[kent m]

Up to 10.4.9 files can be copied -from- but not -to- servers mounted via ftp in the sidebar.

Is this finished/fixed in the new sys? Does anyone know?...

[Tomchu]

I hope so. It'd be really handy.

[cybergoober]

Anyone with such knowledge would not be at liberty to discuss it as they would be under a strict NDA.

[besson3c]

I hope that it does not allow non-anonymous FTP. Apple should not encourage insecure protocols to continue on. FTP needs to die.

[Chuckit]

Originally Posted by besson3c 

I hope that it does not allow non-anonymous FTP. Apple should not encourage insecure protocols to continue on. FTP needs to die.

Oh, for ****'s sake. I don't care if an "insecure" protocol allows someone to look at my vacation pictures. If they want to stare at some ugly guy in a swimsuit, let them. I don't see anybody suggesting we replace HTTP with HTTPS in all cases, even though the former is unquestionably not secure.

[besson3c]

Originally Posted by Chuckit 

Oh, for ****'s sake. I don't care if an "insecure" protocol allows someone to look at my vacation pictures. If they want to stare at some ugly guy in a swimsuit, let them. I don't see anybody suggesting we replace HTTP with HTTPS in all cases, even though the former is unquestionably not secure.

The problem is, by default most FTP installs use PAM authentication on Unix systems that use the system password, as does OS X's. When you have an FTP account password, in many cases you also have their email and access to any other accounts on that system (or at least those which use PAM auth)

If you are entering a password over an http connection, it should be to an account with separate login credentials that are different than the system login. This way, if a password is obtained it only provides access to that web application/.htaccess protected directory.

How many hosting providers you know allow you to set an FTP password that is separate from all other accounts?

[Moose]

Originally Posted by Chuckit 

Oh, for ****'s sake. I don't care if an "insecure" protocol allows someone to look at my vacation pictures. If they want to stare at some ugly guy in a swimsuit, let them.

Somebody staring at your beer gut hanging over the top of your speedo isn't your problem with using FTP, since those images are already available via HTTP.

Your problem with using FTP is that, should somebody get your password, he or she could create a ".movies" or ".music" or, for even more fun, ".kiddieporn" directory of which you would be blithely unaware until the raid.

Probably won't happen, but is that a chance you really want to take?

[besson3c]

Originally Posted by Moose 

Somebody staring at your beer gut hanging over the top of your speedo isn't your problem with using FTP, since those images are already available via HTTP.

Your problem with using FTP is that, should somebody get your password, he or she could create a ".movies" or ".music" or, for even more fun, ".kiddieporn" directory of which you would be blithely unaware until the raid.

Probably won't happen, but is that a chance you really want to take?

Exactly, the value of this data is irrelevant. In fact, data that is not valuable to the owner makes the account of even more value to attackers, because the account will be less monitored. Attackers are always interested in using somebody else's murder weapon.

[kent m]

Originally Posted by Moose 

Your problem with using FTP is that, should somebody get your password, he or she could create a ".movies" or ".music" or, for even more fun, ".kiddieporn" directory of which you would be blithely unaware until the raid.

Isn't that the problem we take with any system anyway? Kind of like saying "if someone got ahold of your keys they could get into your home" as an argument for the elimination of doors and windows....

[Chuckit]

Originally Posted by kent m 

Isn't that the problem we take with any system anyway? Kind of like saying "if someone got ahold of your keys they could get into your home" as an argument for the elimination of doors and windows....

He's not arguing for the elimination of windows and doors; he's just suggesting that all windows and doors be reinforced with several tons of titanium.

[kent m]

But even so, if someone got a hold of the keys it wouldn't matter how much titanium there was... :-)

[besson3c]

Originally Posted by kent m 

But even so, if someone got a hold of the keys it wouldn't matter how much titanium there was... :-)

It's about adding deterrents via encryption. Sniffing and decrypting encrypted passwords is extremely difficult, this sort of attack is not targeted when there are plenty of passwords being sent around unencrypted still, unfortunately.

The titanium thing is a poor analogy though. Try this: not encrypting your password is like leaving your door locked with duct tape, while encryption provides a proper lock on your door that requires a unique key.

[Tomchu]

Erm ... this is about people wanting the ability to write via Finder's built-in FTP, not just read.

I don't see how the concerns of someone dumping files onto your computer have anything to do with it. I think there's a word for this kind of unwarranted panic ...

[OreoCookie]

I'd much rather have an implementation of sshfs included by default. Much better than ftp. And secure. And equally easy to set up in OS X, you merely have to tick a different check box and forward a different port.

[besson3c]

Originally Posted by Tomchu 

Erm ... this is about people wanting the ability to write via Finder's built-in FTP, not just read.

I don't see how the concerns of someone dumping files onto your computer have anything to do with it. I think there's a word for this kind of unwarranted panic ...

I'm not concerned about your local machine being hijacked either, at least not as much, but with having your accounts on remote FTP servers you connect and authenticate to being hijacked. This is not paranoia, when you do not encrypt your password it can be sniffed, period.

[besson3c]

Originally Posted by OreoCookie 

I'd much rather have an implementation of sshfs included by default. Much better than ftp. And secure. And equally easy to set up in OS X, you merely have to tick a different check box and forward a different port.

Me too!

I'd also like to see the Connect to Server have an advanced part of the dialog where you can specify whether you want to connect via SSH or AFP on a server that has both, for instance. I don't think it is terribly friendly to have to remember to type in a suffix in the form of ssh://yourserver (assuming that the Connect to Server supported SSHfs, which it doesn't), or http:// nfs:// smb:// etc.

[Tomchu]

Well, you know ... that's all FTP in general, everywhere -- unless you're using SSL. :-P

FTP is great 95% of the time, and it'd be handy if Apple made it more useful from within the Finder. That's all this topic is about. Obviously you're an idiot if you use it when utmost security is a key factor to consider.

Then again, how often does a password get "sniffed" over the Internet? The attacker would have to have an "in" somewhere along the route from your home to your web host, or wherever you're connecting. That means they'd have to be sitting on one of the routers along the way.

[Chuckit]

Originally Posted by OreoCookie 

I'd much rather have an implementation of sshfs included by default. Much better than ftp. And secure. And equally easy to set up in OS X, you merely have to tick a different check box and forward a different port.

Indeed. Then again, it's not like it's that hard to set it up yourself, so I'm not too upset about it. I have a feeling that most people who couldn't easily install it wouldn't use it anyway.

[besson3c]

Originally Posted by Tomchu 

Well, you know ... that's all FTP in general, everywhere -- unless you're using SSL. :-P

FTP is great 95% of the time, and it'd be handy if Apple made it more useful from within the Finder. That's all this topic is about. Obviously you're an idiot if you use it when utmost security is a key factor to consider.

And I'm saying that you're an idiot if you think that this only affects people where utmost security is a key factor. Well, I wouldn't use language this strong, but you get the idea...

Compromised machines/accounts are what makes the botnet work, and like I said, machines where utmost security is *not* a key factor are often the biggest targets. We've had keystroke loggers installed on public workstations, possibly in a library or something. Who would have ever guessed that a public kiosk like this would be a ripe target, right? That's exactly the kind of myth that keeps these botnets and the like in business.

Then again, how often does a password get "sniffed" over the Internet? The attacker would have to have an "in" somewhere along the route from your home to your web host, or wherever you're connecting. That means they'd have to be sitting on one of the routers along the way.

Not necessarily. all they have to do is telnet to the port your server is running as and send commands that listen in and/or intercept. A piece of spyware could do the same sort of thing.

[OreoCookie]

Originally Posted by Chuckit 

Indeed. Then again, it's not like it's that hard to set it up yourself, so I'm not too upset about it. I have a feeling that most people who couldn't easily install it wouldn't use it anyway.

I should mention that I'm talking about setting up ssh as a service, accessing ssh works right away and indeed most ftp apps can also do sftp.

[besson3c]

Originally Posted by Chuckit 

Indeed. Then again, it's not like it's that hard to set it up yourself, so I'm not too upset about it. I have a feeling that most people who couldn't easily install it wouldn't use it anyway.

Changing behavior is very difficult, and since Apple has positioned itself as an innovative leader of the Desktop market, they should lead the way by doing things such as putting up alerts saying "you don't really want to use FTP, use this instead" to help change behavior (and I don't mean this literally, but whatever means necessary and effective to stimulate this change).

[besson3c]

Originally Posted by OreoCookie 

I should mention that I'm talking about setting up ssh as a service, accessing ssh works right away and indeed most ftp apps can also do sftp.

A lot of hosting providers do not support SFTP or SSH, but most do not run a CalDAV compatible server either, or even provide WebDAV. However, if there are customers that want these things, these features will become more common. Once they start to see people wanting SFTP, perhaps then they may begin to phase out regular FTP, or at least push it as the default/superior option.

[Tomchu]

Originally Posted by besson3c 

And I'm saying that you're an idiot if you think that this only affects people where utmost security is a key factor. Well, I wouldn't use language this strong, but you get the idea...

Compromised machines/accounts are what makes the botnet work, and like I said, machines where utmost security is *not* a key factor are often the biggest targets. We've had keystroke loggers installed on public workstations, possibly in a library or something. Who would have ever guessed that a public kiosk like this would be a ripe target, right? That's exactly the kind of myth that keeps these botnets and the like in business.

Right. No arguments there.

Tell me again though how this has to do with FTP? You realize that most botnets exist because of Windows machine being exploited through completely unrelated services, yes?

Originally Posted by besson3c 

Not necessarily. all they have to do is telnet to the port your server is running as and send commands that listen in and/or intercept. A piece of spyware could do the same sort of thing.

I don't know where to begin. I guess you could start by reading the FTP spec? Or maybe show us these magical commands that "listen in and/or intercept" passwords, when passed to the FTP daemon.

[Moose]

Originally Posted by Tomchu 

Then again, how often does a password get "sniffed" over the Internet? The attacker would have to have an "in" somewhere along the route from your home to your web host, or wherever you're connecting. That means they'd have to be sitting on one of the routers along the way.

Or be using the same WAP.

Let me know when somebody invents switched 802.11.

[besson3c]

Originally Posted by Tomchu 

Right. No arguments there.

Tell me again though how this has to do with FTP? You realize that most botnets exist because of Windows machine being exploited through completely unrelated services, yes?

Yes, but there are a number of ways to compromise machines, one method being exploiting an insecure service.

I don't know where to begin. I guess you could start by reading the FTP spec? Or maybe show us these magical commands that "listen in and/or intercept" passwords, when passed to the FTP daemon.

You might want to begin here:

Phenoelit

Sorry about the ugly website.

I didn't say that you can telnet in and type some commands and take over a service, that was your misunderstanding and perhaps my lack of clarity. What I was saying was that telnet is a common tool used to acquire more information about a system. For instance, here is a technique that can be used with an SMTP server:

Telnet - SMTP Commands (sending mail using telnet)

With an IMAP server you can issue the "capabilities" command, IIRC.

I don't know exactly what sorts of commands one can issue to FTP, but I'm certain that you can simulate handshakes and trace connection negotiations and such in a similar manner in order to learn more about a system.

If somebody has managed to install a proxy FTP service that intercepts connections such as the sniffer in my first URL, they can read passwords that are sent in the clear. I'm not a security guru, but I do know that it is naive to think that it is impossible or even difficult to accomplish these sorts of exploits. The question is, what is the probability?

The answer is, nobody knows. When the solution is a slight shift in behavior that really doesn't inconvenience a whole lot, what is there to lose? FTP should be eliminated because clear text passwords are a thing of the past. They should be considered obsolete technology (well, they already are, but its usage should reflect this). There is little reason for FTP to continue to exist.

About the only reasons I know of for continuing FTP is that a number of applications only support FTP (such as older versions of Dreamweaver), and encryption requires beefier hardware. However, there will be a point where the vast majority of servers can comfortably handle the load, and there will be a time when people stop relying on applications that use FTP across the WAN (FTP still has its uses in secured LANs, I'm sure it will continue to exist for this sort of purpose, although there are other protocols that can be used for simple data transfer). However, it seems like its only a matter of time before FTP goes away. Why should Apple support a dead technology by investing its resources into keeping it alive?

[Chuckit]

Originally Posted by besson3c 

FTP should be eliminated because clear text passwords are a thing of the past. They should be considered obsolete technology (well, they already are, but its usage should reflect this). There is little reason for FTP to continue to exist.

Then talk to the people who provide access to their services via FTP. Killing off support for FTP on the client side before the requirement is dropped on the server side is not a solution.

[besson3c]

Originally Posted by Chuckit 

Then talk to the people who provide access to their services via FTP. Killing off support for FTP on the client side before the requirement is dropped on the server side is not a solution.

So how do we make this transition? There will be a date where we can no longer buy CRT TVs, that is how this transition is being stimulated. Maybe Apple could stimulate this shift by pushing awareness of secure protocols, and making people jump through hoops to use older ones?

What would be better is for Microsoft to do this, but Apple has shown that they wish to stimulate the life and usage of certain protocols. CalDAV is a good example of this, Bonjour/ZeroConf is another.

[Chuckit]

Originally Posted by besson3c 

So how do we make this transition? There will be a date where we can no longer buy CRT TVs, that is how this transition is being stimulated. Maybe Apple could stimulate this shift by pushing awareness of secure protocols, and making people jump through hoops to use older ones?

If you make Joe Mac User jump through hoops just to connect to a file repository, you have just created Joe Windows User.

[besson3c]

Originally Posted by Chuckit 

If you make Joe Mac User jump through hoops just to connect to a file repository, you have just created Joe Windows User.

What would you suggest doing then to help make this shift? People have been saying "use SFTP because it is more secure" to Joe user for years, but he/she doesn't care until they have to or think they have to, and when they have to it's too late.

[Chuckit]

Originally Posted by besson3c 

What would you suggest doing then to help make this shift? People have been saying "use SFTP because it is more secure" to Joe user for years, but he/she doesn't care until they have to or think they have to, and when they have to it's too late.

Again, get services to stop being provided as FTP. As you said, most FTP clients can handle SFTP anyway. FTP didn't become prevalent because there were so many FTP clients — the FTP clients sprung up because they were needed.

[- - e r i k - -]

What do you mean in the new system? Apple clearly says that this is already working in Tiger

Tip of the Week
FTP Files Without a Third-Party Program
Need to email somebody a file that’s larger than his 5MB email limit? Use FTP, because you can upload huge files with no restriction. You probably already knew that, but did you know that you don’t have to buy a third-party FTP client to FTP your files? That’s right baby, you can do it right from within Tiger. Here’s how: Go to the Finder’s Go menu, and choose Connect to Server. When the dialog appears, just type the FTP address where you want the file to go and click Connect. You may either get directly connected, or depending on whose server you’re connecting to, it may ask you for your Name and Password (that keeps people from just jumping on anyone’s server and uploading files at random).

Once you’re “in,” you’ll see a folder — now you can just drag-and-drop the file you want to transfer into that folder and the transfer will begin.

[besson3c]

Wow.. an inaccurate tip posted on Apple's site.

[CharlesS]

Originally Posted by Chuckit 

If you make Joe Mac User jump through hoops just to connect to a file repository, you have just created Joe Windows User.

While I agree with you in principle, it would seem that in this particular case, making users jump through an extra hoop to upload via FTP would not be severe enough to drive users to Windows, given that in the current implementation you have to download a separate program to upload files at all via FTP. Heck, the current implementation is bad enough that even trying to download files via FTP is near-unusable.

Does anyone ever use the built-in FTP feature, even on Windows? Most of the tutorials I ever see for uploading files on the Dark Side to an FTP server usually involve CuteFTP or some other such thing.

[besson3c]

CuteFTP... I hate hate hate that application name. So dumb. Not cute. Dumb. I don't like it.

[Chuckit]

Originally Posted by CharlesS 

While I agree with you in principle, it would seem that in this particular case, making users jump through an extra hoop to upload via FTP would not be severe enough to drive users to Windows, given that in the current implementation you have to download a separate program to upload files at all via FTP.

True, I was being a bit hyperbolic. My point is just that all this would do is annoy users. It wouldn't make the Web less reliant on FTP — it would just make using a Mac suck that much more.

[CharlesS]

Well, it would have to make using a Mac suck less, because under besson's system, FTP uploading would actually work, whereas right now it doesn't.

I already have to dismiss a dialog box when I try to upload to an FTP server. The difference is that this dialog box just tells me that I can't upload the file, and has no options other than "OK".

[Chuckit]

Yes, but is the ability to use FTP hidden and locked away behind several warnings intended to deter the average user from getting past at all? No. It's just a crap FTP engine. We're talking about the difference between a broken design and a buggy implementation.

[CharlesS]

I wouldn't say it's buggy (okay, actually, I would. But not because of the lack of uploading). I'm pretty sure that the current FTP support is designed to be read-only. So it'd be more a matter of switching from one broken design to another broken design.

[Moose]

Originally Posted by CharlesS 

I'm pretty sure that the current FTP support is designed to be read-only.

Indeed it is:

Originally Posted by mount_ftp(8)

The rdonly option will be set even if it was not specified because mount_ftp does not allow files to be opened with write access on servers.

[Peter]

Lounge, why?

[voodoo]

Originally Posted by besson3c 

I hope that it does not allow non-anonymous FTP.

I'm not sure I don't agree with you.

V

[besson3c]

Originally Posted by voodoo 

I'm not sure I don't agree with you.

V

THen I guess you must agree with me?

[voodoo]

Originally Posted by besson3c 

I hope that it does not allow non-anonymous FTP. Apple should not encourage insecure protocols to continue on. FTP needs to die.

Originally Posted by besson3c 

THen I guess you must agree with me?

Well there is no way I can't be sure I don't.

V

[besson3c]

Originally Posted by voodoo 

Well there is no way I can't be sure I don't.

V

we like each other.