OK, I did more investigation... with logging turned on, I'm seeing the curl library get the redirect header.  However, the new thing that I've noticed is that it's redirecting from HTTP to HTTPS -- the URL on Amazon S3 is a https one.  Here's a sample:

https://stlth.s3.amazonaws.com/assets/p … 2RM0N4PC82

No problem viewing this in Firefox, but when I try fetching this with curl on the device, I hit two problems:

1) The "curl" binary on the Chumby One ships with a bad path to curl-ca-bundle.crt -- it wants to use one in /home/builder/dev/firmware/common-build/libs/output/arm-linux/share/curl/curl-ca-bundle.crt.

2) When I specify the correct path on the command line (to /usr/share/certs/curl-ca-bundle.crt), I get this error:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

If I download the latest certificate bundle from http://curl.haxx.se/ca/cacert.pem and use that, I'm able to download the file, so the problem is that the Chumby ships with an old bundle of certificates that doesn't include the one that can verify Amazon's S3 provider.  Once I replaced the curl-ca-bundle.crt file on the root file system with the current one from curl.haxx.se, my widget started working.

I hope you can update those certificates in the next system update.  In the meantime, I'll see if drop.io can add a parameter to their redirection logic to let me select HTTP instead of HTTPS.