Minor things that bother you

[Bruce]

And more fun when the third-party service doesn't display the notes left (allegedly) by the customer in the ordering form. Lots of fun having to fish out apartment numbers, gate entry codes, callbox codes, instructions for sprawling complexes, and other bullshit from customers who might be too asleep/drunk/high to answer promptly.

[zachary_amaryllis]

And more fun when the third-party service doesn't display the notes left (allegedly) by the customer in the ordering form. Lots of fun having to fish out apartment numbers, gate entry codes, callbox codes, instructions for sprawling complexes, and other bullshit from customers who might be too asleep/drunk/high to answer promptly.

and for that matter (i've mentioned this before) why people would order via grubhub/doordash etc from a restaurant that already has its own delivery mechanism. from my experience, is no contact with people, and no tips. "leave at door and text". ok, it's 5 below outside, enjoy your cold stuff and don't blame me because it's cold.

where i work, the joke's on them. if they were to call us directly there's all sorts of specials and deals we can apply. if they order via 3rd party, they pay full price for everything.

[1995hoo]

Speaking of online ordering systems, how about software (doesn't have to be for ordering) that doesn't fill in the city and state automatically if you type the ZIP Code.

Another that I think was mentioned before: Systems that impose password-formatting requirements (say, at least one capital letter, at least one number, and at least one symbol but it can only be from a certain set of symbols) but don't tell you what the requirements are until after you create a password that it then rejects because it doesn't meet their secret requirements. Those sorts of requirements are a good thing, on the whole, but it doesn't make sense to fail to communicate them before the user has to create a password.

That all prompts me to think of another: Sites that let you click "remember this device" to bypass two-factor authentication in the future but that then ignore that setting. Why bother giving me the option if I'm going to have to get a code every time anyway? (To be clear, I don't mind two-factor authentication. My wife hates it, but I recognize its value. My gripe is simply that if you give me the option to skip it, the option should work.)

[vdeane]

I might have mentioned this before, but restaurants any merchants that require you to make an account to use their online ordering system.

Fixed that for you.  Or me.

That too, though I seem far more likely to see it with restaurants than anything.  That post was motivated by one such place requiring it last night - instead I just said "screw that, I'll just drive to East Greenbush to get my usual order from the one location in the local chain I normally get my pizza/wings from that's actually open on this holiday", causing them to lose a sale in the process.  I don't tend to order a lot online, though.

Speaking of online ordering systems, how about software (doesn't have to be for ordering) that doesn't fill in the city and state automatically if you type the ZIP Code.

Another that I think was mentioned before: Systems that impose password-formatting requirements (say, at least one capital letter, at least one number, and at least one symbol but it can only be from a certain set of symbols) but don't tell you what the requirements are until after you create a password that it then rejects because it doesn't meet their secret requirements. Those sorts of requirements are a good thing, on the whole, but it doesn't make sense to fail to communicate them before the user has to create a password.

That all prompts me to think of another: Sites that let you click "remember this device" to bypass two-factor authentication in the future but that then ignore that setting. Why bother giving me the option if I'm going to have to get a code every time anyway? (To be clear, I don't mind two-factor authentication. My wife hates it, but I recognize its value. My gripe is simply that if you give me the option to skip it, the option should work.)

Or worse, password requirements that have requirements such as maximum lengths or restrictions on special characters that can be used that expose how the organization isn't following security best practices like hashing passwords or escaping special characters.

The online system my primary care doctor uses has that issue - no matter whether you set "remember this device", the system will still prompt for security question answers every time.  This makes me think of another issue - sites that get significant resources from a third party, making them difficult to whitelist if blocking things like ads, scripts, or third party cookies is causing problems.  I remember one time having to turn to Google, because even NBC's own technical support couldn't tell me what I needed to whitelist in AdBlock Plus to get Zoey's Extraordinary Playlist to actually play in Chrome.

[ZLoth]

Speaking of online ordering systems, how about software (doesn't have to be for ordering) that doesn't fill in the city and state automatically if you type the ZIP Code.

It's not a a hard and fast rule that a single city is assigned to a zip code. For example:

• 95670 - The primary city is Rancho Cordova, CA, but it is also used by Gold River, CA
• 94608 - The primary city is Emeryville, CA, but is also used for a part of Oakland, CA
• 90008 - The primary city is Los Angeles, CA, but is also used for Baldwin Hills and Baldwin Hills

In addition, a city can have multiple zip codes depending on the area. The city that I live in has three zip codes for the physical addresses and two zip codes for PO Boxes.



So, you need to actually have the street address in order to get the actual city.

[jeffandnicole]

Speaking of online ordering systems, how about software (doesn't have to be for ordering) that doesn't fill in the city and state automatically if you type the ZIP Code.

It's not a a hard and fast rule that a single city is assigned to a zip code. For example:

• 95670 - The primary city is Rancho Cordova, CA, but it is also used by Gold River, CA
• 94608 - The primary city is Emeryville, CA, but is also used for a part of Oakland, CA
• 90008 - The primary city is Los Angeles, CA, but is also used for Baldwin Hills and Baldwin Hills

In addition, a city can have multiple zip codes depending on the area. The city that I live in has three zip codes for the physical addresses and two zip codes for PO Boxes.



So, you need to actually have the street address in order to get the actual city.

In the case of the first example, generally the zip code will default to the main town, then the user can switch it, or a selection menu appears. I live with a zip code associated with 7 different town names, so I'm used to switching the default town to my town.

[ZLoth]

Another that I think was mentioned before: Systems that impose password-formatting requirements (say, at least one capital letter, at least one number, and at least one symbol but it can only be from a certain set of symbols) but don't tell you what the requirements are until after you create a password that it then rejects because it doesn't meet their secret requirements. Those sorts of requirements are a good thing, on the whole, but it doesn't make sense to fail to communicate them before the user has to create a password.

One of the first things that you should be learning if you are doing any programming, especially any web programming, is "never ever trust the input from any source". Just because you limit the field length of the input field to 32 characters doesn't mean that what you receive as part of the POST will be less than 32 characters. Plus, if you are passing the input directly to the SQL call, you open yourself up to a SQL injection attack.

This brings up an irritation of mine. Ideally, you should be storing the password as a "salted" hash. For example (and I'm intentionally using a bad password for example purposes), the customer's password is is Fluffy62. I would salt the password with the customer ID so it looks like 147258963Fluffy62, thus avoiding the lookup tables. If I then use a one way hash, then the hashes that get generated are as follows:

• CRC32: 8c561b69
• MD5: 923c3966548efc54440782514ed455ed
• SHA-256: d664be784d6054f0771c84ebdaa6ecc025b7c6f6eb59be93ea176672e4c8457a
• SHA-512: 04479f5b19b5d733fd25eb626217d76b93e8206bddc4d78fd0e555ef053c8eaf4dadc74dee0890495c2a635bef4fd8003a89ef153db4bd4e4a2b094b2d588b0d

Anyone notice a pattern to these hashes? They are all numbers and letters, have a fixed length, and are easily stored in a database table. Now, lets try a complex password that is tied to a UUID that points to a customer number..... like 123e4567-e89b-12d3-a456-426614174000 + ~DU@_0$#oN0y~V^N3DFza|f\k}\yq<....

• CRC32: 4b5827d0
• MD5: 1015ef364aa58d316c5467b286168fc5
• SHA-256: 0201c2cb0eda29f928f14375f4c10e8f5ad156aafe8d7fddbf071db93aa03415
• SHA-512: beb6d5decaa9ddf6c6bcacda3dce019b18eac6dbb053218dbaff95007bdbfe33caecf046bfdb7c10fef702fb2d07725dae67fad9ad6c648a92835f2da73f6dbf

This means that while I enforce a minimum password length with minimum password requirements (one upper, one lower, one number, one special character), there should not be a maximum password length nor should there be a limitation on the special characters used. In fact, using accented characters or foreign characters make the password harder to crack. Yet, how many times have I encountered a website that limits a password to 16-20 characters, or limits the special characters being used? I've seen longer passwords allowed on a hobbyist web board than on a financial institution site.

Which puts me on another rant.... people just don't get that their "easily-remembered password" that they use on all of their websites are also quick to be cracked. Take a look at at How Secure Is My Password? Fluffy62 takes one hour to crack. ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< takes "2 hundred duodecillion years". I believe that both values are optimistic especially in a age where they use graphics cards to mine cyber currency.

[Scott5114]

Of course, an inherent problem with passwords is that in the real world a user is not balancing the risk of the password being cracked but rather the negative consequences of the password being cracked versus ease of use in remembering the password. If someone hacks into my Pizza Hut account and uses up all of my rewards points, that will be annoying, but not as annoying as having to remember whether my password is ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< or ~DU@_0$#oN0y~V%N3DFza|f\k}\yq< when I'm hungry and trying to order a pizza. If someone hacks into my bank account, they can do far worse things, so having a strong password there makes far more sense.

Yes, yes, password managers. Try to explain them to anyone over the age of 50 and see if that still seems like a viable, scalable solution. Personally, I use strong passwords for the things that matter, but keep them written in a paper notebook at home to enforce an air gap that a hacker couldn't actually cross if they got into my computer. If someone breaks into my house, I probably have bigger problems than them getting into my Web server. (And the sorts of people that burglarize a house are usually not the sorts of people that would know what to do with  a password to a Web server anyway. If someone wants a Web server password bad enough to break into someone's house for it, they probably also want it bad enough to do way worse stuff to me to get it.)

[ZLoth]

In the case of the first example, generally the zip code will default to the main town, then the user can switch it, or a selection menu appears. I live with a zip code associated with 7 different town names, so I'm used to switching the default town to my town.

I don't disagree with you there. It's just that we grew up with the specific format of entering in data by street name → city → state → ZIP code, or from specific to vague (with the exception of the ZIP code) because that was the expected format by the United States Postal Service and, by extension, adopted by the shipping and other businesses. Now, if we design the interface to first prompt for the zip code followed by the city selection, we are adding two-three more screens.

You just can't win from the user interface (UI) and user experience (UX) perspective. Of course, you should be able to determine the general location of the state and country based upon the IP address so that I don't have to scroll through 100 countries just to get to the United States.

[CtrlAltDel]

It's not a a hard and fast rule that a single city is assigned to a zip code. For example:

• 95670 - The primary city is Rancho Cordova, CA, but it is also used by Gold River, CA
• 94608 - The primary city is Emeryville, CA, but is also used for a part of Oakland, CA
• 90008 - The primary city is Los Angeles, CA, but is also used for Baldwin Hills and Baldwin Hills

This is true, but what happens when a zip code is split between two different cities is that the post office deems one of the city names the preferred city name and the others as acceptable city names. And as far as the delivery of the mail goes, it doesn't matter which of these city names you use, even if it's otherwise inaccurate.

Such is the case, for example, for zip code 90210, which is partially in Beverly Hills and partially in Los Angeles. Many people in the Los Angeles portion of 90210 state their addresses as being in Beverly Hills, presumably for the prestige, and this is allowed by the post office, if potentially problematic for other things like 911 calls.

Some recent web sites I've visited have asked for the zip code first and then filled out the other associated boxes, but with regular text that you can then edit. Others will pull up full addresses as you type in the street address box, and you just type until the one you want has been uniquely identified.

[kkt]

Of course, an inherent problem with passwords is that in the real world a user is not balancing the risk of the password being cracked but rather the negative consequences of the password being cracked versus ease of use in remembering the password. If someone hacks into my Pizza Hut account and uses up all of my rewards points, that will be annoying, but not as annoying as having to remember whether my password is ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< or ~DU@_0$#oN0y~V%N3DFza|f\k}\yq< when I'm hungry and trying to order a pizza. If someone hacks into my bank account, they can do far worse things, so having a strong password there makes far more sense.

Yes, yes, password managers. Try to explain them to anyone over the age of 50 and see if that still seems like a viable, scalable solution. Personally, I use strong passwords for the things that matter, but keep them written in a paper notebook at home to enforce an air gap that a hacker couldn't actually cross if they got into my computer. If someone breaks into my house, I probably have bigger problems than them getting into my Web server. (And the sorts of people that burglarize a house are usually not the sorts of people that would know what to do with  a password to a Web server anyway. If someone wants a Web server password bad enough to break into someone's house for it, they probably also want it bad enough to do way worse stuff to me to get it.)

Passwords are a really mediocre way to provide security.  The more secure the passwords, the more likely they're on a postit on one's monitor.  And password managers just seem like an extremely tempting hacking target to me.  I do use one, but only for the less sensitive sites.  (Of course, I am over 50, so take this with whatever salt you think is appropriate.)

[hotdogPi]

How important is password strength anyway when most passwords are stolen from a database or phished rather than guessed?

[vdeane]

Passwords are a really mediocre way to provide security.  The more secure the passwords, the more likely they're on a postit on one's monitor.  And password managers just seem like an extremely tempting hacking target to me.  I do use one, but only for the less sensitive sites.  (Of course, I am over 50, so take this with whatever salt you think is appropriate.)

Not necessarily (see link below).  I do share your skepticism of password managers, though.  I'll save some relatively unimportant stuff in Chrome, but not really important stuff like bank accounts.  I don't think someone stealing my computer should be able to instantly access my bank accounts, credit cards, etc.

https://xkcd.com/936/

How important is password strength anyway when most passwords are stolen from a database or phished rather than guessed?

Kinda hard to steal something from a database if all the database has is salted hashes.  That's why a password should never be stored as plain text and why limitations such as maximum lengths or special character restrictions are an issue - they are only needed if the organization is doing the thing they should never, ever do.

Password guessing is still a thing.  If a password is sufficiently weak or is one of the most common passwords ("monkey" was an example of one just a couple years ago, maybe still is; arguably an example of both!), a computer can run through guesses pretty fast and figure out what it is.  A strong password, combined with the organization following best practices and the individual being mindful of phishing attempts, is really the way to go (and even then is still vulnerable to social engineering... it's hard to make an air-tight system, but we do at least want to make it as hard as possible for the criminal).

[ZLoth]

Of course, an inherent problem with passwords is that in the real world a user is not balancing the risk of the password being cracked but rather the negative consequences of the password being cracked versus ease of use in remembering the password. If someone hacks into my Pizza Hut account and uses up all of my rewards points, that will be annoying, but not as annoying as having to remember whether my password is ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< or ~DU@_0$#oN0y~V%N3DFza|f\k}\yq< when I'm hungry and trying to order a pizza. If someone hacks into my bank account, they can do far worse things, so having a strong password there makes far more sense.

The Fluffy1962 and ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< were used as extreme examples of a week and extremely strong password respectively just so that I could emphasize my point. Do I expect anyone to have a 32 character password to place an order with Pizza The Hutt? Nope. But, there is other Personal Identifiable Information that can be contained in your account, such as your birthday, phone number, street address.... all of which could be used as part of an application or request for information. Or they can change the address and... woohoo.... free food and merchandise that can be resold for recreational medication. And, there are too many malicious people out there who take great delight in making other people lives miserable.

"Your identity is your most valuable possession. Protect it."

Yes, yes, password managers. Try to explain them to anyone over the age of 50 and see if that still seems like a viable, scalable solution.

Lets see here... I'm over 50, and utilize a password manager such as KeePass to maintain my master list of passwords, plus a subset is maintained through LastPass. The entire database is encrypted through a Master Password, and KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure.

Personally, I use strong passwords for the things that matter, but keep them written in a paper notebook at home to enforce an air gap that a hacker couldn't actually cross if they got into my computer.

Really? REALLY? Why don't you just tape those passwords to the bottom of your keyboard while you are at it?

How important is password strength anyway when most passwords are stolen from a database or phished rather than guessed?

See my earlier explanation. If the password table are encrypted utilizing a one-way hash such as SHA-512 and properly salted, then it is extremely hard to reverse-engineer the password.(HINT: If the company mails you your password when you do a password reset, then it's not utilizing a one-way hash.) The problem lies when I see lists of extremely common passwords such as this list of the 200 most common passwords for 2021? Too many people value convenience over security, and then, SURPRISE! have to spend months if not years cleaning up the mess. It's bad enough that enough companies treat IT as an expensive that has to be minimized. Do I have to use fear, uncertainly, and doubt (FUD) to encourage users to adopt better security habits? This is also why we have to adopt two-factor authentication system.

[Scott5114]

Of course, an inherent problem with passwords is that in the real world a user is not balancing the risk of the password being cracked but rather the negative consequences of the password being cracked versus ease of use in remembering the password. If someone hacks into my Pizza Hut account and uses up all of my rewards points, that will be annoying, but not as annoying as having to remember whether my password is ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< or ~DU@_0$#oN0y~V%N3DFza|f\k}\yq< when I'm hungry and trying to order a pizza. If someone hacks into my bank account, they can do far worse things, so having a strong password there makes far more sense.

The Fluffy1962 and ~DU@_0$#oN0y~V^N3DFza|f\k}\yq< were used as extreme examples of a week and extremely strong password respectively just so that I could emphasize my point. Do I expect anyone to have a 32 character password to place an order with Pizza The Hutt? Nope. But, there is other Personal Identifiable Information that can be contained in your account, such as your birthday, phone number, street address.... all of which could be used as part of an application or request for information. Or they can change the address and... woohoo.... free food and merchandise that can be resold for recreational medication. And, there are too many malicious people out there who take great delight in making other people lives miserable.

"Your identity is your most valuable possession. Protect it."

All of that stuff is available in government open records anyway, though. You can get my street address by looking up where my LLC is registered or by searching the county assessor's records for my name. All of this is available on publicly-facing websites. You don't even have to talk to a clerk to get it. I couldn't "protect it" if I wanted to.

Changing the address wouldn't really work since they'd need the CVV to my card to actually place an order. Unlike Amazon, Pizza Hut doesn't have one-click ordering. And if they did somehow get it, I'd just file a chargeback with the credit card company and they'd kill the transaction. A possible nuisance, versus the guaranteed nuisance of having a ridiculous password.

Yes, yes, password managers. Try to explain them to anyone over the age of 50 and see if that still seems like a viable, scalable solution.

Lets see here... I'm over 50, and utilize a password manager such as KeePass to maintain my master list of passwords, plus a subset is maintained through LastPass. The entire database is encrypted through a Master Password, and KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure.

Sure, but I want to see the look on Brenda from Accounting's face when you start saying things like "Rijndael" and "Twofish" to her.

Besides, then KeepAss has your passwords. If someone breaks your master password, you're in exactly the same place as if you had used the same password on every website you have an account on. Oh, use a strong password for that? Like the ones you're saving in a password manager because you can't remember them? I see.

Personally, I use strong passwords for the things that matter, but keep them written in a paper notebook at home to enforce an air gap that a hacker couldn't actually cross if they got into my computer.

Really? REALLY? Why don't you just tape those passwords to the bottom of your keyboard while you are at it?

I work from home, not in an office where any random passersby could come into my cube and purloin the password list while I'm off taking a shit. So, tell me, realistically...who's going to get the passwords out of my notebook? My wife? (She wouldn't know what to do with them, and has resisted learning how a Web server works even when I've tried to teach her.) My dog? (She's going blind so she probably can't read it.)

So the only way someone could get my passwords is by physically breaking into my house. Who is going to do that to get the password to a shitty $24/month Web server? It's way easier and far less legally risky to just find one with a weaker password.

[formulanone]

Some random thief stealing your "password book" is the stuff of either bad movie trope or untrustworthy friends. If you keep it right next to the computer, then that's a problem, but if you keep in a bookcase among 250 other books...good luck finding it.

If you'd asked me five years ago if that was stupid, I'd agree, but to the degree that various websites are getting compromised, then there's not a whole lot you can do. If some yutz answers a email without questioning the sender through "social engineering" or someone was fired and their master password hasn't been modified since Windows 98 was a standard...your  little nondescript book is just to keep up with the fact you should change them every 3-12 months.

[7/8]

My mom insists on leaving the TV remotes underneath the TV, instead of beside the couch (because "it looks tidier"). Why have a remote if you have to get up every time to grab it? I usually end up sitting down before noticing they're by the TV.

[zachary_amaryllis]

My mom insists on leaving the TV remotes underneath the TV, instead of beside the couch (because "it looks tidier"). Why have a remote if you have to get up every time to grab it? I usually end up sitting down before noticing they're by the TV.

related: reaching for the remote and grabbing the phone instead thus calling egypt instead of changing the channel. or alternatively reaching for the phone and finding yourself in the nosebleed channels when all you wanted to do was order pizza.

[1995hoo]

Heh, when I was in law school, my mom called me–paying weekday rates for a long-distance call–to ask why the remote for their Magnavox TV was beeping. (I had an almost identical TV–my father bought theirs because he liked mine.) I told her she must have turned on the TV using the button on the TV and she confirmed she had. So I told her it was locating the remote for her and the beeping was to help her find it. Mom's response: "I know where the remote is. I don't need to locate it." My reaction: "Then why the hell did you use the button on the TV if you know where the remote is? It assumes you lost the remote because nobody uses the button on the TV." She didn't have a response to that and I told her to press any button on the remote to get the beeping to stop. (Semi-related: During my fourth year of college, the batteries in the remote in my apartment died. Thank God the TV was on ESPN when that happened. It stayed on, tuned to that channel, for three days until we got around to buying new batteries.)

At some point, my parents had a remote that would turn the TV on and off and adjust the volume but would not operate the cable box. If you wanted to change the channel, you still had to walk over there and change the channel, this because they were not willing to pay the cable company to rent a remote that would operate the cable box.

[JayhawkCO]

I remember the first remote control we ever had had to be plugged into our VCR.  I think the cord was maybe 6' long.

[vdeane]

My mom insists on leaving the TV remotes underneath the TV, instead of beside the couch (because "it looks tidier"). Why have a remote if you have to get up every time to grab it? I usually end up sitting down before noticing they're by the TV.

I would think the idea would be that you'd remember to grab the remote when you want to watch TV and return it when you're done, not that you'd be getting it for every single channel change.

[7/8]

My mom insists on leaving the TV remotes underneath the TV, instead of beside the couch (because "it looks tidier"). Why have a remote if you have to get up every time to grab it? I usually end up sitting down before noticing they're by the TV.

I would think the idea would be that you'd remember to grab the remote when you want to watch TV and return it when you're done, not that you'd be getting it for every single channel change.

The problem is I usually don't remember until after I've sat down. I'd still prefer leaving them on the end tables or even on the couch, but I won't win this one.

[kkt]

Heh, when I was in law school, my mom called me–paying weekday rates for a long-distance call–to ask why the remote for their Magnavox TV was beeping. (I had an almost identical TV–my father bought theirs because he liked mine.) I told her she must have turned on the TV using the button on the TV and she confirmed she had. So I told her it was locating the remote for her and the beeping was to help her find it. Mom's response: "I know where the remote is. I don't need to locate it." My reaction: "Then why the hell did you use the button on the TV if you know where the remote is? It assumes you lost the remote because nobody uses the button on the TV." She didn't have a response to that and I told her to press any button on the remote to get the beeping to stop. (Semi-related: During my fourth year of college, the batteries in the remote in my apartment died. Thank God the TV was on ESPN when that happened. It stayed on, tuned to that channel, for three days until we got around to buying new batteries.)

At some point, my parents had a remote that would turn the TV on and off and adjust the volume but would not operate the cable box. If you wanted to change the channel, you still had to walk over there and change the channel, this because they were not willing to pay the cable company to rent a remote that would operate the cable box.

That sounds like a nice feature!  I wish my remote had that feature about 15 years ago.  The remote stayed lost for about a year and a half.  I looked under the easy chair cushions, and under the easy chair, but at the back of the platform for the chair seat cushion there was a little slot just right for a remote to fall down and get stuck above the springs...

[1995hoo]

Heh, when I was in law school, my mom called me–paying weekday rates for a long-distance call–to ask why the remote for their Magnavox TV was beeping. (I had an almost identical TV–my father bought theirs because he liked mine.) I told her she must have turned on the TV using the button on the TV and she confirmed she had. So I told her it was locating the remote for her and the beeping was to help her find it. Mom's response: "I know where the remote is. I don't need to locate it." My reaction: "Then why the hell did you use the button on the TV if you know where the remote is? It assumes you lost the remote because nobody uses the button on the TV." She didn't have a response to that and I told her to press any button on the remote to get the beeping to stop. (Semi-related: During my fourth year of college, the batteries in the remote in my apartment died. Thank God the TV was on ESPN when that happened. It stayed on, tuned to that channel, for three days until we got around to buying new batteries.)

At some point, my parents had a remote that would turn the TV on and off and adjust the volume but would not operate the cable box. If you wanted to change the channel, you still had to walk over there and change the channel, this because they were not willing to pay the cable company to rent a remote that would operate the cable box.

That sounds like a nice feature!  I wish my remote had that feature about 15 years ago.  The remote stayed lost for about a year and a half.  I looked under the easy chair cushions, and under the easy chair, but at the back of the platform for the chair seat cushion there was a little slot just right for a remote to fall down and get stuck above the springs...

The "SmartSound" feature in the second ad worked pretty well and didn't muffle explosions or the like in TV shows.

https://youtu.be/ZGdo_hb0BCQ

[webny99]

Here's one: people that brake when approaching a green light. Ahhhhh! WHY!?

To me it seems like you must be more choke-prone than the Atlanta Falcons in Super Bowl LI if you're going to slow down in that scenario. You've been given a beautiful, rare gift. Take it and RUN!