Hi, folks! The issue of retrofitting security into an existing protocol or service is generally tough to do, it's usually a mess. Like where you have something that's in place and you gotta somehow get security into it, retrofit is always tough. There are cases where it is so tough that you have to go back and redesign the thing in the first place, [LAUGH] okay? You may remember if you've been with us for other videos that I showed you how to break into an old soda machine, well, how did that get fixed? I just redesigned the soda machine. It's like, I'm sorry, there's no other way to fix this than to just go back, and we blew it, we gotta redesign this thing better. As you're learning cybersecurity, keep that in mind, that's always an option, you can redesign things. This is not astronomy, where if you don't like the way stars are aligned there's nothing you can do, God put them there. Well, in cybersecurity, we're dealing with man-made objects. You don't like the way something is set up, change it. FTP can be changed. So it turns out that the designers of FTP, I'll remind you, we had this idea where we had a port command that went from the client to server on outbound TCP connection if the firewall was faced in that direction, and then a reverse inbound TCP connection to transfer data, we hated that. because I'm going to have to have a rule for that second thing, like I've got a firewall protecting all of my clients, I'd have to have a rule for that second TCP connection that just says, if you ever see an inbound TCP connection from like port 21, anywhere coming inbound, you have to allow it. Would you be comfortable with that? Well, nobody wanted that role. See, they noted it. They, that so that the Internet community have came up with the new design for FTP, we called it PASV mode, some people call it firewall-friendly mode FTP. I still call it obsolete, because you probably just used your web browser any way. But at least for a fashion, it was pretty important that we went back to the drawing board and set things up where the client would issue something called the PASV command to the server. The server would then say, okay, great, let's do data. And by the way, here I'm going to set up a port. And in the diagram here, I have it setting up port 3005. And then the client goes, great. And then it says to port 3005, hey, you want to do data? And it says, sure, let's do data. And by the way, the reason you're establishing a dynamic new port is this sort of an improvement on FTP, it allows the server to be more dynamic in its port assignment for data transfer, a little optimization in the way that thing work. But now the firewall only has to have outbound allows, no inbound allows, and that makes for big smiles amongst firewall engineers, do you follow? So before we had bidirectional, didn't like the rule, came to the conclusion we couldn't fix it, so what did we do? Changes the protocol, I think it's a good story. I think it reminds us as computer scientists that sometimes we do have to go back and redesign systems. Computing is not natural science, it's mathematical science, this man-made systems that we build, and we can go back and rebuild them. So I hope that's been useful for you, and I'll see you in the next video.