This is still the header! Main site

Sharing File on the Internet

2021/10/09

... how is this not a thing?

This is post no. 34 for Kev Quirk's #100DaysToOffload challenge. The point is to write many things, not to write good ones. Please adjust quality expectations accordingly :)

Once upon a time... well, you only had one computer. Said computer had one hard drive, on which there were files. Simple.

But... suddenly, you had two computers. Enter the magic of Windows 95 file sharing: you could just share a folder with the entire local network (... which was all there was; no internet, remember?). If you were really fancy, you could put a password on it, too.

win95 file share dialog with a list of machines in the background
(screenshot from toastytech.com which has a bunch of cool vintage screenshots)

Fast forward 25-ish years. (Update: The Internet now exists.) Let's say... you want to share about 15 GB of trip photos with one of your friends. Should be easy, right?

Well, it really isn't. Even if you actually happen to know "computers".

(... or am I doing something wrong?)

The options

Well, to begin with, we don't have anything that would look like file sharing that's actually Internet-capable. As in: we have SMB for Windows and NFS for Linux; neither of them is particularly suited for the purpose. As in... the general recommendation is to not expose SMB as an open port (since it's actually based on an RPC protocol that is complicated enough to have security holes and let attackers do stuff that you'd generally not want them to do), while NFS security is... either IP-based and unencrypted (... which sounds a lot like "no security whatsoever");, or, otherwise, assumes a Kerberos realm (which is hard enough to set up even if you're one person on a single network). Which leaves us... something over ssh.

Well, obviously, you can just rsync things over, right? (... if you happen to have a Linux box on both sides, that is.) Or just use winscp if you don't. You do a bunch of port forwards, and then... yet again, you have a universal RPC thing put on the internet: ssh itself. Are you sure you don't have some random default users on there? Plus, you aren't really sharing files; the granularity you get is "full shell access or nothing".

As if... there wasn't just an actual protocol to provide access to files that wasn't doing a whole lot of other things (and is, thus, reasonably safe to expose). Except... maybe HTTP, but HTTP can't even provide a reasonable directory listing, and no one really uses it for this purpose anyway.

It's just... weird.

... comments welcome, either in email or on the (eventual) Mastodon post on Fosstodon.