43 Folders

Back to Work

Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.

Join us via RSS, iTunes, or at 5by5.tv.

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Panic's stevenf: Time to Dump FTP

stevenf.com ("Don't Use FTP")

Transmit is Panic's FTP app -- which does indeed support SFTPSteven Frank, one of the boys wonder behind Panic and their excellent Transmit app says it’s high time to dump FTP in favor of its smarter, sexier sister, SFTP. Of which Steven says “It’s secure, it’s consistently implemented, and it’s machine-readable.”

A lot of people who have used FTP daily for years are surprised to learn that they're sending everything in the clear -- that means the stuff you're uploading as well as your actual password. Makes you think twice about what you're throwing through the air as you update your blog templates via "free WiFi."

Steven says:

If your host doesn't support SFTP, you should find a different host. It's not hard to support, and it's ridiculous to force people into using insecure protocols in the year 2008. Ask them, for example, why they don't support telnet. FTP is no better.

FTP has served us well, but it's time to move on. You wouldn't use a 23 year old computer to do your work, so don't use a protocol from the same vintage. Demand modern transfer protocols from your host.

I agree. If you're unsure whether your host will let you do SFTP (and SSH in general), ask. You may indeed need special permission (many providers "jail" garden-variety users in a way that disallows SSH without special permission). You may also need to find the correct port. On my host, A2, for example, you have to run SSH and SFTP on the unconventional port 7822, but it works like a charm once you're up.

Great suggestion, Steven. Worth getting the word out.

galdor's picture

Why every hosting provider

Why every hosting provider doesn't provide ssh/sftp support ? Perhaps because crypting/decrypting large amount of data requires a lot more CPU cycles than sending them in clear.

Crypto acceleration cards cost a lot of money, I think it's why you only find secure connections on middle/high-end hosting.

For people who are really serious about security, a small dedicaced server worths the price.




An Oblique Strategy:
Honor thy error as a hidden intention


Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed


Merlin used to crank. He’s not cranking any more.

This is an essay about family, priorities, and Shakey’s Pizza, and it’s probably the best thing he’s written. »

Scared Shitless

Merlin’s scared. You’re scared. Everybody is scared.

This is the video of Merlin’s keynote at Webstock 2011. The one where he cried. You should watch it. »