extends ../layout.pug include ../mixins/post.pug block head script(src='/js/theme.js') title Frequently Asked Questions block content h1.board-title FAQ include ../includes/stickynav.pug .table-container.flex-center.mv-5 .anchor table tr th Frequently Asked Questions tr td.post-message b General ul.mv-0 li: a(href='#whats-an-imageboard') What is an imageboard? li: a(href='/rules.html') What are the rules? li: a(href='#site-operation') How do you run the site? b Making posts ul.mv-0 li: a(href='#name-formatting') How do names, tripcodes and capcodes work? li: a(href='#post-styling') What kind of styling options are available when making a post? li: a(href='#moderation') How does moderation work? b Boards, users & permissions ul.mv-0 li: a(href='#make-a-board') How do I make my own board? li: a(href='#staff-and-permissions') How do staff, users and permissions work? .table-container.flex-center.mv-5 .anchor#whats-an-imageboard table tr th: a(href='#whats-an-imageboard') What is an imageboard? tr td p | An imageboard is a type of discussion board where users share images and text about various topics. p | The primary difference between imageboards and traditional forums is that anybody can make a post without registering | an account or providing any personal information. This lowers the barrier to entry, protects user identities and focuses on what is said, rather than who says it. .table-container.flex-center.mv-5 .anchor#name-formatting table tr th: a(href='#name-formatting') Name formatting tr td.post-message p When posting, you can format the name field to include a name, tripcode , capcode, any combination of the three including leaving the field completely blank. Instead of a blank name, "Anonymous" is used, however this depends on board-specific configuration. The optional components are explained below. b Format p | Names should be input like: input(disabled='true' spellcheck='false' type='text' value='Name##Tripcode## Capcode') | . Tripcode and capcode are optional components. Tripcodes and capcodes may not contain "##" and the whitespace before capcodes is significant. p Valid examples: ol.mv-0 li Name li Name##tripcode li Name## capcode li Name##tripcode## capcode li ##tripcode## capcode li ##tripcode li ## capcode p The capcode can also be left blank to display just your role. p From the examples, you can see that all components can be used in combination or independently. In a post number 4 would look like: - const examplePost = { "date" : new Date("2019-08-02T09:48:44.180Z"), "name" : "Name", "board" : "example", "tripcode" : "!!X8NXmAS44=", "capcode" : "##Board Owner capcode", "message" : "Hello, world!", "nomarkup" : "Hello, world!", "thread" : 1, "password" : null, "email" : "", "spoiler" : false, "banmessage" : null, "files" : [ ], "reports" : [ ], "globalreports" : [ ], "quotes" : [ ], "backlinks" : [ ], "postId" : 123 } +post(examplePost) p The name appears bold in the top left, followed by the tripcode in regular weight with a !! prefix, then the capcode in a different color, bold and with a ## prefix. The colours may vary between themes but are generally distinct from eachother b Name p The name is simply what name you want to be shown alongside your post. Other users can post with the same name so there is nothing preventing impersonation. This is not related to your username (for registered users). b Tripcode p A tripcode is a password of sorts, which users can provide in the tripcode component of their name. This tripcode is used in conjunction with a server-known secret to generate a unique* tripcode portion of the name. Long, unique tripcodes can be used as a form of identity. It is important that you keep tripcodes secret if you use them for some form of identity. A compromised tripcode can be used for impersonation and cannot be revoked in any way. b Capcode p A capcode is a component of the name field only available to authenticated users. This includes admins, global staff, board owners and board moderators. If there is no text after the ##, the role will be displayed alone. Leaving a space and putting custom text will be prefixed by the role name. This way, the role is always shown to prevent role impersonation. .table-container.flex-center.mv-5 .anchor#post-styling table tr th(colspan=2): a(href='#post-styling') Post styling tr th Input th Output tr td >greentext td span.greentext >greentext tr td <pinktext td span.pinktext <pinktext tr td ==title== td span.title title tr td ''bold'' td span.bold bold tr td __underline__ td span.underline underline tr td ~~strikethrough~~ td span.strikethrough strikethrough tr td ||spoiler text|| td span.spoiler spoiler text tr td **italic** td span.em italic tr td (((detected))) td span.detected (((detected))) tr td | ``` | code block | ``` td span.code code block tr td `inline monospace` td span.mono inline monospace tr td https://example.com td: a(href='#!') https://example.com tr td >>123 td: a(class="quote" href="#!") >>123 tr td >>>/b/ td: a(class="quote" href="#!") >>>/b/ tr td >>>/b/123 td: a(class="quote" href="#!") >>>/b/123 .table-container.flex-center.mv-5 .anchor#moderation table tr th: a(href='#moderation') How does moderation work? tr td.post-message b General p | Moderation is very simple. Moderation permissions are different between regular users, board staff (board owner or moderator) and globals (global staff or admin). | By default, regular users can delete, spoiler or remove the files from their own posts, provided a matching post password is supplied. They can also report or global report posts. | Board staff have near full power over posts on their board including removing posts, stickying, spoilering, etc. even for other users posts without the need for a password. They also have access to board specific management page. | Global staff have full power over all posts on all boards, can access the board specific management page for any board and additionally have access to the global management page. | More details on the specifics of permission levels is available a(href='#staff-and-permissions') here | . b Local vs. Global reports p | There exists the concept of "local" and "global" reports. Reporting a post locally will show the post along with reports on the report page for that particular board, and the reports | may be actioned upon by the board staff. Reporting a post globally will show the post along with reports on the global manage page available only to global staff and may be actioned upon by global staff. | Global reports should be used to flag posts that violate global rules such as illegal content or spam, in contrast to local reports which are for posts that abide by global rules but break | board-specific rules (which may be made arbitrarily by board staff). It is also possible to be banned from a board or globally for abuse of the report system. b Batch processing of posts p | Each post has a checkbox in the top left to select it for moderation actions. Multiple posts may be selected to allow batch processing e.g. reporting multiple offending posts in one request. | The same is present in moderation interfaces. Some actions for example bans (which are based on IP) may also be handled in batches. Selecting multiple posts and using the ban action will | apply a single ban for each unique IP of the selected posts. b Time format in moderation interfaces p | Some moderation interfaces, for example the ban duration when moderating posts, or the ban duration for post filtering use a shorthand for times/length. This format supports years, months, weeks, days and hours. | An input of "3m" would mean 3 months and "1y2m3w4d5h" would mean 1 year, 2 months, 3 weeks, 4 days and 5 hours. Units of time should be in descending order, so "2w1m" is invalid. | However you may use "6w" for example to input 6 weeks, and are not required to use "1m2w". .table-container.flex-center.mv-5 .anchor#make-a-board table tr th: a(href='#make-a-board') How do I make my own board? tr td p a(href='/register.html') Register | an account, then a(href='/create.html') create a board |. Please avoid making excessive amounts of boards, duplicate or boards similar to an existing one unless you expect that many users will migrate to the new board for whatever reason e.g. tyrannical moderation. .table-container.flex-center.mv-5 .anchor#staff-and-permissions table tr th: a(href='#staff-and-permissions') How do staff, users and permissions work? tr td p | There are 5 levels of permissions on the site with 0 being the highest level of privilege and 4 the lowest. In this list "Regular user" refers to somebody who is either not logged in or is not owner/mod of the board. For example if a user creates their own board, they do not have the "Board owner" permissions on other boards. Each board can have one owner and multiple moderators. Ownership can be transferred. ol(start='0') li Admin: All permissions li Global staff: All permissions on all boards excluding account management and news updates li Board owner: Permissions to board-specific settings, reports, banners and bans and some post actions li Board moderator: Permissions to manage board-specific reports, bans and some post actions li Regular user: Permissions to report/delete/spoiler posts | Post actions refers to reporting, deleting, stickying, etc. More details on these permissions: ol(start='0') li Admin: All actions li Global staff: All below, delete files, delete-by-ip-global and global ban li Board owner: Same as board moderator li Board moderator: All below, move/merge, ban, delete-by-ip, sticky/sage/lock/cycle li Regular user: Reports, and post spoiler/delete/unlink if the board has them enabled .table-container.flex-center.mv-5 .anchor#site-operation table tr th: a(href='#site-operation') How is the site run? tr td b Who owns the site? p An Australian guy called Tom. You can check the check the jschan repo for my discord and dig up more about me if you are curious. I also run some other projects including a large discord bot. b Where is the server? p VPS in New York, USA. b Who has access to the server? p Me (Tom) only. b What OS does the server run? p Debian 9 minimal. b How are IP addresses stored? p Jschan stores them hashed with a secret, and a substring of this is shown in ban pages and some moderation interfaces. Clear IPs are present in Nginx logs and retained for 7 days. b Is the server secure? p Only ports 443 and 80 are open for HTTP(s) and one other port for SSH. Key only login is enabled and root login is disabled. The software is running as unprivileged users. MongoDB and Redis are configured to listen on local interfaces only and require authentication. b So it can never be hacked? p I am not so naive to make that promise. b I have an issue/found a vulnerability/need to contact you. p Issues with the software can be posted on the #[a(href='https://github.com/fatchan/jschan/issues') issues page] or if you prefer not to use github, #[a(href='/t/index.html#postform') post on the meta board] with a detailed description of the problem. For private matters or vulnerability reports, please contact me via email tom-69420-me.