Google Plans To Remove All FTP Support From Chrome (mspoweruser.com) 119
An anonymous reader quotes MSPoweruser:
Google Chrome always had a bit of a love-hate relationship when it comes to managing FTP links. The web browser usually downloads instead of rendering it like other web browsers. However, if you're using FTP then you might have to look elsewhere soon as Google is planning to remove FTP support altogether.
In a post (via Techdows), Google, today announced its intention to deprecate FTP support starting with Chrome v80. The main issue with FTP right now is security and the protocol doesn't support encryption which makes it vulnerable and Google has decided it's no longer feasible to support it.
In a post (via Techdows), Google, today announced its intention to deprecate FTP support starting with Chrome v80. The main issue with FTP right now is security and the protocol doesn't support encryption which makes it vulnerable and Google has decided it's no longer feasible to support it.
Wrong (Score:5, Informative)
"The main issue with FTP right now is security and the protocol doesn't support encryption"
It's called FTPS and you can switch to it from a standard unencrypted FTP session.
Remember when the summaries bore a semblance to reality? No? Well, me neither. But this is beyond ridiculous.
Chrome security (Score:5, Informative)
FTPS (FTP encrypted with TLS) should not be confused with SFTP (SSH).
hey I'm sure they would take a patch to add in FTPS with TLS 1.3, go for it !
Re: (Score:2)
Solid Explorer for Android (and a bunch of other file managers) offer an FTP server option as a quick way to transfer files wirelessly between a phone and a PC. I use it all the time. Before I figured out how to access an FTP server from KDE's Dolphin file manager (which handles it really nicely, by the way), I would use Chrome to access the phone's FTP server - which got the job done.
I assume this is all relatively safe, since it operates on my wifi system's private 191.168.1 network. Anyway, typing in
Re: Chrome security (Score:2)
Even easier is cifs on Android, which can be both client and server.
Re: (Score:1)
Re: (Score:2)
I know right. It's like a command line interface. Or a mouse. So 1999.
Say this with Valley Girl accent for maximum representation of sheer arrogant stupidity that you just allowed to slip from your lips.
Re: (Score:2)
Re: (Score:2)
Uploads via a web server long ago reached the same level of efficiency as an FTP server and have many more options for security.
Re: (Score:1)
Re: (Score:3, Funny)
It's called FTPS
Oh yeah I read about that once. It is a strange abbreviation for "File Transfer Protocol not-Supported by any server on the internet"
Re:Wrong (Score:5, Informative)
It's called FTPS
Oh yeah I read about that once. It is a strange abbreviation for "File Transfer Protocol not-Supported by any server on the internet"
Yeah, it's only supported by IIS, vsftp, proftpd, pureftpd, and all of the other popular ftp servers [wikipedia.org]. There's hardly any support for it at all given that it is supported by practically every server actually installed. Wait, what?
Re: Wrong (Score:1)
Server software is not the same as a server.
Re: (Score:1)
Server software is not the same as a server.
Very good! You get a cookie! *LART*
Oh, did I say cookie? I meant *LART*
The server (computer) supports the protocol if the server (software) running on the server (computer) supports it. Whether it's active is another matter, and if it is not, that is a situation easily remedied in this age of free and/or self-signed certificates.
*LART*
Re:Wrong (Score:5, Insightful)
WTF is their REAL motivation??
They can't be so ignorant of a team as to think FTP is too hard for a massive corporation with help from opensource and 2 other massive corporations to maintain already implemented features AND be unaware of FTPS?
Meanwhile they keep messing with HTTP variations when it worked well enough as it was... when HTTP needed help was back before broadband, now it's not worth changing when the biggest problem is advertising bloat, JS bloat and putting everything over TCP/HTTP because network admins went crazy.
Re:Wrong (Score:5, Insightful)
Maybe they don't want to support a protocol that doesn't allow showing advertisements, which is their main source of income.
Re: (Score:1)
but hey lets keep FTP around for reasons
Re: (Score:2)
... Imagine downloading an ubuntu iso from an open FTP server...
Yeah, like you would download from some random site. Oh, wait, maybe you would.
Re: (Score:2)
Yes, it's a shame that neither Ubuntu nor any other OS distro use some kind of checksum, maybe like SHA512, and make it visible on their front page to mitigate exactly this kind of thing.
Nope, not a single one. /s
Re: (Score:2)
Re: (Score:2)
TCP only makes sense. TCP is necessary for NAT to work, as well as port forwards, tunnels, etc. Anything else would be a mess. People who use UDP create more trouble than its worth.
NAT is the problem. (Score:2)
I don't hate TCP but we are forcing everything over port 80 TCP because of paranoid sysadmins blocking everything... which is pointless since it's driving everything to tunnel around in port 80.
Don't blame UDP! Blame IPv4 not scaling and needing NAT. RTP is not being used like it should because we jam everything over HTTP.
Re: (Score:2)
My guess this is about cloud storage. FTP is a solid competitor for Google Drive on consumer level where even one mildly tech-oriented person exists in the family. It's simple to deploy in your home network on consumer level and this data never leaves you local network, making it much harder for Google to get their hands on it. You could just give you luddite grandma a link in email to click on via Chrome to download latest family video you don't want Google/Facebook to have access to, or give your signific
Re:Wrong (Score:4, Informative)
I think the goal is to make Google Drive the Gmail of file-storage.
The "problem" with FTP is that you can't FTP a file from Google Drive to (for example) your hosting provider.
So first they'll kill off FTP, breaking a large part of the internet and creating a problem that needs to be solved. Then they'll swoop in and replace it with a new file-transfer protocol that also happens to support pulling from a Google Drive. Overnight Chrome can become the internet file-manager with the largest user-base, and services that consume files (ie. hosting providers) will start supporting the new protocol. This will force the other file-transfer services (ie. Dropbox, OneDrive, iCloud) to adopt the protocol too. Eventually Google will own the protocol, the default file-manager, and Google Drive can become the default file-storage service so Google can start charging people to store all those files that currently sit on hard drives not making them any money.
Re: (Score:2)
"The "problem" with FTP is that you can't FTP a file from Google Drive to (for example) your hosting provider."
That's a problem with Google, too. That functionality is available in an extension to ftp called FXP (RFC 959).
Re: (Score:2, Insightful)
FTP was always poorly supported by all web browsers, not just Chrome, and I'd throw in Windows Explorer and the built in Windows command-line FTP program with them. Anyone using it in anger would be much better off using a fully featured client like Filezilla, so Google is doing its users a service here, forcing them to go out and look for alternatives (but sadly, most will probably switch to using Windows Explorer).
Re: (Score:2)
Webpages occasionally embed ftp content. It's not doing the user a favor to force them to use a helper program when they just need to download or display one file, and that would better be integrated with their browser.
If a user needs to do a lot of FTP, they are certainly better off with something else. But that's not really the primary browser FTP use case any more. Most FTP users probably aren't even aware they're using FTP.
Re: (Score:2)
Webpages occasionally embed ftp content.
Which webpages do this in 2019? All the major anonymous FTP sites now run both https and ftp servers giving access to the same content. For downloading FTP might work, but anyone running a serious download site knows that browsers lack support for the reget command, while HTTP Range support is well supported, so for browser use, HTTP is much better.
Re: (Score:1)
FTPS does NOT make FTP secure. Sprinkling encryption over a crappy protocol does not somehow fix the crappy protocol. For FTP servers, which have had an amazing amount of vulnerabilities in the past, FTPS only makes the problem worse by introducing even more complexity.
Encryption helps if you have two entities who trust each other trying to deal with adversaries interfering. To an FTP server, the client is likely to BE the adversary, and vice versa.
Re: (Score:2)
FTPS does NOT make FTP secure.
Why do you imagine that it doesn't achieve that for the user? It's no less secure than SFTP. You can connect securely, or you can connect insecurely but anonymously, then elevate to a secure connection. Either way, the entire exchange of sensitive information is encrypted.
For FTP servers, which have had an amazing amount of vulnerabilities in the past, FTPS only makes the problem worse by introducing even more complexity.
Everything had an amazing amount of vulnerabilities in the past. We live in the present. Try to keep current.
Re: (Score:2)
We've had an amazing amount of vulnerabilities of http in the past
Name 3. Bugs in TCP or in web applications don't count, it has to be vulnerabilities in the implementation of the HTTP protocol itself.
Re: (Score:2)
"The web browser usually downloads instead of rendering it like other web browsers."
That summary doesn't resemble English, at least the version I use to communicate information. Not having used it for FTP what does that even mean, dashslot? When can I moderate "editor's", and I use that term ironically.
Re: (Score:2)
I'd guess that if you click on a txt file for example, it downloads it instead of rendering it. Same with other file formats the browser understands.
Re: (Score:2)
I think they're talking about README files and other typical text file patterns, which Firefox shows as text in the browser, while Chrome downloads them. Since FTP does not have any mechanism for communicating file type, Firefox must be relying on file name matching.
Re: (Score:2)
I think they're talking about README files and other typical text file patterns, which Firefox shows as text in the browser, while Chrome downloads them. Since FTP does not have any mechanism for communicating file type, Firefox must be relying on file name matching.
They could also be using magic. I've noticed that browsers generally all start downloading a file while they're asking you about it. By the same token, they can be downloading a file while thinking about what to do with it. If a perusal of the head of the file shows that it's 7bit data, then it's reasonable to display it as text when clicked.
I'd guess it's actually just name matching, but I'm not going to look.
Re: (Score:2)
>It's called FTPS and you can switch to it from a standard unencrypted FTP session.
"ftps" is not widely used; you'd be lucky to find an FTP server that happens to be serving FTPS as well. It's also not widely implemented on FTP clients; it just never took off. The primary reason for this is the SFTP protocol, aka file transfers over SSH. There is little to no reason to not use SFTP, other than anonymous FTP and you're FAR better off using https for this.
There's very few sites still serving files with FTP
Re: (Score:2)
What is this FTP server software in 2019 (aka something that is still in maintenance and runs on an OS still in maintenance) that does not also support FTPS?
However I concur that SFTP killed FTPS, and http/https are mostly better for doing anonymous FTP. I guess the only issue is what the replacement for anonymous FTP uploads?
Re: (Score:2)
ftp is both a protocol and a command, and nobody with a clue has used ftp(1) for file transfers since ncftp, as it is such a superior implementation of the client side.
Re: ncftp (Score:3)
--I used to use ncftp years ago, but found lftp had some nice features. Worth checking out if you still use commandline ftp clients.
Re: Wrong (Score:2)
Re: (Score:2)
Being able to switch an existing session is a security flaw since this is what allows a protocol downgrade man in the middle attack to happen. HTTPS did things the right way by using a different port number and having no upgrade command to switch to SSL, thus when the browser connects to a server HTTPS port that is supposed to be SSL, and it does not support SSL, it indicates to the browser something is wrong.
Re: (Score:2)
Re: (Score:2)
They're getting rid of that too, for security reasons, too many people using HTTP are getting viruses. HTTP = hyper text trojan protocol
Re: Wrong (Score:2)
Yeah, but few FTP servers support it, so it's kind of pointless from Google's point of view.
Re: (Score:2)
Re: (Score:2)
Re: Wrong (Score:3)
time to stop useing Chrome and use waterfox! (Score:5, Interesting)
time to stop useing Chrome and use waterfox!
Chrome is removing way to much stuff.
Re: (Score:3, Funny)
Since you seem to be looking for one piece of software that does everything all at once, may I perhaps offer you this realplayer_installer.exe straight out of the 90s?
Re: (Score:2)
Since you seem to be looking for one piece of software that does everything all at once, may I perhaps offer you this realplayer_installer.exe straight out of the 90s?
No, but you could offer me Kodi, which not only includes the kitchen sink, it also makes julienne fries.
Re: (Score:1)
Or NutScraper ...
"Do No Evil" (Score:1)
2019 version: "Do *Only* Evil, Disguised as Public Interest".
Re: (Score:2)
I think the majority of users would be better served by using Firefox proper. Waterfox is for some people who wants specific features such as some extensions and plugins.
Recommend people what fits their use-case, not everybody needs the same as you.
Re: (Score:2)
Re: (Score:3)
>"time to stop useing Chrome and use waterfox!"
Or you could just use Firefox and have a much more modern browser than Waterfox, with more security updates, newer standards compatibility, and a much, MUCH faster engine. Waterfox and such were reactions to an awkward Firefox period that is mostly [thankfully] over. Let's examine the 4 features they tout on their website:
*No Telemetry: You can already turn it all off in Firefox.
*Limited Data Collection: Same as above.
*Bootstrapped add-ons: I don't see
What Does This Mean For Brave? (Score:5, Interesting)
The Brave browser (and Dissenter as well) are both Chrome-based. Will they also deprecate FTP support, will they modify subsequent Chrome versions to include FTP support, or will they switch to another core browser altogether?
Strat
Re: What Does This Mean For Brave? (Score:2)
Brave is ad supported.
Re: (Score:1)
Re: (Score:2)
>"The Brave browser (and Dissenter as well) are both Chrome-based."
Pretty much all multiplatform browsers that are not Firefox *are* Chrome/Chromium (and many that are single-platform, like Edge, are too). They have handed over almost everything to Google. If you are frustrated with Google or Chrome, or worried about their influence and your privacy, or future open standards (and you are not using Safari on MacOS), you really only have one choice left: Firefox. Best to make that choice before Google
How big an issue is this? (Score:5, Insightful)
I'm trying to remember the last time I used FTP (secure or otherwise) for any file transfers and I'm guessing it's close to 10 years. Along with that, I've never used a web browser to do it - I settled on MoveIt Freely but I haven't needed to use it for years.
I can criticize Google for a number of the changes/restrictions they've made recently to the browser but this one doesn't seem like it's going to make a huge difference in people's web experience.
Re:How big an issue is this? (Score:4, Insightful)
My kneejerk reaction was, "BAD!", but I thought it over. I use HTTPS/SFTP for everything if possible--if for nothing other than avoiding MITM'd content. I can't be the only person that ever replaced images in network traffic (on my own network, thank you) with kittens.
It's past time to move to a default stance of "everything is end-to-end encrypted and signed", even if with ephemeral keys, just so we know that communication with a given party continues to be communication with that same party (even if not tied to a real world identifier).
Re:How big an issue is this? (Score:4, Insightful)
Okay people. Time to retire FTP since mykepredko hasn't used it for a while.
Seriously dude, why the hell do you think your personal experience is representative for all mankind?
Question Repeated:How big an issue is this? (Score:3)
I have no idea whether or not my personal experience is representative for all mankind.
Which is why I asked the question.
Re: (Score:3)
Seriously dude, why the hell do you think your personal experience is representative for all mankind?
Probably because it is. FTP is rarely used for anything on the internet these days. Sure the odd Linux project offers an FTP download but that's more to placate the likes of you, where as the rest of us will be clicking the perfectly function HTTP link next to it, or the magnet link.
FTP had a purpose. That purpose never aligned with web browsers, that was more of a quirk. That purpose is also gone for anything someone would use a web browser for (no browsers supported multiple uploads, multiple downloads, F
Re:How big an issue is this? (Score:5, Informative)
Just because you don't run into it doesn't mean it's not used. NOAA, for instance, distributes climate data via FTP. Several other government agencies use it as well. Indeed, when the jerks in D.C. held their latest game of chicken, some of these were the only available repositories of data because they were overlooked when all of the web servers had "Closed due to absence of funding" messages.
I use it daily (Score:2)
I literally FTP every single day.
Used it Friday, first time in a year. Windows (Score:2)
I happened to use FTP on Friday.
I needed to copy a file from my own Linux machine to my corporate Windows laptop. Normally I copy files with either scp or rsync (over ssh). Strangely, it seems Windows STILL doesn't have a way to just quickly copy a file from here to there. You can set up network shares and spend some time configuring them to be non-stupid, but nothing quick and easy like "scp rh.iso clatlptop:/tmp"
Typically it seems Windows is only 10-15 years behind Linux, but this is 25 years behind.
Re: (Score:2)
Personally, I use PuTTY to SCP for Windows and Mac transfers with Linux. That way I have a consistent interface between systems.
I don't have the corporate Windows system issue (which I'm surprised their IT allows you to FTP files).
Re: (Score:3)
Just install openssh support in windows 10. It has been a feature you could turn on for more than a year now. With that you get ssh, scp, sftp, ssh server etc. There is no need for things like putty anymore. I have been using ssh under windows for over a year now without issues.
Re: (Score:2)
Yes please use the built-in Windows versions of openssh so that all your password and files can belong to Microsoft.
Re: (Score:2)
> There is no need for things like putty anymore
--How short-sighted of you. Putty has lots of configurability, is independent of the OS (also ships as a portable app), and you can overlay Superputty on it.
--If you're happy using the new builtin ssh on Win, go for it. But don't say things that other people use on a regular basis just aren't necessary anymore.
Re: (Score:2)
one more nail to Chrome coffin (Score:5, Informative)
Once you step on the yellow brin road of evil, there is no turning back.
There are millions of users of major scientific information websites, like NIH (protein and genomic sequences) or NOAA (climate change raw historic data anyone?) that still use FTP.
Re: (Score:1)
An ad brand does want to keep supporting ftp so the internet will have to change.
For the security and encryption of the ads.
Re: (Score:1)
There are millions of users of major scientific information websites, like NIH (protein and genomic sequences) or NOAA (climate change raw historic data anyone?) that still use FTP.
So use an FTP program, or maybe it's time for websites to leave the 80s.
For all your millions of users anecdote I'm more inclined to think a company whose product is known for the amount of "telemetry" it gathers actually has data that shows FTP isn't relevant.
Re: (Score:3)
So, because FTP isn't important for the mainstream user who only watches kitten videos on YouTube, it should be removed from Chrome despite being important in the scientific community?
I mean, it's Google's browser, and they only care about ad revenue, so it's kitten videos all the way, but it's still a dick move.
Feasible? (Score:4, Insightful)
Re: (Score:3)
The flip side of that argument is that they can't be imposing their standards on everyone--or they would be the de facto standards-making body. Are you suggesting that the IETF is so thoroughly obsolete?
It's just a browser. Can't you just go download something else? ;)
</devilsadvocate>
Re: (Score:2)
Just like IE6 was "just a browser". When the tool that most people use becomes an obstacle to experts, it's a bad situation in general.
Re:Feasible? (Score:4, Informative)
They're pushing a browser, not a firewall with a GUI.
In fact, they want to deprecate firewalls as well. Their solution is for hosts to only have HTTPS services with a global SSO server [slashdot.org].
Re: (Score:1)
It sounds more like they just want to impose their standards on the Internet with no regard to what they break.
You mean HTTPS? That standard of "theirs"? FTP in browsers has always been a peculiar quirk with no real purpose after about 1995, and even back then most sane users would use an FTP program to transfer files. The browsers couldn't queue, couldn't handle directories, would be inconsistent on what they did with a file based on (wait for it) HTTP Mime types, couldn't upload, didn't support FXP, didn't correctly implement ASCII vs binary modes.
It's good we're finally rid of this stupidity.
Re: (Score:2)
Depended on the browser. NS2.02 for OS/2, released in '96 I believe, handled FTP quite well including being able to drop an object on it to upload. I believe it was just permanently set to binary.
Why does everything have to be secure? (Score:3)
What is this new era of making everything secure or worse give a feeling of security?
FTP is a wonderful and simple protocol with fairly simple, low resource consuming, server implementations. Of course it isn't a secure method of transferring data. But that's OK! It has its use cases where we don't need to waste the extra CPU cycles putting down garbled layers.
If folks are putting sensitive data on FTP, then no amount of technology will prevent them from their own ignorance.
Re: (Score:3)
FTP is not a particularly good protocol in general.
Whether active or passive, it's a firewall/NAT headache for client and/or server..
In terms of resource consuming, HTTP servers fit the bill nowadays when so configured (i.e. no CGI scripts, using reverse proxy to programmatic content rather than embedding in the webserver).
The frustration of course is lack of a standardized way to present a browsable filesystem to client. For HTTP, the general approach is to imitate Apache's AutoIndexes. It would be nice
Re:Why does everything have to be secure? (Score:5, Insightful)
So if I want to transfer a file from my laptop to my server I should ... install and configure a secure web server, certs and all, because that's the One True Way to transfer a file?
FTP has its place, just like scp does.
Re: (Score:2)
--If you have netcat on both ends and an SSH connection, NC can be quite useful. Search for "fun with netcat" articles - you can tar up files/dir on the source side, pipe it over netcat, and untar it on the other side using an arbitrary (of course non-firewalled) port.
Re: (Score:2)
Or just sftp for more 'batteries included' experience to supersede ftp.
Re: (Score:2)
Its called WebDAV
Re: (Score:2)
If folks are putting sensitive data on FTP, then no amount of technology will prevent them from their own ignorance.
I'd argue that gpg counts as "technology". And I put security-sensitive data on FTP this way daily. Of course, it'd be easy to replace FTP with something like http PUT, but no one bothered to do so.
Re: (Score:3)
FTP is a wonderful and simple protocol
Indeed. There's nothing wrong with the protocol. However it's implementation in browsers is stupid, inconsistent, doesn't present most of the functionality, and fundamentally defeats the whole purpose for FTP to exist.
If this convinces people to actually use a proper FTP client then I'll be cheering on Google.
Re: (Score:2)
"If this convinces people to actually use a proper FTP client then I'll be cheering on Google."
It won't. It will convince people to use http where they should use ftp.
Re: (Score:2)
No, the protocol is crap.
There's the ASCII/binary mode that is of little use except for corrupting files. There's the multi-port usage with its firewalling and NAT problems. There's the active and passive modes. There's the LIST command which returns directory listing in a completely arbitrary format, not intended for machine parsing. It's also slow for automation because of the roundtrips needed, so it's not a good protocol to download a large directory tree.
Also, pretty much nobody cares about FTP these d
Good riddence (Score:3, Insightful)
FTP was never a very good thing. It's always been dodgy with certain network configurations.
There's just so many better ways to do this, these days. Like... HTTP for casual browsing of file repositories and unauthenticated transfers.
And SCP, SFTP for the authenticated transfers.
And TFTP for network boot. Though I think we should move this to HTTP as well.
FTP just has no real place any more. Let it die.
Re: (Score:2)
I'll go one step further. FTP *never* had a place in a browser. Not with the implementation we got. FTP clients exist for a reason.
Re:Good riddence (Score:5, Insightful)
Ugh. You're both wrong. And I'll tell you why. That's what Slashdot is for, right?
At the time when the browser came into existence, there was a lot of information available via FTP, a fair bit in gopherspace, and almost nothing on the WWW. It was an absolute necessity to support other protocols then, because most of the data you might conceivably access from a webpage wasn't accessible via HTTP. The implementation didn't have to be as complicated as a full FTP client because full FTP clients were readily available. For the purpose of being in a browser, it just had to be able to retrieve content, and display it when possible.
Today, there is not very much information accessible via FTP, but the information which is available is important. It's probably not very important to have most of it available from your browser, sure. But it's still a reasonable way to distribute some content to browsers, like images which are the main content of the page. If you're already using FTP to distribute other data sets, why not pitch your dynamically generated imagery onto the FTP server as well, and not have to worry about making it accessible by HTTP at the same time?
FTP is still superior for doing what it does best, providing browseable downloads, so it should continue to exist. If it continues to exist, there will continue to be reasons to support it in the browser. FTPS is broadly supported by the most popular software on both ends of the connection. It should not be a great hardship to implement FTPS in the browser (there must be a whole bunch of libraries that do it already) but that is really beside the point, because encryption doesn't actually matter very much for the primary browser use case — web browsing.
That's like... (Score:1)
Itâ(TM)s a we. Browser not an FTP client (Score:4, Insightful)
Keep FTP for backward compatability (Score:4, Insightful)
There is an advantage that FTP has, in that it provides a standardized structured way to provide a list of files and directory structure, whereas with HTTP and HTML, a file listing is up in the air to the whims of whoever is writing the server. This is a huge headache when you need to programmatically deal with the file and directory lists. What would resolve this is an XML protocol that can be used in HTML to provide a standardized way to send a file and directory structure.
Due to the way that FTP does connections and ports, however, its a difficult and inflexible protocol especially over NAT and tunnels.
Neverthless, he should be kept for backward compatability with FTP sites, its a mistake for Chrome to drop support,
Re: (Score:2)
It might be difficult on the server side, but that's not the job for Chrome anyway and an FTP client is very simple and easy to write.
sftp (Score:1)
Everyone still using FTP knows about clients. (Score:2)
That problem was solved when the earth was young.