Open the codebase

[ediskrad]

Two words to end all of FA troubles

Open Source.

It's evident that only a handful of programmers can't get it right so far. Open the code, put it in sourceforge and let the community collaborate. Even if it's just a bug here or there, a dozen programmers working a bit at the time is going to perform a lot better than just two or three working full time (and accomplishing little)

I say this 'cos I can't work full time on the code, but I can smash little bugs if I find them, report them and offer a patch. And I bet there's others like me too.

 

[SFox]

Wouldn't open sourcing the site kind of make it by far easier for hackers to attack it?

If hackers had access to the source they could see its weaknesses and have an easier time attacking the site.

 

[Ravenesque]

Not that I really know exactly what goes on behind closed doors, but it appears to me that it has nothing to do with there only being a few people working full-time, but that no one is working full-time. The programmers FA does have aren't getting paid. This means they have to make money some other way, so FA is just a part-time gig, if that. I doubt they're going to put much effort into something that isn't putting food on the table. And, if it is the only programming job they have, then I'd begin to wonder why that is.

Personally, I think the solution to software issues is to find a way to pay the current programmers and/or hire professionals from outside the fandom. Part of the problem I see with anything fandom related is that furries seem to prefer insularity over functionality, as well as a dislike for anyone who actually makes decent money from within the community (hence the hatred of pay sites).

Just my two cents. Not that I'd really know what's best, seeing as I'm only on the outside looking in.

 

[ZigZag13]

Wouldn't open sourcing the site kind of make it by far easier for hackers to attack it?

If hackers had access to the source they could see its weaknesses and have an easier time attacking the site.

True, but everyone else has access to it as well, then the weaknesses can be found and stomped out just as quickly.

 

[ediskrad]

Wouldn't open sourcing the site kind of make it by far easier for hackers to attack it?

If hackers had access to the source they could see its weaknesses and have an easier time attacking the site.

That's a common misconception. But as ZigZag pointed out, if everybody sees the bugs, hackers and programmers alike are looking at it. Plugging security holes happens a lot faster.

Firefox is a good example. As soon as a security bug comes out, a patch comes quickly after. Heck, even this forum is open sourced and works just fine :3

 

[ediskrad]

Not that I really know exactly what goes on behind closed doors, but it appears to me that it has nothing to do with there only being a few people working full-time, but that no one is working full-time. The programmers FA does have aren't getting paid. This means they have to make money some other way, so FA is just a part-time gig, if that. I doubt they're going to put much effort into something that isn't putting food on the table. And, if it is the only programming job they have, then I'd begin to wonder why that is.

Then there's even more reason to open the code. Instead of having 3 people working in their spare time, have the whole community of furry programmers working in their spare time

 

[Stratelier]

There's already been a discussion thread for this, but the fact is that an open-source model of FA would cause a HUGE number more risks and problems than it actually accomplishes.

Sure, you open the door for a lot of skilled coders to help out (I might count myself among that group), but you also open the door to a good number of hackers, abusers, and unforeseen ways of abuse. After all, the more people who know what the codebase looks like on the inside, the more ways they can hack around it. What happens if some joker commits a patch that causes the site to overlay user avatars (or submission thumbnails) with goatse? What happens if some user decides to expand the site's database with a "drop table pictures" ? You can't exactly SVN the site's operational database against being hacked, and the added responsibility for admins to do damage control on the site's codebase is most assuredly stamped with a DONOTWANT.

Open source is a good thing for software applications (e.g: Firefox), and with limited access rights can be good for some websites indeed (e.g: Wikipedia). But it is not something you can arbitrarily propose for any random website on the 'Net.

 

[icehawk]

What happens if some joker commits a patch that causes the site to overlay user avatars (or submission thumbnails) with goatse? What happens if some user decides to expand the site's database with a "drop table pictures" ? You can't exactly SVN the site's operational database against being hacked, and the added responsibility for admins to do damage control on the site's codebase is most assuredly stamped with a DONOTWANT.

Just because a codebase is open, doesn't mean that every tom, dick and harry is going to have commit access.

 

[cesarin]

Just because a codebase is open, doesn't mean that every tom, dick and harry is going to have commit access.

considering how many trolls (and other general ppl on the internet ) hate furries, this is more probable than what you think

 

[Rhainor]

Two words to end all of FA troubles

Open Source.

It's evident that only a handful of programmers can't get it right so far. Open the code, put it in sourceforge and let the community collaborate. Even if it's just a bug here or there, a dozen programmers working a bit at the time is going to perform a lot better than just two or three working full time (and accomplishing little)

I say this 'cos I can't work full time on the code, but I can smash little bugs if I find them, report them and offer a patch. And I bet there's others like me too.

The current codebase cannot be open-sourced. There are people, including the original creator of the site, who still own some of the code but are no longer on the staff; plus, there are *far* too many holes in the current code to make open-sourcing it a safe thing to do.

However, I believe the coders working on Ferrox have expressed a desire to make that open-source, since it's all-new code.

 

[ediskrad]

What happens if some joker commits a patch that causes the site to overlay user avatars (or submission thumbnails) with goatse? What happens if some user decides to expand the site's database with a "drop table pictures" ?

considering how many trolls (and other general ppl on the internet ) hate furries, this is more probable than what you think

If the project administrator is such an idiot to pick up the code from sourceforge and put it in production directly without any sort of checks, then we're all screwed.

Every new piece of code has to be peer-reviewed before it becomes part of the mainstream, thus eliminating bad code. The database will be a mock, test database, not a real one. Only the php code would be available.

So if any angst filled programmer sends a bug on purpose, with good practice, it does no harm at all. All it takes is following procedure, people. It works for Linux, it should work for a project this size.

The current codebase cannot be open-sourced. There are people, including the original creator of the site, who still own some of the code but are no longer on the staff; plus, there are *far* too many holes in the current code to make open-sourcing it a safe thing to do.

You mean they don't want to. And we all know there are too many holes. That's the whole point of asking to open the source. LET US FIX THEM!.

The website was down for a month. It could have been done during that period. Heck, it can even be brought down again during the first phase of fixing, should it be necessary.

If you weight the benefits in the long run, it's totally worth it.

Open source is a good thing for software applications (e.g: Firefox), and with limited access rights can be good for some websites indeed (e.g: Wikipedia). But it is not something you can arbitrarily propose for any random website on the 'Net.

Wrong. This forum is open source. Webapp. All the way. And there are hundreds of web applications that are open source. Smarty, OpenCommerce, almost any wiki software. I think you're confusing programming with having admin access to the website.

 

[Rhainor]

You mean they don't want to. And we all know there are too many holes. That's the whole point of asking to open the source. LET US FIX THEM!.

No, I mean CANNOT. The current staff does not have complete ownership of the code, and thus does not have the legal right to make it available to the public.

Wrong. This forum is open source. Webapp. All the way. And there are hundreds of web applications that are open source. Smarty, OpenCommerce, almost any wiki software. I think you're confusing programming with having admin access to the website.

The forum is using vBulletin, which is commercial software and is not open-source. The only open-source forum software that I know of is phpBB.

 

[ediskrad]

No, I mean CANNOT. The current staff does not have complete ownership of the code, and thus does not have the legal right to make it available to the public.

Nah, they don't want to. The current stuff does have complete ownership of the code. If you talk about Arcturus, I know he'd let it be open. He might be bitchy sometimes, but he's a reasonable person.

But you're already telling me they "can't" without even talking it with a real owner.

The forum is using vBulletin, which is commercial software and is not open-source. The only open-source forum software that I know of is phpBB.

Sorry, my mistake. I didn't check. Still, doesn't disprove my point that there are lots of web applications that are open and safe

 

[Rhainor]

Nah, they don't want to. The current stuff does have complete ownership of the code. If you talk about Arcturus, I know he'd let it be open. He might be bitchy sometimes, but he's a reasonable person.

Arcturus? He's not the problem. Most of the current code was written by the site founder, Alkora, who still owns the rights to the code he wrote, to my knowledge.

But you're already telling me they "can't" without even talking it with a real owner.

I'm in the staff IRC channel, where the possibility of open-sourcing the code has been discussed by pretty much all the admins & coders, including the site's owner, Dragoneer/Preyfar. When I say it cannot be done, I'm simply restating something that has been said by the admins/coders.

Aha, found what I was looking for:
http://forums.furaffinity.net/showpost.php?p=537547&postcount=5

There are several reasons the current site code is not open sourced and never will be, including but not limited to:

1. The person who wrote it was a moron.
2. Even now, it still has more security issues than you can shake a stick at. (See number 1)
3. There are some licensing issues. (See number 1)

Ferrox, on the other hand, will eventually be open source. Because if it's not, Eevee will hunt down and murder the entire administration in horrible ways. (Note: Hyperbole.) All code is contributed under a MIT or BSD license. (We also take GPL in a few places, but there has to be a damn good reason for it.)

 

[AndyFox]

If the project administrator is such an idiot to pick up the code from sourceforge and put it in production directly without any sort of checks, then we're all screwed.

Every new piece of code has to be peer-reviewed before it becomes part of the mainstream, thus eliminating bad code. The database will be a mock, test database, not a real one. Only the php code would be available.

And who is going to PM this? The admins? The current coders? Have you ever tried to PM a dozen random coders all working on different parts of a system? Updates need to be coordinated, scheduled, timed, QC'd. And on top of that you have coders who drift in and out and might suddenly disappear for a week on vacation or have their computer crash and you're stuck because they have the code checked out and half-modified. Open sourcing to any random Joe is plain insane and would be chaotic hell to try and manage.

Oh, and yes I have been working in the IT industry for over ten years, so I know a little about development practices.

 

[jayhusky]

Basically as Rhainor Said the current FA version is so full of holes it would be a complete waste of time... as well as the known Fact of Alkora starting the site, then a small tiff and finally Dragoneer/PreyFar taking ownership.

Ferrox on the other hand is going to be better, owned by current FA staff and more secure therefore allowing open source

 

[Armaetus]

So if the original code is Alkora's, does that make Project Ferrox Drago and co's theirs?

 

[Rhainor]

So if the original code is Alkora's, does that make Project Ferrox Drago and co's theirs?

Huh?

(read: Mind restating that, preferably a bit more clearly?)

 

[Eevee]

Two words to end all of FA troubles

Open Source.

I'm honestly not sure how good or bad an idea this is any more.

On the one hand, yes, sure, people could contribute.

On the other hand..
Well, for one, there is ultimately just one person who really works on FA's code, and if it were opened then he would also have to become patch gatekeeper. I don't know if this would make his life easier or harder. I see a lot of knee-jerk proposed solutions that float around these forums, and if people try to implement those instead of fix real bugs, we would have a problem. The design (and future plans) are currently entirely in yak's head, too, and it's a lot of work to get something like that in a form anyone else can read.
And while security through obscurity is not security at all etc etc, I'm not sure there are more white-hat man-hours than black-hat. Or gray-cat.

Not that I really know exactly what goes on behind closed doors, but it appears to me that it has nothing to do with there only being a few people working full-time, but that no one is working full-time. ... Personally, I think the solution to software issues is to find a way to pay the current programmers and/or hire professionals from outside the fandom.

Decent programmers make decent money, which FA does not have. You would also have to find someone willing to work on old crappy code that powers a furry porn site.

What happens if some joker commits a patch that causes the site to overlay user avatars (or submission thumbnails) with goatse? What happens if some user decides to expand the site's database with a "drop table pictures" ?

This is why projects tend not to give the entire world direct commit access.

Updates need to be coordinated, scheduled, timed, QC'd.

With freelancers on a FOSS project? Not really. Make them responsible for their own patches.

And on top of that you have coders who drift in and out and might suddenly disappear for a week on vacation or have their computer crash and you're stuck because they have the code checked out and half-modified.

Um. What? Why do I care if someone else has eir checkout half-modified? It could bitrot, sure, but let that guy fix it when he gets back.

So if the original code is Alkora's, does that make Project Ferrox Drago and co's theirs?

Assuming I know anything about copyright law, the Ferrox code is legally owned by myself, net-cat, IndiCoyote, and possibly Crypto.

 

[jayhusky]

my understanding of copyright is that if you create it you own it...

Therefore any code in Ferrox written by eevee is copyright eevee and so on so-forth.

However the copyright doesn't extend itself to Dragoneer or any other member as they did not create it.

a example is if I wrote a section of code for ferrox i would obtain copyright to that code and should I leave the site I forfeit my rights to it.

please do not take my word as the ultimate fountain of knowledge

 

[Eevee]

my understanding of copyright is that if you create it you own it...

Right. The only question is whether Crypto has any claim to copyright, as the vast majority of what he contributed was auto-generated framework code and much of the rest has been replaced.

a example is if I wrote a section of code for ferrox i would obtain copyright to that code and should I leave the site I forfeit my rights to it.

What? You wouldn't forfeit your rights to it by leaving.

 

[jayhusky]

if its auto--generated then no he doesn't have a claim to copyright..

as for forfeit rights i apologize, its late and I was thinking of something else

I will double check in the morning here in the uk with champcheetah, he helps me with a lot of my work, about cryptos rights...

but as i understand it no he doesn't

 

[Dragoneer]

The only question is whether Crypto has any claim to copyright...

Did Crypto ever actually DO anything in the end? Was there anything worth using?

 

[Ravenesque]

Then there's even more reason to open the code. Instead of having 3 people working in their spare time, have the whole community of furry programmers working in their spare time

I don't think I made it very clear, but I was trying to say that paying for professional help is better than opening the source code. Opening it up, to me, is even more unprofessional, as well as a really freaking bad idea.

Again, not that I really know anything. This is just what it looks like from my perspective.

Decent programmers make decent money, which FA does not have. You would also have to find someone willing to work on old crappy code that powers a furry porn site.

The question is, "Why does FA not have the money?" The answer is that FA refuses to make it. I already explained the issue here, namely that too many people in the fandom have a problem with paying and/or making decent money from within the fandom. If FA had a mandatory minimum donation of $1 a month, it would make a huge difference (based upon the numbers previously quoted by FA staff). Accepting donations through credit cards would also be a step further in making sure minors get their parents permission before using FA.

Also, who wouldn't work on any site for some cold, hard cash? People do all sorts of stupid things for money. In fact, a lot of the "real life" porn sites have professional help in their implementation. (Also keep in mind that getting Ferrox up ASAP is more important than fixing the old code. And, no, I'm not trying to lecture you on that, I'm just pointing out a very obvious fact of which you already know.)

I think you're lacking a lot of confidence in the site that you are currently working on. If the staff here can't take FA seriously, then how is it supposed to excel past the point it's currently at?

 

[ediskrad]

I've seen enough negativity and defeatist attitude in this thread to last a lifetime.

You won't get shit accomplished with that attitude. You've given up even before trying.

I did what I could.

/thread.