Slashdot Mirror
Verizon Kills Free FTP Access
First time accepted submitter JP205 writes "Verizon recently disabled FTP access for its Internet customers who use its proprietary service to build their personal websites. It turns out that if you want FTP access restored, Verizon is happy to grant it to you for an extra $6 a month."
Verizon didn't "kill FTP access". They didn't shut down the protocol. They only shut off FTP access to their free personal web page hosting servers. That's a big difference when you're writing a headline.
It's days like this that I miss the fine editing that CmdrTaco used to provide.
John
reliable, simple, unambiguous, easy to automate, low overhead method for moving any sort of files.
Yeah, so?
No alternative has been offered in place of FTP, such as the more secure SFTP.
From TFA.
Why not?
I maintain about 20 of them and WILL NOT USE FTP.
SFTP is what anyone who is competent uses. even frigging Go-daddy has it.
Do not look at laser with remaining good eye.
You must not have a webpage that you maintain..
Umm, yes I do. I use rsync+ssh to maintain them.
Jesus christ how horrifying.
Why haven't these people seen the light of HTTP uploading? It's much more modern and Web 2.0
This way nobody is tempted to use the password-leak known as FTP. Not offering an alternative protocol then removes the temptation to host web pages on a service that's tied to your internet provider.
Password-leak terminated.
Lock-in avoided.
This looks like an all around win to me.
Reliable? Unless you need to go through a NAT
Simple? Nothing's as simple as connecting to one port for the control channel and then having another random port you need to connect to for a data channel and then there's the PASV/EPASV vs. Active question.
Unambiguous? Every server displays different text, I'm not even sure the prompts are the same
Easy to automate? It's a challenge-response password mechanism
Low overhead? See the "simple" rebuttal
And, oh yes, all passwords are strictly in the clear.
SCP, on the other hand, is reliable, simple, unambiguous, much easier to automate, and overhead isn't nearly the problem on modern computers as it was when you tried to get it working on a 386SX. And one more thing, it's SECURE!
Is this one of those times that the mods are modding a comment "insightful" because "funny" doesn't give a karma bonus? I hope it is...
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
ITYM:
For quick and easy transport of stuff that has no security implications, sure. It even works through NAT, if you know anything about networking. Yes, there are better choices in most cases, but ftp still has it's place.
"Simple? Nothing's as simple as connecting to one port for the control channel and then having another random port you need to connect to for a data channel and then there's the PASV/EPASV vs. Active question."
So you claim it has a fault then provide the answer and say its a question? Riiight.
"Easy to automate?"
Yes. And if you don't know how to do it then you've obviously never used ftp for much of anything so your opinions are void.
I think more importantly, universal.
There have been much better alternates (sftp for instance) for a long time. I suspect few people on slashdot still use FTP unless they really have to (no alternatives offered). That said, just about every web host still supports FTP, and all the click-n-drool web dev tools have built in FTP clients. It's still the lowest common denominator for newbies to get their files on the web.
How about "widely available and what newbies were taught to use for decades because nobody built a good, free Windows GUI for scp until much later"?
Not to mention "gets the job done." If it gets the job done, most people don't want to learn a new tool.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Really, who uses SCP? It's clumsy to use, since it doesn't provide directory listings. You still need FTP or another protocol to provide remote listings and other file operations.
Use SFTP. It's a mush better protocol than SCP or FTP (it's not FTP over SSH!).
And did Verizon provide an alternative? No they didn't. They'll gladly charge $6/month for FTP not secure FTP.
Read the article moron.
Yeh, you're right, scp, sftp, rsync, none of these tools exist ;)
its about making a website off there servers with FTP ....NOT your own personal file server.
All i have to say is that in time no one will host anything in the usa all they do is drive away all the IT business and looky oh boy seems Canada is getting some movies made cause um i dunno its cheaper with fewer rules to make a movie?
And completely without anything resembling real security. It even subverts *other* security by being difficult to route through a firewall.
Change is never welcome by most people. We're creatures of habit.
Not sure what Verizon's rationale was; security concern with FTP, operational support, strategic decision to get rid of the free web service?
Lots of pros/cons with all these options, the main being the fact that some folks are stuck with existing Verizon URL or e-mail addresses that will make the move to something else a tad harder.
Wearing pants should always be optional.
FTP should be taken out back behind the woodshed & put out of its misery.
Use a nice secure protocol like SFTP instead.
The fact that so many people are complaining about this shows how little they understand security.
Of course, Verizon sucks, so they aren't likely to deploy SFTP as a replacement...
Purely out of morbid curiosity, what firewall are you using that doesn't have application level support for FTP?
So you claim it has a fault then provide the answer and say its a question? Riiight.
Uhh... Yes, he did. "FTP has faults X, Y, and Z; This alternative solves those faults". I don't see the problem.
And if you don't know how to do it then you've obviously never used ftp for much of anything so your opinions are void.
Don't act like an ass. I've "automated" more than a few FTP connections to pull in daily data feeds (EDI, price feeds, transactional data, etc). And every single one of them required slightly different syntax. Some servers don't like dir vs ls. Some always use binary mode. Some don't support mget/mput, or don't support it recursively. For EOL "conventions", you may as well flip a coin - On top of which, some servers will deal with the "wrong" EOLs, some give useful feedback, some just shit the bed. PASV solves one set of problems in exchange for another (cheap insecure home firewall? Great, no problems. Actually secure corporate firewall? Prepare for a day of agony, and expect it to break every time you get an update).
SCP also has its own problems, but you look silly mocking the GP for the suggestion.
I disagree. I find SCP to have highly significant rainbow and lollipop content.
If I have reliable SSH access, I rather use sshfs.
Dilbert RSS feed
I'm colorblind and have diabetes, you insensitive clod!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
what firewall are you using that doesn't have application level support for FTP?
Just about any non-windows firewall, including network firewalls.
I'm diabetic and have cancer, hand me another Mt. Dew while I enjoy the lollipop before I drop.
Wow. I bet both users were not only outraged, but they were even more infuriated to learn that geocities was gone too....
1996 called, they want their web hosting solution back.
1992 called, they want their protocol back.
1990 called, telling me I owe it royalties on this joke....
There are some people that if they don't know, you can't tell 'em.
As long as they are providing SFTP for free, I don't really care.
(disclaimer: I don't know *what* they are providing)
Ok, so Verizon's website builder thing is pretty lame, but if you need a place to host a small file or two it works pretty well and comes free with your service. However, previously the ONLY ways of getting data on there were FTP and their totally useless "I'll make a crappy looking website for you, you just pick how much lens flare to add!" website. They've just killed the one way that was actually somewhat useful. I know some of you are suggesting that FTP is dead and you should be using SCP instead, and I agree, but Verzion hasn't gotten the message.
To be fair though, they probably did get a lot of complaints about their FTP server, because it advertised EPSV4 support, but was on a machine that had a firewall that blocked ports above 1024. So basically it only worked on Windows XP with the ancient FTP program that shipped with it unless you were a guru. I'm sure they've been getting more and more complaints about it and decided to just shut the thing down instead of trying to figure out how to fix it. Lord knows the tech support guys I talked to had absolutely no clue what I was talking about when I tried to get this fixed years ago.
I read the internet for the articles.
Purely out of morbid curiosity, what firewall are you using that doesn't have application level support for FTP?
Every firewall that I don't personally control.
I'm a good cook. I'm a fantastic eater. - Steven Brust
I use rsync, which practically shits rainbows.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
TRIPOD has a free subscription but it doesn't include FTP either. http://www.tripod.lycos.com/web-hosting/compare_plans.pl
Monthly $4.95 Yearly $54.45
Citizen's Political Power in the U.S.
I consider myself techy but I use FTP first if it's available. It's simple, I can do it with my eyes closed. I can SCP if necessary but frankly I find it a waste. If I needed to send files I considered really important (financial data or something) then I'd do something more secure than FTP. Appropriate tool for the job. Lowest common denominator task on a closed network? Use the lowest common denominator tool.
Check out my lame java blog at www.javachopshop.com
free or paid, Verizon is known for taking a feature you've always used and converting it to a charge you for it plan.
I've "automated" more than a few FTP connections to pull in daily data feeds (EDI, price feeds, transactional data, etc). And every single one of them required slightly different syntax.
Doesn't, say, the FTP module of Python abstract that away for you?
Some servers don't like dir vs ls.
And SCP doesn't like either, as far as I can tell. That's why I prefer SFTP, automated with the aid of Paramiko, an implementation of SSH and SFTP in Python on top of PyCrypto. But not all web hosts support SSH access at all.
PASV solves one set of problems in exchange for another (cheap insecure home firewall? Great, no problems. Actually secure corporate firewall? Prepare for a day of agony, and expect it to break every time you get an update).
In what way is a cheap home firewall insecure?
They're not providing SFTP. They're not providing anything, from what I read, other than a "site builder"-type software package (which probably can't work with custom files). Basically, they're holding customers' sites hostage to a price increase.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
So the headline was "Verizon Kills Free FTP Access." You removed the word "free," then complained that the word "free" wasn't there.
Yes, but the additional sunshine does mean that everything involvedis wonderful.
It has the Lesley Gore seal of approval!
Of course people still use FTP. A lot of us want the master copy of our web site to be on our own machine and our own backups. But Website Hosts have these neat GUIs to automate upload? I have not the slightest inclination to manually update 800 files four times a year. I doubt you would either. Most Website Hosts (Google excepted) support FTP. But there are better ways? Probably. But I have my hands full fixing stuff that is actually broken.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
To each their own I guess ;p
I actually find sftp more convenient, as there is no real server setup (assuming you are already running ssh), no annoying firewall configuration, and you don't need to specify a password every time (assuming you have ssh keys set up). The added security is just a (nice) bonus.
FTP is not dead. Still useful for anonymous dowloading like for the latest Linux kernels. Don't recall ever seeing an anonymous SCP transfer method.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
"And every single one of them required slightly different syntax"
Oh BS. I've yet to come across an ftp server than didn't except the standard rfc commands.
"For EOL "conventions", you may as well flip a coin"
Wtf are you talking about? What are these servers running on, Windows??
Anonymous FTP is okay for personal use with data that contains no personal information I suppose, but from a corporate perspective it is a real pain to deal with companies who think we would trust software downloaded from an FTP site without MD5 hashes stored separately to compare against. It's even worse to deal with companies who think it's ok to upload log data that may contain who knows what confidential information to "password protected" FTP site. We should be beyond clear text passwords by this day in age, and it shouldn't be that hard for a company to setup an HTTPS site that allows customers to upload dump files. /rant
War doesn't show who is right - just who is left.
I build a web site with a friend and pointed my godaddy address at it... The number crunching bit is an AJAX call back to the server verizon hasn't discovered yet. It has worked very well for over a year... I guess good-bye to updates.
I was using WinSCP in 2001. I think it was on version 2.3 then. Learning a new tool wasn't exactly a problem - it looked like Windows Exporer, so once you'd typed in your login details (once, then it saves them) you just needed to drag and drop in exactly the same way you would with WebDAV or FTP.
If my clients were using Windows, I'd probably favour WebDAV-over-HTTPS over SFTP, simply because Explorer has support for WebDAV, while they need to install a free program to use SCP / SFTP.
I am TheRaven on Soylent News
But I have my hands full fixing stuff that is actually broken
Was that stuff broken by the script kiddie who sniffed your FTP password?
I am TheRaven on Soylent News
I suspect few people on slashdot still use FTP unless they really have to (no alternatives offered).
A few factors (ssh server config, client CPU, server CPU, etc.) can make SFTP orders of magnitude slower than FTP, especially if the network link is fast.
For updating a website over your Internet connection, it probably won't matter, but when transferring 100GB over LAN, it can make a huge difference.
The problem for customers seems to be deciding how they are going to maintain their websites. SiteBuilder really sucks; It is hard to use, lack features and design, and only has limited options. Customers I've talked to seem to resent not having the choice of protocols and methods. Theoretically, SiteBuilder will allow you to upload your own pictures and graphics into your selected templates, but it works better in theory than in practice.
Until now, a person with a limited website account could still design locally and upload using ftp. I can see the rationale for disabling anonymous ftp, but not the capability to use ftp to maintain your own website.
"The mind works quicker than you think!"
It's been fifteen years since I saw a NAT router have a problem handling FTP.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Uhhhh...dude? Everybody here seems to be going off an an epic FTP VS SCP debate while missing the forest for the protocols, which is this is yet again an ISP nickle and diming and being douches, which I'd say is a LITTLE more important than whether one uses FTP or SCP to connect.
After all if one doesn't have a royal shitfit when they do this on the unpopular stuff when it gets to the popular stuff the public will be so used to being gouged they won't even notice. it is bad enough while the rest of the planet is getting huge pipes run we in the USA get to ride the short bus to the information superhighway, but now they are gonna nickle and dime for every little bullshit they can think of.
ACs don't waste your time replying, your posts are never seen by me.
Every HTTP server displays different text as well. Hell, every 404 page is different, yet all HTTP clients seem to know it's a 404.
Deal is, FTP has numeric response codes. The FTP client looks at those to figure out the responses, and displays the text portion for the user so they don't have to know the FTP numeric responses.
I have a simple server for a simple purpose hosted by a third party that requires FTP or web style uploads. Look, it may not be the best method, but I don't stop beside the Amish buggies I pass and shout "WTF" at them.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
It's not so much the files themselves that are the worry.. but the fact that you are sending your username and password in plain text. This is especially worrying if you are on a shared host.
Same thing happened with Time Warner cable. You used to be able to create web pages and FTP to your personal directory. Then you could only use a stupid python website generator. Then they just totally took personal web pages away. (No suprise that no one wanted a "custom" web page generated to look like it was made by a ten year old.
Use SFTP. It's a mush better protocol than SCP or FTP (it's not FTP over SSH!).
No, it's not. It's a different tool, for different uses. I use scp all the time; if I want to copy a single file (or a group of them) from one PC to another, and I already know exactly where I want to put them, scp is easily the fastest and easiest way to do it. With the public keys already programmed into each PC, I don't even have to bother with passwords; copying a file with scp is almost as simple as a regular "cp" command, except that I have to add in a machine name.
Now obviously, if I want to go to some other site and browse directory listings, scp simply isn't the right tool for the job. But if I don't need directory listings, sftp has a lot more overhead and typing involved.
Really, who uses SCP? It's clumsy to use, since it doesn't provide directory listings. You still need FTP or another protocol to provide remote listings and other file operations.
I use scp every single day. It's simple to use, and I don't need remote listings. I'm frequently logged into several Linux boxes (using ssh), and need to copy from one to the other. scp makes it a simple one-line operation, just as simple as a "cp" command, except I just have to add the machine name. Why do I need remote listings when I'm already logged in with ssh?
Obviously, if you're connecting to some machine you're not logged into, not completely familiar with, and need directory listings to see what you're doing, then sftp is the right too for the job. Not all jobs are like that.
You should probably see a doctor about that.
Every 3 minutes here - my weather station FTP's data to my ISP's personal homepages server.
From looking at Verizon forums, the problem seems to be that, unlike everybody else in web hosting, they discontinued FTP without supporting SFTP as a replacement. Most hosting services now require you to use SFTP instead of FTP, and SSH instead of Telnet.
Dreamweaver can use FTP or SFTP, so people with sites big enough to need Dreamweaver have no problem with that.
because uh, fuck regular ftp.
Actually, don't. You might catch something.
:-p
"What in the name of Fats Waller is that?"
"A four-foot prune."
Nah, that's not the case for me. 99% of the time it's across the LAN and isn't an account that has access to do anything but FTP to that particular server.
Check out my lame java blog at www.javachopshop.com
In what way is a cheap home firewall insecure?
Most home firewalls are, in their default configuration which most home users never change (they are never told they might need to), doing nothing but a subset of Network Address Translation.
While I personally wouldn't call this particularly insecure (it at least keeps out unwanted incoming connections for the most part) some people would and it is certainly less secure than a proper firewall arrnagement that polices traffic intentionally rather than just blocking outside connections due to a side effect of how the packets for connections made from the LAN-side are translated. A cheap home "firewall" won't stop an infection merrily sending out your data via IRC for instance, where a fully configured firewall might (it wouldn't stop the data doing out over HTTP in most cases, unless your company operates a white-list of web sites you are permitted to visit or some such limiting arrangement).
Also some home routers have been sold with simple or blank default admin passwords for accounts for an admin interface that is by default exposed to the WAN side. This is rare though, the last example I can state being some cheap Apple Airport knockoff devices that were floating around eBay a year or two ago, so I'd not tar all consumer targeted routers with that brush.
And to pull back to somewhere close to on-topic I'll add a little more anecdotal evidence: FTP through corporate firewalls is definitely a problem often in my experience. In fact some companies (just about all our clients for instance) deliberately don't allow FTP in either direction at all, dictating (sensibly, in my opinion) that SCP/SFTP (and sometimes rsync through ssh) be used instead where a file transfer protocol with authenticated is needed. Though this isn't about Verizon forcing users to use a better protocol, it is about Verizon charging for a previously free service for which they offer no alternative (other than paying for it, of course, or paying someone else for hosting).
That every customer using FTP runs as fast as they can.
When my tethering phone quit I did not pay up I through it in the trash and no longer have a cell phone I dont miss it at all.
I got a device with wifi I can text surf and skype almost everywhere I go.
My next one will have hdmi and bluetooth for keyboard damn near laptop replacement.
Fuck um.
When I tried sshfs I fount it to intermittently break even on otherwise reliable routes, though that was a time ago so things could have moved on far since then.
My swiss-army-knife for file transfers both to/from remote hosts and local ones, is rsync-through-ssh (and even sometimes rsync for local file copies) - especially when updating a file or selection of files (it can be rather efficient at only sending the changed parts over) or transferring something very large (with the right options transfers are easily resumed if something interrupts them).
At some point I might have to full apart the sshfs FUSE code, if it is generally reliable these days, and see if I can hack together an rsyncfs...
He is probably referring to directory listings, which do vary (considerably in some cases) between ftp daemons. Many, but far from all, output the format usually returned by "ls -l" in a GNU environment. While the result codes are described by the standard laid down by the relevant RFCs so even if the exact message is unrecognised the general meaning can be understood, the format of directory listings returned is not so different implementations are free to return whatever they like.
ftp still has it's place
On a plinth in a museum?
It would help if people could use STFU.
We don't want know what you're transferring with it.
https://www.xkcd.com/875/
Use an IP redirection services, build a mini computer that's constantly on and plug it into your home network.
Why am I wasting my time, you guys/gals know this.
So. A "good" firewall adds additional obscurity where a "cheap" firewall does not.
*yawn*
1996 called, and they want their argument back.
Kid-proof tablet..
So. A "good" firewall adds additional obscurity where a "cheap" firewall does not.
*yawn*
No. A good firewall doesn't offer what protection it does simply by accident as a side-effect.
With regard to FTP: a good protocol doesn't needlessly require several connections that make tracking the process less trivial, and making it less efficient to boot. If you want to keep using FTP go ahead though, its no skin off my nose. Unless you are using any service I have some responsibility for of course, in which case you'll need to use a more modern protocol or take your business elsewhere.
1996 called, and they want their argument back.
Of the two arguments, I'm not convinced that the one I agree with is the backwards one.
blah blah blah, best practices, blah, blah, blah.
1988 called. They want to talk to you about your stance on FTP.
Kid-proof tablet..
I currently live in 2011. 1988's stance on file transfer protocols is not something I feel the need to consider relevant.
Oh BS. I've yet to come across an ftp server than didn't except the standard rfc commands.[...]
Wtf are you talking about? What are these servers running on, Windows??
Among others. Windows, and VAXen, and ancient IBM mainframes, Oh My.
Modern coders have gotten spoiled by the fact that "modern" OSs (from 'doze to Linux to OS-X) all ripped off the same stock networking code from BSD-circa-1985.
The fact that you've never had the need to communicate between systems more diverse than XP-to-RHEL doesn't reflect the reality of the business world, where your boss tells you "pull a price feed from XYZ corp", and XYZ corp still runs everything on a machine considered obsolete 20 years ago that speaks EBCDIC or uses 36-bit machine words.
Those who cannot remember the past are condemned to repeat it.
Kid-proof tablet..
Oh I definitely remeber working with the FTP protocol. Don't worry, I have no intention of repeating that part of history.
That is how the modern world is supposed to work: we realise what problems we have, find better ways to perform those tasks affected by those problems, and move on. This process is usually referred to as "progress".
Then why are we discussing it now?
Kid-proof tablet..