• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Topic Drift from TT - Exploits and Coding

Pi

Member
Thanks for the explanation Eevee, I appreciate it.

Of course I wonder how long this takes for the staff in charge of coding to get this issue fixed.

I'm telling you, a weekend with a bottle of gin and the code, and I could fix at least the lowest-hanging fruit. These are not difficult problems to solve.

Or y'all could just let yak do it, but every time he codes something new, it comes with some pretty stellar holes (that could have been avoided if he let anyone else look at the code...).
 

Armaetus

Nazis, Communists and Antifa don't belong on FA
Or y'all could just let yak do it, but every time he codes something new, it comes with some pretty stellar holes (that could have been avoided if he let anyone else look at the code...).

If this keeps on happening, why is he still on the coding team? What he really needs is at least two coders by his side to review and fix any potential holes brought up with his code. And I am not buying the "malicious intent/xenophobe" excuses from him or Dragoneer. It is not excusable for them to leave holes wide open for years and waiting for someone to exploit them before actually fixing them.
 

Ricky

Well-Known Member
For what it's worth, I had offered to help a few times before but got no response.

I suck at art so I feel it's the one way I could contribute to the community so if my help is wanted I'd be glad to discuss, though I won't have a lot of time coming up soon for a while because of a recent promotion, among other projects I've taken up.
 

Armaetus

Nazis, Communists and Antifa don't belong on FA
Open source would likely be the best choice because anyone can find faults and show it to 'Neer and co, as posted in my first post on top.
 

Ricky

Well-Known Member
Open source would likely be the best choice because anyone can find faults and show it to 'Neer and co, as posted in my first post on top.

I agree... I mean, it's not like someone is just going to host the app elsewhere and everyone leave FA (I wouldn't think).

At least any more gaping security holes would get pointed out quickly.
 

Freehaven

Dammit.
If this keeps on happening, why is he still on the coding team?

Because Dragoneer is too paranoid to let anyone who doesn't outright kiss his ass 24/7 have access to the FA codebase. Only close friends of the Dear Leader get to peek behind the curtain.
 
L

LizardKing

Guest
Because Dragoneer is too paranoid to let anyone who doesn't outright kiss his ass 24/7 have access to the FA codebase. Only close friends of the Dear Leader get to peek behind the curtain.

You should've called it the iron curtain for a combo bonus.
 

Ricky

Well-Known Member
Because Dragoneer is too paranoid to let anyone who doesn't outright kiss his ass 24/7 have access to the FA codebase. Only close friends of the Dear Leader get to peek behind the curtain.

You see, that's just dumb. There are ways to let people check in code and review the diffs.

We use contractors here all the time.
 

Arshes Nei

Masticates in Public
For what it's worth, I had offered to help a few times before but got no response.

I suck at art so I feel it's the one way I could contribute to the community so if my help is wanted I'd be glad to discuss, though I won't have a lot of time coming up soon for a while because of a recent promotion, among other projects I've taken up.

I have to say that it is very troubling that I keep hearing the same from multiple people. That no one gets back to.

It is starting remind me about co workers where they feel job security is through obscurity.
 

Bobskunk

Banned
Banned
I agree... I mean, it's not like someone is just going to host the app elsewhere and everyone leave FA (I wouldn't think).

At least any more gaping security holes would get pointed out quickly.

Yeah, pretty much. It leaves two options:

  1. Dude throws up FA clone as is from public, makes no fixes or changes.
  2. Dude throws up FA clone as is from public repo, makes extensive changes and improvements to FA code.

The first case, the only thing it MIGHT have going for it is different staff, but ANY site would necessarily have different staff. The technical problems that plague FA would still be intact and it would necessarily lack the biggest draw FA has- existing userbase. Nobody would move from their established spot on FA for a cheap clone, there's too much effort involved. The threat to FA hegemony diminishes even more if two, three, four other people just make direct clones of FA's code. It's just more segmentation without added value.

The second case, if FA's code was licensed right, all changes/improvements that third party make would also have to be made public as derivative works, which would allow FA itself to vet and implement them. Net result: FA benefits from whoever runs and alters their FA-software based gallery through added features and security fixes. The site itself becomes a community project like Linux, or more specifically Ubuntu (about two years ago.) While an altered/fixed FA-based FA alternative would then be better poised to compete with FA on its own merits, FA would get those same improvements, and then it becomes a matter of getting a large enough userbase (unlikely) and avoiding staffing issues. I still don't see an FA-derivative overtaking FA should the codebase be made open source, but I can see a lot of benefit.

Put in different terms, if some giant assfuck proprietary forum like GaiaOnline released their code for this purpose and anyone could then run their own version of GaiaOnline... Then you'd have a bunch of people running the software for their five friends. The original site would not face much of a threat from upstarts/clones. But any nerds writing patches and fixes with access to the original code would benefit the main site. I'd have said vBulletin and SA but vBulletin isn't SA's proprietary code.

In FA's case, they have so many security issues that just opening up their software would make plain and obvious dozens of attacks. Eevee's list was based on poking a black box- the actual code going public would be like throwing the doors wide open. That's why they'd need to audit and fix the broken shit first, but that's apparently going nowhere. Open or closed source, it's simply something they have to do, or else they'll just keep getting attacked. I can sympathize with someone getting their car stolen because they left it unlocked. I can't sympathize with someone getting their car stolen multiple times because it is always left unlocked, and saying "dude lock your fucking car" makes them/their friends throw a tantrum about how nobody has the right to tell them what to do. And then their car gets stolen again.

Besides, I'm pretty sure Ekigyuu's Art Piles is/was supposed to be publicly released code, yet there's nothing floating around using that code but the site itself, which never even gets a mention when discussing FA alternatives. Which is all the better, considering how FAP went down.
 
Top