Differences

This shows you the differences between two versions of the page.

--- whats_new_112 [2018/04/28 18:50] – mystic 1.12 Alpha 39 released avon
+++ whats_new_112 [2018/12/26 14:03] – updated to 1.12 a40 avon
@@ Line 3111: / Line 3111: @@
    <ALPHA 1.12 A39 RELEASED -- April 20, 2018>
+</code>
+===== 1.12 Alpha 40 =====
+<code>
+ + Door command lines now have %R which will return the user name without
+   underscores in the name.
+ ! Fixed a bug where groups could be created with a duplicate ID.  You may
+   wish to double check you groups to make sure none of them have the same
+   ID.
+ ! Fixed a bug in Python GotoXY function that would cause a crash when using
+   it.
+ + The MUTIL ImportNA function now allows a "use_ansi" default value to be
+   defined when creating message bases.
+ + The MUTIL Echomail Import function now allows a "use_ansi" default value
+   to be defined when automatically creating message bases.
+ + The MUTIL ImportMessageBase function now allows a "use_ansi" default value
+   to be defined when creating message bases.
+ + MIS FTP now logs when a SysOp deletes a file from a filebase via FTP
+ + MIS FTP/NNTP/SMTP/POP3 servers now have a better idle/timeout system which
+   will cause the server to shutdown more gracefully when exiting MIS with
+   active connections.
+ + New menu command: M! This is a rewrite of the message area index reader
+   rebuilt to work identically to the file base index lister.  See the
+   msg_index.ini file for more details.  Command line option is the template
+   name or default to msg_index.ini if none is specified.  I am not removing
+   the old one just yet so that people have time to adapt to the new version
+   and to test it for issues, but please note the old one will likely be
+   replaced by this new one eventually once the features are all done and
+   tested.
+ + New MPL variable: UserPosts contains the number of posts a user has made
+ + New MPL variable: UserDLs contains the number of downloads user has made
+ + New MPL variable: UserULs contains the number of uploads user has made
+ + Mystic now has a new User Editor which doesn't look a whole lot different
+   than the old one, except that it incorporates some newer ideas that were
+   introduced into the Echomail Node editor that makes jumping around between
+   pages of information easier.  One major thing to note is that you can no
+   longer view user passwords and can now only "reset" user passwords.
+   Like the other page-based editors you can scroll from the first or last
+   item to change page, use the tab key, the pageup/down keys, the left
+   and right arrows, or enter a page number directly to shift between pages.
+ + Mystic now has a password policy in System Configuration where the minimum
+   password length can be set along with number of required capital letters,
+   numbers, and symbols.  It is highly recommended that the minimum password
+   length is set to at least 7 characters.  Some default prompts have been
+   updated to support this new feature: 18, 419, 420. If you have custom
+   themes, you should take a look at the new defaults and consider updating
+   your custom prompts as well.
+ + Mystic now allows the option to store passwords in case insensitive
+   cleartext and case insensitive hashing using industry standard methods for
+   password storage.
+ + Mystic now allows passwords to be stored using PBKDF2 with SHA512-bit
+   hashing at variable configurable iterations.  What does this mean?  The
+   biggest benefit is that when enabled, Mystic will never store a user's
+   password anywhere in the BBS system.  This system is the same system used
+   for Password Managers such as LastPass, 1Password and operating systems
+   such as MacOS.  In fact, with its variable iterations Mystic could be
+   considered to be more secure as those products in terms of cracking a
+   user's password hash.
+   Two new options are added into the Password Policy options, the first is a
+   password storage method which has three options:
+      ClearText Case Insensitive       (This was the legacy storage method)
+      ClearText Case Sensitive
+      PBKDF2 SHA512 Hash               (This is also case sensitive)
+   It is highly recommended to use password hashing and stop using cleartext
+   passwords.  With password hashing enabled, a person could be given your
+   users.dat and they still would not be able get a user's password.
+   The second option is VERY important when using PBKDF2 and that is the
+   number of iterations the process will use when hasing a password.  The
+   default value is 1000 and may be considered a little low in terms of
+   enterprise level password storage but it works at a reasonable speed for most
+   systems.  In general, the higher the number of iterations the more secure it
+   is, but the longer it will take for Mystic to store or check a password.
+   Setting this value to 10,000 on an original Raspberry Pi for example may
+   cause Mystic to take 10+ seconds to store or check a password and for many
+   that may be too slow.
+   It is recommended that it is kept at 3000 or lower for performance reasons
+   unless you know what you are doing.  Even at this level PBKDF2 with a 512
+   bit hashing system is more secure than any other BBS software today.  If
+   you find the delay for 1000 is too short you can adjust the value but just
+   beware that if you change hardware someday, those values still remain...
+   The way the system works is that a user's password is stored in the format
+   configured at the time their password is set, including the iterations. The
+   password remains stored in this format even if you change the storage method
+   until the user changes their password or you reset it using the user editor.
+   It is important that you do not set the iteration level too high for the
+   hardware you are using to run your BBS now or in the future.
+ + Mystic user passwords have now been expanded to 25 characters maximum.
+ + Mystic now allows passwords to be reset via Internet e-mail.  This option
+   can be enabled in System Configuration -> Password Policy and will require
+   that the SMTP sendmail/relay options are configured in the Server General
+   Options tab.  The user must also have a valid e-mail address assigned to
+   their user account.
+   If enabled, the user will be sent an e-mail with a randomly generated code
+   and then prompted by the BBS to enter the code.  Upon entering the code
+   the user will be prompted to change their password and finally logged into
+   the BBS as if they had typed their password in correctly.
+new prompts have been added to the themes to support this new feature
+   most having 4 promptinfo MCI codes active: &1=min length  &2=min caps
+   &3=min nums  &4=min symbols.  These new prompts (538-546) will need to
+   be added to your custom themes if you have them.  See the upgrade.txt
+   for more information.
+ + New Configuration theme: Turbo Vision.  Not really a favorite of mine,
+   but one of the goals of this theme option is for nostalgia preservation
+   and the TurboVision look was widely used in the BBS scene.
+ + Mystic's built in RAR archive functions should now work with newer RAR5
+   format RAR files.  If you encounter any issues viewing a RAR file please
+   e-mail me a link to download the same file or the file itself so I can
+   take a look at it.  Keep in mind Mystic does not allow you to view
+   encrypted archives.
+ + Changed the e(X)it command in the text editor to (Q)uit to match that of
+   the ANSI editor.
+ + New ACS function "OV" returns true if the user has validated their current
+   e-mail address.
+ + Email address fields have been expanded to 60 characters, input field
+   length by default is 40 characters (up from 35).
+ + Mystic will now validate that the user enters a valid e-mail address
+   format when prompting for e-mail address during new user application and
+   when editing user information.  Two new prompts have been added that will
+   be displayed when they enter an invalid e-mail address: #463, #486.  You
+   should update your prompts based on the new defaults.
+ + New menu command: -V (Validate e-mail address).  This function will send
+   a code to the user's e-mail address and then prompt them to enter it on
+   the BBS.  Upon entering the code successfully, the "OV" ACS command will
+   begin to report true.  If the optional data field contains a security level
+   Mystic will also update the user's security profile. The OV ACS can also be
+   used in order to perform any number of actions if validation is successful.
+   New prompts have been added to support this: #547-#552.  You will need to
+   add these if you have custom themes.
+ + Mystic now supports CNET Control-Y color codes.  These work in file
+   description .DIZ importing, in file descriptions, in message reading, in
+   Mystic's file/ANSI viewer and ANSI gallery, and Mystic's ANSI editor can
+   now load CNET color coded files.  Thanks to NuSkooler for initial info
+   about the color codes.
+ + New Python function: "logerror(string)".  This creates an entry into the
+   global error log of the string passed to it, and also creates an entry in
+   the current node log as well.
+ + The group editors now have a Move function that allows repositioning the
+   order of groups.  Simply Copy a group and them move to where you want to
+   place it and select Move.
+ + The file base editor now also has a move function.
+ ! When tagging a bunch of bases in the message base editor and selecting
+   Sort, it was possible to press ESCAPE and wipe out your message base
+   configuration entirely.  Fixed.  Sorry to anyone affected by this.
+ ! Fixed a bug in the global message base editor where setting the Max Msgs
+   value could cause the value to get garbled when updating the bases.
+ + Two new options to the GD menu command (Display a file):
+      /MCI   - If this option is supplied, Mystic will not filter out any MCI
+               codes including pipe colors.
+      /ABORT - If this option is supplied, Mystic will not allow the display
+               file to be aborted.  By default they are allowed.
+ + Mystic's SMTP sendmail function now supports opportunistic SSL via the
+   TLS v1.2+ protocol.  Combined with CRAM-MD5 authenication, this provides
+   encryption of both the password handshake and the overall session.
+ + Message Box MCI codes no longer automatically pad the header text with a
+   space on each side. This makes it consistent with other box functions and
+   allows a bit more flexibility.
+ + MUTIL echo import now gives a more meaningful message when a PKT password
+   is defined and there is no echomail node configured for the origin address
+ + Mystic BINKP server and FIDOPOLL now support opportunistic SSL (TLS v1.2+)
+   using a proprietary extension of the BINKP protocol.  This means that it
+   will only work with other Mystic BBS clients and servers, but I do plan
+   to document the extension and send it to the authors of other mailers in
+   hopes that it can be standardized.
+   BINKP server settings now have a "Use SSL" setting which can be set to
+   one of three settings:
+      No     : BINKP server will not offer SSL extension at all
+      Yes    : BINKP server WILL offer SSL extension optionally
+      Forced : BINKP server will refuse all connections not using SSL
+   EchoMail Nodes now have a similar setting which will be used when polling
+   for new mail:
+      No     : FIDOPOLL will not use SSL extension at all
+      Yes    : FIDOPOLL WILL use SSL if the server supports it
+      Forced : FIDOPOLL will refuse to exchange mail with a server
+               unless it supports SSL
+ + For those of you who downloaded the A40 pre-alpha before Dec 16th, you
+   will have password issues.  To fix this you can copy over the latest
+   upgrade.exe and place your A39 users.dat into DATA and execute "upgrade
+   password".
+ + Message bases with an origin line set to a blank will now inherit the
+   default value set in System Configuration > Message Settings.  This is how
+   it was supposed to work but it wasn't.  The origin line will now also be
+   blank when creating a new message base, instead of setting the value to
+   the current default.  This also includes MUTIL import/create functions.
+ + The random origin line selection engine (@ORIGIN=) will now be processed
+   if it is defined in the default origin line.  In the past it was only
+   processed when defined for an individual message base.
+ ! Mystic will no longer make echomail bundles with a bracket in the filename
+   extension which could happen in a certain circumstance.
+ ! Fixed a bug where Mystic was adding a point to the INTL kludge origin/dest
+   addresses when dealing with point systems.
+ + Message Base editor now has a /A command to select all bases.
+ + File Base editor now has a /A command to select all bases.
+ + File Base editor now has a /G Global Editor similar to the Message Base
+   editor
+ + Echomail nodes now have an "Encryption Key" option.  When this option is
+   set to a non-blank value, Mystic will encrypt all of the contents of
+   Netmail messages to this node with an AES-256 encryption.  This completes
+   a fully encrypted echomail solution as both transport and private messages
+   are secured.
+   This is done in a way that is completely transparent to unsupporting
+   systems, meaning that you can still route netmail through systems and they
+   will not harm the encrypted netmails!  The encryption also hides the
+   message subject, so when combined with Area/Filefix passwords will no
+   longer be readable. You must have Cryptlib installed for this to work.
+   The other echomail node must of course have the same key configured for
+   your node in order to decrypt the netmail when it arrives.  This works the
+   same way as any other password setting in echomail nodes.
+   When routing Netmail, Mystic will intelligently re-encrypt the message
+   between routing points when possible.  In other words if you have a point
+   system who sends from 555:1/2.1 to 555:1/1 but is routed through 555:1/2,
+   Mystic at 555:1/2 will know that it has an encryption agreement between
+   both 555:1/2.1 and 555:1/1 so it will decrypt the message from 555:1/2.1
+   and then reencrypt it for 555:1/1 before routing it.
+ + Mystic Area/Filefix will now accept commands that start and end with a
+   percentage sign (as opposed to just starting with) so: %LIST and %LIST%
+   will work, for example.
+ ! Mystic wasn't properly using UTC time when adding the @VIA kludge while
+   routing Netmail (it was using local system time).
+ ! Reviewed Netmail routing with point systems and corrected a couple little
+   bugs with addressing.  This will hopefully have no negative effect on any
+   other behavior.
+ + Mystic BINKP now sends the local time and time zone information whenever
+   it connects to another BINKP server.
+ + MUTIL MsgPack now no longer users the Mystic temp directories while
+   packing message bases.  Instead, it creates temp files in the same
+   directory as the message base.  This should allow MsgPack to continue to
+   rename files when message bases are stored on different devices than the
+   root Mystic directory.
+ + New MPL function to go along with new password engine:
+     Function CheckPW (PW: String) : Boolean;
+   This function checks the supplied PW against the current loaded User
+   and returns true if the password matches or false if it does not.
+ + New MPL function to go along with new password engine:
+     Procedure SetPW (PW: String);
+   This procedure sets the password for the currently loaded users (ie
+   the User storeed in the current User variables)
+ + New MPL function to go along with new password engine:
+     Procedure ValidPW (PW: String) : Byte;
+   This procedure checks the password passed in PW against the configured
+   password policy and returns a result depending on its status:
+= Password does not meet min length
+= Password does not meet min cap letters
+= Password does not meet min symbols
+= Password does not meet min numbers
+   <ALPHA 1.12 A40 RELEASED -- Dec 25, 2018>
 </code>