Blogroll

I love scouring Facebook Marketplace for a used bargain. Local sellers seem happy to list items at reasonable prices in order to encourage a sale, and I don’t have to worry about delivery costs or bumps in the mail. It’s also nice to inspect in person, before you buy.

Introduction

Large language models (LLMs) are now widely used for automated code generation across software engineering tasks. However, this powerful capability in code generation also introduces security concerns. Code generation systems could be misused for harmful purposes, such as generating malicious code. It could also produce bias-filled code reflecting underlying logic that is discriminatory or unethical. Additionally, even when completing benign tasks, LLMs may inadvertently produce vulnerable code that contains security flaws (e.g., injection risks, unsafe input handling). These unsafe outcomes undermine the trustworthiness of code generation models and pose threats to the broader software ecosystem, where safety and reliability are critical.

Many studies have explored red teaming code LLMs, testing whether the models can reject unsafe requests and whether their generated code exhibits insecure patterns. For more details, see our earlier MSR blog post on RedCodeAgent. While red teaming has significantly improved our understanding of model failure modes, progress on blue teaming—i.e., developing effective defensive mechanisms to detect and prevent such failures—remains relatively limited. Current blue teaming approaches face several challenges: (1) Poor alignment with security concepts: additional safety prompts struggle to help models understand high-level notions, such as what constitutes a malicious or bias instruction, and typically lack actionable principles to guide safe decision-making. A case study is shown in Figure 1. (2) Over-conservatism: especially in the domain of vulnerable code detection, models tend to misclassify safe code as unsafe, leading to more false positives and reduced developer trust. (3) Incomplete risk coverage: without a strong knowledge foundation, models perform poorly when dealing with subtle or previously unseen risks.   

To address these challenges, researchers from the University of Chicago, University of California, Santa Barbara, University of Illinois Urbana–Champaign, VirtueAI, and Microsoft Research recently released a paper: BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI. This work makes the following key contributions: 

1. Diverse red-teaming pipeline: The authors design a comprehensive red-teaming process that integrates multiple strategies to synthesize diverse red-teaming data for effective knowledge accumulation.
2. Knowledge-enhanced blue teaming: Building on the foundation of red-teaming knowledge, BlueCodeAgent significantly improves blue-teaming performance by leveraging constitutions derived from knowledge and dynamic testing. 
3. Principled-Level Defense and Nuanced-Level analysis: The authors propose two complementary strategies—Principled-Level Defense (via constitutions) and Nuanced-Level Analysis (via dynamic testing)—and demonstrate their synergistic effects in vulnerable code detection tasks. 
4. Generalization to seen and unseen risks: Empowered by comprehensive red-teaming knowledge, BlueCodeAgent generalizes effectively to unseen risks. Overall, BlueCodeAgent achieves an average 12.7% improvement in F1 score across four datasets and three tasks, attributed to its ability to distill actionable constitutions that enhance context-aware risk detection. 

Figure 1. A case study of BlueCodeAgent on the bias instruction detection task. Even when concepts such as “biased” are explicitly included in additional safety prompts, models often fail to recognize biased requests (left). BlueCodeAgent (right) addresses this gap by summarizing constitutions from knowledge and applying concrete, actionable constraints benefited from red teaming to improve the defense. A blue teaming agent enabled by red teaming Figure 2: Overview of BlueCodeAgent, an end-to-end blue teaming framework powered by automated red teaming for code security. By integrating knowledge derived from diverse red teaming and conducting dynamic sandbox-based testing, BlueCodeAgent substantially strengthens the defensive capabilities beyond static LLM analysis.

Figure 2 presents an overview of the pipeline. The framework unifies both sides of the process: red teaming generates diverse risky cases and behaviors, which are then distilled into actionable constitutions that encode safety rules on the blue-teaming side. These constitutions guide BlueCodeAgent to more effectively detect unsafe textual inputs and code outputs, mitigating limitations such as poor alignment with abstract security concepts. 

This work targets three major risk categories, covering both input/textual-level risks—including biased and malicious instructions—and output/code-level risks, where models may generate vulnerable code. These categories represent risks that have been widely studied in prior research. 

Diverse red-teaming process for knowledge accumulation 

Since different tasks require distinct attack strategies, the red-teaming employs multiple attack methods to generate realistic and diverse data. Specifically, the red-teaming process is divided into three categories:

1. Policy-based instance generation: To synthesize policy-grounded red-teaming data, diverse security and ethical policies are first collected. These high-level principles are then used to prompt an uncensored model to generate instances that intentionally violate the specified policies.
2. Seed-based adversarial prompt optimization: Existing adversarial instructions are often overly simplistic and easily rejected by models. To overcome this limitation, an adaptive red-teaming agent invokes various jailbreak tools to iteratively refine initial seed prompts until the prompts achieve high attack success rates.
3. Knowledge-driven vulnerability generation: To synthesize both vulnerable and safe code samples under realistic programming scenarios, domain knowledge of common software weaknesses (CWE) is leveraged to generate diverse code examples.

Knowledge-enhanced blue teaming agent 

After accumulating red-teaming knowledge data, BlueCodeAgent set up Principled-Level Defense via Constitution Construction and Nuanced-Level Analysis via Dynamic Testing.

1. Principled-Level Defense via Constitution Construction 
   Based on the most relevant knowledge data, BlueCodeAgent summarizes red-teamed knowledge into actionable constitutions—explicit rules and principles distilled from prior attack data. These constitutions serve as normative guidelines, enabling the model to stay aligned with ethical and security principles even when confronted with novel or unseen adversarial inputs. 
2. Nuanced-Level Analysis via Dynamic Testing 
   In vulnerable code detection, BlueCodeAgent augments static reasoning with dynamic sandbox-based analysis, executing generated code within isolated Docker environments to verify whether the model-reported vulnerabilities manifest as actual unsafe behaviors. This dynamic validation effectively mitigates the model’s tendency toward over-conservatism, where benign code is mistakenly flagged as vulnerable. 

PODCAST SERIES

The AI Revolution in Medicine, Revisited

Join Microsoft’s Peter Lee on a journey to discover how AI is impacting healthcare and what it means for the future of medicine.

Listen now Opens in a new tab Insights from BlueCodeAgent  BlueCodeAgent outperforms prompting baselines 

As shown in Figure 3, BlueCodeAgent significantly outperforms other baselines. Several findings are highlighted. 

(1) Even when test categories differ from knowledge categories to simulate unseen scenarios, BlueCodeAgent effectively leverages previously seen risks to handle unseen ones, benefiting from its knowledge-enhanced safety reasoning. 

(2) BlueCodeAgent is model-agnostic, working consistently across diverse base LLMs, including both open-source and commercial models. Its F1 scores for bias and malicious instruction detection approach 1.0, highlighting strong effectiveness. 

(3) BlueCodeAgent achieves a strong balance between safety and usability. It accurately identifies unsafe inputs while maintaining a reasonable false-positive rate on benign ones, resulting in a consistently high F1 score. 

(4) By contrast, prompting with general or fine-grained safety reminders remains insufficient for effective blue teaming, as models struggle to internalize abstract safety concepts and apply them to unseen risky scenarios. BlueCodeAgent bridges this gap by distilling actionable constitutions from knowledge, using concrete and interpretable safety constraints to enhance model alignment. 

Figure 3: F1 scores on bias instruction detection task (BlueCodeEval-Bias) in the first row and on malicious instruction detection task (BlueCodeEval-Mal) in the second row.  Complementary effects of constitutions and dynamic testing 

In vulnerability detection tasks, models tend to behave conservatively—an effect also noted in prior research. They are often more likely to flag code as unsafe rather than safe. This bias is understandable: confirming that code is completely free from vulnerabilities is generally harder than spotting a potential issue. 

To mitigate this over-conservatism, BlueCodeAgent integrates dynamic testing into its analysis pipeline. When BlueCodeAgent identifies a potential vulnerability, it triggers a reliable model (Claude-3.7-Sonnet-20250219) to generate test cases and corresponding executable code that embeds the suspicious snippet. These test cases are then run in a controlled environment to verify whether the vulnerability actually manifests. The final judgment combines the LLM’s analysis of the static code, the generated test code, run-time execution results, and constitutions derived from knowledge. 

Researchers find the two components—constitutions and dynamic testing—play complementary roles. Constitutions expand the model’s understanding of risk, increasing true positives (TP) and reducing false negatives (FN). Dynamic testing, on the other hand, focuses on reducing false positives (FP) by validating whether predicted vulnerabilities can truly be triggered at run-time. Together, they make BlueCodeAgent both more accurate and more reliable in blue-teaming scenarios. 

Summary 

BlueCodeAgent introduces an end-to-end blue-teaming framework designed to address risks in code generation. The key insight behind BlueCodeAgent is that comprehensive red-teaming can greatly strengthen blue-teaming defenses. Based on this idea, the framework first builds a red-teaming process with diverse strategies for generating red-teaming data. It then constructs a blue-teaming agent that retrieves relevant examples from the red-teaming knowledge base and summarizes safety constitutions to guide LLMs in making accurate defensive decisions. A dynamic testing component is further added to reduce false positives in vulnerability detection. 

Looking ahead, several directions hold promise.  

First, it is valuable to explore the generalization of BlueCodeAgent to other categories of code-generation risks beyond bias, malicious code, and vulnerable code. This may require designing and integrating novel red-teaming strategies into BlueCodeAgent and creating corresponding benchmarks for new risks.  

Second, scaling BlueCodeAgent to the file and repository levels could further enhance its real-world utility, which requires equipping agents with more advanced context retrieval tools and memory components.  

Finally, beyond code generation, it is also important to extend BlueCodeAgent to mitigate risks in other modalities, including text, image, video, and audio, as well as in multimodal applications. 

Opens in a new tab

The post BlueCodeAgent: A blue teaming agent enabled by automated red teaming for CodeGen AI appeared first on Microsoft Research.

Advent calendars are one of the most coveted gifts of the season. The catch is that they're one of the only gifts that has to be given at the beginning of December to follow proper daily opening rules, which cuts several weeks off of your possible shopping time. Naturally, everyone's scrambling — so when Amazon drops some limited-inventory Advent calendar deals ahead of Black Friday, you'd be wise to jump on them.

SEE ALSO: Best gifts under $50 that are great for absolutely everyone

As of Nov. 11, we've found a really fun variety of Advent calendars (outside of the classic Lego sets that always sell out). Themes include Mini Brands, Bluey, Hello Kitty, and several Disney Funko Pop! options. Some are flash deals with limited inventory, so if you see one still in stock and on sale, grab it.

Opens in a new window Credit: Mini Brands Mini Brands Kawaii Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: Mini Brands Mini Brands Books Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: MEGA Mega Pokémon holiday calendar building toys set $21.49 at Amazon
$24.97 Save $3.48   Get Deal Opens in a new window Credit: National Geographic National Geographic Gemstone Advent calendar $20.49 at Amazon
$29.99 Save $9.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Marvel Comics $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Disney Princess $29.49
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Stitch Holiday $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Advent calendar: Disney Mystery Box $39.99 at Amazon
$49.99 Save $10   Get Deal Opens in a new window Credit: BLDR BLDR Hello Kitty and Friends Advent calendar building toy set $23.99 at Amazon
$39.99 Save $16.00   Get Deal Opens in a new window Credit: Jazwares Hello Kitty and Friends Advent calendar $26.99 at Amazon
$44.99 Save $18.00   Get Deal Opens in a new window Credit: Bluey Bluey Advent calendar $18.76 at Amazon
$24.99 Save $6.23   Get Deal Opens in a new window Credit: Penguin Young Readers Bluey: Awesome Advent Calendar Book Bundle $19.60 at Amazon
$29.99 Save $10.39   Get Deal

It's about to get a little bit more difficult to ace your sleep score on the Apple Watch.

According to 9 to 5 Mac, watchOS 26.2 is updating its sleep score to be more accurate. Currently, your sleep score is based off of three categories: duration (worth 50 points), bedtime (worth 30 points), and interruptions (worth 20 points). Then, you're given one of five scores: very low (0-29), low (30-49), OK (50-69), high (70-89), or excellent (90-100). That "excellent" score will soon be no more.

SEE ALSO: I tested the top fitness trackers for running a marathon (by running the NYC marathon)

Apple is changing the new sleep scores by eliminating the score "excellent" and replacing that with "very high." It is also easier to get a very low score and more difficult to get that very high score. According to 9 to 5 Mac, very low will now be 0-40 points, low will be 41-60 points, OK will be 61-80 points, high will be 81-95 points, and very high will be 96 to 100 points.

In general, I've found that the Apple Watch overestimates my quality of sleep, so I see this change as a good thing. For example, last night I slept for seven hours and 16 minutes and went to bed around 10:30, which earned me a 47/50 for duration, a 30/30 on bedtime, and a 16/20 on interruptions (I have a chatty cat). In total, that was a 93 — an "Excellent." In comparison, my WHOOP MG 4.0 gave me an 87 percent sleep performance score, based on sleep duration vs. need, consistency, efficiency, and stress.

Tesla has launched a rental program letting customers drive one of its cars for three to seven days starting at just $60 per day, plus taxes and fees. The deal comes with perks like unlimited mileage, free Supercharging, and access to Full Self-Driving (Supervised) while you’re behind the wheel.

Google’s Gemini for Home voice assistant is officially two weeks into its rollout, and early reactions from users suggest it’s already changing how people talk to their smart homes.

A Nov. 11 update on the Google Nest Community blog said the Gemini for Home team has been collecting feedback "across support channels, social media, in-app feedback, and the community itself." The post claims users have praised the Gemini upgrade for making Google Home "actually useful beyond asking for today’s weather" and called it a "massive improvement" over the old Google Assistant.

The biggest question, however, remains: when will everyone get it? Google said the Gemini for Home rollout is still limited to U.S. users but will expand to other regions starting in early 2026. The company advised users to make sure their home address is current in the Google Home app.

Google also clarified confusion for people managing multiple homes. Gemini for Home is enabled at the Home level, not per account — meaning an upgrade in one household doesn’t automatically apply to others linked to the same user.

The post noted updates to the FAQ page addressing early-access questions, including troubleshooting, and how to submit feedback directly by saying, "Hey Google, send feedback."

Google said its teams are investigating reported issues and iterating quickly. Future progress updates will be posted on the company’s "Things to Know" blog.

"Your feedback is critical to helping us improve," the post said. "Please keep it coming."

Gmail continues to improve over time, which is good news, considering it's one of the most popular email services around, and it's about to get even better. Last month, news began to surface that Google was planning to add a few new filters and labels to help with organization. And now, right in time for the holiday season, two new labels are almost here to make life easier.

Hybrid cars used to take a hit on resale compared to gas-powered rides, but lately they’re holding their value better thanks to improved reliability and growing familiarity with American buyers. Rising fuel costs have pushed these efficient models into higher demand.

Apple has a new iOS beta out now for your perusal.

Specifically, the beta for iOS 26.2 is out now for iPhone users. As the second update to iOS 26, it doesn't seem like it's going to be especially transformative or revolutionary. But, the fine folks at places like 9to5Mac have dug into iOS 26.2 and come back with information about the biggest new features you can expect when the update drops in the near-ish future.

SEE ALSO: iOS 26.2, macOS 26.2, and iPadOS 26.2 betas are here: How to download iOS 26.2 beta: The biggest new features

Here's what you can expect from iOS 26.2.

Changes to Apple Podcasts

As I said, iOS 26.2 isn't a huge update. Many of the changes are minor updates to apps and whatnot, starting with Apple Podcasts.

Specifically, podcasts will now have AI-generated chapters with timestamps. Podcast creators are free to make their own chapters that will override the AI-generated ones, but if they don't feel like doing that, you'll at least have something to use as a guide for when to avoid spoiler discussions about a movie you haven't seen yet. There's also a new "Podcast Mentions" feature that will link to other podcasts that are mentioned in the one you're listening to.

Sleep Score adjustments

Interestingly, Apple decided to refine the Apple Watch Sleep Score system. Here are the new score classifications, with the previous ones in parenthesis:

• Very Low: 0-40 (was 0-29 before)

• Low: 41-60 (was 30-49 before)

• OK: 61-80 (was 50-69 before)

• High: 81-95 (was 70-89 before)

• Excellent: 96-100 (was 90-100 before)

In other words, it's a little less forgiving than it used to be.

Apple News redesign

Apple also made some UI changes to the Apple News app. For instance, the "Today" screen now has easy-access buttons for food, puzzles, politics, and sports, so you don't have to seek those out yourself. There's also a new "Following" tab that will surface stories you've saved and things you've favorited.

Liquid Glass lock screen customization

Lastly, Apple is continuing its quest to make people like Liquid Glass more.

After introducing an ability to tint the Liquid Glass UI in iOS 26.1, the new iOS 26.2 beta gives you even more control over it. There's now a slider that lets you adjust the opacity of the clock on your lock screen. This isn't a huge change, but it should be welcome for people who really, really don't like Liquid Glass.

On Nov. 10, Paramount Skydance announced that Paramount+ would be increasing its prices, effective Jan. 15, 2026. The company will also be getting rid of free trials for new users.

So how much will Paramount+ cost next year, compared to what it already costs? And with multiple tiers to choose from, what exactly will be you getting for your money?

SEE ALSO: How much does Netflix cost per month?

You've come to the right place. Below, we've laid out how much Paramount+ costs per month, as well as what each tier will get you, and how these prices stack up against other streaming services.

How much does Paramount+'s ad-supported tier cost?

Currently, Paramount+ has two tiers: one that comes with ads, and one that doesn't. The ad tier is called Paramount+ Essential, and it now costs $7.99 per month, or $59.99 per year. That means that if you choose to go with the annual plan, you're paying closer to $5 per month, saving almost $36 per year.

Starting Jan. 15, 2026, the monthly price of Paramount+ Essential will go up by $1, making it $8.99 per month. Its new annual price comes out to $89.99 per year. Opting for the annual plan will save you $17.89 per year.

With Paramount+ Essential, you get access to over 40,000 episodes and movies, along with select Showtime series. You can also stream on three devices at once, watch NFL games on CBS, and catch the UEFA Champions League.

SEE ALSO: Stephen Colbert doubles down on Trump/Epstein coverage, takes a shot at Paramount How much does Paramount+'s ad-free tier cost?

Right now, Paramount+ Premium costs $12.99 per month, or $119.99 per year. That means that if you go with the annual plan, you'll be paying closer to $10 per month, saving almost $36 per year.

However, after the price hikes, Paramount+ Premium will cost $13.99 per month, or $139.99 per year. Paying the annual price will save you $27.89 per year.

Paramount+ Premium gives you everything in the Paramount+ Essential tier, without ads (apart from during live TV). You gain access to all of Showtime, as well as the ability to stream CBS live. You're also able to watch titles in 4K, UHD, Dolby Vision, or HDR10, depending on your internet capabilities, as well as download movies and TV shows.

How do Paramount+'s prices stack up against other streaming services?

With all these costs in mind, how do Paramount+'s prices compare to those of other major streaming services? Let's break it down.

At $7.99 per month, Paramount+'s ad-supported tier is the cheapest of the streaming services, along with Peacock and Netflix, whose ad-supported tiers cost the same amount per month. A Prime Video subscription by itself without an Amazon Prime membership costs $8.99 per month, while HBO Max's ad-supported tier costs $10.99 per month. Both Hulu and Disney+'s ad-supported tiers' prices cost $11.99 per month, making them the most expensive of the major streamers.

Paramount+ Premium is also among the cheaper options for ad-free streaming services. Peacock's comes in at $10.99 per month, while Prime Video's is $11.98. Netflix's ad-free tier costs $17.99, while HBO Max's costs $18.49. Once again, Disney+ and Hulu are the most expensive, each coming in at $18.99 per month.

With the 2026 price hikes, Paramount+'s ad-supported tier will become more expensive than those of Peacock and Netflix, but it will still be among the cheaper options. The same goes for its Premium plan, which while still cost more than Peacock and Prime Video's ad-free tiers, but less than HBO Max, Netflix, Disney+, and Hulu's.

UPDATE: Nov. 11, 2025, 9:42 a.m. EST This article has been updated to include information about Paramount+'s price hikes.

It's happened to all of us. You fully charge your smartphone battery because you know you'll be out for the whole day and, somehow, your battery dies. Your smartphone doesn't always run out of charge this quickly, so it can't be solely a battery-related issue. There has to be some other culprit.

Good news, Android users. Google is going to step in and help you find the perpetrators.

Google just announced the launch of a new beta vitals metric for Android app developers that will result in a visible warning in the Google Play store for end users if an app causes excessive battery drain.

Google's new “excessive partial wake locks” metric, co-created by Samsung, aims to deter app developers from creating battery-draining apps while also warning users.

Rapid battery drain is usually the result of third-party apps that use wake locks to prevent smartphones from entering sleep mode in order to run background processes on the device when the screen is off.

Google says excessive wake locks are a “heavy contributor to battery drain.” As such, the company has created a threshold of what is deemed acceptable and unacceptable for apps running in the background.

According to Google, the company "considers a user session excessive if it holds more than 2 cumulative hours of non-exempt wake locks in a 24 hour period." Google has exemptions for apps that offer "clear user benefits" and provides "audio playback or user-initiated data transfer" as examples that would not fall under its bad behavior threshold.

However, the company says the bad behavior threshold for most apps will be crossed "when 5% of an app’s user sessions over the last 28 days are excessive."

When this happens, Google will warn the app developer in their Android vitals overview dashboard.

This is how the Google Play warning label for battery draining apps will be displayed. Credit: Google

If an app developer doesn't deal with their excessive wake locks issue, then it will affect how users see the app. According to Google, apps that cross the bad behavior threshold will receive a warning label in the Google Play store.

"This app may use more battery than expected due to high background activity," reads the notice.

Furthermore, Android users may have trouble finding these apps at all as Google will also make these apps ineligible for some discovery sections in the Google Play store.

This new update from Google seems like a pretty clear win-win. It forces app developers to create better apps and helps preserve users' battery life.

Paramount+ subscribers will be ringing in 2026 with a price increase.

During its Q3 2025 earnings report on Monday, the newly merged Paramount Skydance announced that it would be raising prices on both Paramount+'s ad-supported and ad-free plans, effective Jan. 15, 2026. The company will also be terminating free trials for any new users.

SEE ALSO: How much does Paramount+ cost per month?

The news comes as Paramount CEO David Ellison revealed plans to cut 1,600 employees in South America, in addition to the 1,000 employees already impacted by layoffs in October. It is just the latest in a series of price hikes from major streaming services, including Disney+ and HBO Max.

How much will Paramount+ cost after the price hikes?

Paramount+ currently offers two plans: one with ads and one without. The ad-supported tier, called Paramount+ Essential, currently costs $7.99 per month, or $59.99 per year. On Jan. 15, the monthly cost will go up $1 to become $8.99 per month, while the annual subscription will cost $89.99 per year.

With the annual subscription, Paramount+ subscribers will save $17.89 per year. That's less than half of the savings under the old plan, which came out to $35.89.

Paramount+'s ad-free tier, Paramount+ Premium, will also increase by $1, going from $12.99 per month to $13.99 per month. Come Jan. 15, the annual plan will cost $139.99, as opposed to $119.99. Subscribers who choose the new annual plan will ultimately save $27.89 per year, as opposed to the $35.89 savings under the old plan.

Did you know you can open tabs, click links, scroll through pages, and even navigate menus in Chrome—all using just your keyboard? It’s possible with a simple extension. It took me a bit of time to get used to it, but now I browse Chrome like a pro without ever touching the mouse or touchpad.

With so many power tool brands producing a ton of excellent tools, we have more options than ever these days. And while Ryobi, Milwaukee, DeWALT, and others all offer common tools like drills, drivers, sanders, and saws, Ryobi also manufactures some rather obscure items you may not have been aware of. So, here are five Ryobi tools that you'll probably want to buy once you hear about them.

SAVE 40%: As of Nov. 11, the Lego Christmas Tree (40573) is on sale for $26.99 at Amazon. That's a 40% discount on list price.

Opens in a new window Credit: Lego Lego Christmas Tree (40573) $26.99 at Amazon
$44.99 Save $18.00   Get Deal

I'm already making my holiday gift list, and I'm trying to find something for my nephew that isn't just another video game. This Lego Christmas Tree set is the perfect find — it's a fun holiday project that's way more engaging, and it's on sale for a great price.

SEE ALSO: 10+ best Advent calendars that are on sale right now at Amazon

As of Nov. 11, the Lego Christmas Tree (40573) is on sale for $26.99 at Amazon, down from $44.99. That's a 40% discount that you can secure for a limited time.

What's great about this 784-piece set is that it's a 2-in-1 build. Your giftee can choose to build one large tree that stands over 11 inches tall, or two smaller trees (one nine-inch and one six-inch). It’s a great solo activity, and the finished trees, adorned with ornaments, candles, and a yellow star, make for a festive piece of decor for their room.

Whether it's the nearest floor lamp or an open window, lighting is important to every space in your home. It’s easy to focus on flashy fixtures, but don’t forget about natural light. The windows in your home are a wonderful resource that, depending on your preferences, can be modified to complement your lighting needs (and even style) with the right shades. Shades can even dampen sound and manage room temperature.

Early Black Friday deals aren't anything new—but typically, companies will wait until we're a bit closer to the big shopping holiday to start rolling out their best deals. But NordVPN and Surfshark are bucking this trend, and you can save on their VPNs now. No need to wait until after Thanksgiving!

Timothée Chalamet backspins, backhands, and topspins through 1950s American hustle in the latest trailer for A24's Marty Supreme.

Directed by Josh Safdie, the film sees the Dune/A Complete Unknown star in the titular role, a New York ping pong prodigy based on table tennis icon Marty Reisman. Barely scraping by and under pressure to provide, Marty smashes through underground tournaments and builds his legend (and cash stash) alongside his friend Wally (the film debut of Tyler Okonma aka Tyler, the Creator).

In the trailer, you'll also spy Gwyneth Paltrow as former movie star Kay Stone, who begins an affair with Marty and lays down some home truths about making money in this cold hard world. Marty Supreme also stars Odessa A'zion, Kevin O'Leary, Abel Ferrara, and Fran Drescher.

Marty Supreme hits cinemas Dec. 25.

You want to feel old? The 2013 hit Now You See Me has a third entry in its trilogy, and it’s all about youths versus the "olds." Sure, at its core, this heist franchise still showcases entertaining magicians using their sleight-of-hand skills to Robin Hood ill-gotten gains from the rich to give back to the poor, oppressed, and conned. But this time, the Horsemen (Jesse Eisenberg, Isla Fisher, Dave Franco, and Woody Harrelson) are also riled by (shakes fist from front porch) the youths (Barbie's Ariana Greenblatt, The Holdovers' Dominic Sessa, and I Saw the TV Glow's Justice Smith). 

In a naked attempt to excite Gen Z and Gen Alpha about this franchise that fell fallow after the pitifully named sequel Now You See Me 2 in 2016, Now You See Me: Now You Don't weaves in this trio of new and younger magicians to keep the Horsemen's story fresh. But the execution of this youthful (and clichéd) makeover is awkwardly mixed. 

Now You See Me: Now You Don't sets up a sensational villain in Rosamund Pike. 

Credit: Katalin Vermes / Lionsgate

Now You See Me had Michael Caine bringing his storied snarl to the villainous role of a shady insurance magnate. He came back for the sloppy sequel, with Daniel Radcliffe playing his magic-obsessed, tech-bro nepo baby. Now You See Me: Now You Don't breaks from this corrupt family line to find another, and it’s even more villainous, as their corruption dates back to Nazi gold. 

Rosamund Pike (Gone Girl, Saltburn) brings her regal demeanor and cutting intensity to Veronika Vanderberg, a diamond dealer whose mines exploit workers while her business launders money for war lords, kingpins, and dictators worldwide. Naturally, she needs to be taken down a peg. Who better to do so than the Horsemen, who've already Fast and Furioused their way through a pair of wealthy, reckless villains to worldwide acclaim? There's just one problem: The Horsemen split up. So, Danny Atlas (Eisenberg) is teaming with a trio of Bushwick squatters for help. 

An opening sequence introduces this dynamic team (and a couple of celebrity impressions): Bosco (Sessa); an agile pickpocket with a flair for parkour named June (Greenblatt); and Charlie (Smith) a foster kid who shuns the spotlight but loves designing the high-tech hologram illusions. Together with Atlas, they'll chase down the priceless Heart Diamond to make the world a less economically extreme place. And yeah, along the way, they'll pick up a Horsemen (or four). 

Now You See Me: Now You Don't feels dated from the start. 

Credit: Katalin Vermes / Lionsgate

Want to show these kids are anti-establishment and ready for action? Cue June parkouring up the outside of a shuttered Bushwick factory to allow her brothers in magic entry to their secret lair. After ripping off smug crypto bros, Bosco will level Atlas-level snark at the man himself as he spills out his team’s backstories, which include fixing the world the "olds" broke. Between Bosco and Atlas, there's a sense that Now You See Me: Now You Don't might be attempting to pass the torch to the next generation of Horsemen. However, this kind of move has previously failed, in Mission: Impossible (sorry, Jeremy Renner), Indiana Jones (tough stuff, Shia LaBeouf), and Jurassic World (oof, Chris Pratt). 

Whatever the end game for these newcomers, Now You See Me: Now You Don't too often uses them to make tedious jokes about getting older and being vexed about slang and trends. Harrelson is subjected to most of the heavy lifting on this point, misusing Gen Z slang in a very news-anchor-capitalizing-on-6-7 way, or scoffing over the very idea of an alcoholic seltzer beverage. (As if Zima wasn't a whole thing long before these kids were born). 

Such lame attempts at generational conflict might be intended to create tension, or to explore the Horsemen's fear that they're (to steal from Lethal Weapon) "too old for this shit." But mostly, it's used as an excuse to not bother building out the younger characters in a compelling way. They are defined not so much by who they are, but how they compare to the Horsemen in craft, charisma, and tragic backstory. 

Now You See Me: Now You Don't is a jumble, not a puzzle. 

Credit: Katalin Vermes / Lionsgate

Bouncing between eight or so main characters, this sequel is so overcrowded with plot that exposition dumps are happening more often than the magic tricks. Those tricks, which make use of camera tricks and much, much CGI, are fleeting fun. But the bigger mystery is hardly a mystery at all. I'm sorry to say, I cracked the big twist about a third of the way through the film, despite all the jet-setting, disguises, subterfuge, and razzle-dazzle. 

Don’t miss out on our latest stories: Add Mashable as a trusted news source in Google.

The script is so overcrowded that it feels like it was written by committee. And indeed it was. The screenplay credits Seth Grahame-Smith (Pride and Prejudice and Zombies), Michael Lesslie (The Hunger Games: The Ballad of Songbirds & Snakes), and the Deadpool writing team of Paul Wernick and Rhett Reese. These different styles don't blend together like they might in a Horseman magic show; they collide to construct a sequel that is frustratingly expected. These screenwriters pull plot twists from the previous two films and stunt spectacles from 1951's Royal Wedding's ceiling dance (though some might credit its descendant action scene in Inception). Plot holes are littered throughout, while the big twist is telegraphed way too soon. So, even if the cast — new and returning — gives their all, the big finale feels like a letdown. 

Still, it's fun to see the Horsemen team up again. Wounded by Atlas' updated backstory, Eisenberg brings an edge of hurt into his cocky persona that plays well against the brashness of Bosco. Harrelson is ever the game jokester, even when the jokes he's given are achingly weak. Franco still crackles as a card-flinging con man, while Fisher is earnest and elegant — even revisiting the notoriously dangerous stunt from the first film. And without giving away cameos, there's more fun from other deeply weird and charismatic cohorts to be had too. 

Credit: Katalin Vermes / Lionsgate

To the credit of the new additions, Sessa, Smith, and Greenblatt stand up well, not only to the cozy ensemble from the previous films, but also to Pike, who plays her villainous Veronica like a snake with a vicious smile. Sure, these roles are achingly underwritten. But Sessa leans into swagger, which should serve him well in the Anthony Bourdain biopic Tony, which he's tackling next. Greenblatt brings moxie, as she did to Barbie and Borderlands. But it's Smith, who's shown a terrific range across movies like I Saw the TV Glow, Dungeons and Dragons: Honor Among Thieves, and Pokémon: Detective Pikachu, who truly shines, offering a fresh showcase of his abilities as he plays comedy, drama, and even gives some well-timed smolder. 

Frankly, the star power of this movie alone might be enough for Now You See Me fans hungry for more hijinks and hilarity. That this sequel does nothing all that new or even surprising might not be a glitch, but a feature. Why challenge an audience when you can wrap them within the warm certainty that no matter how twisted economic equality is making the world for everyday men and Horsemen, a scrappy group of clever individuals can pull together to save the day. It's an attractive premise. And like the Fast and Furious franchise, Now You See Me; Now You Don't runs even more into superhero territory by creating impossible stunts and impossible outcomes. That's the joy of these films for sure. It's just a shame this one doesn't aim to shock and awe us with anything new or even challenging. 

Now You See Me: Now You Don't opens in theaters on Nov. 14. 

The huge amount of notes you've collected can feel like a massive mountain you just can't climb. You might be staring at hundreds, maybe even thousands, of those little digital sticky notes. Each one could be holding some vital piece of info, or maybe it’s just digital clutter. It’s not fun thinking of perfectly organizing what’s left, but there is another solution.