Green building gear in Gotham

Bright lights in the big city. LEDTronics makes LED lights in all different shapes for commercial clients like casinos and high-end homes.

LEDs are still very expensive for regular household use, but good options are expected to be available in the next several years.

LEDs are very energy-efficient; a string of Christmas tree lights only uses a few watts. And they last a long time. LEDTronics representatives said that their LEDs will last 5.7 years with lights on 24 hours a day, or 17 years if they are on 8 hours a day. In addition, the bulbs are made of plastic and so are less fragile than glass lamps.

There are green roofs and "living walls" like this one. Both provide insulation to a building and, in the case of walls, another aesthetic option for building designers.

They can also help manage water, either by cutting down on run-off or to recycle gray water, the water from sinks and baths.

This green wall system from G-Sky is mounted on a frame with a drip-feed water system that can be remotely controlled. A moisture sensor is there to prevent overwatering.

Representatives from G-Sky said they normally grow plants for six months before installing them in restaurants or commercial buildings. These poor plants don't look so happy because they were stuck in there a day before for the trade show.

The gray water filtration system for the G-Sky green walls. The gray box on the bottom right provides an Internet connection for remotely controlling the water-feeding system. Normally, there is a fertilizer feed in here as well.

A new way to heat your home. Radiant heat, where a heating element is placed under floors, has been around for some time and is usually done by sending hot water through tubes placed under the floor.

This is an electric radiant heating system called the Step Warmfloor.

These plastic strips are stapled under the floor and a low-voltage current runs through it to provide heat. The installation is done by an electrician. The company says the system is more efficient than hot water radiant heat and easier to install.

This is a solar panel that's designed to generate electricity from a city balcony rather than a rooftop.

The SolaRail from EPV Solar is encased in glass, weighs 90 pounds, and can generate 42 watts under peak conditions. It's used in a building in the Tribeca part of Manhattan where each balcony has 14 modules. It's a good example of how thin-film solar cells open up possibilities for building-integrated photovoltaics (BIPV).

Another form of distributed generation is combined heat and power systems. This micro-turbine from Capstone Turbine runs on natural gas to produce both electricity and heat. It's 82 percent efficient and has far lower levels of nitric oxide and sulfur oxide compared with diesel generators. The heat can be used for space heating or, with an absorption chiller, for cooling. Several are already installed in New York City in buildings, and a few have been tested in buses. It can also be configured to run off of methane from landfills or waste water treatment plants, according to the company.

Why is a carpet company at a green building conference? Because Shaw Floors has designed a carpet to be completely recyclable. The backing under the nylon carpet has a toll-free number that customers can call to get the distributor to take back unwanted carpet. The backing is separated and recycled by grounding it into reusable pellets. The nylon is also broken up into smaller pieces (represented in these vials) for recycling.

All the major components of a solar hot water heating system, which typically have a quicker pay-back period than solar electric panels. The evacuated tubes heat a liquid that is piped to a heat exchanger that transfers the heat to water. That hot water is stored in a tank.

Nanogel from Duo-Guard is a translucent insulator that can be used for walls or skylights.

The Nanogel can be used on its own, or incorporated with Duo-Guard's Illumall, a modular wall system where each panel changes color on a timer.

Cardboard furniture is displayed by the U.S. Green Building Council.

Pfister Energy specializes in building-integrated wind turbines. This vertical axis turbine can be mounted on the ground, a rooftop, or placed on its side.

Free Sourcefire tool pinpoints hostile MS Office files

Sourcefire, the company behind the popular Snort intrusion detection system, has released a freeware utility to help identify potentially threatening Microsoft Office files.

The tool, called OfficeCat, can be used to process Microsoft Office documents — Word, PowerPoint, Excel and Publisher — determine if possible exploit conditions exist.

Unlike products that detect attempts to exploit known Microsoft vulnerabilities, Sourcefire said OfficeCat can determine if a file contains hostile content before it is opened.

From the Sourcefire announcement:

OfficeCat provides reference information on discovered vulnerabilities so users can remediate risks. By detecting these hostile files before they are opened, OfficeCat enables users to proactively increase the effectiveness of their security efforts.

…To create effective rules, the VRT conducts ongoing research into Microsoft Office vulnerabilities and will regularly update OfficeCat with the latest vulnerability information.

The command-line utility ships with rules for a total of six Microsoft Office bulletins and about 45 CVE entries related to Microsoft Office vulnerabilities.

There has been a noticeable surge in attacks exploiting critical security vulnerabilities in the Microsoft Office software suite.

In addition to using Sourcefire’s OfficeCat, I strongly recommend Microsoft Office users to run Microsoft Office Update to ensure installations are fully patched.

Windows Mobile 7 phones coming in Q1 2009?

Windows Mobile 7 may be closer than many think.

According to a report from at least one major handset maker, Microsoft is planning to make available the final bits of its next mobile operating-system release in time for them to start selling Windows Mobile 7 phones in the first quarter of 2009. If true, that would seem to imply that Microsoft will release the final Windows Mobile 7 by the end of 2008, in order to give phone makers time to test and preload.

As is the case with Windows 7, Windows Mobile 7 is a forbidden topic. Microsoft won’t talk about planned features, beta dates or how/when/if Windows Mobile phones will become more head-to-head competitors with the iPhone.

(I am wondering whether Microsoft might finally share some Windows Mobile 7 info at its Worldwide Partner Conference in early July, given that Andy Lees, the newly appointed Senior VP of Microsoft’s Mobile Communications business is on the keynote line-up. If Microsoft really is going to deliver the final Windows Mobile 7 bits later this year, one would think it needs to be evangelizing about it now.)

There have been a few leaks about what Microsoft is planning for Windows Mobile 7 and Windows Mobile 8. Not too surprisingly, multi-touch and gesture-recognition support are on the docket. The user interface for Windows Mobile phones is slated to get an overhaul, making it more consumer friendly. And, at some point, consumer-focused services beyond Windows Live — things like music and photo-management, will find their way onto Windows Mobile devices via Microsoft’s Project Pink and Danger acquisition.

Until now, the only target date for Windows Mobile 7 I had seen leak was “some time in 2009.” But the Phone Report earlier this week quoted an official with HTC saying the company planned to deliver a Windows Mobile 7 phone in Q1 2009, and an Android-based HTC phone in Q4 2008, by the way.

From recent executive remarks, it sounds like Microsoft is trying to get Windows and Windows Mobile to be more in sync. Might this mean with Windows Mobile 8 — which Microsoft has told certain folks will be built from scratch — Microsoft might make Windows Mobile a “real” version of Windows, with the same core as Windows client?

Microsoft blames ‘human issues’ for Bluetooth patch hiccup

Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that “two separate human issues” caused a major hiccup with the critical security patch.

The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

[ SEE: Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday ]

Budd said an initial investigation into the hiccup identified “human issues” but he did not elaborate.

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.

Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.

Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

It’s important to note that this re-release only applies to users running Windows XP SP2 or SP3. “If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems,” Budd said.

Microsoft has had trouble in the past with faulty security updates but it’s somewhat rare for to see a bulletin re-release because the patch missed an entire OS version. The very reason we have a Patch Tuesday release cycle is to avoid situations where IT admins cannot properly prepare for testing and deploying updates.

Having two Patch Days in a month is borderline unacceptable, especially when it involves the “human issues” excuse.

Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered

Yesterday, an anonymous reader released details on a local root escalation vulnerability in Mac OS x 10.4 and 10.5, whichworks by running a local AppleScript that would set the user ID to root through ARDAgent’s default setuid root state. Here’s how it’s done :

“Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘; Works for normal users and admins, provided the normal user wasn’t switched to via fast user switching. Secure? I think not.”

Find out how to fix it.


You’ve got several possible workarounds, you can remove the Apple Remote Desktop located in /System/Library/CoreServices/RemoteManagement/, or you can go through the visual Workaround for the ARDAgent ’setuid root’ problem.

Moreover, the AppleInsider speculates on the potential for abuse :

The effects of malicious code run as root may range from deleting all the files on the Mac to more pernicious attacks such as changing system settings, and even setting up periodic tasks to perform them repeatedly. Not all Macs are vulnerable, however. If a user has turned on Remote Management in the Sharing pane of System Preferences under Mac OS X 10.5, or if a user has installed Apple Remote Desktop client under Mac OS X 10.4 or earlier and has activated this setting in the Sharing preferences, the exploit will not function. Mac OS X 10.5’s Screen Sharing function has no effect on this vulnerability.

And even though the vulnerability can also be executed via a remote connection under specific circumstances based on the configuration, physical security to prevent the unauthorized local access is as applicable as it’s always been.

About-face: Apple patches Safari ‘carpet bombing’ bug

In what amounts to a major about-face, Apple has patched the Safari “carpet bombing” vulnerability that led to a Safari-to-Internet Explorer remote code execution combo threat.

After insisting for weeks that the issue is more of an irritant than a security risk, Apple today released Safari v3.1.2 for Windows with a patch warning that saving untrusted files to the Windows desktop may lead to the “execution of arbitrary code.”

From Apple’s advisory:

An issue exists in how the Windows desktop handles executables. Saving an untrusted file to the Windows desktop may trigger the issue, and lead to the execution of arbitrary code. Web browsers are a means by which files may be saved to the desktop. To help mitigate this issue, the Safari browser has been updated to prompt the user prior to saving a download file. Also, the default download location is changed to the user’s Downloads folder on Windows Vista, and to the user’s Documents folder on Windows XP. This issue does not exist on systems running Mac OS X.

The bulletin cites Microsoft’s security advisory on the combo-threat discovered by researcher Aviv Raff.

Safari v3.1.2 for Windows, available for Windows XP and Vista, also fixes at least three additional vulnerabilities that could lead to information disclosure and code execution attacks.

One of the other three bugs also describes a combo threat that goes the other way – Internet Explorer to Safari:

Visiting a malicious website which is in a trusted Internet Explorer zone may lead to the automatic execution of arbitrary code
Description: If a website is in an Internet Explorer 7 zone with the “Launching applications and unsafe files” setting set to “Enable”, or if a website is in the Internet Explorer 6 “Local intranet” or “Trusted sites” zone, Safari will automatically launch executable files that are downloaded from the site. This update addresses the issue by not automatically launching downloaded executable files, and by prompting the user before downloading a file if the “always prompt” setting is enabled.

The IE-to-Safari threat was reported by Will Dormann of CERT/CC .

The browser refresh also plugs a memory corruption issue in WebKit’s handling of JavaScript arrays. “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple warned.

The fourth vulnerability is an out-of-bounds memory read that may occur in the handling of BMP and GIF images.

Finjan uncovers half a gigabyte of stolen data on crimeware servers

Finjan’s Malicious Code Research Center has uncovered a half of gigabyte of stolen data from US Healthcare organizations and from a major airline on crimeware servers in Argentina and Malaysia.

A representative of Finjan stated:

“Hackers incorporated sophisticated attacks using crimeware toolkits, Trojans, and Command and Control servers to drive traffic from a specific region with specific characteristics. The increase in web attacks is skyrocketing with industry figures that include a growth of more than 200% of web-based malware with an increase of more than 800% in backdoor and password-stealing malware.”

This is obviously a major case of data theft and I feel this is the knockout blow that might force our government to start imposing some strict laws around compliance for security related issues. It would be nice to see something like HIPPA compliance drive places that house medical data towards requirements around Attack & Penetration assessments, code reviews, data at rest/in-transit analysis, etc.

Everytime I go to the doctor, I look at their wireless devices, their Citrix into legacy apps, etc. and just shudder. Apparently it’s even easier than I would’ve thought as a half a gigabyte of medical records would seem to be a large amount. I think you’ve all seen my numerous comments on airline security, so I won’t even broach that this early in the morning.

For the full press release, read below.

-Nate


>>>>>>>>>>>>>>>>>
News Release
>>>>>>>>>>>>>>>>>
Finjan Discovers more than 500 Mb of Stolen Medical, Business and Airline Data on Crimeware Servers in Argentina and Malaysia

In its latest Malicious Page of the Month report, Finjan unveils medical, business and airline data stolen and traded by cybercriminals using targeted campaigns San Jose, CA, USA, June 18th, 2008 - Finjan Inc., a leader in secure web gateway products, today announced its discovery of a server controlled by hackers (Crimeserver) containing more than 500Mb of premium data. The data included healthcare and business related data, as well as personal identifiable information (stolen Social Security Numbers). This data is part of the premium offering that the cybercriminals operating the Crimeservers were selling to the highest bidder online.

The compromised data came from all around the world and contained information from individuals, businesses, airlines and healthcare providers. The report contains examples of compromised data that Finjan found on the Crimeserver, such as:
Compromised medical related data of hospitals and publicly owned healthcare providers
Compromised business related data of a U.S. airline carrier
Identity theft (stolen Social Security Numbers)

Some of the implications of stolen medical and patient data include: illegal and/or bogus treatments; obtaining prescription drugs for the purpose of selling them; loss of health coverage for the victimized patient; inaccurate records of victimized patients, which could result in incorrect and potentially harmful treatments. Healthcare providers could also face potential HIPAA violations or breach of general data protection legislation.

Finjan’s Malicious Code Research Center (MCRC) detected a Crimeserver operated by cybercriminals who used campaigns to steal data. These campaigns consisted of highly sophisticated attacks, incorporating Crimeware toolkits, Trojans and Command and Control (C&C) servers to drive traffic from a specific region, with specific characteristics.

“This report illustrates the latest development in cybercrime. It shows the business cycle of data collecting and trading by today’s cybercriminals. Crimeware infecting PCs is a serious business problem that has far-reaching consequences, such as impacting the security of businesses and patients around the world,” said Yuval Ben-Itzhak, CTO of Finjan. “We see that cybercriminals go after premium data that they can trade for substantial profit. The increase in Web-based attacks is staggering. Industry figures include a growth of more than 200% of Web-based malware, with an increase of over 800% in backdoor and password-stealing malware, illustrating that sensitive corporate and medical are at risk.”

According to Finjan, the fact that sensitive business, patient and personal data were compromised in a timeframe of less than one calendar month underscores the necessity for enterprises and organizations to have a comprehensive security technology in place that provides effective protection against these sophisticated threats.

The compromised data and the Crimeserver applications were detected using Finjan’s patented active real-time code inspection technology while diagnosing users’ Web traffic.

The research is described in detail in Finjan’s latest “Malicious Page of the Month” report released today. To download the report, please visit http://www.finjan.com/mpom

Code execution vulnerability found in Firefox 3.0

It’s not all about world records for Firefox 3.0.

Just hours after the official release of the latest refresh of Mozilla’s flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox3.0 users at risk of PC takeover attacks.

According to a note from TippingPoint’s Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

Technical details are being kept under wraps until Mozilla’s security team ships a patch.

According to ZDI’s alert, it should be considered a high-severity risk:

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. TippingPoint researchers continue to see these types of “user-interaction required ” browser-based vulnerabilities - such as clicking on a link in email or inadvertently visiting a malicious web page.

It looks very much like the vulnerability researcher was hoarding this vulnerability and saving it for Firefox 3.0 final release to make the sale.

In the absence of a fix, Firefox users should practice safe browsing habits and avoid clicking on strange links that arrive via e-mail or IM messages.

There are no reports of this issue being exploited but, if you are worried about being at risk of drive-by attacks, consider using a different browser.

Xohm WiMAX service to launch in Baltimore in September 08

We have been hearing about the on and off story of Sprint, Clearwire, and Xohm for quite some time now and I pretty much had given up hope of really seeing any commercial release of WiMAX with 4G right around the corner. According to Sprint CTO Barry West, Xohm will launch in September of this year. Apparently, the first rollout will start in Baltimore, Maryland and then move to DC and Chicago later in 2008.

There are 575 Xohm WiMAX base station sites up and running with different devices being tested. The devices you will be able to connect with Xohm at launch include a Samsung AirCard, modem from ZyXEL, a ZTE USB dongle, the Nokia N810 Internet Tablet, and selected laptops. I think it would be great to use WiMAX with a device like the Nokia N810 and look forward to trying it out when Xohm hits the Puget Sound area.

The pricing plans have not yet been revealed, but it may now only be a few months until we get a chance to try out this high speed network. Then again, I’ll wait to get too excited until I actually hear reports of people in Baltimore using the network.

Roadrunner: World's fastest supercomputer

IBM once again tops the Supercomputer 500 list but this time it's with Roadrunner, the first supercomputer to be able to process 1 petaflop or 1 quadrillion calculations per second. Roadrunner connects 6,562 dual-core AMD Opteron chips as well as 12,240 Cell chips and runs on open-source Linux software from Red Hat.

Roadrunner resides at the Department of Energy's Los Alamos National Laboratory where its primary task will be to ensure the safety and reliability of the U.S's nuclear weapons stockpile.

Some of the cable used to wire Roadrunner.

Technicians crawling through the floors to hook up Roadrunner.

Wiring the rack from the back.

The First CU Compute Racks (front).

Two IBM QS22 blade servers and one IBM LS21 blade server are combined into a specialized "Triblade" configuration for Roadrunner. A production Triblade.

A schematic view of the Triblade which consists of two dual-core Opterons with 16 GB RAM and four PowerXCell 8i CPUs with 16 GB Cell RAM. Click on the image to enlarge.

Los Alamos and IBM researchers tested Roadrunner with "Petavision" which models the human visual system--mimicking more than 1 billion visual neurons and trillions of synapses.

Another view from Los Alamos.

Roadrunner at Los Alamos.

A schematic overview created for Wikipedia of the Roadrunner supercomuter. Click on the image to enlarge.

NVIDIA launches the ‘best performing GPU on the planet’

Accordingly, NVIDIA announced the release of their latest line of graphics cards this morning. The GTX 260 and GTX 280 mark the debut of the upcoming 200 series GPUs. The GTX 280 counts 240 processing cores and 1GB of RAM under its hood, while the 260 claims 192 cores and 896MB of memory. Either way, we’re talking serious graphic and physics horsepower.

Where there’s eyeball-popping graphics, there’s always an eyeball-popping price tag, and these two chips don’t disappoint: the 280 runs for $650 and the 260 at $399. Both require two PCI-E power connections to run and a huge power supply (perhaps 1,000W?) if you’re even thinking about daisy-chaining them a la Scalable Link Interface, or SLI.

Good news, though: this series actually draws less idle power than the company’s last generation of ultra high-performance cards.

What do you think, readers? ‘Best performing GPU on the planet,’ or a lotta horse for too much cash?

How to recover GPcode encrypted files?

Got backups? In response to the security community’s comments on the futile attempt to directly attack the 1024 bit RSA keys using distributed computing, Kaspersky Labs are now reasonably recommending that affected end users lacking backups of their encrypted data, take advantage of data recovery tools :

Currently, it’s not possible to decrypt files encrypted by Gpcode.ak without theprivate key. However, there is a way in which encrypted files can be restored to their original condition. When encrypting files, Gpcode.ak creates a new file next to the file that it intends to encrypt. Gpcode writes the encrypted data from the original file data to this new file, and then deletes the original file.

It’s known that it is possible to restore a deleted file as long as the data on disk has not been significantly modified. This is why, right from the beginning, we recommended users not to reboot their computers, but to contact us instead. We told users who contacted us to use a range of utilities to restore deleted files from disk. Unfortunately, nearly all the available utilties are shareware – we wanted to offer an effective, accessible utility that could help restore files that had been deleted by Gpcode. What did we settle on? An excellent free utility called PhotoRec, which was created by Christophe Grenier and which is distributed under General Public License (GPL).

Find out how to restore files encrypted by the GPcode ransomware by exploiting a weakness in the process in which the malware deletes the original files, why directly attacking the encryption algorithm was a futile attempt right from the very beginning, how would the malware authors adapt in the future and what can you do about it?

As I’ve already pointed out in a previous post “Who’s behind the GPcode ransomware?” even through they’ve successfullyimplemented the encryption algorithm this time, the only weakness in the process remains the fact that the malware authors are not securely deleting the original files, making them susceptible to recovery using data carving techniques, or through the use of plain simple point’n'click forensics software. If backups are not present, you would have to apply some marginal thinking given that not all of your affected files can be recoved, and therefore, recovering 500 out of 1000 is better than recovering none, isn’t it? Whatever approach you take try to adapt to the situation, and don’t pay. More info on the Stopgpcode utility released by Kaspersky :

To complete the recovery process, we’ve created a free utility called StopGpcode that will sort and rename your restored files. The utility will process the entire disk and compare the sizes of encrypted and recovered files. The program will use the file size as a basis for determining the original location and name of each recovered file. The utility will try to determine the correct name and location for each file, recreating your original folders and file names within a folder called “sorted”. If the utility cannot determine the original file name, the file will be saved to a folder called “conflicted”.

Next to the step-by-step tutorial on using PhotoRec, a data recovery utility, you can also watch a video of the process, or consider using third-party data recovery utilities next to their web based alternatives.

Why was the distributed cracking futile at the first place?

Mostly because the lack of easy to measure return on investment and applicability in a real-life situation - they could have simply started using GPcode variants with new and stronger keys on a per variant basis. The malware authors were also smart enough not to release a universal decryptor including the private key for all of their campaigns, instead, upon providing a custom built decryptor to the affected party, first they request the public key used in the encryption process to later one ship a customer tailored decryptor that works only for the encrypted files using the public key in question. Compared to the majority of malware variants attempting to infect as many hosts as possible, GPcode’s currently targeted approach is willing to sacrifice some efficiency and emphasize on quality.

How would the malware authors adapt in the future?

According to the author of Gpcode, or the person responsible for processing the decryptor requests, new versions with stronger encryption are already in the works, including commodity malware features such as anti-sandboxing, polymorphism and self-propagating abilities. This would result in a awkward situation, for instance, for the time being two out of the four emails used by the authors of GPcode aren’t even bothering to respond back to the infected party, so you can imagine the delays with responding given that GPcode starts self-propagating. They will basically end up with a situation where the number of affected people would outpace their capability to provide them with a custom built decryptor in a timely manner, even if someone’s willing to pay the ransom.

With the entire GPcode ransomware fiasco slowly becoming a tool in the marketing arsenal of a backup company that can now use GPcode as a fear mongering tactic, malware free backups are once again reminding us of their usefulness.

Laptop wars: Toshiba goes thin with 128GB solid state drive

Toshiba on Tuesday added a 128GB solid-state drive to its Portege laptop lineup in the latest move toward flash-based drives.

According to Toshiba, its Portege R500-S5007V (gallery right) is 2.4 pounds and is the lightest laptop with a 128GB SSD and DVD SuperMulti drive. Under that logic, any laptop with unique specifications can claim to be the lightest. For instance, the next company with a 140GB SSD can claim to be the lightest. The latest Portege is 0.77 inches thick.

The thin is in crusade was kicked off by Apple and its MacBook Air and was quickly followed by Lenovo, HP and others.

Toshiba, however, is driving home the storage capacity (statement). Many thin laptops expect you to live in the cloud and store information there too–or use attached drives. Toshiba maintains that by including a SSD and 7mm DVD SuperMulti drive that its travel weight is light because you won’t have to lug additional drives and cables.

Among the other key points:
The Portege R500-S5007V has eight hours of battery life.
Vista Business with downgrade media to Windows XP professional.
12.1 inch widescreen high brightness display.
Intel Core 2 Duo Processor U7700–1.33GHz, 2MB L2, 533MHz FSB with 64 bit.

Toshiba’s recommended configuration will run you $2,999.Separately, Toshiba expanded its Qosmio lineup with three laptops for gamers and multimedia users. The big takeaway is that the Qosmio G55 uses the Cell processor developed by Sony, Toshiba and IBM. This chip is the one used in the PlayStation 3.

Klipsch Image X5 Headphones

A while ago, Klipsch introduced the "world's smallest heaphones" with the Image X10. The company has recently introduced something slightly larger (at 2mm) with the X5.

The X5 has some nice contoured ear gels that fit very comfortably in the ear canal. They are designed for noise filtering, but mostly for those who love bass in their music.

In addition to their sound, they have a distinct look with electroplated aluminum housings and streamlined, aerodynamic black tails. There are also 50 inch vinyl cables that are quite durable for life on the road. The Image X5 is compatible with iPod, iPhone, and just about anything else with a headphone jack.

The Klipsch Image X5 will be available later this month for about $250.

JDOME

The popularity of MMO games in the last few years has created a whole new market of gaming mice and other accessories to help players really get into the game.

Welcome to the age of the jDome, a system with a semi-transparent dome that enables a gamer to be immersed in their game. Images are projected onto the jDome, so that the viewer can see a 180-degree view of their player character.

The jDome has been patented by John Nilsson, and he is developing the concept with an estimated cost of about $125-200. I have no idea when he intends to put it out on the market, but we'll see if he succeeds.

Ori-ori-Moshi-moshi

If you were to get your hands on a Flux Capacitor and traveled to the year 2014, Marty McFly style, you might see some gadgets that will blow your mind. The Ori-ori-Moshi-moshi device (that name might be hell on its marketing) is a conceptual multimedia device made of a semi-flexible OLED display, which uses an origami-like form factor for pure awesomeness.

Just like many dream gadgets from the future, the Ori-ori-Moshi-moshi from AntennaDesign consolidates about every electronic function under the sun into one compact and pretty device. You name it, it can do it. You can use it as a phone, a gaming device, a media player, a camera, and photo editor. The OLED display can be folded in an assortment of ways to adapt to its present use.

Remember that pre-Matrix Keanu Reeves movie Johnny Mnemonic, the one that showed us that the Internet of the future is accessed via virtual reality and is some weird origami interface. I believe this film was supposed to take place in 1995, and that vision never came to pass.

This could be the case for the Ori Ori Mochi Mochi, a mobile device designed by Antenna design. It is predicted to be the iPhone of 2014, and it is a device that relies on folding at certain angles. For example, a rectangle is a cell phone, and all folded out for a map.

Memo to me: Follow up on this story in 2014. Perhaps I'll be writing that follow-up on an Ori Ori Mochi Mochi.

Opera Wireless Headphones

I'm not much of an Opera-buff, but I do like the DigiFi's Opera wireless headphones.

I'm not certain whether you can tell from this photo, but the Opera is designed to go around the back of your head. You can then plug the wireless transmitter into your iPod, and you will hear excellent wireless sound. The Opera uses Kleer technology, a wireless transmission technology that has higher specs than Bluetooth.

If wireless sound is important to you, then you should be able to purchase the Opera for about $98.

DigiFi has been showing off their new Digital Opera wireless headphones, which combine an over-the-ear headset with an iPod adaptor. Using Kleer’s wireless audio technology, the system includes “point to multi-point” Listen In. That means that up to four people can hear music from one transmitter. Through Kleer’s RF wireless connection, it promises “lossless CD-quality stereo”.

DigiFi claims that you can get in excess of 10hrs of playback through the headset, with a 20HZ to 20KHz frequency range, 86dB signal to noise ratio and less than 0.1-percent distortion. The short-range Kleer wireless has 2.37Mbps bandwidth and a range of up to ten meters. When the Digital Opera set goes on sale in Korea first, then in the US and Japan it’ll cost around $98.

Microsoft and Yahoo stop talking, and Google wins

Today Microsoft and Yahoo officially stopped talking — the day, I’m sure, Yahoo investors were dreading. The hope that Microsoft and Yahoo might still work out a deal fizzled, and as result, Yahoo shares plummeted 10% before trading ended today.

today announced that discussions with Microsoft regarding a potential transaction — whether for an acquisition of all of Yahoo! or a partial acquisition — have concluded. The conclusion of discussions follows numerous meetings and conversations with Microsoft regarding a number of transaction alternatives, including a meeting between Yahoo! and Microsoft on June 8th in which Chairman Roy Bostock and other independent Board members from Yahoo! participated. At that meeting, Microsoft representatives stated unequivocally that Microsoft is not interested in pursuing an acquisition of all of Yahoo!, even at the price range it had previously suggested.

It worked out well for Google though — no Microsoft/Yahoo merger on the horizon, and a fresh partnership that lets them put ads directly onto Yahoo properties. Jackpot! They are careful to point out why this deal is good, and not evil on their blog:
This is not a merger. Rather, we are merely providing access to our advertising technology to Yahoo! through our AdSense program.
This does not remove a competitor from the playing field. Yahoo! will remain in the business of search and content advertising, which gives the company a continued incentive to keep improving and innovating. Even during this agreement, Yahoo! can use our technology as much or as little as it chooses.
This does not prevent Yahoo! from making similar arrangements with others. This arrangement is not exclusive, meaning that Yahoo! could enter into similar arrangements with other companies.
This does not increase Google’s share of search traffic. Yahoo! will continue to run its own search engine and advertising programs, and the agreement will not increase Google’s share of search traffic.
This does not let Google raise prices for advertisers. Google does not set the prices manually for ads; rather, advertisers themselves determine prices through an ongoing competitive auction. We have found over years of research that an auction is by far the most efficient way to price search advertising and have no intention of changing that.

Here are some excerpts from the announcements made by Google and Yahoo:

“[Google] has reached an agreement that gives Yahoo! the ability to use Google’s search and contextual advertising technology through its AdSense(TM) for Search and AdSense for Content advertising programs. Under the agreement, Yahoo! has the option to display Google ads alongside its own natural search results in the U.S. and Canada. In addition, Yahoo! can serve contextually targeted ads on its U.S. and Canadian web properties as well as on its current publisher partner sites.” — Google

“Yahoo! believes that this agreement will enable the Company to better monetize Yahoo!’s search inventory in the United States and Canada. At current monetization rates, this is an approximately $800 million annual revenue opportunity. In the first 12 months following implementation, Yahoo! expects the agreement to generate an estimated $250 million to $450 million in incremental operating cash flow.” — Yahoo


Garett Rogers is employed as a programmer for iQmetrix, which specializes in retail management software for the cellular and electronics industry.

HP should be shipping the iPAQ 900 series Mobile Messenger soon

There is definitely not a lack of choice in new mobile phones this year with the Apple iPhone 3G, HTC Touch Diamond, Samsung OMNIA, Nokia E71, BlackBerry Bold, and more being announced/leaked and shown all over the internet. It was last September when HP announced new Windows Mobile devices and thanks to a post at jkOnTheRun I found out that HP’s new HP iPAQ 900 Series Business Messenger announcement made yesterday.

The iPAQ 910 is shown on the HP site as coming soon and is expected to start shipping at the end of June for an undisclosed price. Specifications include a Marvell PXA270 processor running at 416MHz with Windows Mobile 6.1 Professional, 128MB RAM, 256MB ROM, 2.46 inch 320×240 touch screen, 3 megapixel camera, 802.11 b/g WiFi, Bluetooth 2.0 with EDR, tri-band UMTS/HSDPA, quad-band GSM, integrated GPS receiver, integrated QWERTY keyboard, and huge 1940 mAh battery. It also looks like it has a Pearl-like center trackball for navigation.

I used to only buy HP Pocket PC devices and the specs on this one may actually bring me back to HP again as it looks to have everything I could ask for in a single device. It may sell as an unlocked device too since there were no carrier announcements and HP has done that in the past with their devices.

I am very interested in testing this out to see if HP is back in the game again and I have high hopes for the device. My only concern is the processor, but I am willing to give it a chance and see how it performs. It is going to be very tough to figure out what device to get with all of these great units hitting the street this summer and fall.


Matthew Miller is an avid mobile device enthusiast who works during the day as a professional naval architect in Seattle.

Samsung announces the OMNIA Windows Mobile device with 5 megapixel camera

It is great to see so many new and innovative Windows Mobile devices being announced and launched from the likes of HTC, Sony Ericsson, and now Samsung. Samsung announced the Samsung OMNIA (SGH-i900) on Monday and my buddy, Arne Hess, already had a chance to put his hands on an early protype and provides some more photos, including photos with the HTC Touch Diamond and Sony Ericsson XPERIA X1.

The Samsung OMNIA is a Windows Mobile 6.1 Professional (touch screen) device with a xx MHz processor, 8GB or 16GB flash drive plus an additional microSD expansion slot, 3.2 inch WXVGA (240×400) display, 5 megapixel camera (top of the line for Windows Mobile), FM radio with RDS, integrated GPS receiver, quad-band GSM and HSDPA support, Bluetooth 2.0, WiFi, TV out capability, and a 1440 mAh battery. The device has haptic feedback on the display so you feel a vibration when the display is touched.

The photos of it look impressive and it has a real iPhone-like look to the UI, but with the power of Windows Mobile behind it. Samsung calls its new interface, TouchWiz, that allows you to customize and personalize their “widgets” on your device. It is interesting to read that it has out-of-the box multicode support for DivX, Xvid, and other video formats so multimedia fans may love this device with the large high resolution display.

It will be available in Southeast Asia starting next week and in Europe in July. There was no announcement of a U.S. release so this may be one to look for from a U.S. importer. Again, like the HTC Touch Diamond I think it is great to see manufacturers pushing the limits and taking Windows Mobile to the next level.

Matthew Miller is an avid mobile device enthusiast who works during the day as a professional naval architect in Seattle.