FurPaws: Your standard, substandard, site.

[Pi]

FurPaws (currently offline, announcement by its progenitor) is an FA competitor designed and implemented by Alkora, better known as Jheryn Lightfoot. Yes, this is the guy who originally wrote the first FA, and by consequence, most of its security holes. You'd hope he learned something from this, but you'd be wrong.

A couple of things to note before the money shot:

pi@bast-imret:~ 2026 π furpaws=`dnsip www.furpaws.net`; echo $furpaws `dnsname $furpaws`
66.41.28.232  c-66-41-28-232.hsd1.mn.comcast.net

Yes, he's hosting it off of his home cable line again.

While the site was up, it was fairly irritating to actually use; by no means am I a great web designer myself, but usability was just not really there. It looked flashy and web-2.0'y on the surface, but all of the controls kind of blended into one, and navigating between, say, the control panel and your user page was not a pleasant task.

BBcode quote tags just plain didn't work. I didn't get a chance to test comment nesting, but seeing as Alkora's original attempt to write a comment-threader came out like this horrifying abomination i can't imagine that his new thing would work out well.

Now for the moment you've all been waiting for:

While my flailing on angle-brackets and quote-marks didn't reveal any obvious XSS holes, I have it on good authority that they were vulnerable to the same exploit that broke the original FA the first time (uploading files with specially-crafted names can allow you to execute arbitrary commands on the server (no shit.)). This is apparently why they're offline now. For anyone who understands this exploit, it's an easy fix. Hopefully they're offline for a more extensive audit, but more than likely they're just flailing around like the kind of people who'd host a site on a home cable connection.

[Jim Demintia]

Never met the guy; I don't know him. But I was aware of his history as the creator of FA, so I was, to say the least, amused when he came out with this. It was originally called ArtPawz, but I believe he ran into some trademark problems. So much for doing research before actually doing stuff.

I honestly don't know where he lies on the spectrum of being aware of his own massive incompetence. I've yet to see a glimmer of that in him, you'd think by now if the Dunning-Kruger effect didn't apply he'd have realized he can't even code in PHP, which is sort of like a Fisher-Price toy for web jockeys. That he's coding the same holes over a half-a-decade later doesn't really speak to a capacity to learn and improve.

What I don't understand is why he's doing this now. The dude is a graphic designer, at least that's what he was vaguely studying in school. Putting together my rough idea of his age with the timeline of FA, he was in his late teens when he started FA. Which you know, okay, that's certainly something we can forgive and forget out of an 18-year-old--it's really Sean Piche's fault that that thing has lived longer than it should have. But I would have thought for the absolute lack of improvement over the last six years he probably would have lost interest in programming, or at least had someone else code his Next Brilliant Idea.

I'd have to cynically venture a guess that he wants to get something going that will provide him with ad revenue so he doesn't have to work/work as hard at a "real" job.

It is kind of comical though that he invests in a domain name but not hosting. Jeez, dude, it's one thing to prototype something on your home cable line before sinking any money into it- but buy a domain to direct at your home DSL line? Wonder what Kabletown Comcast has to say about that in their TOS.