If Fur Affinity went offline for good what would you do?

Started by Masozi, March 04, 2011, 12:23:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Masozi

March 04, 2011, 12:23:15 PM
I have also posted this hypothetical question to my FA journal.

In the past couple of days Fur Affinity has been "under attack" from an outside source that has on occasion caused the site to be slow, even inaccessible. This got me to thinking about what I would do if FA were to go offline permanently for whatever reason, (use your imagination to figure out any potential causes).

The questions are simple...

1.) If FA were to go offline for good then where would you go?
2.) What site might become the new "center" (for lack of a better word) for the online Furry art community?
3.) Do you think that someone might come along and try to resurrect FA if it had gone offline, change it etc... ?

My answers before you give yours...

1.) I would probably end up using SoFurry or Inkbunny as primaries to start with. I would keep an eye on any site that would be growing the fastest so that I could concentrate my art there, (especially if it were to get as big as FA). I would also consider a personal site.
2.) I am not on every art site out there but SoFurry or Inkbunny might become new community centers unless ArtSpots or other sites like it got bigger.
3.) Depending on why the site went down I think there would be an attempt by someone to bring it back. (Although that might not happen if the site went offline due to legal reasons like being shut down by the authorities etc.)

Any thoughts you guys might have?
*Yoda voice*   Gone is the hyena you once knew. . .changed to Masozi he has. . .with it deal.  *end Yoda voice*

EmoFox

#1
March 04, 2011, 01:11:00 PM
1 - Sofurry
2 ...Sofurry or DeviantArt
3 i think the only reason FA would ever get shut down is for legal reasons, thankfully I don't think there are any legalities currently, that can allow such a thing. If there were, other furry art sites would be targeted simultaneously, or shortly after the fall of FA.
Whether you think you can, or you think you can't, either way you're right.
Laugh, and the world laughs with you. Cry, and the world laughs harder.

Ember

#2
March 04, 2011, 01:44:07 PM
I'd not really care?

I'm never on there.

zenia

#3
March 04, 2011, 02:43:50 PM
*shrugs* I would keep posting my furry art on DA (though not naughty stuff), SoFurry and Inkbunny. I'd still use FAs forums though. They don't go down when the site does.

mediar

#4
March 04, 2011, 02:49:18 PM
Inkbunny > sofurry
There are 10 types of people in the world, those who understand binary and those that don't.

Arooo!

mediar

#5
March 04, 2011, 02:58:14 PM
I will fix this when i get home.
There are 10 types of people in the world, those who understand binary and those that don't.

Arooo!

Roffo

#6
March 05, 2011, 01:02:40 AM
If it were gone completely than I would lol' because all the trolls would be shouting out joys of victory.
Aside from the trolls, I wouldn't care all too much.

Ravenwood

#7
March 05, 2011, 04:12:48 AM Last Edit: March 05, 2011, 04:14:21 AM by Ravenwood
Given how incompetent the FA staff are as a general whole, I keep expecting it to crash and burn at any time.

I mean, really...  What the hell kind of network admin makes their internal network externally routable?  (Meaning that every machine on FA's "internal" network has an IP that can be reached by any computer in the world.)

FA has a single machine called "FACDN" FA Content Delivery Network, which hosts all the pictures/content.  (Don't you need more than one machine to call it a network?)  It uses a crappy anti-hotlinking script that prevent you from hotlinking an FA image from another web site.  But by some hilarious level of total incompetence, FA's own machines aren't on it's white-list.  By way of demonstration, if you go to FA via it's IP address ( http://70.33.186.196/user/fender/ ) then you'll see that all the images are blocked because FACDN doesn't recognize FA's own web server.

What kind of moron designed this?

Then when FA unrolled the ability to hide comments, they did it in such an appalling way.  In short:  the command to hide a comment on your journal was a link that included the account-id, the journal-id and the comment-id.  FA checked to see that you were logged in as the account, and that the journal was owned by your account.  But it didn't check to see that the comment matched the journal.  That means you could arbitrarily change the comment-ID to anything you wanted and hide any comment from any journal.

Once you've given your head a shake, don't forget that for 6+ years FA sent all passwords in plaintext, so that anyone with a packet sniffer could see your login and password for FA.  They continued to do this even after someone sniffed an admin password and then hacked FA AT THEIR OWN CON!

Mind that, last I heard, FA still doesn't have test server, so they have no way of testing new code before it goes live.

Instead of spending money on commissions, maybe Dragoneer should hire someone that actually knows what they're doing to fix the existing problems?  But then, I bet that everyone they hired to fix problems has taken one look at FA's code and run screaming.  I can't even imagine what their database must look like.

kayfox

#8
March 15, 2011, 04:38:50 AM
I *was* gonna keep this quick and to the point...

A problem with the way logins were handled was found while evaluating the FA code for ArtPlz (there was much debate about whether the code was GPL around this time, ArtPlz eventually scrapped the FA code, then scrapped itself, and a whole bunch of other drama), I think NRR found it and it was communicated to Jheryn at FurAffinity as well as a patch to fix it, nothing was done with this.  Later I found that it was trivial to sniff passwords for FA using a windows based piece of software called Cain and Abel[1], thus making it easy for a random fur without enought technical ability to configure Snort to sniff FA passwords on open WiFi,  I tested this by packing my laptop with Cain running around FC 2007 and collected approximately 50 usernames and passwords, which I dont seem to have retained.  I mentioned this problem to Dragoneer et al approximately every 6 months after this.

Fast forward to Feb 27th 2009, Mikau mentions a post on the FA forums [2] in the VFur Mailing list, this caught the attention of Silver Wuffamute who brought it to Dragoneer's attention, and through some discussion it was implied that Trapa would be allowed to help out FA with its problems, but nothing came of that.

On July 29th of that same year, the site went offline and immediately Arcturus, NRR and Pi were blaimed.  During the following confusion all of these people as well as myself and a few others were ejected from #furaffinity on FurNet as well as the Snowpony coming into #hackfurs and locking that channel/ejecting its participants.  I was threatened with a Gline, and I remember being briefly banned from FA.  See cite 3.

In the interim here, Eevee quits the Ferrox project.

Around October of 2010 Eevee points out some holes in the newly implemeted comment hiding feature, in that anyone who has made at least one non-deleted journal can hide any comment on the site, he is ignored for several days, becomes impatient and starts hiding comments on the site, first just those in Dragoneers journals, but eventually more than that.  He provides instructions on how to fix the issue and how to unhide all the comments he hid, he is banned for his efforts.[4]  Later he posts a list of major security holes in the FA code[5], but without exact details in order to avoid people causing havok on the site with his information.  This also appears to have been ignored.

In December of 2010 someone manages to exploit a hole discussed[6] on November 9th of that year to make themselves Dragoneer and use the view all notes feature of the Admin CP to download all the notes of approximately 40 people.  The notes are later posted in various places and reveal some things that surprised alot of people (myself not included).  Intial blame was on the above "#hackfurs crowd," but later speculation trended towards /b/.  The culprit was never found.  Many people offered to help with the issues, including some very skilled people (IE: Pi, Verix, etc).

In the mean time, Yak declines help from Verix, Pi, Eevee, and myself, also implying that anyone out of the larger "group" of people these people are "members" of will be turned away.  This may constitute a large portion of the security experts in the furry fandom (of which I do not claim to be one of).  During the period of December 2010 to approximately late Feburary 2011 there is much discussion on the systematic breakdowns and security of FurAffinity, including a remote zero-inside-knowledge evaluation of their network structure [7].

In summary, its very hard to say that FA has not had the resources available to solve their security, as well as many other problems the site has.

Citations and Notes:
1. http://xheotris.zerda.net/~kayfox/fa-cain-12jan2007.gif
2. http://forums.furaffinity.net/threads/37768
3. http://en.wikifur.com/wiki/History_of_Fur_Affinity#July_2009_outage_and_IRC_bans
4. http://eevee.livejournal.com/329409.html
5. http://eevee.livejournal.com/329817.html
6. http://eevee.livejournal.com/332250.html
7. http://www.vivisector.org/vivblog/index.php?/archives/32-FA-Technical-Expose.html
Print
Go Up Pages1
User actions