I’m happy to see FTP die. But aren’t some websites still providing download links over FTP? I think it was just a year ago when I noticed I was downloading an ISO file from an FTP server..

    1. 9

      There’s nothing wrong with downloading an ISO from an FTP server. You can verify the integrity of a download (as you should) independently of the mechanism (as many package managers do).


        I agree! The same goes for downloading files from plain HTTP, as long as you verify the download you know the file is okay.

        The reason I don’t like FTP has to do with the mode of operation; port 21 as control channel and then a high port for actual data transfer. Also the fact that there is no standard for directory listings (I think DOS-style listings are the most common?).


          The reason there’s no standard for directory listings is possibly more to do with the lack of convention on filesystem representation as it took off. Not everything uses the same delimiter, and not everything with a filesystem has files behind it (e.g. Z-Series).

          I absolutely think that in the modern world we should use modern tools, but FTP’s a lot like ed(1): it’s on everything and works pretty much anywhere as a fallback.


            If you compare FTP to ed(1), I’d compare HTTP and SSH to vi(1). Those are also available on virtually anywhere.


              According to a tweet by Steven D. Brewer, it seems that at least modern Ubuntu rescue disks only ship nano, but not ed(1) or vi(1)/vim(1).


                Rescue disks are a special case. Space is a premium.

                My VPS running some Ubuntu version does return output from man ed. (I’m not foolish enough to try to run ed itself, I quite like have a usable terminal).


            Yes, FTP is a vestige of a time where there was no NAT. It was good until the 90s and has been terrible ever since

        2. 5

          You got it backwards.

          Yeah, some sites still ofter FTP downloads, even for software, aka code that you’re gonna execute. So it’s a good thing to create some pressure so they change to a more secure download method.

          1. 7

            Secure against what? Let’s consider the possibilities.

            Compromised server. Transport protocol security is irrelevant in that case. Most (all?) known compromised download incidents are of this type.

            Domain hijacking. In that case nothing prevents attacker from also generating a cert that matches the domain, the user would have to verify the cert visually and know what the correct cert is supposed to be—in practice that attack is undetectable.

            MitM attack that directs you to a wrong server. If it’s possible in your network or you are using a malicious ISP, you are already in trouble.

            I would rather see Chrome stop sending your requests to Google if it thinks it’s not a real hostname. Immense effort required to support FTP drains all their resources and keeps them from making this simple improvemen I guess.


          I have an old box running a ton of VMs all with wasted resources and things that aren’t being well maintained. I’m backing it up, rebuilding it with alpine and going to run a docker cluster on it to replace the services so they’re updated with ouroborous.

          1. 13

            It’s not censorship if it’s a private service, revoking service. It’s reasonable for Cloudflare to decide who it does and doesn’t want as customers.

            What’s not reasonable is for Cloudflare to become a fundamental gatekeeper to infrastructure. As long as 8chan aren’t dependent upon Cloudflare to be able to operate, it’s not a problem. The moment they are, it is.

            1. 10

              What’s not reasonable is for Cloudflare to become a fundamental gatekeeper to infrastructure. As long as 8chan aren’t dependent upon Cloudflare to be able to operate, it’s not a problem. The moment they are, it is.

              They aren’t. There’s multiple other options, including building a CDN yourself.

              1. 3

                It’s not to one needs to have a CDN to provide a website, however much the CDN providers want you to believe that, but including building a CDN yourself as a realistic[1] option is laughable.

                [1] Yes, I know, you didn’t use that word.

                1. 4

                  I don’t agree that building a CDN setup yourself isn’t feasible. It’s been done before CloudFlare was on the market. As an example, major FOSS projects do binary distribution, self-built on volunteer time.

                  It’s just expensive compared to just buying CFs services.

                  1. 2

                    Website in general: yes, you can build without a CDN.

                    Imageboards serve a lot of images(its in their name), which uses a lot of bandwidth. You really need a CDN for even a medium sized imageboard. 8chan is an imageboard.

                    1. 4

                      Imageboards serve a lot of images(its in their name), which uses a lot of bandwidth. You really need a CDN for even a medium sized imageboard. 8chan is an imageboard.

                      Yes, you really need a CDN. But images are also relatively easy to distribute and extremely disk-cache friendly. You can build a special-cased CDN for an imageboard. I don’t want so say it is cheap or as high-quality and can just be done on the side, but it is a relatively well-understood problem.

                      (I used to build image and video-CDN, FWIW)

                      1. 2

                        Yes, but there is still price problems, and 8chan would rather not have those. Also, they probably want DDoS protection, as they host controversial content, and building your CDN to handle DDoS attacks adds even more cost. Needing to build your own CDN is not exactly a nice problem to have, and you rather just use somebody’s CDN.

                        1. 4

                          If 8chan’s business model is only cost effective because they are subsidized by CloudFlare that’s a problem with 8chan’s business model, not CloudFlare.

                          Although I guess it is kind of a problem with CloudFlare as well.

                          1. 3

                            There’s no moral right that every cheap option is available to you unless you are a protected class as much as there is no moral right to your business model.

                            1. 1

                              Freedom of speech means the government can’t interfere with speech, not that uttering that speech should be as cost-effective as possible.

                              1. -1

                                Yes, but if there was a 1000$ tax on anything that you want to say publicly, it wouldn’t be free speech, would it?

                                1. 3

                                  This is a non-sequitur. No such tax exists and if it did in a country with freedom of expression, it would be rightfully challenged in court.

                                  Before the internet, if you wanted to get your views out there, you had to pay to publish a newspaper, or a pamphlet, or a book. There was no expectation that you could do this for free.

                  1. 2

                    Fing is a decent Android/iOS app that does most of this. You can see which devices on a network respond and then run a port scan, all through a fairly decent gui.

                    1. 4

                      I’m a bit confused about the date thing. My Mac has the date and time in the menu bar on the right.

                      1. 1

                        Dato can show more information like the calendar and multiple time zones.

                      1. 5

                        Today I set up a peertube instance at https://watch.44con.com/ for Security conferences and researchers.

                        We won’t have open registration, but for any existing security conferences worried about their talks being taken down, they can use our site as a backup. They just need to get in touch with us (details on the about page).

                        We’re also open to security researchers of note.

                        1. 3

                          I take it you have experience with peertube. So just a quick question. Feel free to disregard it.

                          Where do I find interesting things to watch on peertube? If I go to peertube.social, I don’t find anything of interest to me. I try the names of channels I know from youtube, but no luck. Do I have to find specific instances just like watch.44con.com or is there other ways to find content other than “just browsing” page after page? And where do I find other instances?

                          It’s kinda the same problem as with mastodon. It’s not easy to find things to follow. Not as easy as twitter and YouTube anyways. Sigh.

                        1. 21

                          This week I have two C64s coming for use in a project. We’re building an alternate reality game set in the Blade Runner universe for 44CON. Attendees can register as blade runners, build their own portable Voight-Kampff machines, and by connecting attendee badges and interviewing other attendees determine whether or not the attendee is a replicant.

                          Their devices give the blade runners a code they can enter into C64-based Citizen Database terminals to determine whether or not the person interviewed is a human or a replicant. We’ll have a mix of Nexus 6s (who’ll know they’re replicants), and Nexus 7s (who won’t).

                          It is distinctly possible some replicants will also register as blade runner units.

                          We’ve got some lovely people in California working on the badge and PVK units. I’m working on the C64 terminal code, so lots of 6510 assembly for me this week.

                          1. 3

                            Epic. Too bad I am on the other side of the planet.

                            1. 1

                              That is incredibly cool!

                              I sometimes wish I’d bought a C64 rathan than an Atari as my initial 8 bit computer back in 1980.

                              But then if I had I’d never have fallen in love with Atari LOGO and would have never had the experience of having my mind blown and experiencing the fireworks someone likes me who loves high levels of abstraction can get from a really finely crafted programming environment :)

                              1. 1

                                My 8-bit experience is almost all Z80 and 8086 (which is almost the same) aside from microcontrollers. 6502/10 is a weird beast for me. I’m finding C64 asm architecture incredibly obtuse thanks to the custom chips and kernal functions, but it’s all part of the fun.

                                1. 1

                                  Yeah there’s certainly a lot of quirky in the C64 and Atari 8 bit lines! It’s one of the reason I still have a soft spot for them :)

                            1. 4

                              After a long week doing stuff at BSides London, 44CONnect and two days of training, I’m going to sleep properly.

                              I’m also hoping to catch up on some house stuff, do some Amiga tinkering and learn about text manipulation on the C64 for an ARG I’m working on.

                              1. 1

                                Interesting. I had the chance to sit down with the safepass.me guys and go through their approach, which is equally about optimal coverage rather than mindlessly comparing against the db itself (safepass assert coverage higher than HIBP due to the way their algorithm works).

                                It’s good to see innovation in this space. With rotating passwords finally being accepted as a suboptimal idea, it’s even more important that passwords chosen are good enough to withstand password cracking.

                                1. 14

                                  I like how the bottom of the post has a link to ESR’s (now defunct) Google Plus profile.

                                  1. 0

                                    What irony, lol

                                  1. 2

                                    Nice work. My only concern is that one centralized actor is being swapped out for two here (netlify and MS/Github in this case).

                                    Not for me, but anything that gets people out of Medium is a good thing in my book.

                                    1. 2

                                      I’ve just finished writing feedback emails for every 44CON submission this year, so I’m having a quieter day today.

                                      This week I’m working on getting ready for our training next week, which is in the same week as BSides London. It’s going to be a hectic week. We’re also preparing speaker announcements for next week at BSides London.

                                      Finally, I’m spending a few hours getting to grips with Pagestream on the Amiga. I’ve been batting the idea of some sort of an annual 44CON zine for a while but I’m unsure of the format yet. If I can do something reasonable on an Amiga and fill it with things from the period as well as research, then I might give it a go.

                                      1. 4

                                        While most of the recommendations are sensible alternatives, the inclusion in this list of systems with a clear network effect – Mastodon in place of Twitter, PeerTube in place of YouTube – detracts from its effectiveness. The alternatives are software alternatives but the software is an incredibly tiny part of the value of the system.

                                        1. 1

                                          I’m not sure they’re all entirely sensible alternatives. In particular, Mastodon is pretty full on to deploy and manage for most use cases. Perhaps the piece could’ve been improved with some backup alternatives.

                                        1. 5

                                          I’ve contacted them about dropping Amiga support, offering to try and get something up and running for them. It’ll mean the 4000 gets put to good use, and once I have a stable build setup I can try to recreate it using the 68k AROS kickstart and runtime in UAE so they can have an automated checkout->build->submit process.

                                          Hopefully they’ll get back to me. Anyone want to take on any of the other OSes?

                                          1. 3

                                            This is SO COOL!

                                            Just curious, you cite using it for writing and other ‘creative tasks’ in the article, but other than writing what are you using it for?

                                            I have a deep abiding love for DeluxePaint :) I could play with multicycle brushes like, forever :)

                                            1. 9

                                              Ok, I have a ton of stuff lined up for this, but phase 1 is backing up all of my still-working disks with old code, music, art and writing and possibly finishing stuff off. I’ve learned a lot about those things in the last couple of decades, so remixing some of the content and putting it out there in the modern world is high on my agenda.

                                              I’m still building out the box. I have coming down the pipeline for hardware:

                                              • A 16-bit soundcard
                                              • A combo Graphics card, Ethernet card, Coprocessor and Memory expansion
                                              • A 68060/50 to replace the 040
                                              • A Compact Flash card to replace the hard drive as heat will start to become an issue once the 060 is in.

                                              All of the older stuff I’m buying needs to be recapped, so I’m going to look into doing that myself. The Amiga doesn’t do APM or ACPI, so I’m going to build my own device to monitor temperatures and shut the Amiga down if it gets too hot.

                                              I’m going to use it for:

                                              • 3D Modelling and Fractal animation generation
                                              • Pixel art and photo editing (once the memory expansion is in)
                                              • Setting up a modtunes radio station that records modtune mixes and releases them.
                                              • Writing an intro/demo for next year’s 44CON
                                              • Writing short form fiction with Final Writer
                                              • Managing my finances with Turbo Calc
                                              • Possibly doing an online zine with Pagestream
                                              • Trying to edit a podcast once I have the 16-bit soundcard, network card and extended drive set up
                                              • Remixing old mod tunes I wrote, and writing new ones
                                              • Adding Amiga hunk binary support to Radare

                                              One of the 3d world generation tools I want to use, Vista Pro has problems opening up on my RTG workbench, so I’m using that as an excuse to learn a disassembler/debugger called ReSource. I know how to fix the binary, but I want to understand why the fix works.

                                              Basically I’ve spent nearly 20 years away from the Amiga, in which time I’ve developed (relatively) god-like reverse engineering and hardware hacking powers compared to my teenage self, so I want to put them to good use and have a go at all of the things. Hopefully it’ll give me something fun to do for the next 20 years.

                                              1. 4

                                                I remember Vista Pro!!! I could never figure out how to use it fully but it was amazing for its time.

                                                Remember Director? The 2D animation DSL? I used that a lot and did a Media internship project in it for college.

                                                Thinking about this stuff makes me realize how much of the software that made the Amiga great really was way ahead of its time and still has things to teach us today. There are many lessons that breakthrough software can teach us.

                                                You should totally document this project to the nines as you go!

                                                1. 3

                                                  Remember Director?

                                                  Sadly, no. I never used it. I used Scala, but not Director.

                                                  Having said that, if you’re interested, there’s an ADF for use in WinUAE, along with the manual in case you’re feeling rusty.

                                                  I’ve made a note to check it out and spend some time with it though. Might be a while before I get to it.

                                                  1. 3

                                                    The main thing I took away from reading about the Amiga was that it (IIRC) used a mix of software and hardware offloading. Our smartphones are doing that now. You could say its legacy lives on in that way. Just too ahead of its time.

                                                    1. 2

                                                      That’s one piece of it, but it’s far far more than that. AmigaOS had pre-emptive multitasking way before any other non UNIX desktop OS did, and it had a message passing ‘exec’ (Most would call it a micro-kernel these days).

                                                      And yes it had an awesome graphics coprocessor (Coppper) and a bit blit transfer coprocessor (Blitter) which all had rich support in the API (Intiution).

                                                      The whole thing was written with a sense of humor and had an … elegance? To it that’s hard to describe in the here and now.

                                                      It also had a full user / application scripting enviornment, ARexx, so you could have scripts that ADRESSed running applications and sent them commands that they exported.

                                                      So you could have a script that had your Telecom program download a ZOO file full of images, tell your unarchiver to unarchive them, and then tell DeluxePaint to load and transform them, saving them back out, and then have your mail program mail them to you.

                                                      The other thing to know about Amiga is that a TON of incredibly ground breaking software was originally developed on that platform. Lightwave 3D started out there for example.

                                                      Also - the games were amazeballs for their time. So yeah, if you were into computing at that time and didn’t have access to super high end workstations, it was basically magic :)

                                                      1. 2

                                                        Thanks for the details! I’m slowly trying to piece the picture together one article and conversation at a time. You’re the first to tell me about the scripting stuff. It definitely sounds better than my DOS with graphic shell experience. ;) I think modern audiences could get an appreciation for it today if it was presented comparatively to a system, apps, and games of that time. Not a rigged demo by zealots: someone highlighting realistic use of good apps on both platforms in a way that shows Amiga’s advantage as a side effect.

                                                        I heard about Lightwave. Closer to home was that the Preview Channel ran on Amiga. Means I used Amiga without knowing it for a decent chunk of my life.

                                                        1. 2

                                                          Kinda not surprised. They’re tucked away in some surprising places. There was one that was still running a school’s HVAC in a closet for YEARS:

                                                          1. 2

                                                            Amazing. Reminds me of this advertisement about an AS/400 doing something similar. People used to lose VMS servers, esp pizza boxes, too. This kind of thing probably happens way more than we hear about it. The ones that ran for years seem to be on specific OS’s and hardware that aren’t mainstream, though. I still think high-reliability deployments that don’t need raw speed should consider leveraging such technologies where possible.

                                                            I also speculate that the physics of modern, process nodes that breaks chips means using oldest ones available will always have advantages. The used Amiga you bought on eBay might outlast your brand-new, high-reliability chip from 28nm fab. There’s you a business justification for loading up on them for critical services. :)

                                                    2. 2

                                                      I used to love Vista as a teen and had totally forgotten about it until this comment :) Deluxe Paint IV, too.

                                                      How’s emulation lately? I guess ROMs are difficult to find. Presumably the hardware can be emulated at native speed though?

                                                      1. 1

                                                        You can purchase the full ROM set as well as super easy to use software at http://www.amigaforever.com - emulation is startlingly good on quite a number of platforms.

                                                        I’ve been playing with getting UAE running on my Clockwork Pi - handheld Shadow of the Beast!!! :)

                                                1. 3

                                                  Instead of having a bulky A4000 for tasks you outlined in the commect, couldn’t you just get a little cute A600 with Vampire 600 V2 accelerator (68080 CPU on gate-array, which is a 68060 with fixed bugs and added pipelines, also RTG graphics card beating any MNT product (or any ZorroIII card, but I’m not trying to advocate it over Mediator PCI + Radeon / Vodoo))?

                                                  Soundcard can be added on „clock port” and these are cheaper (and newer, as clockport got developers’ attention pretty recently).

                                                  Of course A4000 is great looking „desktop” machine and I really appreciate it, but currently the only case I would find for it, except some VERY SERIOUS stuff like plugging PowerPC, Mediators, TV cards and so on is to have VideoToaster in it, or other „DraCo-style” setup with few TV/encoding/processing cards, Scala and other video editing software.

                                                  Not to mention you can just simply plug cheap RTL8319/3C589/Prism2 network card into PCMCIA port in A600, add Roadshow to S:Startup-Sequence and release yourself from the need of any other x86 machine, also releasing your CPU a lot from TCP/IP processing from raw serial port

                                                  1. 2

                                                    I have a bunch of other Amigas, I think I have an A600 in the loft, and my A1200, possibly with 2 A500s is somewhere in my conservatory. Of course, I can do things even faster still with a Raspberry Pi, or with WinUAE on my i7 beast.

                                                    This isn’t about performance though, it’s about youth and love. The A4000 was my dream machine as a kid. It’s not something really for me to own, it’s something for me to take care of, to look after until it’s next owner, probably a museum.

                                                    I do miss having a clock port on the A4000 - I was hoping to build an i2c interface that I could use with some temperature sensors to do some kind of power management. That’s a project for down the line though.

                                                  1. 2

                                                    The only insanity is the price tag.

                                                    1. 2

                                                      I hear that, I’m coming on what must be around $5000 in US money spent so far on the kit and upgrades. Worth every penny though.

                                                      Although, compared to the retail pricing, I’m doing pretty well for the horsepower.

                                                    1. 3

                                                      My weekend project is setting up PPP between my Amiga and a Raspberry Pi so I can connect to my local network via serial, then writing it up.

                                                      I’m also going through my old floppy disks from when I was a teenager and trying to recover my old files from it for archival.

                                                      I might get distracted with a bit of Stunt Car Racer while I’m at it.

                                                      1. 2

                                                        This week I’m mostly working on the 44CON Training and 44CONnect sessions in June. I’m also looking at setting up an Adwords campaign. It’s been a while since I’ve done adwords.

                                                        I picked up and installed my Amiga 4000 just this weekend, so on a personal note task number 1 this week is reverse engineering and modifying the Vista Pro 3 binary to work with my Picasso II RTG graphics card. Pics are up here, with more being added as I go.

                                                        1. 17

                                                          We finally launched gambe.ro, the italian equivalent of lobste.rs. This week I(we) have to work on the first batch of feedbacks and maybe work on a dark theme that can be contributed back to lobste.rs

                                                          1. 1

                                                            As italian, congratulations! Can you send me an invite? :)

                                                            1. 2

                                                              You can request it directly on the website.

                                                            2. 1

                                                              I guess there’s no .te for Aragos.te. Looks great though!

                                                              1. 1

                                                                Yep, indeed. We briefly considered spaghettialloscogl.io but we went for gambe.ro