Last week was pretty tough. It started well, but then I got one of those nasty "stomach flus" which lasted most of the week. And, I learnt that I need to grow an even thicker skin if I am to continue building this business, continue doing the work that I do, and continue becoming the man I want to become. Lots of challenges.

Nevertheless, I still managed to work on ZitaFTP Server, and a new update is available now. Here's what's improved...

Progress Update

This new release is a continuation of fixing little issues, and ensuring that ZitaFTP Server works with more FTP clients. Android users will be thrilled to learn that TotalCommander's FTP plugin now works fully. I found a nasty corner case in the TLS handling code that could result in data loss during file uploads, resulting in "bad record mac" TLS protocol errors. WinSCP may also have been affected by this bug, although I ran out of time so cannot confirm. Special thanks to Paul E. Bloedel for testing to eliminate other possibilities and for the "uploads only" hint that helped greatly in narrowing down where to look.

Sadly, AndFTP still doesn't work, and this time I have no plans to implement the necessary workaround. That's because it'll introduce a potential security loophole. The FTP protocol uses two channels, a control channel for commands, and a data channel for transferring data. For security reasons, ZitaFTP Server enforces that the TLS session used for data channels must be shared with the control channel. This is the only way to ensure that the computer connecting to the data port is, in fact, the same one logged in to the control connection. Allowing separate TLS sessions opens the possibility of data channel hijacking, and that's exactly what AndFTP would need.

Discovering the differnt FTP client behaviours has been interesting. SmartFTP, for example, needed the SIZE command in order work properly. Other clients abuse the SYST command's response. So, ZitaFTP Server now gives a generic "UNIX Type: L8" response (no more "AmigaOS"). Lots of little quirks and eccentricities. You'll find the full list of changes in the release-notes included in the update archive.

Thank You

A big thank you to all who have bought ZitaFTP. You've bought into ZitaFTP at this early pre-release stage, and I truly appreciate that. Having paying customers is an added motivator to keep improving the product (one of the reasons I decided to release it this early), and I look forward to delivering an ever improving FTP server to you.

What's Next?

There's still more work to be done to improve compatibility with more FTP clients. CoffeeCup FTP will need the LIST command to support having paths (or it'll refuse to upload), and it also likes the MDTM command (as do "FTP mounter" type clients). I also need to improve handling of symbolic links.

I will also be starting work on the User-Interface (UI) side soon. First up will be a docky. This will give feedback on what the server is doing, and also a popup menu for basic tasks such as restarting or quitting the server. Yes, the days of needing to do a "status" and "break" to shutdown the server will be coming to an end.

After that will come a full web-based configuration interface. The current makeshift configuration GUI is more effective than I expected, and the configuration file is pretty easy to edit. Building this will be a lot of work, but having a full GUI is essential.

Once the full GUI is in place then the basics will be done. Beyond that, there are FTP extensions to add, and plenty of good enhancement ideas to implement (both mine, and from users). Oh, and yes, I'm aware that AmigaOS has no FTPS client at present, and this is something that will need to be addressed.

ZitaFTP Server is only going to get better and better. Keep an eye on your inbox...


P.S., If you're not on my mailing list, then sign up here. You'll get email notifications when I publish new blog posts and, from time to time, exclusive "mailing list" only info.


Credit: Image by Jerzy Górecki from Pixabay