Whether you’re really passionate about RPC, MQTT, Matrix or Nostr, tell us more about the protocols or open standards you have strong opinions on!

  • Julian_1_2_3_4_5@slrpnk.net
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    honestly: activity pub, matrix, xmpp, markdown and soo many more probably. All of these would be able to solve our walled gardens problem, but the apps with a basically monopoly don’t have much of an incentivw to implement them

      • pastermil@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        I hear you on this! Took me a whole day to get my router to delegate IPv6 properly. I’m sure that had it been better adopted, I wouldn’t be having such a hard time.

    • JasonDJ@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Because SecOps still thinks NAT is security, and NetOps is decidedly against carrying around that stupid tradition.

      • fruitycoder@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        You can even Nat still if you want too lol

        That said have you looked at securing ipv6 networks?It can be a lot of new paridgms that need to be secured.

      • calcopiritus@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        In the world of computers, why would remembering numbers be the stop for new technologies?

        Do you remember anyone’s public key? Certificate?

        I don’t even remember domain (most) names, just Google them or save them as bookmarks or something.

        The reason IPv4 still exists is because ISPs benefit from its scarcity. Big ISPs already paid a lot of money to own IPv4 addresses, if they switched to IPv6 that investnywould be worthless.

        Try selling static IPv6 addresses as they do now with IPv4. People would laugh at them and just get a free IPv6 address from an ISP that wants to get new users and doesn’t charge for it.

        The longer ISPs delay the adoption of IPv6, the longer they can milk IPv4 scarcity.

          • calcopiritus@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            7 months ago

            IPv6 addresses are practically endless, therefore their value is practically 0. ISPs justify charging extra for static IPv4 because IPv4 addresses do have a value.

            If ISPs charge for static IPv6, then one of them could just give that service for free (while keeping the rest of the prices the same as their competitors). That would get them more customers while costing them nothing.

            EDIT: I can’t give you an example of an ISP that offers free static IPv6 because there are no ISPs in my country that offer IPv6.

            • frezik@midwest.social
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              7 months ago

              For that matter, you should be getting an entire /60 at a minimum. Probably more like /56.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        damn if only we had a service that like, obfuscated and abstracted these hard to remember IPs that aren’t very user friendly, and turned them into something more usable. That would be cool i think. Someone should make that.

  • smileyhead@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago
    • IPv6, needed for modern Internet not to collapse, would make many other important things easier. Easier to become an ISP, to selfhost, to build P2P networks, etc.
    • GNU Taler, a payment protocol just look at it go: https://101010.pl/@didek/111934952208145427, or just imagine building a payment terminal of a Raspberry Pi
    • Matrix, to unify chat, conference and calling apps
    • some self-arranging darknet protocol becoming a norm like I2P, GNUNet or Yggdrasil, so we could have a backup when mass Internet blockage happen
      • smileyhead@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        There are no IPv4 addresses left. So you eather go IPv6-only, which would make many services not work. Or wait in a long queue to repurpose address spaces marked as depracated which would soon run out too. And then you put clients behind double or triple NAT doing having shitty service.

    • rottingleaf@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      7 months ago

      Matrix I have doubts about. The idea of Tox was nicer, but the implementation quality and the scandal at some point didn’t help.

      Tox felt more playable, like piping files over it or a remote shell over it (I know, bad associations, but still), or even using it for VPN. I think there were clients allowing to do such stuff, and the protocol allows it.

      EDIT: I mean, it’s still alive, just don’t see it claiming the place of FOSS old Skype replacement as it did.

      GNUNet - all you people mentioning it have peers? I tried to set it up a few weeks ago, couldn’t get peers.

      Yggdrasil - feels cool.

      I2P - not intended for that, I think.

      • Cosmiss@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        What scandal did Matrix have? I only just tried out Matrix like a month ago and am unaware of anything like that.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        I2P - not intended for that, I think.

        to be clear, I2P is not really intended for anything, it’s used for everything. It supports all kinds of things, and there are people doing all kinds of things on it. Though i could see potential technological limitations being a problem.

      • smileyhead@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        About Tox, I am not a fan of mixing up universal delivering of packets and applications. Piping files or using as VPS feels like something that would be better done with proper full network and not be mixed with chat.

        • rottingleaf@lemmy.zip
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          I, on the contrary, think it’s cool for things to be universal, layered and reusable for different tasks.

    • Secret300@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      I really hope matrix gets native VoIP. I saw like 2 years ago it was in beta, haven’t kept up with it though. I’d also really like voice channels like discord so my friends and I can replace discord but it seems like matrix isn’t interested in being a discord replacement

      • ducklingone@lemmy.today
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Matrix can be configured to have VoIP. I have it set up on my server. Haven’t tried it in group voice chat setting yet though. Only 1 on 1

  • Julian_1_2_3_4_5@slrpnk.net
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    definitely some alternative internet mesh routing standart, just imagine if every device with wifi or ethernet could just extend the network without relying on an isp, yeah they could still serve as a fast backbone, but they just wouldn’t be needed and no disaster could really ever disrupt the whole internet again

  • Björn Tantau@swg-empire.de
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    RSS. It’s still around but slowly dying out. I feel like it only gets added to new websites because the programmers like it.

      • folkrav@lemmy.ca
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        How so? Outside very niche stuff or podcasts I just don’t seem to it used that often.

        • TechNom (nobody)@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          Most websites still use standard back ends with RSS support. Even static site generators also do it. The only difficulty is user discovery.

          • folkrav@lemmy.ca
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            7 months ago

            Yeah… It always being there hardly makes it a “renaissance”, no?

    • Static_Rocket@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      WebSub (formerly PubSubHubbub). Should have been a proper replacement for RSS with push support instead of polling. Too bad the docs were awful and adopting it as an end user was so difficult that it never caught on.

          • mark@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            Oh neat! I didn’t know this existed. By any chance, do you know of any RSS readers that have implemented it?

            • smpl@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              0
              ·
              7 months ago

              No I’m sorry, I pull my feeds manually using a barebones reader. I’m guessing your best bet is one of the web-based readers as it would require a client with a TCP port that’s reachable from the web. I have never seen a feed who provided the rssCloud feature though.

    • mesamune@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Theres quite a few sites that still use it and existing ones in the Fediverse have it built in (which is really cool). But your right, the general public have no concept of having something download and queue up on a service rather than just going to the site. And the RSS clients are all over the place with quality…

  • x3i@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    Unified Push.

    Unbelievable that we have to rely on Google and co for sth as essential as push messages! Even among the open source community, the adoption is surprisingly limited.

    • TechNom (nobody)@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Nobody knows about unifiedpush. Last time I checked, their Linux dbus distributor also wasn’t ready. There has to be a unified push to get it adopted.

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Fuck Unified Push. Just use the Web Push standard. https://www.rfc-editor.org/rfc/rfc8030

      It is what is used for browser push messages, is already widely supported. Is compatible with existing push infrastructure and users and is end-to-end encrypted. IDK why Unified Push felt the need to create a new protocol when a perfectly good one already existed.

      Although there is no “client side” spec. The Unified Push client side could be useful. But they should throw away their custom backend protocol and just use Web Push.

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    7 months ago

    Markdown. Its only in tech-spaces that its preferred, but it should be used everywhere. You can even write full books and academic papers in markdown (maybe with only a few extensions like latex / mathjax).

    Instead, in a lot of fields, people are passing around variants of microsoft word documents with weird formatting and no standardization around headings, quotes, and comments.

    • southsamurai@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Man, I’ve written three novels plus assorted shorter form stories in markdown.

      There’s a learning curve, but once you get going, it’s so fluid. The problem is that when it comes time to format for release, you have to convert to something else, and not every word processor can handle markdown. It’s extra work, but worth it, imo.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Just set up pandoc and Bob’s your uncle. It’ll convert markdown to anything. You’ll never have to open another word processor.

        • southsamurai@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          7 months ago

          Nice! Thanks for the tip!

          Edit: holy shit, how have I never run across that before? That’s a brilliant program right there.

          • Handles@leminal.space
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            Pandoc + [your markdown editor of choice] is magic. Some editors even come with Pandoc as a dependency so you can export to more or less anything from the GUI. I think GhostWriter and Zettlr at least (I honestly can’t be sure, I’ve changed editors so often and now I just have some Pandoc conversion scripts in my file manager menu).

        • southsamurai@sh.itjust.works
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          Because it isn’t doc is docx.

          Publishers are pissy about such things. Even self publishing (which is what I do now), the various outlets still have limits to what they will use. Amazon accepts something like three file formats, including their own, and pdf isn’t on the list.

          I could just do pdf for directly giving them away to people, but even then, epub is usually a better pick in terms of readability since that’s the standard for actual books since ereaders tend to display it better than pdfs. Most people reading books via files would be using something that can give a better experience with epub vs pdf.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        My main wishlist for markdown, is a better live collaborative markdown editor. Hedgedoc works, but it’s showing it’s age, and they don’t seem to be getting close to releasing v2.

        Etherpad also has a markdown extension, but it doesn’t import / export that well.

      • veaviticus@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        ReST (restructured text) is a good middle ground. I just wish it had more support outside of the python community. It could use some new/better tooling than Sphinx

    • Cyclohexane@lemmy.mlOPM
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Markdown is awesome, I agree! I did not realize you could extend markdown with anything other than html. The html extension is quite nice to do anything that markdown doesn’t support natively, but I wish there was an easier way to extend markdown. Maybe the ones you listed are what I need.

    • warmaster@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Depends on the type of book. Since you need HTML for all non default styles. Therefore, it raises the bar… you need a bit of web dev knowledge which removes the biggest benefit of markdown: simplicity / ease of use.

    • xigoi@lemmy.sdf.org
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Markdown is terrible as a standard because every parser works differently and when you try to standardize it (CommonMark, etc.), you find out that there are a bajillion edge cases, leading to an extremely bloated specification.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Agreed in principle, but in practice, I find it’s rarely a problem.

        While editing, we pick an export tool for all editors and stick to it.

        Once the document is stable, we export it to HTML or PDF and it’ll be stable forever.

        • TechNom (nobody)@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          Commonmark leaves some stuff like tables unspecified. That creates the need for another layer like GFM or mistletoe. Standardization is not a strong point for markdown.

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            I believe commonmark tries to specify a minimum baseline spec, and doesn’t try to to expand beyond that. It can be frustrating bc we’d like to see tables, superscripts, spoilers, and other things standardized, but I can see why they’d want to keep things minimal.

            • TechNom (nobody)@programming.dev
              link
              fedilink
              English
              arrow-up
              0
              ·
              7 months ago

              Asciidoc is a good example of why everything should be standardized. While markdown has multiple implementations, any document is tied to just one implementation. Asciidoc has just one implementation. But when the standard is ready, you should be able to switch implementations seamlessly.

        • xigoi@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          Have you read the CommonMark specification? It’s very complex for a language tha’t supposed to be lightweight.

          • frezik@midwest.social
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            What’s the alternative? We either have everything specified well, or we’ll have a million slightly incompatible implementations. I’ll take the big specification. At least it’s not HTML5.

            • xigoi@lemmy.sdf.org
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              An alternative would be a language with a simpler syntax. Something like XML, but less verbose.

              • frezik@midwest.social
                link
                fedilink
                arrow-up
                0
                ·
                7 months ago

                And then we’ll be back to a hundred slightly incompatible versions. You need detailed specifications to avoid that. Why not stick to markdown?

  • hperrin@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    I wish people used email for chat more. SMTP is actually a pretty great protocol for real time communication. People think of it as this old slow protocol, but that’s mostly because the big email providers make it slow. Gmail, by default, waits ten seconds before it even tries to send your message to the recipient’s server. And even then, most of them do a ridiculous amount of processing on your messages that it usually takes several seconds from the time it receives a message to the time it shows up in your account.

    There’s a project called Delta Chat that makes email look and act like a chat app. If you have a competent email service, I think it’s better than texting. It doesn’t stomp on the images you send like SMS and Facebook do, everyone has it unlike all the proprietary services, and you can run your own server for it that interacts with everyone else’s servers.

    Unfortunately, Google, Microsoft, etc all block you if you try to run your own server “to protect against spam”. Really, I’m convinced that’s just anticompetitive behavior. The fewer players are allowed to enter the email market, the less competition Gmail and Outlook will have.

    As much as I like ProtonMail too, unfortunately their encryption models prevents it from working with Delta Chat. I’d love to see Proton make a compatible chat app that works with their service.

    I made an email service called Port87 that I’m working on making compatible with Delta chat too. I’d love to see people using email the way it was originally meant to be used, to talk to each other, without being controlled by big businesses.

    • morrowind@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      The delay is there because email has no deletion support.

      And a host of other shortcomings.

      I’d rather we replaced email with matrix

      • hperrin@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        7 months ago

        If you’re relying on the remote server to delete something, you can’t trust it no matter what protocol you’re using.

        For a regular email, the chance to undo might be fine, but for real time communication, it’s just an unnecessary road block.

        Maybe if it was optional per recipient, or per conversation, or better yet, depending on the presence of a header, it might be fine. Gmail only supports all-on or all-off.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      SMTP is actually a pretty great protocol for real time communication.

      remembers greylisting is a common thing

      • hperrin@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Yes, I mentioned that. That’s not a protocol issue, that’s a big business controls everything issue.

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      SMTP is a terrible protocol. Text based for sending effectively binary data with complex header wrapping and “generate a random delimiter” framing. We really need a HTTP/2 of SMTP.

      That being said I agree that it exists and works. The biggest blocker to more IM-style communication is largely the UI and user expectations. I have no problem having quick back-and-forths over email but most people don’t expect it.

      • hperrin@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Fair enough. Sending binary data over SMTP adds a lot of overhead, because it all has to be encoded. We should fix that.

    • hperrin@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Oh, another awesome thing about email is that you can ensure that your address is always yours, even if you use an email service provider like Gmail. Any provider that supports custom domains will allow you to use your own domain for your address, then if you want to change your provider, you keep your address. So, since I own hperrin.com, I can use the address me@hperrin.com, and I know it’ll always be mine as long as I pay for that domain.

      This is a much better model than anything else. Even on the fediverse, you can’t have your own address unless you run your own instance.

      If your email service provider goes out of business or gets sold off (skiff.com, anyone?), as long as you’re on your own custom domain, your address is still yours.

      I’m working on custom domains for Port87. It’s definitely a feature I think every email provider should offer.

      • Dave.@aussie.zone
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        7 months ago

        Yes, I shifted to my own domain after my default ISP of 20 years decided that email was just too hard, you know? They didn’t outright say it, they just started batch processing emails so that I’d get all my daily emails at around 2 am the next day. Super handy for time limited password reset emails!

        A few hours reading a guide and setting up a $5/mo linode email server with SPF and dmarc, a few more hours transferring 20 years of IMAP mail from my old account to a folder, and a month or so of changing a few site contact emails over each day when they emailed something to my old account, and now I’ve got an email server on my own domain that is 10 times faster at sending/receiving mail than my old ISP ever was.

        And now I can have amazon@mydomain.com and career@mydomain.com and random other disposable addresses so that when they are inevitably sold off for the $$$ I can just dump them and maintain a spam free inbox.

  • sgtlion [any]@hexbear.net
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    7 months ago

    Honestly, IRC was a very functional, easy, free, low-resource and privacy friendly chat protocol and I don’t really see why it got left behind. If you wanted image/ file support that could really be implemented client and/or server side.

    • Southern Wolf@pawb.social
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Markdown really should have more widespread support than it does. It’s just the right mix between plain text and an office document, I took my college notes with it in fact cause of how fast it was to format stuff. But as far as I know, there’s no default program on any of the (major) OS’s or Distros for viewing it.

      Maybe it’s just due to a lack of standards for formatting or something, but regardless I do wish it was used and supported more.

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        markdown is standardized? I haven’t found two parsers that parse the same file the same for any but the most trivial documents

        • Southern Wolf@pawb.social
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          That’s what I mean by a lack of a standard for markdown. There needs to be at least a core standards for stuff (like bolding and italics), that is universal across stuff. Then if a program wants to add onto it, that’s fine. But just the core parts being standardized would help a lot.

          • Norah - She/They@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            There are some pseudo-standards for it. Github-flavoured markdown is probably the biggest of them. Then you get things like Obsidian-flavoured markdown that is based off of Github’s.

    • duncesplayed@lemmy.one
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      7 months ago

      Heads up for anyone (like me) who isn’t already familiar with SimpleX, unfortunately its name makes it impossible to search for unless you already know what it is. I was only able to track it down after a couple frustrating minutes after I added “linux” into the search on a lark.

      Anyway it’s a chat protocol

        • KillingTimeItself@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          going based on preliminary understanding of this shit, it looks like it does all of the user handling on the client side explicitly, server side probably doesn’t do anything of the significant sort.

          Or at least to a degree that provides reasonable assurance that X person is different from Y person based on the messaging alone. Though your typing style is going to significantly influence it regardless of that.

          probably not accurate, just what i gleaned in about 3 minutes.

  • jared@mander.xyz
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    I’ve been playing with MQTT on meshtastic. I really hope LoRa and meshtastic continue to grow.

    • oldfart@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      The more they grow, the busier the spectrum will be. I really hope it doesn’t grow too much.

  • Mango@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    FTP

    Seriously guys, let’s share files the old fashioned way. Without bullshit.

    • lemmyreader@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      In that case, I’d like to chime in and add NFS to this list. The often overlooked jewel of the glorious past days. /j

      • Mango@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        So like… If I had a game installed on your computer, my computer could treat that game as if it’s local and load files over the Internet like it’s just reading my disk?

        That is cool as fuck.

    • Badabinski@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      I’d like to interject for a moment. What you’re referring to as FTP is, in fact, smelly hot garbage.

      For context, I wrote this while waiting for a migraine to pass. I was angry at my brain for ruining my morning, and I like to shit on FTP. It’s fun to be hyperbolic. I don’t intend for this to be an attack on you, I was just bored and decided to write this ridiculous rant to pass the time.

      I must once again rant about FTP. I’ve no idea if you’re serious about liking it or you’re just taking the piss, but seeing those three letters surrounded by whitespace reminds me of all the bad things in the world.

      FTP is, as I’ve said, smelly hot garbage, and the infrastructure built to support FTP is even worse. Why? Well, one reason is that FTP has the most idiotic networking model conceivable. To see how crazy it is, let’s compare to a more sane protocol, like HTTP (for simplicity’s sake, I’ll do HTTP/1.1. First, you get the underlying transport protocol stuff and probably SSL. The HTTP client opens a connection from some local ephemeral port to the destination server on port 80/443/whatever and does all the normal protocol things (so syn->synack->ack and Client Hello -> Server Hello+server cert -> client kex+change cipher -> change cipher -> encrypted data). FTP does TCP too! Same same so far (minus SSL, unless you’re using FTPS). Next, the HTTP client goes like this:

      GET /index.html HTTP/1.1
      Host: www.whatever.the.fuck
      # a bunch of other headers
      
      

      and you know what fucking happens here? The fucking server responds with the data and a response code on the same goddamn TCP connection. You get a big, glorious response over the nice connection you established:

      200 OK
      # a bunch of headers and shit
      
      HERE'S YOUR DAMN DATA NERD
      
      

      So that’s nice, and the client you’re using to read this used that flow (or an evolution of that flow if you’re using HTTP/2 or HTTP/3). So what does FTP do? It does one of two really stupid things depending on whether you’re using active or passive mode. Active mode is the default for the protocol (although not the default for most clients), so let’s analyze that! First, your FTP client initiates a TCP connection to your server on port 21 (by default), and then the server just sends this:

      <--- 220 Rebex FTP Server ready.
      
      

      ok, that kinda came out of nowhere. You’re probably using a modern client that saves you from all of the godawful footguns, so it then asks the server what it supports:

      ---> FEAT
      <--- 211-Supported extensions:
      <---  AUTH TLS;SSL;
      <---  CDUP
      <---  CLNT
      # A whole bunch of other 4 letter acronyms. If I was writing an FTP server, I'd make it swear at the user since there are a lot of fun 4 letter words
      
      

      There’s some other bullshit we don’t care about right now, although highlights include sending the username and password in plain text. There’s also ASCII vs binary mode. WE’LL GET BACK TO THAT. :|

      So then we want to do a LIST. You know what happens in active mode? Your computer opens up some random fucking TCP port. It then instructs the FTP server to CONNECT TO YOUR GODDAMN COMPUTER. Your computer is the server, and the other side is now the client. I would post a more detailed overview of the FTP commands, but most servers on the internet disable active mode because it’s a goddamn liability.

      I’m probably not blowing many minds right now because people know about this shit. I just want to mention that this is how FTP was built. The data plane and control plane are separate, and back in 19XX when this shit was invented, you could trust your fellows on ARPANET and NAT didn’t exist and sure HAM radio operators here’s the entire goddamn 44.0.0.0/8 block for you to do packet switched radio. A simple protocol for simple times, back before we knew what was good and what was bad.

      So, active mode sucks! PASV is the future, and is the default on basically all modern clients and servers! Passive mode works exactly the same as the above, except when the client goes to LIST, the server opens some random TCP port (I’ve often seen something like 44000-44010) and tells the client, “hey you, connect to 1.2.3.4:44000 to get you your tasty data.” Sounds great, right? Well, there’s a problem that I actually touched on in my last paragraph. Back when this dogshit was first squeezed out back in the 70s, everyone had a public address. There were SO MANY addresses! 4 billion addresses? We’ll never use all of those! That is clearly not the case anymore. We don’t have enough addresses, and now we have this wonderful thing called NAT.

      Continued in part 2.

      • Badabinski@kbin.social
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        PART 2.

        NAT, much like the city of Phoenix, is a monument to man’s arrogance. Fuck NAT, and fuck FTP. If your FTP server is listening directly on a public IP address, then none of this applies. If you’re anything like me, the last company I worked for (a small startup), or my current company (many many thousands of employees making software you know and may or may not hate, making many billions of dollars a year), then the majority of your servers are living in RFC1918 space. Traffic from the internet is making it to them via NAT (or NAT with extra steps, e.g. L4 load balancers). A request comes in for $PUBLIC_IP TCP port 21 or TCP port 44000-44010 and is forwarded to your failure of a boxen. Your FTP server is a big stupid idiot and doesn’t know this. It thinks that it’s king shit and has its own public IP address. Therefore, when it’s deciding what ADDR:PORT it’s going to tell your stupid FTP client to connect to, it just looks at one of the adapters on the box and says “oh, I’ll tell this client on the internet to connect to 10.0.54.187:44007” and then I fucking cry. Your FTP client is an idiot, but IP stack on your router is not and says “oh, that’s an address living in RFC1918 space, I shouldn’t send that out over the internet” and you don’t get the results of your LIST.

        So, how do you fix this? Well, you fix it by not using FTP. Use SFTP USE SFTP USE SFTP FOR GOD’S SAKE. But since this world is a shit fucking place, you have two options. The best option is to configure your FTP server to lie about its IP address. Rather than being honest about what a fool it is, you can tell it to connect to your public IP address. Does your public IP address change? Fuck you, you get to write a daemon that checks for that shit, rewrites your FTP server config, and HUPs the bastard (or SIGTERMs it if your server sucks and can’t do a live config reload).

        Let’s say that you don’t want to do that. Let’s say you work at a small company with a small business internet plan that gives you static IPs but a shitty modem. Let’s say that you don’t know what FTP is or how it works and your boss told you to get it set up ASAP and it’s not working and it surely must be your ISP’s fault. So you call up Comcast Business/AT&T/Verizon/Whoeverthefuck and you complain at their technicians for hours and hours, and eventually you get connected to a human that knows what the problem is and tells you how to configure your stupid FTP server to lie like a little sinner. The big telco megacorps don’t like that. They don’t want to waste all those hours, and they don’t want to hire too many people who can figure that shit out because it’s expensive. You wanna know what those fucking asshole companies did?

        Continued in part 3.