The UK's Financial Conduct Authority (FCA) has fined Equifax a smidge over $13.6 million for severe failings that put millions of consumers at risk of financial crime. From a report: The regulator branded the entire debacle "entirely preventable" -- from Equifax's failure to promptly notify regulators to the way in which it misled the public over the severity of a security breach back in 2017. The original fine should have been greater; the true sum was $19,428,836 but the company received a 30 percent discount for agreeing to the penalty early into the proceedings. It also received a 15 percent credit for good behavior during the investigation.

After first opening the investigation in 2017, the FCA's fine comes after the ICO wasted less time imposing a penalty of $609,092 in 2018. "Cybersecurity and data protection are of growing importance to the security and stability of financial services," said Jessica Rusu, FCA chief data, information, and intelligence officer. "Firms not only have a technical responsibility to ensure resiliency, but also an ethical responsibility in the processing of consumer information. The Consumer Duty makes it clear that firms must raise their standards."

There's a new Cisco vulnerability in its Emergency Responder product: "This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." Bruce Schneier adds: "This is not the first time Cisco products have had hard-coded passwords made public. You'd think it would learn."

Jessica Lyons Hardcastle reports via The Register: The European Telecommunications Standards Institute (ETSI) may open source the proprietary encryption algorithms used to secure emergency radio communications after a public backlash over security flaws found this summer. "The ETSI Technical Committee in charge of TETRA algorithms is discussing whether to make them public," Claire Boyer, a spokesperson for the European standards body, told The Register. The committee will discuss the issue at its next meeting on October 26, she said, adding: "If the consensus is not reached, it will go to a vote."

TETRA is the Terrestrial Trunked Radio protocol, which is used in Europe, the UK, and other countries to secure radio communications used by government agencies, law enforcement, military and emergency services organizations. In July, a Netherlands security biz uncovered five vulnerabilities in TETRA, two deemed critical, that could allow criminals to decrypt communications, including in real-time, to inject messages, deanonymize users, or set the session key to zero for uplink interception. At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks."

At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks." It did, however, face criticism from the security community over its response to the vulnerabilities -- and the proprietary nature of the encryption algorithms, which makes it more difficult for proper pentesting of the emergency network system. "This whole idea of secret encryption algorithms is crazy, old-fashioned stuff," said security author Kim Zetter who first reported the story. "It's very 1960s and 1970s and quaint. If you're not publishing [intentionally] weak algorithms, I don't know why you would keep the algorithms secret."

French technology company Shadow has confirmed a data breach involving customers' personal information. TechCrunch: The Paris-headquartered startup, which offers gaming through its cloud-based PC service, said in an email to customers this week that hackers had accessed their personal information after a successful social engineering attack targeted the company. "At the end of September, we were the victim of a social engineering attack targeting one of our employees," Shadow CEO Eric Sele said in the email, seen by TechCrunch. "This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of our employee, himself a victim of the same attack."

Shadow said that though its security team took unspecified "immediate action," the hackers were able to connect to the management interface of one of the company's software-as-a-service (SaaS) providers to obtain customers' private data. That data includes full names, email addresses, dates of birth, billing addresses and credit card expiry dates. Shadow says no passwords or sensitive banking data were compromised.

After Microsoft recently imposed storage limits for photos in a user's OneDrive account, Microsoft has now reversed course after receiving a barrage of backlash. From a report: In August, Microsoft announced that photos in a user's OneDrive Gallery and in each of their saved photo albums would count separately toward the company's cloud-based limit of five gigabytes, according to Neowin. The update was expected to roll out on October 16, which would force some users to encounter storage ceilings as the extra data was added to their OneDrive, preventing additional files from syncing. Customers were surprised by the abrupt policy change, so surprised in fact that the company caved to user backlash and recently announced that the change was no longer on the table.

"On August 31, 2023, we began to communicate an upcoming update to our cloud storage infrastructure that would result in a change in how OneDrive photos and photo albums data is counted against your overall cloud storage quota," Microsoft said in an email to customers, which has also been posted to the company's Support page. "This change was scheduled to start rolling out on October 16, 2023. Based on the feedback we received, we have adjusted our approach, we will no longer roll out this update."

Microsoft says Chinese state-backed hackers are exploiting a "critical"-rated zero-day vulnerability in Atlassian software to break into customer systems. From a report: The technology giant's threat intelligence team said in a post on X, formerly Twitter, that it has observed a nation-state threat actor it calls Storm-0062 exploiting a recently disclosed critical flaw in Atlassian Confluence Data Center and Server. Microsoft has previously identified Storm-0062 as a China-based state-sponsored hacker.

Microsoft said it observed in-the-wild abuse of the maximum rated 10.0 vulnerability, tracked as CVE-2023-22515, since September 14, some three weeks before Atlassian's public disclosure on October 4. A bug is considered a zero-day when the vendor -- in this case Atlassian -- has zero time to fix the bug before it is exploited. Atlassian updated its advisory this week to confirm it has "evidence to suggest that a known nation-state actor" is exploiting the bug, which the company says could allow a remote attacker to create unauthorized administrator accounts to access Confluence servers. Atlassian's Confluence is a widely popular collaborative wiki system used by corporations around the world to organize and share work.

Qualcomm's annual "Snapdragon Summit" is coming up later this month, and the company appears ready to share more about its long-planned next-generation Arm processor for PCs. ArsTechnica: The company hasn't shared many specifics yet, but yesterday we finally got a name: "Snapdragon X," which is coming in 2024, and it may finally do for Arm-powered Windows PCs what Apple Silicon chips did for Macs a few years ago (though it's coming a bit later than Qualcomm had initially hoped). Qualcomm has been making chips for PCs for years, most recently the Snapdragon 8cx Gen 3 (you might also know it as the Microsoft SQ3, which is what the chip is called in Surface devices). But those chips have never quite been fast enough to challenge Intel's Core or AMD's Ryzen CPUs in mainstream laptops. Any performance deficit is especially noticeable because many people will run at least a few apps designed for the x86 version of Windows, code that needs to be translated on the fly for Arm processors.

So why will Snapdragon X be any different? It's because these will be the first chips born of Qualcomm's acquisition of Nuvia in 2021. Nuvia was founded and staffed by quite a few key personnel from Apple's chipmaking operation, the team that had already upended a small corner of the x86 PC market by designing the Apple M1 and its offshoots. Apple had sued Nuvia co-founder and current Qualcomm engineering SVP Gerard Williams for poaching Apple employees, though the company dropped the suit without comment earlier this year. The most significant change from current Qualcomm chips will be a CPU architecture called Oryon, Qualcomm's first fully custom Arm CPU design since the original Kryo cores back in 2015. All subsequent versions of Kryo, from 2016 to now, have been tweaked versions of off-the-shelf Arm Cortex processors rather than fully custom designs. As we've seen in the M1 and M2, using a custom design with the same Arm instruction set gives chip designers the opportunity to boost performance for everyday workloads while still maintaining impressive power usage and battery life.

Members of the vintage Mac community are in desperate need of a new supply of a specific, discontinued dongle that has become increasingly rare and extremely expensive on the secondary market. From a report: "Bring Back the Belkin F2E9142-WHT ADC to DVI Cable for Vintage Apple Macs!," a change.org petition created this week by vintage Mac enthusiast Grant Woodward reads. "I am deeply concerned about the discontinuation of the Belkin F2E9142-WHT ADC to DVI cable. This essential piece of technology has become increasingly rare and difficult to find since it went out of production," the petition reads. "For those unfamiliar with its significance, this cable allows vintage Apple Macintosh computers to connect with more recent monitors, breathing new life into these iconic machines. It is an invaluable tool for restoring, collecting, and preserving these pieces of computing history." As Woodward notes, the adapter in question allows an older generation of Power Mac G3 and G4 from the early 2000s to connect to newer monitors.

wiredmikey writes: A zero-day vulnerability named 'HTTP/2 Rapid Reset' has been exploited by malicious actors to launch the largest distributed denial-of-service (DDoS) attacks in internet history. One of the attacks seen by Cloudflare was three times larger than the record-breaking 71 million requests per second (RPS) attack reported by company in February. Specifically, the HTTP/2 Rapid Reset DDoS campaign peaked at 201 million RPS, while Google's observed a DDoS attack that peaked at 398 million RPS. The new attack method abuses an HTTP/2 feature called 'stream cancellation', by repeatedly sending a request and immediately canceling it.

Google has announced that passkeys, touted by the tech giant as the "beginning of the end" for passwords, are becoming the default sign-in method for all users. From a report: Passkeys are a phishing-resistant alternative to passwords that allow users to sign into accounts using the same biometrics or PINs they use to unlock their devices, or with a physical security key. This removes the need for users to rely on the traditional username-password combination, which has long been susceptible to phishing, credential stuffing attacks, keylogger malware, or simply being forgotten. While security technologies multi-factor authentication and password managers add an extra layer of security to password-protected accounts, they are not without flaws. Authentication codes sent via text messages can be intercepted by attackers, for example, and password managers can (and have been) hacked.

An anonymous reader quotes a report from TechCrunch: Several groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerusalem Post reported Monday that since Saturday morning its website was down "due to a series of cyberattacks initiated against us." At the time of writing, the paper's website still appeared down.

Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a conference on Monday that there have been denial of service (DDoS) attacks and defacements of websites, without attributing the cyberattacks to particular groups. "But we're not yet seeing real [nation] state malicious actors," Joyce reportedly said. [...] Joyce's remarks appear to confirm findings of security researcher Will Thomas, who told TechCrunch that he has seen more than 60 websites taken down with DDoS attacks, and more than five websites that were defaced as of Monday.

It is common for hacktivist groups to launch cyberattacks during armed conflict, similar to what happened in Ukraine. These hackers are often not affiliated with any governments but rather a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are far more limited compared to the activities of nation-state hacking groups. Researchers and government agencies like the NSA say they have only seen activity by hacktivists so far in this Hamas-Israel conflict. "The thing that has surprised me about the hacktivism surrounding this conflict is the amount of international groups involved, such as those allegedly from Bangladesh, Pakistan, and Morocco all also targeting Israel in support of Palestine," said Thomas. "We also seen long-time threat actors returning who have participated in attacks and spread them using the hashtag #OpIsrael for years."

"I have seen several posts of cybercriminal service operators such as DDoS-for-Hire or Initial Access Brokers offering their services to those wanting to target Israel or Palestine," he added.

Windows 10 may be just shy of two years away from the ax, but its successor, Windows 11, appears to be as unpopular as ever. From a report: The end of Windows 10 support is getting closer. Unless the company blinks, October 14, 2025, will be the end of the line for the Home and Pro editions of the operating system, yet users seem reluctant to move on to Windows 11. There was a marked reluctance by users to move from Windows 7, back in the day, but some of the reasons for hesitancy this time are different. The move to Windows 10 usually required the purchase of new hardware. It tended to be unavoidable -- 7 could run on far lower-spec devices than later versions. The move from Windows 10 to Windows 11 will also require new hardware, but for different reasons.

Infamously, Microsoft axed support for a raft of hardware with Windows 11, including older Intel CPUs, on security grounds. The result was that hardware that will run Windows 10 perfectly well will not accept the new operating system. And this is not due to performance problems (who remembers trying to run Vista on XP hardware?) but rather because of Microsoft's edict. The result? A collective shrug from PC users. Windows 10 does the job. Why upgrade? The figures speak for themselves. Windows 10 dominates the desktop. According to Statcounter, the worldwide Windows version desktop market share puts Windows 10 at 71.64 percent, with Windows 11 trailing at 23.61 percent.

"34% of Californians say they are considering moving out of the state due to housing costs," according to statistics from a new report from the Public Policy Institute of California.

It's a nonprofit think tank founded in 1994 "to inform and improve public policy in California through independent, objective, nonpartisan research." (Founded with a grant from Bill Hewlett of Hewlett-Packard, it also gets funding from the David and Lucile Packard Foundation). The report's startling conclusion? "After a century of explosive growth, California is likely to become a slow-growing state." After the year 2030 California's seniors (older than 65) are expected to outnumber its children. "In 2020, California had nearly four residents ages 18-64 for every adult 65 and older. This ratio is expected to drop to 2.8 by 2030 and 2.2 by 2060, if current trends continue."

Births are outpacing deaths by over 106,000 people a year. (Even during the pandemic California had a lower COVID mortality rate than most states.) And international immigration remained a net positive with a 90,000-person increase in 2022. Yet all of this was offset in 2022 by a net loss of 407,000 people migrating out of the state.

California already has a population of 39 million — but the full report cites July 2023 projections from the state's Department of Finance that now "suggest that the state population will plateau between 39 and 40 million residents in the long term."

The caption on one graph notes that California "is losing households at all income levels." [W]hile the majority of domestic outmigrants are lower- and middle-income, an increasing proportion of higher-income Californians are also exiting the state. The "new normal" of remote work in many white-collar professions has enabled some higher-income workers to move. Politics might also play a role, as conservatives are much more likely than liberals to say they have considered leaving the state.
One other factor: Declining birth and fertility rates are a nationwide, even a global, phenomenon as economic and social events have changed the status of women and their access to educational and job opportunities. Total fertility rates — the number of births the average woman will have in her lifetime — have fallen across the U.S. in recent decades. No state has a rate at or above 2.1, the level necessary to maintain a population's current size (not taking immigration and migration into account), but California's fertility rate has fallen faster than most. In 2008 its rate was above the national average (2.15); by 2020 it fell to the seventh-lowest (1.52).

The declining birth rate among young adults in their 20s is the biggest driver of the fertility rate decline. One major factor is that 20-somethings are now less likely to get married, which can affect decisions to have children... In the past, higher birth rates among immigrants also helped offset lower birth rates among US-born Californians, though more recently birth rates among immigrants have declined, reflecting patterns in sending countries.

Thursday ZDNet reported... As security holes go, CVE-2023-4911, aka "Looney Tunables," isn't horrid. It has a Common Vulnerability Scoring System score of 7.8, which is ranked as important, not critical.

On the other hand, this GNU C Library's (glibc) dynamic loader vulnerability is a buffer overflow, which is always big trouble, and it's in pretty much all Linux distributions, so it's more than bad enough. After all, its discoverers, the Qualys Threat Research Unit, were able to exploit "this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13." Other distributions are almost certainly vulnerable to attack. The one major exception is the highly secure Alpine Linux. Thanks to this vulnerability, it's trivial to take over most Linux systems as a root user. As the researchers noted, this exploitation method "works against almost all of the SUID-root programs that are installed by default on Linux...."

The good news is that Red Hat, Ubuntu, Debian, and Gentoo have all released their own updates. In addition, the upstream glibc code has been patched with the fix. If you can't patch it, Red Hat has a script that should work on most Linux systems to mitigate the problem by setting your system to terminate any setuid program invoked with GLIBC_TUNABLES in the environment.

Los Angeles Times technology columnist Brian Merchant has written a book about the 1811 Luddite rebellion against industrial technology, decrying "entrepreneurs and industrialists pushing for new, dubiously legal, highly automated and labor-saving modes of production."

In a new piece he applauds the spirit of the Luddites. "The kind of visionaries we need now are those who see precisely how certain technologies are causing harm and who resist them when necessary." The parallels to the modern day are everywhere. In the 1800s, entrepreneurs used technology to justify imposing a new mode of work: the factory system. In the 2000s, CEOs used technology to justify imposing a new mode of work: algorithmically organized gig labor, in which pay is lower and protections scarce. In the 1800s, hosiers and factory owners used automation less to overtly replace workers than to deskill them and drive down their wages. Digital media bosses, call center operators and studio executives are using AI in much the same way. Then, as now, the titans used technology both as a new mode of production and as an idea that allowed them to ignore long-standing laws and regulations. In the 1800s, this might have been a factory boss arguing that his mill exempted him from a statute governing apprentice labor. Today, it's a ride-hailing app that claims to be a software company so it doesn't have to play by the rules of a cab firm.

Then, as now, leaders dazzled by unregulated technologies ignored their potential downsides. Then, it might have been state-of-the-art water frames that could produce an incredible volume of yarn — but needed hundreds of vulnerable child laborers to operate. Today, it's a cellphone or a same-day delivery, made possible by thousands of human laborers toiling in often punishing conditions.

Then, as now, workers and critics sounded the alarm...

Resistance is gathering again, too. Amazon workers are joining union drives despite intense opposition. Actors and screenwriters are striking and artists and illustrators have called for a ban of generative AI in editorial outlets. Organizing, illegal in the Luddites' time, has historically proved the best bulwark against automation. But governments must also step up. They must offer robust protections and social services for those in precarious positions. They must enforce antitrust laws. Crucially, they must develop regulations to rein in the antidemocratic model of technological development wherein a handful of billionaires and venture capital firms determine the shape of the future — and who wins and loses in it.

The clothworkers of the 1800s had the right idea: They believed everyone should share in the bounty of the amazing technologies their work makes possible.

That's why I'm a Luddite — and why you should be one, too.
So whatever happened to the Luddites? The article reminds readers that the factory system "took root," and "brought prosperity for some, but it created an immiserated working class.

"The 200 years since have seen breathtaking technological innovation — but much less social innovation in how the benefits are shared."

Long-time Slashdot reader mejustme writes: The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery."

That's from the blog of Filippo Valsorda, who was in charge of cryptography and security on the Go team at Google until 2022, (and was on the Cryptography team at Cloudflare until 2017). But more importantly, he adds that "I'm announcing a $12,288 bounty for cracking these five hashes, tripled to $36,864 if the recipient chooses to donate it to a 501(c)(3) charity of their choice."

There are hints to which phrase was used as the seed. [Before his death] Dr. Jerry Solinas said he thought he'd used something similar to "Jerry deserves a raise.

Since 2004 October has been designated "Cybersecurity Awareness Month" in America, "a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk and generate discussion on cyber threats on a national and global scale."

That's according to America's Cybersecurity and Infrastructure Security Agency (or CISA), the operational lead for federal cybersecurity and national coordinator for critical infrastructure security and resilience (specifically designed for collaboration and partnership). It's why the NSA is publicizing the ten most common cybersecurity misconfigurations in large organizations.

But in addition, for consumers CISA is introducing a new program this year that "promotes behavioral change across the Nation, with a particular focus on how individuals, families and small to medium-sized businesses can Secure Our World by focusing on the four critical actions..." In a video the director of America's cyberdefense agency calls them steps "that everyone can take to stay safe online."

• Use Strong Passwords, "meaning long, random, and unique to each account. And use a password manager to generate and to save them."

• Turn on Multi-Factor Authentication on All Accounts That Offer It. "You need more than a password on your most important accounts, like email, social media, and financial accounts."

• Recognize and Report Phishing. "Be cautious of unsolicited emails, texts, or calls asking you for personal information, and don't click on links or open attachments from unknown sources.

• Update Your Software. "In fact, enable automatic updates on your software, so the latest security patches just keep your devices continuously up-to-date."

The video ends by noting CISA is asking tech companies and software developers to create products that are "secure by design."

"And let's secure our families by ensuring that our loved ones know what to look for and how to stay safe online."

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says.

Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP).

One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

Jonathan Greig writes via The Record: Genetic testing giant 23andMe confirmed that a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web. The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.

When asked about the post, the company initially denied that the information was legitimate, calling it a "misleading claim" in a statement to Recorded Future News. The company later said it was aware that certain 23andMe customer profile information was compiled through unauthorized access to individual accounts that were signed up for the DNA Relative feature -- which allows users to opt in for the company to show them potential matches for relatives. [...] When pressed on how compromising a handful of user accounts would give someone access to millions of users, the spokesperson said the company does not believe the threat actor had access to all of the accounts but rather gained unauthorized entry to a much smaller number of 23andMe accounts and scraped data from their DNA Relative matches.

A researcher approached Recorded Future News after examining the leaked database and found that much of it looked real. [...] The researcher downloaded two files from the BreachForums post and found that one had information on 1 million 23andMe users of Ashkenazi heritage. The other file included data on more than 300,000 users of Chinese heritage. The data included profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23andme's health data. The researcher added that he discovered another issue where someone could enter a 23andme profile ID, like the ones included in the leaked data set, into their URL and see someone's profile. The data available through this only includes profile photos, names, birth years and location but does not include test results.

Kylie Robison writes via Fortune: Beginning on Monday, Slack employees will be expected to set aside their regular work duties and to instead plug away at various modules on Salesforce's Trailhead online learning platform, Fortune has learned. The goal is for Slack's employees to reach Trailhead's Ranger level, a feat that requires roughly 40 hours on the learning platform, whose modules include topics like "Learn about the Fourth Industrial Revolution" and "Healthy Eating." A large percent of Slack's roughly 3,000 staff have neglected to hit the target, according to sources inside the company. And since Salesforce provides Trailhead to other businesses as a way to "upskill" employees, some speculate that the slackers at Slack make for bad optics.

In a message to employees in mid-September, Slack CEO Lidiane Jones wrote that the one week shutdown, dubbed "Ranger Week," is intended to give everyone "dedicated time to make a lot of progress towards the goal." Jones wrote in her message that the product development engineering (PDE), customer experience (CE), Biz Ops, and communication departments are expected to participate in Ranger Week. "It's important that we all reach Ranger status this year, and I want to ensure that everyone has focus time to upskill on Trailhead," Jones wrote in the message to staff. "I know this will disrupt and slow V2MOM progress for many of us -- we are making this a priority now so we can quickly get back to work on our roadmaps," she said, referring to the company's annual forward-looking strategy planning document which stands for vision, values, methods, obstacles, and measures. [...]

"We really are canceling all meetings next week to facilitate this heads-down time, even 1:1s," Slack's chief of staff to the CTO wrote to employees on Wednesday. "We don't know yet what will happen to people who haven't hit Ranger by Jan. 31. At a minimum, it will make Slack look bad compared to the other clouds. Please do use the time next week to make as much progress as you can!" [...] Still, the work stoppage is somewhat porous. Slack's CTO noted that "deploys, on-call rotations, and interviews" will still happen as normal, and while no executive has used the word "mandatory," it's considered strongly encouraged. According to Insider, some workers at Slack are "gaming" the platform to speed through the sessions.