User Forks FileZilla FTP Client After Getting Hacked

Slashdot reader Entropy98 writes: A frustrated FileZilla user took matters into his own hands after getting hacked due to the fact that his saved passwords were being saved in plain text files. Despite years of numerous requests over almost 10 years the FileZilla devs refused to add a Master Password option to encrypt the stored passwords. Finally fed up one user forked FileZilla and created FileZilla Secure with the Master Password option.

This stuff drives me nuts

When devs act like asshats and refuse to consider that just because you can still get at encrypted passwords doesn't mean it's not helpful to make the bar a little higher than reading plain fucking text.

Re:This stuff drives me nuts

[BenFranske]

A) I would guess Filezilla is used much more as an SFTP and FTPS client (is there a better one on Windows?) than as an FTP client.

B & C could apply to SSH clients such as PuTTY as well, so we should stop using that?

If we only implemented security enhancements when they were perfect solutions we wouldn't implement very much security. Usually there is a balancing act between usability, security, and cost. In this case there seems to be very little usability impact on encrypting the password store so why not do it?

All that said I'm pretty particular about what software can hold passwords of mine so I've always typed them in to Filezilla on an as needed basis, seems as if that was a good idea.

Good deal

[JustAnotherOldGuy]

Now as long as those lazy bastards at FileZilla don't sue him, maybe this will be a nice step forward.

As for you fucking clowns at FileZilla storing passwords in plain text files, what the fuck? Did you just teleport in from 1992 or something??

OSS working as it should.

[0100010001010011]

How many OSS projects would benefit from:

User demands feature.
Devs refuse feature.
User forks and adds feature.

Re: OSS working as it should.

[tlambert]

The dev is a user; the users are devs.

And "users who are not devs can go fuck themselves"?

Because that's kind of what you are saying to non-dev users.

Re: IIS Server resume bug

[lucm]

Thanks for posting that link, that ticket is pure gold. 7 years of arrogance make for a fascinating 5 minute read.

The amount of time that developer spent arguing and reclosing that ticket could have been spent solving the problem, but instead he was proud of "making a stand" against a mainstream server product (IIS) that doesn't follow the standard. All he did was alienate users, including potentially me - I don't use Filezilla but moving forward if the need arises I'll choose anything else, I don't want code written by that aspie on my machine.

It's always a red flag when someone starts using metaphors in a tech discussion, like this guy and his "bridge". Inevitably it leads to a metaphor contest ("no, the river is the protocol", "then the pillars are the implementation", "no, IIS is the truck crossing the river" etc etc). I have a policy of leaving meetings when the discussion gets to metaphors.

People like that guy are not representative of open source developers, they're representative of *bad* open source developers.

Re:Filezilla dev...

[hey!]

Everybody can get hacked eventually. A moment of distraction, a zero day exploit, a trusted partner or source getting undermined...

If you think you are too smart to get hacked, you are a fool.

Security is the one place where your very best effort ought to be the norm.