Archive for January 19, 2024

Friday, January 19, 2024

Prompt 3

Panic (Mastodon):

When you buy Prompt, you’ll get both the mobile and desktop apps.


MOSH & ETERNAL TERMINAL. Use these two new connection types for mega-stable terminals even if your network connection is garbage

Quickly insert your most frequently used commands and text snippets with a tap or a click.


Easily sync your servers, keys and passwords between devices, and between Mac and iOS.

It’s $20/year or $100 one-time (presumably until Prompt 4).


Update (2024-01-30): Cabel Sasser (Mastodon):

We know it’s been a long (long) time coming, so we made sure to add all of your most-requested Prompt features, like support for Mosh and Eternal Terminal, jump hosts, port forwarding, proper iPadOS multitasking, YubiKey and Secure Enclave authentication, and so much more.

With lightning-fast terminal emulation (thanks to optional GPU acceleration) and customizable fonts and themes, Prompt 3 is speedier and more personal than ever. And yep, there’s even a dark icon.


It was important to us that Prompt 3 feel right on all your devices. Since Mac apps have always been a passion of ours here at Panic, these are two separate apps, each developed from the ground up to feel right at home on each platform. The Mac app is a Mac app. The iOS app is an iOS app.

Update (2024-02-27): Tom Brand:

Termius passes the Mosh test on iOS. Prompt 3 does not. I want to support Panic, but Mosh means maintaining my terminal’s state in the background and without an Internet connection. Prompt 3 does not.

Update (2024-05-23): Cabel Sasser:

Do check out “connection keeper” in Prompt, which uses location services to “““log your connection location history””” and just so happens to have the side benefit of your keeping connections alive. A ridiculous thing imho but here we are

Update (2024-05-28): Miguel de Icaza (via tweet):

El Preservador is a small program that runs on your target host, it requires no manual installation, and its sole role is to act as a server-side proxy buffer to ssh.

Unlike tmux or mosh, it does not attempt to interpret the meaning of the buffer stream and instead leaves the emulation to La Terminal. When iOS suspends your network connections, El Preservador continues running on the server. When your application returns to the foreground, La Terminal creates a new connection to your machine and reconnects to El Preservador, restoring your session where you left it. One downside is that El Preservador is paired to the running instance of La Terminal, so if you kill the application on iOS, it will not attempt to restore an existing session like tmux or mosh.

La Terminal solves the background disconnect problem without consuming any battery while in the background and without reducing the fidelity of your terminal on the remote end.


Augmental (via Hacker News):

The MouthPad^ is a tongue-driven interface that controls your computer, smartphone, or tablet via Bluetooth. Virtually invisible to the world, but always available to you, it is positioned across the roof of your mouth to put all of the power of a conventional touchpad at the tip of your tongue.


Cursor control is enabled using tongue or head movements, according to user's preference. Tongue presses are used for left-click, or click-and-drag. Sip gestures are used for right-clicks. We are already starting to develop more sophisticated gestures, such as scrolling, swiping, and bite-based input, to expand our dimensions of control.


Its slim design minimizes the impact on speech, making it a convenient solution for users who need to communicate verbally while wearing the device. This means that you can use voice recognition software while wearing your MouthPad^.

Cherlynn Low:

The MouthPad is basically like a retainer with a touchpad, battery and Bluetooth radio built in. It’s made of a resin that the company says is the same “dental-grade material that is commonly used in dental aligners, bite guards and other oral appliances.”


I watched Vega place the 7.5-gram mouthpiece right on his palette, where it sat surrounded by his upper teeth. He closed his mouth and the iPhone he held up showed a cursor moving around as he opened apps and menus.


The company explained that the MouthPad uses Apple’s Assistive Touch feature to navigate iOS, but it can be recognized by other devices as a Bluetooth mouse. It’s already on sale for those who sign up for early access, but general availability is coming later this year. Each MouthPad is individually 3D-printed, based on dental impressions sent in by customers as part of the ordering process.


Google Removing Support for “Less Secure Apps”

Google (September 2023, via Hacker News):

Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. This antiquated sign-in method, known as Less Secure Apps (LSAs), puts users at an additional risk since it requires sharing Google Account credentials with third-party apps and devices that can make it easier for bad actors to gain unauthorized access to your account.

Instead, you’ll need to use the option to Sign-In with Google, which is a safer and more secure way to sync your email to other apps. Sign-in with Google leverages industry standard and more secure OAuth method of authentication already used by the vast majority of third-party apps and devices.


This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP.

The change has already been made for some non-Workspace accounts. The article seems pretty clear that mail, calendar, and contacts clients that don’t support OAuth will stop working. However, commenters are saying that this is not the case and that you will still be able to use app-specific passwords. App passwords are a bit of a misnomer in that they provide access to the entire Google account, but the passwords are 16 characters and generated by Google.

Benny Kjær Nielsen (2015):

The main problem is that OAuth2 requires me to register MailMate with the service provider (Google/Microsoft). If the provider stops supporting other authentication schemes (which is almost true for Google) then the provider has the power to decide which email clients are allowed to access Gmail. I’m probably too old to trust big companies, but it also reminds me of what happened to third party Twitter and (more recently) Instagram clients.


Google continues to push for the adoption of OAuth2 via the XOAUTH2 protocol. In my opinion, they do that using a lot of FUD as seen in this support article, but that does not mean that OAuth2 is necessarily a bad thing to use. Especially not for something like Google for which a single password provides access to all kinds of services.

And I don’t really have a choice here. When using other authentication methods then Gmail users are often rejected. The exact behavior appears to depend on how long the Google account has existed and whether it has been accessed via IMAP in the past. In particular, I believe new Gmail accounts are rejected by default if not using OAuth2. The best user experience is simply with OAuth2 enabled.