What follows is my post on the furaffinity community, which may or may not be available at any point in time.
I really want to drop my two cents because this has been iritating me, but it seems out of place in any other thread so...
First of all: Jheryn, Arc, all you, stop fighting. D*mn it, its just an art site, not the library of congress.
This has been my pet peeve about furries, the inability of the furry fandom to do anything without massive amounts of drama. Hell I couldint even move across the county without a drama storm. What is the major malfunction here?
Whatever it is, it needs to stop, its not helping a bit.
Now, there really need to be a sitting down and talking about how to fix this in a civil and professional manner, really guys, do you see the MSN team pulling this stuff? How about the Xbox Live tea... er, bad example. Now, Im going to try to be helpful and contructive.
So, from what I see, what did the FA people do wrong:
Sorry about how incoherent it is, I havent had much sleep.
1. Did not spend a little bit more and buy a machine put together by a large name in servers that carries a warrenty.
Might have been a little bit more, but there would have been savings in costs down the road. Costs of replacing hardware and colocation fees, as a 1U is much cheaper to colocate than a 4u.
2. Did not properly structure code to prevent arbitrary code execution and SQL injection.
Apparently, the code was not even sanity checked for these issues, normally one would make special routines to accept data from forms, inorder to provide one point to implement procedures to prevent data from working its way around security. Also, output ought to be sanity checked too.
Stuff like the bug described here is lame: http://973659.blogspot.com/
3. Did not properly structure access procedures to enforce access control.
A finely grained access control system should have been implemented, it dosent necisaraly need to be revealed to users, but should be present to provide a backup incase the main code fails to catch a missing or denied privalege. Also one would want it there to ease administration, create groups for specific taska that limit the users in them to the privaleges that they need to carry out those tasks. Auditing would be a good idea too.
4. Did not properly perform a load test and burn in.
Ideally, this would take an entire week, and answer two questions: a) is there any serious problems with the hardware, and b) how well does it scale.
What would be done is: the server would be set up, performance and other indexes would be monitored. Like processor loads, tempuratures, swaps in and outs, disk usage and such. This would all be done while machines set up with special "stress" scripts plug away at the site in controlled but varying speeds. This would define what loads the server would be able to take before it needs upgrades, it would also make any fundemental performace flaws evident.
5. Have not properly set up an issue tracking system.
Y'all need a publicly accessable Bugzilla set up to take reports of any issue that may arise. Properly setup it can restrict certain "bug" types to only viable by certain users, good for abuse reports too.
6. Apparently have not set up any internal documentation system.
You need a wiki to document the code and flesh out info on larger problems than Bugzilla can hold.
7. Got involved in drama.
No need for comment.
8. Have not maintained a professional demenour while administering the site.
This is key to keeping the peace.
Now, I would like to see a civil discussion of technical faults here, not a flamefest. Savvy?