2014 Forums Migration To Xenforo

  1. It's being worked on.
  2. Click "Insert" (to the left of the CMD button) -> Code.
  3. Merged into the migration topic that was already there.
 
Is it a big problem, to make a clickable "Code" tag? I think it's the most used tag. All other needed tags are there, but no "Code". It's annoying to write it per hand. (Or where have you hidden it?)
Should be fixed by wblock@ now ;)
 
Try BlueFreeBSD, which is the default XenForo style with a few small adjustments. If there are other XenForo styles you like, point us to them. Unfortunately, I don't think there is any way for users to create new styles.
 
A big "Thanks!" to all the admins for the great work done! I really like the new forum software.

I've noticed a strange behaviour in the popups that shows up when you hover the mouse over a thread's title. If I go to "Recent Posts" (for example) without being logged in, the popups shows (as expected) a preview of the first message. Now, if I open another tab on the browser, log in, and come back to the first tab (without reloading the page), every popup not previously viewed (browser's cache seems to work ;)) shows this message:
Code:
The following error occured:
Security error occurred. Please press back, refresh the
page, and try again.
I think it's only a cookie issue, and I don't really care because from my point of view this is nothing more than a silly detail. I just noticed this behaviour on Firefox.
 
I've noticed that there's no default redirect from HTTP -> HTTPS, which means things like logins are insecure by default. Could this be changed to redirect to HTTPS?
 
Is there a way to list recent posts once I've logged in like the phpBB forum? I know there is "New posts" but once I've clicked on one, it's not new anymore and so disappears from the list.
 
Huh? How could HTTPS requests NOT be encrypted?

Because all the relevant information is in the request URL which by itself is not encrypted. Only the response from the server comes back encrypted. So if somebody is reading your traffic, he can see which topics you previewed.
 
Is there a flat theme available without all of the annoying JavaScript pop-ups? I've given the new forum code a try, and I know missed features are back, but I feel like I'm on a wedding forum instead of a software-based forum.
 
Because all the relevant information is in the request URL which by itself is not encrypted. Only the response from the server comes back encrypted. So if somebody is reading your traffic, he can see which topics you previewed.

The host name is in the clear when the certificate exchange takes place but the full URL doesn't go across until an SSL connection has been made. Only "forums.FreeBSD.org" is visible.
 
After using some other forums recently, I've come to really, really, really appreciate that XenForo takes me to the first unread message in a thread. It's a huge usability improvement.
 
forums.freebsd.org accepts on port 443 these ciphers:

Code:
    TLSv1  256 bits  DHE-RSA-AES256-SHA (preferred)
    TLSv1  256 bits  DHE-RSA-CAMELLIA256-SHA
    TLSv1  256 bits  AES256-SHA
    TLSv1  256 bits  CAMELLIA256-SHA
    TLSv1  128 bits  DHE-RSA-AES128-SHA
    TLSv1  128 bits  DHE-RSA-CAMELLIA128-SHA
    TLSv1  128 bits  AES128-SHA
    TLSv1  128 bits  CAMELLIA128-SHA
    TLSv1  128 bits  RC4-SHA
    TLSv1  128 bits  RC4-MD5
    TLSv1  112 bits  EDH-RSA-DES-CBC3-SHA
    TLSv1  112 bits  DES-CBC3-SHA

The RC4-* ciphers are regarded as obsolete. I suggest reviewing this.
I might be underestimating the importance of security on a forum site, but you should run the same test on paypal.com. Now that website's security needs some serious auditing.
 
youngunix
I do not get your point, if there is any. This thread is about forums.freebsd.org
That's because you failed to get the point behind yours and to read what I posted.
My reply is specifically to your post, not to the entire thread.
Your post shifted the focus to a particular topic; Security. Hence my reply.

Hope that helps ;)
 
Is there a way to turn off automatic saving of draft messages? I find it sometimes annoying that when replying on a thread my initial reply that I canceled first time is still there and I have to remember to clear it.
 
Is there a way to turn off automatic saving of draft messages? I find it sometimes annoying that when replying on a thread my initial reply that I canceled first time is still there and I have to remember to clear it.

AFAICS, only forum-wide, and I'm not going to do that.
 
Back
Top