Another day, another hacking

[Pi]

Remember, Summercat, how I was saying that stacking on extra layers of indirection for communication was not a winning proposition? Is this thread and the related incident not clear enough evidence to you?

I've got a breathtakingly simple plan for mopping up around this. You'd rather make me play chinese telephone to get Yak to hear it.

Also, Trpdwarf: Your response to a reported security problem should not be "RUMORS QQ LOL UR JUST CRYING AND BITCHING XD!!!!". You are a bad administrator and should feel bad.

 

[Arshes Nei]

We need again a "Steward" or another lead admin, we're getting nowhere. Communication is not going through and too many Indians are running around trying to be Chiefs because the ones that want to help are also embarrassed by this. The thing is while I can do this...it's not something I think I want to do for the long run. Sorry but being in charge of a furry site isn't exactly in my tastes. I don't mind helping out because I like...well art, and this is one of few sites that has enough of a scope to post art of different varieties as an illustrator.

Also Trpdwarf and Pi, let's stop the bickering, I know it's a knee jerk reaction to each other due to history, but let's not try to do the usual tit for tat.

 

[Trpdwarf]

We need again a "Steward" or another lead admin, we're getting nowhere. Communication is not going through and too many Indians are running around trying to be Chiefs because the ones that want to help are also embarrassed by this. The thing is while I can do this...it's not something I think I want to do for the long run. Sorry but being in charge of a furry site isn't exactly in my tastes. I don't mind helping out because I like...well art, and this is one of few sites that has enough of a scope to post art of different varieties as an illustrator.

Also Trpdwarf and Pi, let's stop the bickering, I know it's a knee jerk reaction to each other due to history, but let's not try to do the usual tit for tat.

Uh, I wasn't bickering last I checked. I honestly based on the information I had and after talking to people in IRC thought that this was a case of something jumping the gun on rumor. I didn't want to see another shit posting thread with people flinging wild rumors around. Perhaps if we work on that communication thing I spoke of earlier which I know we all will, then stuff like this can be avoided.

And to PI: It was a reported security problem but was there any other then here say at the time posted to back it up? No. Just a link to "What this person said" instead of something more legitimate. So, people need to keep that in mind. Make threads in that context and well, you may find some of us not taking it too seriously.

 

[Arshes Nei]

Uh, I wasn't bickering last I checked. I honestly based on the information I had and after talking to people in IRC thought that this was a case of something jumping the gun on rumor.

The response though comes off snarky the QQ stuff, I am with you on the second paragraph of your initial response however.

Let's put it this way, your initial response was a reaction that you assumed someone jumped the gun. You were hoisted by your own petard when you didn't realize that the response was a "jumping the gun" too (and yes, lack of communication was part of that).

 

[Trpdwarf]

The response though comes off snarky the QQ stuff, I am with you on the second paragraph of your initial response however.

Let's put it this way, your initial response was a reaction that you assumed someone jumped the gun. You were hoisted by your own petard when you didn't realize that the response was a "jumping the gun" too (and yes, lack of communication was part of that).

I didn't intend for it to be snarky or rude I suppose I can see where people come off seeing it as that. Either way this is something for people to learn from.

 

[Arshes Nei]

Thanks for understanding Trp, of course the next issue is what now. This feels like the same pattern over and over again and with admins that should know better. I already wrote the guidelines because people kept "talking about the talk" and none do the walk. So I went and wrote it and even encouraged other tips for discussion. It gets buried. That's just frustrating. :/ (not at you specifically, but just the mentality of the whole situation).

 

[Volkodav]

I have a few things to point out.
1. When signing up for a website, it usually says "DO NOT GIVE OUT YOUR PASSWORD" or "ADMINS WILL NOT ASK YOU FOR YOUR PASSWORD"
2. What admin forgets their password? Why is it not written down IRL? [I know he didnt actually forget it]
3. Why do all the admins have eachothers passwords?

C: Just somethin to... roll around in your lil noggins for a bit.

 

[ArielMT]

Before I'm asked, I offer an apology. I'm sorry. I am truly sorry for the part I played in this incident, no matter how small it was.

I have a few things to point out.
1. When signing up for a website, it usually says "DO NOT GIVE OUT YOUR PASSWORD" or "ADMINS WILL NOT ASK YOU FOR YOUR PASSWORD"
2. What admin forgets their password? Why is it not written down IRL? [I know he didnt actually forget it]
3. Why do all the admins have eachothers passwords?

C: Just somethin to... roll around in your lil noggins for a bit.

1. That's not what happened here. An "admin" asked for his password, not someone else's.
2. We shouldn't have worried about why a password is lost/forgotten so much as why the email address was forgotten. FA is the only site I know of that requires users to type email addresses for password recovery; not even banks do that.
3. We don't have access to user login passwords. (If any admin does, then that's a security lapse that I'll immediately quit over.) But like any site, admins do have the ability to generate replacement passwords.

 

[AshleyAshes]

I had posted to the staff about account security and it seems it was ignored :/ So people need to write policy on top of policy or make more policy...

It seems that what you need is a policy that dictates that all policies must be read. But since they arn't reading the policies now, they won't read any new ones.

Kicking some serious ass in the admin ranks would be more effective.

 

[Volkodav]

1. That's not what happened here. An "admin" asked for his password, not someone else's.
2. We shouldn't have worried about why a password is lost/forgotten so much as why the email address was forgotten. FA is the only site I know of that requires users to type email addresses for password recovery; not even banks do that.
3. We don't have access to user login passwords. (If any admin does, then that's a security lapse that I'll immediately quit over.) But like any site, admins do have the ability to generate replacement passwords.

1/2 Yes, I realize. But admins shouldn't ask for eachothers passwords anyways.
3. OOPS. I just re-read it and now I understand. My bad

 

[reian]

A mistake was made, they are trying to find a more permanent solution, so lets move on with our lives...I'm quite sure we could all spend a little less time on FA for a day and still be living.

 

[Kayla]

Is there going to be a mass reset of e-mail and passwords similar to the last time that FurAffinity had that huge security leak?

 

[Smelge]

Is there going to be a mass reset of e-mail and passwords similar to the last time that FurAffinity had that huge security leak?

Why?

The hack in this thread is about someone using available information and a less than security concious mod to get a new password for an inactive mods account. It wasn't a hack, it was someone being clever and a few people being stupid. The current DDOS isn't a security issue. it's just doing the mechanised version of putting a brick on the F5 key.

 

[Arshes Nei]

A mistake was made, they are trying to find a more permanent solution, so lets move on with our lives...I'm quite sure we could all spend a little less time on FA for a day and still be living.

No, I'd also prefer the same mistakes stop being made. A similar incident happened where someone posed as a moderator and that result got an innocent user banned for a bit.

 

[Dragoneer]

Is there going to be a mass reset of e-mail and passwords similar to the last time that FurAffinity had that huge security leak?

No. The admin functions require a separate login from the regular use account.

 

[reian]

No, I'd also prefer the same mistakes stop being made. A similar incident happened where someone posed as a moderator and that result got an innocent user banned for a bit.

I remember...And honestly, if we don't want the same mistakes made, why not actually do something about it? Besides sit here and tell people how to spend their spare time. This is ultimately a free site that no one really gets paid to operate, so who are we to tell them what to do? Do I agree with how they are handling it? No. Am I going to sit here and yell at them because I can't have my furry arts? No. It isn't any of our places unless we start paying for their services.

 

[Arshes Nei]

Ask the guy a post above you. I would have already.

 

[Plague Wolfen]

I remember...And honestly, if we don't want the same mistakes made, why not actually do something about it? Besides sit here and tell people how to spend their spare time. This is ultimately a free site that no one really gets paid to operate, so who are we to tell them what to do? Do I agree with how they are handling it? No. Am I going to sit here and yell at them because I can't have my furry arts? No. It isn't any of our places unless we start paying for their services.

I agree with the bulk of this. Though with the last part regarding pay, many would argue "the donations" stance. Not saying I personally believe in it. And quite frankly if that's going to be a main excuse as to why people believe they are entitled to bitch or that constant bitching will in any way fix things, they may want to alternatively consider the idea of not donating anymore until something actually improves. FA is like Duke Nukem Forever all over again.

 

[Pi]

No. The admin functions require a separate login from the regular use account.

What does this have to do with anything? You had a(t least one) massive security leak. You should expire all of your passwords and have your code audited.

Why do I bother repeating myself? You haven't listened to anyone who's said this in your entire tenure here.

 

[Eaglebird]

This is ultimately a free site that no one really gets paid to operate, so who are we to tell them what to do?

fyi we're the people that bring in the page hits so I think we're the ones to tell them what to do.

 

[Plague Wolfen]

fyi we're the people that bring in the page hits so I think we're the ones to tell them what to do.

In the end though doing so is futile. We can not physically take anything over, change coding, etc. I understand the malice of the members, believe for many reasons and on many levels they have the right to feel the way they do, I understand the frustration...at the end of the day though, we're a bunch of screen names bitching at a site owner who clearly doesn't give a damn anymore for whatever reasons of his own. No one who cared about their site, whether they are getting paid or not, would let things get to where they have.

There are a long list of reasons members have for believing they are entitled to tell staff and owner what to do, and I can't say I disagree with many of those reasons. After all the bitching is done though, where exactly did it get us? Quite frankly at this stage the only things I can see actually benefiting this site and...maybe...causing some changes are:

1) Withholding donations until there are significant improvements. If members are going to foot the bill for this site, then by all means they are entitled to have a functioning site they enjoy. If that can't be provided, then quite frankly the site is better off dying.

2) Simply leaving. Perhaps the loss of userbase might actually knock something into people's heads and things will get done. Let's face it, after years of complaints people are still here and still forking over money. For what? For a site that has had the same issues since day one? I mean why do we do that and seriously think they would be in any way motivated to fix anything?

I know no one wants to see this site go down. I know people don't like to inconvenience of moving all their stuff to another site or rebuilding a fan base elsewhere. No one likes that at this point they poured money into a site for absolutely nothing. It sucks and it's ridiculous but in the years this site has been around where has bitching gotten us? We bitch and bitch and then bitch about bitching. It's sad, but at this point we need to stop sticking around where nothing is getting done, drop our BS of how we're entitled to tell whomever what to do because no one is listening any way, and either accept this garbage as it is, or find another site.

 

[Pi]

Hey, a whole lot of combined bitching has gotten some extremely minor issues fixed recently! I think 3 weeks of repeating "you are exposing a whole lot of services that you shouldn't be" made them close one or two of them!

It's just really sad that it's gotten this way, and a lot of the users don't know that there's a problem. (the administration's attitude of sweeping issues under the rug doesn't help here (and then lying about certain sets of people who want to help)).

Now, give me a bottle of gin and the root password and I'm confident that I could have this place running a lot more smoothly, or at least less insecurely.

 

[Plague Wolfen]

Hey, a whole lot of combined bitching has gotten some extremely minor issues fixed recently! I think 3 weeks of repeating "you are exposing a whole lot of services that you shouldn't be" made them close one or two of them!

It's just really sad that it's gotten this way, and a lot of the users don't know that there's a problem. (the administration's attitude of sweeping issues under the rug doesn't help here (and then lying about certain sets of people who want to help)). Give me a bottle of gin and the root password and I'm confident that I could have this place running a lot more smoothly.

Hey something got fixed at least right? And I agree with you. It is entirely sad that it has gotten this way. That 3 weeks of complaints produces minor fixes while we still have years worth of site issues and user dissatisfaction that hasn't even been touched.

I dunno. At this point I guess I'm trying to take an unbiased stance and I see the bulk of complaints (not all mind you) as being entirely counterproductive and just adding fuel to the crazy fire.

Looking at the user's side: This is a site they enjoy, not to mention one that many rely on for income aka commissions. Many have even put money into it. They're pissed that their money is wasted. They're are pissed their time is wasted. They're pissed that they are lied to. They are pissed that staff shows a general attitude of don't give a crap. They're pissed that they are made to feel that their opinions on a site, that quite frankly without a userbase is nothing, are regarded as unimportant. I don't see one reason in there for users not to be pissed. I myself as a user am thoroughly irked at the stupidity. However the level and extremes of outrage on the part of some will not fix things in the long haul.

The owner/staff side: This is something that may have started out as a "OMG this will be cool!" mentality like most sites do. Unfortunately with a lot of sites complaints get disheartening and destroy motivation. It's not a damn excuse to let the site get this way, but it happens. They feel upset because they feel like they are putting in their time and getting nothing but whining. Even if the whining is the result of their own stupidity, that is still disheartening and annoying as well.

When this site started it was theirs and feel pissed that people would tell them what to do with it. What they don't get is the minute they started accepting money in any amount from others to support this site, they essentially gave up the right to do whatever the hell they feel like. If users support it financially, they are entitled to support it in other ways as well including feedback and complaints.

You have staff that feel helpless because in the end as much as they fight for the users, they have as little power as the rest of us. Taking the brunt of the blow from angry users, then from angry ignorant fellow staff or the owner, causes a don't give a crap attitude there. Again, not right on any level. If you can't handle the position and the potential BS that comes with it, GTFO. Acting like an ass to users or shirking responsibilities fixes nothing.

Coders and programmers making this site feel friggin' powerless over their own creation. Regardless of whether or not Eevee was right in his actions, it's frustrating that something you put your time and effort into is going to hell and your advice to fix it falls on deaf ears. I still think what he did was somewhat childish, but I understand the motivation behind it and want to make problems known and making what he believed to be a last ditch effort to fix things.

There are a lot of powerless people here on both sides that have many valid reasons to be pissed. In the end it all falls on an owner that doesn't care. Whether it's because he's disheartened that his site didn't turn out the way he wanted, can't take the heat of bitching users or is just too friggin' lazy and self-righeous to make changes. The exact reason is irrelevant. As long as he's taking the stance he is and isn't willing to change or pass the buck once and for all to someone who will do what's best for this site and community, the uproar of the community will do nothing. Most of the time all it's probably doing is pushing him further into a childish "whateva, whateva, I'll do what I want" mindset and that's exactly what we don't want. That's been going on for too long already.

 

[Bobskunk]

...

2) Simply leaving. Perhaps the loss of userbase might actually knock something into people's heads and things will get done. Let's face it, after years of complaints people are still here and still forking over money. For what? For a site that has had the same issues since day one? I mean why do we do that and seriously think they would be in any way motivated to fix anything?

...

I wanted to focus on this for a moment. Two things keep people on FA at this point: first, there's the self-perpetuating fact that "everyone is on FA." It's why everyone got on MySpace, and later, moved to/got on Facebook. The merits of the site are not in question or even relevant, it's simply a matter of existing population. FA has all the furries because it has all the furries. SoFurry doesn't have all the furries because it doesn't have all the furries, even though it's technically better. See also: Youtube vs. Vimeo. Given the status quo, that won't change. What will change that is better alternatives and competition, or worse events coming out of Furaffinity. Further attacks, disclosures of private information, legal trouble, hardware failure, hitting hard limits of the file system or even getting to a point where throwing more hardware at old code is no longer able to make up for the sheer load of the site's normal usage.

At this point, FA is not on top due to its own merits. It's coasting on inertia, movement that had built up from when it was the only site of its kind, and is only still moving because it hasn't hit a large enough obstacle to bring it to a halt.

If competently coded and non-hangupy alternatives (hi floof/artplz/potentially sofurry's overhaul) end up coming to pass and people finally have a different place to go that isn't fucking ugly or doesn't offer similar features to FA or doesn't have a serious stigma, then you'll see another round of emigration. All FA would have in its favor is the absolutely massive audience it provides. The question at that point is whether another site can hit critical mass, where its userbase attracts more and more users the larger and larger it gets. At that point, FA will have lost the last thing it has going for it: the sheer number of people using it.

At that point, the only thing FA can do to survive is to break out of the comfortable status quo it has coasted on for all these years, but by then it may be too little, too late. It would no longer be the only site. It would no longer have all the people. Monopolies rely on the status quo to survive, and use their power/size to control and lock out markets. In some cases, it may end up the sole tool at their disposal. Once that control breaks and others enter the market offer better, faster, cheaper, friendlier goods and services... Well, you know what happens.

And about "dropping our entitlement BS," I have only one thing to ask. Why does FA exist? There has to be some goal to it all, otherwise thousands and thousands of dollars from Dragoneer's own pocket wouldn't be keeping it running. It's not for business since it's perpetually in the red, it's not a democracy, it's not a charity... so what is its purpose? Who is it for?

EDIT: hey, "unbiased" kid, the sooner you realize that all sides are not equally valid the sooner you'll stop giving credence to bullshit and start making concrete points

 

[Plague Wolfen]

I wanted to focus on this for a moment. Two things keep people on FA at this point: first, there's the self-perpetuating fact that "everyone is on FA."

I understand this and that's exactly why I stated this..."I know people don't like to inconvenience of moving all their stuff to another site or rebuilding a fan base elsewhere."...in the same post. Unfortunately it's got to start somewhere. There will never be other sites with a healthy user population if others are too afraid to try. That's part of the power they sadly have over the userbase right now.

If competently coded and non-hangupy alternatives (hi floof/artplz/potentially sofurry's overhaul) end up coming to pass and people finally have a different place to go that isn't fucking ugly or doesn't offer similar features to FA or doesn't have a serious stigma, then you'll see another round of emigration.

Yet people complain so heatedly about the horrendous look of FA. Sites like InkBunny may not be completely ideal as far as look and setup, but frankly neither is FA. So at this point it's sheer resistance, and legitimately so, to start over elsewhere.

And about "dropping our entitlement BS," I have only one thing to ask. Why does FA exist? There has to be some goal to it all, otherwise thousands and thousands of dollars from Dragoneer's own pocket wouldn't be keeping it running. It's not for business since it's perpetually in the red, it's not a democracy, it's not a charity... so what is its purpose? Who is it for?

You seemed to have interpreted this statement in a negative manner. I did not mean that as if the userbase does not have the right to their entitlement. I refer to it as BS in the sense that in the years that this site has existed, it's gotten us nowhere. In that sense it's BS. We're beating our heads against a brick wall that isn't going to give.

If FA got it's userbase by sheer "we're the first" then that's even more reason leaving might cause real change. Yeah, it might mean putting up with a site we don't like for a little while. Or it may also mean FA dies and something worth our time finally appears. Either way staying is fixing nothing. Complaints of needed change are ignored. At this stage we're all doing the whole "I don't wanna go to X site because of the lack of userbase" but as we all start making the move, that won't be an issue now will it? It has to start somewhere.