Wiz, the cloud security startup that was in acquisition talks with Google, has decided not to forward with the deal and to remain an independent company, according to an internal note sent to company employees on Monday. Fortune: "While we are flattered by offers we have received, we have chosen to continue on our path to building Wiz," CEO Assaf Rappaport wrote in the note. Rappaport said in the email that the company's next target is to reach $1 billion in annual recurring revenue and to take the company public.

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Krebs on Security: Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain. The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors' cryptocurrency funds.

New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. Squarespace has not responded to a request for comment, nor has it issued a statement about the attacks. But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options -- such "Continue with Google" or "Continue with Apple" -- as opposed to the "Continue with email" choice.

Thunderbird's annual Extended Support Release was revealed Friday, promising "significant" improvements to the overall user experience and "the speed at which we can deliver new features to you," according to the Thunderbird blog: We've devoted significant development time integrating Rust — a modern programming language originally created by Mozilla Research — into Thunderbird. Even though this is a seemingly invisible change, it is a major leap forward because it enhances our code quality and performance. This overhaul will allow us to share features between the desktop and future mobile versions of Thunderbird, and speed up our development process. It's a win for our developers and a win for you.
More from the blog OMG Ubuntu: I'm also stoked to see that Thunderbird 128 makes 'newest first' the default sort order for messages in message list. While some prefer the old way, I always found it strange that the oldest mails were shown first — team reverse chronology, represent!
They also cite "a number of OpenPGP improvements," plus a new preference option for displaying full names and email addresses of all recipients in the message list. (Plus, threaded-message views now display a "New Message" count.)

Other new features in this release:

• A new and more attractive layout for Cards View (with adjustable heights) that "makes it easier to scan your email threads and glean information."

• The folder pane has better recall of message thread states

• Improved theme compatibility. "Your Thunderbird should blend seamlessly with your desktop environment, matching the system's accent colors perfectly." (Especially beneficial on Ubuntu and Mint.)

• You can now customize the color of your account icon.

The Thunderbird blog also mentions that "We plan to launch the first phase of built-in support for Exchange, as well as Mozilla Sync, in a future Nebula point release (e.g. Thunderbird 128.X)."

ewhac (Slashdot reader #5,844) writes: Friday the hardware review site Gamers Nexus filed a YouTube video report alleging some serious claims: that PC component manufacturer MSI left their internal warranty and RMA processing web site accessible to the open Internet, with no authentication. Virtually the entire history of MSI warranty claims going back to at least 2017 were searchable and accessible for the browsing, including customer names, email addresses, phone numbers, and serial numbers of MSI devices.

This event follows closely on the heels of a video report just a few days earlier alleging PC component manufacturer Zotac left their warranty/RMA and B2B records server open to indexing by Google.

Gamers Nexus posted their reports after informing Zotac and MSI of their open servers and verifying they were no longer accessible. However, the data from MSI's server could have been fully scraped at this point, giving scammers a gold mine of data permitting them to impersonate MSI personnel and defraud customers. Anyone who's filed a warranty or RMA claim with MSI in the past seven years should exercise caution when receiving unsolicited emails or phone calls purporting to be from MSI.

An anonymous reader quotes a report from Reuters: Constellation Energy is in talks with the Pennsylvania governor's office and state lawmakers to help fund a possible restart of part of its Three Mile Island power facility, the site of a nuclear meltdown in the 1970s, three sources familiar with the discussions said on Tuesday. The conversations, which two sources described as "beyond preliminary," signal that Constellation is advancing plans to revive part of the southern Pennsylvania nuclear generation site, which operated from 1974 to 2019. The nuclear unit Constellation is considering restarting is separate from the one that melted down.

The sources said that a shut Michigan nuclear plant, which was recently awarded a $1.5 billion conditional loan to restart from the administration of U.S. President Joe Biden, could serve as a private-public sector blueprint for Three Mile Island. The sources asked not to be named due to the sensitivity of the discussions. "Though we have determined it would be technically feasible to restart the unit, we have not made any decision on a restart as there are many economic, commercial, operational and regulatory considerations remaining," Constellation spokesperson Dave Snyder said in an email. Snyder did not comment on the specifics of discussions about reopening the Pennsylvania site.

Last month, Constellation told Reuters that it had cleared an engineering study of Three Mile Island, though it was unknown if the Baltimore, Maryland-based energy company would move forward with plans to reopen the site. Constellation also said that given the current premium placed on nuclear energy, acquiring other sites was generally off the table and the company would instead look to expand its existing fleet. The Three Mile Island unit that could be restarted is different to the site's unit 2, which experienced a partial meltdown in 1979 in the most famous commercial nuclear accident in U.S. history. The report notes that "no U.S. nuclear power plant has been reopened after shutting." A restart will not only be costly, but it will be challenged over safety and environmental concerns.

An anonymous reader quotes a report from TechCrunch: A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service. The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker's Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. These kinds of apps are also known as "stalkerware" because people in romantic relationships often use them to surveil their partner without consent or permission. The mSpy app allows whoever planted the spyware, typically someone who previously had physical access to a victim's phone, to remotely view the phone's contents in real-time. As is common with phone spyware, mSpy's customer records include emails from people seeking help to surreptitiously track the phones of their partners, relatives, or children, according to TechCrunch's review of the data, which we independently obtained. Some of those emails and messages include requests for customer support from several senior-ranking U.S. military personnel, a serving U.S. federal appeals court judge, a U.S. government department's watchdog, and an Arkansas county sheriff's office seeking a free license to trial the app. Even after amassing several million customer service tickets, the leaked Zendesk data is thought to represent only the portion of mSpy's overall customer base who reached out for customer support. The number of mSpy customers is likely to be far higher. mSpy's owners, a Ukraine-based company called Brainstack, have yet to publicly disclose the breach. You can visit Have I Been Pwned to see if your email address was involved in a breach.

Ancient Slashdot reader Alain Williams writes: Palestinians living abroad have accused Microsoft of closing their email accounts without warning -- cutting them off from crucial online services. They say it has left them unable to access bank accounts and job offers -- and stopped them using Skype, which Microsoft owns, to contact relatives in war-torn Gaza. Microsoft says they violated its terms of service -- a claim they dispute. He also said being cut off from Skype was a huge blow for his family. The internet is frequently disrupted or switched off there because of the Israeli military campaign - and standard international calls are very expensive. [...] With a paid Skype subscription, it is possible to call mobiles in Gaza cheaply -- and while the internet is down -- so it has become a lifeline to many Palestinians.

Some of the people the BBC spoke to said they suspected they were wrongly thought to have ties to Hamas, which Israel is fighting, and is designated a terrorist organization by many countries. Microsoft did not respond directly when asked if suspected ties to Hamas were the reason for the accounts being shut. But a spokesperson said it did not block calls or ban users based on calling region or destination. "Blocking in Skype can occur in response to suspected fraudulent activity," they said, without elaborating.

Anna's Archive, a meta-search engine for pirated books and other sources, faces monetary damages and a permanent injunction at a U.S. court. According to TorrentFreak, the operators of the site "failed to respond to a lawsuit filed by [Online Computer Library Center (OCLC)], after its WorldCat database was scraped and published online." From the report: The site launched in the fall of 2022, just days after Z-Library was targeted in a U.S. criminal crackdown, to ensure continued availability of 'free' books and articles to the broader public. Late last year, Anna's Archive expanded its offering by making information from OCLC's proprietary WorldCat database available online. The site's operators took more than a year to scrape several terabytes of data and published roughly 700 million unique records online, for free.

This 'metadata' heist was a massive breakthrough in the site's quest to archive as much published content as possible. However, OCLC wasn't pleased and responded with a lawsuit (PDF) at an Ohio federal court, accusing the site and its operators of hacking and demanding damages. The non-profit says that it spent more than a million dollars responding to Anna's Archive's alleged hacking efforts. Even then, it couldn't prevent the data from being released through a torrent. "Defendants, through the Anna's Archive domains, have made, and continue to make, all 2.2 TB of WorldCat data available for public download through its torrents," OCLC wrote in the complaint it filed in an Ohio federal court.

In the months that passed since then, the operators of Anna's Archive didn't respond in court. The only named defendant flat-out denied all connections to the site, and OCLC didn't receive any response from any of the official Anna's Archive email addresses that were served. Meanwhile, the pirate library continues to offer the WorldCat data, which is a major problem for the organization. Without the prospect of a two-sided legal battle, OCLC has now moved for a default judgment. [...] In addition to monetary damages, the non-profit also seeks injunctive relief. The motion doesn't specify the requested measures, but the original complaint sought an order that prevents Anna's Archive from scraping WorldCat data going forward. In addition, all previously scraped data should no longer be distributed. Instead, it should be destroyed in full, including all the torrents that are currently being offered.

After teasing support for the fediverse earlier this year, the newsletter platform and Substack rival Ghost has finally delivered. "Over the past few days, Ghost says it has achieved two major milestones in its move to become a federated service," reports TechCrunch. "Of note, it has federated its own newsletter, making it the first federated Ghost instance on the internet." From the report: Users can follow the newsletter through their preferred federated app at @index@activitypub.ghost.org, though the company warns there will be bugs and issues as it continues to work on the platform's integration with ActivityPub, the protocol that powers Mastodon and other federated apps. "Having multiple Ghost instances in production successfully running ActivityPub is a huge milestone for us because it means that for the first time, we're interacting with the wider fediverse. Not just theoretical local implementations and tests, but the real world wide social web," the company shared in its announcement of the news.

In addition, Ghost's ActivityPub GitHub repository is now fully open source. That means those interested in tracking Ghost's progress toward federation can follow its code changes in real time, and anyone else can learn from, modify, distribute or contribute to its work. Developers who want to collaborate with Ghost are also being invited to get involved following this move. By offering a federated version of the newsletter, readers will have more choices on how they want to subscribe. That is, instead of only being able to follow the newsletter via email or the web, they also can track it using RSS or ActivityPub-powered apps, like Mastodon and others. Ghost said it will also develop a way for sites with paid subscribers to manage access via ActivityPub, but that functionality hasn't yet rolled out with this initial test.

An anonymous reader quotes a report from Ars Technica: A bunch of eighth graders in a "wealthy Philadelphia suburb" recently targeted teachers with an extreme online harassment campaign that The New York Times reported was "the first known group TikTok attack of its kind by middle schoolers on their teachers in the United States." According to The Times, the Great Valley Middle School students created at least 22 fake accounts impersonating about 20 teachers in offensive ways. The fake accounts portrayed long-time, dedicated teachers sharing "pedophilia innuendo, racist memes," and homophobic posts, as well as posts fabricating "sexual hookups among teachers."

The Pennsylvania middle school's principal, Edward Souders, told parents in an email that the number of students creating the fake accounts was likely "small," but that hundreds of students piled on, leaving comments and following the fake accounts. Other students responsibly rushed to report the misconduct, though, Souders said. "I applaud the vast number of our students who have had the courage to come forward and report this behavior," Souders said, urging parents to "please take the time to engage your child in a conversation about the responsible use of social media and encourage them to report any instances of online impersonation or cyberbullying." Some students claimed that the group attack was a joke that went too far. Certain accounts impersonating teachers made benign posts, The Times reported, but other accounts risked harming respected teachers' reputations. When creating fake accounts, students sometimes used family photos that teachers had brought into their classrooms or scoured the Internet for photos shared online.

Following The Times' reporting, the superintendent of the Great Valley School District (GVSD), Daniel Goffredo, posted a message to the community describing the impact on teachers as "profound." One teacher told The Times that she felt "kicked in the stomach" by the students' "savage" behavior, while another accused students of slander and character assassination. Both were portrayed in fake posts with pedophilia innuendo. "I implore you also to use the summer to have conversations with your children about the responsible use of technology, especially social media," Goffredo said. "What seemingly feels like a joke has deep and long-lasting impacts, not just for the targeted person but for the students themselves. Our best defense is a collaborative one." Goffredo confirmed that the school district had explored legal responses to the group attack. But ultimately the district found that they were "limited" because "courts generally protect students' rights to off-campus free speech, including parodying or disparaging educators online -- unless the students' posts threaten others or disrupt school," The Times reported. Instead, the middle school "briefly suspended several students," teachers told The Times, and held an eighth-grade assembly raising awareness of harms of cyberbullying, inviting parents to join.

NATO is helping finance a project aimed at finding ways to keep the internet running should subsea cables shuttling civilian and military communications across European waters come under attack. From a report: Researchers, who include academics from the US, Iceland, Sweden and Switzerland, say they want to develop a way to seamlessly reroute internet traffic from subsea cables to satellite systems in the event of sabotage, or a natural disaster. The North Atlantic Treaty Organization's Science for Peace and Security Programme has approved a grant of as much as $433,600 for the $2.5 million project, and research institutions are providing in-kind contributions, documents seen by Bloomberg show.

Eyup Kuntay Turmus, adviser and program manager at the NATO program, confirmed the project was recently approved and said by email that implementation will start "very soon." The initiative, which hasn't yet been publicly announced, comes amid intensifying fears that Russia or China could mine, sever or otherwise tamper with undersea cables in an attempt to disrupt communications during a military crisis. Data carried through cables under the sea account for roughly $10 trillion worth of financial transactions every day, and nearly all of the NATO's internet traffic travels through them, according to the treaty organization. As a result, NATO has been ramping up efforts to protect cables over the course of the past several months.

Monday Boeing announced plans to acquire its key supplier, Spirit AeroSystems, for $4.7 billion, according to the Associated Press — "a move that it says will improve plane quality and safety amid increasing scrutiny by Congress, airlines and the Department of Justice. Boeing previously owned Spirit, and the purchase would reverse a longtime Boeing strategy of outsourcing key work on its passenger planes."

But meanwhile, an anonymous reader shared this report from Newsweek: More than a hundred Boeing whistleblowers have contacted the U.S. aviation watchdog since the start of the year, Newsweek can reveal. Official figures show that the Federal Aviation Administration's (FAA) whistleblowing hotline has seen a huge surge of calls from workers concerned about safety problems. Since January the watchdog saw a total of 126 reports, via various channels, from workers concerned about safety problems. In 2023, there were just 11....

After a visit from FAA Administrator Mike Whitaker to a Boeing factory earlier in the year, Boeing CEO Dave Calhoun agreed to share details of the hotline with all Boeing employees. The FAA told Newsweek that the number of Boeing employees coming forward was a "sign of a healthy culture".... Newsweek also spoke to Jon Holden, president of the 751 District for the International Association of Machinists, Boeing's largest union which represents more than 32,000 aerospace workers. Holden said that numerous whistleblowers had complained to the FAA over Boeing's attempt to cut staff and reduce inspections in an effort to "speed up the rate" at which planes went out the door...

Holden's union is currently in contract negotiations with Boeing, and is attempting to secure a 40% pay rise alongside a 50-year guarantee of work security for its members.
CNN also reports on new allegations Wednesday from a former Boeing quality-control manager: that "for years workers at its 787 Dreamliner factory in Everett, Washington, routinely took parts that were deemed unsuitable to fly out of an internal scrap yard and put them back on factory assembly lines." In his first network TV interview, Merle Meyers, a 30-year veteran of Boeing, described to CNN what he says was an elaborate off-the-books practice that Boeing managers at the Everett factory used to meet production deadlines, including taking damaged and improper parts from the company's scrapyard, storehouses and loading docks... Meyers' claims that lapses he witnessed were intentional, organized efforts designed to thwart quality control processes in an effort to keep up with demanding production schedules. Beginning in the early 2000s, Meyers says that for more than a decade, he estimates that about 50,000 parts "escaped" quality control and were used to build aircraft. Those parts include everything from small items like screws to more complex assemblies like wing flaps. A single Boeing 787 Dreamliner, for example, has approximately 2.3 million parts...

Based on conversations Meyers says he had with current Boeing workers in the time since he left the company, he believes that while employees no longer remove parts from the scrapyard, the practice of using other unapproved parts in assembly lines continues. "Now they're back to taking parts of body sections — everything — right when it arrives at the Everett site, bypassing quality, going right to the airplane," Meyers said.

Company emails going back years show that Meyers repeatedly flagged the issue to Boeing's corporate investigations team, pointing out what he says were blatant violations of Boeing's safety rules. But investigators routinely failed to enforce those rules, Meyers says, even ignoring "eye witness observations and the hard work done to ensure the safety of future passengers and crew," he wrote in an internal 2022 email provided to CNN.

Paul Voosen reports via Science Magazine: Few things prompt as much anxiety in science and the wider world as the growing use of artificial intelligence (AI) and the rising influence of China. This spring, these two factors created a rift at the European Geosciences Union (EGU), one of the world's largest geoscience societies, that led to the firing of its president. The whole episode has been "a packaging up of fear of AI and fear of China," says Michael Stephenson, former chief geologist of the United Kingdom and one of the founders of Deep-time Digital Earth (DDE), a $70 million effort to connect digital geoscience databases. In 2019, another geoscience society, the International Union of Geological Sciences (IUGS), kicked off DDE, which has been funded almost entirely by the government of China's Jiangsu province.

The dispute pivots on GeoGPT, an AI-powered chatbot that is one of DDE's main efforts. It is being developed by Jian Wang, chief technology officer of e-commerce giant Alibaba. Built on Qwen, Alibaba's own chatbot, and fine-tuned on billions of words from open-source geology studies and data sets, GeoGPT is meant to provide expert answers to questions, summarize documents, and create visualizations. Stephenson tested an early version, asking it about the challenges of using the fossilized teeth of conodonts, an ancient relative of fish, to define the start of the Permian period 299 million years ago. "It was very good at that," he says. As awareness of GeoGPT spread, so did concern. Paul Cleverly, a visiting professor at Robert Gordon University, gained access to an early version and said in a recent editorial in Geoscientist there were "serious issues around a lack of transparency, state censorship, and potential copyright infringement." Paul Cleverly and GeoScienceWorld CEO Phoebe McMellon raised these concerns in a letter to IUGS, arguing that the chatbot was built using unlicensed literature without proper citations. However, they did not cite specific copyright violations, so DDE President Chengshan Wang, a geologist at the China University of Geosciences, decided not to end the project.

Tensions at EGU escalated when a complaint about GeoGPT's transparency was submitted before the EGU's April meeting, where GeoGPT would be introduced. "It arrived at an EGU whose leadership was already under strain," notes Science. The complaint exacerbated existing leadership issues within EGU, particularly surrounding President Irina Artemieva, who was seen as problematic by some executives due to her affiliations and actions. Science notes that she's "affiliated with Germany's GEOMAR Helmholtz Centre for Ocean Research Kiel but is also paid by the Chinese Academy of Geological Sciences to advise it on its geophysical research."

Artemieva forwarded the complaint via email to the DDE President to get his view, but forgot to delete the name attached to it, leading to a breach of confidentiality. This incident, among other leadership disputes, culminated in her dismissal and the elevation of Peter van der Beek to president. During the DDE session at the EGU meeting, van der Beek's enforcement actions against Chinese scientists and session attendees led to allegations of "harassment and discrimination."

"Seeking to broker a peace deal around GeoGPT," IUGS's president and another former EGU president, John Ludden, organized a workshop and invited all parties to discuss GeoGPT's governance, ongoing negotiations for licensing deals and alternative AI models for GeoGPT's use.

An anonymous reader quotes a report from Ars Technica: A California-based credit union with over 450,000 members said it suffered a ransomware attack that is disrupting account services and could take weeks to recover from. "The next few days -- and coming weeks -- may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident," Patelco Credit Union CEO Erin Mendez told members in a July 1 message (PDF) that said the security problem was caused by a ransomware attack. Online banking and several other services are unavailable, while several other services and types of transactions have limited functionality.

Patelco Credit Union was hit by the attack on June 29 and has been posting updates on this page, which says the credit union "proactively shut down some of our day-to-day banking systems to contain and remediate the issue... As a result of our proactive measures, transactions, transfers, payments, and deposits are unavailable at this time. Debit and credit cards are working with limited functionality." Patelco Credit Union is a nonprofit cooperative in Northern California with $9 billion in assets and 37 local branches. "Our priority is the safe and secure restoration of our banking systems," a July 2 update said. "We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement."

Patelco says that check and cash deposits should be working, but direct deposits have limited functionality. Security expert Ahmed Banafa "said Tuesday that it looks likely that hackers infiltrated the bank's internal databases via a phishing email and encrypted its contents, locking out the bank from its own systems," the Mercury News reported. Banafa was paraphrased as saying that it is "likely the hackers will demand an amount of money from the credit union to restore its systems back to normal, and will continue to hold the bank's accounts hostage until either the bank finds a way around the hack or until the hackers are paid." Patelco hasn't revealed details about how it will recover from the ransomware attack but acknowledged to customers that their personal information could be at risk. "The investigation into the nature and scope of the incident is ongoing," the credit union said. "If the investigation determines that individuals' information is involved as a result of this incident, we will of course notify those individuals and provide resources to help protect their information in accordance with applicable laws." While ATMs "remain available for cash withdrawals and deposits," Patelco said many of its other services remain unavailable, including online banking, the mobile app, outgoing wire transfers, monthly statements, Zelle, balance inquiries, and online bill payments. Services with "limited functionality" include company branches, call center services, live chats, debit and credit card transactions, and direct deposits.

Astro is leaving its job to spend more time with family. From a report: Amazon informed customers and employees Wednesday morning that it plans to discontinue its Astro for Business program, less than a year after launching the robot security guard for small- and medium-sized businesses. The decision will help the company focus on its home version of Astro, according to an internal email. Astro for Business robots will stop working Sept. 25, the company said in a separate email to customers, encouraging them to recycle the devices.

Businesses will receive full refunds for the original cost of the device, plus a $300 credit "to help support a replacement solution for your workplace," the email said. They will also receive refunds for unused, pre-paid Astro Secure subscription fees. Announced in November 2023, the business version of Amazon's rolling robot used an HD periscope and night vision technology to autonomously patrol and map up to 5,000 square feet of space. It followed preprogrammed routes and routines, and could be controlled manually and remotely via the Amazon Astro app.

Brazil's national data protection authority ruled on Tuesday that Meta must stop using data originating in the country to train its artificial intelligence models. The Associated Press reports: Meta's updated privacy policy enables the company to feed people's public posts into its AI systems. That practice will not be permitted in Brazil, however. The decision stems from "the imminent risk of serious and irreparable or difficult-to-repair damage to the fundamental rights of the affected data subjects," the agency said in the nation's official gazette. [...] Hye Jung Han, a Brazil-based researcher for the rights group, said in an email Tuesday that the regulator's action "helps to protect children from worrying that their personal data, shared with friends and family on Meta's platforms, might be used to inflict harm back on them in ways that are impossible to anticipate or guard against."

But the decision regarding Meta will "very likely" encourage other companies to refrain from being transparent in the use of data in the future, said Ronaldo Lemos, of the Institute of Technology and Society of Rio de Janeiro, a think-tank. "Meta was severely punished for being the only one among the Big Tech companies to clearly and in advance notify in its privacy policy that it would use data from its platforms to train artificial intelligence," he said. Compliance must be demonstrated by the company within five working days from the notification of the decision, and the agency established a daily fine of 50,000 reais ($8,820) for failure to do so. In a statement, Meta said the company is "disappointed" by the decision and insists its method "complies with privacy laws and regulations in Brazil."

"This is a step backwards for innovation, competition in AI development and further delays bringing the benefits of AI to people in Brazil," a spokesperson for the company added.

Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.

Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.

In 1994, college student Jim Hall created FreeDOS (in response to Microsoft's plan to gradually phase out MS-DOS). After celebrating its 30th anniversary last week, Hill wrote a new article Saturday for OpenSource.net: "What I've learned about Open Source community over 30 years."

Lessons include "every Open Source project needs a website," but also "consider other ways to raise awareness about your Open Source software project." ("In the FreeDOS Project, we've found that posting videos to our YouTube channel is an excellent way to help people learn about FreeDOS... The more information you can share about your Open Source project, the more people will find it familiar and want to try it out.")

But the larger lesson is that "Open Source projects must be grounded in community." Without open doors for new ideas and ongoing development, even the most well-intentioned project becomes a stagnant echo chamber...

Maintain open lines of communication... This can take many forms, including an email list, discussion board, or some other discussion forum. Other forums where people can ask more general "Help me" questions are okay but try to keep all discussions about project development on your official discussion channel.
The last of its seven points stresses that "An Open Source project isn't really Open Source without source code that everyone can download, study, use, modify and share" (urging careful selection for your project's licensing). But the first point emphasizes that "It's more than just code," and Hall ends his article by attributing FreeDOS's three-decade run to "the great developers and users in our community." In celebrating FreeDOS, we are celebrating everyone who has created programs, fixed bugs, added features, translated messages, written documentation, shared articles, or contributed in some other way to the FreeDOS Project... Here's looking forward to more years to come!
Jim Hall is also Slashdot reader #2,985, and back in 2000 he answered questions from Slashdot's readers — just six years after starting the project. "Jim isn't rich or famous," wrote RobLimo, "just an old-fashioned open source contributor who helped start a humble but useful project back in 1994 and still works on it as much as he can."

As the years piled up, Slashdot ran posts celebrating FreeDOS's 10th, 15th, and 20th anniversary.

And then for FreeDOS's 25th, Hall returned to Slashdot to answer more questions from Slashdot readers...

"The outdoor-apparel brand Patagonia has given 90 U.S. employees a choice," reports Business Insider: "tell the company by Friday that you're willing to relocate or leave your job." [Alternate URL here.] The employees all work in customer services, known at Patagonia as the customer-experience, or CX, team, and have been allowed to work remotely to field calls and inquiries. These workers received a text and email Tuesday morning about an "important" meeting... Two company executives, Amy Velligan and Bruce Old, told staff in a 15-minute video meeting that the team would be moving to a new "hub" model. CX employees are now expected to live within 60 miles of one of seven "hubs" — Atlanta; Salt Lake City; Reno, Nevada; Dallas; Austin; Chicago; or Pittsburgh. Workers were offered $4,000 toward relocation costs and extra paid time off. Those willing to relocate were told to do so by September 30.

If CX staff are not willing to live near a hub city, they must leave the company. They were given 72 hours, until Friday, to confirm their decision... Access to company laptops and phones was shut off later that day until employees either agreed to relocate or said they wanted the severance, one affected CX worker said...

Both employees who spoke to Business Insider believed this was because Patagonia didn't want to handle the increased demands of employees in states with higher costs of living. "We've been asking for raises for a long time, and they keep telling us that your wage is based on a Reno cost of living and where you choose to live is on you."
According to the article, "The company hopes to bring staff together at the hubs at least once every six weeks for in-person training, company gatherings, or 'Activism Hours'." A company spokesperson described the changes as "crucial for us to build a vibrant team culture," and said there were workers who had been complaining about feeling disconnected. Though there may be another motive: "The reality is that our CX team has been running at 200% to 300% overstaffed for much of this year," she added. "While we hoped to reach the needed staffing levels through attrition, those numbers were very low, and retention remained high."
One affected worker told Business Insider that the company's proposal "was very factual. If you don't live in these seven metro areas, you either need to move there or give us your stuff and hit the brick. If we don't respond by Friday, they will assume that we have chosen the severance package and we'll start that process."

One worker added that the severance package they received was generous...

Thanks to Slashdot reader NoWayNoShapeNoForm for sharing the article.