GeneralManagement, administration, notable events |
ProblemsDowntime, hacks, catastrophes |
FerroxAnd other attempts to rewrite from scratch |
PromisesNew UIs, new features, broken dreams |
DisabledFA giveth, and FA taketh away |
||
---|---|---|---|---|---|---|
Jun 2016 | ||||||
May 2016 |
Site hacked, source code stolen Dragoneer announces that someone broke in earlier that month using the "ImageTrack" exploit. The attacker stole a copy of the source code and distributed it on USB drives at (presumably) BLFC several days prior. The attacker deleted chunks of the database, and the most recent full backup was six days old. It's unclear whether the attacker also stole a copy of the database. The attacker's identity is unknown at this point. |
|||||
Apr 2016 | ||||||
Mar 2016 | ||||||
Feb 2016 |
Forums restored FA's forums are reopened, using different software but preserving the post history. |
IMVU sends lawyers at Silver Eagle Silver Eagle reports that IMVU's legal department is sending him strongly-worded emails regarding his own attempt at a furry art site. Other developers distance themselves from Silver Eagle for fear of also attracting legal attention. A few people who brought this up on FA report having their comments hidden, submissions deleted, or accounts suspended. Silver Eagle's Twitter (2, 3, 4, 5); Dibs's Twitter (all now defunct) |
Forums The forum administrator decides to take his ball and go home, leaving FA without forums for several months. |
|||
Jan 2016 |
Silver Eagle quits, reports not having been paid Silver Eagle posts a YouTube video saying he asked to be paid a pittance for his work, and FA agreed. Bureaucracy repeatedly got in the way of actually producing a check, so he escalated to IMVU, who revealed that they never received his contract. In a comment, he says that since posting the video, Dragoneer has agreed to pay him. He also describes the internal FA politics as wildly distrustful and is particularly critical of yak, who intensely dislikes outsiders meddling with the code or servers. |
Silver Eagle reveals Daedalus (Ferrox v7) In his video, Silver Eagle explains that he was actually working on yet another clean-room rewrite of FA, named Daedalus. The code, not mentioned publicly until now, was under the Apache license since the beginning, and has now been put on GitHub. |
||||
Dec 2015 | ||||||
Nov 2015 | ||||||
Oct 2015 | ||||||
Sep 2015 |
Forums split off FA's forums become Phoenix Forums and move to a new domain, leaving FA without an independent dedicated discussion area. According to Carenath, this was in response to FA's removal of its link to the forums, as he assumed the next step would be to shut the forums down entirely. Within the next two weeks, due to some concerns about private information that technically belonged to FA, the forums would be wiped and started from scratch. FA: United 8 |
Gallery folders FA adds gallery folders, seven and a half years after they were first announced. |
||||
Aug 2015 |
Forum staff mass exodus This was a thorny and confusing mess, and made much worse by the decision to censor and ban former admins who explained their grievances in depth. When the dust settled, one main site admin and four forum moderators had quit. It also came to light that forum moderators were asked to provide photo ID if they wished to remain moderators. |
|||||
Jul 2015 |
Phoenix reappears, possibly abandoned The "phoenix" repo gets three commits, but all the old history is missing. As of this writing (Jan 2016), there have been no further commits. |
Changelog FA begins keeping a changelog. |
||||
Jun 2015 | ||||||
May 2015 | ||||||
Apr 2015 |
New UI open beta The new UI enters open beta almost eight years to the day after it was first promised, and looks rather a lot like Weasyl. |
|||||
Mar 2015 |
IMVU acquisition announced Dragoneer announces that FA has "joined the IMVU family", which is faux corporate speak for "been bought for an undisclosed sum". This announcement comes two months after the actual acquisition, demonstrating FA's newfound commitment to transparency. |
Phoenix repo reappears, empty There is now a "phoenix" repository on FA's GitHub once again, but it's completely empty. FA's GitHub; personal research |
||||
Feb 2015 | ||||||
Jan 2015 |
IMVU acquisition IMVU purchases FA. The userbase would not be made aware of this for another two months. |
|||||
Dec 2014 |
Phoenix code disappears The Phoenix code repository disappears from FA's GitHub, presumably changed to private. FA's GitHub; personal research |
|||||
Nov 2014 |
Jake never used Via Zidonuke's Trello for tracking FA operational tasks, it comes to light that Jake, one of the two beefy machines purchased in May 2013 with over $5,000 in donations, has been been unused the entire time. This is particularly egregious considering that FA had just raised another $17,000 for hardware one month prior, while a machine worth thousands of dollars collected dust. |
Zidonuke resigns By this date at the latest, Starrykitten aka Zidonuke has stepped down. New devop, Zidonuke FA announces that a new devops person named Starrykitten has joined the team maintaining the existing site. Starrykitten appears to be a freshly-minted name with little history attached to it, but the person seems competent enough and sets about investigating FA's operational backlog in a systematic and public way. It is soon discovered that Starrykitten is Zidonuke, a person somewhat infamous for black hat shenanigans. This revelation generates considerable consternation. |
||||
Oct 2014 |
GoFundMe hardware fundraiser FA starts a GoFundMe fundraiser asking for $25,000 to purchase new servers of some sort. FA is looking at migrating to a "new system", perhaps "dedicated server based hosting". FA nets $17,104.23 from the fundraiser, and donates 10% to SoFurry to help them recover from the DDoS that occurred at the same time. Weasyl and Inkbunny, which were also affected, receive nothing. Dragoneer incidentally reveals that the site owes $10,000 in taxes. Fender journal; Fender journal; Dragoneer's comment on r/furry |
DDoS FA experiences a massive DDoS from an unknown source and is largely unavailable for most of the week. SoFurry, Inkbunny, and Weasyl are also affected. |
||||
Sep 2014 |
New UI open beta soon New UI reported to be almost complete and will allegedly "update the site's look and feel to a more modern, clean look". The linked screenshots look like modest CSS changes to the current site, nothing like any previous mockups. "Additional details will be available soon." |
|||||
Aug 2014 |
FA: United 7 |
|||||
Jul 2014 | ||||||
Jun 2014 |
Phoenix recruitment FA puts out a call for a skilled "CSS and layout wizard", despite Adam Wan's claimed extensive expertise in Web development. |
|||||
May 2014 | ||||||
Apr 2014 | ||||||
Mar 2014 | ||||||
Feb 2014 | ||||||
Jan 2014 |
Project Phoenix (Ferrox v6) announced FA announces another rewrite from scratch, this time in node.js. The team is Dragoneer (whose actual role is vague), Adam Wan (who made the new UI mockups and chose the platform), and two people with no reputation. This generates quite a lot of furor, as Adam Wan had previously been embroiled in rape allegations, which he treated dismissively. Ferrox v5 aborted Ben Anderson claims that he, Myr, and Nanuk had been laying groundwork for an FA rewrite since October 2013, after receiving Dragoneer's blessing. The project is never named, but would have been the fifth such known undertaking. Dragoneer says he said they could help, but never heard any more from them, and subsequently forgot they'd asked in the first place. Meanwhile Adam Wan had "escalated" into lead dev for yet another rewrite. There is no clear resolution, but it appears v5 was abandoned shortly thereafter. |
|||||
Dec 2013 |
Adam Wan asks about node Adam Wan asks Twitter if anyone has experience with node.js, the platform he would soon thereafter decide to rebuild FA upon. A followup tweet explains that he's "trying to wrap [his] head around it". Ben Anderson's UI preview Ben Anderson posts to his Tumblr that he has been designing a new frontend for FA. "Fender bender" Dragoneer is taken aback by his discovery of "fender bender", a Weasyl utility for importing one's watchlist from FA. He complains to Weasyl on Twitter. The name is later changed to "SOFT", a backronym. |
|||||
Nov 2013 | ||||||
Oct 2013 |
Staff recruitment FA announces it's looking for more admins and "documentation specialists". In the journal comments, Freehaven questions that FA isn't asking for developers. Dragoneer responds that several devs have come on board recently. However this was never announced, and the new devs aren't shown on the staff page. |
|||||
Sep 2013 |
Migration to Jake After a server migration, Jake is now the primary DB server. |
|||||
Aug 2013 |
FA: United 6 |
|||||
Jul 2013 | ||||||
Jun 2013 | ||||||
May 2013 |
$7,000 of hardware acquired and installed Using donated hardware from the February donation, donated gift cards, and some extra cash, FA acquires two beefy new servers named Finn and Jake. |
|||||
Apr 2013 | ||||||
Mar 2013 | ||||||
Feb 2013 |
Hardware donation drive FA asks for donations of hardware (mostly in the form of buying hardware from an Amazon wish list) to help "add redundant systems to the site". The drive ends the following day, reporting over $5,000 in hardware purchased. The hardware is reportedly put to use in May. |
|||||
Jan 2013 | ||||||
Dec 2012 | ||||||
Nov 2012 | ||||||
Oct 2012 | ||||||
Sep 2012 | ||||||
Aug 2012 |
FA: United 5 |
|||||
Jul 2012 | ||||||
Jun 2012 |
Upload problems Multiple users are unable to upload submissions or new avatars. yak explains that the cause is missing file-system directories, which exist per-user for legacy reasons. |
|||||
May 2012 | ||||||
Apr 2012 | ||||||
Mar 2012 | ||||||
Feb 2012 |
Sonic "age up" guidelines Sciggles posts new guidelines for how FA will interpret the age of Sonic characters in porn. The guide appears to suggest drawing them in a Western anthro style, nothing like the original art style. |
|||||
Jan 2012 | ||||||
Dec 2011 | ||||||
Nov 2011 | ||||||
Oct 2011 |
Furocity admin exodus The new Furocity admins abruptly resign all around the same time, blaming poor leadership and gross misconduct behind the scenes.
Only one Furocity admin now remains, and they are later removed as well. The Furocity merger is never mentioned again. |
|||||
Sep 2011 | ||||||
Aug 2011 |
Viglink FA is discovered to have quietly added an affiliate linking script five days prior, violating its own TOS and possibly FTC rules. A non-apology is issued, and a news post offers the opt out link. Furocity admins appear The staff page is rearranged to split admins into departments. Most FA staff remain as "user support", whereas the departments almost exclusively contain Furocity admins with anonymous (and often antagonistic) FA accounts. AUP refinements The Acceptable Upload Policy is updated to introduce oddly specific rules about photos of food and BDSM costumes. The wiki is incidentally noted to no longer exist. |
DDoS FA is down periodically over two days due to a DDoS from a botnet. Attacker was not identified. During the downtime, FA upgrades one of their self-owned routers. |
||||
Jul 2011 |
Furocity "merger" FA announces a merge with Furocity. This is later clarified to be a personnel merge only: the sites will remain separate, but Furocity moderators and developers will help out FA. |
File server full The file server runs out of disk space. Users are unable to upload art, though some voluntarily delete their own work to help out. There is no sign of the new 12TB server. personal experience Scraper disabled A lulz user releases a program for downloading an artist's entire gallery. yak deliberately breaks it, citing "because I can? there is no technical reason for this." Logins mixed up Some users find themselves logged in as different users, with the powers of those users. A few abuse this privilege to wipe others' galleries. The cause turns out to be a server-side cache mechanism; yak claims someone else installed it over him, though never reveals whom. |
||||
Jun 2011 |
File server 99% full FA mentions that it has only 1% of its available disk space left, but that it's adding a new 12TB file server within the next month. The current server is only 2TB. |
CSRF attacks An unknown attacker creates a page that, when visited by a logged-in FA user, post a journal as that user that encourages watchers to visit the attack page. Arcturus later uses the same approach to force visitors to submit empty submissions and log out whenever they visit yiffyleaks. The general approach used was on Eevee's exploit list. Shortly thereafter, the first real CSRF protection is added to FA, almost a year after Eevee and yak discussed it. |
||||
May 2011 |
FA: United 4 |
New UI open beta soon Front page news states: "We're working on the UI release, and hope to have an open beta soon! Right now we're waiting on a few things before the beta opens up (recoded commenting system) before we can launch the beta." personal research |
Optional SSL All FA pages are now accessible via SSL, though http is still the default. |
|||
Apr 2011 |
Ratte hack Ratte's forum account is compromised. Dozens of screenshots of admin threads are leaked. Some exploits fixed? At least one of the XSS exploits on Eevee's list is fixed around this date. Others remain unfixed. personal experience |
|||||
Mar 2011 |
Load balancer FA installs a "dedicated firewall and a load balancer". |
DDoS Another DDoS attack causes 500 errors and general slowdowns, although FA had already been running slowly since the recent hardware installation. Secondary sites down Figment, FA's virtual machine server, drops offline. Affected services include FA:U's website, email, FA registration, and password resets. FA acknowledges the problem some twelve hours later. Server password leaks Dax's SSH password is discovered in the December note leaks. It still works, providing access to both the database and backup servers. DDoS FA suffers serious performance degredation due to a lengthy DDoS attack. |
URL shortener disappears FA's new hardware firewall quietly blocks all access to the pss.ms domain. |
|||
Feb 2011 |
Knowledge base FA purchases knowledge base software, despite having had a wiki for some time that many admins never had access to. The software proves to be of extremely poor quality; FA takes it down two days later and instead purchases different software, hosted outside their own servers, for $50/mo. |
Rhainor hack Rhainor's admin account is compromised. Admin comments for a few users are leaked. Exploit list acknowledged Four months later, Summercat (an admin at the time) finally asks Eevee for explanations of all the exploits they know about. The details are gathered and finally provided on March 1. personal experience Late maintenance FA goes offline around 5am EDT for database upgrades intended to happen overnight. It remains down for twelve hours. yak reveals that there are 393 million rows in the new submission notification table. |
Commission info The commission information page is disabled due to XSS vulnerabilities. The link to it is quietly removed after maintenance in Feb 2011, seemingly marking its permanent demise. |
|||
Jan 2011 |
Cacti exposed FA's Cacti installation (used for server monitoring) is discovered to have a guest account enabled, allowing anyone to view real-time private statistics. Once discovered, the entire server was firewalled. DB password and code leaked A server misconfiguration allows anyone to read the password for the database server, as well as parts of the source code. Some of the code is leaked. |
No new UI work done? In its birthday announcements, FA implies that no work has been done on the new UI since it was first previewed in the summer of 2009. New UI designer announced FA announces the impending hiring of a UI designer to finish the new UI. |
Birthday announcements FA turns six years old. FA announces a "v3" is under development; new dev staff will be added; commenting will be overhauled; and commission and rating systems will be added. A beta is scheduled for unveiling during FA:U 4, on May 21. Web hosting within 30 days In its birthday announcements, FA announces that web hosting will be up and running within 30 days. |
|||
Dec 2010 |
10 days of comments lost yak inadvertently deletes the past 10 days' worth of comments. Note hack Unknown malefactors hijack an admin account, wipe galleries of several high-profile artists, and steal the notes of 42 high-profile users in bulk via admin note access. Later, Arcturus puts up a searchable browse interface of most of the leaked notes. |
|||||
Nov 2010 |
Cub banned Due to objections from FA's payment processor, which it relies on to receive donations, cub porn is explicitly banned. The ban remains through the present day (2014), though FA still has no payment processor. AlertPay drops FA AlertPay, one of the few payment processors willing to tolerate porn, closes FA's donation account and (temporarily?) seizes the $2,300 left in it, citing that cub porn violates their terms of service. |
Eevee ban evasion Eevee circumvents their ban (via one of their announced exploits) for the mundane purpose of leaving a sassy comment on a friend's journal. The comment and exploit are swiftly and silently removed. personal experience |
Supporter ribbons announced FA announces Supporter Ribbons: several images emphasizing a user's contribution to FA, to be placed on user pages. |
|||
Oct 2010 |
Exploit list Eevee produces a list of two dozen FA exploits, and offers to explain the problems and solutions to any FA admin who asks. Comment hiding hack Eevee discovers that the new comment hiding feature doesn't correctly check whether you're allowed to hide a comment. They hide tens of thousands of random recent comments, causing some consternation, before the hole is successfully plugged. Eevee is banned as a result. Dragoneer states that the critical offense was targeting the community rather than just him. personal experience |
Comment hiding FA adds comment hiding, allowing users to hide either their own comments or comments others make on their artwork. WikiFur; personal experience |
||||
Sep 2010 |
Registration Due to rampant abuse, registration is disabled during this period. |
|||||
Aug 2010 |
Servers move to full cabinet FA moves their servers from a 1/4 cabinet to a full 42-unit cabinet. It never gets more than 1/3 full, according to eyewitness reports. Dragoneer later states that they need a full cabinet to get 24/7 access to the datacenter, but InfoRelay (the host) denies this. FA's twitter; IRC log with _fox; Dragoneer's twitter; unsourced email sent to InfoRelay |
URL shortener announced FA announces a furry URL shortener. The domain pss.ms is registered and given a placeholder page. The service is "coming very soon". As of this writing (Jan 2016), no such service exists. Folders coming soon Dragoneer affirms that gallery folders are being finalized and are coming soon. They would finally see the light of day in Sep 2015. |
||||
Jul 2010 |
Caffeine (Ferrox v4) abandoned? This date marks the last known commit to the Caffeine project. Since the project was never intended to be public (and it's unknown how the code was leaked), it's possible work continued after this date. However, neither the project nor Ice-Wolf's involvement with FA have ever been announced publicly. |
Minor UI changes Minor UI changes appear. Most notably, the sidebar moves to the top of the page. FA announces that these changes are in preparation for the new UI. |
||||
Jun 2010 | ||||||
May 2010 |
FA: United 3 |
Encrypted login FA adds SSL to the login page, partially resolving the exploit used on Aug 11, 2007. |
||||
Apr 2010 |
YouTube embedding FA adds a bbcode tag for embedding YouTube videos within FA journals. Folders in testing Dragoneer confirms that gallery folders are in testing and will be deployed soon. They would finally see the light of day in Sep 2015. |
|||||
Mar 2010 |
Caffeine (Ferrox v4) development begins This date marks the first commit to the Caffeine project, also referred to as Ferrox in its own history. However, the commit is massive, so development may have been ongoing for some time before this date. The project is written in overengineered PHP, and its only developer is Ice-Wolf. GitHub mirror; personal research |
Web hosting announced FA announces a web hosting service, with a target release somewhere between April and August. As of this writing (Jan 2016), no such service exists. |
||||
Feb 2010 |
Profile ids FA adds profile ids: the ability to show a scrap submission on a userpage. |
|||||
Jan 2010 | ||||||
Dec 2009 |
Downtime FA shuts down due to datacenter issues. It returns in a new datacenter. |
Ferrox v3 dev goes down Sometime between the last commit and this date, the Ferrox v3 bug tracker and source code quietly go offline. They never return. personal research |
||||
Nov 2009 | ||||||
Oct 2009 | ||||||
Sep 2009 |
Last Ferrox v3 commit Date of the last code change ever made to Ferrox v3. FA forum thread; GitHub mirror; personal research |
|||||
Aug 2009 | ||||||
Jul 2009 | ||||||
Jun 2009 |
New UI previewed FA previews the new UI, designed by Zaush and apparently in progress at the same time as Ferrox v3. Announced a release in late 2009. A new UI would eventually be put into open beta in Apr 2015, though it's unclear whether it was based on this preview. |
|||||
May 2009 | ||||||
Apr 2009 | ||||||
Mar 2009 |
Eevee resigns Eevee resigns from the Ferrox v3 project, leaving it without a lead developer. FA forum thread; personal research |
|||||
Feb 2009 |
Password leak "hack" Several user accounts are compromised; in the chaos Dragoneer accidentally gives one of the compromised accounts administrator permissions instead of banning them. Later, FA discovers that 738 users are still using passwords that predated a password leak three years prior, and forces them to finally change them. CrushYiffDestroy forum thread (now defunct) |
Search Full-text search of FA artwork is disabled during this period, originally "temporarily" due to a lack of resources. It's promised to make a comeback in Ferrox, but later added back to current FA. FA forum thread; Eevee journal; personal research |
||||
Jan 2009 |
Printing confirmed Dragoneer reaffirms that a printing service is in progress. As of this writing (Jan 2016), no such service has been launched. |
|||||
Dec 2008 | ||||||
Nov 2008 | ||||||
Oct 2008 |
Ferrox v3 made public The bug tracker and source code repository for Ferrox v3 are made publicly accessible. FA forum thread; personal research |
|||||
Sep 2008 | ||||||
Aug 2008 |
FA: United 2 $16,000 fundraiser FA raises $16,000 in donations in order to get up and running again. |
Downtime FA shuts down due to a hardware failure. It returns after purchasing new servers (Trogdor and Novastorm) with $16,000 in donations. |
||||
Jul 2008 | ||||||
Jun 2008 | ||||||
May 2008 |
Backup donation request Dragoneer posts a journal asking for donations for a backup server: "We do not have a proper, professional-grade backup system in place. We've got RAID backups, but that's not a end solution, and we need to change that." Dragoneer also says the backup server will be used to add features and bring back search. CrushYiffDestroy forum thread (now defunct) |
|||||
Apr 2008 |
Crypto resigns Crypto, the lead developer of Ferrox v3 at the time, resigns from FA. The position of lead developer passes to Eevee. personal research |
Folders confirmed yak confirms that FA will have gallery folders, before the release of Ferrox v3. They would eventually be deployed in Sep 2015, which is indeed before the release of Ferrox v3. |
||||
Mar 2008 | ||||||
Feb 2008 |
Ferrox v3 in progress Eevee announces in their FA journal that Ferrox v3 is under active development. |
|||||
Jan 2008 | ||||||
Dec 2007 | ||||||
Nov 2007 |
Ads FA adds ad banners. personal research |
|||||
Oct 2007 |
Dragoneer acquires FA Dragoneer purchases FA from Alkora/Jheryn for $2,500. |
Eevee joins dev staff Crypto, the lead dev for the as-yet-unannounced Ferrox v3, invites Eevee on board. Eevee accepts, and starts committing to the project within a week. GitHub mirror; personal research |
||||
Sep 2007 |
First Ferrox v3 commit Date of the first code change ever made to Ferrox v3. Crypto is responsible for the initial commit. Ferrox v3 officially starts A call for Ferrox developers (and beta testers, QA, etc.) officially goes out. Very few people end up joining the team. FA forum thread; personal research |
|||||
Aug 2007 |
FA: United 1 |
Alkora password hack Alkora sniffs Dragoneer's FA password over open wifi at FA:U. He defaces FA with a scoffing administrator message. |
||||
Jul 2007 | ||||||
Jun 2007 | ||||||
May 2007 | ||||||
Apr 2007 |
New UI announced |
|||||
Mar 2007 | ||||||
Feb 2007 | ||||||
Jan 2007 | ||||||
Dec 2006 | ||||||
Nov 2006 |
Cub allowed Cub "art" is explicitly allowed. |
Content filters announced In the wake of the initial cub controversy, FA announces that fine-grained content filters will be released in the near future. As of this writing (Jan 2016), no such feature exists. |
||||
Oct 2006 |
All read notes lost All notes that had been marked "read" are inadvertently deleted. personal research |
|||||
Sep 2006 |
Donation drive FA announces a $1,000 donation drive to cover bandwidth costs. personal research |
|||||
Aug 2006 |
verix code leak verix discovers an oversight in FA's Apache configuration that allows running arbitrary PHP code on the server. She acquires most of FA's source code. personal experience |
|||||
Jul 2006 | ||||||
Jun 2006 |
New server online FA's $1,500 server, purchased about half a year prior, goes online. |
Arcturus hack Arcturus makes use of an unknown exploit. FA is locked down, but there is no permanent damage done. personal research |
Ferrox v2 announced FA announces the development of Ferrox (later referred to as "v2"), a rewrite of the FA software from scratch, with a closed beta coming soon. The effort was quietly forgotten. The code never saw the light of day, but it appears Alkora (the original FA developer) was the sole developer, and presumably the project was written in PHP like FA was. |
|||
May 2006 | ||||||
Apr 2006 | ||||||
Mar 2006 | ||||||
Feb 2006 | ||||||
Jan 2006 | ||||||
Dec 2005 |
Extensive downtime After the June attacks, FA shuts down. It returns as "version 2" with an empty database, but an account importer for existing users. |
Paid features FA announces fundraising plans, including paid accounts, a printing service, and a store. |
||||
Nov 2005 | ||||||
Oct 2005 | ||||||
Sep 2005 |
$1,500 fundraiser FA raises $1,500 in donations towards a new server. |
|||||
Aug 2005 | ||||||
Jul 2005 | ||||||
Jun 2005 |
Unknown attack Attack of an uncertain nature, only specified as "major security holes and hacking" by WikiFur. |
|||||
May 2005 | ||||||
Apr 2005 | ||||||
Mar 2005 | ||||||
Feb 2005 | ||||||
Jan 2005 |
FA launches FA comes online, as a haven for SheezyArt and y!Gallery refugees. |