
(Score: 2) by Gaaark on Monday August 19 2019, @09:52PM
Ha, I didn't discover it until sometime just before my son was born so yeah: sometime around late 1999 myself.
Bought McMillan Redhat (4.6?? 5.2?? My mind is losing it a bit) at Future shop (basically an enhanced Redhat (like Mandrake was)).
Installed it, played with it and then started distro hopping.
Failed a LOT of downloads with wget until I RTFMan-page. What a fecking relief that discovery was.
HOLY shite!: Someone still sells it, lol. 5.2! (Not sure why you'd want to buy it, though: unless you have an old computer and no internet connection! (Oh....wait a second.....where's the nearest eBay box store?)
https://www.ebay.com/p/Macmillan-Complete-Red-Hat-Linux-5-2-Operating-System-Deluxe/1401524509?ul_ref=https%253A%252F%252Frover.ebay.com%252Frover%252F1%252F711-53200-19255-0%252F1%253Ficep_ff3%253D2%2526pub%253D5574933636%2526toolid%253D10001%2526campid%253D5337956166%2526customid%253D%2526mpre%253Dhttps%25253A%25252F%25252Fwww%25252Eebay%25252Ecom%25252Fp%25252FMacmillan-Complete-Red-Hat-Linux-5-2-Operating-System-Deluxe%25252F1401524509%2526srcrot%253D711-53200-19255-0%2526rvr_id%253D2081586523930%2526rvr_ts%253Dabd64d0116c0a9e4c2c034acfffcb3c1 [ebay.com]
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Insightful) by theluggage on Monday August 19 2019, @04:36PM
Of Google's recent decisions...
"Chrome say HTTPS good HTTP bad!": stupid. Result: lots of demand for free and easier-to-obtain certificates, blind faith in the Holy Padlock (clue: bad guys can get https certs too!) and/or training people to ignore "not secure" warnings - major risks to balance against a pretty limited resilience to snooping/injection (your ISP/employer/rogue hotspot operator probably forced you to install a cert for their proxy anyway). If you can't validate the identity of the server then encryption is as much use as a steel door on a tent.
Depreciating extended validation: stupid. If nobody is using or checking it - promote it so that they do - nobody taking payments or collecting other sensitive data should be relying on regular certificates that only prove that whoever runs 'bankofarnerica.com' has root. Oh, and stop making it more and more difficult to actually view a certificate to see who it was issued to.
"Removing FTP": Yawn. ftp:// made sense in the good old days when there were endless treasure troves buried in anon FTP servers, but its 2019 and if you can't work out how to install and use a proper FTP client (and haven't switched to FTPS or sftp) then you probably don't need FTP.
(Score: 2, Touché) by Anonymous Coward on Monday August 19 2019, @04:38PM (4 children)
The Google's pet spyware...err, "browser" is for the too-clueless-to-feed-themselves-unsupervised end of the demography.
(Score: 1, Informative) by Anonymous Coward on Monday August 19 2019, @05:15PM (2 children)
yeah
and it got readily pushed by IT whiz kids that seemed to know how to run the wizard better than anyone else
the glory days are gone. it is very hard to avoid using software like chrome now that pretty much its been standardized
say what you want about alternative browsers, but banks and ecommerce sites make life hard when they don't even let you log in and do things when they check the browser identifier and simply brand you as a hacker or insecure grandma because you dont use chrome.
then if you fake the browser ID to make it work... well. i've been kicked off of my bank's online services because their IT help person in another country thought I was a bad person for not following his instructions and his failure to grasp how browsers work.
(Score: 0) by Anonymous Coward on Monday August 19 2019, @09:07PM (1 child)
When you put your money with some too-big-to-fail monstrosity, you have only yourself to blame for any consequences. It is human nature that they'll treat you like shit if they have a shitload of clients just like you.
(Score: 0) by Anonymous Coward on Tuesday August 20 2019, @07:14PM
Much of the online banking software is driven by cargo-cult programming. If a consortium decides that only requiring chrome or firefox less than two weeks old is "best practice", chances are that pretty soon even your nice bank will have to go along with a shitty online banking service.
(Score: -1, Spam) by Anonymous Coward on Tuesday August 20 2019, @02:26AM
Yakima, WA is for the too-clueless-to-feed-themselves-unsupervised end of the demography.
There, FTFY.
How to steal a city: Montes v. City of Yakima - https://www.aclu-wa.org/cases/montes-v-city-yakima-0 [aclu-wa.org]
How to steal a state budget: McCleary, et al. v. State of Washington - Supreme Court Case Number 84362-7: https://www.courts.wa.gov/appellate_trial_courts/supremecourt/?fa=supremecourt.mccleary_education [wa.gov]
(Score: 4, Interesting) by sjames on Monday August 19 2019, @07:31PM
Now if they would just let us know when non-Google sponsored URLs will be deprecated...
(Score: 1) by doke on Monday August 19 2019, @08:25PM (1 child)
I can't remember the last time I used ftp in a browser. I have programs that use it hundreds of times a day to collect information from routers and switches. ssh and snmp add too much load on their small cpus, and create too much latency. Sometimes, I use it from a command line to move router firmware images around, or to test stuff, but never from a browser. For one thing, the browser ftp clients I've seen are more limited, they only do get, not put, let alone mput.
(Score: 2, Insightful) by Anonymous Coward on Tuesday August 20 2019, @02:58AM
About once a month, I get an email with some ftp links in it -- these let me download large files of test data for analysis. Since the data isn't generated on a regular basis (it comes from a test lab that does work for many different companies), it's hardly worth automating the download. And rather than the extra steps of learning and then firing up a separate ftp client, it's really simple to click on the links and get the data files.
Firefox has been doing a good job for me, for about 10 years now--hoping they don't follow Chrome down this path.