Let FTP Die With Dignity

FTP is obsolete.

In the early days of the web, we used to say, “the web is not just HTTP — FTP and Gopher are part of the WWW just as well.” Well, not anymore. Gopher has served its purpose and is gone. But FTP — decomposing and smelly as it is — is getting dragged out of its grave, like a scary Halloween prop, again and again.

Here is a short FAQ:

Q What is the most portable way to distribute files to people?
A HTTP. A modern server like Apache works well, but other options also exist. Anyone who is not living under a rock has an HTTP client.

Q What is the most portable way to distribute files to people, why allowing mass-mirroring?
A HTTP. A modern server like Apache will respond, by default, for queries to foo/ with an HTML page with a list of links. Crawlers know how to use that list of links to get more files. Just make sure to tell the crawler “only under /where-ever-the-top-is/”.

Q What is the fastest way to distribute files to people/machines?
A HTTP, at least for sufficiently large files (>5KB). The HTTP header is negligible, HTTP supports resume/suspend and after a short header, everything that follows is the unadorned file.

Q How can I distribute files to authenticated users?
A HTTP. It supports several authentication mechanisms, but you probably want to use BasicAuth. Here is a short tutorial on how to set up Apache for authenticated downloads. (The summary: create an passwd file, set an authentication directive in the configuration). It takes about 5 minutes to set up. If you want only people who know the password, not people with sniffers, you might want to consider HTTPS. Luckily, setting that up in Apache is an extra line in the configuration file.

Q So, when should I use FTP?
A If you have reason to suspect that the other side of the connection is using a machine that has not been upgraded since 1991.

Q Any other reason?
A Sure, when…wait, no, that’s pretty much it. In any other case, use HTTP.


6 Responses to Let FTP Die With Dignity

  1. Rob Wynne says:

    You forgot:

    Q. What about uploading files? Should I do *that* with FTP?

    A. No, you should do that with SSH.

    Q. Wait, I thought SSH was to replace telnet?

    A. That too. You *really* shouldn’t be using telnet.

    • moshez says:

      Well, you can upload files with HTTP as well — HTTP PUT works perfectly well. Apache+mod_dav are well set up to support PUT request in order to save files. But, yes, SSH also works well. 🙂

  2. Allen says:

    But… FTP lets you transfer files between two remote machines without having to copy them locally!


  3. Alon says:

    Q. Does your new fancy-schmancy http/ssh/whatever replacement client response to “bye” as a valid “quit” command? Ha?

    A. No.

  4. Yarko says:

    serial ftp (sftp) is useful / light weight for transfer to/from embedded electronic devices….

  5. Moshez: I know that you’ve already said this, but: Upload is the use-case. Upload, upload, upload.

    So, HTTP is not the answer, at least until general-purpose WebDAV servers are widely deployed. SFTP is the answer. And there are, in fact, reasonable Windows clients, like WinSCP. That is the main thing you have to impress upon people who still love FTP: there are GUIs, you can upload files, you can browse for files, and you can automate those things. There’s also a couple of nice Mac GUIs for sftp, for example Fetch, Transmit, and ExpanDrive. What you have to contend with is 10 years of institutional conditioning that tells people that “you upload to the website with FTP, you download with HTTP”. When dealing with this type of person, the best way to get your point across is to just handwave a bit and say that SFTP is the “new version” of FTP, and nobody should use FTP any more because of (handwave, handwave) problems.

    Yarko: ‘sftp’ is shorthand for ‘SSH File Transfer Protocol’. I’ve never heard of ‘serial ftp’; the way I’m familiar with to get stuff onto serial port devices is ZModem or something like it. But I bet that, like sftp, this serial-port thing you’re talking about doesn’t actually have anything to do with FTP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: