Archive for the ‘chumby’ Category

« Older Entries

Name that Ware June 2010

Tuesday, June 22nd, 2010

The ware for this month is shown below. Click on the images for a much larger version.

For this month, I’ll tell you what the ware is — it’s the mainboard of the Insignia Infocast. Insignia, for those who are not familiar with it, is a Best Buy exclusive brand.

The challenge, this time, is to guess the number of vias on the main board (including estimating those that are not visible and covered up by components on both sides — so just counting the visible ones will leave you a few short). To be clear, pad and mounting holes don’t count as vias for this competition, and I will judge by “Price is Right” rules (closest to but not exceeding the actual count), with the first correct submission winning (don’t worry, if your comment is held in moderation, the original comment post time is preserved and I use that to judge). If you make multiple submissions, the last submission is the only one that counts. The competition will run for at most a month, but may end sooner if contestants get very close to the correct answer.

The prize is an Insignia Infocast.

About the Infocast
The Infocast is an Internet Media Display — sort of a new device category. It’s what you get when you put chumby software technology into an otherwise unconnected device. The chumby One and the Sony dash are also kin to the Infocast. Unlike the iPad, whose roots lie in the mobile world, Internet Media devices are the supercharged descendants of common unconnected household appliances — clock radios, digital photo frames, and the likes. Hence the form factor of these devices are targeted at fixed installations in the bedroom, livingroom or kitchen, with a lower price point and subdued design reflecting their humbler origins. However, despite having a much lower price and a different lineage than smart phones, netbooks and tablets, its features and capabilities are often similar enough to high-end mobile products that many try to compare the two, when in fact they are meant to compliment each other.

Aside from being able to play chumby apps on an 8″ screen at 800×600 resolution (here’s a nod to everyone who has asked for a larger-screen chumby over the years), the Infocast also has a rich set of capabilities built around photo sharing, reflecting its roots in the digital photoframe space (as covered by Engadget in CES 2009 and hackaday). It has the ability to natively read photos and videos off of SD, SDHC, MMC, XD, Memory Stick, Compact Flash, and USB format media; there’s also an integrated photo management utility that allows you to upload these photos directly to the on-line photo sharing service Photobucket, or share them directly with other users that own chumby-powered devices whom you’ve friended inside the chumby network. This latter feature is very handy for sharing photos with techno-phobes: just give them a pre-configured chumby-powered device, and you can send them your latest photos with a drag-and-drop gesture from your Infocast; they’ll receive them without ever having to touch a browser, smartphone or PC.

DIY Friendly Hardware
Since I had a direct role in designing the internal electronics for the Infocast (unlike the Sony dash), I tried to put some DIY-friendly features in the PCB layout. First, there’s an internal, 3.3V 115200 8N1 serial port with its connections documented on the silkscreen of the PCB. Second, there’s also an internal “mini mod port” right next to the socketted microSD firmware drive. The mini mod port has only eight pins, but it breaks out 3.3V power, I2C, and a couple GPIOs for you to play with; it also has its pinout documented on the silkscreen for your convenience. Third, I left a few unpopulated features on the PCB for DIY’ers that want to take it up a notch and solder in a 3-axis accelerometer or a cellphone-style digital camera (granted, those things are very hard to source, so the camera in particular is pretty much a double-black-diamond mod). Strictly speaking, the Infocast is rather closely based on the “silvermoon” platform reference design that chumby provides (see schematics), so it’s not Open with a capital “O” but it’s open enough for easy modification — a bit of a compromise, I recognize, but still a positive step in the direction of enabling Makers and modders to gain deeper utility out of stuff found inside a Best Buy. Also along this vein, the plastic case design is entirely Best Buy’s, so unlike the chumby One, drawings and 3D files of the case are not available.

To open up the device, there are four screws on the bottom, hidden underneath the rubber feet. There is also a friction-lock tab you need to disengage by jamming a small flathead screwdriver into the small gap between the top and bottom plastic pieces above the USB2 connector. It also helps to remove the CR2032 battery before trying to remove the bottom of the case. Of course, opening the device voids your warranty, so you can’t return it to Best Buy after you do this!

Modding the Software
There is a facility in the firmware for enabling ssh on the Infocast (putty is a decent, free ssh client). From the main screen (the screen with a black background and a left nav panel, not the home screen with the green background and a few icons in the middle), touch the Insignia logo, and an About dialog box pops up. Touch the “pi” icon in the top right near the close button, and you’ll get the old “Do you believe in the Users?” dialog box that you may recognize from other chumby devices. There, you can start sshd, and perform a few other handy tasks, such as enabling fbcgi, which was used to take the screen shots you see below.

Of course, once you’ve ssh’d into the device, the question is what can you do with it? Fortunately, xobs (who also brought quake, 3G, and composite video to the chumby One) left, in my opinion, the best Easter Egg of all inside the firmware. If, on the command line, you type “gcc” or “make”, the firmware will prompt you if you want to download and install a native toolchain on the device. 

chumby-18-0b-72:~ # gcc
GCC isn't on this device by default, but it's possible to download a
package and install it.  If you like, we can try fetching one from
http://files.chumby.com/hacks/silvermoon_toolchain.sh and installing it.
Install toolchain? [Y/n]

That’s right–no more need to install a cross-compiler to code on this device. This will install a native ARM compiler, make, plus other handy stuff (like bison, flex, binutils…) so that many source packages “just work” (you’ll have to be a little bit careful about your install path because the rootfs is read-only by default, because the free space in / is not very large — but you can get around that by either doing a “mount -o remount,rw /” and installing it on / (if it fits), or setting up your install path to point to /mnt/storage, where about 1.5G of space exists). Here’s an example of what the install transcript looks like. And…the obligatory reminder…modifying your device like this voids your warranty as well.

There’s also a couple other really handy utilities that xobs left in the device. One is called “regutil”. This is like PEEK and POKE from the Bad Old Days. I love this utility, as it lets me get right in touch with the hardware — who needs stinkin’ virtual memory protection?? Of course, you can do Evil things with this utility, so use with care. In order to tickle the three GPIOs you’ve got available on the mini mod header, you can simply use regutil like this:

1) Start by making sure all three pins are GPIOs:
    regutil -c MFP_49=7 -c MFP_54=7 -c MFP_55=7

2) Set all three pins as outputs:
    regutil -w GPIO2_PDR=0x00c20000

3) Set them all high:
    regutil -w GPIO2_PSR=0x00c20000

4) Set them all low:
    regutil -w GPIO2_PCR=0x00c20000

If you solder on a ~100 to 200 ohm resistor in series with a red LED between a GPIO and ground, you should be able to make it wink on and off using these shell commands — no C necessary!

The other thing xobs gave to me to post here is an example program for tickling the I2C port. This will help accelerate folks who just want to knock out an I2C controlled peripheral using the Infocast.

So as far as DIY’ers and modders are concerned, the Infocast is just a $169, 800 MHz ARM Linux computer with 128 MB of DDR2, 2 GB of mass storage and an 8″, 800×600 touchscreen display, and there’s even a pre-built, easy to install native compiler available for it. There’s also two USB ports on the back — conveniently, one for keyboard, one for mouse if you care to use them. I reckon this may be one of the cheapest “full” (e.g. with LCD and case) Linux computers in its performance class that you can buy on the retail market…cheaper in practice than the OLPC XO-1 (although to be fair the Infocast lacks a battery and that awesome daylight readable transreflective display), yet nearly double the MHz of the XO-1, Sony dash, and the chumby One.

So, can it run Android? can it run a browser? can it run MAME? can it turn on your coffee maker? can it control a robot?

It’s up to you.

Happy hacking!

Posted in Hacking, chumby | 88 Comments »

chumby One Spare Parts at Sparkfun

Wednesday, June 9th, 2010

For those of you who have a need for spare chumby One parts — maybe you broke something while hacking, or you have a homebrew project you want to do, but don’t want to buy a whole new unit just to tear it apart — Sparkfun is now carrying a line of refurbished chumby One spare parts!

Posted in Hacking, chumby | 6 Comments »

Make Your Own 3G Router

Thursday, April 29th, 2010

There’s an Easter Egg inside the chumby One (which is now on sale at Costco online for $99, cheaper than chumby.com’s $119 price!) that enables it to work with certain 3G USB modems and function as a 3G router (similar to a MiFi).

Above is a picture of a Verizon USB760 modem plugged into the USB port of a chumby One.

Use of the Easter Egg is documented on the chumby wiki, but it can be quite simple:

1. Plug in your 3G card.
2. Go to the Network Config screen by pressing the top button, going to Settings, then tapping on Network.
3. Select “create a new connection”, press OK, and wait for the scan to time out.
4. Select “Other”
5. Enter 3G as the name of the access point. It must have a capital G for it to work.
6. Wait for the subsequent scan to time out.
7. Select “Manual”.
8. Tap “OK” to select None as the encryption type.
9. Tap “OK” to select Automatic IP allocation.
10. Tap “OK” to confirm settings and connect to the network

To activate local wifi sharing, ssh into the device (or plug in a USB keyboard to activate the drop-down console) and use the command “touch /psp/start_ap” to flag the network setup scripts to configure your chumby One as an access point. Note that AP mode also works with other network sources, such as Ethernet-over-USB.

This works because the chumby One ships with a copy of pppd, hostapd and a set of glue scripts (courtesy of xobs) that allow it first to talk to the 3G network, and second to work as an access point that shares the 3G connection with other wifi devices using its internal wifi card.

Since this is an Easter Egg, it has a few rough edges on it, such as no native UI to do things like configure your AP SSID and encryption mode, and for many GSM networks you’ll need to enter a custom username, password and phone number; but you certainly can ssh in and tweak the scripts to set those things up. Regardless, this is a very handy trick that I’ve used in hotels from Shenzhen to Tokyo to New York to set up a wifi hotspot (complete with Internet radio and chumby apps) on the road — the hack works with quite a few 3G dongles and networks (given a little tweaking).

Posted in Hacking, chumby | 29 Comments »

On MicroSD Problems

Tuesday, February 16th, 2010

The microSD ware for January 2010 was not an incidental post. It is actually snapshot of a much longer forensic investigation to find the ground truth behind some irregular Kingston memory cards.

It all started back in December of 2009, when chumby was in the midst of production for the chumby One. A call came in from the floor noting that SMT yield had dropped dramatically on one lot, so I drove over to the building to have a look (this is the advantage of being in China during production — you can fix problems like this within the hour, before they become really serious issues). After poking and prodding a bit, I realized that all the units failing had Kingston microSD cards from a particular lot code. I had the factory pull the entire lot of microSD cards from the line and rework all the units that had these cards loaded. Sure enough, after subtracting these cards from the line, yield was back to normal again.

Normally, the story would end there; you’d RMA the material, get an exchange for the lot, and move on. Except there were a couple of problems. First, Kingston wouldn’t take the cards back because we had programmed them. Second, there was a lot of them — about a thousand all together, and chumby was already deeply back-ordered. Also, memory cards aren’t cheap; the spot price on this type of memory card is around $4-5, so it’s a few thousand dollars in scrap if we can’t get them exchanged … and neither chumby nor the CM is large enough to sneeze at a few kilobucks.

So I kicked into forensic mode. The first thing that raised my suspicions is the external markings on the irregular Kingston cards.

On the left is a sample of the irregular card. On the right is a sample of a normal card. I’ve put red arrows on the details that called the most attention to me at first.

The most blatantly strange issue is that the card on the left has its lot code silkscreened using the same stencil as the main logo. Silkscreening a lot code on isn’t that unusual, but typically the silk does not share the same stencil as the logo, so you’ll see some small variance in the coloration, font, or alignment of the lot code from the rest of the text. In fact, across the entire batch of irregular cards, they shared the exact same lot code (N0214-001.A00LF) (typically the lot code will vary every couple hundred cards at least). This is in contrast to the card on the right, which is laser-marked, and has a lot code that varied with every tray of 96 units.

The second strange issue, perhaps more subtle and perhaps not damning, is the irregularity in the “D” of the microSD logo. Typically, brand name vendors like Kingston would be very picky about the accuracy of their logos. The broken D is something found on SanDisk cards, but Kingston cards found in US retail almost universally use a solid D.

It turns out the weirdness in the external markings is just the start of it. When we read out the electronic card ID data on the two cards (available through /sys entries in linux), this is what we found:



First, the date code on the irregular card is uninitialized. Dates are counted as the offset from 00/2000 in the CID field, so a value of 00/2000 means they didn’t bother to assign a date (for what it’s worth, in the year 2000, 2GB microSD cards also didn’t exist). Also, the serial number is very low — 0×960 is decimal 2,400. Other cards in the irregular batch also had similarly very low serial numbers, in the hundreds to thousands range. The chance of me “just happening” to get the very first microSD cards out of a factory is pretty remote. The serial number of the normal card, for example, is 0×9C62CAE6, or decimal 2,623,720,166 — a much more feasible serial number for a popular product like a microSD card. Very low serial numbers, like very low MAC ID addresses, are a hallmark of the “ghost shift”, i.e. the shift that happens very late at night when a rouge worker enters the factory and runs the production machine off the books. Significantly, ghost shifts are often run using marginal material that would normally be disposed of but were intercepted on the way to the grinder. As a result, the markings and characteristics of the material often look absolutely authentic, because the ghost material is a product of the same line as genuine material.

Furthermore, the manufacturer’s ID is 0×41 (ASCII ‘A’), which I don’t recognize (supposedly the SD group assigns all the MIDs but I don’t see a public list of them anywhere). The OEMID is also 0×3432, which is suspiciously ASCII ‘42′ (one more than the hex value for the manufacturer ID). These hex/ascii confusions are possible signs that someone who didn’t appreciate the meaning of these fields was running a ghost shift making these cards.

Armed with this evidence, we confronted Kingston — both the distributor in China as well as the US sales rep. First, we wanted to know if these were real cards, and second, if they were real cards, why were the serialization codes irregular? After some time, the Kingston guys came back to us and swore these cards were authentic, not fakes, but at least they reversed their position on not offering an exchange on the cards — they took back the programmed cards and exchanged them for new ones, no further questions asked.

However, they never answered as to why their card ID numbers were irregular. While I know chumby is a small fry customer compared to the Nokias of the world, I think it’s still important that they answer basic questions about their quality control process even to the small fry. I had an issue once with an old version of a Quintic part being accidentally shipped to me, and once I could prove the issue to them, I received world-class customer service from Quintic, a full explanation, and an immediate and full exchange of the parts at their cost. That was exemplary service, and I commend and strongly recommend Quintic for it. Kingston, on the other hand, did not set an example to follow.

Normally, at this point, I would simply disqualify Kingston as a vendor, but I’m more persistent than that. It’s disconcerting that a high-profile, established brand would stand behind such irregular components. Who is to say SanDisk or Samsung wouldn’t do the same? Price erosion has been brutal on all the FLASH vendors, and as small fry I might be repeatedly taken advantage of as a sink for marginal material to improve the FLASH vendor’s bottom lines. Given the relatively high cost of these components, I needed to develop some simple guidelines for IQC (incoming quality control) inspection to accept or reject shipments from memory vendors, so I decided to do more digging to try and find ground truth.

The first thing I had to do was collect a lot of samples. The key is to attempt to collect both regular and irregular cards in the wild, so I went to the SEG / Hua Qian Bei district and wandered around the gray markets there. I bought about ten memory cards total from small vendors, at prices varying from 30-50 RMB ($4.40 – $7.30), most of them priced toward 30 RMB. The process of shopping for irregular cards itself was interesting. In talking to a couple dozen vendors, you learn a few things. First, Kingston as a brand is weak in China for microSD cards. Sandisk has done a lot more marketing in the microSD space, and as a result, it’s much easier to find Sandisk cards on the open market. The quality of the grey-market Sandisk cards are also typically more consistent. Second, the small vendors are entirely brazen about selling you well-crafted fakes. Typically, the bare cards are just sitting loose in trays in the display case; once you agree on the price and commit to buying the card, the vendor will toss the loose card into a “real” Kingston retail package, and then miraculously pull out a certificate, complete with hologram, serial numbers, and a kingston.com URL you can visit to validate your purchase, and slap it on the back of the retail package right in front of your eyes. Hey, it’s just like new! … I suppose the typical buyer in those markets is not an end user, but someone who is looking to make a quick buck reselling these cards at a hefty markup in a more reputable retail outlet.

One vendor in particular interested me; it was literally a mom, pop and one young child sitting in a small stall of the mobile phone market, and they were busily slapping dozens of non-Kingston marked cards into Kingston retail packaging. They had no desire to sell to me, but I was persistent; this card interested me in particular because it also had the broken “D” logo but no Kingston marking.

Above is a scan of the card and the package it came in (a larger image of the card can be seen below; it is “Sample #4″).

After collecting all the samples, I read out their card ID information, and then digested their packages with nitric acid. Below is the line-up of the cards I digested. Yes, my digestion technique is pretty crude. Actually, most of the damage to the card came from the cleaning process — I was using a Q-tip with acetone to remove the dissolved encapsulant and I had to get a little rough, which doesn’t do any favors for the bond wires. But…good enough for my purposes.

Click on the image above for a full-sized version.

Some notes on the cards above:

  • Sample 1: This is the original irregular card that got me started on this whole arc. It was purchased through a sanctioned Kingston distributor in China, and to the best of my knowledge, none were shipped to end customers of chumby.
    MID = 0×000041, OEMID = 0×3432, serial = 0×960, name = SD2GB.
  • Sample 2: This is a normal card that I also purchased from the same sanctioned Kingston distributor in China, and is typical of those actually shipped in the first lot of chumby Ones
    MID = 0×000002, OEMID = 0×544D, serial = 0×9C62CAE6, name = SA02G
  • Sample 3: This is a Kingston card purchased through a major US retail chain. Note how the MID and OEMID are identical to sample 2, but not sample 1.
    MID = 0×000002, OEMID = 0×544D, serial = 0xA6EDFA97, name = SD02G
  • Sample 4: This is the aforementioned non-Kingston branded card that I spotted being slapped into Kingston-marked packaging, bought on the open market in Shenzhen. Note the low serial number.
    MID = 0×000012, OEMID = 0×3456, serial = 0×253, name = MS
  • Sample 5: This is a device bought from a more established retailer in the Shenzhen market, but still questionable. I bought it because it had the XXX.A00LF marking, like my original irregular card.
    MID = 0×000027, OEMID = 0×5048, serial = 0×7CA01E9C, name = SD2GB
  • Sample 6: This is a SanDisk card bought on the open market from a sketchy shop run by a sassy chain-smoking girl who wouldn’t stop texting on her mobile. I actually acquired three total SanDisk cards from different sketchy sources but all of them checked out with the same CID info, so I only opened one of them. Interestingly, one SanDisk card turned out to be used and only quick-formatted. With the help of some recovery software, I found DLLs, WAV’s, maps, and verisign certificates belonging to Navione’s Careland GPS inside the drive. A project for another day will be acquiring lots of refurb microSD cards and collecting interesting data off of them.
    MID = 0×000003, OEMID = 0×5344, serial = 0×114E933D, name = SU02G
  • Sample 7: This is a Samsung card that we bought from a Samsung wholesale distributor. I didn’t scan this one before digesting it, so the image of it is missing but the card actually has no markings on the outside — it’s a total blank card with just a laser mark on the back. From appearances alone, it would look to be the sketchiest of the bunch, but in reality it’s one of the best built. Goes to show you can’t judge a book by its cover.
    MID = 0×00001B, OEMID = 0×534D, serial = 0xB1FE8A54, name = 00000

    • That’s a lot of data for a blog post, but I figured more details are better for sharing, since I could find no central database for this kind of information on the web.

    Here are the most interesting “high level” results from my survey:

  • The “normal” Kingston cards (samples #2 and #3) were all direct Toshiba OEM cards (MID = 0×000002, OEMID = 0×544D (ASCII ‘TM’, presumably for Toshiba Memory)). These cards employ Toshiba controllers and Toshiba memory chips, and seem to be of good quality, and thankfully the only ones that were sent on to chumby customers.
  • The irregular card (sample #1) uses the same controller chip as the outright fake (sample #4) that was bought in the SZ market. Both the irregular Kingston and the fake Kingston had low serial numbers and whacky ID information. Some of these cards experience some difficulty in normal operation. I still hesitate to call Kingston’s irregular card a fake — that’s a very strong accusation to make — but its construction is similar to another card of clearly questionable quality, which leads me to question Kingston’s judgment in picking authorized manufacturing partners.
  • The irregular card is the only card in the group that does not use a stacked CSP construction. Instead, it uses side-by-side bonding.
  • The only two memory chip foundries in this sample set were Toshiba/Sandisk and Samsung. Note that Sandisk and Toshiba co-own the fab that makes their memory chips.
  • Samsung’s NAND die — the most expensive part of a microSD card — is about 17% larger than Toshiba/Sandisk. This means that Samsung microSD cards should naturally carry a slightly higher price than Toshiba/Sandisk cards. However, Samsung does get to offset that against the ability to diversify the same die from microSD packages into street-packaged TSOP devices, and they also don’t have a middleman like Kingston to eat away at margins.

    • Significantly, Kingston is revealed as simply a vendor that re-marks other people’s chips in its own packaging [clarification]. Every Kingston card surprisingly had a Sandisk/Toshiba memory chip inside, and the only variance or “value add” that could be found is in the selection of the controller chip. Oddly enough, of all the vendors, Kingston quoted with the best lead times and pricing — better than SanDisk or Samsung, despite the competition making all their own silicon and thereby having a lower inherent cost structure. This tells me that Kingston must be crushed when it comes to margin, which may explain why irregular cards are finding their way into their supply chain. Kingston is also probably more willing to talk to smaller accounts like me because as a channel brand they can’t compete against OEMs like Sandisk or Samsung for the biggest contracts from the likes of Nokia or RIMM. Effectively, Kingston is just a channel trader and is probably seen by SanDisk/Toshiba as a demand buffer for their production output. I also wouldn’t be surprised if SanDisk/Toshiba was selling Kingston “A-” grade parts, i.e., parts with slightly more defective sectors, but otherwise perfectly serviceable. As a result, Kingston plays a significant and important role in stabilizing microSD card prices and improving fab margins, but at some risk to their own brand image.

    Overall, the MicroSD card market is a fascinating one, a discussion perhaps worth a blog post on its own. I’d like to point out to casual readers that the spot price of MicroSD cards is nearly identical to the spot price of the very same NAND FLASH chips used on the inside. In other words, the extra controller IC inside the microSD card is sold to you “for free”. The economics that drive this are fascinating, but in a nutshell, my suspicion is that incorporating the controller into the package and having it test, manage and mark bad blocks more than offsets the cost of testing each memory chip individually. A full bad block scan can take a long time on a large FLASH IC, and chip testers cost millions of dollars. Therefore, the amortized cost per chip for test alone can be comparable to the cost of silicon itself.

    To ground this in solid numbers, suppose a production-grade memory tester costs one million dollars. If you take one million dollars and divide it by the number of seconds over a five year period (a typical depreciation lifespan for such equipment), the equipment “costs” $0.00634 per second. Thus, a thirty second test costs you $0.00634/second x 30 seconds = $0.19. This is comparable to the raw die cost of the controller IC, according to my models; and by making the controllers very smart (the Samsung controller is a 32-bit ARM7TDMI with 128k of code), you get to omit this expensive test step while delivering extra value to customers — I love the fact that when I put on my linux kernel hacker hat, I can be completely oblivious to the existence of bad blocks and use mature filesystems like ext3 instead of JFFS2, at no extra cost to end customers like you. Isn’t it fun to connect the dots, all the way from silicon die markings to the linux kernel to end users, and all the businesses in between?

    In the end, I’d have to say that both SanDisk and Samsung look like they might be superior wholesale vendors to Kingston for memory cards due to their more direct control of their respective supply chains. Unfortunately, you can’t buy Samsung-branded microSD cards on the retail market, as far as I know — Samsung only sells their cards to wholesalers who then rebrand and/or resell the card, and like Kingston these non-OEM brands may blend their vendors so it’s hard to say if you’re getting the best card or simply a usable card.

    Posted in Hacking, Ponderings, chumby | 260 Comments »

    « Older Entries