The Furry Forums would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.
To accept the cookie click here, or please login or register.

Author Topic: [TECHNICAL] Internal security suggestion. (Two-man rule)  (Read 2714 times)

0 Members and 0 Guests are viewing this topic.

Offline Brisky

  • Awkward armour
  • Gregarious Gnu
  • ****
  • awards This user has been a forum member for over 5 years Top 100 Most Online This user has donated to the forum. Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.)
  • Posts: 541
  • Gender: Male
  • Spooky, isn't it?
    • Steam
    • DeviantArt
    • Awards
  • Species: WereTonk
  • Coloring: Black with gold stripes
[TECHNICAL] Internal security suggestion. (Two-man rule)
« on: December 25, 2017, 08:43:37 PM »
Concerning recent unfoldings, I've heard some of the staff express their concerns about potentially unreliable staff members possessing the power to bring considerable harm to the forum.


First of all, please understand that it is not my intention to say anything about the recent "staffing problem". I merely wish to suggest a safety feature for the forum's administrative functions that was inspired by those unfoldings.

I believe that any one person with such responsibilities could, at any time and for any reason, be or become detrimental to the forum, (leave be the possibilities of a bad person gaining access to an account with administrative capabilities) and I do agree that the negative possibilities are scertainly something that can cause worry to the staff, and should be brought into consideration.


Therefore, would it be possible and/or practical to install a "two-man safety" for authenticating administrative/moderative decisions wich could case serious or irrepairable damage the forum?

The concept is simple.

If a mod +// admin admin wishes to make an action wich could potentially lead to damage (For example, ban someone, delete scertain information, or make alterations to the website / code) an authentication request is send to another mods +// admin, and the action will only be completed if the other staff member agrees with the decision, and accepts the request.


Obviously, such a function would considerably slow things down, as the initial requester of the execution would have to wait for the other staff member to authenticate the decision.
So, the safety should not be applied to functions wich are required to take immediate action against bad situations. Such as, for example, removing innapropriate or harmfull content, or muting bots / users wich are succesively violating forum rules.

Such a safety would prevent serious damage being done by one person alone, and would considerably lower the risk of damage due to hacking/hijacking, or forum vandalism by staff members.

It would also encourage staff members to communicate with each other about problems, and important decisions, as they would have to send the request if they want something like that done, anyways.

And, as the cherry on the cake, I think (Yes, I think, I'm not a programmer) that such a feature would be reasonable easy to install, and get working.


What do you think? Would this be a good idea? Or, would it be useless / ineffective?

I'd love to hear!






Offline anoni

  • Zoomorphic Zebra
  • **********
  • awards This user has been a forum member for over 10 years Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has reported a valid and verified forum bug Top 50 Poster
  • Posts: 6177
  • Gender: Male
  • This statement is a lie
    • Steam
    • Kingdom of Lacertus (clan website) we're not furry oriented, but we accept furries (especially artists) :P
    • Awards
  • Species: Fox
  • Coloring: Beige
  • Height: 183 cm
  • Weight: 65 KG
  • Build: Slim
  • Currently: Cruising through the 4th dimension
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #1 on: December 26, 2017, 03:11:27 AM »
We kinda have a similar system already actually, in that we have 3 members who have similar power and can override each other. Basically everything is reversible atm, even if a member is banned he can be unbanned, if a member permissions are changed they can be unchanged, even deleted posts can be recovered. So if one staff member were to go "crazy" the other staff members would be able to reverse it, and if it was a serious thing (like deleting a post) then one of the two admins could also reverse it and ban that staff member.

  I would say the only real way a staff member could cause irreversible harm towards the site is either all the admins went crazy in the same way at once (so that's three or two points of failure) or Tweak, currently the guy who has backend access to the server, goes crazy. But I really doubt tweak would ever go crazy :P, and even if he does he kinda pays for the website and built everything himself so maybe power to him haha.

  Yeah, so don't worry about dangers and stuff, the whole staff issue has been resolved among the staff team and most of the staff are in agreement with the decision, it's just some former staff who are trying to stir things up atm.
  • Avatar by: WingedZephyr
  • Signature art by: MrRazot
(int(e-x^2, x = -infinity..infinity))2 = Pi


We fight, we recruit, we are the anthropomorphic army. FDF forever!

$_ = "gntusbovueqrmwkradehijqr"; tr/a-z/lad hijacked under stop sign!/; print $_, "\n";

Offline Bricket

  • Whalloping Walrus
  • **********
  • awards Top 50 Most Online Top 50 Topic Starter Top 50 Poster This user has been a forum member for over 8 years
  • Posts: 3082
  • Gender: Questioning
    • Awards
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #2 on: December 26, 2017, 03:17:07 AM »
Hey Anoni

Thanks for the explenation.

But this whole issue has revealed a problem that's called the transperancy of the whole staff.
I don't know how to make this whole staff more transparent but I think I would speak for many if I would say the whole issues has affected us, users, and made us doubt in the whole system.
This doesn't mean we doubt the staff, but we doubt a bit the system/

I hope no one takes this offensive, but it makes us doubt a bit  :S

Offline anoni

  • Zoomorphic Zebra
  • **********
  • awards This user has been a forum member for over 10 years Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has reported a valid and verified forum bug Top 50 Poster
  • Posts: 6177
  • Gender: Male
  • This statement is a lie
    • Steam
    • Kingdom of Lacertus (clan website) we're not furry oriented, but we accept furries (especially artists) :P
    • Awards
  • Species: Fox
  • Coloring: Beige
  • Height: 183 cm
  • Weight: 65 KG
  • Build: Slim
  • Currently: Cruising through the 4th dimension
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #3 on: December 26, 2017, 04:34:37 AM »
Well I'm not entirely sure how this is a transparency problem tbh. I mean, I personally think we've actually been more open about this problem than we probably should have (for example, it's unlikely we're gonna get any more new additions to TFF with the first post on the main page being about drama, not having new members, I'd consider, not very good for the forum). Maybe there is a transparency problem within the staff, that's staff communicating with other staff, but I don't actually think that's the case either, in fact we were generally more transparent within the staff (believe it or not) for this removal than we normally are. Usually when we remove someone, for example for inactivity, only the global moderators and admins talk about it, not the moderators and so forth. And that's been fine, we've removed several members in our past, and there's been no public upset about it or anything. The problem was that Ventus was popular and friendly with a lot of people, so this time we did try and reach out to several moderators to get their opinion on it as well, due to time constraints though we weren't able to get all the responses in time.

  I mean my whole thing is some people may try and interpret us as this big like "Oooh it was a cloak and dagger situation where people stabbed people in the back and it was all this upset". It really wasn't though. People are upset, especially the moderators that were removed, and they're trying to start stuff and paint us out as these villains that we're not. I know all of you guys have been in drama before, you guys have witnessed drama and I know you guys are smart enough to realize that, when drama is concerned, many facts are muddled and confused.

  You can PM any mod now, not just me, any other mod, and if you want you can ask them about the situation, to see what their thoughts are or to make sure that you believe things are going to run well. I think that's just the main thing, talk with the mods, talk with all sides of the story, realize this is drama and you can't completely trust any side, including me! And of course, including the removed moderators.
  • Avatar by: WingedZephyr
  • Signature art by: MrRazot
(int(e-x^2, x = -infinity..infinity))2 = Pi


We fight, we recruit, we are the anthropomorphic army. FDF forever!

$_ = "gntusbovueqrmwkradehijqr"; tr/a-z/lad hijacked under stop sign!/; print $_, "\n";

Offline Bricket

  • Whalloping Walrus
  • **********
  • awards Top 50 Most Online Top 50 Topic Starter Top 50 Poster This user has been a forum member for over 8 years
  • Posts: 3082
  • Gender: Questioning
    • Awards
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #4 on: December 26, 2017, 04:40:33 AM »
Thanks for the explenation.

Man this feels dirty....  :S

Offline Brisky

  • Awkward armour
  • Gregarious Gnu
  • ****
  • awards This user has been a forum member for over 5 years Top 100 Most Online This user has donated to the forum. Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.)
  • Posts: 541
  • Gender: Male
  • Spooky, isn't it?
    • Steam
    • DeviantArt
    • Awards
  • Species: WereTonk
  • Coloring: Black with gold stripes
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #5 on: December 26, 2017, 04:12:12 PM »
I do understand the issues that you're talking about, and how things like this always get more than one side of the story. But, like I said, that's not really the point here.

The point was that you, if I understand it correctly, are concerned about internal security, to the point where you removed a moderator without prior announcement, because you were worried that the moderator, if given prior announcement, could have gone on a rampage, Right?

So, if I didn't misunderstand the point, there kind of still is that problem.


Also I wouldn't really say that that's the same system.

What you're saying you have is a system of reaction. A system where, if things go awry, the combined force of the remaining staff can put it back upright again.

A two-man rule would be a system of prevention. A situation wich, in the forum's current state, could be a risk, would not be a risk with a two-man rule.


But, yes ofcourse.

If all of you are convinced that the staff can trust eachother, and don't need a system of prevention, then that's only for the better!

Offline anoni

  • Zoomorphic Zebra
  • **********
  • awards This user has been a forum member for over 10 years Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has reported a valid and verified forum bug Top 50 Poster
  • Posts: 6177
  • Gender: Male
  • This statement is a lie
    • Steam
    • Kingdom of Lacertus (clan website) we're not furry oriented, but we accept furries (especially artists) :P
    • Awards
  • Species: Fox
  • Coloring: Beige
  • Height: 183 cm
  • Weight: 65 KG
  • Build: Slim
  • Currently: Cruising through the 4th dimension
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #6 on: December 26, 2017, 05:03:16 PM »
See I understand what you're saying and it's definitely a good point and I would definitely add a system of prevention if it didn't have the drawbacks that you already mentioned.

The thing is yes, we remove people before telling people they will be removed because we don't want them abusing their moderator powers. We can reverse anything they can do but its still a situation to avoid, if they decide to, I dunno, post a bunch of private staff details or what not, we can remove the posts but that's still damage that's been done. And I mean, saying "We're gonna remove you, but you can still be a moderator for a few more days", it just doesn't seem like a great idea. I mean when a boss in a company fires an employee they don't have the employee stay for a few days after they were fired, when the employee is fired they are no longer given access to work. Heck, at Microsoft (the company I worked at) if you were fired you'd be escorted out by security on that day (because employees had access to sensitive private user information). Obviously, we're not gonna escort people out of the forum with security haha, but the same kinda principle applies.

  In a way actually, when you think about it, removing a mod from the staff team before telling them they were removed IS a preventative measure to avoid damage. It prevents that mod from causing any potential damage to the forum, it's not a reactive measure it is actually a preventative one. In general while a mod IS on the mod team and isn't being removed we give the mod a level of trust, they're on the mod team for a reason and so we feel expecting them to act out is not really a good way to go about managing a mod team. We generally expect our mods to not act out, but if they did act out we have steps we can take to minimize the damage they'd do (and they'd obviously be removed immediately).

  So if we did this two step system for all mods, there would be two major drawbacks. One, you have already mentioned, is that it will make things much slower, and things can already be quite slow when coming up with moderator decisions (just cause everyone is in different timezones and stuff) so making things even slower seems like a really bad thing to do. And two, it would create a very untrustworthy environment where it's as if the admins don't trust the mods that are on the team. The only reason we make an exception for removal is because getting removed or fired from any place is an extremely upsetting and dramatic thing and anyone, no matter how good they are, can react in unexpected ways.

  So there we go, those are the concerns with a two step authentication system. At the moment we have a very good track record. Cases like this have happened before, but only about once in every 3 or 4 years, so in general the system seems to work even if there are some little things that get through it from time to time.
  • Avatar by: WingedZephyr
  • Signature art by: MrRazot
(int(e-x^2, x = -infinity..infinity))2 = Pi


We fight, we recruit, we are the anthropomorphic army. FDF forever!

$_ = "gntusbovueqrmwkradehijqr"; tr/a-z/lad hijacked under stop sign!/; print $_, "\n";

Offline WingedZephyr

  • Monochromatic Friend
  • Administrator
  • Zoomorphic Zebra
  • ******
  • awards Obtainable by request This user has been a forum member for over 10 years Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has donated to the forum.
  • Posts: 8353
  • Gender: Female
    • Skype
    • Steam
    • Discord
    • Fur Affinity
    • DeviantArt
    • My art and characters
    • Awards
  • Species: Cagon (cat/dragon hybrid)
  • Coloring: White with black "glove" markings and grey stripes
  • Height: 4' 6" (feral)
  • Build: small, lean
  • Reference: [link]
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #7 on: December 26, 2017, 05:03:45 PM »
If all of you are convinced that the staff can trust eachother, and don't need a system of prevention, then that's only for the better!

This.

It's complicated, but basically we tend to put a lot of trust in our staff team to the point that the drawbacks of a "prevention" system would outweigh its potential benefits.

The element of trust is an important one, but if it's broken, we have to be careful. That's when we take further action such as what previously happened.
  • Avatar by: Ladie


Art stream:


** Art commissions currently open **
.: [Prices] :: [To-do list] :.
.: IMVU :: FurAffinity :: DeviantArt :: My website :.

Offline Timmy Fox

  • The Royal Cutefox
  • Yellow Yak
  • **********
  • awards This user has been a forum member for over 10 years Received through special limited time events Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has donated to the forum more than once.
  • Posts: 3509
  • Gender: Male
  • Squeak~
    • Discord
    • Fur Affinity
    • Awards
  • Species: Royal Cutefox
  • Coloring: Orange, white and dark brown
  • Height: 23 cm (~9"quotquotquotquotquotquotquot)
  • Weight: 5 kg (~11 lbs)
  • Build: Small, fairly average
  • Reference: [link]
  • Currently: Chasing a wild pie
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #8 on: December 26, 2017, 07:32:29 PM »
I mean when a boss in a company fires an employee they don't have the employee stay for a few days after they were fired, when the employee is fired they are no longer given access to work. Heck, at Microsoft (the company I worked at) if you were fired you'd be escorted out by security on that day (because employees had access to sensitive private user information). Obviously, we're not gonna escort people out of the forum with security haha, but the same kinda principle applies.

On a slight tangent, I'd just like to mention that this does not necessarily always apply. In my country (at least) an employer is legally required to give a minimum of 14 days advance notice to any employee being dismissed. During this notice period you will still be allowed to work and get a full salary, though you may, naturally, have a few permissions and privileges revoked. Example here is one of my old workplaces, after I was informed I was being suspended I was allowed to continue working for another 14 days with will salary, though I was moved to a different desk and effectively demoted to more of extra to help fetch some things for the others and help with the simpler tasks rather than being allowed to continue doing the same types of work as I had done previously (though I still got a full salary for all those days).

This policy is intended to ensure that your employer won't be able to just outright fire you and leave you out in the dust and allows you to finish up any unfinished work. It's also meant to give you a chance to figure out what you're going to do now that you'll soon become unemployed such as to look for a new job etc.

That said, you can still be outright fired with immediate effect but the employer then needs a good and valid reason for doing so and it's usually reserved only for the most severe of cases such as notable misbehavior or abuse of the privileges you've been given as an employee. Basically you need to have caused a notable amount trouble for the company in order to warrant an immediate termination and if you believe to have been wrongfully terminated you may sue the company and receive appropriate compensation if your termination was found to indeed have been wrongful.
« Last Edit: December 26, 2017, 07:35:33 PM by Timmy Fox »
  • Avatar by: Shu
Proud to be a furry!

We fight, we recruit, we are the anthropomorphic army. FDF forever!

Offline Brisky

  • Awkward armour
  • Gregarious Gnu
  • ****
  • awards This user has been a forum member for over 5 years Top 100 Most Online This user has donated to the forum. Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.)
  • Posts: 541
  • Gender: Male
  • Spooky, isn't it?
    • Steam
    • DeviantArt
    • Awards
  • Species: WereTonk
  • Coloring: Black with gold stripes
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #9 on: December 26, 2017, 08:06:51 PM »
^^

Most of the times I've resigned at a company (and the one sole time I got fired) I actually worked there (and got payed) for usually around another entire month, from the point where it was announced that I wouldn't be working at the company anymore...

Offline WingedZephyr

  • Monochromatic Friend
  • Administrator
  • Zoomorphic Zebra
  • ******
  • awards Obtainable by request This user has been a forum member for over 10 years Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has donated to the forum.
  • Posts: 8353
  • Gender: Female
    • Skype
    • Steam
    • Discord
    • Fur Affinity
    • DeviantArt
    • My art and characters
    • Awards
  • Species: Cagon (cat/dragon hybrid)
  • Coloring: White with black "glove" markings and grey stripes
  • Height: 4' 6" (feral)
  • Build: small, lean
  • Reference: [link]
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #10 on: December 26, 2017, 08:23:12 PM »
Different places have different rules. Every place I've worked has dismissed me immediately. Doesn't really matter anyhow, what I said before still applies. Anoni was just providing an example.
  • Avatar by: Ladie


Art stream:


** Art commissions currently open **
.: [Prices] :: [To-do list] :.
.: IMVU :: FurAffinity :: DeviantArt :: My website :.

Offline Timmy Fox

  • The Royal Cutefox
  • Yellow Yak
  • **********
  • awards This user has been a forum member for over 10 years Received through special limited time events Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.) This user has donated to the forum more than once.
  • Posts: 3509
  • Gender: Male
  • Squeak~
    • Discord
    • Fur Affinity
    • Awards
  • Species: Royal Cutefox
  • Coloring: Orange, white and dark brown
  • Height: 23 cm (~9"quotquotquotquotquotquotquot)
  • Weight: 5 kg (~11 lbs)
  • Build: Small, fairly average
  • Reference: [link]
  • Currently: Chasing a wild pie
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #11 on: December 26, 2017, 08:35:34 PM »
Yeah, my point is just that; Different places have different rules and immediate dismissal is not always the norm as Anoni's example sort of seemed to be implying based on the wording.

Doesn't really matter for this particular case indeed but I just wanted to mention it for the sake of contrast how, in my country, immediate dismissal from a workplace is, in most cases, actually considered illegal.
« Last Edit: December 26, 2017, 08:45:50 PM by Timmy Fox »
  • Avatar by: Shu
Proud to be a furry!

We fight, we recruit, we are the anthropomorphic army. FDF forever!

Offline Bricket

  • Whalloping Walrus
  • **********
  • awards Top 50 Most Online Top 50 Topic Starter Top 50 Poster This user has been a forum member for over 8 years
  • Posts: 3082
  • Gender: Questioning
    • Awards
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #12 on: December 26, 2017, 08:41:26 PM »
It might not be the right place to say it, but maybe we could ask ventus what she thinks about this system?

I myself probably don't know enough about the situation to give a proper opinion on it and on the suggestion

Offline Brisky

  • Awkward armour
  • Gregarious Gnu
  • ****
  • awards This user has been a forum member for over 5 years Top 100 Most Online This user has donated to the forum. Assigned to someone who is observed to be very friendly toward other members (frequently welcoming people in the Intro board, answering questions, etc.)
  • Posts: 541
  • Gender: Male
  • Spooky, isn't it?
    • Steam
    • DeviantArt
    • Awards
  • Species: WereTonk
  • Coloring: Black with gold stripes
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #13 on: December 26, 2017, 09:04:20 PM »
I don't really see any benificial reason to do that, though...

Offline Bricket

  • Whalloping Walrus
  • **********
  • awards Top 50 Most Online Top 50 Topic Starter Top 50 Poster This user has been a forum member for over 8 years
  • Posts: 3082
  • Gender: Questioning
    • Awards
Re: [TECHNICAL] Internal security suggestion. (Two-man rule)
« Reply #14 on: December 26, 2017, 09:07:29 PM »
I was just wondering, having second (I guess by now 6th) opnion could be interesting.
BTW, you know who you should put on the fraud-department? Former bankers

 

Powered by EzPortal

anything