AsmBB

Power
Login Register

AsmBB v2.0 has been released.
0

#15382 (ツ) johnfound
Created 28.02.2018, read: 8837 times

Version 2.0 released!

The binary package has been updated to v2.0 (see this thread for download and installation instructions).

This version contains major code updates in two directions:

Performance

The main AsmBB component, the templates render (`render.asm`) has been replaced by render2.asm. Rewritten from scratch it uses more "assembly style" algorithms. As a result it is faster and uses less memory, compared with the old implementation.

In addition, all chained string comparisons in the URL parsing logic, has been replaced by hash tables accelerating the common logic of the engine.

This way the speed of AsmBB was approximately doubled. Now it is much harder to overload the engine and it can handle even more visitors simultaneously.

The code security

After serious testing with different web application testing tools (including OWASP ZAP and Tinfoil security) some vulnerabilities has been discovered and fixed.

The hard fuzzing and near DDOS loads of the above tests, as a side effect, revealed several obscure resource and memory leaks, that has been fixed as well.

In order to track the leaks easier, was implemented a debugging tool that collects statistics about resources and memory allocations and deallocations and report them on a web page.

As a result I am pretty confident that v2.0 is clean from memory leaks and SQLite hanging statements.

Here is a screenshot from the final test by "Tinfoil Security" and their aggressive bot, named "Spider-Pig". :-)

After 1 million requests (logged in as a regular user) it found no vulnerabilities at all:

/attachments/Screenshot_2018-02-27_02-44-08-or8.png

#15396 (ツ) johnfound
Created 07.03.2018, read: 6590 times

The new experimental features after the release of v2.0; After some tests, they will be released as v2.1:

Optional persistent login (default: off) for the users don't wanting to login on every visit.

"Reset password" - the most questionable new feature, because by its very nature, this is kind of security hole. :) The feature requires valid e-mail and is accessible as a link in the /!login form.

"Users list" - a not-so-important feature but still useful - all users in one list, accessible on /!userlist

Chat code updated with many new features: automatic anti-scroll to allow reading the old messages while the people chatting. Notification about missed messages in the tab header allows to follow the conversation without using pop-up notifications. Change of the nickname color, when the user switches to another tab. Speed optimized loading of the old messages on startup/refresh. (yes JS is slow,but still allows some speed optimizations ;))

#15398 (ツ) johnfound
Created 08.03.2018, read: 6523 times

New theme named "MoLight" has been released. It is light theme, mobile pair for the existing "Light" theme.

Now the default themes are set to this pair: Light+MoLight.

Additionally, because of the higher JS performance in the chat, the limit for the loaded chat backlog was increased to 1000 messages.

Enjoy.

AsmBB v2.0 has been released.
0

AsmBB v3.0 (check-in: a316dab8b98d07d9); SQLite v3.42.0 (check-in: 831d0fb2836b71c9);
©2016..2023 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE