This Is It, by Alan Watts also describes some of the same feelings. I picked it up recently and am still trying to digest the concepts he describes.

Thank you for this. I've been dealing with these issues more than usual lately and this was helpful to read.

You can bring food into a movie theater without too much trouble in my experience.

It would be cool to learn if there are other easter eggs like this in Google search. Is there a list somewhere?

[edit] Yes! https://en.wikipedia.org/wiki/List_of_Google_Easter_eggs

I noticed the "only one on sale" thing too. I suspect the author meant it was the only one for sale at the store, period, not that it was the only one with a sale/discounted price.

Ah, true, I hadn't considered that.

Now I'm just looking forward to see how more and more ubiquitous AI deals with real world language.

When I look up "on sale" I get

> 1. offered for purchase.

> 2. NORTH AMERICAN - offered for purchase at a reduced price.

so I guess I associated a US centric idea with the term, since that is what I'm used to.

I saw "The Ashley Book of Knots" mentioned on another post, and it has some interesting history of knots. Especially that the introduction of books led to sailors spending more time not knotting.

The book is also open domain, so anyone interested should look it up.

I wonder if there's some link to rate of footsteps? The step rate of an approaching/retreating human or animal would have been relevant to survival.

> Today at another McDonald's I observed the entire bootstrap process and can confirm that the kiosk indeed is responsible for installing “custom firmware” on the card reader

If this part is correct, it seems like an attacker could compromise the reader itself.

I work with POS hardware at my job. The “custom firmware” is likely just some settings, screens for the POS to display (so they’re McD branded instead of the POS maker), and some per payment-processor configuration so the terminals are using the expected encryption (differs per processor and customer).

Even if it was real firmware (I doubt it), it’s likely the firmware for the POS device interface. I don’t believe that firmware has any control over the actual payment processing bits of hardware, just the software intermediary.

Since that intermediary only has access to EMV tags (which anyone in the payment path has) there is no point. The secret encryption stuff that secures passwords is not controlled from any layer an attacker could touch, outside of documented configuration parameters.

Even if it does handle delivering firmware updates to the device, I would be wholly surprised if the terminal doesn't at least do basic checks to make sure the firmware is signed (although, whether or not there are exploits to get around this is another thing).

The devices I’ve seen all have signed firmware.

Yeah the firmware should be signed and have an EMV certification. It’s a total pain in the arse to develop and deploy new software for these devices.

Considering the article writer already expresses some clear misunderstandings, I don't think it's correct.

Maybe they witnessed it, but that would be a bigger deal than some shitty windows box being popped. Certainly, that would not pass compliance.

Signed firmware though.

Those card readers also typically have photodiodes in them and numerous tamper switches pressed to the case to wipe their internal memory if tampered. Just to be clear I'm not talking about EPROM - they have actual photodiodes inside along with physical switches and a coin battery that will wipe the ROM if tampered.

It's common to have the tamper switches trigger if you drop the terminal. They'll need to be re-flashed from scratch when that happens. eg. https://stackoverflow.com/questions/33872627/how-to-fix-tamp...

Anyway the TLDR is that the Card Reader part of any POS system is reasonably secure.

Fascinating! Is there more detail somewhere on this stuff? Its like a bomb squad drama, making a dam for liquid nitrogen to cool the coin cell below the voltage it can detonate the.. I mean clear the rom, opening the case in a dark tent around the device etc.

It's also supported in Azure Devops wikis