When Google laid off 6% of its workforce — some of whom had worked for the company for decades — employees "got the news in their inbox," writes Gawker's founding editor in a scathing opinion piece in the New York Times: That sting is becoming an all-too-common sensation. In the last few years, tens of thousands of people have been laid off by email at tech and digital media companies including Twitter, Amazon, Meta and Vox. The backlash from affected employees has been swift.... It's not just tech and media. Companies in a range of industries claim this is the only efficient way to do a lot of layoffs. Informing workers personally is too complicated, they say — and too risky, as people might use their access to internal systems to perform acts of sabotage. (These layoff emails are often sent to employees' personal email; by the time they check it, they've been locked out of all their employer's own platforms.)

As someone who's managed people in newsrooms and digital start-ups and has hired and fired people in various capacities for the last 21 years, I think this approach is not just cruel but unnecessary. It's reasonable to terminate access to company systems, but delivering the news with no personal human contact serves only one purpose: letting managers off the hook. It ensures they will not have to face the shock and devastation that people feel when they lose their livelihoods. It also ensures the managers won't have to weather any direct criticism about the poor leadership that brought everyone to that point.... Future hiring prospects will be reading all about it on Twitter or Glassdoor. In a tight labor market, a company's cruelty can leave a lasting stain on its reputation....

The expectation that an employee give at least two weeks notice and help with transition is rooted in a sense that workers owe their employers something more than just their labor: stability, continuity, maybe even gratitude for the compensation they've earned. But when it's the company that chooses to end the relationship, there is often no such requirement. The same people whose labor helped build the company get suddenly recoded as potential criminals who might steal anything that's not nailed down....

Approval of unions is already at 71 percent. Dehumanizing workers like this is accelerating the trend. Once unthinkable, unionization at large tech companies now seems all but inevitable. Treating employees as if they're disposable units who can simply be unsubscribed to ultimately endangers a company's own interests. It seems mistreated workers know their value, even if employers — as they are increasingly prone to demonstrate — do not.

Fortune reports on what happened next: As questions piled up over the weekend, Google CEO Sundar Pichai addressed the entire company in a meeting on Monday to answer questions, and announced then that top executives would take a pay cut this year as part of the company's cost reduction measures, Business Insider reported. Pichai said that all roles above the senior vice president level will witness "very significant reduction in their annual bonus," adding that for senior roles the compensation was linked to company performance. It was not immediately clear how big Pichai's own pay cut would be.
Reuters also points out that Pichai "received a massive hike in salary a few weeks before Google announced layoffs." But Fortune makes an interesting comparison: Pichai's move to cut the pay for senior executives comes only weeks after Apple's Tim Cook announced his compensation would be 40% lower amid shareholder pressure. The iPhone maker had a strong 2022 and remains one of the few tech behemoths that hasn't announced layoffs yet.
Last year Apple's share price still dropped 27%, reports Forbes, and "According to the Wall Street Journal, Apple is expected next month to report its first quarterly sales decline in over three years."

Yet Apple seems to have avoided layoffs — which Forbes argues is because Apple didn't hire aggressively during the pandemic. Compared to the other Big Tech companies, Apple scaled its workforce at a relatively slow pace and has generally followed the same hiring rate since 2016. While there was a hiring surge in Silicon Valley during the pandemic, Apple added less than 7,000 jobs in 2020....

The tech companies undergoing layoffs right now hired fervently during their pandemic — and even before. Alphabet has consecutively expanded its workforce at least 10% annually since 2013, according to CNBC....

Since 2012, Meta has expanded its workforce by thousands each year. In 2020, Zuckerberg increased headcount by 30% — 13,000 workers. The following year, the social media platform added another 13,000 employees to its payroll. Those two years marked the biggest growth in the company's history.

Amazon has initiated its plan to separate more than 18,000 white-collar professionals from its payroll. In 2021, the online retailer hired an estimated 500,000 employees, according to GeekWire, becoming the second-largest employer in the United States after Walmart. A year later, the company expanded its workforce by 310,000.
Entrepeneur supplies some context about those layoffs at Google: Reports indicate qualifying staff who were let go will receive their full notification period salary plus a severance package beginning at 16 weeks' pay and two additional weeks for every year of employment. Also part of the package: bonuses, vacation time, and health care coverage for up to six months will be paid for, along with job placement and immigration support.
Entrepreneur also notes reports that Google's latest round of layoffs "affected 27 massage therapists across Los Angeles and Irvine."

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."

The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."

News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.

The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."

A Dutch hacker arrested in November obtained and offered for sale the full name, address and date of birth of virtually everyone in Austria, the Alpine nation's police said on Wednesday. From a report: A user believed to be the hacker offered the data for sale in an online forum in May 2020, presenting it as "the full name, gender, complete address and date of birth of presumably every citizen" in Austria, police said in a statement, adding that investigators had confirmed its authenticity.

The trove comprised close to nine million sets of data, police said. Austria's population is roughly 9.1 million. The hacker had also put "similar data sets" from Italy, the Netherlands and Colombia up for sale, Austrian police said, adding that they did not have further details.

The U.S. government's cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software. From a report: CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a "widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software" that had targeted multiple federal civilian executive branch agencies -- known as FCEBs -- a list that includes Homeland Security, the Treasury, and the Justice Department.

CISA said it first identified suspected malicious activity on two FCEB systems in October while conducting a retrospective analysis using Einstein, a government-operated intrusion detection system used for protecting federal civilian agency networks. Further analysis led to the conclusion that many other government networks were also affected.

A Yandex source code repository allegedly stolen by a former employee of the Russian technology company has been leaked as a Torrent on a popular hacking forum. From a report: Yesterday, the leaker posted a magnet link that they claim are 'Yandex git sources' consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories allegedly contain all of the company's source code besides anti-spam rules.

An anonymous reader shares a report: More than 700 miles from Wall Street, the New York Stock Exchange's backup data center on Cermak Road in Chicago is supposed to safeguard US markets, standing by at all hours in case disaster ever strikes the world's largest venue for trading shares. When markets are closed, it participates in a well-worn routine, with NYSE staffers turning on and off systems to ensure everything works. But heading into Tuesday, an NYSE employee failed to properly shut down Cermak's disaster-recovery system -- leading to a disaster.

That human error, described by people with direct knowledge of NYSE's internal operations, is what triggered wild market swings when trading opened Tuesday morning in Manhattan. The chaos affected more than 250 companies including Wells Fargo, McDonald's, Walmart and Morgan Stanley, in some cases sending stock prices swinging by 25 percentage points in a matter of minutes. The episode has prompted the exchange to cancel thousands of trades at a cost that's still being determined. Meanwhile, market professionals and day traders are rattled and waiting for the exchange to elaborate on what it publicly called a "manual error" involving its "disaster recovery configuration."

British cybersecurity officials are warning that hacking groups linked to Russia and Iran are duping people into clicking malicious links by impersonating journalists and experts. From a report: The hackers, who have similar goals but are said to be working separately, have sought to steal emails from people working in academia, defense, the media and government, as well as from activists and non-governmental organizations, according to an advisory released on Thursday by the UK's National Cyber Security Centre. "These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems," said Paul Chichester, the center's director of operations. "We strongly encourage organizations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online."

An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.

The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.

But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. [...] Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.

Google plans to discontinue a pilot program that allows political campaigns to evade its email spam filters, the latest round in the technology giant's tussle with the GOP over online fundraising. The Washington Post reports: The company will let the program sunset at the end of January instead of prolonging it, Google's lawyers said in a filing on Monday. The filing, in U.S. District Court for the Eastern District of California, asked the court to dismiss a complaint lodged by the Republican National Committee accusing Google of "throttling its email messages because of the RNC's political affiliation and views." "The RNC is wrong," Google argued in its motion. "Gmail's spam filtering policies apply equally to emails from all senders, whether they are politically affiliated or not." [...]

While rejecting the GOP's attacks, Google nonetheless bowed to them. The company asked the Federal Election Commission to greenlight the pilot program, available to all campaigns and political committees registered with the federal regulator. The company anticipated at the time that a trial run would last through January 2023. Thousands of public comments implored the FEC to advise against the program, which consumer advocates and other individuals said would overwhelm Gmail users with spam. Anne P. Mitchell, a lawyer and founder of an email certification service called Get to the Inbox, wrote that Google was "opening up the floodgates to their users' inboxes ... to assuage partisan disgruntlement."

The FEC gave its approval in August, with one Democrat joining the commission's three Republicans to clear the way for the initiative. Ultimately, more than 100 committees of both parties signed up for the program, said Google spokesman Jose Castaneda. The RNC was not one of them, as Google emphasized in its motion to dismiss in the federal case in California. "Ironically, the RNC could have participated in a pilot program leading up to the 2022 midterm elections that would have allowed its emails to avoid otherwise-applicable forms of spam detection," the filing stated. "Many other politically-affiliated entities chose to participate in that program, which was approved by the FEC. The RNC chose not to do so. Instead, it now seeks to blame Google based on a theory of political bias that is both illogical and contrary to the facts alleged in its own Complaint." [...] "Indeed, effective spam filtering is a key feature of Gmail, and one of the main reasons why Gmail is so popular," the filing stated.

To help reduce the potential for malware, Android 14 will begin fully blocking the installation of apps that target outdated versions of Android. 9to5Google reports: For years now, the guidelines for the Google Play Store have ensured that Android developers keep their apps updated to use the latest features and safety measures of the Android platform. Just this month, the guidelines were updated, requiring newly listed Play Store apps to target Android 12 at a minimum. Up to this point, these minimum API level requirements have only applied to apps that are intended for the Google Play Store. Should a developer wish to create an app for an older version, they can do so and simply ask their users to sideload the APK file manually. Similarly, if an Android app hasn't been updated since the guidelines changed, the Play Store will continue serving the app to those who have installed it once before.

According to a newly posted code change, Android 14 is set to make API requirements stricter, entirely blocking the installation of outdated apps. This change would block users from sideloading specific APK files and also block app stores from installing those same apps. Initially, Android 14 devices will only block apps that target especially old Android versions. Over time though, the plan is to increase the threshold to Android 6.0 (Marshmallow), with Google having a mechanism to "progressively ramp [it] up." That said, it will likely still be up to each device maker to decide the threshold for outdated apps or whether to enable it at all. The report notes that it'll still be possible to install an outdated version of an app "through a command shell, by using a new flag."

2-year-old MacBooks with Apple's T2 security chip are being turned into parts because recyclers have no way to login and factory reset the machines, reports Motherboard. "It's a boon for security and privacy and a plague on the second hard market." From the report: "How many of you out there would like a 2-year-old M1 MacBook? Well, too bad, because your local recycler just took out all the Activation Locked logic boards and ground them into carcinogenic dust," John Bumstead, a MacBook refurbisher and owner of the RDKL INC repair store, said in a recent tweet. First introduced in 2018, the laptop makes it impossible for anyone who isn't the original owner to log into the machine. "Like it has been for years with recyclers and millions of iPhones and iPads, it's pretty much game over with MacBooks now -- there's just nothing to do about it if a device is locked," Bumstead told Motherboard. "Even the jailbreakers/bypassers don't have a solution, and they probably won't because Apple proprietary chips are so relatively formidable." When Apple released its own silicon with the M1, it integrated the features of the T2 into those computers.

"The functionality of T2 is built into Apple silicon, so it's the same situation. But whereas T2 with activation lock is basically impossible to overcome, bypass developers are finding the m1/m2 chips with activation lock even more difficult," Bumstead said. "Many bypassers have claimed solutions to T2 macs (I have not tried or confirmed they work... I am skeptical) but they admit they have had no success with M1. Regardless, a bypassed Mac is a hacked machine, which reverts to the lock if wiped and reset, so it is not ethical to sell bypassed macs in the retail environment."

Responsible recyclers and refurbishers wipe the data from used devices before selling them on. In these cases, the data is wiped, but cannot be assigned to a new user, making them effectively worthless. Instead of finding these machines a second home, Bumstead and others are dismantling them and selling the parts. These computers often end up at recycling centers after corporations go out of business or buy all new machines. [...] Motherboard first reported on this problem in 2020, but Bumstead said it's gotten worse recently. "Now we're seeing quantity come through because companies with internal 3-year product cycles are starting to dump their 2018/2019s, and inevitably a lot of those are locked," he said. "When we come upon a locked machine that was legally acquired, we should be able to log into our Apple account, enter the serial and any given information, then click a button and submit the machine to Apple for unlocking," Bumstead said. "Then Apple could explore its records, query the original owner if it wants, but then at the end of the day if there are no red flags and the original owner does not protest within 30 days, the device should be auto-unlocked."

Playing the military simulation War Thunder is now reportedly considered an official risk on background checks. PCMag reports: As GamesRadar reports, a user going by the name Add Fiat 6616 Pls posted on the War Thunder subreddit earlier this week explaining how a friend of his had applied for a job at aerospace and defense conglomerate Raytheon Technologies. As part of the security clearance process, a private investigator is used to contact the candidates "witnesses," which is shorthand for their friends. Add Fiat 6616 Pls was one of those friends and therefore received a call to answer a range of questions in an attempt to discover if the candidate's lifestyle raised any red flags. One of those question was: "Does he play War Thunder?"

The question makes sense as part of a security check and national security assessment after you realize how much classified information has leaked via the game over the past few years. War Thunder is a free-to-play vehicular combat online multiplayer game developed by Russian game developer Gaijin Entertainment (which relocated to Budapest in 2015). Since 2021, there have been six incidents of restricted or classified documents being leaked during discussions about the accuracy of the vehicles used in the game.

Apple has provided iOS 12.5.7, macOS 11.7.3, and other updates for older devices that can't be updated to the latest releases. AppleInsider reports: The new updates are for users still using older devices and operating systems and address similar bugs and security patches available in the recent iOS 16.3 and macOS Ventura releases. The security patch notes list at least 14 different systems affected by security issues that have been patched. The new update versions are: iOS 12.5.7, iOS 15.7.3, iPadOS 15.7.3, macOS Big Sur 11.7.3, and macOS Monterey 12.6.3.

Users may note the skipped iOS versions between iOS 12 and iOS 15. Those are due to where devices were cut off from updating. Every device that could run iOS 13 could run iOS 15, so Apple doesn't update every version. The oldest device supported by iOS 12.5.7, for example, is the iPhone 5s, which was released in September 2013. The oldest Macs supported by macOS Big Sur are the 2013 MacBook Air, Mac Pro, and MacBook Pro. Anyone capable of updating these new updates to the older operating systems should do so as soon as possible. The update addresses known security issues that could put the user at risk.

Tom's Hardware: Finding the best TIM can be a tricky endeavor, but some people are more adventurous than others. Case in point: An enthusiast recently broadened his GPU thermal paste search to include several interesting substances ranging from regular thermal paste to thermal pads, cheese, ketchup, toothpaste, diaper rash ointment, and even potatoes. The user originally set out to test different types of thermal pads but decided to expand into other substances, making for an interesting and entertaining study in GPU cooling with some substances that are definitely not safe for long-term use. The test system used a Radeon R7 240 with a 30W TDP, with temperature readings from a five-minute run of Furmark. As such, these tests aren't a great indicator of the long-term feasibility of using a potato to cool your chip, so here's a statement of the obvious: Don't try this at home. The user shared a spreadsheet showing the findings, including 22 different tested thermal "paste" materials. The list includes several standard thermal pads of different sizes, including Arctic TP2 0.5mm, 1mm, 1.5mm, Arctic TP3 1mm, 1.5mm, EC360 Blue 0.5mm, EC360 Gold 1mm, 0.5mm EKWB, and Thermal Grizzly Minus 8 thermal pads.

Several items caused the GPU to engage its thermal throttling mechanism due to overheating as the GPU hit its maximum temperature of 105C, including the sliced cheese and potato slices. Some thermal pads also didn't fare well, with throttling occurring with the EC360 Blue 0.5mm thermal pad, 0.5mm EKWB pad, Arctic TP2 1mm pad, Arctic TP2 1.5mm pad, Thermal Grizzly Minus 8 1.5mm pad copper tape. The double-sided aluminum adhesive pad was the worst offender of them all -- it caused the system to shut down. The Pentaten Creme (for diaper rashes) and copper paste were also problematic. However, the rest of the thermal applications were functional and did not cause the GPU to thermal throttle. This includes the 0.5mm Arctic TP2 thermal pad, 1mm Alphacool Apex thermal pad, Arctic TP3 1mm thermal pad, 1mm EC360 Gold thermal pad, and 1.5mm Arctic TP3 thermal pad. All of these thermal pads kept the GPU anywhere between 61C and 79C. The various different kinds of toothpaste did decently well, too, with the Amasan T12 coming out on top at 63C, Silber Wl.paste at 65C, and the plain no-named toothpaste being the worst, hitting 90C. Surprisingly, the Ketchup did exceptionally well, keeping the GPU at 71C.

GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. From a report: GoTo provides a platform for cloud-based remote working, collaboration, and communication, as well as remote IT management and technical support solutions. In November 2022, the company disclosed a security breach on its development environment and a cloud storage service used by both them and its affiliate, LastPass. At the time, the impact on the client data had yet to become known as the company's investigation into the incident with the help of cybersecurity firm Mandiant had just begun.

The internal investigation so far has revealed that the incident had a significant impact on GoTo's customers. According to a GoTo's security incident notification a reader shared with BleepingComputer, the attack affected backups relating to the Central and Pro product tiers stored in a third-party cloud storage facility. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.

Apple released iOS and iPadOS 16.3, macOS Ventura 13.2, and watchOS 9.3 today. The updates focus primarily on bug fixes and under-the-hood improvements, but there is one notable addition: Apple ID got support for hardware security keys. From a report: Once they've updated to the new software, a user can opt to make a device like a YubiKey a required part of the two-factor authentication process for their account. It's unlikely most users will take advantage of this, of course, but for a select few, the extra security is welcome. Other additions in iOS 16.3 include support for the upcoming new HomePod model, a tweak to how Emergency SOS calls are made, and a new Black History Month wallpaper. On the Mac side, hardware security key support is joined by the rollout of Rapid Security Response, a means for urgent security updates to be delivered to Macs without issuing a major software update. The watchOS update is oriented around bug fixes.

"Thousands of people who use Norton password manager began receiving emailed notices this month alerting them that an unauthorized party may have gained access to their personal information," reports CNET, "along with the passwords they have stored in their vaults.

"Gen Digital, Norton's parent company, said the security incident was the result of a credential-stuffing attack rather than an actual breach of the company's internal systems." Gen's portfolio of cybersecurity services has a combined user base of 500 million users — of which about 925,000 active and inactive users, including approximately 8,000 password manager users, may have been targeted in the attack, a Gen spokesperson told CNET via email....

Norton's intrusion detection systems detected an unusual number of failed login attempts on Dec. 12, the company said in its notice. On further investigation, around Dec. 22, Norton was able to determine that the attack began around Dec. 1. "Norton promptly notified both regulators and customers as soon as the team was able to confirm that data was accessed in the attack," Gen's spokesperson said.

Personal data that may have been compromised includes Norton users' full names, phone numbers and mailing addresses. Norton also said it "cannot rule out" that password manager vault data including users' usernames and passwords were compromised in the attack....

Norton is also offering access to credit monitoring services for affected users, according to its letter to customers.

The Washington Post's editorial board recently commented on the problem of America's "dead downtowns. Tourists are back, but office workers are still missing in action.... [R]estaurants, coffee hangouts, stores and transit systems cannot sustain themselves without more people in center cities...."

The problem? America "is in the midst of one of the biggest workforce shifts in generations: Many now have experienced what it is like to work from home and have discovered they prefer it."

Their proposed solution? The Post's editorial board is urging cities to adapt to the new reality of workers wanting to work two or three days remotely in part by converting commercial offices to apartments and entertainment venues. The goal is a "24/7" downtown with ample work spaces, apartments, parks and entertainment venues that draw people in during the day and have a core of residents who keep the area vibrant after commuters go home.... Office use isn't going back to pre-pandemic levels. Even Texas cities that did not shut down during the worst of the pandemic are 20 to 30 percent below 2019 office occupancy. New York, Los Angeles and D.C. are still down more than 40 percent. This a classic oversupply problem. Cities have too much office space, especially in the older buildings that companies are fleeing as they seek out new construction with more light and flexible space.

Mayors and city lawmakers have reason to be bold in seizing this opportunity. There's growing interest among developers and investors who want to be a part of the office-to-apartment revolution. They are already eyeing the easiest buildings to convert: The ones with elevators in the middle, windows and light on all sides, and the right length and width. The challenge for city leaders is to generate interest in the buildings that are "maybe" candidates for conversion.
The Post's suggestions include announcing targets for new residents living downtown, and speeding up city approvals like permitting and rezoning. "America's cities are ripe for new skylines and fresh streetscapes. The best leaders will get going soon."