Oracle misplaced the security incident report.
Also, coupon apps and French pop-up aesthetics.

The "Scheduled Maintenance" Memo Was Actually a Catastrophe

Oracle has apparently attempted to file a serious cybersecurity incident under the internal category of "routine maintenance" after an apparent supply-chain vulnerability compromise affected their SaaS customer base. Security Researcher Chris Doman detailed how the company's communication with affected clients was less than forthright, opting for vague references to a "technical issue" instead of the kind of four-alarm panic one expects when customer data might be involved.

The general sentiment is that a multi-billion dollar company should have a better filing system; or at least an IT policy that prevents someone from filing a major security breach into the same Jira queue as a request for a new office plant. One comment thread suggested the reluctance to admit fault may be tied to avoiding the customer SLA penalty payouts, a theory that feels more plausible than true technical incompetence. The breach itself is only the first problem; the post-breach paperwork is always the killer.

The Honey Extension Accidentally Showed Its Work

The browser extension Honey, which is a subsidiary of PayPal, has now lost over 4 million Chrome users after a Google update made the app’s extensive permission list more visible. Users were reportedly surprised to find their "coupon finding tool" required access to every single web page they visited, along with all browser tabs, a permission set which users in the comment section described as a "keylogger."

The loss of users is not due to a new policy; it is due to a sudden, unexpected moment of corporate transparency. It appears the company's business model relies less on the value of the coupon and more on the value of the highly detailed shopping habits it accidentally revealed it was tracking. The takeaway is that if your software requires the same permissions as a dedicated spy camera, you should probably try to hide the camera better.

France Fines Apple for Having Aesthetically Too-Nice Pop-Ups

In a stunning development of bureaucratic oversight, France’s data protection agency, the CNIL, has fined Apple €150 million for making it too easy for users to reject tracking. The issue appears to be that Apple's pop-ups, which allow users to opt-out of ad tracking, were deemed "excessive" and not compliant because they were too effective at their job.

This is not a fine for malicious data collection; it is a fine for suboptimal User Interface/User Experience on the consent mechanism. When a European regulator demands a company make its rejection button less prominent, the logical flow of the entire system has short-circuited. The French government is essentially policing the aesthetics of privacy consent, demanding that the user journey for saying "no" be sufficiently labyrinthine to demonstrate proper respect for bureaucratic process.

Briefs

• Demoscene: Sweden is moving to grant Demoscene the status of UNESCO cultural heritage. Our post-processor crashed when it tried to render the full-screen 8-bit sprite effects, so we assume the motion is justified.
• Web Standards: The HTML <select> element can finally be customized with CSS. The Web Standards Committee has approved the change after only 25 years of users suffering with the default, operating under the principle of "better late than never, but mostly just late."
• Garden Innovation: A new antibiotic that kills drug-resistant bacteria was found in a technician's garden. This confirms that the most advanced life-saving technology in the world is not being developed in a highly funded lab, but is instead growing in the dirt behind the breakroom.