I need someone to explain this to me.

NES lovers grew up and now they’re coding for Palm

In case you missed it back in June, the Palm Pre was rooted by extracting the Root ROM from a Palm tool used to reset a device with damaged software. A lot has been learned from examining the code inside that ROM but we’re most amused by one thing in particular. If you grew up in the 80′s there’s a pretty good chance you know the Konami Code by heart. So did the developers of WebOS, the firmware running on the Palm Pre. By inputting the familiar (UpUpDownDownLeftRightLeftRightBA) set of gestures the handset enters Developer mode for connection to the SDK which was leaked last summer but is now in open release.

Punching out parts

If you’re more of a code monkey than artist, it may be tough to transform your ideas into the 3D models necessary for fabbing. The folks working on openSCAD apparently feel our pain.

openSCAD uses a language somewhat reminiscent of C for creating models. A preview of the model is rendered alongside your code. Fully cross-platform, it runs on Linux, OS X, and Windows. Much like SketchUp, openSCAD can also extrude 2D outlines into models. This feature comes in very useful if one already has a set of technical drawings for a part. With no price tag, it’s pretty affordable during this costly season.

Software Auralization

music

Have you heard the latest track by gzip? Maybe it’ll end up on a “Greatest Hits” album alongside Philip Glass.

Visualization techniques such as animated algorithms can help programmers better grasp the abstract theories that make software work. Could auralization, the sound equivalent of visualization, provide similar insights? Postgrad student (and J. S. Bach fan) [Cessu] developed a program to do just that. By carefully mapping registers to notes, and slowing the tempo to a human timescale, the result is a cacophonous machine that offers a glimpse into the operation of various programs. You might find the resulting minimalist “music” insightful, entertaining…or maybe just incredibly grating.

[thanks Shadikka]

Black Hat hackers face off in Iron Chef style competition


Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]‘s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.