AsmBB – a lightweight web forum engine written in assembly language

+ Beautiful themes: Glass, Neumor, Poly, Brutal, Joly, Tailwind, Snes
+ Insert URL in minimag button will use selected text as anchor text
+ Email verfication will be send as in default lang setting
+ Some minimag fix
+ Implement page (for contact, TOS…)
+ Implement API

1. One new responsive theme has been created, named “Urban Sunrise”.

+ This is an attempt to really improve the forum appearance. ( feedback is welcome ).
+ Also, this theme contains really improved post editors with embedded extended help for the post formatting.
+ In addition it supports Unicode Emoji characters in really native way, both in the post editor and the real-time chat: 😃 🤖 🏆 🥇
+ “Urban Sunrise” supports source code syntax highlighting (through the JS library).
+ The real-time chat now accepts multi-row posts, including source code.

2. Of course, all reported bugs has been fixed as well, both in AsmBB engine and in FreshLib library.

+ Fixed several bugs, some of them critical. Thanks to the users of AsmBB and especially to ganuonglachanh for the helpful bug reports.
+ New theme, named “Modern” has been created. It is kind of universal and can be used both for desktop and mobile devices.
+ DDOS protection has been implemented for the rare cases AsmBB can’t handle the requests rate. Now the engine can serve the users requests better when under attack.
+ URL analyzer for the MiniMag and BBCode parsers has been implemented in order to prevent XSS attacks in the user posted links.

The main and major change in this release is the support for encrypted forum database. The great SQLite plugin SQLeet is used. According to the specification it supports:

+ PBKDF2-HMAC-SHA256 key derivation with a 16-byte salt and 12345 iterations.
+ ChaCha20 stream cipher with one-time keys.
+ Poly1305 authentication tags.

Of course, the encryption is optional and can be freely switched on and off from the administration settings panel (the new tab “Encryption”).

Several minor bugs has been fixed in this release as well.

Why encrypted database?

Because the encryption can seriously increase the security and the privacy of the forum database.

The encryption key in AsmBB is never stored on the disk and only temporary stored in the RAM. That is why even serious security breach on the web server or the backup server, or the backup media will not compromise the database of the forum, the people account attributes or personal data.

The only known problem of this solution is that the encryption key must be entered on every forum engine restart (through the web interface). This way, on incidental server restarts, the forum will be not accessible for some time. But AsmBB is long living and very stable application so, such issues happen once a several months or even years.

Of course, using encrypted database makes the use of SSL/TLS mandatory.

1. German translation

Although the German translation has been available in the v2.5 silent update of the binary pack, v2.6 is the first official version with German translation of the UI.

Thanks to the community, in v2.6 all other translations are improved as well.

2. Atom/RSS feed support.

The subscribing for themes and some way for push notifications was one of the most required feature.

In v2.6 these requests has been addressed by support for Atom/RSS feeds.

Now everyone can subscribe for the whole forum, for particular tag or for particular theme and get notifications when something is changed.

3. Real-time notifications engine

The handling of the server sent events (SSE) has been rewritten from scratch in order to handle all users in a uniform manner.

While in the earlier versions SSE was used only for the real-time chat, now the SSE service is flexible enough to be used for delivering notifications for many different forum events.

Such as new posts, other users activities, etc.

In addition now it serves all clients from a single thread, so arbitrary number of visitors can be served simultaneously with very little load on the server.

Currently only limited number of notifications are implemented, but as long as the infrastructure is ready and easy expandable, more features can be added later.

4. Bug fixes and speed improvements.

As usual all bugs discovered meanwhile has been fixed. And probably new introduced. But I believe the new bugs are less than the fixed bugs.

At least, on the demo server, there were no spontaneous crashes or memory leaks detected during the whole period between the releases.

The new SSE handling service improves the speed of event processing, especially on high and very high loads of the forum.

5. Updated SQLite and MUSL libraries

Of course, the binary package contains the most recent versions of SQLite and MUSL.

1. User interface i18n

The first major new feature in this release is the internationalization of the engine. Now every user can choose different language for the user interface of the forum. Currently are available 4 languages: English, Bulgarian, Russian and French.

Notice, that some mistakes in the translations are possible and expected, so please, post your corrections and they will be fixed.

Great thanks to macadoum for the French translation.

2. Second markup language – BBCode

A parser for BBCode has been developed and now AsmBB understands two markup languages ( MiniMag and BBCode).

In addition BBCode allows creation of scripts for migration from another forum engines, because BBCode is the most popular forum markup language.

3. Second email send mechanism

Now it is possible to use external programs (such as sendmail) for sending emails to the forum users. This mechanism makes installation easier in the cases where no email server is installed.

4. The usual performance improvements and bug fixes.

As usual the new release is faster than the previous and all detected bugs has been fixed. Of course, bugs and misbehaviours are still possible, so report them here and they will be fixed quickly.

+ Now is possible to attach files to the posts. The attachments permissions are managed per user.
+ “Limited access threads” were implemented. LAT are something like private messages on steroids. The owner of the thread can set some list of users that have access to the thread. The thread is invisible for the other users and can be used for private conversations.
+ Improved users permissions management. The users permissions can be edited by the administrator from the user profile. Separate permissions for the not logged-in visitors (anonymous users) were implemented. This way, now is possible to make closed forum, where only the registered users will be able to read the threads. The registration of new users can be closed as well, creating totally private forum closed for the outer world.
+ The real-time chat service was refactored in order to serve all connections in single thread. Now almost unlimited number of visitors can chat. Now the chat can be merged with the main forum pages with very minor performance degradation.
+ And of course, the new version is about 20% faster than the older versions, after the optimizations of the template rendering engine, the scheme of the database and the SQL requests.
+ New “Terminal” skin was developed for the lovers of the console user interface.
+ All revealed bugs were fixed.
+ The structure of the source code was changed as well. Now the dependency binary files (musl and sqlite library) are removed from the repository and instead a building script was developed that to download from Internet and build the latest versions of these libraries. This way only the latest versions of these libraries will be released with AsmBB.

This is mainly fine-tuning and maintenance release, but two serious bugs have been fixed as well. Here is the change list:

+ Several serious regressions were fixed.
+ The skins were reworked in order to provide more accessibility. Particularly all background images were replaced with tags with respective “alt” texts. Now even with images switched off, the forum can be used flawlessly.
Some skin design issues have been fixed as well.
+ The JS code for the chat has been cleaned up and accelerated a little.

+ Persistent login for the users that prefer it. It is off by default.
+ Reset password procedure.
+ Implemented “Categories” type of navigation, based on the tags system. This way the users can set their own categories.
+ New theme MoLight : it is a mobile theme, the same style as Light theme.
+ Administrator debugging tool !debuginfo
+ Preserving the post edit/delete history and allows to restore them.
+ Improved the UI of the post editor, included some help texts where needed.
+ Improved JS code for the real time chat.

+ Optional persistent login (default: off) for the users don’t wanting to login on every visit.
+ “Reset password” – the most questionable new feature, because by its very nature, this is kind of security hole. 🙂 The feature requires valid email and is accessible as a link in the !login form.
+ “Users list” a not_so_important feature but still useful, all users in one list, accessible on !userlist
+ Chat code updated with many new features: automatic anti-scroll to allow reading the old messages while the people chatting. Notification about missed messages in the tab header allows to follow the conversation without using pop-up notifications. Change of the nickname color, when the user switches to another tab. Speed optimized loading of the old messages on startup/refresh. (yes JS is slow,but still allows some speed optimizations

1. Performance

The main AsmBB component, the templates render (`render.asm`) has been replaced by ` render2.asm`. Rewritten from scratch it uses more “assembly style” algorithms. As a result it is faster and uses less memory, compared with the old implementation.

In addition, all chained string comparisons in the URL parsing logic, has been replaced by hash tables accelerating the common logic of the engine.

This way the speed of AsmBB was approximately doubled. Now it is much harder to overload the engine and it can handle even more visitors simultaneously.

2. The code security

After serious testing with different web application testing tools (including OWASP ZAP and Tinfoil security) some vulnerabilities has been discovered and fixed.

The hard fuzzing and near DDOS loads of the above tests, as a side effect, revealed several obscure resource and memory leaks, that has been fixed as well.

In order to track the leaks easier, was implemented a debugging tool that collects statistics about resources and memory allocations and deallocations and report them on a web page.

As a result I am pretty confident that v2.0 is clean from memory leaks and SQLite hanging statements.