asmBB Discussion board “What’s AsmBB?”
+ Stunning themes: Glass, Neumor, Poly, Brutal, Joly, Tailwind, Snes
+ Insert URL in minimag button will use chosen textual content as anchor textual content
+ E-mail verfication will likely be ship as in default lang setting
+ Some minimag repair
+ Implement web page (for contact, TOS…)
+ Implement API
1. One new responsive theme has been created, named “City Dawn”.
+ That is an try to actually enhance the discussion board look. ( suggestions is welcome ).
+ Additionally, this theme incorporates actually improved publish editors with embedded prolonged assist for the publish formatting.
+ As well as it helps Unicode Emoji characters in actually native method, each within the publish editor and the real-time chat: 😃 🤖 🏆 🥇
+ “City Dawn” helps supply code syntax highlighting (by the JS library).
+ The true-time chat now accepts multi-row posts, together with supply code.
2. In fact, all reported bugs has been mounted as nicely, each in AsmBB engine and in FreshLib library.
+ Mounted a number of bugs, a few of them crucial. Due to the customers of AsmBB and particularly to ganuonglachanh for the useful bug experiences.
+ New theme, named “Trendy” has been created. It’s type of common and can be utilized each for desktop and cell gadgets.
+ DDOS safety has been applied for the uncommon circumstances AsmBB cannot deal with the requests fee. Now the engine can serve the customers requests higher when underneath assault.
+ URL analyzer for the MiniMag and BBCode parsers has been applied in an effort to stop XSS assaults within the consumer posted hyperlinks.
The principle and main change on this launch is the assist for encrypted discussion board database. The nice SQLite plugin SQLeet is used. In keeping with the specification it helps:
+ PBKDF2-HMAC-SHA256 key derivation with a 16-byte salt and 12345 iterations.
+ ChaCha20 stream cipher with one-time keys.
+ Poly1305 authentication tags.
In fact, the encryption is optionally available and may be freely switched on and off from the administration settings panel (the brand new tab “Encryption”).
A number of minor bugs has been mounted on this launch as nicely.
Why encrypted database?
As a result of the encryption can severely improve the safety and the privateness of the discussion board database.
The encryption key in AsmBB isn’t saved on the disk and solely non permanent saved within the RAM. That’s the reason even severe safety breach on the net server or the backup server, or the backup media is not going to compromise the database of the discussion board, the individuals account attributes or private knowledge.
The one identified drawback of this answer is that the encryption key have to be entered on each discussion board engine restart (by the net interface). This manner, on incidental server restarts, the discussion board will likely be not accessible for a while. However AsmBB is lengthy dwelling and really steady software so, such points occur as soon as a a number of months and even years.
In fact, utilizing encrypted database makes the usage of SSL/TLS necessary.
1. German translation
Though the German translation has been out there within the v2.5 silent replace of the binary pack, v2.6 is the primary official model with German translation of the UI.
Due to the group, in v2.6 all different translations are improved as nicely.
2. Atom/RSS feed assist.
The subscribing for themes and a way for push notifications was one of the vital required characteristic.
In v2.6 these requests has been addressed by assist for Atom/RSS feeds.
Now everybody can subscribe for the entire discussion board, for specific tag or for specific theme and get notifications when one thing is modified.
3. Actual-time notifications engine
The dealing with of the server despatched occasions (SSE) has been rewritten from scratch in an effort to deal with all customers in a uniform method.
Whereas within the earlier variations SSE was used just for the real-time chat, now the SSE service is versatile sufficient for use for delivering notifications for a lot of completely different discussion board occasions.
Resembling new posts, different customers actions, and so forth.
As well as now it serves all shoppers from a single thread, so arbitrary variety of guests may be served concurrently with little or no load on the server.
At the moment solely restricted variety of notifications are applied, however so long as the infrastructure is prepared and straightforward expandable, extra options may be added later.
4. Bug fixes and velocity enhancements.
As typical all bugs found in the meantime has been mounted. And possibly new launched. However I imagine the brand new bugs are lower than the mounted bugs.
No less than, on the demo server, there have been no spontaneous crashes or reminiscence leaks detected throughout the entire interval between the releases.
The brand new SSE dealing with service improves the velocity of occasion processing, particularly on excessive and really excessive a great deal of the discussion board.
5. Up to date SQLite and MUSL libraries
In fact, the binary bundle incorporates the latest variations of SQLite and MUSL.
1. Consumer interface i18n
The primary main new characteristic on this launch is the internationalization of the engine. Now each consumer can select completely different language for the consumer interface of the discussion board. At the moment can be found 4 languages: English, Bulgarian, Russian and French.
Discover, that some errors within the translations are doable and anticipated, so please, publish your corrections and they are going to be mounted.
Nice due to macadoum for the French translation.
2. Second markup language – BBCode
A parser for BBCode has been developed and now AsmBB understands two markup languages ( MiniMag and BBCode).
As well as BBCode permits creation of scripts for migration from one other discussion board engines, as a result of BBCode is the preferred discussion board markup language.
3. Second e mail ship mechanism
Now it’s doable to make use of exterior packages (comparable to sendmail) for sending emails to the discussion board customers. This mechanism makes set up simpler within the circumstances the place no e mail server is put in.
4. The same old efficiency enhancements and bug fixes.
As typical the brand new launch is quicker than the earlier and all detected bugs has been mounted. In fact, bugs and misbehaviours are nonetheless doable, so report them right here and they are going to be mounted rapidly.
+ Now’s doable to connect recordsdata to the posts. The attachments permissions are managed per consumer.
+ “Restricted entry threads” had been applied. LAT are one thing like non-public messages on steroids. The proprietor of the thread can set some listing of customers which have entry to the thread. The thread is invisible for the opposite customers and can be utilized for personal conversations.
+ Improved customers permissions administration. The customers permissions may be edited by the administrator from the consumer profile. Separate permissions for the not logged-in guests (nameless customers) had been applied. This manner, now’s doable to make closed discussion board, the place solely the registered customers will be capable to learn the threads. The registration of latest customers may be closed as nicely, creating completely non-public discussion board closed for the outer world.
+ The real-time chat service was refactored in an effort to serve all connections in single thread. Now nearly limitless variety of guests can chat. Now the chat may be merged with the primary discussion board pages with very minor efficiency degradation.
+ And naturally, the brand new model is about 20% quicker than the older variations, after the optimizations of the template rendering engine, the scheme of the database and the SQL requests.
+ New “Terminal” pores and skin was developed for the lovers of the console consumer interface.
+ All revealed bugs had been mounted.
+ The construction of the supply code was modified as nicely. Now the dependency binary recordsdata (musl and sqlite library) are faraway from the repository and as a substitute a constructing script was developed that to obtain from Web and construct the most recent variations of those libraries. This manner solely the most recent variations of those libraries will likely be launched with AsmBB.
That is primarily fine-tuning and upkeep launch, however two severe bugs have been mounted as nicely. Right here is the change listing:
+ A number of severe regressions had been mounted.
+ The skins had been reworked in an effort to present extra accessibility. Significantly all background pictures had been changed with <img> tags with respective “alt” texts. Now even with pictures switched off, the discussion board can be utilized flawlessly.
Some pores and skin design points have been mounted as nicely.
+ The JS code for the chat has been cleaned up and accelerated slightly.
+ Persistent login for the customers that favor it. It’s off by default.
+ Reset password process.
+ Applied “Categories” kind of navigation, based mostly on the tags system. This manner the customers can set their very own classes.
+ New theme MoLight : it’s a cell theme, the identical type as Mild theme.
+ Administrator debugging software !debuginfo
+ Preserving the publish edit/delete historical past and permits to revive them.
+ Improved the UI of the publish editor, included some assist texts the place wanted.
+ Improved JS code for the actual time chat.
+ Non-obligatory persistent login (default: off) for the customers do not desirous to login on each go to.
+ “Reset password” – probably the most questionable new characteristic, as a result of by its very nature, that is type of safety gap. 🙂 The characteristic requires legitimate e mail and is accessible as a hyperlink within the !login kind.
+ “Customers listing” a not_so_important characteristic however nonetheless helpful, all customers in a single listing, accessible on !userlist
+ Chat code up to date with many new options: computerized anti-scroll to permit studying the previous messages whereas the individuals chatting. Notification about missed messages within the tab header permits to comply with the dialog with out utilizing pop-up notifications. Change of the nickname shade, when the consumer switches to a different tab. Velocity optimized loading of the previous messages on startup/refresh. (sure JS is gradual,however nonetheless permits some velocity optimizations
1. Efficiency
The principle AsmBB element, the templates render (`render.asm`) has been changed by ` render2.asm`. Rewritten from scratch it makes use of extra “meeting type” algorithms. In consequence it’s quicker and makes use of much less reminiscence, in contrast with the previous implementation.
As well as, all chained string comparisons within the URL parsing logic, has been changed by hash tables accelerating the widespread logic of the engine.
This manner the velocity of AsmBB was roughly doubled. Now it’s a lot tougher to overload the engine and it will possibly deal with much more guests concurrently.
2. The code safety
After severe testing with completely different net software testing instruments (together with OWASP ZAP and Tinfoil safety) some vulnerabilities has been found and glued.
The arduous fuzzing and close to DDOS a great deal of the above checks, as a aspect impact, revealed a number of obscure useful resource and reminiscence leaks, that has been mounted as nicely.
With a view to monitor the leaks simpler, was applied a debugging software that collects statistics about assets and reminiscence allocations and deallocations and report them on an internet web page.
In consequence I’m fairly assured that v2.0 is clear from reminiscence leaks and SQLite hanging statements.