At this year’s Consumer Electronics Show, Chumby unveiled their latest prototype. It’s a network connected digital picture frame that runs Flash widgets. Just like the current Chumby model, they’re publishing the software and hardware under a license designed to let you hack it. They let us borrow one of their open chassis evaluation kits to teardown and photograph. We’ve got more pictures, full specs, and the schematics below.
[youtube=http://www.youtube.com/watch?v=QflrIK-m4Ts]
Reader [Ramon Viladomat] sent in what he has been working on over the last year at the Universitat Pompeu Fabra in Barcelona. Tired of see nothing but zooming map demos, he created a roleplaying game that takes advantage of the reacTable‘s multitouch interface. Along with multitouch, the reacTable also uses tangible fiducial markers to represent objects and as an alternative input method. Embedded above is a video demoing the interface and gameplay (starts at 3:43). The game lets you move your miniature through a virtual world. The surface shows you how far you can move dynamically as your action points regenerate and slowly reveals more dungeon as you discover it. You can pause the action and use gestures to set attack patterns. We really like this demo and would love to see someone build one using a popular tabletop game like Warhammer 40K. Embedded below is a demo of the associated map editor.
Frozen Cache is a blog dedicated to a novel way to prevent cold boot attacks. Last year the cold boot team demonstrated that they could extract encryption keys from a machine’s RAM by placing it in another system (or the same machine by doing a quick reboot). Frozen Cache aims to prevent this by storing the encryption key in the CPU’s cache. It copies the key out of RAM into the CPU’s registers and then zeroes it in RAM. It then freezes the cache and attempts to write the key back to RAM. The key is pushed into the cache, but isn’t written back to RAM.
The first major issue with this is the performance hit. You end up kneecapping the processor when you freeze the cache and the author suggests that you’d only do this when the screen is locked. We asked cold boot team member [Jacob Appelbaum] what he thought of the approach. He pointed out that the current cold boot attack reconstructs the key from the full keyschedule, which according to the Frozen Cache blog, still remains in RAM. They aren’t grabbing the specific key bits, but recreating it from all this redundant information in memory. At best, Frozen Cache is attempting to build a ‘ghetto crypto co-processor’.
We stand by our initial response to the cold boot attacks: It’s going to take a fundamental redesign of RAM before this is solved.
[via Slashdot]
[Alex] was frustrated by the amount of time it took to start prototyping with an AVR ATtiny. To make things easier, he built headers that carry the 8 and 20 pin chips and plug directly into breadboards. The boards include a 6pin ISP header, resonator, pull-up resistor, reset, and blocking caps. The ATtiny2313 version also has a serial connection header. This is a prototype though, and he forgot to route one of the connections. He plans on having a large batch of boards ready for next month.
Here’s another bizarre keyboard mod to add to the pile. Unlike previous typewriter style mods, this one uses Scrabble tiles. All of the tiles were hand beveled and attached to a clicky keyboard. The Num, Cap, and Scroll lock buttons have their letters’ hollowed out so the LED light will shine through.
[via Gizmodo]
Bittorrent is a great distribution method for large files, but its heavy bandwidth usage can be disruptive to both work and home networks. [Brett O’Connor] has decided to push all of his torrenting activity into the cloud. Amazon’s EC2 service lets you run any number of Amazon Machine Images (AMI, virtual machines) on top of their hardware. You pay for processing time and data transferred. [Brett] put together a guide for building your own seedbox on the service. First, you set up the Security Group, the firewall for the machine. Next, you specify what AMI you want to use. In this example, it’s a community build of Ubuntu. Once you have your SSH keypair, you can start the instance and install Apache, PHP, and MySQL. TorrentFlux is the web frontend for bittorrent in this case. It manages all the torrents and you just need to click download when you want to grab the completed file.
Even if you don’t plan on setting up a seedbox, the post is a straightforward example of how-to get started with EC2. He’s not sure what the cost will be; the current estimate is ~$30/mo.
[via Waxy]
[photo: nrkbeta]
PandaLabs has identified a botnet running a malware campaign impersonating president-elect Obama’s website. The front page of the site features a sensational story titled “Barack Obama has refused to be a president”. Clicking the link will download the malware and make the target’s machine part of the botnet. They’re using fast-flux to assign the malicious domains to the massive number of compromised nodes that are hosting the actual site. The team has contacted the domain name registrar in China to get the domains removed. Using a sensational headline is not new to malware; it’s how the Storm Worm got its name.
[via lithium]
