I think it's less about comedy being the outlet to "cope" with what you see, and more about seeing the comedy because you are able to see the world for what it really is.
Most of timeless comedy simply describes the mundane reality of the audience in a way that they realize the absurdity of it.
Usually the advertised price must be honored, because it may have brought the customer to your store.
For prices displayed on the shelf-label inside the store the law is usually not that strict (YMMV), as a shop-owner can refuse sale on check-out (otherwise I could put a pricetag on e.g. a shopping-basket and the shop-owner would be legally required to sell me the basket...).
Besides, most shops I've seen (in Europe) already moved from Infrared communication to RF (NFC or proprietary), for centralized shelf-label management without handheld devices. So all this study (and the underlying reverse engineering of the IR-protocol) might do is probably accelerate the transition from IR to RF-based ESL...
> Usually the advertised price must be honored, because it may have brought the customer to your store.
This is not the case for groceries in Massachusetts at least. If there’s a discrepancy between the tag’s price and the scanned price the store must charge the customer the lowest of the two: https://www.mass.gov/price-accuracy-information
(i) ...if there is a discrepancy between the advertised price, the sticker price, the scanner price or the display price and the checkout price on any grocery item, a food store or a food department shall charge a consumer the lowest price. If the checkout price or scanner price is not the lowest price or does not reflect any qualifying discount, the seller: (i) shall not charge the consumer for 1 unit of the grocery item, if the lowest price is $10 or less; (ii) shall charge the consumer the lowest price less $10 for 1 unit of the grocery item, if the lowest price is more than $10; and (iii) shall charge the consumer the lowest price for any additional units of the grocery item. For the purposes of this subsection and unless the deputy director determines otherwise, individual items that differ only by color, flavor or scent shall be counted as the same item if they are identical in all other aspects, including price, brand, and may only vary in random weight. This subsection shall not apply if: (1) there is evidence of willful tampering; or (2) the discrepancy is a gross error, in that the lowest price is less than half of the checkout price and the seller, in the previous 30 days, did not intend to sell the grocery item at the lowest price.
I dunno, having worked in retail I think it is just not that hard to steal in general (I wasn’t going to get killed over some bananas). Most people are honest most of the time.
The law probably doesn’t apply to fraud, but then the cashier only notices the really obvious cases.
They are talking about the price on the shelf vs the price at the register. The price tag on the shelf has information identifying the product. The price at the register is obviously associated to the bar code on the product. So there's no way for a consumer to swap price tags from one product to another.
Source - worked at a grocery store in Massachusetts as a teen
I recently learned that in some cases fines of mispriced goods were very low, leading to companies repeatedly failing tests - and over/undercharging their customers.
That seems shocking to me, but I guess I live in a country where the prices on the shelves are "final" (with no need to add taxes) and I think it would be immediately obvious if I'd been charged the wrong price for goods.
It definitely varies by jurisdiction, but the register price always loses to any printed price in the US states I’ve lived in. This is a protection since retailers have used pricing mistakes to unfairly profit. Watch your receipt like a hawk at the dollar store[0]
To me this is about having protocols that are suitable so not anybody can write to these labels without knowing a store secret or using replay attacks.
it's mostly about efficiency. IR based, an employee needs to physically walk around. RF based, place a transmitter or two in the building and the system now works fully automated.
The RF system doesn't use the same protocol, it's a new protocol (to potentially hack and reverse-engineer).
The early shelf-label systems were IR-based, sold in bulk and were programmed manually using handheld devices held against them.
Most shelf-label solutions of today are part of a service-model, where gateways are mounted in the store to wirelessly update any label on price-change, often orchestrated remotely so store-chains can update all shops simultaneously.
Very much depends where. In QC, if it rings higher than tagged in the store you get the first one for free and the next ones at the lower price. They take it VERY seriously as a result and will take the tag down while they make a new one to ensure nobody else gets a freebie.
Stores hate giving the product away and pricing errors are much lower in my experience.
Beside of how the media often tries to present it, the value of Flipper Zero is not for everyone to "become a hacker with this simple app".
Its value is to provide a standardized hardware platform for (white hat) hackers for probing, prototyping, refining and sharing of security research in the fields its hardware supports (Sub-GHz RF, NFC, IR, and custom external boards via simple Input/Output pins).
Prior to that, everyone who wanted to research e.g. RF security had to either build/assemble something custom or buy much more expensive equipment. This created a barrier to collaborate on research, as everyone had to buy/build the same setup.
On top of that, Person A researching some RF topic selected an RF-transceiver from Company X, Person B used a component and a proprietary SDK of Company Y, so consolidating both work streams for a better foundation for all RF-related research required alot of time and effort from someone, breaking workflows of at least one group of researchers, etc.
In contrast, security research which utilizes Flipper Zero can be reproduced and built upon by everyone. All the work is harmonized on the same Hardware architecture, so it's easy for someone familiar with the platform to dive straight into a new idea without having to build a new breadboard, select a chipset, buy additional probing equipment etc.
There is much better hardware available to security researchers (chameleons, hackrf, and actually research-grade (much more expensive) equipment).
The flipper is basically an Arduino pre built with a bunch of static antennas. It's fine and in a decent form factor, but I really haven't found it useful.
Do you have any links to actual research (not children playing "researcher") done with flipper hardware?
Flipper zero themselves try to present the flipper zero as a device that "hacks things with a button press".
And they love the free advertising they get along the same lines by youtubers desperate for clicks.
Ultimately it just sells more devices. The flipper zero can't "hack" anything. It can only be used as a tool to perform hacking, by a skilled individual who is doing all the work/discovering an exploit.
> The flipper zero can't "hack" anything. It can only be used as a tool to perform hacking, by a skilled individual who is doing all the work/discovering an exploit.
Would be pretty rad to see what happens I suppose.
Same goes for other tools. If Mythos can find vulnerabilities (through smarts or just extensive combinatorial testing who knows) what's to say it can't help find physical vulnerabilities as well.
I'm tired of the "security research" angle when it's all just kids playing with ESP32 deauther attacks presented to them on a silver platter.
I should not have to put up with children going "JUST SECURE YOUR NETWORKS BRO" because they spent $30 on some eBay "maurauder" dongle to be a pissant.
It's probably good to have kids with no big plans messing with your security now and then. Keeps you on your toes, and you can't really pass it off as an act of god if a teenager pwns you.
And a minority of those kids will get curious about the How and Why. Those are the security nerds of the future securing the networks against both the kids they were themselves and actual malicious actors.
Source: Early interest in wifi security, including in other people's networks, lead me down an education and career in security
I sure wish I was wealthy and had a fistful of RSUs. You wanna send me some? I make 5% over my area's 80% median income and I can't even get housing because I "make too much money" despite being $3000 too rich.
I'm pretty tired of being the network guy in the field playing remote hands having to be on the front lines of all of this bullshit having to explain to decision makers that a bunch of shitty kids are running around and there's no real solution that we can just "fix" this with.
I'm tired. If they're not deauthing our networks they're breaking into rooms with the goddamn card copying and fuzzing functionality and stealing shit.
I apologize. My response was a flippant attempt at humor and I didn't mean to personalize that at you. I have had those days where I had to clean up the mess left behind by a merry prankster. They aren't fun days.
Sometimes the deviant act will get a nod of appreciation from me, but not if an AI did all the heavy lifting. I keep a labor-of-love website up and am increasingly swatting away scrapers in an attempt not to get slammed with a bankruptcy-tier cloud bill.
It uses native APIs to request the media file from the OS and since the app doesn't request the permission to receive location data along with it, the OS provides the files without the location
I don't know in which field your startup is, but here is my experience:
#. Post on your personal account, repost or "talk about your post" from your startup account --> be a person on LinkedIn belonging to a company, don't be a company.
#. Don't direct your posts to customers, direct it to "the industry", by talking about observations, challenges, etc. --> This will create more initial engagement as you likely have more peers than customers in your network --> more engagement increases visibility of your posts to 2nd/3rd degree connections.
#. Tell stories on the issues you saw, thoughts you had, how you helped a person/team (!) in a company, always add some picture, try to have "open ended" thoughts or ask questions.
#. Comment on other people's posts if they help you shape the image of a knowledgable guy enjoying to help others.
#. Don't talk about how great you are, talk about how/why your company/product/service is great for business problems like xyz. (if needed, let your company account talk about how great you are)
As on all social networks, the algorithm keeps changing. But I found that this behavior will establish and show you as a connected and knowledgeable person, and by proxy the company gets visibility as well.
I was with a company in digital transformation services which got ~30% of its leads from LinkedIn (and equal conversion rates to jobs than other means but at much lower cost), just by coaching its Sales to post stories on how excited they are to help others solve some business problems --> Customers got in touch because they could relate to the problem or considered them knowledgeable on similar topics.
And soon, also you will be part of this modern style of doing business that many of us would love to stop /s
Scientists will have to study the exact nature of this specific backlash and identify why it caused a different reaction in Trump than others, e.g. when he attacked the Pope...
The majority of US Christians don't care about the Pope. And Trump-supporting Catholics have a tenuous relationship with the Vatican and Pope already (for instance, many in that camp also want to roll back Vatican II and other "modern" trends).
Sounds fun, but in this case it's actually the OS which is stripping the meta-data before fulfilling the file-access request to the app.
Now an app maybe just wants to set the image as wallpaper, send it to a printer or set as an avatar, so it requests to read it from storage. The OS injecting a watermark here or adding some UI would break decades of apps...
Agree. That's also the dilemma with asking the user for his permission, it is very difficult to frame a concise question and get an educated decision there. So, better to only ask if the App explicitly requests that permission sounds reasonable.
The prior threat-model was, that e.g. a camera/gallery app which may/may not have a permission to a users current location, also has access to the history of a users' locations just by scanning the images when showing the camera roll.
It frankly makes sense to create a separate permission just for this location metadata AND strip this data when no permission was granted, I believe everything else would be MUCH harder to explain the user...
I assume Google are very hesitant to add additional permissions, and any additions get very carefully thought about. Having too many prompts can lead to popup blindness, which defeats the entire purposr of the permission system in the first place.
I'm sure I recall much older Android versions presenting all of the app's permissions at install-time. I'm very willing to bet that most users didn't actually read any of it. Overall, it seems like a very interesting problem to solve.
> Then one day they use a web browser to send a photo, and there's an entirely new behavior they've never learned.
The article is actually about Google's web browser stripping the EXIF location-data when uploading a photo to a webpage, and the author complains about that behavior.
This is not an implementation of the browser itself. Android Chrome is behaving in that way because the app didn't request the required permission for that data from the OS (which would ask the user), so the files it receives to upload already has the data removed
Thank you! Meant my comment for anyone who's not on the very latest version, anyone who experienced Android or another OS with disparate privacy-related behaviors as long as that OS has been around. Yes, now, the issue I'm talking about is solved for the general public on the latest Android devices! At reported cost to power users.
Just to add some more context: The change was applied in Android 10, which was released in 2019.
On OS-level there is no reduction in functionality, the implementation just ensures that the user agrees on sharing his location data to an app, and until that has been agreed it is not being shared (as to not hinder any normal app-operation).
Now the fact that the Chrome app doesn't trigger to ask the user-permissions is another topic, with its own (huge) complexity: If the user disagrees to share his location-history to a webpage, and Android can only ensure this for known media file types (while i.e. Windows cannot do this for ANY filetype, and on iOS I believe the user cannot even decide to not have it stripped), Chrome actually cannot commit to any decision taken by the user.
It's a known dilemma in the W3C, the Browser should ensure user privacy but for binary data it technically can't...
Seems to be quite simple, an App which wants to access location info from images just needs to set the permission for it.
Chrome doesn't seem to request that permission, so the OS doesn't provide the location-data to the app. So Chrome rather ended up in this state by doing nothing, not by explicitly doing something...
If your app targets Android 10 (API level 29) or higher and needs to retrieve unredacted EXIF metadata from photos, you need to declare the ACCESS_MEDIA_LOCATION permission in your app's manifest, then request this permission at runtime.
Most of timeless comedy simply describes the mundane reality of the audience in a way that they realize the absurdity of it.
reply