I love the website. Just last weekend I made a reader for my company's forum with absolutely no CSS. It's just plain text and a total of 38 lines of code written by me, which includes db connection parameters. Some people I showed it to wanted it to be the real forum. It was fast as hell and mobile and tty (lynx) friendly but didn't allow any sort of login, posting, or posts read tracking, so not really usable. Fun though. I love super basic things. Another really basic site I use is called Hacker News. Heard of it? :)
I encourage people as much as I can to consider doing sites to use as little resources as needed.
Shameless plug, I recently put up the Leanternet directory of lean internet sites, you might like to see more of these kind of sites and the Leanternet principles at https://www.leanternet.com
I like the idea in principle, though in practice i noticed that there are a bunch of similar lists and all of them tend to have only 6-7 sites (half of them being the same).
I think there needs to be a more automated way of finding and sharing these sites, perhaps some browser extension?
Indeed, which is why I have also focused towards setting some principles which would hopefully guide others into understanding and applying the mindset.
oh i did the same thing years ago when I was working at HostGator except I wrote an ncurses front-end to their live chat support system. granted i was the only person who used it (and it was an extension of a toy project i made that essentially had bots with random names connect and send garbage to see if that would propagate out to support chat and see how many people would notice). but either way it's always fun to build a minimalist interface to things (especially when you don't have the code directly for them and have to reverse engineer stuff!)
Ugh, talk about feature creep and planned obsolescence. From version 7.0c you need a 200 MB or larger drive for autobackup and Win95+ or later for mailing/FTPing autoreports.
Now I need to replace my perfectly functional 386DX-40 with one of those fancy 486. Hopefully a Cyrix CX-486DRX2 will do and I can avoid the expense of a new motherboard...
Probably Winsock-related. Sockets required third party support in DOS and required an extension program on Win3.1x, but Win95 standardised them in the OS API. So, if you as a programmer want to do sockets programming without obscure old software that probably lacks documentation, Windows 95 is the way to go.
I set that up recently and found it refreshingly simple. Just load a packet driver (finding the right packet driver for your card is the biggest potential hurdle IMO), set up a system wide configuration file (to be fair, one for each network stack you'll be using; in my case mTCP and WATTCP), point to it with some environment variable in AUTOEXEC and run the network software.
It brings a smile though that I occasionally have to renew my DHCP lease manually.
One could say the software looks dated, but you would be surprised how many of such applications are still in use today. I see those a lot at furniture shops and large stores. I bought a Mercedes-Benz last week and the dealer’s computer was logged into an IBM mainframe running z/OS and COBOL/JPL.
I find it interesting to spot those types of systems in commodity situations.
Lots of such "dated" software can be used much more productively than modern GUI or web based software.
Most oldschool DOS-y business software is very keyboard driven, so the learning curve is much steeper than that of your average web app. But once you're there, and really it's just a few hours of learning to hit the right keys while your experienced colleague is training you up, then it's super fast.
There's no web page loading times. Click ... Wait .... Click ... Etc ...
Inputs are properly tab indexed, because that's the only way to navigate between them.
Every keyboard hit has instant feedback
No time wasted mousing around.
Look, mouse/touch driven UIs are great for discoverability, and web based UIs are great for deliverability, but neither of those are super important when all users of the software are expected to use it a lot, and use it from a known amount of places (eg branches of a retail chain).
Of course there's nothing preventing web based UIs from supporting the same speed and productivity, but I know of few examples that actually do this.
I love web based software and I make it for a living, but I wish UX designers for line of business applications would take a few more hints from the nineties. If you can assume that a new user gets a few hours of on-the-job training from a colleague, then that wildly changes the assumptions underlying your UX design.
Not only is the response fast, but also don't you have to look at the keys or for some entries even the screen.
https://youtu.be/oOjnpOyUzS0
For a while I always said, that I preferred a counter for getting tickets (train or something) as the trained clerk is faster on the keyboard than me on the touchscreen of a ticket machine. Nowadays however clerks on counters have to push the mouse more and more and seemingly have less training.
This comment has some good insights. Actually a lot of "business" software were like that in the 90s and early 00s. They were optimized for productivity of the user and not necessarily aesthetics of appearance or ease of use (well, trade-off). Even old version of excel etc. were designed like that. Unfortunately modern web software has such high importance on making it eye-candy.
I knew someone working on a system like that who could 'type ahead' a couple of screens worth because the layout had not changed in a decade, it 'just worked' and the system had trouble keeping up with the user because of that. Very impressive.
Buffering input is something we are still missing on the web. Concurrency is indispensable, but if the program is modal (and almost all are, to certain extent), processing an input command should wait for the previous one to be processed.
> Of course there's nothing preventing web based UIs from supporting the same speed and productivity, but I know of few examples that actually do this.
Can you give a few of those examples?
What must be done to accomplish this?
* be 100% keyboard driven (so, indexed inputs for easy TAB navigation)
* really quick and responsive (probably with all the needed code locally available, storing data locally and then sync when no action is going on). It's probably one of the best example where a SPA would be really useful
* be really lightweight so it can run on older hardware (like 10+ years old)
But doing those points "right" with nowadays frontend-mindset I'd say that's pretty difficult.
> (probably with all the needed code locally available, storing data locally and then sync when no action is going on).
I'm not sure this is a requirement. Eg the D forum is extremely snappy yet server side rendered: https://forum.dlang.org/. HN itself is pretty snappy too.
I think "no cruft" is probably the better guideline. And it's a hard guideline to follow in Single-Page Webapp Land :-)
I'd say not only the code needs to be local, but it can't make synchronous requests on the network at all until you've completed a task.
One of the underappreciated things about such productive software which enables it to be used without looking is predictable reaction times. Consider the "amazing data entry" video posted elsewhere in the thread, or good old feature-phones. If you have an action that you perform frequently, the key to learning how to do it without looking is to learn how quickly you can feed the input, where do you have to wait for it to be processed, and how long it takes.
It's one of the things I still miss about my last feature-phone (Sony Ericsson K800i). I could do a lot with it without even taking it out of my pocket, because I committed to muscle memory sequences like "up arrow, up arrow, OK, wait half a second, down arrow x3, OK, OK, exit". There's no way I could do this with an Android phone, because input and processing delays are random. Similarly, on the web, if your action shoots out a network request, it can complete anywhere between half a second and half a minute. You can't do actions like these without looking because there's a non-zero chance a delay will mess it up.
POS Developer here. Offline capability (both kinds, with regard to a store server and with regard to an internet connection out of the store) is actually a very important requirement for any serious retailer, but not necessarily 100%, in terms of functionality. Today, you usually want to support some features that are impossible to realize in an offline capable way, like accepting gift cards. For these it's acceptable to be unavailable in an offline scenario. However, this actually creates the next big problem: you need to isolate these services and any connectivity-related errors with them from your offline-capable core ringing process in a way that ensures that your predictable response times of the core ringing process (which are super important for good UX, as the previous commenter already explained correctly) are compromised as little as possible if your online-only feature goes into a failure state - a typical example for "you're doing it wrong" would be waiting for a timeout on an online service on every single request while the connection is down before signaling the cashier that this service cannot be used right now.
isn't SPA and lightweight a contradiction?
My ten year old N900 can not run a modern SPA frontend but is pretty "snappy" with plain old small HTML sites.
But that probably lies more in the framework used rather then in the "SPA concept". Disclaimer: I'm not a front-end developer so I may be totally wrong.
The only things needed to make SPA possible are same page requests
and DOM updates.
We have pretty much always had iframes and form posts that can be targeted to submit to hidden iframes that JS can read, so XMLHttpRequest is easy to polyfill.
We used to use jQuery and globals or straight DOM manipulation. Or Backbone.js or just straight classes.
It has always been possible to make a SPA. And if you actually are able to download and cache most of the app upfront, it should be pretty quick. The question is, I suppose, how big is the SPA codebase and do newer browsers know how to cache identical codebases into their "entry points"?
The real draw of React and Vue, and more recently, Lit-Element (Google), is that they update the DOM in a smart efficient way, doing updates much more efficiently than you might could do without an intermediate layer.
...actually, I think there may even be a positive effect on the way your customers perceive you if you use a POS that looks like it's from the IBM Mainframe / DOS era.
This is because they are seen among businesses which were early adopters of electronic POS systems (usually linked to electronic ERP) which, back in the day, would have been a huge chunk of cash that they would have needed to spend on something that wasn't a core function of their business. And they're still around today. So that has got to be a successful business by somebody's definition of success.
So, in a sneaky kind of way, you can pretend to be one of them by setting up a vintage- and corporate-looking system like that, even when you are a brand-new and unproven small business.
This reminds me of my aunt's ex who is an accountant telling me in mid-2000s that his peers wouldn't take seriously any program that run in Windows because to them all the graphics gave a 'toy' feel. Apparently pretty much all of the accounting software either ran in DOS or were Windows programs that ran in the console as to give that 'serious DOS look'. I also remember him receiving software updates via floppy disks in sealed envelopes from one of these companies.
I wonder what those companies making those programs are doing nowadays.
Believe it or not: Many of them are STILL doing it and still going strong. The market-leading accounting system for businesses that aren't big enough for SAP in Austria is BMD, an accounting system emulates in IBM mainframe UX although it runs in Windows.
Austria is a small country, but quite rich on a per-head GDP basis. With accounting software being so strongly tied to local law, that gives the market a fair amount of protection, in the sense that a Silicon Valley startup won't enter this market as they tend to be interested only in complete and utter world domination, and market-leading accounting system for Austrian small businesses ain't that (but I digress).
So here is the curious history of accounting systems in Austria.
In the IBM host-era the market leader RZL was a company that made a decent product for IBM hosts, mostly the AS/400. Then it became apparent that the future was going to be Windows PCs. So RZL developed another decent product, this time for Windows, with a GUI and everything. BMD saw an opportunity and newly entered the market: They made a programme that ran on Windows but instead of having a modern Windows-like GUI, it tried as much as possible to emulate the UX of an IBM mainframe. -- And they won the market. When people threw out their AS/400s to buy Windows PCs, they switched from RZL to BMD.
BMD became the market leader, and they still are to this day. Now, only just a few years ago, BMD introduced a new version of their product (called NTCS) that had a GUI. This was not to replace the IBM-lookalike product line, but an alternative version fully compatible with the other one that people could opt to get instead. Guess what happened. Their customers went apeshit. They wanted to keep using the IBM-lookalike and were really worried that the arrival of NTCS signalled that they'd eventually drop support for the IBM-lookalike. In order to calm the market they gave out the guarantee that their text user interface would continue to be supported FOR THE NEXT 20 YEARS! Imagine that. BMD will be making UXes that emulate an IBM mainframe in the year 2035 (or whatever it is -- don't know the exact number OTOH). Because their customers WANT THEM TO.
OTOH, if I go to a store and they're still using that sort of system I also think "here's a place that used to innovate, but gave up about 20 years ago"
...it may be a very sensible business choice to not fix it if it ain't broke.
Back in the day, POS/ERP systems were custom-made. So they are likely to be extremely well-tailored to the way a given corporate actually does business.
Replicating that in a more modern setting nowadays might either involve buying into SAP's racket and still paying huge sums of money for customization to get what you need, or building a new completely custom-made piece of software. -- There is an attitude in business that I find very lamentable but that is nevertheless a reality in that, nowadays, a business would never in a million years choose the latter course of action (i.e. a non-tech business like a chain of furniture stores would, nowadays, be extremely unlikely to pay for developers' time to build an ERP for furniture retail for their exclusive use).
But back then, that was the only thing you could do, and people did do it, because the gains in efficiency that could be reaped were just so big in relative terms (if your old system was pen-and-paper, it's a huge leap forward). Those low-hanging fruit are gone now.
The thing is: Those investments that were made back in the late 80s / early 90s continue to pay dividends to this day in the form of money that you don't have to pay to SAP. And this is a considerable amount of money if it means having to go out and hire consultants with staggering hourly rates each time SAP ceases support for the version of their product you're on, with data having to be migrated, customizations having to be re-invented, etc etc (The consultants, BTW, have to turn around and give a good deal of money back to SAP for certifications etc).
I think it's exactly what I would do if I was CIO in a corporate like that with a custom-made ERP system from the 80s. My most-preferred option would be to pay for some software developers' time to build a new one. But the likely outcome would be that I couldn't get a mandate to do that. So my second choice would be sticking with the system we have, and try to make it last for as long as it can possibly last. Only when that is no longer an option would I ever consider buying a modern ERP off the rack.
When I bought a Toyota 4 years ago I was surprised to see the dealer using a separate DOS machine for the contract. I was even more surprised when he printed the contract to a dot matrix printer.
I admin a Toyota dealership currently that still uses a very terminal looking ERP with dot matrix OkiData printers. It's amazing how quickly everyone zips around in it without a mouse. I believe it's called Reynolds and Reynolds auto retailing. Does everything a full service dealership needs, from buying used cars to selling parts and body work.
when I worked at the Sears call center, they tracked all orders and service requests through what appeared to be a DOS based service (ironically also named DOS for delivery/order system) and as I recall another one called NPOS that was used to look up items, check availability, etc.
I do like the blue background choice, which I will forever associate first with Borland Turbo C which used yellow as the foreground colour.
It was also used by Wordstar and a few other programs, as it was the only readable background colour that wasn't black. A few people had early "paperwhite" laptop LCDs that preferred black-on-white.
The one in Indonesia is not only using a CRT, but they have one of those "protectors" on. Blast from the past, I never understood what they were supposed to do in practice.
But weren't there also ones with a "grounding cable" that was supposed to help with "radiation"? I'm sure it was quackery, but I seem to remember those as well.
Along the same lines as a program running on lightweight DOS, is it possible (or common) to build a Linux "distribution" for the sake of running a single TTY program? How fast would it boot, and how reliable would it be? (To avoid being called into work because a brief power outage "bricked" the POS.) Linux would have the advantage of working on modern PCs with modern hardware like touch screens, USB scanners/printers, etc.
Or, say I want to boot directly into a video game console emulator with Linux with 0 additional steps. How would I do that?
While you can just make it launch a program instead of /sbin/init, you may be surprised at the results, because it won't mount any of your filesystems, setup the network, etc. So you want systemd/sysvinit (according to taste) to run first, which will take the normal amount of time to boot.
The cleaner way of doing this is through "inittab". Normally this starts a program called "getty" on the console which provides the login prompt etc. That's what you want to override. It will also restart your program every time it quits.
(Less normal options include "put your program in the initrd", which is viable if it's very small and does all the setup itself, or "write something that runs directly from the UEFI loader")
Or just stick with a lightweight init like OpenRC. It's used in Alpine and as such also in Docker containers. It stands out in how little, really, it does.
Also, you can use /etc/passwd to set the shell for every user. If you set this to a non-shell application, you essentially limit this user's session to only ever running that program. So a very lightweight, but networked system could set up sshd in innittab and then create a user with your single-user application set as the shell, and maybe an admin user that actually has access to a proper shell as a back-up.
There actually was a blog post I read not too long ago about a sysadmin who detailed the security challenges of running an open SSH server in which passwd set the shell to a game. There was a little bit more to it to get it completely secure. Unfortunately can't find it right now.
Another less normal option would simply be to make /sbin/init a shell script.
Instead of trying to detect hardware, network, and all, you could just hardcode everything. If you're working with a standardized set of hardware, that would most likely be simpler than anything else.
When Linux finishes initializing itself it runs /sbin/init (it is one path it tries among a bunch of others, though i think /sbin/init is the first it attempts to run - you can override that with the init= kernel parameter at boot time, e.g. in GRUB). So just make /sbin/init be your binary and make sure it can run by itself without any other initialization and it should work.
In fact, init=/bin/bash is the traditional way to gain root into a system for which you have forgotten the password. Assuming the filesystem is not encrypted.
After the reddit explosion I emailed the guy and donated $5. He personally replied, seems to be a cool lad. So if you can spare some cash, you'll make him very happy.
You could probably get this running in a browser via emulation with one of those JavaScript DOS clones.
From there, you could wrap it in an Electron window and write some nodejs glue code to let it interface with hardware and the file system.
That would make it possible to rig up some kind of cloud storage for the database files and maybe start to think about getting it running on phones with React Native.
You could sell the iOS app for a small price like $20, or a subscription model with in app purchases. That would help to fund a redesign of the website to a more modern single page app approach.
Or, y'know, leave it as it is. As DOS app it is available almost instantly from boot and it's designed specifically for any PC, even ones that are over 30 years old. It's probably faster than any rich GUI version. It's also FREE. It looks like it does what it says on the tin, and for many people, that's all that is important.
There are MANY phone POS apps. I do not see why this POS app needs to be re-vectored to also run on phones. I don't want to be ageist about this, but just because something is old, that doesn't mean it's no longer useful.
Eh, it reads like obvious sarcasm to me, but I am British. There is a stereotype of Americans that they don't "get" sarcasm, and this does seem to come up frequently on HN :)
The real joke is that running this in DOSBox in JavaScript in Electron in a VM etc. etc. would probably still be an order of magnitude faster and more efficient for a trained user than half the [web] apps that would like to replace it.
It’s very kind of you to offer to do this for the author, but I suspect they would rather just not deal with the complexity of all that, given that they specialize in DOS. If you do succeed at doing this, I’m sure they will appreciate a 100% revenue donation though!
If you want to introduce them to more DOS stuff. When I was young my daycare had a DOS computer with Space Quest III and Where in the world is carmen san diego.
You can probably get freeware versions of those.
I had to install it for him and show him what to do. (I was just kind of guessing what to do.)
His shop sold all kind of random things - everything from hamburgers to nuclear weapons...
Some of the screens, e.g. the stock table maintenance, the controls are a bit hairy (e.g. you have to press control-arrow keys to move to another set of fields), he got a bit frustrated at that when I wasn’t there to help him. (I had to go help his little sister.)
> If you have a photo of your son setting up the program that you would like to post on my photo page I am more than willing in this instance suspend the rule of those photos being of actual stores because such a photo would be unbelievably cute and I am a sucker for that. However will understand if you do not wish to post a photo of your son that all the weird-ass folks from Hacker News can see. Also, you can always change columns in the stock table just by pressing [ENTER].
Love the guy's almost anti tech stance. From his fb page:
>I am apparently no longer fit to live on this planet.
Over the last month or so I have received some disturbing emails. When summarized they say that they love the POS software. It does everything they want and more, they could not be more pleased with it and if it was not free they would have been more than happy to pay for it. However they are going to have to dump it and go find a different POS program that will probably not be as perfect for them as DHPOS and will have to pay for it to boot.
The problem is that their younger employees hate it. Either they cannot figure out how to use it because it requires input from the keyboard or they are appalled because when they swipe the screen nothing happens.
Cry me a river.
Apparently smartphone use makes one useless for any other function which is yet another reason to avoid them like the plague that they are. I am increasingly distressed that this page has become an endless rant about smartphones but it does seem as though they have become ubiquitous with the only exception to my knowledge being my pants. In the last month my only co-conspiracy relative has gone over to the dark side and I am now alone.
Over the last week I built a cart to hold folding tables (photo below) for the 6 Corners Association that did not in any way require the use of a smartphone, no swiping required, no cat videos attached, and my attention was focused on reality as evidenced by the fact that I still have possession of all of my fingers. Plus I had buckets of fun to boot. I am quite proud of it and since it is real I have no worries of someone accidentally deleting it or of it being hacked and remotely being sent to scoot down Milwaukee Avenue as a hazard to the populace.
I find real life to be endlessly fascinating, plus if I leave my flip phone at home or the battery dies or the phone gets crushed by a plummeting cement block, I’m good, not a problem. I know where I am (since I never left reality) and I can get anywhere I need to go since I pretty much know where everything I might need is. If I need to contact someone I have a printed list of phone numbers in my wallet. However when I am with someone else and their smartphone dies the look of panic on their face is alarming. I try to console them.
So please do not even think of holding a tag-day to purchase a smartphone for me because I am more than fine without one and it would only make me wonder why you hate me.
He seems to be a fun guy with a really positive attitude.
> Today was my regular 4 month visit to see Doctor G. Due to unanimous threats of death from all the doctors I see, in the last 4 months I have managed to lose 25 pounds. (I am sure that they are here somewhere but I am not going to try to find them.)
> She was very happy with me and like many other folks asked me what diet plan I was using. I replied that it is one of my own creation that I call the “Move more, eat less” diet. This basically consists of taking a long walk every day, go work in the garage and not sit at the computer all the time, and not putting anything in my mouth that I would actually want to eat, ie, if it tastes really good then I should not be eating it.
Honestly, He sounds pretty typical for a lot of late 50s early 60 years old programmers I know. Their relationships with machines has been very different, as has their relationship to the world. I find a lot of them, dislike the way the world has changed in regards to computers, and honestly I can see a lot of what they are saying, albeit with less angst and zeal.
I haven't even hit fifty yet (31 months to go!) and I already feel that way. My first 'proper' job when I was ~20 was as junior sysadmin on a large DEC VAXCluster[1] which are mainframe-like, and over the past three decades of working with computers, I too am very sad at how commoditised it has all become. Programming is mainly now just a process of bolting existing libraries together with no real idea of how everything works, hardware is now shrunk down to effectively be like magic, and unless you constantly jump aboard the latest fad, you are considered obsolete. The fun and discover-ability of the whole thing has completely gone. It's a real shame.
I barely hit thirty and I already start to feel that way (as evidenced by frequent rants on HN on dumbing down of software).
I feel for the guy. Sad thing is, the people refusing to use a powerful and efficient piece of software because they can't click or swipe will be suffering and wondering why their job is miserable. And the customers standing in the queue will be suffering too - especially the ones who've seen efficient POS software being used in other shops.
And as an aside the best and fastest POS I ever used was a DOS-based system. I ;earned to key on the number pad because of it (now I need any external keyboard I use to have one). We actually got so good we could key up entire processes, invoices before the screens could update! This was pre-iPhone/touchscreens everywhere and I thought it looked old and outdated when I started. My appreciation grew after working with it, though.
I'm only just about to be closer to 40 than I am 30 and I feel kinship with these people. Almost every day I see something going on in the industry or on HN or even just whatever horrors the Windows Update team have unleashed recently and need to go outside and shout at clouds for about 20 minutes.
If you find me being less than pleasant on this site, it's usually because I'm talking to someone who is making me feel this way. It's like the modern technology landscape has somehow forgotten the wisdom that was built up over generations. It's infuriating.
The funniest thing imaginable would be for this guy to run into a mainframe dev and get lambasted for "OMG I can't believe your software needs one of those toddler computers, surely a 3270 is good enough"
Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process.
Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted.
Defined - the process is defined/confirmed as a standard business process
Capable - the process is quantitatively managed in accordance with agreed-upon metrics.
Efficient - process management includes deliberate process optimization/improvement.
"Amish churches regulate use of technology through a set of oral guidelines known as the Ordnung. ...
In some cases, after careful evaluation, consensus may develop around a particular technology, which may lead to its being adopted by the church district and incorporated into the Ordnung.:
so: takeaway: amish are at highest CMM, and actually very technologically advanced by CMM metric..
One of my first jobs in IT was replacing POS terminals at a large sporting goods chain.
Netware server, DOS terminals, DOS drive mappings and networking fun stuff and it was in the days of Windows 2000 so a lot of the MSCE's didn't know anything about DOS drivers etc. Or they, were smart enough to pretend that they didn't so they didn't get stuck with this assignment.
Oh man, Netware in the era of Windows 2000!! I had a few of these hold outs. Many of my clients were on WinNT 3.5 with a Netware 3.1 server. Getting the windows admins to understand loading NLMs and using the different console tools was "fun". I only got to toy with one Netware 4.11. And that was just using NwAdmin95 (so the joys of learning NDS). I had it set up in my home lab too as I was planning on getting my CCNA... then I moved to a Windows only place and worked on getting them to adopt Linux.
I love it! I managed to get one client to do a "drop in" Netware replacement using some wire compatible netware replacement (I can't even remember the name) Their machines still kept the Netware login and everything. Good old days.
> SOURCE CODE
> Sorry, but I do not release the source code for any of my software. This is particularly true for the Cash Register program.
> The Cash Register program. has many things that must be hidden like the passwords and PIN numbers. It also has things that users must not be able to change like sales and tax amounts and transaction numbers. These things could easily be changed by anyone who has the source code and anyone with the source code could write a program that would change the hidden things and then release it on the internet making my program useless.
It's all in FAQ. I don't really get the whole thing about the PINs/Passwords, but I'm guessing there's some logic in it.
The funny thing is he explicitly explains to people how to modify the binary with a Hex Editor to change language strings...
I'm a bit of a computer history buff, and dig around through old software archives from time to time. It seems to me that developers back in the 80's (at least in the PC / home computer world) were quite possessive of their source code, even for hobbyist projects that they gave away for free. It might seem a little odd to us today, although perhaps they had some rational motivation (e.g. hopes of productizing it or selling the IP later). So I'm not surprised that this program is also closed source, with some vague integrity/security reasons offered.
I say this with all due respect to the developer, who of course is free to distribute his software however he would like. It's a very cool project, and I often wish we could see a resurgence of such simplicity and distraction-free UX. :)
> It seems to me that developers back in the 80's (at least in the PC / home computer world) were quite possessive... even for hobbyist projects that they gave away for free.
Yup, this is one of those things where the free software movement managed to be surprisingly influential, even before open source proper was a thing. People who were committed to releasing freeware stuff, with no delusions about ever selling it commercially (even as indie "shareware") started making their source code available and using free software licenses, often "share alike"/"copyleft" ones. Even Linux itself went down that very path, in fact.
FWIW there are a lot of closed source freeware programs out there, especially on the Windows world. Irfanview is a very popular example. Another, not as popular in general, though quite popular in HN, is the utilities by NirSoft.
This isn't meant for a highly secure organization. This is meant for a mom and pop shop with limited inventory and limited employees. Most of his target audience are very very small businesses, trying to save a buck on POS software. From his website:
26,000 ITEM LIMIT
You may have noticed that it requires almost zero time to find any item in the stock table by the stock number. This is because all of the stock numbers are indexed and held in memory by the program. Unfortunately there is limited memory in DOS software to do this. The theoretical maximum would be 32,000 items but since some memory must also be used for other purposes the program becomes unstable with more than 26,000 items.
The other consideration is that one of the reasons that this program is free is to help the small to medium business compete with the Wal-Marts of this world. With some exceptions once a retail business grows large enough to carry more than 26,000 different items then it is a Wal-Mart type large business and should be able to afford commercially produced POS software.
You may have noticed that it requires almost
zero time to find any item in the stock table
by the stock number. This is because all of
the stock numbers are indexed and held in
memory by the program. Unfortunately there is
limited memory in DOS software to do this.
The theoretical maximum would be 32,000 items
but since some memory must also be used for
other purposes the program becomes unstable
with more than 26,000 items.
The other consideration is that one of the
reasons that this program is free is to help
the small to medium business compete with the
Wal-Marts of this world. With some exceptions
once a retail business grows large enough to
carry more than 26,000 different items then
it is a Wal-Mart type large business and
should be able to afford commercially produced
POS software.
That's not the point: A bookkeeping system has to have certain properties in order to be able to make it through a tax audit. For example, once a transaction is entered, there have to be certain guarantees that the transaction can't just be deleted or meddled with afterwards. In the pen-and-paper era this was accomplished using special writing instruments. If your books were kept with a pencil or pen with erasable ink, you'd be in big trouble.
It sounds to me a bit like what the author is saying here is that, if the source code were to get out, then it would become common knowledge how to meddle with the accounting records using a hex editor and that, in turn, would be something that an expert witness in a court of law or a tax auditor would point out to attack the admissibility of the whole system.
But that's kind of bad. If the records can be meddled with in a way that would be known if the source code were to get out, then they can probably also be meddled with without the source code being public knowledge (just harder to figure it out), and that is almost as bad: Security-by-obscurity is probably not a valid defense against that allegation if it were to come up in court.
So, there should really be some crypto there instead.
POS Developer here. What you describe is a so-called fiscalized POS system (at least in Germany we call them this way, not sure if there's a different English term). These must report the transactions in a cryptographically secured way to a fiscal authority. To do this, there are multiple concepts (of which some include hardware security devices, smart cards or non-erasable storage or similar, and some do rely on software-only solutions) and any country mandating the use of such systems finds a slightly different way in which they want it done.
In addition to this mechanism that allows the fiscal authority to check the transactions on a specific POS for manipulation, fiscal requirements also often mandate much more, such as explicitly registering POS systems with the authority using serial numbers or hardware checksums, mandating the use of specific receipt layouts, or some kind of freeze of viable parts of the POS software which can then not be modified after approved once by the state (you can imagine how much love this kind of regulation gets from developers wanting to work under modern, agile principles...).
However, not all countries mandate such things - many still accept POS systems that basically do nothing to prevent anyone from modifying transactions after the fact (although there is definitely a trend to more strict fiscal requirements globally). These non-fiscalized systems can try to make it hard to modify transactions if they want, and many do, but they cannot make this actually impossible without having some kind of external authority in play, which is why any effort of doing so will amount to some more or less elaborate kind of "security by obscurity".
But surely: Even if a system is not specifically aiming to comply with the requirements of any specific jurisdiction, there are cryptographic things that could be done that don't cost much and are always preferable to pure security-by-obscurity. -- Just, whenever you append to the ledger, take a checksum of the ledger, append the checksum, get the checksum timestamped by a secure timestamping server (like DigiStamp or Germany's D-Trust), append the signed timestamp, and reiterate the next time you append.
That way you can guarantee that you can only ever erase the ledger in its entirety, not tamper with any single records, and even when you do erase an entire ledger, there is a record of it, if the timestamping server does that kind of journalling. -- No need to rely on any security by obscurity there.
That seems way more secure, and costs next to nothing. You don't even need to be online all the time, you can just fetch the signatures when online, and work in offline mode when there is no connection. You can even retrofit that ability when your system works with files, by putting the files under version control, and making the version control system do that. (Personally, I have my version control server rigged to do just that, in case I ever need to prove in a court of law the date when a piece of code was written etc).
What you describe is pretty much exactly one of the schemes by which a fiscal authority might ensure non-modifyability. The fiscal authority would take up the part of the timestamping service in a real world implementation of course (no government ever would just let you freely choose a provider for such a service by yourself).
That is what I meant with “every implementation that shall not just be an elaborate security-by-obscurity scheme needs an authority”.
Note that no one will ever pay for anything like that if it is not mandated by some government under which you want to operate a significant number of POS installations. It is already crazy expensive to implement all these different and mind-numbingly clusterfucked schemes that all the countries with fiscal requirements want to have implemented. The one thing no one wants to do is coming up with just one more of these schemes that the countries in which no such thing is required will not care about anyway (lawyers will not be impressed at all by technical explanations why your records are super protected against manipulation - they will still call in the armies of accountants to run the numbers up and check your books).
The moment you enter into hex editing these records is the moment that you are into trouble anyway - assuming the software is trusted in the first place.
In some countries it isn't really the POS that does the bookkeeping, but a special device is used that communicates with tax registry (or something, i'm not 100% sure on this). All the POS software does is tell the device what it was sold, the device registers it with the tax registry and gives back some sort of code string to be printed on the receipt. This also allows the receipt to be any type of paper (as opposed to the special triple-layered paper that was often used back in the day) and even if the device itself is tampered with, the information has already been sent to the tax registry.
I think the author of this POS is mostly using this as an excuse to not release the source code, not for any practical reasons.
As I've grown older (mid 30s now), I've noticed over time that I have begun to strongly prefer lightweight, minimal, focused, efficient things in all sorts of areas of life, including software.
For a while I was in the "lol can't believe this business still uses a DOS program!" camp... but that knee-jerk reaction has faded and I'm completely on the other end now. I'm not anti new technologies, but I am skeptical that they are ultimately always better than what preceded them.
There is so much we have that is "new" that feels far worse than what we had before. Smart TVs, bloated/slow software, etc.
The design side of my brain still feels like even just a few lines of CSS could probably spruce up the site for this software (just in terms of colors/font), but even then, is it really necessary? He likes it the way it is, why not just keep it that way.
There is something much more charming and interesting about KeyPOS. Not that one is better than the other, or more up-to-date, but... KeyPOS is written in QBASIC, looks like it's from the 90s (it is), and the author is self-deprecating but not so much that it's annoying.
... plus it's not making you install a web server and isn't an Electron app. I thought we all collectively hated Electron.
> CORE is primarily a web-based, PHP+MySQL application. There are a few C# pieces most of which are Mono-compatible.
> This is an ElectronJS based app that turns CORE's lane into a desktop app. Apache, MySQL, etc are all still required. This app just takes the place of the web browser. Why?
I'll guess for them, cause I do it for our POS but it's necessary to be "on the box" to control serial ports and print w/o prompt. Think scanners and receipt printers.
Yeah. The POS system I worked on used a small local web server for the browser to control the drawer and such, but it's a more complex setup than getting the webapp itself to do that.
If one is okay with a web POS, Electron itself seems like a good fit.
KeyPOS has quite a bit of charm, and I wish it were more extensible (eg: free software) like Core POS.
The Electron app part is new, I know they were using Firefox with a few XUL extensions in 2015. There probably wasn't much choice beyond Electron once XUL was killed, and their PHP codebase is one of the nicest I have ever worked on.
PHP codebase, worse site than this one. Front page gives an error about a Google Maps API key. I don't know why they have a website at all rather than just redirecting to the GitHub pages.
I think mental diversity in the workplace is something to be encouraged not ostracized.
Personally I find both Terry and Dale to be great, well informed reads despite a bit of what someone else labeled self depreciating behaviour.
"Sorry, but I do not release the source code for any of my software. This is particularly true for the Cash Register program.
The Cash Register program. has many things that must be hidden like the passwords and PIN numbers. It also has things that users must not be able to change like sales and tax amounts and transaction numbers. These things could easily be changed by anyone who has the source code and anyone with the source code could write a program that would change the hidden things and then release it on the internet making my program useless".