I don’t know what I would do with a Monome sixty-four, but I know it’s a box of awesome and I want one. So I’m now struggling mightily to rationalize a purchase with a brilliant application.

I can imagine using it for server monitoring. A light (or several) could represent a server (or its load/ram/etc.) and pulse steadily if it’s happy; fast if it’s overworked. Tap it to switch into a detail view. I just don’t have 64 servers — heck, I don’t have 4.

Any suggestions?

1. By default, only root will be able to play with your new scanner. Run sudo addgroup `whoami` scanner. Log out and back in, and you’ll be able to scan without being root.
2. Download the iscan and iscan-plugin-gt rpms from the provider. By playing with the URLs on the file I was able to find version 2.5.0, but I don’t know that you need it or why the page hasn’t been updated.
3. Run:

    
   $ sudo alien iscan-2.3.0-1.c2.i386.rpm
   $ sudo alien iscan-plugin-gt-s600-2.0.0-1.c2.i386.rpm
   $ sudo apt-get install iscan_2.3.0-1_i386.deb
   $ sudo apt-get install iscan-plugin-gt-s600_2.0.0-2_i386.deb

4. Run sane-find-scanner to see your scanner detected, and scanimage -L to hear it whir a little as sane checks that it can command it.

That’s all the setup I had to do. You should now be able to use xsane or Gimp to grab images off your scanner. I don’t know how to make the buttons on the scanner do anything, even xev reported nothing.

If you have problems, you should post on the SANE mailing list, not here, because I don’t really know anything about SANE and can’t help you.

As it goes, the article presents a decent solution: if the keyboard might be insecure, use the mouse and some free software to enter your password. Of course, this solution makes a shoulder-surfing attack far easier, and creates a new opportunity for hardware video interception. (Both of these attacks are, admittedly, not as cheap and subtle as hardware keylogging.)

The key to this problem is the word “insecure” in the last paragraph. Hardware keyloggers intercept plaintext communication. Except for a few security products, all computer peripherals communicate in unencrypted plaintext.

Perhaps USB3 (just guessing randomly at the Next Big Standard) could implement some kind of public-key cryptosystem. When you plug in a device you’d be given a prompt like “Does your Initech 104-key US-English Ubertype Keyboard have 5524 44F2 0CF6 3FB8 CB03 458C 6BA3 D6BF AF80 2CAA engraved on it somewhere?” (You’ve got to have it engraved by the manufacturer, otherwise you’ll be defeated by a ten-cent sticker. Even high-tech solutions have to exist in the real world.)

The technology for this already exists (though there’s some hurdles to clear for peripherals plugged in after boot time), but the biggest problems are price and user education. It’s very unlikely that most users will ever be targets for this attack, so the cost of establishing a new standard for peripherals and buying hardware that meets it is unreasonable.

More important than this is that users won’t know what this is or why it matters. It would be worth the extra training in situations that require a high degree of security (banking, the military, etc.) but most users would never bother to check the PK fingerprint and would just click “Sure, I checked it” to get on with their work (leaving them open to man-in-the-middle attacks). After a decade or two the understanding would probably percolate to the user community at large. (Or we could switch to wireless peripherals — we’ve had enough war/spy movies that everyone understands radio is trivial to intercept.) Anyone see other significant flaws with this approach?

Of course, security is an arms race and the next attack is to perform the interception in the hardware itself, calling for transparent cases and tamper-evident seals. And so on, and so on…