43 Folders

43 Folders feed subscription icon - Shiny!Time, Attention, and Creative Work. After 4 years and a lot of productivity pr0n, we’re shifting gears. Re-learn how to use 43 Folders. Then back to work. [»]

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Panic's stevenf: Time to Dump FTP

Merlin Mann | Jul 14 2008

stevenf.com (“Don’t Use FTP”)

Transmit is Panic's FTP app -- which does indeed support SFTPSteven Frank, one of the boys wonder behind Panic and their excellent Transmit app says it’s high time to dump FTP in favor of its smarter, sexier sister, SFTP. Of which Steven says “It’s secure, it’s consistently implemented, and it’s machine-readable.”

A lot of people who have used FTP daily for years are surprised to learn that they’re sending everything in the clear – that means the stuff you’re uploading as well as your actual password. Makes you think twice about what you’re throwing through the air as you update your blog templates via “free WiFi.”

Steven says:

If your host doesn’t support SFTP, you should find a different host. It’s not hard to support, and it’s ridiculous to force people into using insecure protocols in the year 2008. Ask them, for example, why they don’t support telnet. FTP is no better.

FTP has served us well, but it’s time to move on. You wouldn’t use a 23 year old computer to do your work, so don’t use a protocol from the same vintage. Demand modern transfer protocols from your host.

I agree. If you’re unsure whether your host will let you do SFTP (and SSH in general), ask. You may indeed need special permission (many providers “jail” garden-variety users in a way that disallows SSH without special permission). You may also need to find the correct port. On my host, A2, for example, you have to run SSH and SFTP on the unconventional port 7822, but it works like a charm once you’re up.

Great suggestion, Steven. Worth getting the word out.

9 Comments
POSTED IN:
TOPICS: Internet, Security
stevenf's picture

It's not just the crypto

Submitted by stevenf on July 14, 2008 - 3:00pm.

Nate, you make several good points from the POV of a hosting provider that I hadn’t considered.

Encryption is important, and FTP-TLS does provide that, but it doesn’t help with any of the other issues, as it’s just the same old protocol tunneled over a secure connection.

We get daily emails from users baffled by why “simple” things like setting modification dates or changing permissions won’t work for them. Or why they get timeouts when trying to upload or download something, even though it works fine for the guy down the hall. We can sometimes resolve these problems, but a lot of the time, it’s genuinely a server problem that we can’t fix without breaking some unknown other number of users with the opposite problem.

It’s an unwinnable balancing act that we workaround as best we can, but there is no 100% reliable set of workarounds that works for everybody as there are simply so many different varieties of FTP server, each with their own unique bugs and behaviors. A great deal of buggy servers don’t even uniquely identify themselves, so we can only guess which set of workarounds to apply.

SFTP provides a better experience at the end-user level. For people who want to just get a file from here to there, it just works. And that’s why I think it’s a better option for the future.

» POSTED IN:
 
EXPLORE 43Folders THE GOOD STUFF

An Oblique Strategy:
Honor thy error as a hidden intention

STAY IN THE LOOP:

Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed

Inbox Zero

The original 43 Folders series looking at the skills, tools, and attitude needed to empty your email inbox — and then keep it that way. Don’t miss the free video of Merlin’s Inbox Zero presentation.

Making Time

3-part series on attention management for artists and makers. Read Bad Correspondence, The Job You Think You Have, and One Clear Line.