Password safety is a bit of a solved issue at this point, you should be using a Password Manager, preferably one with a good reputation such as KeePass (which I use) and QtPass/Unix Pass which I have recommended to friends in the past. Both of these will generate strong, random passwords that will be stored in an encrypted vault, which requires a password to enter. These passwords are impossible to bruteforce, and even if they are stored as plaintext by a website, having a unique password for each site means that no other accounts can be compromised.

It sounds like you only need one password to prevent breaking into your password vault, right? Well, not quite, that would be a single point of failure for all your accounts, which could get very messy! If you get to the endgame level of security breaches: access of your computer with malware, your encrypted password file can be copied and the password you enter to unlock it can be keylogged.

You need another password for your e-mail account, and that account needs to have 2-Factor Authentication. This e-mail address should be used to register to all protected accounts. Your e-mail address is your last line of defence and it needs a unique password no matter what, because anyone who gets into your e-mail account can quickly cause damage to every single other account you own on the internet. The 2-Factor Authentication is required because spreading the load off to another device makes it far more difficult for attackers to break in. It has been known for social engineers to call up mobile providers and get a new sim card sent out to bypass this, so be careful with your personal information, do not allow anyone to find the answers to security questions.

So what are you supposed to put in for these two passwords you are supposed to remember? Well, xckd has a comic on an amusing (and pretty secure) way of doing it. However, if the attacker has the password hash on their hands and it is in a common format like SHA-1 or MD5, they could perform up to 257 billion hashes per second on a self-funded rig, in fact, most hashing algorithms are always in the billions of guesses per second range, compared to xkcd’s 1000 per second. At only 10 billion per second a previously 550 year long password would take just under 29 minutes. You can extend that by adding another word, but GPU hardware is going to catch up, and you have to add yet another word.

The way I approach it is simple: create a password that will never be cracked by any computer that will ever be built before the end of the universe, using all the time left until the end of the universe. It uses a combination of various password traits organised in easily remembered “chunks”, here is an example password:


Now, this isn’t my password, but it is built up in the same sort of “chunking” rules. Not knowing the contents, number, or order of the chunks makes this password impossible to break. Let’s break up the chunks so that we can see what it is supposed to be in detail:

IHALBOC skit 26 flying 92 v1g1lant 45 *%

Okay, so let’s take a look at the components:

  • IHALBOC I Have A Lovely Bunch Of Coconuts. A seemingly random word made up of the first letters of a phrase. In my password it’s a phrase I made up and have never said.
  • skit – A short word, no more than 3-4 characters, easy to remember but low security.
  • 26 – 2 digit number, easily remembered but insecure on its own.
  • flying – Normal length word. Try not to only use nouns, that narrows down the search space and is insecure.
  • 92 – 2 digit number again
  • v1g1lant – Word with common substitutions, weak on its own.
  • 45 – 2 digit number.
  • *% – Symbols. Feel free to create more chunks of these and put them anywhere.

These chunks are like seperate passwords that you combine together, they are supposed to be able to stand on their own. This makes it easy to remember by simply chaining them together, while including a massive search space for brute force searches and being impervious to dictionary attacks. I haven’t made a password like this yet that doesn’t have a required amount of time to crack several massive orders of magnitude greater than the time needed for the universe to end. In fact, if you pooled together every single computer on the planet, then multiplied that by a million, you wouldn’t even dent the amount of years it would take to crack a password like this. How many years minimum to crack one of these?

1,000,000,000,000,000,000,000,000,000,000,000 Years

While we’re waiting for the illuminati to read my e-mail, anyone want a coffee?

I’ve been playing Divinity: Original Sin 2 for a while now, it’s a co-op RPG game with turn based combat and a pretty decent story. But the main hooks that it has going for it are the devilishly hard “Honor Mode” and the freedom it gives you to manipulate the environment. The typical “Classic Mode” difficulty breaks it down into a basic co-op RPG with lots of side quests, but Honor mode turns it into something quite different, where every single fight starts off with you at a disadvantage, a lethal disadvantage that will lead to you being killed. Oh, and if all party members die in Honor mode, it deletes your save.

So you have to get creative if you want to avoid being instantly slammed by most encounters, simply fighting your way normally through the game is likely to make you die and end up having to restart over and over. Thankfully, the game offers a lot of utility abilities to make dealing with these situations easier, like teleporting objects and creatures around, or getting bonuses from high ground. It’s this setup that allows characters to punch well above their weight, such as fighting the son of a god in the starting level of the game and winning through careful positioning and skipping the cutscene.

One of the most impressive things you can do is kill a character going by the name of Grog the Troll, who you encounter in the second act, and is designed to be fought in the final act of the game. He is almost double the level of players and is fully capable of wiping the party with ease, as well as being able to regenerate his entire hitbar every turn. By normal combat means, it is impossible to kill him in the second act. Unless you build a nuke and blow him to bits.

In my own honor mode run we’ve achieved this. He drops a really strong ring for the late game, making our suicidal run of the game just that bit easier.

If there’s one thing that annoys me when it comes to the whole furry art community, it’s how ridiculous things have gotten with the Terms of Service documents that artists are trying to create. The first thing that should come up as a red flag is why you’re even making a ToS in the first place, because in most cases building one is uninformed at best, and malicious at worst. There are some assumptions that you have to make when writing one of these:

  • Nobody reads Terms of Service, they’re overly long, legally worded and don’t get the point across to the reader.
  • Terms of Service are typically written to protect businesses from their customers.
  • The more clauses in a Terms of Service, the more a business feels it has to protect itself from its customers.
  • A ToS is a catch all piece of documentation, it’s tacked onto everything without thought.
  • The means in which someone agrees to your ToS is difficult to prove, effectively making the ToS worthless legally.
  • A ToS does not help at ALL with dealing with PayPal or FurAffinity. You will be told if you don’t like it, go to court. After all, you have written a legal document.
  • The ToS needs to have bulletproof clauses, which is going to be hard to achieve when you’re writing one yourself without researching any laws.
  • You are using the ToS as a last line of defence to  protect yourself against lawsuits.

These things don’t really apply very well to individual artists, while you’ll find it’s very effective when ensuring privacy lawsuits against large companies like Apple. This will bring me on to the next chapter.


You will never be able to exercise the clauses of your ToS

You think someone’s violated the clause of your ToS, are you now going to lawyer up and go after them? Chances are you likely didn’t even research the laws of the ToS you wrote, and can’t afford lawyer fees. What is going to happen is you are going to send an angry e-mail out, then get laughed at by the person receiving it. Chances are you didn’t even have a contract to show that someone commissioned you in the first place. In fact, a contract would replace your entire ToS, be handed straight to the commissioner and be specific about their commission.

As you might be catching on now, Terms of Service documents are defensive, they are designed to help stop incoming lawsuits. People don’t read them because they have no intention or means to make a lawsuit happen. You are not going to get sued as a furry artist. Better to focus on your work and making your public image better than trying to guard yourself with a document you’re unable to wield.


The clauses in your ToS make you look stupid

Many furry artists put some of the most retarded clauses in their Terms of Service, which seem to serve no purpose other than to restrict the customer for no reason at all. One of the most ludicrous ToS documents I have come across was written by tktktk, an artist that few have heard of outside of Fur Affinity because of just how mind numbingly stupid their ToS is. It’s worrying to think that whatever drugs they were taking when they wrote it managed to give them an IQ roughly equal to room temperature.

If you want to check it out, here it is, and if forever reason that link expires, here’s a mirror.

Let’s have a look over some of these fun clauses, starting with the top:

When you contact me for work, you agree that my TOS supersedes any TOS you might have.

Oh, the dibs clause, except this doesn’t even reference what kinds of ToS agreements are to be superseded. I don’t think my signing of Apple’s ToS is going to go away when I manage to do whatever it is that makes this ToS valid. Apparently commissioning them means we agree to this, which is conveniently hidden away in a link in the middle of a sentence on their commissions page, that has the same height, colour and style as the rest of the text, meaning it’s not immediately obvious it’s even a link. It’s possible to commission them without there being a link to this ToS on the thing being bought, for example they use the phrase “ToS can be found here” with no hyperlink in the sentence. Nobody has pointed this out, which means no commissioners have read what they are getting into.

All payments must be through paypal. Do not include any additional notes, as paypal does NOT endorse the sale of artwork/commissions and it can end with your/my paypal being banned. Also, please do NOT send it as a gift, or anything else under the Personal tab, as Paypal cracks down on that.

Oh, a ToS that is instructing someone how to break PayPal’s terms without being caught. Very spicy.

In order to commission me you must have at least one image of the character, with color. I do not accept SL images, and I will very rarely accept text references and commissions without visual refs will incur a ‘design fee’ to cover the extra edits.

No monochrome characters allowed! You might say that I’m being picky on semantics, but this is supposed to be a legally binding document. Also it contradicts itself in the next sentence by saying that an image of the character isn’t a “must”.

I retain all rights to my art unless I state otherwise. This means that I can post it to my FA/DA accounts, website, art CDs/Folios, prints, and other personal/public uses. Please state ahead of time if you wish for your commission to be withheld from my galleries and my own personal/public use, as there will be a 25% fee charged. This does not mean you own the rights to the image. This does not mean that I will claim credit over your character. Requiring the image to be censored will also incur a fee.

The 25% charge is unenforceable, as no permission to use the character publicly has been granted. The commissioner can issue a takedown and laugh at this clause.

You are allowed to post your commission in your FA gallery, but it must be linked and credited back to me. You are also able to print the image for personal use, use it for a personal tattoo, or as a graphic in a personal website or blog layout. If you’re using it on a website or blog layout, I must be visibly credited. You may not upload commissions to boorus or chans (image boards), Facebook, and/or InkBunny. If posting to tumblr, please reblog from me. If the artwork is not on my blog, I will post it or allow you to do so. The above applies only to the one who commissioned the artwork, and the specific file they commissioned.

Okay, we can post in our gallery with credit and print it- wait, what’s this about not uploading to certain websites? So the image cannot be posted by you to Facebook (No furry avatar for you!), Inkbunny, e621, 4chan, 8chan, etc. It also can’t be posted to Furry Network:

Please do not repost my artwork to FurryNetwork

And you can’t post the image to tumblr, you have to reblog their post of the image to help fuel their personal traffic. In fact, this entire setup seems to be revolving around this artist’s insane ego and ensuring that their artwork doesn’t appear on a platform that doesn’t also have them on it. It really is a case of baking a cake for a customer and wanting a slice too.

You may not hire (payment exchanged in return for coloring; money, items, art and so on) someone to color any line work of mine (Or make any edits at all), whether it is a commission or not. You may color the image you purchased yourself, or get someone to color the image for free. If someone is coloring it you must ask permission before hand. Failure to do so may result in the image being removed from you gallery by FA staff.
You must state who, including yourself, colored if the work is not colored by me.

Let’s continue with the retarded clauses that offer nothing other than to restrict the buyer in any way possible. You can color in the artwork, and that’s fine, but not if someone that isn’t me is making money by doing it! What purpose is this even supposed to cover? It’s ridiculous.

You may not add your own watermark/logos to any of my artwork, including commissions, trades and requests. (The only ones I shall allow are dA’s automatic watermark, and watermarks, which are also set to be automatic, neither of these are actually the user placing the mark.)

Watermarks can be pretty annoying, and I should make a post on them, but a small one that has a little copyright message at the bottom can save a lot of headaches as a character owner. This makes very little sense when looking at it, until you look at the ToS that they made specifically for adoptables:

For adopts I have designed, you may add a watermark of your own (even though my ToS says no) but ONLY if the watermark has the art credited to me, and the character to you. Something along the lines of ‘Art/Design by TK, character belongs to X’. I absolutely will not accept WMs on adopts that just credit you.
This does NOT count toward normal art I have drawn of said adopt, only the main adopt file.

So they don’t usually have a watermark and are fine with not having one, but if you want one then they just have to have one too. This isn’t the worst thing in the world but it’s telling that they are largely interested in making the commissions they draw an advertising piece to them first and foremost. The bullshit clauses continue in this adoptable ToS even further as well:

You may not resell for more than paid. You may only add on value of PAID COMMISSIONS. No trades, gifts, freebies, drawn by you, or artwork purchased by others.
If the character was traded for (either for art, or a character) you may not sell them, only trade.

Why is this a thing? Is it just jealousy, or is tktktk really so stupid that they don’t realise the money isn’t going to them.

Characters must not be resold or traded to people on my blacklist.

What you should be doing instead

When you are noting or e-mailing a would-be commissioner, have a contract that plainly states what they’re getting, timescale, their ownership rights and the cost, and send it to them so that they have to read and agree to it. Keep it simple and on only the basic concepts, restricting your customers is a good way to get a 0/10 for service.

And if you’re making clauses that affect your business in no way, that control your customer’s actions. I hope you try taking these jokes to court, so that a judge can also tell you to fuck off.

As for me, I’ll be rejoicing in the fact that I’m not bound by a clause that prevents me from making hilarious edits of my commissioned art pieces.

Image of a fluffy fennec

Caution, fennecs may be fluffier than they appear

Hi there! I’m V 0 1 D  the Fennec and this is going to be my general purpose blog, as well as a website for me to host any projects that I’m currently working on without having to do a double back flip through a hoop on site restrictions and other people’s rules. You can expect to see me posting articles on code, furries, lewd stuff and technology. Also, you can expect to see me shilling my furry character, which you can see above. This is going to be an NSFW blog from time to time, so be warned.

I’ve an idea of an article on the representation of dicks in furry artwork, I imagine that might be popular.