As ridiculous as the meme is, I feel Dogecoin has done more for cryprocurrency acceptance and awareness in the last 5 months than Bitcoin has done in the last 5 years.
By all means, give me a better way to enable websockets on the majority of browsers out there. Flash is horrible, but most people have it installed and enabled. The same can't be said for much anything else.
Too bad you didn't read the summary properly: The flash object sits on the website, not the browser. The browser just runs it. For this to work on a wide scale, you can't make everyone install a browser addon. That's just stupid and as bad as flash is, proprietary addons are worse.
Pay phones are often in public areas, which often have CCTV. While it's not quite a direct trace to the home phone, it's almost certainly enough to find out who did it. All you have to do is follow the CCTV footage at the time of the call until you get a shot of their face, or an idea of where they commuted from. You'll also get a description of their build, ethnicity, etc. and then there's likely eye-witnesses for the areas you can't see.
Surely a much better/modern approach is to use some VOIP provider over a VPN. The call quality might not be brilliant but it doesn't have to be. Or perhaps steal someone's wi-fi. There's lots of ways.
I haven't encountered a grey screen issue, is there a specific occurrence for that? Skipping generally works fine for me, sometimes it does that thing where it seems to miss a keyframe and it looks a bit funky for a few seconds but aside from that, it works fairly well.
Large AVI's are no problem for me. Again, he's using Linux Mint on his (presumably?) server, so using NFS shouldn't be an issue if the overhead for SMB proves too much.
I've found the 360 to be extremely hit and miss when it comes to decoding certain media. MKV's especially are a nightmare with it. I ended up using my PS3 for streaming for a long time, but realistically nothing quite beats the likes of XBMC for media support.
I've had a raspberry pi since launch (I got one of the first batches) and XBMC was quite flaky at first, especially with things like DTS decoding but right now it's very stable and I find I have few issues these days. There's the odd MKV that gives it trouble, but it's usually an issue with the file (such as it using a high bitrate or something).
In fairness, I use a Raspberry Pi myself however I use it as an XBMC machine plugged into my TV, rather than the media server. I let it access the files directly, via an NFS share and it works incredibly well. It can also use SMB if you're a windows user (and in fact, I'm running a Windows server, but since it has NFS support and that has a lower overhead, that's what I use), as well as various other protocols - and there's a plex plugin for it.
The OP isn't prepared to put some arbitrary hours in to getting his current setup working and if he values his time, dropping $35 on a PI seems like a reasonable option to me as it can be setup in just a few mins. It's literally a case of sticking the RaspBMC image onto an SD card, plugging it in and when XBMC boots, telling it which paths to scan for media.
They're cool little devices to have anyway and using XBMC on it means he doesn't have to run anything special on his existing Linux box.
Good for them, they'll end up pissing away more money than it costs to replace the terminal. Their loss. If people aren't capable of managing long term business expenses, that's not my or your issue.
Until there's a shift in liability that means merchants are suddenly liable for card fraud. Suddenly spending a couple of thousand on a new terminal is more cost effective than dealing with thousands in fraud every month.
And it just so happens that's what's happening, with the liability shift beginning next year. There's currently a scramble behind the scenes to get everyone up to scratch before then. It's going to be messy, there's going to be casualties but like it or not, it's happening.
That is essentially how EMV works. Transactions can be done offline, but the card can override the terminal and force it online (to the host) to proceed. Cards will do this for a whole number of reasons, making it difficult to predict. Data is cryptographically signed between card and host, so the terminal cannot tamper with it without voiding the whole transaction.
If the card demands to go online and the terminal does not, it doesn't fall back, it just fails.
This isn't a fault of EMV or chip technology, it's a fault of the banks and their attitude towards security.
However in those instances, you still cannot clone a card (Unlike magstripe, which can be cloned trivially). While PIN makes it much more secure, there's still a huge benefit from moving to EMV. I.e. things like this target hack wouldn't have been possible under EMV cards, PIN or no PIN.
The "tap to pay" interface is linked directly to the smart card. There are some protocol differences to handle the faster nature of the transaction, but it's still EMV, it's still just as secure as the chip itself, it's just contactless.
Even if the terminal itself was compromised and you could read the chip directly, you won't get anything useful from it. Sure, you'll get track2 data (i.e. the magstripe information) but it's useless for EMV as an EMV transaction has several layers of security. Encryption, hashing, cryptograms, essentially there's no way to replay a transaction even if you capture every bit of data from it. In EMV, the terminal isn't trusted, it just acts as an intermediary between card and host. Both the card AND the host can decide to decline a transaction. The card, at any point, can force a terminal to go online if it's not satisfied with the terminal (and will occasionally do so just for the sake of it, because certain floor limits have been hit) and if the terminal doesn't do this, the transaction is cancelled. AT BEST, a criminal could remotely pass through your card's APDU's wirelessly to another transmitter to perform a fraudulent transaction but contactless payments are limited by a maximum spend (usually something like $15 or $20) and will often still require your PIN to proceed.
Your scaremongering isn't helping anyone, it's just causing people to stick with magstripe which is so insecure it's utterly laughable.
How dare we evolve computers to make things easier for everyone. How dare we rip off as much boilerplate code as possible and create utilities that help with tedious or repetitive tasks! I mean what the hell were we thinking, Computers weren't meant to make our lives easier, were they?!
Just to add to this, if you want a good primer on Elliptic Curve Cryptography in general (and not just this exploit), this article from Cloudflare is pretty great even if you don't have a mathematical background. It also explains RSA quite well, so it's a good general crypto primer:
I never claimed that WINE was an emulator, but that doesn't mean its codebase couldn't be used as a starting point for an Xbox One emulator. The whole OS doesn't need to be emulated necessarily, just the parts of the OS that the software hooks into. Then again, if the emulator is high-level enough then the actual OS itself could run on it, though this would be a copyright nightmare but nothing new for emulators (BIOS files for PSX, Dreamcast, etc. being prime examples).
Slashdot Mirror
As ridiculous as the meme is, I feel Dogecoin has done more for cryprocurrency acceptance and awareness in the last 5 months than Bitcoin has done in the last 5 years.
As I said, give me an alternative that is supported.
By all means, give me a better way to enable websockets on the majority of browsers out there. Flash is horrible, but most people have it installed and enabled. The same can't be said for much anything else.
Too bad you didn't read the summary properly: The flash object sits on the website, not the browser. The browser just runs it.
For this to work on a wide scale, you can't make everyone install a browser addon. That's just stupid and as bad as flash is, proprietary addons are worse.
Why would you exterminate browsers? Do you really want/need an app for everything?
Context is so very important.
Pay phones are often in public areas, which often have CCTV. While it's not quite a direct trace to the home phone, it's almost certainly enough to find out who did it. All you have to do is follow the CCTV footage at the time of the call until you get a shot of their face, or an idea of where they commuted from. You'll also get a description of their build, ethnicity, etc. and then there's likely eye-witnesses for the areas you can't see.
Surely a much better/modern approach is to use some VOIP provider over a VPN. The call quality might not be brilliant but it doesn't have to be. Or perhaps steal someone's wi-fi. There's lots of ways.
Yes, because everywhere that has a power socket also has an RJ-45 connector.
And no, homeplugs are not a reliable solution.
I haven't encountered a grey screen issue, is there a specific occurrence for that? Skipping generally works fine for me, sometimes it does that thing where it seems to miss a keyframe and it looks a bit funky for a few seconds but aside from that, it works fairly well.
Large AVI's are no problem for me. Again, he's using Linux Mint on his (presumably?) server, so using NFS shouldn't be an issue if the overhead for SMB proves too much.
I've found the 360 to be extremely hit and miss when it comes to decoding certain media. MKV's especially are a nightmare with it. I ended up using my PS3 for streaming for a long time, but realistically nothing quite beats the likes of XBMC for media support.
I've had a raspberry pi since launch (I got one of the first batches) and XBMC was quite flaky at first, especially with things like DTS decoding but right now it's very stable and I find I have few issues these days. There's the odd MKV that gives it trouble, but it's usually an issue with the file (such as it using a high bitrate or something).
In fairness, I use a Raspberry Pi myself however I use it as an XBMC machine plugged into my TV, rather than the media server. I let it access the files directly, via an NFS share and it works incredibly well. It can also use SMB if you're a windows user (and in fact, I'm running a Windows server, but since it has NFS support and that has a lower overhead, that's what I use), as well as various other protocols - and there's a plex plugin for it.
The OP isn't prepared to put some arbitrary hours in to getting his current setup working and if he values his time, dropping $35 on a PI seems like a reasonable option to me as it can be setup in just a few mins. It's literally a case of sticking the RaspBMC image onto an SD card, plugging it in and when XBMC boots, telling it which paths to scan for media.
They're cool little devices to have anyway and using XBMC on it means he doesn't have to run anything special on his existing Linux box.
Good for them, they'll end up pissing away more money than it costs to replace the terminal. Their loss. If people aren't capable of managing long term business expenses, that's not my or your issue.
No they're not. Retailers pay a % of the transaction for "anti-fraud" measures, as part of the interchange fee.
Until there's a shift in liability that means merchants are suddenly liable for card fraud. Suddenly spending a couple of thousand on a new terminal is more cost effective than dealing with thousands in fraud every month.
And it just so happens that's what's happening, with the liability shift beginning next year. There's currently a scramble behind the scenes to get everyone up to scratch before then. It's going to be messy, there's going to be casualties but like it or not, it's happening.
That is essentially how EMV works. Transactions can be done offline, but the card can override the terminal and force it online (to the host) to proceed. Cards will do this for a whole number of reasons, making it difficult to predict. Data is cryptographically signed between card and host, so the terminal cannot tamper with it without voiding the whole transaction.
If the card demands to go online and the terminal does not, it doesn't fall back, it just fails.
This isn't a fault of EMV or chip technology, it's a fault of the banks and their attitude towards security.
However in those instances, you still cannot clone a card (Unlike magstripe, which can be cloned trivially). While PIN makes it much more secure, there's still a huge benefit from moving to EMV. I.e. things like this target hack wouldn't have been possible under EMV cards, PIN or no PIN.
Can we not spread bullshit and FUD on /. please?
The "tap to pay" interface is linked directly to the smart card. There are some protocol differences to handle the faster nature of the transaction, but it's still EMV, it's still just as secure as the chip itself, it's just contactless.
Even if the terminal itself was compromised and you could read the chip directly, you won't get anything useful from it. Sure, you'll get track2 data (i.e. the magstripe information) but it's useless for EMV as an EMV transaction has several layers of security. Encryption, hashing, cryptograms, essentially there's no way to replay a transaction even if you capture every bit of data from it. In EMV, the terminal isn't trusted, it just acts as an intermediary between card and host. Both the card AND the host can decide to decline a transaction. The card, at any point, can force a terminal to go online if it's not satisfied with the terminal (and will occasionally do so just for the sake of it, because certain floor limits have been hit) and if the terminal doesn't do this, the transaction is cancelled.
AT BEST, a criminal could remotely pass through your card's APDU's wirelessly to another transmitter to perform a fraudulent transaction but contactless payments are limited by a maximum spend (usually something like $15 or $20) and will often still require your PIN to proceed.
Your scaremongering isn't helping anyone, it's just causing people to stick with magstripe which is so insecure it's utterly laughable.
It pretty much is exactly that. In fact, some of them are even called USIM's.
It takes 51% of the network to manipulate bitcoin.
What % of control do you think regular banking systems have and how much is required to manipulate that?
Thank fuck someone on slashdot has some sense!
How dare we evolve computers to make things easier for everyone. How dare we rip off as much boilerplate code as possible and create utilities that help with tedious or repetitive tasks! I mean what the hell were we thinking, Computers weren't meant to make our lives easier, were they?!
Just to add to this, if you want a good primer on Elliptic Curve Cryptography in general (and not just this exploit), this article from Cloudflare is pretty great even if you don't have a mathematical background. It also explains RSA quite well, so it's a good general crypto primer:
http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography
What, like all modern smartphones?
I know he was trolling, but he never said it was too heavy...
I never claimed that WINE was an emulator, but that doesn't mean its codebase couldn't be used as a starting point for an Xbox One emulator. The whole OS doesn't need to be emulated necessarily, just the parts of the OS that the software hooks into. Then again, if the emulator is high-level enough then the actual OS itself could run on it, though this would be a copyright nightmare but nothing new for emulators (BIOS files for PSX, Dreamcast, etc. being prime examples).