Monday was FurAffinity's seventh birthday,
and like previous years, Dragoneer pulled out all the stops while celebrating!
Nope, not this year. This year, FA's birthday came and went with not even a tweet mentioning it. Perhaps Dragonner was busy, and just didn't have the time. Maybe he forgot. Or maybe, it was avoided because of
what was said last year and what has actually been done.
Ah, yes, January 2011. Not even a month after the exciting events of 12/19. Fresh memories of note leaks, hackers, and incompetent sysadmins watching the hackers scrape notes while doing little to stop them before it was too late. Something had to be done to restore faith in FA, so Dragoneer buckled down. It was time to fix things.
The birthday announcement was made. A date was set (May 21st! During FA:U!) for the new UI to be ready for beta. A professional developer would be
paid to implement the new UI. And the hosting service would be up and running within 30 days. New coders were promised. "we've come off with a fresh new perspective since December, and we're not wasting that momentum." it said.
The momentum quickly died. May 21st came and went, with only a "preview" of the new UI taking place. The hosting service was never spoken of again. A discussion thread for the new UI was
started, and then left for dead. Not a single change to the technical staff was made throughout the course of the year.
What did happen is quite the lengthy story.
Remaining portion of January:-Code Leak: While Dragoneer was talking about how he wanted to improve FA, someone discovers that a directory containing FA's code is wide open for anyone to access. Several parts of the code are obtained, and we get to see things like
return addslashes(stripslashes(stripslashes($value)));-"Miserable Users": A user discovers the forum accounts of Rossyfox and Accountability have been placed in a "
Miserable Users" group. It turns out Carenath had set up the plugin without telling anyone, and had done a poor job of doing so. When called out, he responds on twitter with "Also, I am not quitting, FUCK YOU."
-Statistics leaked: Someone forgot to close the door on FA's Cacti server, allowing a
bunch of non-sensitive data to spill out. Take note: their file server is dangerously full, with only 150GB of free space remaining.
February:February started out with a bang.
-Inactive staff: Arshes Nei had apparently been asking for a "Trouble Ticket Policy" to require administrators to answer tickets instead of just taking up space on the a staff page, and threatened to go public with these complaints if it was not implemented. It wasn't,
she went public, and we witnessed some great drama unfold. Information came out that Dragoneer had threatened staff for trying to get him to remove inactive admins.
Eventually most of the inactive admins were removed. One (Silver R. Wolfe) was removed and added back immediately afterwards, but would be removed again later in the year.
-Support Site: After mentioning "improving support" as one of the goals for 2011, Dragoneer buys a $60 Knowledgebase software called "KBLance" (Have question? Get answer!") to replace the neglected MediaWiki install they were using for support. It's quickly discovered to be poorly coded, and is quickly removed.
The idea didn't stay dead for long, a few hours later it returned on a software package that costs $50 a month. The new software is "wiki-based" and appears to just be a custom skin on top of a lightly modified wiki.
Although people were invited to submit questions to it, the knowledgebase is quickly abandoned. Only one new article is added after February 14th.
-Commission Information page removed: After being disabled for nearly two years (March 2009) due to XSS exploits, the "commission information" portion of user profiles is quietly removed.
-Rhainor account hack: Someone
breaks into the account of administrator Rhainor. They did so by hacking into Rhainor's AIM account and then asking one of the other admins to change the password on the account. The other admin happily obliged.
March:-DDoS: A DDoS attack that stretches
multiple days takes place.
-Passwords Unchanged: Evil hacker trolls (sometimes known as #vivisector) discover that a note leaked in December contains what appears to be Dax's server password. Lo and behold, it is, and the evil hacker trolls get access to Bahamut, FA's "database backup", and worse, "Novastorm", the database server. FA is quickly informed.
-Hardware installA firewall and load balancer are installed. The firewall terminates access to the holding page for the "URL shortener" project "Pss.ms", the load balancer does nothing significant at the moment, because there's nothing to load balance. Following this maintenance, the site has a noticeable slowdown.
-Service outage: "Figment", the box that hosts most of FA's non-mainsite services (i.e. email) goes offline. The staff are aware,
but no public announcement is made for 12 hours. Users are unable to register, reset passwords, email the staff, or register for FA: United.
-DDoS 2: Electric Boogaloo: Another DDoS. It's
taken care of rather quickly.
April:-Ratte's forum account hacked: Someone obtains access to Ratte's forum account and dumps a number of threads from the administration boards onto Lulz.net. It's revealed that FA asked admins to sign up for "admin-only gmail accounts" to help prevent malicious users from hacking into email accounts and resetting site passwords. Interestingly, this was after Yak claimed all staff would get @furaffinity.net accounts for that purpose.
May:-Data scraping: A Lulz.net user finds a few links in the leaked December notes that point to pages that aggregate and return journals that mention specific keywords. Apparently, FA had provided the staff of Inkbunny and the staff of Antheria with one of these. It's also discovered that one exists to track mentions of Allan.
-FA: United: FA: United takes place. Registration is delayed three hours because the registration computers weren't ready. Panels take place as scheduled without badge requirements. A handful of people attend Silverautomatic's panel on dealing with trolls.
This was the projected date for the debut of the new UI and several new features. Instead, Dragoneer shows off portions of the new UI. No one is able to vouch if these are functioning pages or just static mock up pages.
June:-Staff drama. During this month, admin Nylak
asks for help pirating Adobe Photoshop. She is suspended temporarily, and later restored to administrator. Months later, she is suspended from the site, seemingly permanently, for unknown reasons. We also find out that Chase, who resigned in early January, was forced out after
embarrassing Dragoneer while Chase was at Dragoneer's parent's home.
-"Journal Virus": Someone takes advantage of several XSS holes present in the journal system to post blank journals and submissions to user accounts. These are all problems Eevee had mentioned months earlier, and had gone unfixed until now. There was also a minor incident earlier in the year in which case similar things happened after visiting Arcturus' YiffyLeaks site. The problem is "fixed", and announced as fixed, before it was actually fixed.
-New file server: Remember back in January when FA was almost out of storage space. Well, it's the end of June and they've finally noticed. A new server with 12TB worth of drives is ordered. The server
does not go online.
July:-Web cache:
Someone on FA's tech staff attempts to install a web cache and fails. For hours, users are spontaneously logged into other users accounts. No one pulls the plug on the site, even though all admins have access to a function to do just that.
-File server full: Less than two weeks after the announcement that a new server was on it's way, FA begins to error out when attempting to upload a submission (A problem that had been increasing as of late). The file server is full. Uploads resume once users voluntarily remove enough submissions. The new file server is currently
sitting in pieces on Dax's bedroom floor. It is installed shortly after, but is not placed in use yet.
-Furocity "Merger": An announcement is made that, following more than a year of planning, FurAffinity and Furocity would combine staff. No other details are available as they're not ready yet. A "Staff Code of Conduct" is also announced, but is quickly retracted and users told the document would remain private. No ETA is available for the new UI that was scheduled for beta in May. At this point, this is an announcement, no Furocity staff have joined FA staff (some haven't even joined FA yet).
August:-AUP updates and new staff: A day after the AUP is updated with new,
bizarre and oddly specific updates, several members of Furocity's staff are added to FA staff. The new staff is almost entirely made up of "managers" for the new "department" system. Specific administrators handle a specific "department", like Artwork or Photography. Most of the existing staff have been given the title "ToS Compliance and User Support". Some existing staff is removed without warning. A forum post by Arshes informs users that the staff were not warned in advance of these changes.
-Yet another DDoS: A botnet takes FA down over the course of two days. FA
tweets that the Department of Defense and the Post Office is responsible. During this time, their router suffers a line card failure. It is swapped for a new one, which also experiences a line card failure days later.
-Viglink: FA signs up for a "affiliate link service" site without informing the users, then claims that the feature was "in testing" (on the live site) when it was discovered. Because Viglink's opt-out service is shoddy, users pressure FA to add a feature that allows them to permanently disable it on the site.
September:-Miscellaneous exploits: Someone discovers shouts can be posted over and over and over by refreshing the "Your shout has been made!" page. Another exploit is discovered, regarding how avatars are sized. Very thin avatars are stretched out vertically to fill the 50px wide avatar image. A combination of a very thin avatar embedded in multiple lines of a shout plus the shout F5 exploit allow malicious users to force pages to be extremely long.
October:-Migration to new file server: FA, abruptly and without warning, places the site in "File Read-Only" mode as the new fileserver (announced in late June) is finally brought online. According to Yak, it was delayed due to "Hardware issues" they encountered. Within two days the file transfer is finished, but the site slows to a crawl due to "thumbnail cache regeneration" that goes on for days. There are frequent issues with uploading, and new accounts cannot upload at all. Trogdor, the Dell server that donators rounded up $16,000 for, is removed from service and replaced with something probably much cheaper.
-Furocity "merger" ends: The majority of the admins that came over from Furocity suddenly resign within hours of each other on October 28th. Departing admins cite a "badly broken" administration, ineffective leaders, and "weak, unprofessional, childish original staff". Two Furocity admins and Gavin remain, for now. Within a few weeks, only Gavin remained, and the departmentalized staff was restored to it's classic hierarchy of "a jumbled mess".
The official PR'd reason these admins left had something to do with a poorly-executed "doxing" of administrators that had been posted days earlier. Some of the admins who left had not been doxed any further than an email address, and they did not cite the doxing in their farewell address, so that reasoning is up for debate.
November:
-Bug fixes: Fresh off the failure of what was going to "fix" FA (the merger), FA decided to go into distraction mode and fix numerous problems that have existed on the site for years. "
content has been removed by the poster" messages were removed, the "Safe For Work" site was set up to be safe for work
everywhere, the species list was updated, and users were given the option of filtering out Adult content but not Mature content.
-User privilege escalation: Somehow, a user is able to become an admin, and displays an image on the site for a brief time. A number of admin menu features appear on all users accounts. Dragoneer later claims an admin account was compromised and that "a loophole that affected a subdomain let the person access the admin panel for a brief time." This "subdomain" administration panel is supposed to require FA's version of "secondary authentication" (read: a different password), so it's unclear what kind of exploit was present.
December:
-Technical issues: December saw several technical issues with the site, plagued with
slow loading times and the database crashing a
couple times before finally
giving out entirely because the database server ran out of swap space while preforming backups.
-Banner Controversy: It wouldn't be a full year without a banner controversy. During the middle of a winter banner contest (which had simple rules like "Your character can't be a main focus") that was meant to show off unknown talent, a banner featuring user SecreT, drawn by Ifus, appeared in the rotation. It turns out, this had been planned for months, yet it didn't occur to anyone that this pre-planned banner appearing in the middle of a contest with specific rules might look a bit odd.
January:
-Technical issues: December's technical issues dragged over into January, where they continue to this day. Slow loading times were recently blamed on
"scrapers" (
FOUR of them!) downloading content off the site.
A year from hell. And with the way things have been, it's probably not going to get much better. Not a peep about the new UI has been heard. Dragoneer is quieter than ever when it comes to FA things. Gavin appears to be inactive. The coding staff has not changed. The "extended" banner contest has been left for dead (half a month without a new banner being showcased, until the FurAffinityPR twitter mentioned it). According to Alexa's (debatable) statistics,
FA is quickly losing it's gap between e621. And I have it on good authority (
) that there is a new site in development that could really rock the boat when it comes to furry art sites.
Who knows what 2012 will bring, but I'm sure we'll find the time (between talking about cocks and dongs in IRC) to post about anything that does happen.
