User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
whats_new_112 [2018/04/28 19:50]
avon mystic 1.12 Alpha 39 released
whats_new_112 [2019/03/15 22:25] (current)
avon updated to 1.12 a43
Line 15: Line 15:
 If you spot something you think looks amiss with these notes please contact us using the contact info found on this Wiki. If you spot something you think looks amiss with these notes please contact us using the contact info found on this Wiki.
 \\ \\
 \\ \\
Line 3113: Line 3116:
 </​code>​ </​code>​
 +===== 1.12 Alpha 40 =====
 + + Door command lines now have %R which will return the user name without
 +   ​underscores in the name.
 + ! Fixed a bug where groups could be created with a duplicate ID.  You may
 +   wish to double check you groups to make sure none of them have the same
 +   ID.
 + ! Fixed a bug in Python GotoXY function that would cause a crash when using
 +   it.
 + + The MUTIL ImportNA function now allows a "​use_ansi"​ default value to be
 +   ​defined when creating message bases.
 + + The MUTIL Echomail Import function now allows a "​use_ansi"​ default value
 +   to be defined when automatically creating message bases.
 + + The MUTIL ImportMessageBase function now allows a "​use_ansi"​ default value
 +   to be defined when creating message bases.
 + + MIS FTP now logs when a SysOp deletes a file from a filebase via FTP
 + + MIS FTP/​NNTP/​SMTP/​POP3 servers now have a better idle/​timeout system which
 +   will cause the server to shutdown more gracefully when exiting MIS with
 +   ​active connections.
 + + New menu command: M! This is a rewrite of the message area index reader
 +   ​rebuilt to work identically to the file base index lister. ​ See the
 +   ​msg_index.ini file for more details. ​ Command line option is the template
 +   name or default to msg_index.ini if none is specified. ​ I am not removing
 +   the old one just yet so that people have time to adapt to the new version
 +   and to test it for issues, but please note the old one will likely be
 +   ​replaced by this new one eventually once the features are all done and
 +   ​tested.
 + + New MPL variable: UserPosts contains the number of posts a user has made
 + + New MPL variable: UserDLs contains the number of downloads user has made
 + + New MPL variable: UserULs contains the number of uploads user has made
 + + Mystic now has a new User Editor which doesn'​t look a whole lot different
 +   than the old one, except that it incorporates some newer ideas that were
 +   ​introduced into the Echomail Node editor that makes jumping around between
 +   pages of information easier. ​ One major thing to note is that you can no
 +   ​longer view user passwords and can now only "​reset"​ user passwords.
 +   Like the other page-based editors you can scroll from the first or last
 +   item to change page, use the tab key, the pageup/down keys, the left
 +   and right arrows, or enter a page number directly to shift between pages.
 + + Mystic now has a password policy in System Configuration where the minimum
 +   ​password length can be set along with number of required capital letters,
 +   ​numbers,​ and symbols. ​ It is highly recommended that the minimum password
 +   ​length is set to at least 7 characters. ​ Some default prompts have been
 +   ​updated to support this new feature: 18, 419, 420. If you have custom
 +   ​themes,​ you should take a look at the new defaults and consider updating
 +   your custom prompts as well.
 + + Mystic now allows the option to store passwords in case insensitive
 +   ​cleartext and case insensitive hashing using industry standard methods for
 +   ​password storage.
 + + Mystic now allows passwords to be stored using PBKDF2 with SHA512-bit
 +   ​hashing at variable configurable iterations. ​ What does this mean?  The
 +   ​biggest benefit is that when enabled, Mystic will never store a user's
 +   ​password anywhere in the BBS system. ​ This system is the same system used
 +   for Password Managers such as LastPass, 1Password and operating systems
 +   such as MacOS. ​ In fact, with its variable iterations Mystic could be
 +   ​considered to be more secure as those products in terms of cracking a
 +   ​user'​s password hash.
 +   Two new options are added into the Password Policy options, the first is a
 +   ​password storage method which has three options:
 +      ClearText Case Insensitive ​      (This was the legacy storage method)
 +      ClearText Case Sensitive
 +      PBKDF2 SHA512 Hash               (This is also case sensitive)
 +   It is highly recommended to use password hashing and stop using cleartext
 +   ​passwords. ​ With password hashing enabled, a person could be given your
 +   ​users.dat and they still would not be able get a user's password.
 +   The second option is VERY important when using PBKDF2 and that is the
 +   ​number of iterations the process will use when hasing a password. ​ The
 +   ​default value is 1000 and may be considered a little low in terms of
 +   ​enterprise level password storage but it works at a reasonable speed for most
 +   ​systems. ​ In general, the higher the number of iterations the more secure it
 +   is, but the longer it will take for Mystic to store or check a password.
 +   ​Setting this value to 10,000 on an original Raspberry Pi for example may
 +   cause Mystic to take 10+ seconds to store or check a password and for many
 +   that may be too slow.
 +   It is recommended that it is kept at 3000 or lower for performance reasons
 +   ​unless you know what you are doing. ​ Even at this level PBKDF2 with a 512
 +   bit hashing system is more secure than any other BBS software today. ​ If
 +   you find the delay for 1000 is too short you can adjust the value but just
 +   ​beware that if you change hardware someday, those values still remain...
 +   The way the system works is that a user's password is stored in the format
 +   ​configured at the time their password is set, including the iterations. The
 +   ​password remains stored in this format even if you change the storage method
 +   until the user changes their password or you reset it using the user editor.
 +   It is important that you do not set the iteration level too high for the
 +   ​hardware you are using to run your BBS now or in the future.
 + + Mystic user passwords have now been expanded to 25 characters maximum.
 + + Mystic now allows passwords to be reset via Internet e-mail. ​ This option
 +   can be enabled in System Configuration -> Password Policy and will require
 +   that the SMTP sendmail/​relay options are configured in the Server General
 +   ​Options tab.  The user must also have a valid e-mail address assigned to
 +   their user account.
 +   If enabled, the user will be sent an e-mail with a randomly generated code
 +   and then prompted by the BBS to enter the code.  Upon entering the code
 +   the user will be prompted to change their password and finally logged into
 +   the BBS as if they had typed their password in correctly.
 +   8 new prompts have been added to the themes to support this new feature
 +   most having 4 promptinfo MCI codes active: &1=min length ​ &2=min caps
 +   &​3=min nums  &4=min symbols. ​ These new prompts (538-546) will need to
 +   be added to your custom themes if you have them.  See the upgrade.txt
 +   for more information.
 + + New Configuration theme: Turbo Vision. ​ Not really a favorite of mine,
 +   but one of the goals of this theme option is for nostalgia preservation
 +   and the TurboVision look was widely used in the BBS scene.
 + + Mystic'​s built in RAR archive functions should now work with newer RAR5
 +   ​format RAR files. ​ If you encounter any issues viewing a RAR file please
 +   ​e-mail me a link to download the same file or the file itself so I can
 +   take a look at it.  Keep in mind Mystic does not allow you to view
 +   ​encrypted archives.
 + + Changed the e(X)it command in the text editor to (Q)uit to match that of
 +   the ANSI editor.
 + + New ACS function "​OV"​ returns true if the user has validated their current
 +   ​e-mail address.
 + + Email address fields have been expanded to 60 characters, input field
 +   ​length by default is 40 characters (up from 35).
 + + Mystic will now validate that the user enters a valid e-mail address
 +   ​format when prompting for e-mail address during new user application and
 +   when editing user information. ​ Two new prompts have been added that will
 +   be displayed when they enter an invalid e-mail address: #463, #486.  You
 +   ​should update your prompts based on the new defaults.
 + + New menu command: -V (Validate e-mail address). ​ This function will send
 +   a code to the user's e-mail address and then prompt them to enter it on
 +   the BBS.  Upon entering the code successfully,​ the "​OV"​ ACS command will
 +   begin to report true.  If the optional data field contains a security level
 +   ​Mystic will also update the user's security profile. The OV ACS can also be
 +   used in order to perform any number of actions if validation is successful.
 +   New prompts have been added to support this: #​547-#​552. ​ You will need to
 +   add these if you have custom themes.
 + + Mystic now supports CNET Control-Y color codes. ​ These work in file
 +   ​description .DIZ importing, in file descriptions,​ in message reading, in
 +   ​Mystic'​s file/ANSI viewer and ANSI gallery, and Mystic'​s ANSI editor can
 +   now load CNET color coded files. ​ Thanks to NuSkooler for initial info
 +   about the color codes.
 + + New Python function: "​logerror(string)"​. ​ This creates an entry into the
 +   ​global error log of the string passed to it, and also creates an entry in
 +   the current node log as well.
 + + The group editors now have a Move function that allows repositioning the
 +   order of groups. ​ Simply Copy a group and them move to where you want to
 +   place it and select Move.
 + + The file base editor now also has a move function.
 + ! When tagging a bunch of bases in the message base editor and selecting
 +   Sort, it was possible to press ESCAPE and wipe out your message base
 +   ​configuration entirely. ​ Fixed. ​ Sorry to anyone affected by this.
 + ! Fixed a bug in the global message base editor where setting the Max Msgs
 +   value could cause the value to get garbled when updating the bases.
 + + Two new options to the GD menu command (Display a file):
 +      /MCI   - If this option is supplied, Mystic will not filter out any MCI
 +               codes including pipe colors.
 +      /ABORT - If this option is supplied, Mystic will not allow the display
 +               file to be aborted. ​ By default they are allowed.
 + + Mystic'​s SMTP sendmail function now supports opportunistic SSL via the
 +   TLS v1.2+ protocol. ​ Combined with CRAM-MD5 authenication,​ this provides
 +   ​encryption of both the password handshake and the overall session.
 + + Message Box MCI codes no longer automatically pad the header text with a
 +   space on each side. This makes it consistent with other box functions and
 +   ​allows a bit more flexibility.
 + + MUTIL echo import now gives a more meaningful message when a PKT password
 +   is defined and there is no echomail node configured for the origin address
 + + Mystic BINKP server and FIDOPOLL now support opportunistic SSL (TLS v1.2+)
 +   using a proprietary extension of the BINKP protocol. ​ This means that it
 +   will only work with other Mystic BBS clients and servers, but I do plan
 +   to document the extension and send it to the authors of other mailers in
 +   hopes that it can be standardized.
 +   BINKP server settings now have a "Use SSL" setting which can be set to
 +   one of three settings:
 +      No     : BINKP server will not offer SSL extension at all
 +      Yes    : BINKP server WILL offer SSL extension optionally
 +      Forced : BINKP server will refuse all connections not using SSL
 +   ​EchoMail Nodes now have a similar setting which will be used when polling
 +   for new mail:
 +      No     : FIDOPOLL will not use SSL extension at all
 +      Yes    : FIDOPOLL WILL use SSL if the server supports it
 +      Forced : FIDOPOLL will refuse to exchange mail with a server
 +               ​unless it supports SSL
 + + For those of you who downloaded the A40 pre-alpha before Dec 16th, you
 +   will have password issues. ​ To fix this you can copy over the latest
 +   ​upgrade.exe and place your A39 users.dat into DATA and execute "​upgrade
 +   ​password"​.
 + + Message bases with an origin line set to a blank will now inherit the
 +   ​default value set in System Configuration > Message Settings. ​ This is how
 +   it was supposed to work but it wasn'​t. ​ The origin line will now also be
 +   blank when creating a new message base, instead of setting the value to
 +   the current default. ​ This also includes MUTIL import/​create functions.
 + + The random origin line selection engine (@ORIGIN=) will now be processed
 +   if it is defined in the default origin line.  In the past it was only
 +   ​processed when defined for an individual message base.
 + ! Mystic will no longer make echomail bundles with a bracket in the filename
 +   ​extension which could happen in a certain circumstance.
 + ! Fixed a bug where Mystic was adding a point to the INTL kludge origin/dest
 +   ​addresses when dealing with point systems.
 + + Message Base editor now has a /A command to select all bases.
 + + File Base editor now has a /A command to select all bases.
 + + File Base editor now has a /G Global Editor similar to the Message Base
 +   ​editor
 + + Echomail nodes now have an "​Encryption Key" option. ​ When this option is
 +   set to a non-blank value, Mystic will encrypt all of the contents of
 +   ​Netmail messages to this node with an AES-256 encryption. ​ This completes
 +   a fully encrypted echomail solution as both transport and private messages
 +   are secured.
 +   This is done in a way that is completely transparent to unsupporting
 +   ​systems,​ meaning that you can still route netmail through systems and they
 +   will not harm the encrypted netmails! ​ The encryption also hides the
 +   ​message subject, so when combined with Area/​Filefix passwords will no
 +   ​longer be readable. You must have Cryptlib installed for this to work.
 +   The other echomail node must of course have the same key configured for
 +   your node in order to decrypt the netmail when it arrives. ​ This works the
 +   same way as any other password setting in echomail nodes.
 +   When routing Netmail, Mystic will intelligently re-encrypt the message
 +   ​between routing points when possible. ​ In other words if you have a point
 +   ​system who sends from 555:1/2.1 to 555:1/1 but is routed through 555:1/2,
 +   ​Mystic at 555:1/2 will know that it has an encryption agreement between
 +   both 555:1/2.1 and 555:1/1 so it will decrypt the message from 555:1/2.1
 +   and then reencrypt it for 555:1/1 before routing it.
 + + Mystic Area/​Filefix will now accept commands that start and end with a
 +   ​percentage sign (as opposed to just starting with) so: %LIST and %LIST%
 +   will work, for example.
 + ! Mystic wasn't properly using UTC time when adding the @VIA kludge while
 +   ​routing Netmail (it was using local system time).
 + ! Reviewed Netmail routing with point systems and corrected a couple little
 +   bugs with addressing. ​ This will hopefully have no negative effect on any
 +   other behavior.
 + + Mystic BINKP now sends the local time and time zone information whenever
 +   it connects to another BINKP server.
 + + MUTIL MsgPack now no longer users the Mystic temp directories while
 +   ​packing message bases. ​ Instead, it creates temp files in the same
 +   ​directory as the message base.  This should allow MsgPack to continue to
 +   ​rename files when message bases are stored on different devices than the
 +   root Mystic directory.
 + + New MPL function to go along with new password engine:
 +     ​Function CheckPW (PW: String) : Boolean;
 +   This function checks the supplied PW against the current loaded User
 +   and returns true if the password matches or false if it does not.
 + + New MPL function to go along with new password engine:
 +     ​Procedure SetPW (PW: String);
 +   This procedure sets the password for the currently loaded users (ie
 +   the User storeed in the current User variables)
 + + New MPL function to go along with new password engine:
 +     ​Procedure ValidPW (PW: String) : Byte;
 +   This procedure checks the password passed in PW against the configured
 +   ​password policy and returns a result depending on its status:
 +     1 = Password does not meet min length
 +     2 = Password does not meet min cap letters
 +     3 = Password does not meet min symbols
 +     4 = Password does not meet min numbers
 +   <​ALPHA 1.12 A40 RELEASED -- Dec 25, 2018>
 +===== 1.12 Alpha 41 =====
 + ! Fixed the broken SSH that creeped its way into A40.
 + + Changed the date format in message quoting to "DD MMM YYYY"
 + ! MUTIL echo export should no longer toss messages back to the origin node
 +   <​ALPHA 1.12 A41 RELEASED -- Dec 27, 2018>
 +===== 1.12 Alpha 42 =====
 + ! Reverted back to Free Pascal 3.0.2 and magically a lot of the problems
 +   have gone away with the Unix versions.
 + + Increased the BINKP max file queue per session to 200 files, up from 100
 + + Mystic BINKP now sends the build date, time and operating system with
 +   bit level as part of the welcome
 + + Mystic BINKP now sends the queue size (# of files and total bytes) after
 +   ​authentication and before starting to transfer files
 + ! Fixed some issues that were causing IPV6 servers and clients to act
 +   ​differently in Unix based systems.
 + + Prompt #464 message quote text now has &4 MCI code which is replaced by
 +   the time that the original message was written.
 + + Mystic will now log to the node log if a user attempts to post to a
 +   ​message base but does not have access to do so.
 + + Mystic will now log Python errors to the BBS node log and the Mystic
 +   ​global errors.log
 + + MUTIL now has a function to export a FILEBONE.NA file based on the file
 +   ​bases. ​ A new [Export_FILEBONE.NA] stanza has been added to the INI file
 +   for more information see the default mutil.ini file.
 + + MIS servers now show "​Server busy" instead of "​BUSY"​ when a connection is
 +   ​received when all client slots are in use.  "​BUSY"​ will still be shown by
 +   ​Mystic.
 + + New option for each Echomail node: Crash Limiter. ​ When FidoPoll sends
 +   files via BINKP it will skip queueing any files for sending larger than
 +   this value. ​ The value is defined in kilobytes.
 + + MUTIL now allows the loglevel to be defined in each specific stanza. ​ If
 +   the loglevel is defined within a process'​ stanza, then that loglevel will
 +   ​override the value set in the general stanza just for that process.
 +    <ALPHA 1.12 A42 RELEASED -- Feb 2, 2019>
 +===== 1.12 Alpha 43 =====
 + + Mystic now has two new door MCI codes:
 +     %A - Returns the user's realname with spaces replaced with underscores
 +     %B - Returns the user's realname
 + + Expanded the BBS domain from 25 to 45 characters.
 + + Mystic will now inform you if you try to edit a message that has already
 +   been sent.  It already informs you if the message was sent while you were
 +   ​editing it (which tends to happen if you have messages set to send on save
 +   as opposed to logoff).
 + + Mystic'​s private user to user chat system now has a split screen chat
 +   ​option. ​ A new template userchat.ini and userchat.ans are required now to
 +   be accessible by your theme otherwise your user to user chat will not
 +   ​work. ​ See the default installation for these new files.
 + + Mystic now has Mystic-DOS, a built in command shell console that allows
 +   for various disk and BBS functions within a command shell interface that
 +   ​mimics both Bash and MS-DOS/​Windows shell commands. ​ Disk management,
 +   ​executing MPL and Python scripts, snooping and chatting with users on
 +   other nodes, editing ANSI and text files, etc.
 +   A new menu command *D has been added but it cannot be executed unless the
 +   user has a security level of 255.
 + ! Fixed a bug in Mystic Python that would cause a crash whenever the
 +   ​msg_open function failed to open or create a message base.
 + ! Fixed a bug in Mystic wildcard match functions and increased speed by a
 +   good amount.
 + + (when country blocking is enabled)Mystic now logs the user's country in the node log along with their IP
 +   and hostname
 + + The install program now has an "​extract"​ function to go along with the
 +   ​replace function. ​ Type "​install help" for more details.
 + + MUTIL now has an AutoHatch function to automate periodic hatching
 +   of files from the file base.  See default mutil.ini for more information.
 + + New SysOp menu command: *3 This allows a SysOp to snoop (watch) a user on
 +   ​another node.
 + + You can now press CTRL-E when editing menu settings on the Display File
 +   field to open up the ANSI editor.
 + ! In various places whenever a file rename or move needs to occur, Mystic
 +   will first try a fast move and if it fails, it will attempt to copy the
 +   file to the new destination and then delete the original.
 + + When reading forced message bases, Mystic will now allow the user to quit
 +   ​reading if they'​ve already read all of the messages.
 + + Mystic Message Base and File Base editors now have an /U Unsubscribe option
 +   This command will automatically generate an Areafix or Filefix Netmail
 +   ​request to unsubscribe from a base (and option to delete the base after)
 + + The Echomail node editor now has three new options in the / menu:
 +     1 - Send Areafix request to the selected node
 +     2 - Send Filefix request to the selected node
 +     3 - Send Netmail message to Sysop of the selected node
 +   All of these will allow you to quickly and easily contact an Echomail node
 +   to communicate with the SysOp or to add/remove message and file bases or
 +   ​anything else the Area/​Filefix commands allow without having to fumble
 +   ​around with addresses and passwords!
 + + System Configuration now has a log file viewer option in the Other menu
 +   next to the Text and ANSI editors.
 + + New Menu command: *4 This opens the log file viewer
 + + Text editor now has a (CTRL+J) Jump to Line number option
 + + Text editor now has a (CTRL+W) Where function which allows full boolean
 +   line searching using paranthesis and &|! operators
 + + Text editor now has a (CTRL+A) Again function which repeats the last
 +   Where function again
 + ! MUTIL was not adding a NULL at the end of the last PKT when doing a rescan
 +   of message bases.
 + + When importing and forward netmail, MUTIL will now allow an address to be
 +   ​defined,​ allowing Netmail to a certain name on the current setup to be
 +   ​forwarded to different name and/or network node.  See default MUTIL.INI for
 +   more information.
 + + New menu command "​UF"​ Edit Twit Filter. ​ This allows a user to edit their
 +   twit filter, which is a list of users whose messages will be automatically
 +   ​skipped when reading message bases. ​ Each user can define up to 50 users
 +   they wish to ignore.
 + + MUTIL now creates and removes BUSY data before and after processing TIC
 +   files and hatches.
 + ! Fixed a bug when using the save file to message menu command where Netmail
 +   ​messages were not properly being flagged as private.
 + + The SysOp name in the EchoMail node editor can now have an address appended
 +   to it, and Mystic will send the message to that address when using the
 +   "​NetMail SysOp" option. ​ So if the Echomail node address is 21:1/100 but
 +   when you use the Netmail to SysOp function you want to send it to 21:1/101
 +   ​instead because 1:/100 is a hub only, then you can set the SysOp name to
 +   "​Avon@21:​1/​101"​ to override the address.
 +    <ALPHA 1.12 A43 RELEASED -- March 2019>
 +</​code> ​  
whats_new_112.1524959404.txt.gz ยท Last modified: 2018/04/28 19:50 by avon