I haven't encountered a grey screen issue, is there a specific occurrence for that? Skipping generally works fine for me, sometimes it does that thing where it seems to miss a keyframe and it looks a bit funky for a few seconds but aside from that, it works fairly well.
Large AVI's are no problem for me. Again, he's using Linux Mint on his (presumably?) server, so using NFS shouldn't be an issue if the overhead for SMB proves too much.
I've found the 360 to be extremely hit and miss when it comes to decoding certain media. MKV's especially are a nightmare with it. I ended up using my PS3 for streaming for a long time, but realistically nothing quite beats the likes of XBMC for media support.
I've had a raspberry pi since launch (I got one of the first batches) and XBMC was quite flaky at first, especially with things like DTS decoding but right now it's very stable and I find I have few issues these days. There's the odd MKV that gives it trouble, but it's usually an issue with the file (such as it using a high bitrate or something).
In fairness, I use a Raspberry Pi myself however I use it as an XBMC machine plugged into my TV, rather than the media server. I let it access the files directly, via an NFS share and it works incredibly well. It can also use SMB if you're a windows user (and in fact, I'm running a Windows server, but since it has NFS support and that has a lower overhead, that's what I use), as well as various other protocols - and there's a plex plugin for it.
The OP isn't prepared to put some arbitrary hours in to getting his current setup working and if he values his time, dropping $35 on a PI seems like a reasonable option to me as it can be setup in just a few mins. It's literally a case of sticking the RaspBMC image onto an SD card, plugging it in and when XBMC boots, telling it which paths to scan for media.
They're cool little devices to have anyway and using XBMC on it means he doesn't have to run anything special on his existing Linux box.
Good for them, they'll end up pissing away more money than it costs to replace the terminal. Their loss. If people aren't capable of managing long term business expenses, that's not my or your issue.
Retailers are 100% liable today. And that's the problem!
No they're not. Retailers pay a % of the transaction for "anti-fraud" measures, as part of the interchange fee.
Until there's a shift in liability that means merchants are suddenly liable for card fraud. Suddenly spending a couple of thousand on a new terminal is more cost effective than dealing with thousands in fraud every month.
And it just so happens that's what's happening, with the liability shift beginning next year. There's currently a scramble behind the scenes to get everyone up to scratch before then. It's going to be messy, there's going to be casualties but like it or not, it's happening.
That is essentially how EMV works. Transactions can be done offline, but the card can override the terminal and force it online (to the host) to proceed. Cards will do this for a whole number of reasons, making it difficult to predict. Data is cryptographically signed between card and host, so the terminal cannot tamper with it without voiding the whole transaction.
If the card demands to go online and the terminal does not, it doesn't fall back, it just fails.
This isn't a fault of EMV or chip technology, it's a fault of the banks and their attitude towards security.
However in those instances, you still cannot clone a card (Unlike magstripe, which can be cloned trivially). While PIN makes it much more secure, there's still a huge benefit from moving to EMV. I.e. things like this target hack wouldn't have been possible under EMV cards, PIN or no PIN.
tap to pay = RFID == lower security
Can we not spread bullshit and FUD on
The "tap to pay" interface is linked directly to the smart card. There are some protocol differences to handle the faster nature of the transaction, but it's still EMV, it's still just as secure as the chip itself, it's just contactless.
Even if the terminal itself was compromised and you could read the chip directly, you won't get anything useful from it. Sure, you'll get track2 data (i.e. the magstripe information) but it's useless for EMV as an EMV transaction has several layers of security. Encryption, hashing, cryptograms, essentially there's no way to replay a transaction even if you capture every bit of data from it. In EMV, the terminal isn't trusted, it just acts as an intermediary between card and host. Both the card AND the host can decide to decline a transaction. The card, at any point, can force a terminal to go online if it's not satisfied with the terminal (and will occasionally do so just for the sake of it, because certain floor limits have been hit) and if the terminal doesn't do this, the transaction is cancelled.
AT BEST, a criminal could remotely pass through your card's APDU's wirelessly to another transmitter to perform a fraudulent transaction but contactless payments are limited by a maximum spend (usually something like $15 or $20) and will often still require your PIN to proceed.
Your scaremongering isn't helping anyone, it's just causing people to stick with magstripe which is so insecure it's utterly laughable.
It pretty much is exactly that. In fact, some of them are even called USIM's.
It takes 51% of the network to manipulate bitcoin.
What % of control do you think regular banking systems have and how much is required to manipulate that?
Thank fuck someone on slashdot has some sense!
How dare we evolve computers to make things easier for everyone. How dare we rip off as much boilerplate code as possible and create utilities that help with tedious or repetitive tasks! I mean what the hell were we thinking, Computers weren't meant to make our lives easier, were they?!
Just to add to this, if you want a good primer on Elliptic Curve Cryptography in general (and not just this exploit), this article from Cloudflare is pretty great even if you don't have a mathematical background. It also explains RSA quite well, so it's a good general crypto primer:
What, like all modern smartphones?