Forgot your password?
typodupeerror

Comment: Re:MiniDLNA (Score 2) 420

by neokushan (#45964483) Attached to: Ask Slashdot: Suggestions For a Simple Media Server?

I've found the 360 to be extremely hit and miss when it comes to decoding certain media. MKV's especially are a nightmare with it. I ended up using my PS3 for streaming for a long time, but realistically nothing quite beats the likes of XBMC for media support.

I've had a raspberry pi since launch (I got one of the first batches) and XBMC was quite flaky at first, especially with things like DTS decoding but right now it's very stable and I find I have few issues these days. There's the odd MKV that gives it trouble, but it's usually an issue with the file (such as it using a high bitrate or something).

Comment: Re:Raspberry PI (Score 2) 420

by neokushan (#45964435) Attached to: Ask Slashdot: Suggestions For a Simple Media Server?

In fairness, I use a Raspberry Pi myself however I use it as an XBMC machine plugged into my TV, rather than the media server. I let it access the files directly, via an NFS share and it works incredibly well. It can also use SMB if you're a windows user (and in fact, I'm running a Windows server, but since it has NFS support and that has a lower overhead, that's what I use), as well as various other protocols - and there's a plex plugin for it.

The OP isn't prepared to put some arbitrary hours in to getting his current setup working and if he values his time, dropping $35 on a PI seems like a reasonable option to me as it can be setup in just a few mins. It's literally a case of sticking the RaspBMC image onto an SD card, plugging it in and when XBMC boots, telling it which paths to scan for media.

They're cool little devices to have anyway and using XBMC on it means he doesn't have to run anything special on his existing Linux box.

Comment: Re:Cheap architecture + short cuts = DOOM (Score 1) 250

by neokushan (#45950869) Attached to: Target Confirms Point-of-Sale Malware Was Used In Attack

Until there's a shift in liability that means merchants are suddenly liable for card fraud. Suddenly spending a couple of thousand on a new terminal is more cost effective than dealing with thousands in fraud every month.

And it just so happens that's what's happening, with the liability shift beginning next year. There's currently a scramble behind the scenes to get everyone up to scratch before then. It's going to be messy, there's going to be casualties but like it or not, it's happening.

Comment: Re:Cheap architecture + short cuts = DOOM (Score 1) 250

by neokushan (#45950851) Attached to: Target Confirms Point-of-Sale Malware Was Used In Attack

That is essentially how EMV works. Transactions can be done offline, but the card can override the terminal and force it online (to the host) to proceed. Cards will do this for a whole number of reasons, making it difficult to predict. Data is cryptographically signed between card and host, so the terminal cannot tamper with it without voiding the whole transaction.

If the card demands to go online and the terminal does not, it doesn't fall back, it just fails.

Comment: Re:Cheap architecture + short cuts = DOOM (Score 1) 250

by neokushan (#45950837) Attached to: Target Confirms Point-of-Sale Malware Was Used In Attack

This isn't a fault of EMV or chip technology, it's a fault of the banks and their attitude towards security.

However in those instances, you still cannot clone a card (Unlike magstripe, which can be cloned trivially). While PIN makes it much more secure, there's still a huge benefit from moving to EMV. I.e. things like this target hack wouldn't have been possible under EMV cards, PIN or no PIN.

Comment: Re:Cheap architecture + short cuts = DOOM (Score 2) 250

by neokushan (#45950775) Attached to: Target Confirms Point-of-Sale Malware Was Used In Attack

tap to pay = RFID == lower security

Can we not spread bullshit and FUD on /. please?

The "tap to pay" interface is linked directly to the smart card. There are some protocol differences to handle the faster nature of the transaction, but it's still EMV, it's still just as secure as the chip itself, it's just contactless.

Even if the terminal itself was compromised and you could read the chip directly, you won't get anything useful from it. Sure, you'll get track2 data (i.e. the magstripe information) but it's useless for EMV as an EMV transaction has several layers of security. Encryption, hashing, cryptograms, essentially there's no way to replay a transaction even if you capture every bit of data from it. In EMV, the terminal isn't trusted, it just acts as an intermediary between card and host. Both the card AND the host can decide to decline a transaction. The card, at any point, can force a terminal to go online if it's not satisfied with the terminal (and will occasionally do so just for the sake of it, because certain floor limits have been hit) and if the terminal doesn't do this, the transaction is cancelled.
AT BEST, a criminal could remotely pass through your card's APDU's wirelessly to another transmitter to perform a fraudulent transaction but contactless payments are limited by a maximum spend (usually something like $15 or $20) and will often still require your PIN to proceed.

Your scaremongering isn't helping anyone, it's just causing people to stick with magstripe which is so insecure it's utterly laughable.

Comment: Re:Sure, why not (Score 1) 430

by neokushan (#45869931) Attached to: Cairo 2D Graphics May Become Part of ISO C++

Thank fuck someone on slashdot has some sense!

How dare we evolve computers to make things easier for everyone. How dare we rip off as much boilerplate code as possible and create utilities that help with tedious or repetitive tasks! I mean what the hell were we thinking, Computers weren't meant to make our lives easier, were they?!

Comment: Re:Good article (Score 3, Informative) 201

by neokushan (#45839621) Attached to: Dual_EC_DRBG Backdoor: a Proof of Concept

Just to add to this, if you want a good primer on Elliptic Curve Cryptography in general (and not just this exploit), this article from Cloudflare is pretty great even if you don't have a mathematical background. It also explains RSA quite well, so it's a good general crypto primer:

http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography

Contemptuous lights flashed flashed across the computer's console. -- Hitchhiker's Guide to the Galaxy

Working...