Cyberduck

Has your web site been quacked lately

UPDATE: from version 3.3, CyberDuck dos not support AppleScript. It coincides with the appearance of OS X 10.5 Leopard and from a little research, it seems Apple have changed how AppleScript works underneath causing some applications to "break".

One of the most difficult processes for an administrator is to manage a folder of folders on a remote server. Cyberduck allows you to do this ease. In my case it happens to be a website but of course, web-sites are just like any other folder except, generally the web server process root folder and its contents are owned by the web server process and are mamaned by that server. No one else can access the folder (except an administrator with equal rights as the web server process). Even the root user should be blocked! And for added security, the files can be made read-only to everyone, including the web server and administrator. Of course we never go this far, because of the inconvenience and the need to update files, leaving holes! But it can be done and should be done.

Moreover, for a web site, it can be further protected by using the WebDAV protocol on top of HTTP. WebDAV is enabled in Apache by means of a module. Apache Foundation considers allowing FTP access to a web server controlled folder a security risk. WebDAV is relatively easy to configure. It is the same protocol, using a publish-subscribe process, that allows iCal to transparently access password protected remote .ics files.

Cyberduck, like other FTP applications basically takes folders of files and moves them around securely, if you are careful. Here is the Applescript I use to automate the process of getting access to my remote development web site. Only I and the remote web server process have access. Period. Once I have access I work within the GUI of Cyberduck and then disconnect. My approach is to do the fast edit-build cycle on a Mac mini (using a local Web Server and Safari), and then FTP the site folder (or changed files) over to the NAS. I then access the NAS from the mac mini through Safari to ensure the slow cycle round trip is completed. After this I can be confident that the web site is robust.

-- Quack-It vers. 0.1 by Ian Parker: first worked on: 2009-02-24, last worked on 2009-04-25
-- Manage file sync for non-Mac NAS Web Site Access from a Mac
-- I'm not a big fan of timeout.. but this is a legitimate
-- use of the construct
-- this gets me access, using "ftp://.../", could be anywhere 
-- assumes ftp: protocol and access for user has been set up at server end

set server_name to "server" -- on same domain
tell application "Cyberduck"
	-- get me a new window
	set theBrowser to (make new browser)
	-- to ensure that Cyberduck does not han looking for
	-- a non-existant server. 
	--2 minutes to get me connected and ready to rock and roll
	with timeout of 120 seconds
		tell (theBrowser)
			-- don't show invisible files (un-interested)
			set show hidden to false
			-- generic names here of course!
			connect to serve_namer with protocol "ftp" as user "me"
			-- show me the web folder
			change folder to "/web"
			set theFiles to (browse folder (get working folder))
			-- we can now work on the files shown in a GUI interface
			-- mannually disconnect (ie by button press in Cyberduck)
		end tell
	end timeout
end tell

Secure file transfer to/from a remote site for DER UMPC file transfer

This issue will become of significant importance when teachers want to be able to provide data files to and get data files from students with DER UMPCs ("little laptops"). Inherently there is nothing preventing Mac OS X users using ftp:// from accessing sites hosted on Windows servers. It depends on how the Windows server site is set up, the type of files and what protocols (such as http: (WebDAV) or ftp:) are activated.

Currently, due to significant "lock down" restrictions, the only way to easily transfer files to and from DER UMPCs is via highly insecure means: Bluetooth (sometimes from mobile phones!), USB Memory, SD Memory Cards or other work arounds that take time and generally are highly serial synchronous activities are being used. I'm sure this part of the ecosystem will diminish as we develop more mainstream methods for interoperability and round-trip file transfers (from teacher, to student, to teacher).

A much better relatively secure methodology, treating the server as a remote access NAS device, is:

• set up a secure ftp:// server (on any OS server - the more obscure the better-just kiddin) on the school LAN
• provide a link to the server log-in through a web server page. 'Public' here could be visible only on LAN or visible on Internet. The aim is to provide a common access portal, that directs students to various resources using the same idea as for, and could be embedded in, a "home-page" on a web browser.

Windows, with IE8 and Windows 7 are able to do the full remote ftp:// client bit. Of course they have to be configured, and will experience the same security restrictions.

What does Mac OS X offer?

Firstly, to determine your system configuration and what different applications can do, download DCDefaultApp 2.1. Surprisingly, VLC can do ftp://, http:// and udp:// as well as rtsp:// and mms://!

There is no equivalent bundling of ftp:// in Safari as there is in IE8. Out of the box, Safari will accept the ftp:// protocol but hands it off to Finder so that your ftp:// connection looks like a (n almost) seamless extension to your desktop. Using the standard Mac OS X configuration you can navigate the remote site in exactly the same way as you do with your local attached storage devices(hard disk drive,USB memory, CD_ROM) because you get a similar representation on your desktop. This part is exceptionally well implemented.

Of course, the permissions on the server side determine what you can do with the files. MOST administrators set up ftp:// sites as read-only sites for mass download. But ftp:// is also used for remote upload (in which case a few users, such as teachers, will need read/write ftp:// access).

Interestingly, Mac OS X contains an OSAX called 'URL Access Scripting' that implements general upload and download commands including request for authentication, so it and a number of command line programs (such as cURL) can be used by GUI applications to implement various protocols such as 'http://', https://, ftp:// and ftps:// and sftp://.

The simplest and most effective way to emulate the ftp:// part of the IE8/Win7 bundle is to use a third party application such as CyberDuck. In return for this (slight inconvenience) we get much better control of the ftp:// process. For example, the ability to simultaneously look at the remote and local representations of a folder contents, and easy synchronisation of the local, and remote structure.