Weasyl goes up, then down again over "obvious issues"
Posted by GreenReaper (Laurence Parry) on Tue 2 Oct 2012 - 06:51 — Edited as of Thu 11 Oct 2012 - 13:32
New art site Weasyl has been taken down after just a day online, while developers "work on some obvious issues".
The site's support forum has been flooded with threads reporting a variety of issues and feature requests.
More seriously, some are already probing for vulnerabilities, though at least one has been reported responsibly.
Weasyl appears to be hand-coded, raising the spectre of security holes, although past experience may have been enough to encourage the use of basic precautions.
Update (8 Oct): Weasyl is back, with a laundry list of fixes.
About the author
GreenReaper (Laurence Parry) — read stories — contact (login required)a developer, editor and Kai Norn from London, United Kingdom, interested in wikis and computers
Small fuzzy creature who likes cheese & carrots. Founder of WikiFur, lead admin of Inkbunny, and Editor-in-Chief of Flayrah.
Comments
[comment removed on request]
The site was accessible to all, but only registered users could login; the invitation system was temporarily disabled.
Weasyl, just another FA clone which will die a lonely death. To think Arcturus believes he is in any way a "leet h4x0r" is hilarious on face value.
Well, Weasyl was a nice idea, too bad it won't last.
We'll see. There were bound to be some issues, though the pressure of donors may have encouraged them to release sooner than they might have otherwise.
For comparison, Inkbunny had about nine months of development, then a six month period of closed testing and rework before opening to the public. (Many features which Weasyl also implements were developed after this period.)
I was not aware Arcturus was involved in any way with Weasyl.
This would be the person linked as example of those probing for vulnerabilities.
Ah, well, my guess it's more a tough love thing on their part. Or a test to see whether they'll go about fixing things. If that's the case they are, that's what beta's are for. No skin off my teeth... as long as the days of down time don't count toward the "paid account" status of people who donated.
I don't normally comment on this sort of thing, I stumbled onto this and just wanted to mention that paid account timers won't start counting till we come out of beta, in other words any premium time purchased isn't counted until after we open to the public in general.
Up now down again for the weekend. EDIT: Oh wait it came back up while was sleeping. All around it's up and down.
Will Crusader Cat and Lupine Assassin be registering here? I wouldn't attend a bar at which Bryan Fischer and Bernie Madoff were regulars; I won't frequent a website that lets Reilly and Greenwald just wander in, stinking up the place. No offence.
If you were to convert this sentiment into a strict rule (i.e., not patronizing establishments which have as customers anyone whose public actions or beliefs are in stark contradiction to your sentiments), I'd bet that you wouldn't be able to go anywhere, at least given the wide net you seem to have cast.
Also, off-topic: which Reilly and which Greenwald? (Depending on which people you are talking about, it could be the case that I must protest and insist that you explain yourself, so that we may cast aspersions upon each others' ideologies and ancestries and exchange other wildly-outrageous sundry insults, as is customary on the Internet. But I can't know until you clarify.) :3
I'm curious about the assertion that Weasyl "appears to be hand-coded"; by that do you mean that it's 100% from scratch? I know that it's coded in Python, and I'd be rather surprised if it isn't built on a web framework, which -- at least if you're using them right -- should be pretty robust against most common security vulnerabilities. (I know both Django and Flask have a substantial set of extensions to build with; I'm not too familiar with Pyramid yet but I'd assume something similar.)
— Chipotle
I don't want to say 100% hand-coded, but I think many parts are. I'm getting my impression from what Kihari has said in, for example, this forum post, where he talks about considering a password hashing module as opposed to his own code. This suggests to me that he has hand-coded other elements of the accounts system as well.
Perhaps most telling is this tweet, in which I believe he's describing the basis of Weasyl:
webpy appears to be a pretty thin framework - more a utility library than a high-level website-in-a-box.
Goodness. I actually nearly added "as long as they're not using web.py or some such" but didn't think anyone actually, y'know, was using web.py anymore. (A nerd point for Postgres, although I don't think MySQL is the hive of scum and villainy it used to be. Unless you count Oracle's ownership.)
— Chipotle
It will be down for the remainder of the week.
Pop goes the weasyl?
Weasyl is back up, with a laundry list of fixes.
Post new comment