Comments URL: https://news.ycombinator.com/item?id=48151761

Points: 72

# Comments: 32

I don't have any nostalgia it, I just appreciate how thoughtfully it was designed for data-input efficiency. I actually ported the official UNIX version of 1-2-3 to Linux a few years ago, I still use it regularly. It uses some tricks to get the original UNIX binaries working on Linux: https://github.com/taviso/123elf

I had been thinking about how to add UTF-8 support, it only supports LMBCS (Lotus Multi-Byte Character Set) by default. It's actually worse than that, it stores everything internally as LMBCS but in a lot of cases can only display ASCII, so it transliterates a lot of characters (e.g. é -> e).

It's also possible to run the real DOS version in dosemu - in terminal mode it's basically indistinguishable from an ncurses application, although dosemu is just cleverly sampling the framebuffer and translating it on-the-fly.

I wrote a display driver to make that work a little better: https://github.com/taviso/lotusdrv

A regression here and there would be normal before, major features breaking in this stable 25 year old software is simply unheard of.

This is not exciting cutting-edge software, it's a boring financial app. My instinct is people want stability and confidence that the output won't change and that their records will still parse.

The next release will be the first where the majority of commits will be made by AI, and it has definitely not gone smoothly.

After a dozen or so bug reports, it's mostly in a working state, but I worry the output is no longer reliable in subtle ways.

This was a screenshot of my Gentoo desktop around 2004!

https://lock.cmpxchg8b.com/img/fvwm_desktop.jpg

For example...

    $ Xvfb :7 &
    [1] 21688
    $ xeyes -display :7 &
    [2] 21697
    $ xwd -display :7 -name xeyes -out /dev/stdout | convert xwd:- sixel:-

Obviously no input though, you would have to use xdotool! The main benefit is that you probably already have all these tools installed :)

Comments URL: https://news.ycombinator.com/item?id=44962529

Points: 839

# Comments: 908

It worked great for me, seems much easier to debug logs directly in the terminal.

Comments URL: https://news.ycombinator.com/item?id=43272463

Points: 236

# Comments: 66

> I'm curious though why you don't think TOTP or similar are good against credential stuffing though

I have written about this before, but looks like I lost the article somehow. https://web.archive.org/web/20210219185711/https://blog.cmpx...

Imagine you reuse the same password everywhere, and are sick of credential stuffing attacks. You ask your friend for advice, and your friend tells you to just enable TOTP when available, explaining that when there is a data breach you will be safe.

That is obviously bad advice, the vast majority of services do not use TOTP and you will have to race attackers to change your credentials quickly at dozens (hundreds?) of services. I think a reasonable person would say that you have not "prevented" credential stuffing.

A far better solution is unique passwords, it works today with all service providers.

TOTP or SMS-2FA are obviously phishable, if you just entered your password into a phishing site, why wouldn't you also enter a TOTP code? I usually point to Modlishka as a practical example (https://vimeo.com/308709275) to help visualize this.

In fact, the main (claimed) advantage of 2FA is that it prevents "Credential Stuffing" of reused passwords. I personally don't think TOTP (or similar) are a good solution to this problem at all, but this is a thorny issue.

I think the solution is effective dates, there is an example pretty close to this scenario in the manual:

https://ledger-cli.org/doc/ledger3.html#Effective-Dates

Comments URL: https://news.ycombinator.com/item?id=41548278

Points: 104

# Comments: 12

Comments URL: https://news.ycombinator.com/item?id=41302695

Points: 25

# Comments: 17