FA+
Shop
A Few Questions About FurAffinity... (Updated: 6-8-2011)
14 years ago
So I havent ever done this journal thing on FA, it never really interested me enough to post, but there have been some things about FA that have been irritating me too much for me to leave them alone anymore. So if you really don’t care about how FA is doing, it serves up your porn and stuff just fine for you, then don’t read this, because all its going to be is hard questions about how the "largest furry site" is run.
But anyways, how does this effect you? Pretty simple actually, the site you depend on for your business, for your entertainment, for your community, for your daily porn fix, is not taking measures to stay viable. That is, FurAffinity may not be financially viable, my not be technologically viable or may not be administratively viable right now, or may become much worse very quickly. It is certainly possible for the entire site to collapse within hours, as we saw it come very close to in December. Do you remember when there was no FA? It honestly kinda sucked, and when there was FA for some bit of time, then it got pulled for 4 months or so, the only thing that kept some other site from taking over was the lack of any such sites, and well, there is no lack nowdays.
To break down these questions I’ve attempted to separate them into 4 categories, the technical, legal, administrative and ones that consist of a mash of these. Ive also tried to provide explanations and strike a balance between being too brief and too verbose.
***EDIT*** I have added a section "Observations" with some observations of how things are going wrong on FurAffinity I had previously wanted to avoid this because it draws conclusions and I wanted to stick with a question only format, but some issues here definitely need addressing. Also, I will be adding more questions as I am reminded of them, they will be marked ***NEW***. Thank you for your assistance.
***EDIT*** Constructive comments and criticism is welcome, no matter how old this post is, as it will be updated constantly over a long period of time. As before, no namecalling and telling people to shut up. Also, added "Things Commenters Have Brought Up" for stuff people have brought up in and around that I feel the need to address.
Technical:
- How many of the vulnerabilities addressed by Eevee's journal (http://eevee.livejournal.com/329817.html) have been resolved and have these resolutions been verified? The details of these vulnerabilities have been disclosed to the FA administration and technical staff by Eevee several months ago and as far as I know have not been provided to the public. These issues pose real problems to the site, some of which can be used to cause large amounts of data loss or gain access to personal communications. Why have these issues not been comprehensively addressed?
- How do you plan on dealing with the whitescreen problem and what has been done to date to resolve this issue? This issue has been discussed a lot in #furaffinity-dev and to day we only have seen that Yak vaguely recollects looking at the issue, vaguely recollects the errors involved, but did not have access with him at home to investigate further and did not appear to care about fixing it.
- Have you had an independent party review the PHP code to find vulnerabilities? Many parties, including myself, have offered to review the code, even under the most encompassing NDAs and identify issues and undetected security vulnerabilities. To date only one person has participated and he is no longer welcome to contribute to this endeavor.
- Have you injection tested and/or fuzz tested the site to find vulnerabilities? I have seen no indication of this being conducted, there are packages and services out there that conduct both targeted tests and random input tests to find issues in nearly any type of software, but especially web applications.
- Has a bug tracker been setup to coordinate the efforts of all parties involved in fixing these problems? No indication of a bug tracker has been seen in the communications to the public by the administration. Most large projects with multiple developers need bug trackers to coordinate the massive effort, that FA does not have one may be hindering its internal development efforts.
- How is session hijacking being dealt with? It was theorized long ago that FurAffinity.net was vulnerable to session hijacking, that the site does not use PHPSessions meant that FireSheep did not immediately have a plug-in to do this, but from what has been indicated, it is trivial to implement and such a plugin now exists in the wild.
- What is the status of the new UI? Last I was told the principal developer on this project had all but quit and no mention of it has been made since January. This has been promised by FA:U which is in two weeks, but there does not appear to have been any development effort on this since January. ***NEW*** So now its past FAU, its past "the end of May" and we're in June, there does not appear to be much happening with the UI thing. What really is going on here?
- What is your roadmap for new features? Most sites have a vaguely internal and sometimes blatantly public roadmap to add features, sometimes this is incorporated into their bug tracker (see above), but I have not seen FA have such a roadmap or seem to have any long-term guide to what needs to be done, as features seem to be added based on show shiny they are and who requests them rather than general need or usefulness.
- Why does FA need a load balancer to have full site SSL? Most sites that have implemented full site SSL have noted that the overall impact has been nearly nil, in terms of actual numbers Google reported less than a 10% increase in cpu time and less than 1MB total increase in RAM in their web worker servers. Inkbunny has reported nearly the same. I personally only have experience with the CENSORED site, while hosted on a dual P3, has only seen marginal increase in CPU load related to enforcing full site SSL, which in this case took approximately 10 minutes to implement.
- From what has been indicated, FA is still storing passwords in a manner that would be vulnerable to rainbow tables, even if generated specifically for FA. What is being done to address the rainbow table password attack vector? You could sit here and state that it would take a large amount of time to generate tables of sufficient size, but furry lends itself towards being a technical community, when someone as lowly as me can have a small supercomputer in his garage, what says another furry interested in breaking into your site wont have even more capability or access to such?
***NEW*** - Reports are still surfacing about some people who suddenly find themselves logged in as some other user, what is causing this, what is being done to fix it?
Administrative:
- How is the backlog of trouble tickets being addressed? Ive seen many complaints on the forums that people have pet trouble tickets, or their only trouble ticket, that have not been addressed for months or even years. Some of the admins have candidly stated that the backlog has been growing larger and not much has been done to address it. Some have said that when all of your staff are volunteers you shouldn’t expect them to be dedicated to getting things done, but in reality I’ve seen nothing to indicate that you cant tell people that if your an admin you should be doing work, if you cant do the work, you should quit. This seems to work just fine when running furry conventions, why not furry sites.
- How is the issue of administrative despotism being addressed? It has definitely been noticed by the furry community that administrators on FurAffinity tend to both fail to avoid issues where their friends are involved and come to the aide of their friends. Sometimes people who are friends of the administration can do things that normal users cannot and not get banned. Sometimes these people gain extra protection because they are friends of the administration, and sometimes people get harassed or banned because they are not friends of the administration.
- Why has the administration avoided dialog about many of these problems? If I was running a site like this, I would be going out of my way to become aware of and address issues with the site, including going where the people are complaining, trying to talk to them and trying to fix the problem. In most of these cases, fixing the problem really does involve fixing the problem and making sure everyone knows youve fixed the problem, not promising a fix and then slacking on actually doing it.
- What is being done about the hemorrhaging of administrators from the FurAffinity staff? Some have noticed that recently several of the administrators have quit or otherwise left, this appears to be resulting in a dwindling amount of administrators, not very many hands to make light work of the site's maintenance at all. What do you plan on doing to fix this?
- Why is advertising on FurAffinity so hard? I’ve seen many complaints in the forums that it takes months for anyone to get back to potential advertisers, and I know from what I have heard in the CENSORED meetings, at the very least CENSORED's experience seemed to mesh with these experiences. If one of your core revenue streams is advertizing, shouldn’t you be providing excellent customer service to the advertisers at least?
Legal:
- Does FurAffinity (Ferrox Art in this case) plan on seeking 501c7 or 501c3 status? The track record of FurAffinity suggests that it would be better off trying to conduct itself as a non-profit or not for profit social club, this way the use of the term "donations" is less shady in the "its legal but not exactly ethical" sense.
- Otherwise, do you have a solid plan to deal with the revenue stream problems (IE: require a signup fee, have premium memberships, etc)? What is stopping the site from going belly up tomorrow? Since so many users have invested so much time in this site, it exists based on the contributions of these people, how is FurAffinity making sure these contributions do not evaporate overnight?
- The issue has been raised about the intermingling of assets, since Ferrox Art is an LLC, you must maintain a separate ledger and bank accounts for the LLC and the property of the LLC must remain separate from its stakeholders, how Ferrox Art conducts business has suggested that this separation does not exist. Are you conducting the business of the LLC properly to avoid it being dissolved into a sole proprietorship upon challenge?
- If not, why does Ferrox Art exist as an LLC and not as a sole proprietorship? I don’t really have much comment on this one, since I would be speculating more than I like, but does Ferrox Art exists so that Dragoneer can claim that FA and himself are not one in the same?
- If Ferrox Art, LLC is doing business in Virginia and New Jersey, why does it not have business licenses for those states? Generally you must obtain business licenses for each and every state that you do business in, just ask the people in your dealers den. This includes the state where you have business assets being used to conduct business in, Virginia, and the state where you are holding a profit generating event, New Jersey, moreso NJ than VA.
***NEW***- So, I missed something while looking at the legal issues surrounding how FA United is managed. If FA United is run by Ferrox Art, LLC, have you collected and remitted Sales Tax in the state of New Jersey? Since FA United is not a not for profit organization, they are not exempt from collecting sales tax on goods and some services they provide.
***NEW***- Likewise, has Ferrox Art verified that it is not obligated to collect and remit sales tax or other taxes for providing the services it does? I have not studied the law in Pennsylvania, New Jersey or Virginia, but in Washington, some electronic communication services are taxed.
Combination:
- How did you let the SSL certificate expire? Generally speaking, SSL certification providers send large numbers of emails if you have not purchased a renewal, that it did expire brings up deep questions about how well FurAffinity is about paying the bills. On the flipside, that it took several hours for this to be detected and corrected speaks to the speed at which FurAffinity can detect and correct technical issues.
***NEW***- Addendum to above, You say the certificate provider emailed you about the cert expiry, why did you not check the cert expiry in the certificate itself? Also, how did you not have this in your ical or whatever? I have down to the minute alerts for every time sensitive action I must take from now till approximately October of 2013. Why could you have not set a reminder or gotten the new cert early?
- Does the site not consider its users stakeholders in a small way? Since the existence of the entire site hinges on the contributions of its users, do you not consider them stakeholders when making decisions about how to conduct the business of the site? As far as I have been able to determine there is no way indicated in my interactions with the admins of this site to be considered someone who's opinion is worthwhile, even if I were to donate as I have in the past its not worth anything, from what I’ve gathered only the most popular artists get their opinions considered.
- What is being done to address the issue raised above of no fresh eyes on the PHP code that runs the site? From what has been indicated, there has not been much done to even make the preparations for allowing outsiders too see the code, which apparently includes backing up the entire site on a nightly basis or some quite involved backup project.
- Why have many parties that have offered to help been told they would be able to soon, and then they are not ever contacted again? I know of at least two, myself and Trapa. I shouldn’t need to say that people sometimes offer to help when they have free time and might not be available later on, and otherwise many people become discouraged and disinterested when you never get back to them.
- Why was Ferrox abandoned? From what I’ve been able to see there was a substantial amount of code written for this project and a lot of this code may be useful in establishing a foundation for a new FA, and thus getting it going faster than say, going at it from scratch. From what I’ve seen, the latest attempt at Ferrox was going at it from scratch (having been said to be written in PHP, which is not exactly similar to Python at all).
- What has been done to deal with the slippage of most of the features promised to the sites users? It has been demonstrated that many promised features and upgrades have slipped into oblivion. Some include folders, new UI, full site SSL, security improvements, Ferrox, the URL shortener, the hosting service, etc. But no explanation is ever provided for why these improvements never show up, let alone on time.
- Why did it take 3 years to deal with the clear text password problem? This was one of my pet issues, we even considered setting up a wall of sheep at one California convention to make people aware of this issue in particular. Dragoneer himself told me that he was in the process of buying the SSL cert to fix this in 2006, why did it take till 2009 to actually set this up?
- If FurAffinity is asking for money, providing accounting of donations and mentioning expenditures, why is FurAffinity not providing more comprehensive accounting and an explanation of the expenditures? This topic has come up in the forums and so far no official word has surfaced.
Observations:
- FurAffinity appears to suffer from an extreme case of Not Invented Here, wherein not just technologies and methods are rejected, but entire ideas. Most organizations suffer from a mild form of Not Invented Here, where some technology or method is rejected because it simply was not dreamed up by someone in the organization. Sometimes this is a variation of Grass Is Always Greener, where a technology developed internally looks better even if it really isn't because it exists entirely within the organizations control. From what I have seen happen with technical issues, FurAffinity has rejected technologies, ideas or even entire concepts because they were originally thought up by someone on the outside.
- FurAffinity as an organization suffers from deep set issues with self reinforcement, often giving people who "rock the boat" the boot and justifying it by saying they "betrayed" FurAffinity. There is a inclination in human nature to surround onesself with like minded individuals who in some cases form an echo chamber where every idea you come up with seems all great and theres no dissent. Most large organizations have found that this is actually bad, on so many levels, this is why we have ombudsmen, oversight committees, auditors of all types and highly paid consultants who come along and tell us were wrong. FurAffinity has an advantage here, right here we have a group of people who will tell you your wrong for free, even some who might go to great lengths to tell you your wrong and how to make it right. ITs a great free resource FA should use.
- Administrators take being insulted and harassed too seriously. Many organizations have found that if a customer is being a total dick to you, and your all nice back, it leads to them calming down and generally things working out for the better. Applied to administering a social website this may take the form of completely disregarding how users are angry at you, the site, their insults or their drive to make you aware of the problem. Generally when you approach the situation in this way its easier to make decisions that appear and often are more fair, because you are not taking it personally and thusly your personal biases are less inclined to ban someone because of their "tone." The fact that someone is bringing something up over and over again may speak to a breakdown in the process of dealing with this, even if they are getting really in your face about it. Finally, I have found that as someone who administers things of a social nature, its much harder for someone to troll you if you just act nicely to them the whole time and address their issues, cause either at that point these issues fall apart, having been contrived, or they get addressed and the person is less pissed off.
***NEW***- The users of this site really seem to like attacking people who bring up these issues. This is not much of an observation about how FA runs itself, but more just something irritating I see when trying to bring out these issues.
---- EDIT: 5:32PM May 10th ----
Please keep the discourse civil and constructive, no telling people to shut up and no calling people names. Also, no deleting shit, read your reply before posting.
---- EDIT: 5:42PM May 10th ----
Apparently I shouldn't reference organizations I may be a member of, so they have been censored.
---- EDIT: 8:52PM May 10th ----
Added section "Observations" clarification on questions being added and cleanup of some formatting, also times are PST.
---- EDIT: 9:39PM May 10th ----
Added section, "how does this effect you?"
---- EDIT: 6:26PM June 8th ----
More questions, updates, spelling, etc.
But anyways, how does this effect you? Pretty simple actually, the site you depend on for your business, for your entertainment, for your community, for your daily porn fix, is not taking measures to stay viable. That is, FurAffinity may not be financially viable, my not be technologically viable or may not be administratively viable right now, or may become much worse very quickly. It is certainly possible for the entire site to collapse within hours, as we saw it come very close to in December. Do you remember when there was no FA? It honestly kinda sucked, and when there was FA for some bit of time, then it got pulled for 4 months or so, the only thing that kept some other site from taking over was the lack of any such sites, and well, there is no lack nowdays.
To break down these questions I’ve attempted to separate them into 4 categories, the technical, legal, administrative and ones that consist of a mash of these. Ive also tried to provide explanations and strike a balance between being too brief and too verbose.
***EDIT*** I have added a section "Observations" with some observations of how things are going wrong on FurAffinity I had previously wanted to avoid this because it draws conclusions and I wanted to stick with a question only format, but some issues here definitely need addressing. Also, I will be adding more questions as I am reminded of them, they will be marked ***NEW***. Thank you for your assistance.
***EDIT*** Constructive comments and criticism is welcome, no matter how old this post is, as it will be updated constantly over a long period of time. As before, no namecalling and telling people to shut up. Also, added "Things Commenters Have Brought Up" for stuff people have brought up in and around that I feel the need to address.
Technical:
- How many of the vulnerabilities addressed by Eevee's journal (http://eevee.livejournal.com/329817.html) have been resolved and have these resolutions been verified? The details of these vulnerabilities have been disclosed to the FA administration and technical staff by Eevee several months ago and as far as I know have not been provided to the public. These issues pose real problems to the site, some of which can be used to cause large amounts of data loss or gain access to personal communications. Why have these issues not been comprehensively addressed?
- How do you plan on dealing with the whitescreen problem and what has been done to date to resolve this issue? This issue has been discussed a lot in #furaffinity-dev and to day we only have seen that Yak vaguely recollects looking at the issue, vaguely recollects the errors involved, but did not have access with him at home to investigate further and did not appear to care about fixing it.
- Have you had an independent party review the PHP code to find vulnerabilities? Many parties, including myself, have offered to review the code, even under the most encompassing NDAs and identify issues and undetected security vulnerabilities. To date only one person has participated and he is no longer welcome to contribute to this endeavor.
- Have you injection tested and/or fuzz tested the site to find vulnerabilities? I have seen no indication of this being conducted, there are packages and services out there that conduct both targeted tests and random input tests to find issues in nearly any type of software, but especially web applications.
- Has a bug tracker been setup to coordinate the efforts of all parties involved in fixing these problems? No indication of a bug tracker has been seen in the communications to the public by the administration. Most large projects with multiple developers need bug trackers to coordinate the massive effort, that FA does not have one may be hindering its internal development efforts.
- How is session hijacking being dealt with? It was theorized long ago that FurAffinity.net was vulnerable to session hijacking, that the site does not use PHPSessions meant that FireSheep did not immediately have a plug-in to do this, but from what has been indicated, it is trivial to implement and such a plugin now exists in the wild.
- What is the status of the new UI? Last I was told the principal developer on this project had all but quit and no mention of it has been made since January. This has been promised by FA:U which is in two weeks, but there does not appear to have been any development effort on this since January. ***NEW*** So now its past FAU, its past "the end of May" and we're in June, there does not appear to be much happening with the UI thing. What really is going on here?
- What is your roadmap for new features? Most sites have a vaguely internal and sometimes blatantly public roadmap to add features, sometimes this is incorporated into their bug tracker (see above), but I have not seen FA have such a roadmap or seem to have any long-term guide to what needs to be done, as features seem to be added based on show shiny they are and who requests them rather than general need or usefulness.
- Why does FA need a load balancer to have full site SSL? Most sites that have implemented full site SSL have noted that the overall impact has been nearly nil, in terms of actual numbers Google reported less than a 10% increase in cpu time and less than 1MB total increase in RAM in their web worker servers. Inkbunny has reported nearly the same. I personally only have experience with the CENSORED site, while hosted on a dual P3, has only seen marginal increase in CPU load related to enforcing full site SSL, which in this case took approximately 10 minutes to implement.
- From what has been indicated, FA is still storing passwords in a manner that would be vulnerable to rainbow tables, even if generated specifically for FA. What is being done to address the rainbow table password attack vector? You could sit here and state that it would take a large amount of time to generate tables of sufficient size, but furry lends itself towards being a technical community, when someone as lowly as me can have a small supercomputer in his garage, what says another furry interested in breaking into your site wont have even more capability or access to such?
***NEW*** - Reports are still surfacing about some people who suddenly find themselves logged in as some other user, what is causing this, what is being done to fix it?
Administrative:
- How is the backlog of trouble tickets being addressed? Ive seen many complaints on the forums that people have pet trouble tickets, or their only trouble ticket, that have not been addressed for months or even years. Some of the admins have candidly stated that the backlog has been growing larger and not much has been done to address it. Some have said that when all of your staff are volunteers you shouldn’t expect them to be dedicated to getting things done, but in reality I’ve seen nothing to indicate that you cant tell people that if your an admin you should be doing work, if you cant do the work, you should quit. This seems to work just fine when running furry conventions, why not furry sites.
- How is the issue of administrative despotism being addressed? It has definitely been noticed by the furry community that administrators on FurAffinity tend to both fail to avoid issues where their friends are involved and come to the aide of their friends. Sometimes people who are friends of the administration can do things that normal users cannot and not get banned. Sometimes these people gain extra protection because they are friends of the administration, and sometimes people get harassed or banned because they are not friends of the administration.
- Why has the administration avoided dialog about many of these problems? If I was running a site like this, I would be going out of my way to become aware of and address issues with the site, including going where the people are complaining, trying to talk to them and trying to fix the problem. In most of these cases, fixing the problem really does involve fixing the problem and making sure everyone knows youve fixed the problem, not promising a fix and then slacking on actually doing it.
- What is being done about the hemorrhaging of administrators from the FurAffinity staff? Some have noticed that recently several of the administrators have quit or otherwise left, this appears to be resulting in a dwindling amount of administrators, not very many hands to make light work of the site's maintenance at all. What do you plan on doing to fix this?
- Why is advertising on FurAffinity so hard? I’ve seen many complaints in the forums that it takes months for anyone to get back to potential advertisers, and I know from what I have heard in the CENSORED meetings, at the very least CENSORED's experience seemed to mesh with these experiences. If one of your core revenue streams is advertizing, shouldn’t you be providing excellent customer service to the advertisers at least?
Legal:
- Does FurAffinity (Ferrox Art in this case) plan on seeking 501c7 or 501c3 status? The track record of FurAffinity suggests that it would be better off trying to conduct itself as a non-profit or not for profit social club, this way the use of the term "donations" is less shady in the "its legal but not exactly ethical" sense.
- Otherwise, do you have a solid plan to deal with the revenue stream problems (IE: require a signup fee, have premium memberships, etc)? What is stopping the site from going belly up tomorrow? Since so many users have invested so much time in this site, it exists based on the contributions of these people, how is FurAffinity making sure these contributions do not evaporate overnight?
- The issue has been raised about the intermingling of assets, since Ferrox Art is an LLC, you must maintain a separate ledger and bank accounts for the LLC and the property of the LLC must remain separate from its stakeholders, how Ferrox Art conducts business has suggested that this separation does not exist. Are you conducting the business of the LLC properly to avoid it being dissolved into a sole proprietorship upon challenge?
- If not, why does Ferrox Art exist as an LLC and not as a sole proprietorship? I don’t really have much comment on this one, since I would be speculating more than I like, but does Ferrox Art exists so that Dragoneer can claim that FA and himself are not one in the same?
- If Ferrox Art, LLC is doing business in Virginia and New Jersey, why does it not have business licenses for those states? Generally you must obtain business licenses for each and every state that you do business in, just ask the people in your dealers den. This includes the state where you have business assets being used to conduct business in, Virginia, and the state where you are holding a profit generating event, New Jersey, moreso NJ than VA.
***NEW***- So, I missed something while looking at the legal issues surrounding how FA United is managed. If FA United is run by Ferrox Art, LLC, have you collected and remitted Sales Tax in the state of New Jersey? Since FA United is not a not for profit organization, they are not exempt from collecting sales tax on goods and some services they provide.
***NEW***- Likewise, has Ferrox Art verified that it is not obligated to collect and remit sales tax or other taxes for providing the services it does? I have not studied the law in Pennsylvania, New Jersey or Virginia, but in Washington, some electronic communication services are taxed.
Combination:
- How did you let the SSL certificate expire? Generally speaking, SSL certification providers send large numbers of emails if you have not purchased a renewal, that it did expire brings up deep questions about how well FurAffinity is about paying the bills. On the flipside, that it took several hours for this to be detected and corrected speaks to the speed at which FurAffinity can detect and correct technical issues.
***NEW***- Addendum to above, You say the certificate provider emailed you about the cert expiry, why did you not check the cert expiry in the certificate itself? Also, how did you not have this in your ical or whatever? I have down to the minute alerts for every time sensitive action I must take from now till approximately October of 2013. Why could you have not set a reminder or gotten the new cert early?
- Does the site not consider its users stakeholders in a small way? Since the existence of the entire site hinges on the contributions of its users, do you not consider them stakeholders when making decisions about how to conduct the business of the site? As far as I have been able to determine there is no way indicated in my interactions with the admins of this site to be considered someone who's opinion is worthwhile, even if I were to donate as I have in the past its not worth anything, from what I’ve gathered only the most popular artists get their opinions considered.
- What is being done to address the issue raised above of no fresh eyes on the PHP code that runs the site? From what has been indicated, there has not been much done to even make the preparations for allowing outsiders too see the code, which apparently includes backing up the entire site on a nightly basis or some quite involved backup project.
- Why have many parties that have offered to help been told they would be able to soon, and then they are not ever contacted again? I know of at least two, myself and Trapa. I shouldn’t need to say that people sometimes offer to help when they have free time and might not be available later on, and otherwise many people become discouraged and disinterested when you never get back to them.
- Why was Ferrox abandoned? From what I’ve been able to see there was a substantial amount of code written for this project and a lot of this code may be useful in establishing a foundation for a new FA, and thus getting it going faster than say, going at it from scratch. From what I’ve seen, the latest attempt at Ferrox was going at it from scratch (having been said to be written in PHP, which is not exactly similar to Python at all).
- What has been done to deal with the slippage of most of the features promised to the sites users? It has been demonstrated that many promised features and upgrades have slipped into oblivion. Some include folders, new UI, full site SSL, security improvements, Ferrox, the URL shortener, the hosting service, etc. But no explanation is ever provided for why these improvements never show up, let alone on time.
- Why did it take 3 years to deal with the clear text password problem? This was one of my pet issues, we even considered setting up a wall of sheep at one California convention to make people aware of this issue in particular. Dragoneer himself told me that he was in the process of buying the SSL cert to fix this in 2006, why did it take till 2009 to actually set this up?
- If FurAffinity is asking for money, providing accounting of donations and mentioning expenditures, why is FurAffinity not providing more comprehensive accounting and an explanation of the expenditures? This topic has come up in the forums and so far no official word has surfaced.
Observations:
- FurAffinity appears to suffer from an extreme case of Not Invented Here, wherein not just technologies and methods are rejected, but entire ideas. Most organizations suffer from a mild form of Not Invented Here, where some technology or method is rejected because it simply was not dreamed up by someone in the organization. Sometimes this is a variation of Grass Is Always Greener, where a technology developed internally looks better even if it really isn't because it exists entirely within the organizations control. From what I have seen happen with technical issues, FurAffinity has rejected technologies, ideas or even entire concepts because they were originally thought up by someone on the outside.
- FurAffinity as an organization suffers from deep set issues with self reinforcement, often giving people who "rock the boat" the boot and justifying it by saying they "betrayed" FurAffinity. There is a inclination in human nature to surround onesself with like minded individuals who in some cases form an echo chamber where every idea you come up with seems all great and theres no dissent. Most large organizations have found that this is actually bad, on so many levels, this is why we have ombudsmen, oversight committees, auditors of all types and highly paid consultants who come along and tell us were wrong. FurAffinity has an advantage here, right here we have a group of people who will tell you your wrong for free, even some who might go to great lengths to tell you your wrong and how to make it right. ITs a great free resource FA should use.
- Administrators take being insulted and harassed too seriously. Many organizations have found that if a customer is being a total dick to you, and your all nice back, it leads to them calming down and generally things working out for the better. Applied to administering a social website this may take the form of completely disregarding how users are angry at you, the site, their insults or their drive to make you aware of the problem. Generally when you approach the situation in this way its easier to make decisions that appear and often are more fair, because you are not taking it personally and thusly your personal biases are less inclined to ban someone because of their "tone." The fact that someone is bringing something up over and over again may speak to a breakdown in the process of dealing with this, even if they are getting really in your face about it. Finally, I have found that as someone who administers things of a social nature, its much harder for someone to troll you if you just act nicely to them the whole time and address their issues, cause either at that point these issues fall apart, having been contrived, or they get addressed and the person is less pissed off.
***NEW***- The users of this site really seem to like attacking people who bring up these issues. This is not much of an observation about how FA runs itself, but more just something irritating I see when trying to bring out these issues.
---- EDIT: 5:32PM May 10th ----
Please keep the discourse civil and constructive, no telling people to shut up and no calling people names. Also, no deleting shit, read your reply before posting.
---- EDIT: 5:42PM May 10th ----
Apparently I shouldn't reference organizations I may be a member of, so they have been censored.
---- EDIT: 8:52PM May 10th ----
Added section "Observations" clarification on questions being added and cleanup of some formatting, also times are PST.
---- EDIT: 9:39PM May 10th ----
Added section, "how does this effect you?"
---- EDIT: 6:26PM June 8th ----
More questions, updates, spelling, etc.
At least someone other than myself cares enough to speak on behalf for virtually 95% of the users that use FA every day. I applaud you, and I, too, would ask these same questions, as well.
Also IIRC you did everything but applaud me when I brought this shit up. So stop trying to be a suckup while tooting your own horn.
And of course I wouldn't applaud you when I brought it up. I don't know you. How can I applaud a complete stranger across the Internet that I don't know? Do you think you can come up with a logical, sensible answer without trying to sound off at persons such as myself? Probably not. If you can't come up with an answer and decide to further badger me with your snapping, then you're not worth wasting my time upon.
In short, if you can't say something nice, then kindly shut the fuck up and get lost.
Makes me wonder if you kiss your mother with that mouth of yours.
Also, grudges? Are you not the Mikau who cant fucking shut up about shit that happened years ago? How about complaining about something, the problem being fixed, and then complaining about it more?
Sure, I complain, but I complain about a lot of other things as well. Especially when the government does a lot of stupid things they feel is "right for the people", only to be met with all sorts of backlash from the citizens of a particular town, village, city, or say, an entire province/state. I'm trying to better myself so I can at least display a better attitude towards people, but it's other folks like you that make it a challenge.
It's no wonder I stopped talking to you.
I don't know if you have noticed, but this is my journal your commenting in, you don't have any right to tell people to get lost in my journal, thank you.
How can I applaud a complete stranger across the Internet that I don't know?
You say shit like "This guy Pi, he's doing great things!" You dont have to know someone to applaud their efforts, take some random famous person you admire, do you know this person well? I say good things about people I havent even met alot, just the other day I was talking about this really smart British guy named Chris Paget, Ive only met him once in passing.
Honestly maybe if you reconsidered the tone of your discourse and tried to be more constructive, this mouse guy will be nicer, but maybe its too late.
...because FA is run by furries.
Honestly now, you think that these people can actually pretend to be something resembling a professional business person? Christ. These people are furs dude. The very definition of which has nothing to do with "getting shit done", "being responsible" or even "working".
FA is a site that could go belly up tomorrow, and there would be no significant fallout in the real world.
So yeah, I suppose I'm just here for the free porn. No worries.
If this site were asking for money from people to become a member, then as a community we would all have a better leg to stand on. As it is, this is a free corner of the internet for random people to post art. Where is the problem really? Free is free. You can't complain.
Also, Kay directly addresses the fact that the site seems to have no regard for the concerns of its user community. That's a big part of the problem, whether you'll admit it or not.
You can't complain.
I believe I just did. What're you going to do about it?
Being the free site like this is, So long as I don't encounter problems that prohibit me from browsing the gallery I'll never worry about the politics behind the scenes. None of my personal info is kept here that isn't already public record. Nobody would gain a thing for taking over or disabling my account.
Why do the FA admins have to concern themselves with the user community? We don't pay them. We donate. If enough people were angry over this issue, they would all stop donating. Then perhaps this Dragooner character would attempt to please everyone in a half-assed attempt to fix the problem, like has been done in the past.
If you are not a "popular fur" you're opinion will never register on the FA admin's radar. (Not intending to sound rude here) but based on observations most people here are still separated into a variety of social class orders. With the FA admins acting as sort of pseudo celebrities. I would be the blue collar worker. In what reality has the higher social class ever cared enough to fix problems for the lower class or the people who depend on them. Usually only when something catastrophic happens. Right? Depressions, Destruction's or Political Polling.
My point I suppose: is to relax and not worry about it. I'm not trying to stir shit up. Just my point of view having been watching this crap happen for years now. I will agree it's bullshit they don't fix these issues, but they also have no motivation, no interest and no drive to get these problems fixed.
They also have no motivation, no interest and no drive to get these problems fixed. ... If you are not a "popular fur" you're opinion will never register on the FA admin's radar. ... My point I suppose: is to relax and not worry about it.
This is EXACTLY THE PROBLEM. Why is it that the majority of the userbase thinks this way? "Oh, I'm a nobody, so the problems don't affect me and they wouldn't listen anyway"? How is that acceptable? Why do you continue to be a part of the problem?
But have you read the donations page lately?
http://donations.furaffinity.net/
Some people are paying for this site, I would too if I could do it without having to trek out to an actual bank, maybe I would be more inclined to pay if I knew I would get something for it, or if I thought the money was being managed well.
Back to you saying you have no control... you as a person may not have much control over the situation, but if alot of people became aware of these issues something will happen, either it will be a shitfest and people will leave like they left sheezyart for here, or stuff will get fixed. Im hoping for the latter, but the former may happen, especially considering there are problems outlined here that have not been addressed.
If the people choose to stand up and fight for what they believe in, then I think that's an amazing first step.
I said earlier that I agree with what you are saying. I don't care much because I only stop by to look at porn. I don't personally have anything invested here.
Those of you who do, should take a stand and demand that shit get fixed. If you and others feel that the lives of artists and friends are at stake due to some weak admin control, and exploitable software whatever, then by all means make a stand and get active on finding a resolution.
I've seen this garbage in journals for years now. Stop writing about it and do something. Show them how weak the system is. Get a movement started.
The second point of the site having no real-world consequence. Several artists do the art thing as their day job, and right now rely on the site to make sure they have things like food and shelter. Some are more successful than others, but having a system for them to be able to connect with potential commissioners disappear I bet would have some very real effects on their livelihood. This site is, despite it's failures, the central hub for the fandom, and should be held to higher standards because of that.
You want to be on top? Be prepared to give a shit about the community you host. We should never expect less in anything.
One thing I always hate, is people attacking a company because it's the biggest. How many people say they won't eat at McDonalds. It's not because the meat is crap, it's because they're the biggest. Same with Microsoft, same with all kinds of things.
With that said however, there are some problems with the site, Pretty major ones. And NONE of them listed above. Those are TECHNICAL issues, and technical issues are easy to fix. The problems I see with the site are entirely mangement. When someone says anything Dragoneer doesn't like then they get banned, or kicked. If a developer does something dragoneer doesn't like he stops being a developer. Right now there's like NO developers left! Dragoneer and others have chased them all away. Thos who are trying to step up are being ignored.
InkBunny would have surpassed FA by now if it has a logical user interface like FA has. Instead they have a horrible gaudy looking background with buttons everywhere. There's a lot of getting market share, some of it is to be more secure, most of it is having a product people actually want to use. If your going to create a FA killer, then make sure it A) Does what FA does, B) Does it better if possible, and C) is super friendly and easy to use. Once you hvae that, then people will come over naturally. You have a resistance to get over. People stick with paypal not because it's good, but because it's what everyone else uses.
I'd like to defend dragoneer, but the truth of the matter, is that he is mis-managing the money that he is given through donations. The fandom DOES support this site. It should be run with some sort of accountability and professionalism. People should not be banned on personal grudges, and every year there should be a financial report produced. To show where the money is going.
As for all the technical problems listed above, Yup, they're there. The registration software I have isn't glitch free either. The more help i recruit, the better off my software will become.
--Trapa
CTRL+F5 as many times as needed. Don't cry and rant a million-paragraph diary about it. Just slam those buttons and make due. Think you can do better? Then why don't you become an admin and fix all these problems that you are whining about? Hm?
Sheesh..it's just like town hall here. Too many people just like to rant about the problems, but don't show the initiative to set the wheels in motion to fix them...
- Have you had an independent party review the PHP code to find vulnerabilities? Many parties, including myself, have offered to review the code, even under the most encompassing NDAs and identify issues and undetected security vulnerabilities. To date only one person has participated and he is no longer welcome to contribute to this endeavor.
So really, because you failed to read this entire journal, your post is moot. The only thing people CAN do, is 'write a million-paragraph diary" because FA won't listen ANY OTHER WAY.
Between all the ranting and miles of words, I couldn't tell what the heck this journal was supposed to be about.
[coughs loudly]
So, at any rate, how did you happen upon this page?
As a programmer, I have to say that not dealing the technical issues above, along with taking your sweet time to do so, is irresponsible and flat out rude to the community here.
If I had drive to do websites I might venture to make my own... Since I absolutely hate doing it, I wont. However I would like to say that both PHP and Python are simple languages, if you're having troubles with them you should definitely seek outside assistance. Chances are you don't know what you're doing.
Compare this to Inkbunny, which is already far better designed and friendlier to use, and continues to improve. In my mind, I've already made the switch to Inkbunny. I continue to browse FA for artwork by artists that haven't moved yet, or don't post everything that they do there, but every time I come to FA I feel frustration that the experience isn't as good as with Inkbunny.
For me personally, if FA were to go bust, that would affect me positively, since I'd no longer need to come here anymore. Visiting FA is a chore that I do in order to access more art, not something I'd choose.
Yep this happened to me a couple of years ago, along with four other users and the mods flogged us off and said "Your problem, not on our end. Ticket closed."
They still didn't believe me even when I sent them a reply to a trouble ticket signed by me from the other user's account. Wow.
I have a couple of questions for you:
Who is your ISP?
What browser(s) and versions do you use?
I can't account for Mayfur or Mah_boi but Zhannah and Damostat say they're from NZ as well. If it has something to do with the way FA interacts with the ISPs that causes this problem, I'd bet those two are on Telstra as well.
In HTTP, the protocol that is used to serve up 99% of stuff on "the Web" we have some headers, as they are called, these contain information about the documents, images, videos, that are being served up. One in particular interests us in this case: Expires. Prior to a few hours ago, the expiry date was somewhere in 2037. Because this is in 2037 the transparent proxy might not check for new pages until it either dumps that page from the hard disk or its 2037. Now this seems to have been corrected and maybe this problem will go away, one can hope.
Support people take note- We don't like being told "It's not our problem. It's on your end. Goodbye." since it comes off as you not caring. Taking the time to explain it to us can really help us believe you if it's true.
So thanks for taking the time to explain. I appreciate it. I hope this is the end of those problems.
Pi theorizes that its having something to do with either how FA handles sessions, or really messed up proxies. But it would appear Yak does not consider this a priority.
- If not, why does Ferrox Art exist as an LLC and not as a sole proprietorship? I don’t really have much comment on this one, since I would be speculating more than I like, but does Ferrox Art exists so that Dragoneer can claim that FA and himself are not one in the same?"
The LLC would basically allow whoever puts money into the website to not be financially responsible should there be any debts incuring if the company would become bankrupt. It protects anyone who is a Boardmember and all investors of the company as long as no fraud is suspected. The bank accounts would have to be seperate but all stake holders would be free to put money into the company as they see fit. The stake holders are allowed to retain profits as a return on their investment as deamed by the board of directors. If there is only a single stakeholder then it is treated as a passthrough for that indevidual and is treated as a income or loss the same as a stock would be counted. If there is a loss then he would benefit from tax breaks, if there is a gain then it would be taxed appropriately. As long as the books are kept clean then it's all good.
"Does the site not consider its users stakeholders in a small way? Since the existence of the entire site hinges on the contributions of its users, do you not consider them stakeholders when making decisions about how to conduct the business of the site? As far as I have been able to determine there is no way indicated in my interactions with the admins of this site to be considered someone who's opinion is worthwhile, even if I were to donate as I have in the past its not worth anything, from what I’ve gathered only the most popular artists get their opinions considered."
"FurAffinity appears to suffer from an extreme case of Not Invented Here, wherein not just technologies and methods are rejected, but entire ideas. Most organizations suffer from a mild form of Not Invented Here, where some technology or method is rejected because it simply was not dreamed up by someone in the organization. Sometimes this is a variation of Grass Is Always Greener, where a technology developed internally looks better even if it really isn't because it exists entirely within the organizations control. From what I have seen happen with technical issues, FurAffinity has rejected technologies, ideas or even entire concepts because they were originally thought up by someone on the outside."
These are good points you bring up, but it brings into question the vulnerabilities of crowd sourcing. I have actually been a part of a croud sourcing project myself some time ago so I know what the problems that come from sourcing too many ideas from the public. A really good way to put it is to think of it as a game of jenga which starts off with a solid stack of blocks. Every time you start throwing new ideas into the mix you start removing one of those blocks from the middle and put it on top as the commercial says. Do this too many times and your stack of blocks topples over.
Good ideas I found can be good ideas but may not actually function in practice. If you try to appease everyone and do everything your stack of blocks will fall over. For example, adding a new technology to the site would be great but then the coders would have to deal with an increase in possible bugs and or vulnerabilities. FA's resources are already severely stretched it would be a nightmare for them to deal with the extra stress. What good businesses do is they take an idea and spot test it by seeing if it will follow these guidlines:
1. Is it within scope or does it mesh with our current goals/pipeline?
2. What problems will arrise from changing this and will they be managable with current resources?
3. What is the ROI and are the costs to great?
If the idea fails any of those tests then its not worth changing. From what you see as the popular artists getting more done then the less then popular ones is their ideas typically will have a greater ROI as it's the popular artists that typically draw in the users. Where there was missed oppertunity however on the case of FA is that they did not forsee some of the potential problems that would come from their changes and failed to create the proper transperancy for the users on their decisions and goals. The announcement of their merger was a great example as the PR statement was not entirely clear on what that would mean and induced a public outcry that could have been avoided if the goals were properly communicated.
The only real gripe that I have with how the site is run, as I have some business background myself is that the site is running as a business but there are no clear goals as to how to incure profit and no aparent exit stratagy for the stakeholders. This could be grown as a pretty viable business and may look promising to potential investors (As I'm fairly sure there are some wealthy furs out there) given that the site generates a very generous amount of traffic on a daily basis even though it is based on a niche subculture. I have been very surprised that this site has not introduced any type of premium membership advantages or other revenue generating advances yet. I know it sounds very capitalistic of me, but if you really think about it, it's like building a giant castle in the middle of the deasert and expecting your kingdom to flourish even though there are no resources around you to trade.
http://forums.furaffinity.net/threa.....lem?highlight=
I'll link it here incase anyone know how to resolve it or is having the problem.