An anonymous reader shares a report: You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk. Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks. Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

The LG UltraFine 5K Display was designed in part by Apple to work with the New MacBook Pro and as a replacement for the Thunderbolt Display, which was discontinued late last year. According to 9to5Mac, the display apparently wasn't designed to work next to routers as it will flicker, disconnect, or freeze computers when it's within two meters of a router due to electromagnetic interference. The Verge reports: In emails to 9to5Mac, LG acknowledged the problem -- which LG says isn't an issue for any of its other monitors -- noting that routers "may affect the performance of the monitor" and that users should "have the router placed at least two meters away from the monitor" to avoid issues. Once the monitor was moved into a different room away from the router, 9to5Mac says the issues subsided. Despite the fact that it's insane to require a router to be far away from what is likely the main computer in your home, there's been no indication that LG is working on a fix for the issue, which may be more troublesome.

Friday Avaya's Corporate Treasurer explained why they're filing for a chapter 11 "restructuring." After examining their debt, "we decided it was a critical next step in our transformation from a hardware company to a software and services company and the best path forward for our customers, partners and employees." skidv writes: ZDNet breaks down the deal... "Avaya noted that its foreign affiliates aren't included in the filing and will operate as normal. Avaya said the $725 million in debtor-in-possession financing, via Citibank, is enough to minimize disruption and continue business operations." Not surprising, Avaya has canceled the planned IPO.
PC World reports that Avaya "emerged from Lucent Technologies in 2000 with a focus on phone switches, enterprise networking gear, and call-center systems. But with the shift toward mobile phones and cloud-based tools for communication, and a tight market for enterprise network equipment, the company has been changing its focus... Like much of the networking and collaboration industry, Avaya is looking toward software-defined networking, IoT, and cloud-based platforms that work on many different devices and the web."

An anonymous reader quotes a report from Ars Technica: The Intelligence Advanced Research Projects Agency (IARPA), the U.S. Intelligence Community's own science and technology research arm, has announced it is seeking contenders for a program to develop what amounts to the ultimate Google Translator. IARPA's Machine Translation for English Retrieval of Information in Any Language (MATERIAL) program intends to provide researchers and analysts with a tool to search for documents in their field of concern in any of the more than 7,000 languages spoken worldwide. The specific goal, according to IARPA's announcement, is an "'English-in, English-out' information retrieval system that, given a domain-sensitive English query, will retrieve relevant data from a large multilingual repository and display the retrieved information in English as query-biased summaries." Users would be able to search vast numbers of documents with a two-part query: the first giving the "domain" of the search in terms of what sort of information they are seeking (for example, "Government," "Science," or "Health") and the second an English word or phrase describing the information sought (the examples given in the announcement were "zika virus" and "Asperger's syndrome"). The system would be used in situations like natural disasters or military interventions in remote locations where the military has little or no local language expertise. Those taking on the MATERIAL program will be given access to a limited set of machine translation and automatic speech recognition training data from multiple languages "to enable performers to learn how to quickly adapt their methods to a wide variety of materials in various genres and domains," the announcement explained. "As the program progresses, performers will apply and adapt these methods in increasingly shortened time frames to new languages... Since language-independent approaches with quick ramp up time are sought, foreign language expertise in the languages of the program is not expected." The good news for the broader linguistics and technology world is that IARPA expects the teams competing on MATERIAL to publicly publish their research. If successful, this moonshot for translation could radically change how accessible materials in many languages are to the rest of the world.

Longtime Slashdot reader Stunt Pope writes: Customer Feedback surveys are now near-ubiquitous, subjecting us all to near-Black Mirror-esque pursuit to "rate your experience" for everything from going to the bank to ordering a pizza. Thanks to The Curse of Goodhart's Law, all of these surveys are beyond useless and even damaging. Mark Jeftovic writes in a blog post: "The shop/hire-rate-reward feedback loop has become baked-in to some systems. Many live marketplaces incorporate these feedback transactions into ratings, which then become a score which then impacts future prospects of whomever is being rated. And that's where the trouble starts. There is a point where this stops being useful and the knock-on effects of a ratings system predicated on feedback results becomes counter-productive. That point is when the ratings become targets. When a company decrees 'All customer feedback ratings must score a minimum of X, or else...' the company has just commenced the process of invalidating and corrupting all useful information to be gleaned from that feedback/survey process. A label which captures this concept is 'Goodhart's Law' -- after economist Charles Goodhart, who posited in essence that 'when a measure becomes a target, it becomes useless.'"

As the company works to strengthen its reputation as a place for news and curb the spread of misinformation on the site, Facebook announced it has removed the personalized interest-based list of news topics on the right-hand side of your news feed. Now everyone in a geographic region will see the same trending topics. CNET reports: In addition to doing away with the personalized list, there are two other big changes to the trending topics section that will start rolling out today and will take place for everyone in the U.S. "in the coming weeks." First, instead of just seeing a bare-bones topic, like "Saturn" or "X-men," two things that had been trending for me, you'll see a full headline from one of the news stories about that topic. That's the headline that had always popped up when you hovered over the topic. Second, Facebook is changing the way the topics are selected. The topics had been chosen based on how many people on Facebook are engaging with it. With the new changes, Facebook will look at the number of outlets posting stories on a particular topic, and decide its inclusion based on engagement around that group of articles. "This should surface trending topics quicker, be more effective at capturing a broader range of news and events from around the world and also help ensure that topics reflect real world events being covered by multiple news outlets," Will Cathcart, vice president of product management, said in a statement.

Since it passed a new policy against fake news, Google has banned 200 publishers from its AdSense network, an ad placement service that automatically serves text and display ads on participating sites based on its audience. "The ban was part of an update to an existing policy that prohibits sites that mislead users with their content," reports Recode. From the report: Not all 200 publishers were swept up as part of the effort to root out fake news sites. Publishers were banned in November and December and included sites that impersonate real news organizations through shortened top-level domains, according to Google's 2016 "bad ads" report, normally released at the beginning of each year. So-called fake news publishers will sometimes take advantage of ".co" domains by appearing similar to legitimate news sites that would normally end in ".com." Google declined to provide a listing of the banned sites. Separately, the annual report on violations of advertising policy also included data on ads removed by Google. The company reported that in 2016 it took down 1.7 billion ads for violations, compared to 780 million in 2015. Google attributes the increase in ad removals to a combination of advertiser behavior and improvements in technology to detect offending ads. Also among those the removed ads were what Google calls "tabloid cloakers." These advertisers run what look like links to news headlines, but when the user clicks, an ad for a product such as a weight loss supplement pops up. Google suspended 1,300 accounts engaged in tabloid cloaking in 2016.

ewhac writes: "Computer, what is the time, please?" is now a spoken command that will actually work with Amazon's updated Alexa/Echo smart speaker. Previously, your options were "Alexa," "Echo," and "Amazon." Now you can also choose, "Computer." In practice, it's a bit clunkier than you might hope, depending on how often you speak the word "computer" on a day-to-day basis; and "computer" is harder for machine speech recognition to pick out than "Alexa," so it may not hear you as reliably. But for those who've been yearning for a Star Trek-like future, this small bit of silliness gets you one step closer.

For the second time in 9 months, ATT is raising its activation and upgrade fee. In April 2016, the fee for non-contract customers was raised from $15 to $20. Today, it has been raised another $5, from $20 to $25, according to PhoneScoop. Ars Technica reports: As the mobile carrier switched from contracts to device payment plans, ATT initially did not charge an activation and upgrade fee for customers who brought their own phone or bought one from ATT on an installment plan. But in July 2015, ATT started charging a $15 activation fee to customers who don't sign two-year contracts. (ATT also raised the activation/upgrade fee for contract customers from $40 to $45 in July 2015.) The $25 fee is charged for new activations or upgrades when customers purchase devices on installment agreements, ATT says. Customers who bring their own phone to the network are charged the $25 fee when they activate a new line of service, but not when they upgrade phones on an existing line. "We are making a minor adjustment to our activation and upgrade fees. The change is effective today," ATT told Ars. ATT also still charges the $45 activation and upgrade fee on two-year contracts, but those contracts are "available only on select devices."

A new report published by Markus Tobiassen and Kjetil Saeter of Norwegian publication Dagens Naeringsliv is accusing Jay Z's Tidal music streaming service of fabricating their subscriber numbers by creating fake accounts and lying to the media and partners. The company claims to have more than 3 million paying subscribers with more than half of those paying $20-a-month. Digital News Music reports: Tobiassen and Saeter interviewed staffers at TIDAL, as well as partners and confidential sources. And the information that came back was pretty damning. "When 16 of the world's biggest pop stars, one a convicted cocaine smuggler and a former Israeli intelligence officer was not able to obtain enough customers to Jay Z's Tidal, the company began to inflate subscription numbers," the report alleges. DMN spoke this morning with Tobiassen, who offered a translation of the report. "On March 30th of last year, Tidal issued a press release stating that the company had reached 'three million members,'" the report states. "The news story reported worldwide was that Tidal had three million paying subscribers. Tidal also specified to online newspaper The Verge that this figure did not include trial subscribers. This was the last time Tidal reported a total number of subscribers to the public." The only problem with that? "In April 2016, one month after the press release issued by the company claiming three million members, Tidal made payments to the record labels for around 850,000 subscribers. The figure reported internally by Tidal in April is 1.2 million subscribers." The report further states that Tidal itself reported a figure of 1.1 million to the major record labels in late 2016. In other words, nowhere near the numbers reported to media outlets like Digital Music News and Verge.

theodp writes: Q. How many Facebook employees does it take to produce Mark Zuckerberg's Facebook page? A. More than a dozen! CNET's Ian Sherr offers his take on the news that Facebook has a team that handles Mark Zuckerberg's page: "Ever notice the photos, videos and posts on the profile page for Facebook's CEO are a lot nicer looking or better written than yours? Don't feel bad. Mark Zuckerberg has a team of people who are increasingly managing his public persona, according to a Wednesday report from Bloomberg Businessweek. Not only do they help write speeches and posts, but they also take photographs of his family and his travels, interspersing them with infographics about the company's user growth and sales. There're even people who delete harassing comments and spam for him. A Facebook spokeswoman said the company's service is an easy way for executives to connect with people." Wonder how many people it took to help craft the latest post, in which Zuck fired back at "some misleading stories going around" about "some land" he purchased in Hawaii (which another Zuck post noted also serves as a petting zoo of sorts for his daughter).

ATT yesterday announced that its 2G wireless network was officially shut down on January 1, 2017. Since the network is no longer active, it means that, as the Verge points out, the original first-generation iPhone (also known as the iPhone 2G) will no longer receive cellular service from ATT's network. If you still happen to use an iPhone 2G, it may be time to upgrade or list it on eBay. Mac Rumors reports: Few people appear to have been using the original iPhone as there were no complaints from iPhone owners two weeks ago when the network was shuttered, but going forward, customers who keep the device as part of a collection will only be able to use it on WiFi. Originally released in June of 2007 and discontinued in 2008, the first iPhone was made obsolete by Apple back in 2013, and it has not received software updates since the 2009 release of iPhone OS 3, later renamed iOS 3. According to ATT, shutting down its 2G network frees up valuable spectrum for future network technologies, including 5G. ATT says the spectrum will be repurposed for LTE.

An anonymous reader quotes a report from Ars Technica: The Raspberry Pi Compute Module is getting a big upgrade, with the same processor used in the recently released Raspberry Pi 3. The Compute Module, which is intended for industrial applications, was first released in April 2014 with the same CPU as the first-generation Raspberry Pi. The upgrade announced today has 1GB of RAM and a Broadcom BCM2837 processor that can run at up to 1.2GHz. "This means it provides twice the RAM and roughly ten times the CPU performance of the original Compute Module," the Raspberry Pi Foundation announcement said. This is the second major version of the Compute Module, but it's being called the "Compute Module 3" to match the last flagship Pi's version number. The new Compute Module has more flexible storage options than the original. "One issue with the [Compute Module 1] was the fixed 4GB of eMMC flash storage," the announcement said. But some users wanted to add their own flash storage. "To solve this, two versions of the [Compute Module 3] are being released: one with 4GB eMMC on-board and a 'Lite' model which requires the user to add their own SD card socket or eMMC flash." The core module is tiny so that it can fit into other hardware, but for development purposes there is a separate I/O board with GPIO, USB and MicroUSB, CSI and DSI ports for camera and display boards, HDMI, and MicroSD. The Compute Module 3 and the lite version cost $30 and $25, respectively.

Longtime Slashdot reader Bruce Perens writes: David Rowe VK5DGR has been working on ultra-low-bandwidth digital voice codecs for years, and his latest quest has been to come up with a digital codec that would compete well with single-sideband modulation used by ham contesters to score the longest-distance communications using HF radio. A new codec records clear, but not hi-fi, voice in 700 bits per second -- that's 88 bytes per second. Connected to an already-existing Open Source digital modem, it might beat SSB. Obviously there are other uses for recording voice at ultra-low-bandwidth. Many smartphones could record your voice for your entire life using their existing storage. A single IP packet could carry 15 seconds of speech. Ultra-low-bandwidth codecs don't help conventional VoIP, though. The payload size for low-latency voice is only a few bytes, and the packet overhead will be at least 10 times that size.

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.

msm1267 quotes a report from Threatpost: GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar's domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that date through yesterday, said vice president and general manager of security products Wayne Thayer. "GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process," Thayer said in a statement. "The bug caused the domain validation process to fail in certain circumstances." GoDaddy said it was not aware of any compromises related to the bug. The issue did expose sites running SSL certs from GoDaddy to spoofing where a hacker could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials. GoDaddy has already submitted new certificate requests for affected customers. Customers will need to take action and log in to their accounts and initiate the certificate process in the SSL Panel, Thayer said.

What may come as no surprise to cable TV or internet subscribers, Comcast remains among the least-liked companies in American history, according to a new survey from 24/7 Wall Street. From DSL Reports: [The survey] combines data from the American Consumer Satisfaction Index, JD Power and Associates and a Zogby Analytics poll, and lists Comcast as the "most hated company in America." Comcast had made some small strides in the ACSI rankings last year, but even with minor improvements still consistently battles Charter for last place in most customer satisfaction and service studies. "The company')s internet services received the fourth worst score out of some 350 companies. In J.D. Power's rating of major wireline services, only Time Warner Cable -- recently subsumed by Charter -- received a worse score in overall satisfaction," notes the report, which adds that Comcast received the worst scores in consumer costs, billing, and reliability. "In 24/7 Wall St.'s annual customer satisfaction poll conducted in partnership with Zogby, nearly 55% of of respondents reported a negative experience with the company, the second worst of any corporation." Comcast finds itself ahead of numerous banks and airlines, but it isn't alone in the rankings among telecom providers. Dish Network is ranked eighth, the report noting that 47% of those polled reported a negative service experience with the company. Also on the list at tenth is Sprint, which had the worst customer service rating out of the more than 100 companies included in the survey. "More than half of Sprint customers polled reported a negative customer service experience with the company," the study found.

BrianFagioli quotes a report from BetaNews: Today, JetBlue announced something miraculous for travelers. Every one of its passengers will have access to free in-flight high-speed Wi-Fi, which it calls "Fly-Fi." This is on every single aircraft in its fleet. In other words, if you are flying JetBlue, you get free high-speed internet "JetBlue's Fly-Fi, which clocks in at broadband speeds beating sluggish and pricey Wi-Fi offerings onboard other carriers, keeps customers connected with an Internet experience similar to what they have at home, including the ability to stream video and use multiple devices at once. The service enables JetBlue to deliver Amazon Video streaming entertainment to customers onboard to their personal devices, as well as web surfing and chatting on favorite messaging apps," says JetBlue. The vice president of JetBlue, Jamie Perry, explains, "It's 2017 and our customers expect to be connected everywhere, whether that be from the comfort of their sofa or 35,000 feet above it. That's why we're so proud that JetBlue is now the only airline to offer free, high-speed Wi-Fi, live TV and movies for all customers on every plane."

maxcelcat writes: Spotted on The Register's twitter feed: Yahoo! Submission to The SEC. Most of the board is leaving, including CEO Marissa Mayer. The company has been bought by Verizon and is changing its name to Altaba Inc. I'm old enough to remember when Yahoo was a series of directories on a University's computers, where you could browse a hierarchical list of websites by category. And here I am watching the company's demise. According to the regulatory filing, the changes will take place after the sale of its core business is completed with Verizon for roughly $4.8 billion. The Wall Street Journal notes: "Verizon officials have indicated all options remain possible, including renegotiating the terms of the deal or walking away."

Russia has forced Apple and Google to remove the LinkedIn mobile app from their Russian application markets, the latest chapter in a months-long campaign against the professional networking site. From a report on Fortune: A recently-passed Russian law requires that any company holding data on Russians house that data within Russia. Russia began blocking LinkedIn's website last November under that law, which some critics argue is an indirect form of censorship. The removal of the LinkedIn app from Apples App Store and Google's Play shows the willingness of major internet gatekeepers to comply with individual nations' data-control laws, on both the web and mobile devices.