User Tools

Site Tools


whats_new_112

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
whats_new_112 [2018/04/28 19:50]
avon mystic 1.12 Alpha 39 released
whats_new_112 [2018/12/27 21:42] (current)
avon updated to 1.12 a41
Line 3111: Line 3111:
  
    <​ALPHA 1.12 A39 RELEASED -- April 20, 2018>    <​ALPHA 1.12 A39 RELEASED -- April 20, 2018>
 +
 +</​code>​
 +
 +===== 1.12 Alpha 40 =====
 +
 +<​code>​
 +
 + + Door command lines now have %R which will return the user name without
 +   ​underscores in the name.
 +
 + ! Fixed a bug where groups could be created with a duplicate ID.  You may
 +   wish to double check you groups to make sure none of them have the same
 +   ID.
 +
 + ! Fixed a bug in Python GotoXY function that would cause a crash when using
 +   it.
 +
 + + The MUTIL ImportNA function now allows a "​use_ansi"​ default value to be
 +   ​defined when creating message bases.
 +
 + + The MUTIL Echomail Import function now allows a "​use_ansi"​ default value
 +   to be defined when automatically creating message bases.
 +
 + + The MUTIL ImportMessageBase function now allows a "​use_ansi"​ default value
 +   to be defined when creating message bases.
 +
 + + MIS FTP now logs when a SysOp deletes a file from a filebase via FTP
 +
 + + MIS FTP/​NNTP/​SMTP/​POP3 servers now have a better idle/​timeout system which
 +   will cause the server to shutdown more gracefully when exiting MIS with
 +   ​active connections.
 +
 + + New menu command: M! This is a rewrite of the message area index reader
 +   ​rebuilt to work identically to the file base index lister. ​ See the
 +   ​msg_index.ini file for more details. ​ Command line option is the template
 +   name or default to msg_index.ini if none is specified. ​ I am not removing
 +   the old one just yet so that people have time to adapt to the new version
 +   and to test it for issues, but please note the old one will likely be
 +   ​replaced by this new one eventually once the features are all done and
 +   ​tested.
 +
 + + New MPL variable: UserPosts contains the number of posts a user has made
 +
 + + New MPL variable: UserDLs contains the number of downloads user has made
 +
 + + New MPL variable: UserULs contains the number of uploads user has made
 +
 + + Mystic now has a new User Editor which doesn'​t look a whole lot different
 +   than the old one, except that it incorporates some newer ideas that were
 +   ​introduced into the Echomail Node editor that makes jumping around between
 +   pages of information easier. ​ One major thing to note is that you can no
 +   ​longer view user passwords and can now only "​reset"​ user passwords.
 +
 +   Like the other page-based editors you can scroll from the first or last
 +   item to change page, use the tab key, the pageup/down keys, the left
 +   and right arrows, or enter a page number directly to shift between pages.
 +
 + + Mystic now has a password policy in System Configuration where the minimum
 +   ​password length can be set along with number of required capital letters,
 +   ​numbers,​ and symbols. ​ It is highly recommended that the minimum password
 +   ​length is set to at least 7 characters. ​ Some default prompts have been
 +   ​updated to support this new feature: 18, 419, 420. If you have custom
 +   ​themes,​ you should take a look at the new defaults and consider updating
 +   your custom prompts as well.
 +
 + + Mystic now allows the option to store passwords in case insensitive
 +   ​cleartext and case insensitive hashing using industry standard methods for
 +   ​password storage.
 +
 + + Mystic now allows passwords to be stored using PBKDF2 with SHA512-bit
 +   ​hashing at variable configurable iterations. ​ What does this mean?  The
 +   ​biggest benefit is that when enabled, Mystic will never store a user's
 +   ​password anywhere in the BBS system. ​ This system is the same system used
 +   for Password Managers such as LastPass, 1Password and operating systems
 +   such as MacOS. ​ In fact, with its variable iterations Mystic could be
 +   ​considered to be more secure as those products in terms of cracking a
 +   ​user'​s password hash.
 +
 +   Two new options are added into the Password Policy options, the first is a
 +   ​password storage method which has three options:
 +
 +      ClearText Case Insensitive ​      (This was the legacy storage method)
 +      ClearText Case Sensitive
 +      PBKDF2 SHA512 Hash               (This is also case sensitive)
 +
 +   It is highly recommended to use password hashing and stop using cleartext
 +   ​passwords. ​ With password hashing enabled, a person could be given your
 +   ​users.dat and they still would not be able get a user's password.
 +
 +   The second option is VERY important when using PBKDF2 and that is the
 +   ​number of iterations the process will use when hasing a password. ​ The
 +   ​default value is 1000 and may be considered a little low in terms of
 +   ​enterprise level password storage but it works at a reasonable speed for most
 +   ​systems. ​ In general, the higher the number of iterations the more secure it
 +   is, but the longer it will take for Mystic to store or check a password.
 +   ​Setting this value to 10,000 on an original Raspberry Pi for example may
 +   cause Mystic to take 10+ seconds to store or check a password and for many
 +   that may be too slow.
 +
 +   It is recommended that it is kept at 3000 or lower for performance reasons
 +   ​unless you know what you are doing. ​ Even at this level PBKDF2 with a 512
 +   bit hashing system is more secure than any other BBS software today. ​ If
 +   you find the delay for 1000 is too short you can adjust the value but just
 +   ​beware that if you change hardware someday, those values still remain...
 +
 +   The way the system works is that a user's password is stored in the format
 +   ​configured at the time their password is set, including the iterations. The
 +   ​password remains stored in this format even if you change the storage method
 +   until the user changes their password or you reset it using the user editor.
 +   It is important that you do not set the iteration level too high for the
 +   ​hardware you are using to run your BBS now or in the future.
 +
 + + Mystic user passwords have now been expanded to 25 characters maximum.
 +
 + + Mystic now allows passwords to be reset via Internet e-mail. ​ This option
 +   can be enabled in System Configuration -> Password Policy and will require
 +   that the SMTP sendmail/​relay options are configured in the Server General
 +   ​Options tab.  The user must also have a valid e-mail address assigned to
 +   their user account.
 +
 +   If enabled, the user will be sent an e-mail with a randomly generated code
 +   and then prompted by the BBS to enter the code.  Upon entering the code
 +   the user will be prompted to change their password and finally logged into
 +   the BBS as if they had typed their password in correctly.
 +
 +   8 new prompts have been added to the themes to support this new feature
 +   most having 4 promptinfo MCI codes active: &1=min length ​ &2=min caps
 +   &​3=min nums  &4=min symbols. ​ These new prompts (538-546) will need to
 +   be added to your custom themes if you have them.  See the upgrade.txt
 +   for more information.
 +
 + + New Configuration theme: Turbo Vision. ​ Not really a favorite of mine,
 +   but one of the goals of this theme option is for nostalgia preservation
 +   and the TurboVision look was widely used in the BBS scene.
 +
 + + Mystic'​s built in RAR archive functions should now work with newer RAR5
 +   ​format RAR files. ​ If you encounter any issues viewing a RAR file please
 +   ​e-mail me a link to download the same file or the file itself so I can
 +   take a look at it.  Keep in mind Mystic does not allow you to view
 +   ​encrypted archives.
 +
 + + Changed the e(X)it command in the text editor to (Q)uit to match that of
 +   the ANSI editor.
 +
 + + New ACS function "​OV"​ returns true if the user has validated their current
 +   ​e-mail address.
 +
 + + Email address fields have been expanded to 60 characters, input field
 +   ​length by default is 40 characters (up from 35).
 +
 + + Mystic will now validate that the user enters a valid e-mail address
 +   ​format when prompting for e-mail address during new user application and
 +   when editing user information. ​ Two new prompts have been added that will
 +   be displayed when they enter an invalid e-mail address: #463, #486.  You
 +   ​should update your prompts based on the new defaults.
 +
 + + New menu command: -V (Validate e-mail address). ​ This function will send
 +   a code to the user's e-mail address and then prompt them to enter it on
 +   the BBS.  Upon entering the code successfully,​ the "​OV"​ ACS command will
 +   begin to report true.  If the optional data field contains a security level
 +   ​Mystic will also update the user's security profile. The OV ACS can also be
 +   used in order to perform any number of actions if validation is successful.
 +
 +   New prompts have been added to support this: #​547-#​552. ​ You will need to
 +   add these if you have custom themes.
 +
 + + Mystic now supports CNET Control-Y color codes. ​ These work in file
 +   ​description .DIZ importing, in file descriptions,​ in message reading, in
 +   ​Mystic'​s file/ANSI viewer and ANSI gallery, and Mystic'​s ANSI editor can
 +   now load CNET color coded files. ​ Thanks to NuSkooler for initial info
 +   about the color codes.
 +
 + + New Python function: "​logerror(string)"​. ​ This creates an entry into the
 +   ​global error log of the string passed to it, and also creates an entry in
 +   the current node log as well.
 +
 + + The group editors now have a Move function that allows repositioning the
 +   order of groups. ​ Simply Copy a group and them move to where you want to
 +   place it and select Move.
 +
 + + The file base editor now also has a move function.
 +
 + ! When tagging a bunch of bases in the message base editor and selecting
 +   Sort, it was possible to press ESCAPE and wipe out your message base
 +   ​configuration entirely. ​ Fixed. ​ Sorry to anyone affected by this.
 +
 + ! Fixed a bug in the global message base editor where setting the Max Msgs
 +   value could cause the value to get garbled when updating the bases.
 +
 + + Two new options to the GD menu command (Display a file):
 +
 +      /MCI   - If this option is supplied, Mystic will not filter out any MCI
 +               codes including pipe colors.
 +
 +      /ABORT - If this option is supplied, Mystic will not allow the display
 +               file to be aborted. ​ By default they are allowed.
 +
 + + Mystic'​s SMTP sendmail function now supports opportunistic SSL via the
 +   TLS v1.2+ protocol. ​ Combined with CRAM-MD5 authenication,​ this provides
 +   ​encryption of both the password handshake and the overall session.
 +
 + + Message Box MCI codes no longer automatically pad the header text with a
 +   space on each side. This makes it consistent with other box functions and
 +   ​allows a bit more flexibility.
 +
 + + MUTIL echo import now gives a more meaningful message when a PKT password
 +   is defined and there is no echomail node configured for the origin address
 +
 + + Mystic BINKP server and FIDOPOLL now support opportunistic SSL (TLS v1.2+)
 +   using a proprietary extension of the BINKP protocol. ​ This means that it
 +   will only work with other Mystic BBS clients and servers, but I do plan
 +   to document the extension and send it to the authors of other mailers in
 +   hopes that it can be standardized.
 +
 +   BINKP server settings now have a "Use SSL" setting which can be set to
 +   one of three settings:
 +
 +      No     : BINKP server will not offer SSL extension at all
 +      Yes    : BINKP server WILL offer SSL extension optionally
 +      Forced : BINKP server will refuse all connections not using SSL
 +
 +   ​EchoMail Nodes now have a similar setting which will be used when polling
 +   for new mail:
 +
 +      No     : FIDOPOLL will not use SSL extension at all
 +      Yes    : FIDOPOLL WILL use SSL if the server supports it
 +      Forced : FIDOPOLL will refuse to exchange mail with a server
 +               ​unless it supports SSL
 +
 + + For those of you who downloaded the A40 pre-alpha before Dec 16th, you
 +   will have password issues. ​ To fix this you can copy over the latest
 +   ​upgrade.exe and place your A39 users.dat into DATA and execute "​upgrade
 +   ​password"​.
 +
 + + Message bases with an origin line set to a blank will now inherit the
 +   ​default value set in System Configuration > Message Settings. ​ This is how
 +   it was supposed to work but it wasn'​t. ​ The origin line will now also be
 +   blank when creating a new message base, instead of setting the value to
 +   the current default. ​ This also includes MUTIL import/​create functions.
 +
 + + The random origin line selection engine (@ORIGIN=) will now be processed
 +   if it is defined in the default origin line.  In the past it was only
 +   ​processed when defined for an individual message base.
 +
 + ! Mystic will no longer make echomail bundles with a bracket in the filename
 +   ​extension which could happen in a certain circumstance.
 +
 + ! Fixed a bug where Mystic was adding a point to the INTL kludge origin/dest
 +   ​addresses when dealing with point systems.
 +
 + + Message Base editor now has a /A command to select all bases.
 +
 + + File Base editor now has a /A command to select all bases.
 +
 + + File Base editor now has a /G Global Editor similar to the Message Base
 +   ​editor
 +
 + + Echomail nodes now have an "​Encryption Key" option. ​ When this option is
 +   set to a non-blank value, Mystic will encrypt all of the contents of
 +   ​Netmail messages to this node with an AES-256 encryption. ​ This completes
 +   a fully encrypted echomail solution as both transport and private messages
 +   are secured.
 +
 +   This is done in a way that is completely transparent to unsupporting
 +   ​systems,​ meaning that you can still route netmail through systems and they
 +   will not harm the encrypted netmails! ​ The encryption also hides the
 +   ​message subject, so when combined with Area/​Filefix passwords will no
 +   ​longer be readable. You must have Cryptlib installed for this to work.
 +
 +   The other echomail node must of course have the same key configured for
 +   your node in order to decrypt the netmail when it arrives. ​ This works the
 +   same way as any other password setting in echomail nodes.
 +
 +   When routing Netmail, Mystic will intelligently re-encrypt the message
 +   ​between routing points when possible. ​ In other words if you have a point
 +   ​system who sends from 555:1/2.1 to 555:1/1 but is routed through 555:1/2,
 +   ​Mystic at 555:1/2 will know that it has an encryption agreement between
 +   both 555:1/2.1 and 555:1/1 so it will decrypt the message from 555:1/2.1
 +   and then reencrypt it for 555:1/1 before routing it.
 +
 + + Mystic Area/​Filefix will now accept commands that start and end with a
 +   ​percentage sign (as opposed to just starting with) so: %LIST and %LIST%
 +   will work, for example.
 +
 + ! Mystic wasn't properly using UTC time when adding the @VIA kludge while
 +   ​routing Netmail (it was using local system time).
 +
 + ! Reviewed Netmail routing with point systems and corrected a couple little
 +   bugs with addressing. ​ This will hopefully have no negative effect on any
 +   other behavior.
 +
 + + Mystic BINKP now sends the local time and time zone information whenever
 +   it connects to another BINKP server.
 +
 + + MUTIL MsgPack now no longer users the Mystic temp directories while
 +   ​packing message bases. ​ Instead, it creates temp files in the same
 +   ​directory as the message base.  This should allow MsgPack to continue to
 +   ​rename files when message bases are stored on different devices than the
 +   root Mystic directory.
 +
 + + New MPL function to go along with new password engine:
 +
 +     ​Function CheckPW (PW: String) : Boolean;
 +
 +   This function checks the supplied PW against the current loaded User
 +   and returns true if the password matches or false if it does not.
 +
 + + New MPL function to go along with new password engine:
 +
 +     ​Procedure SetPW (PW: String);
 +
 +   This procedure sets the password for the currently loaded users (ie
 +   the User storeed in the current User variables)
 +
 + + New MPL function to go along with new password engine:
 +
 +     ​Procedure ValidPW (PW: String) : Byte;
 +
 +   This procedure checks the password passed in PW against the configured
 +   ​password policy and returns a result depending on its status:
 +
 +     1 = Password does not meet min length
 +     2 = Password does not meet min cap letters
 +     3 = Password does not meet min symbols
 +     4 = Password does not meet min numbers
 +
 +   <​ALPHA 1.12 A40 RELEASED -- Dec 25, 2018>
 +
 +</​code>​
 +
 +===== 1.12 Alpha 41 =====
 +
 +<​code>​
 +
 + ! Fixed the broken SSH that creeped its way into A40.
 +
 + + Changed the date format in message quoting to "DD MMM YYYY"
 +
 + ! MUTIL echo export should no longer toss messages back to the origin node
 +
 +   <​ALPHA 1.12 A41 RELEASED -- Dec 27, 2018>
  
 </​code>​ </​code>​
whats_new_112.1524959404.txt.gz ยท Last modified: 2018/04/28 19:50 by avon