FA's new support site

[Freehaven]

http://kb.furaffinity.net/

It uses this software, which is sold for $1,000.

Part of the site's code:

Code: [Select]

</table>    <table align="center" width="100%">
        <tr>
            <td valign="top" height="100%" width="20%">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>

Code: [Select]

  <tr height="5" bgcolor="#387ED4">
                      <td></td>
                    </tr>
                    <tr height="5" bgcolor="#5899E9">
                      <td></td>
                    </tr>
                    <tr height="5" bgcolor="#8CBEF9">
                      <td></td>
They overpaid by $1,000. I've seen Geocities sites with better coding than this. WTF was Dragoneer thinking.

[loki]

You'd be surprised just how much money some things cost. The licensing costs for enterprise software licenses are nuts. Regardless, that site looks like something any competent with basic HTML could put together in a day or two....

My delicious, completely unfounded idea is that this is being funneled to someone associated to Dragoneer and he is receiving a kickback through the use of site donations. That's complete speculation mind you but I don't know if I could put defrauding idiots who donate to FA past Dragoneer.

[Freehaven]

That's complete speculation mind you but I don't know if I could put defrauding idiots who donate to FA past Dragoneer.

If FA donations bought that, every donator should ask for their money back. For fuck's sake, the software that runs my imageboard still uses tables for layout purposes, and it's still better coded than that pile of crap.

[loki]

Looks like this company is based in places Lahore, Pakistan and Doha, Qatar. The UK office site seems fake too. Pretty sketchy.

I do wonder if FA's mostly gay userbase will care about possibly sending money to countries such as Qatar and Pakistan where homosexuality is still a crime and can be punished with prison, caning, or even death?

[Jim Demintia]

I would really like to know if they paid $1,000 for that. Because that would be really fucking funny.

[Pi]

I would really like to know if they paid $1,000 for that. Because that would be really fucking funny.

I'm actually truly horrified.
Look at some of the JS, like in the admin panel's login page:

Code: [Select]

<script language="javascript">
function getheight()
{
if (screen.width = 1024)
{
return
}
else
{

}
}
</script>

There should just not be that much wrong in those few lines. It's amazing. The bug-per-code-line ratio is over unity. I'm sure this violates the laws of conservation of bad code.

It kicks out links like:

Code: [Select]

http://kb.furaffinity.net/index.php?main=contact&sub=index&view=%3C?=$_REQUEST[%27view%27]?%3E
And guess what, it's even vulnerable to XSS (what a FUCKING surprise, huh?)
http://kb.furaffinity.net/managing-your-account_%3C/title%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E.html

I'm ... I'm at a fucking loss, here. I could beat my dick against my keyboard and wipe my ass with my mouse and produce something better than this.

[loki]

Hahaha, they paid $1,000 to a company based in Pakistan.... and got a piece of software just as vulnerable as FA is/was. I didn't think of trying XSS but I'd bet you that it has SQL injection vunerabilities considering they're hiring "web developers" in places like the UAE, Qatar, etc.

Edit: Most likely they paid $59 for this piece of shit: Order Site

Here's the admin page: http://kb.furaffinity.net/admin/index.php
And here's the demo admin page: http://www.kblance.com/demo/admin/index.php

Oh my, hope that doesn't have SQL injection vulnerabilities. Worse yet, you could probably just write a XSS exploit to grab the session ID cookie from an admin; I checked out the demo version site and it looks like a MD5 hash.... probably the same session hijacking FA was weak against as well. :I

[Freehaven]

Looks like someone realized their horrible, horrible mistake; the link to the support site now redirects to FA's neglected wiki.

[Pi]

Mod note:

I don't know why this got locked, so I unlocked it. Maybe I accidentally fatfingered it while on my phone. Sorry. Carry the fuck on.

[Conan]

http://help.furaffinity.net/

It's baaaaaack, and now it costs $50/month.

And what happened when users called them out on the cost and why they don't just use MediaWiki? Dragoneer deleted the thread.

Web version.
Image version.

They also deleted the first thread from yesterday, found here.

[Eaglebird]

It doesn't surprise me that they closed the thread on FAF, either. You know, instead of letting it turn into "hey this isn't so bad" (lol) they just made more fools of themselves by silencing critics once again. It's pretty disappointing but also pretty hilarious.

[Jim Demintia]

Code: [Select]

<script language="javascript">
function getheight()
{
if (screen.width = 1024)
{
return
}
else
{

}
}
</script>


You know, it's actually a kind of interesting exercise to see what that would actually *do*. My guess is if it doesn't throw an error, then nothing, but I suppose it depends on how Javascript decides the truth value of the predicate for an if statement.

But it would be interesting to perhaps study the way JS would digest such a thing...sort of like how Linux uses while(0) for some stuff (I forget why they do that, there's a reason).

[Spip]

It's baaaaaack, and now it costs $50/month.

And what happened when users called them out on the cost and why they don't just use MediaWiki? Dragoneer deleted the thread.

I can understand not wanting to use wiki software, since the format is so, um, ad-hoc; but it's not like the only good issue-tracking systems out there cost a jillion dollars an install. Why not use Bugzilla, or Trac, or any of a number of other issue trackers that don't cost penny one? Is it the OPEN SORES LOL factor, or falling for "who can you sue" logic, or what?

Seriously guys, why not? D=

[nrr]

You know, it's actually a kind of interesting exercise to see what that would actually *do*.

Assignment in JS is always true except in cases where assignment is impossible or invalid.

sort of like how Linux uses while(0) for some stuff (I forget why they do that, there's a reason).

Most likely performance-related.  I'd look at how gcc emits IR for 'for (;;)' versus 'while (0)' and go from there.  Take good note of how things are aligned when you do this.

[Conan]

It's baaaaaack, and now it costs $50/month.

And what happened when users called them out on the cost and why they don't just use MediaWiki? Dragoneer deleted the thread.

I can understand not wanting to use wiki software, since the format is so, um, ad-hoc; but it's not like the only good issue-tracking systems out there cost a jillion dollars an install. Why not use Bugzilla, or Trac, or any of a number of other issue trackers that don't cost penny one? Is it the OPEN SORES LOL factor, or falling for "who can you sue" logic, or what?

Seriously guys, why not? D=

I had linked them to Request Tracker FAQ Manager, which relies on the Request Tracker ticketing system to run. This would fix both the trouble ticket system AND would give them an integrated knowledge base. Also, RT supports canned responses, so they could do even less work. But see, RT involves using the scary command line to install, so they probably would never use it.

Oh well, this paid solution will just speed up the eventual bankruptcy of Sean Piche and the ultimate closure or sale of the site.

[Jim Demintia]

Request Tracker is open source. Huh. I've seen it used in places generally populated by people smarter than Sean Piche (they have a minimum IQ of 60). I don't know about you, but when people who know what the fuck they're doing do something, it's generally worth at least a little consideration.

[Fawksie]

History of the Site, the Universe and Everything

I haven't seen the following machines mentioned anywhere other than this page on the knowledgebase, and I can't quite work out whether they're serious or if they're just trolling the people who joke about them using RAM to solve all problems.

Shivan -
Server named by FA donator TlaiLaxu.
Twin dual-core 2.4Ghz Opteron 2216 system with 48GB of RAM. This server is currently unused.
Sparkz - Data graphing/network monitor server.
Server named by FA donator Dax.
Twin dual-core 2.4Ghz Opteron 2216 system with 48GB of RAM.
Tonberry - Not yet in operation.
Server named by FA donator YiffyHusky.
Twin dual-core 2.4Ghz Opteron 2216 system with 48GB of RAM.
Lapse - Not yet in operation.
Twin dual-core 2.4Ghz Opteron 2216 system with 48GB of RAM.

[Pi]

History of the Site, the Universe and Everything

I haven't seen the following machines mentioned anywhere other than this page on the knowledgebase, and I can't quite work out whether they're serious or if they're just trolling the people who joke about them using RAM to solve all problems.

Twin dual-core 2.4Ghz Opteron 2216 system with 48GB of RAM, times fucking four, all but one marked as inoperative

Nope, they're serious. People throw hardware at them, and they don't know what to do with it, so they just e-penis it around instead of selling it. Because if they sold it, it would be rude to the donators.

Sparkz is either 70.33.186.222 or 70.33.186.194 depending on whether you believe their stated purpose or my interpretation of nmap results after a fat bowl of weed.

[loki]

Boy with all those extra servers around they could maybe spread them out and create an actual CDN instead of making it look like they have a real CDN.

But that will never happen since it's a "security risk".

[Eevee]

Or run their app on a machine that isn't the data server.  Or have a non-primary database server.  Or do backups of the art.

192GB of RAM, doing nothing.