Author Topic: The SGU Forums FAQ:  (Read 10699 times)

0 Members and 1 Guest are viewing this topic.

Offline ducky

  • Well Established
  • *****
  • Posts: 1740
    • http://skepticwiki.org
The SGU Forums FAQ:
« on: July 19, 2009, 04:44:41 PM »
1) Why does this server not use https or SSL secured login pages?

Answer:

We are graciously given our server space and bandwidth for free by Steve's Web Hosting.  This means we share resources with other domains and prevents us from using a unique SSL certificate.  Since using one for another domain is bad practice and causes security exception errors in browsers we do not use the root domain's certificate on this server.  Even if we could use our own certificate, a self signed one will also throw security exceptions in browsers and the cost per year for our own signed certificate is not reasonable for the administrators to cover.  You can learn more about how certificates and apache using SSL work at the following links:

http://www.apache-ssl.org/
http://www.apache-ssl.org/#Digital_Certificates

2) Why do you require such a complicated password?

Answer:

While it is true that we do not use SSL to secure the connection between your computer and our server for authentication we still from time to time see brute force and dictionary attacks attempting to guess passwords for this forum's accounts.  More complicated passwords prevent these types of attacks from being reasonable in terms of success rate.  When used in conjunction with other security measures we have in place it prevents scripted attacks from guessing passwords before they are banned at the firewall for numerous authentication failures.

You can read some very good tips on password security over at Bruce Schneier's blog, specifically this entry, or this commentary.

3) I tried to upload an avatar but nothing happened!  How do I upload my avatar?

Answer:

You can't.  For various reasons (both technical and security related) we have disabled the ability to upload content to this server, however you are welcome to link to your avatar as long as it is on a site that allows hotlinking, like flickr or photobucket.  This is also true for trying to upload attachments to posts.

4) How do I embed video (flash) in my post?

Answer:

Easy peasy.  Just paste the URL from youtube or the site of your choice and it should auto-embed the video from the remote site in your post.  If a specific site does not work this way, please start a thread in the Technical Administration section requesting that site be added to the supported list.

5) Man this forum's colors and appearance suck!  What can I do about that?

Answer:

This forum is branded to the design of the Skeptic's Guide to the Universe parent website.  All of the colors and design for this forum is taken from that site directly.  If you find it difficult to read you can change the default theme used for your user account to an alternative "SGU Light" theme, which is intended to relieve the dark-background-light-text reading problems some users have.  To do this, you can click on the "Profile" link in the top navigation bar and choose the following options:

Modify Profile --> Look and Layout Preferences.

From there you can preview and select the SGU Light if you find it easier to read.

The administrators of this forum volunteer their time and will not support more themes than are currently installed.  If you have a request for a new theme to be added, these will be ignored - contact the panel directly.  If you have a request to change the current theme's branding, these will be ignored - contact the panel directly.  If you notice a problem with the current theme's functionality aside from problems you have with the colors (such as a link or form not working correctly) please post that in the Technical Administration section.

6) Why does the forum have to look like the parent site?  Can't the forum look different?

Answer:

We value the branding put forth by the panel in their redesign of the SGU website.  We are a part of the SGU organization and will adhere to standards set forth by their designs.  If you feel this forum's look should be changed or the parent website should be changed, you should contact the panel directly and voice your concerns with them.  Unless specifically ordered to change this forum's theme by the panel, we will continue to brand this site as the parent website has been branded which means the dark theme will be the default for those not logged in and new members.  We do offer the ability to use a lighter theme that retains some branding to the parent site as an alternative.  See FAQ #5 for how to change this for your account.

7) I want my account deleted.  I pressed the link in my profile to do this, but it still exists.  How can I delete my account?

Answer:

Account deletion requests by members with one or more posted articles will result in the account not being actually deleted, but instead put into a special "Deleted" group.  Members in this group will still exist in the forum database and will be able to log in, but they will not be able to post articles or send or read private messages.  The word "Deleted" will be displayed under their names in the avatar section of their articles.  This is done to ensure posts are still able to be searched for by user name and to avoid errors in the forum's database resulting from orphaned posts/threads.

8) Help!  I can't remember my password!  How do I reset it?

Answer:

In the past we have seen attempts to harass members of this forum by malicious individuals using the link to email the account holder a link to reset their password.  Previously we had disabled the ability to email yourself this link, however have recently re-introduced this function as we don't see this as a threat anymore.  That said, there is a second ability to retrieve access to your account in the forum of a secret question.  This secret question can be set if you click on the "Profile" link in the top navigation bar and then click on "Modify Profile" then "Account Settings."

Once this is set, you can use either the email-a-link method or the secret question method to regain access to your account.  Your answer is highly suggested to be difficult to guess by dictionary brute force scripts.  This means you will need your answer to be much like a secure password  (because in essence it is another password) using both upper and lower case, numbers, and special characters.  A length of longer than 15 characters is strongly recommended.  These settings are also strongly recommended for your forum password as well.

Instructions to use the secret question function are as follows:

Quote
If you are not logged in, at the top of the left-hand sidebar you will see the sentences "Welcome, Guest. Please login or register."

   1. Click on the word "login".
   2. In the "Login" box that appears, click on "Forgot your password?"
   3. In the "Password reminder" box that appears, type your username, click on the "Ask me my question" box so that an X appears in it, and click the "Send" button.
   4. In the new "Password reminder" box that appears, type the answer to your secret question in the first text box, a new password in the second text box, and then repeat your new password in the third box.  Then click on the "Save" button.  This will log you in.
   5. At the top of the new window, click on "Profile".
   6. In the left-hand sidebar, find the "Modify Profile" section, and click on "Account Related Settings".
   7. In the main part of the page, find the "Secret Question:" text box, and enter a new secret question.
   8. Directly under that, in the "Answer:" text box, type the answer to your secret question.
   9. Directly under that, in the "Current Password:" text box, enter your current password (the one you set in step 4 above).
 10. Click on the "Change profile" button.

You are now all set and you can browse the forum as a full-fledged member.


NOTE:  The function to email yourself a password reset link may be removed by the administrators of this forum should we see a resurgence of the aforementioned attack.  YOU ARE RESPONSIBLE FOR HAVING A SECRET QUESTION SET FOR YOUR ACCOUNT, AS WE STILL CONSIDER THIS TO BE THE DEFAULT METHOD YOU SHOULD USE TO REGAIN ACCESS TO YOUR ACCOUNT.

9) I would like to add an event to the public calendar.  How do I do that?

Answer:

Follow this link.  All registered members of the SGU Forums are welcome to add their skeptically-related events to the public calendar.

10) There are too many forum sections for me to keep up!  How do I ignore certain forum sections?

Answer:

To ignore a board, go to Profile -> Modify Profile -> Ignore Boards Options and check the boxes next to forums you wish to ignore.  You can't ignore the Administration forums.  This is intentional.

11) The subject I want to talk about could belong in two different forums.  Where should I put it?

Answer:

Put it in the one the subject is more about.  If it's about the political views of a famous skeptic, for instance, it should probably go into Politics, since it's more about politics than it is about skepticism.  If it's about a TV series like Cosmos, it should go into Movies / TV, because it's specifically about a TV series.

When the appropriateness is evenly divided, a good rule of thumb is to put it in the forum that's closest to the Skepticism/Science board.  Threads about the Creationism/evolution debate are typically divided evenly between science and religion, so they should go into Skepticism/Science.  A topic which is evenly divided between philosophy and politics should go into Religion/Philosophy. And so on.


(More to be added to this announcement as needed.)