Last year 30,000 people moved into central Florida's Polk County — more than to any other county in America. Its largest city has just 112,641 people, living a full 35 miles east of the 3.1 million residents in the metropolitan area around Tampa.

But the Associated Press says something similar is happening all over the country: "the rise of the far-flung exurbs." Outlying communities on the outer margins of metro areas — some as far away as 60 miles (97 kilometers) from a city's center — had some of the fastest-growing populations last year, according to the U.S. Census Bureau. Those communities are primarily in the South, like Anna, Texas on the outskirts of the Dallas-Fort Worth metro area; Fort Mill, South Carolina [just 18 miles from North Carolina city Charlotte]; Lebanon, Tennessee outside Nashville; and Polk County's Haines City... [C]ommuting to work can take up to an hour and a half one-way. But [Marisol] Ortega, who lives in Haines City about 40 miles (64 kilometers) from her job in Orlando, says it's worth it. "I love my job. I love what I do, but then I love coming back home, and it's more tranquil," Ortega said.

The rapid growth of far-flung exurbs is an after-effect of the COVID-19 pandemic, according to the Census Bureau, as rising housing costs drove people further from cities and remote working allowed many to do their jobs from home at least part of the week... Recent hurricanes and citrus diseases in Florida also have made it more attractive for some Polk County growers to sell their citrus groves to developers who build new residences or stores...

Anna, Texas, more than 45 miles (72 kilometers) north of downtown Dallas, is seeing the same kind of migration. It was the fourth-fastest growing city in the U.S. last year and its population has increased by a third during the 2020s to 27,500 residents. Like Polk County, Anna has gotten a little older, richer and more racially diverse.
The article points out that in Anna, Texas, "close to 3 in 5 households have moved into their homes since 2020, according to the Census Bureau."

Google's transistion to Safe Coding and memory-safe languages "will take multiple years," according to a post on Google's security blog. So "we're also retrofitting secure-by-design principles to our existing C++ codebase wherever possible," a process which includes "working towards bringing spatial memory safety into as many of our C++ codebases as possible, including Chrome and the monolithic codebase powering our services." We've begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs. While C++ will not become fully memory-safe, these improvements reduce risk as discussed in more detail in our perspective on memory safety, leading to more reliable and secure software... It's also worth noting that similar hardening is available in other C++ standard libraries, such as libstdc++. Building on the successful deployment of hardened libc++ in Chrome in 2022, we've now made it default across our server-side production systems. This improves spatial memory safety across our services, including key performance-critical components of products like Search, Gmail, Drive, YouTube, and Maps... The performance impact of these changes was surprisingly low, despite Google's modern C++ codebase making heavy use of libc++. Hardening libc++ resulted in an average 0.30% performance impact across our services (yes, only a third of a percent) ...

In just a few months since enabling hardened libc++ by default, we've already seen benefits. Hardened libc++ has already disrupted an internal red team exercise and would have prevented another one that happened before we enabled hardening, demonstrating its effectiveness in thwarting exploits. The safety checks have uncovered over 1,000 bugs, and would prevent 1,000 to 2,000 new bugs yearly at our current rate of C++ development...

The process of identifying and fixing bugs uncovered by hardened libc++ led to a 30% reduction in our baseline segmentation fault rate across production, indicating improved code reliability and quality. Beyond crashes, the checks also caught errors that would have otherwise manifested as unpredictable behavior or data corruption... Hardened libc++ enabled us to identify and fix multiple bugs that had been lurking in our code for more than a decade. The checks transform many difficult-to-diagnose memory corruptions into immediate and easily debuggable errors, saving developers valuable time and effort.
The post notes that they're also working on "making it easier to interoperate with memory-safe languages. Migrating our C++ to Safe Buffers shrinks the gap between the languages, which simplifies interoperability and potentially even an eventual automated translation."

Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack

An anonymous reader shares a report: The cloud migration narrative that powered tech valuations during the pandemic is attempting a comeback, but the underlying data suggests a more complex story.

UBS's new survey of IT services reveals a striking disconnect between industry expectations and customer reality. While executives proclaim "2025 will be far better than what we've seen in 2024," their enterprise clients report having migrated merely 15% of workloads to the cloud, with the remainder presenting increasingly complex challenges.

The numbers are particularly telling: Growth rates for major cloud providers AWS, Azure, and Google Cloud have declined from pandemic peaks of 40-50% to 10-20%. IT budgets for 2024, meanwhile, are projected to be "flattish to up very slightly, maybe a couple percent," marking a significant departure from the explosive growth of recent years.

An academic journal has retracted two papers because it determined their authors used unlicensed software. The Register: Elsevier's Ain Shams Engineering Journal withdrew two papers exploring dam failures after complaints from Flow Science, the Santa Fe, New Mexico-based maker of a computational fluid dynamics application called FLOW-3D.

"Following an editorial investigation as a result of a complaint from the software distributor, the authors admitted that the use of professional software, FLOW-3D program for the results published in the article, was made without a license from the developer," a note from the journal's editor-in-chief explains.

"One of the conditions of submission of a paper for publication is that the article does not violate any intellectual property rights of any person or entity and that the use of any software is made under a license or permission from the software owner."

An anonymous reader shares a report: After dragging its feet for years, Microsoft has finally released the first official Windows 11 ISOs for PCs with an Arm64 processor. This means users can now clean install Windows 11 using official offline media on an Arm64-based PC, including the latest Snapdragon X Copilot+ PCs.

The ISOs contain version 24H2 can be downloaded from the official Microsoft website, and are around 5GB in size depending on the language you select. According to the company, the ISOs are primarily designed for running Windows 11 in a virtual machine on Arm64 PCs. However, it also mentions that you can use them to clean install Windows 11 directly onto Arm64 hardware too.Unfortunately, depending on the Arm64 PC you have, you may need to do some additional work to get the ISO bootable.

Scientists have developed a method to reuse components from decommissioned data center servers, potentially reducing the carbon footprint of cloud computing infrastructure.

The research team from Microsoft, Carnegie Mellon University and the University of Washington demonstrated that older RAM modules and solid-state drives can be safely repurposed in new server builds without compromising performance, according to papers presented at recent computer architecture conferences.

When combined with energy-efficient processors, the prototype servers achieved an 8% reduction in total carbon emissions during Azure cloud service testing. Researchers estimate the approach could cut global carbon emissions by up to 0.2% if widely adopted. The cloud computing industry currently accounts for 3% of global energy consumption and could represent 20% of emissions by 2030, according to computing experts. Most data centers, including Microsoft's Azure, typically replace servers every 3-5 years.

Google is rolling out AI-powered scam call detection for Android phones, aiming to protect users from increasingly sophisticated phone fraud schemes. The new feature, available in beta for Pixel 6 and newer devices, analyzes conversation patterns in real-time to identify potential scams. When suspicious patterns emerge, such as urgently requesting fund transfers, the system alerts users through audio, haptic, and visual warnings.

The detection system operates entirely on-device using Google's machine learning models, with no call audio or transcripts stored or transmitted externally. While Pixel 9 devices utilize Google's advanced Gemini Nano AI model, earlier Pixel phones use the standard machine learning for detection, the company said. The feature, which is opt-in and can be disabled at any time, is currently limited to English-speaking Phone by Google beta users in the United States. Google plans to expand availability to additional Android devices in the future.

Italy has emerged as a major global spyware hub alongside Israel and India, with at least six major vendors operating in the country with limited oversight, The Record reported this week, citing researchers and Italian experts. Companies like RCS Labs, which has operated since 1992, sell surveillance tools to both domestic law enforcement and foreign governments including Kazakhstan, Syria, and several Asian nations.

Italian authorities can rent spyware for $160 per day without large acquisition costs, leading to thousands of domestic surveillance operations in recent years. While new regulations taking effect in February 2024 will require judges to evaluate specific reasons for spyware use, critics cited in the story say the reform package won't address core issues like the lack of centralized oversight. The country's competitive marketplace and relatively lax export controls have also enabled Italian vendors to expand their overseas sales.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

Microsoft is planning to no longer support the Windows Mail, Calendar, and People apps later this year. The Verge: The software giant has been moving existing users of these apps over to the new Outlook for Windows app in recent months, and now it has set an end of support date for the Mail, Calendar, and People apps of December 31st.

Once the apps reach end of support later this year, Microsoft warns that users who haven't moved to the new Outlook app "will no longer be able to send and receive email using Windows Mail and Calendar."

Microsoft has been rolling out the new Outlook for Windows app for years, with it officially reaching the general availability stage in August. The new web-based Outlook is designed to eventually replace the full desktop version of Outlook too, and Microsoft plans to provide enterprise customers a 12-month notice before it starts to move people away from the desktop version of Outlook.

D-Link confirmed no fix will be issued for the over 60,000 D-Link NAS devices that are vulnerable to a critical command injection flaw (CVE-2024-10914), allowing unauthenticated attackers to execute arbitrary commands through unsanitized HTTP requests. The networking company advises users to retire or isolate the affected devices from public internet access. BleepingComputer reports: The flaw impacts multiple models of D-Link network-attached storage (NAS) devices that are commonly used by small businesses: DNS-320 Version 1.00; DNS-320LW Version 1.01.0914.2012; DNS-325 Version 1.01, Version 1.02; and DNS-340L Version 1.08. [...] A search that Netsecfish conducted on the FOFA platform returned 61,147 results at 41,097 unique IP addresses for D-Link devices vulnerable to CVE-2024-10914.

In a security bulletin today, D-Link has confirmed that a fix for CVE-2024-10914 is not coming and the vendor recommends that users retire vulnerable products. If that is not possible at the moment, users should at least isolate them from the public internet or place them under stricter access conditions. The same researcher discovered in April this year an arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, impacting mostly the same D-Link NAS models as the latest flaw.

Amazon has confirmed that employee data was compromised after a "security event" at a third-party vendor. From a report: In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations," Montgomery said.

Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn't have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach. The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year's mass-exploitation of MOVEit Transfer.

Google will require all new mobile chipsets launching with Android 15 to support its Android Virtualization Framework (AVF), a significant shift in the operating system's security architecture. The mandate, reports AndroidAuthority that got a hold of Android's latest Vendor Software Requirements document, affects major chipmakers including Qualcomm, MediaTek, and Samsung's Exynos division. New processors like the Snapdragon 8 Elite and Dimensity 9400 must implement AVF support to receive Android certification.

AVF, introduced with Android 13, creates isolated environments for security-sensitive operations including code compilation and DRM applications. The framework also enables full operating system virtualization, with Google demonstrating Chrome OS running in a virtual machine on Android devices.

Long-time Slashdot reader DesScorp writes: The Washingtonian magazine reports that yet another company is ending most remote work for its employees. The Post's previous policy from 2022 until now had been 3 days in office, 2 days remote. The employee union for the paper, the Washington Post Guild, will oppose the mandate.
The union sent members a defiant email, according to the article. "Guild leadership sees this for what it is: a change that stands to further disrupt our work than to improve our productivity or collaboration." Managers will have to return beginning February 3, 2025, and all other employees will be expected in the office beginning June 2 [according to a memo from publisher Will Lewis]. "I want that great office energy for us every day," Lewis writes. "I am reliably informed that is how it used to be here before Covid, and it's important we get this back."

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

On Tuesday Massachusetts voted to become the first state to allow gig-working drivers to join labor unions, reports WBUR: Since these gig workers are classified as independent contractors, federal law allowing employees the right to unionize does not apply to them. With the passage of this ballot initiative, Massachusetts is the first state to give ride-hailing drivers the ability to collectively bargain over working conditions.
Supporters have said the ballot measure "could provide a model for other states to let Uber and Lyft drivers unionize," reports Reuters, "and inspire efforts to organize them around the United States." Roxana Rivera, assistant to the president of 32BJ SEIU, an affiliate of the Service Employees International Union, that had spearheaded a campaign to pass the proposal, said its approval shows that Massachusetts voters want drivers to have a meaningful check against the growing power of app-based companies... The Massachusetts vote was the latest front in a years-long battle in the United States over whether ride-share drivers should be considered to be independent contractors or employees entitled to benefits and wage protections. Studies have shown that using contractors can cost companies as much as 30% less than employees.

Drivers for Uber and Lyft, including approximately 70,000 in Massachusetts, do not have the right to organize under the National Labor Relations Act... Under the Massachusetts measure, drivers can form a union after collecting signatures from at least 25% of active drivers in Massachusetts, and companies can form associations to allow them to jointly negotiate with the union during state-supervised talks.
But the Boston Globe points out that the measure " divided labor advocates in Massachusetts, some of whom worry it would in fact be a step backward in the lengthy fight to boost the rights of gig workers." Those concerns led the state's largest labor organization, the AFL-CIO, to remain neutral. But two unions backing the effort, the SEIU 32BJ and the International Association of Machinists, say allowing drivers to unionize, even if not as full employees, will help provide urgently needed worker protections and better pay and safety standards.

Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, 404 Media is reporting, citing a law enforcement document it obtained. From the report: The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.

"The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network," the document reads. Apple did not provide a response on whether it introduced such an update in time for publication.

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

UK government-appointed commissioners have labeled Birmingham City Council's Oracle Fusion rollout as "the poorest ERP deployment" they have seen. From a report: A report published by the UK council's Corporate Finance Overview and Scrutiny Committee found that 18 months after Fusion went live, the largest public authority in Europe "had not tactically stabilized the system or formulated clear plans to resolve the system issues and recover the operation."

The city council's cloud-based Oracle tech replaced the SAP system that it began using in 1999, but the disastrous project encountered a string of landmark failures. The council has failed to produce auditable accounts since Oracle was implemented in 2022, costs have ballooned from around 19 million pound to a projected estimate of 131 million pound and, because the council chose not to use system audit features, it cannot tell if fraud has taken place on its multibillion-pound spending budget for an 18-month period. In September last year, the council became effectively bankrupt due to outstanding equal pay claims and the Oracle implementation.

The report from "best value commissioners" appointed by central government to investigate struggling councils said that following the Oracle implementation, "a serious lack of trust had developed between members and officers driven by the failed implementation and subsequent lack of progress to resolve the situation."