Fur Affinity restoring from six-day-old backups after server compromised; site source code distributed at BLFCPosted by GreenReaper on Tue 17 May 2016 - 12:28
I'm hoping @furaffinity's data is still safe. Just before it went down, every submission I tried to view said "submission not in database"
— Alioth Fox (@AliothFox) May 17, 2016
Update (21 May): FA returned for a day, but is now in read-only mode. Passwords were said to be hashed and salted, but if you've used the same one elsewhere, now is the time to change it to be unique per-site.
Update 2 (23 May): Fur Affinity has returned; however, all passwords have been reset, which is causing problems for those with an old/invalid email address.
FA users took to Twitter and the Fur Affinity Forums looking for answers – which appeared to have been preemptively provided by a post asking "What would you do if you found an exploit on FA?", posted last Sunday on the Phoenixed Forums. However, more recent posts by the original poster disclaim responsibility.
The majority [of the site's data is secure], yes. The backup we have is 6 days old. We're still going through and trying to determine the extent of the issue, and once we have more information, we'll post it publicly and give a full, transparent run down of what happened.
On January 26th Silver Eagle, who was brought on as a web developer for Fur Affinity, released a video posting his resignation. In it he talks about his experiences as a developer there, and all the troubles it has caused him emotionally and financially. Thousands of views later the video set off a firestorm of criticism in the direction of leadership at the fandom's most popular website.
Similar controversies have been played out many times before for Fur Affinity, but let's take a look at why this one has perhaps stirred more ire than others and why it has many furs talking about the impact our most popular website has on the lives of others. To do this, we must take a look at the background of the developer who came forward.
On Janurary 21st, Fur Affinity staff had removed a user's journal based upon the comments within the journal for violating Code of Conduct rule 1.6, colloquially referred to as the "call out" rule. This decision will impact users by placing the responsibility of comments on the user hosting those comments on their journal or submission pages as much as the user making the comment. The user whose journal was removed, Validuz, was told that any comments found violating such rules are subject to removal of the journal hosting the comments.
Fur Affinity is suffering from another round of staff resignations. This time the damage mostly occurred in the forums after one of the art site's disgruntled moderators, Renashe, left and leaked conversations and information which revealed a tool which moderators could use to search for their names in comment sections on the website, among other items.
Following the suspension of Renashe, Kalmor, a moderator on the Fur Affinity Forum followed suit. They wrote a resignation journal which was promptly removed by staff. Afterwords Kalmor posted about the incident on the forums and linked to his twitter at which time he was permanently suspended from the forums and main site for violating the 'privacy' or Non-Disclosure Agreement (NDA). An agreement that most of the Forum staff never signed in the first place, according to Kalmor.
Following Kalmor's suspension three other staffers left in rapid succession, bringing the staff page down from 10 to 6. The remaining six, according to sources, are mostly not involved it the operations of moderation of the forums. It is certainly a far cry from the site leader page in April this year.
Update 3 (Sep 5) - A poll has been posted with new name proposals.
Update 5 (Sep 22) - IMVU has allegedly issued a cease-and-desist order against Phoenix Forums, which was taken offline for several days.
3D chat service IMVU has bought furry art community Fur Affinity for an undisclosed sum. According to the announcement, "FA will continue to operate independently", and former owner Dragoneer says he remains "in charge of the site, direction and improvements".
IMVU, which bills itself as "the world's largest 3D Chat and Dress-Up community", has marketed its service to furry fans since at least 2009. The company proposes to monetize their January 2015 purchase through "added advertising" presented via "an improved experience", rather than "taking FA content, redistributing it, reposting it, using it in-game".
It has been about three weeks since the biggest Fur Affinity controversy of recent years happened. For those unaware, every single piece of art that was ever uploaded there has been archived, and preserved. Now you can see all the galleries that has been wiped from Fur Affinity, presumably forever, in just a few clicks.
In other words, what is put on the Internet, stays there forever, as the great Anonymous warned us.
That made me think: how should we feel about embarrassing old art and dirty laundry? For the longest time in history, artists could hide their more controversial and poor quality drawings form the public, put them in a safe, or throw into the fire. That time is apparently gone forever. Since there is nothing we can do about it, should we change the way we feel? I think this is a worthy subject to talk about. What do you think?
Security is necessary for one's own protection, both offline (to protect one's physical safety and possessions) and online (protecting identity, money and, as the our digital and real lives become more integrated, even physical possessions). Our own behaviours and security systems need to work together to be effective. It's no good having the latest burglar alarm, strong locks on your doors and a security gate if one leaves the door wide open. Similarly, it's great to lock the door each time one goes out - but if that door is secured solely by a latch, it won't be effective. As I've given some basic guidelines on how to stay safe online, I'm now comparing how furry sites are helping their users stay safe.
Update (Jan 28): All Weasyl servers now receive an A grade, however the server configuration is still not consistent.
One must wonder whether it's time Dragoneer stepped down as head of Fur Affinity, as he continues to make poor leadership decisions. Earlier this year, he stirred controversy by announcing Zaush, who'd been accused of rape, as development lead for Project Phoenix. This time he has made sure there are no lingering doubts over the suitability of his appointments by choosing a fur with a history of maladministration.
StarryKitten was recently announced as the new head of the FA tech team, tasked in part with “bringing more transparency” to FA. Some noticed that StarryKitten had only joined FA about a week before the announcement was made. As it transpires, StarryKitten was an alternate account created by the infamous Zidonuke, the real head of the FA tech team.
With the concept of irony easily going right over Dragoneer's head, it was further revealed that the tech lead with a puppet account has been a secret member of staff since 2013:
Online furry communities are reeling after a series of distributed denial-of-service attacks now entering their second day, which not only knocked out Fur Affinity, but have impacted a variety of less-well-visited art and chat sites.
Furry art community Fur Affinity has announced restrictions on the use of automated watching scripts, which they termed "watchbots".
While staff had been "addressing botters on a one-on-one basis for several weeks", to the tune of "roughly two dozen" accounts, they faced a growing number of users who were unaware of their position. Some also became concerned upon being watched by "TheNSA".
The trend appears to have been started by Mishka Burr, who claims to have watched over 160,000 users using a script on a Raspberry Pi. Several other accounts running a published watch script inspired by Mishka's work had over 40,000 on their watchlists prior to clearing.
On January 15, Fur Affinity made its latest announcement of its intention to revamp their site. This new effort, code named Project Pheonix, is intended to bring massive updated to the site's interface to make it more user friendly, as well as incorporate a simplification of rules and decrease response time to trouble tickets.
However, the news caused a stir as it was stated that Adam Wan, known in the fandom as Zaush, would be leading the user interface development. Major controversy has shadowed Mr. Wan following the note leaks back in late 2010 revealed a private correspondence where an individual went to Dragoneer to discuss the possibility of going public with their experiences of sexual abuses committed against them by Mr. Wan. In that correspondence Dragoneer told the alleged victim they believed taking this action was not a good idea as making such public accusations would lead to public backlash against both the accused and the accuser. The victim took that advise and did not go public. Only after the security leak did the public get a hold of these accusations.
The problem is, this was unplanned downtime. […] If it was planned […] people would have had time to get things together. Such as commissioners, contests, bids, etc. and where to get in contact or if the bids/auctions are postponed while the site is down.
[…] at first I was worried that I wouldn't be able to make any money for christmas, but now I'm starting to worry that FA will be down so long that I won't be able to make enough for rent. […] it's so very disheartening when it was supposed to be a nice holiday season...
Operations team lead yak began an attempt to clear backlogged database transactions on Monday afternoon "as fast as the RAID10 array of 15k drives allow". A day later, FA status forum poster Raptros reported that the database would be transferred to a different server.
Update (15 Dec): An announcement posted on Sunday morning:
The last of the data is importing, and we'll be standing by to finish the upgrades. ETA should be tonight.
[The current method of notification handling] is not scalable and quickly becomes unsustainable for sites with 10^5 and 10^6 users.
Staff have rewritten queries, tweaked database settings, and intend to prune notifications older than 90 days soon after the site returns.
Update 3 (17 Dec): Fur Affinity came online for a few minutes before stalling and returning to read-only mode, "unable to handle a flood of users while rebuilding the RAID arrays". The site returned eight hours later, with mass notification clearing options disabled.
Users flooded social networks to complain about the disruption and compare alternate sites; primarily Inkbunny, SoFurry and Weasyl. On FA's forums, a 20-page thread was locked after discussion degenerated; it was soon replaced, while fans clamoured for software upgrades.
Furries are pretty creative. Where conventional companies will pay advertising companies, we find new way to promote our products and selves to others. Independent artists in the fandom have to use less conventional means of promotion. Two such staples that have become popular in the fandom over the past year are "Your Character Here" auctions and "Repost a Link" schemes. However, with their increased popularity, users began to criticize abuse of these methods and expressed annoyance at their side effects.
On November 21, after a link-reposting "giveaway" promising the winner $1,111 had saturated the site, Fur Affinity staff decided that what once started as a small advertising scheme had entered the realm of the intolerable, calling the methodology "Spam to Win". They also re-addressed an issue where artists would repost YCH auction template pictures, annoying watches and browsers alike.
In this Flayrah exclusive we will focus on the new journal rules, explain their implications to average furs and furry organizations, and how these type of prize giveaways could evolve under these new regulations and maintain a level of effectiveness.
As someone who has been in a community of artists, I hear a common conundrum arise:
I really want to leave this art site, but it’s too popular and leaving would mean losing out on a valuable resource to gain/keep customers.
This article presents ways you can use your control over your own works to influence your customers to view them where you wish them to, while also maintaining a presence so that others may find you.
This is written as a neutral piece and the methods can be used on any free art posting site. To that end, we'll call the site you wish to vacate “BadVibeArt”, and the place you want to go “NewBeginningDoodles”. Both are general-use sites for stories and art alike, comparable to sites such as deviantART, Fur Affinity, Inkbunny, SoFurry or Weasyl.