Blogroll

Samsung just announced its new Vision AI Companion platform. This is transforming the familiar TV screens from passive viewing devices into a connected, conversational hub for the entire household. Users will be able to communicate with their televisions with just conversational dialogue.

TL;DR: Veterans, military service members, and military spouses can enjoy a free Starbucks coffee on Veterans Day 2025 (Nov. 11).

Opens in a new window Credit: Starbucks Starbucks Veterans Day 2025   Learn More

Starbucks are honoring veterans, military service members, and military spouses with a tall (12 fl oz) hot or iced brewed coffee on Veterans Day. This special offer is valid at participating stores on Nov. 11. You can find your nearest participating store here.

Before you set off in search of your free drink, it's worth noting that cold brew, nitro, and customizations are excluded from this promotion. You're also limited to one drink per customer. This isn't a never-ending supply of caffeine, folks.

SEE ALSO: Starbucks Red Cup Day nears: When, how to get your free cup

This isn't the first time that Starbucks has supported the military community. Since 2013, Starbucks has worked alongside more than 40,000 veterans and military spouses in its cafés. Starbucks also supports the Wounded Warrior Project and the USO by donating $200,000 divided evenly between both organizations.

What better way to celebrate Veterans Day? Score your free tall hot or iced brewed coffee at Starbucks.

Google is warning users to stay alert this month as scammers step up operations across job sites, app stores and shopping platforms.

In a Nov. 6 advisory, Google’s Trust and Safety team said it’s tracking a rise in sophisticated scams — many powered by AI — that target job seekers, small businesses and holiday shoppers. Here’s what to watch for:

Fake job postings

Fraudsters impersonate real employers and demand upfront "training" or "processing" fees. Some scams use fake interviews to steal banking or ID info. Google advises applying only through verified company websites.

Review extortion

Businesses are being "review-bombed" with fake one-star reviews, followed by ransom demands to stop the attacks. Google is introducing tools that enable merchants to report these cases directly.

AI impersonation scams

Scammers are using hype around AI to push fake "free" versions of tools or apps that actually install malware or steal credentials. The best advice is to only download from official app stores or domains.

Malicious VPN apps

Scam VPNs disguised as trusted brands are spreading on social media and third-party sites. They often request excessive permissions or deliver spyware.

Fraud recovery scams

Scammers pose as investigators or government agencies, promising to recover stolen funds for an upfront fee. Legitimate entities never charge to start a case.

Holiday shopping scams

With Black Friday and Cyber Monday approaching, fake storefronts and phishing texts are on the rise. Avoid "too good to be true" deals and unexpected delivery notices.

Google Photos is not only a good way to look at the photos you've saved online, but it's also a solid app for making quick edits to your photos. Now, Google Photos is getting a few AI-infused features that you might actually find yourself using a lot.

I love scouring Facebook Marketplace for a used bargain. Local sellers seem happy to list items at reasonable prices in order to encourage a sale, and I don’t have to worry about delivery costs or bumps in the mail. It’s also nice to inspect in person, before you buy.

Introduction

Large language models (LLMs) are now widely used for automated code generation across software engineering tasks. However, this powerful capability in code generation also introduces security concerns. Code generation systems could be misused for harmful purposes, such as generating malicious code. It could also produce bias-filled code reflecting underlying logic that is discriminatory or unethical. Additionally, even when completing benign tasks, LLMs may inadvertently produce vulnerable code that contains security flaws (e.g., injection risks, unsafe input handling). These unsafe outcomes undermine the trustworthiness of code generation models and pose threats to the broader software ecosystem, where safety and reliability are critical.

Many studies have explored red teaming code LLMs, testing whether the models can reject unsafe requests and whether their generated code exhibits insecure patterns. For more details, see our earlier MSR blog post on RedCodeAgent. While red teaming has significantly improved our understanding of model failure modes, progress on blue teaming—i.e., developing effective defensive mechanisms to detect and prevent such failures—remains relatively limited. Current blue teaming approaches face several challenges: (1) Poor alignment with security concepts: additional safety prompts struggle to help models understand high-level notions, such as what constitutes a malicious or bias instruction, and typically lack actionable principles to guide safe decision-making. A case study is shown in Figure 1. (2) Over-conservatism: especially in the domain of vulnerable code detection, models tend to misclassify safe code as unsafe, leading to more false positives and reduced developer trust. (3) Incomplete risk coverage: without a strong knowledge foundation, models perform poorly when dealing with subtle or previously unseen risks.   

To address these challenges, researchers from the University of Chicago, University of California, Santa Barbara, University of Illinois Urbana–Champaign, VirtueAI, and Microsoft Research recently released a paper: BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI. This work makes the following key contributions: 

1. Diverse red-teaming pipeline: The authors design a comprehensive red-teaming process that integrates multiple strategies to synthesize diverse red-teaming data for effective knowledge accumulation.
2. Knowledge-enhanced blue teaming: Building on the foundation of red-teaming knowledge, BlueCodeAgent significantly improves blue-teaming performance by leveraging constitutions derived from knowledge and dynamic testing. 
3. Principled-Level Defense and Nuanced-Level analysis: The authors propose two complementary strategies—Principled-Level Defense (via constitutions) and Nuanced-Level Analysis (via dynamic testing)—and demonstrate their synergistic effects in vulnerable code detection tasks. 
4. Generalization to seen and unseen risks: Empowered by comprehensive red-teaming knowledge, BlueCodeAgent generalizes effectively to unseen risks. Overall, BlueCodeAgent achieves an average 12.7% improvement in F1 score across four datasets and three tasks, attributed to its ability to distill actionable constitutions that enhance context-aware risk detection. 

Figure 1. A case study of BlueCodeAgent on the bias instruction detection task. Even when concepts such as “biased” are explicitly included in additional safety prompts, models often fail to recognize biased requests (left). BlueCodeAgent (right) addresses this gap by summarizing constitutions from knowledge and applying concrete, actionable constraints benefited from red teaming to improve the defense. A blue teaming agent enabled by red teaming Figure 2: Overview of BlueCodeAgent, an end-to-end blue teaming framework powered by automated red teaming for code security. By integrating knowledge derived from diverse red teaming and conducting dynamic sandbox-based testing, BlueCodeAgent substantially strengthens the defensive capabilities beyond static LLM analysis.

Figure 2 presents an overview of the pipeline. The framework unifies both sides of the process: red teaming generates diverse risky cases and behaviors, which are then distilled into actionable constitutions that encode safety rules on the blue-teaming side. These constitutions guide BlueCodeAgent to more effectively detect unsafe textual inputs and code outputs, mitigating limitations such as poor alignment with abstract security concepts. 

This work targets three major risk categories, covering both input/textual-level risks—including biased and malicious instructions—and output/code-level risks, where models may generate vulnerable code. These categories represent risks that have been widely studied in prior research. 

Diverse red-teaming process for knowledge accumulation 

Since different tasks require distinct attack strategies, the red-teaming employs multiple attack methods to generate realistic and diverse data. Specifically, the red-teaming process is divided into three categories:

1. Policy-based instance generation: To synthesize policy-grounded red-teaming data, diverse security and ethical policies are first collected. These high-level principles are then used to prompt an uncensored model to generate instances that intentionally violate the specified policies.
2. Seed-based adversarial prompt optimization: Existing adversarial instructions are often overly simplistic and easily rejected by models. To overcome this limitation, an adaptive red-teaming agent invokes various jailbreak tools to iteratively refine initial seed prompts until the prompts achieve high attack success rates.
3. Knowledge-driven vulnerability generation: To synthesize both vulnerable and safe code samples under realistic programming scenarios, domain knowledge of common software weaknesses (CWE) is leveraged to generate diverse code examples.

Knowledge-enhanced blue teaming agent 

After accumulating red-teaming knowledge data, BlueCodeAgent set up Principled-Level Defense via Constitution Construction and Nuanced-Level Analysis via Dynamic Testing.

1. Principled-Level Defense via Constitution Construction 
   Based on the most relevant knowledge data, BlueCodeAgent summarizes red-teamed knowledge into actionable constitutions—explicit rules and principles distilled from prior attack data. These constitutions serve as normative guidelines, enabling the model to stay aligned with ethical and security principles even when confronted with novel or unseen adversarial inputs. 
2. Nuanced-Level Analysis via Dynamic Testing 
   In vulnerable code detection, BlueCodeAgent augments static reasoning with dynamic sandbox-based analysis, executing generated code within isolated Docker environments to verify whether the model-reported vulnerabilities manifest as actual unsafe behaviors. This dynamic validation effectively mitigates the model’s tendency toward over-conservatism, where benign code is mistakenly flagged as vulnerable. 

Spotlight: AI-POWERED EXPERIENCE

Microsoft research copilot experience

Discover more about research at Microsoft through our AI-powered experience

Start now Opens in a new tab Insights from BlueCodeAgent  BlueCodeAgent outperforms prompting baselines 

As shown in Figure 3, BlueCodeAgent significantly outperforms other baselines. Several findings are highlighted. 

(1) Even when test categories differ from knowledge categories to simulate unseen scenarios, BlueCodeAgent effectively leverages previously seen risks to handle unseen ones, benefiting from its knowledge-enhanced safety reasoning. 

(2) BlueCodeAgent is model-agnostic, working consistently across diverse base LLMs, including both open-source and commercial models. Its F1 scores for bias and malicious instruction detection approach 1.0, highlighting strong effectiveness. 

(3) BlueCodeAgent achieves a strong balance between safety and usability. It accurately identifies unsafe inputs while maintaining a reasonable false-positive rate on benign ones, resulting in a consistently high F1 score. 

(4) By contrast, prompting with general or fine-grained safety reminders remains insufficient for effective blue teaming, as models struggle to internalize abstract safety concepts and apply them to unseen risky scenarios. BlueCodeAgent bridges this gap by distilling actionable constitutions from knowledge, using concrete and interpretable safety constraints to enhance model alignment. 

Figure 3: F1 scores on bias instruction detection task (BlueCodeEval-Bias) in the first row and on malicious instruction detection task (BlueCodeEval-Mal) in the second row.  Complementary effects of constitutions and dynamic testing 

In vulnerability detection tasks, models tend to behave conservatively—an effect also noted in prior research. They are often more likely to flag code as unsafe rather than safe. This bias is understandable: confirming that code is completely free from vulnerabilities is generally harder than spotting a potential issue. 

To mitigate this over-conservatism, BlueCodeAgent integrates dynamic testing into its analysis pipeline. When BlueCodeAgent identifies a potential vulnerability, it triggers a reliable model (Claude-3.7-Sonnet-20250219) to generate test cases and corresponding executable code that embeds the suspicious snippet. These test cases are then run in a controlled environment to verify whether the vulnerability actually manifests. The final judgment combines the LLM’s analysis of the static code, the generated test code, run-time execution results, and constitutions derived from knowledge. 

Researchers find the two components—constitutions and dynamic testing—play complementary roles. Constitutions expand the model’s understanding of risk, increasing true positives (TP) and reducing false negatives (FN). Dynamic testing, on the other hand, focuses on reducing false positives (FP) by validating whether predicted vulnerabilities can truly be triggered at run-time. Together, they make BlueCodeAgent both more accurate and more reliable in blue-teaming scenarios. 

Summary 

BlueCodeAgent introduces an end-to-end blue-teaming framework designed to address risks in code generation. The key insight behind BlueCodeAgent is that comprehensive red-teaming can greatly strengthen blue-teaming defenses. Based on this idea, the framework first builds a red-teaming process with diverse strategies for generating red-teaming data. It then constructs a blue-teaming agent that retrieves relevant examples from the red-teaming knowledge base and summarizes safety constitutions to guide LLMs in making accurate defensive decisions. A dynamic testing component is further added to reduce false positives in vulnerability detection. 

Looking ahead, several directions hold promise.  

First, it is valuable to explore the generalization of BlueCodeAgent to other categories of code-generation risks beyond bias, malicious code, and vulnerable code. This may require designing and integrating novel red-teaming strategies into BlueCodeAgent and creating corresponding benchmarks for new risks.  

Second, scaling BlueCodeAgent to the file and repository levels could further enhance its real-world utility, which requires equipping agents with more advanced context retrieval tools and memory components.  

Finally, beyond code generation, it is also important to extend BlueCodeAgent to mitigate risks in other modalities, including text, image, video, and audio, as well as in multimodal applications. 

Opens in a new tab

The post BlueCodeAgent: A blue teaming agent enabled by automated red teaming for CodeGen AI appeared first on Microsoft Research.

Advent calendars are one of the most coveted gifts of the season. The catch is that they're one of the only gifts that has to be given at the beginning of December to follow proper daily opening rules, which cuts several weeks off of your possible shopping time. Naturally, everyone's scrambling — so when Amazon drops some limited-inventory Advent calendar deals ahead of Black Friday, you'd be wise to jump on them.

SEE ALSO: Best gifts under $50 that are great for absolutely everyone

As of Nov. 11, we've found a really fun variety of Advent calendars (outside of the classic Lego sets that always sell out). Themes include Mini Brands, Bluey, Hello Kitty, and several Disney Funko Pop! options. Some are flash deals with limited inventory, so if you see one still in stock and on sale, grab it.

Opens in a new window Credit: Mini Brands Mini Brands Kawaii Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: Mini Brands Mini Brands Books Advent calendar $24.99 at Amazon
$34.99 Save $10.00   Get Deal Opens in a new window Credit: MEGA Mega Pokémon holiday calendar building toys set $21.49 at Amazon
$24.97 Save $3.48   Get Deal Opens in a new window Credit: National Geographic National Geographic Gemstone Advent calendar $20.49 at Amazon
$29.99 Save $9.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Marvel Comics $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Disney Princess $29.49
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Bitty Countdown Calendar: Stitch Holiday $29.49 at Amazon
$34.99 Save $5.50   Get Deal Opens in a new window Credit: Funko Funko Pop! Advent calendar: Disney Mystery Box $39.99 at Amazon
$49.99 Save $10   Get Deal Opens in a new window Credit: BLDR BLDR Hello Kitty and Friends Advent calendar building toy set $23.99 at Amazon
$39.99 Save $16.00   Get Deal Opens in a new window Credit: Jazwares Hello Kitty and Friends Advent calendar $26.99 at Amazon
$44.99 Save $18.00   Get Deal Opens in a new window Credit: Bluey Bluey Advent calendar $18.76 at Amazon
$24.99 Save $6.23   Get Deal Opens in a new window Credit: Penguin Young Readers Bluey: Awesome Advent Calendar Book Bundle $19.60 at Amazon
$29.99 Save $10.39   Get Deal

It's about to get a little bit more difficult to ace your sleep score on the Apple Watch.

According to 9 to 5 Mac, watchOS 26.2 is updating its sleep score to be more accurate. Currently, your sleep score is based off of three categories: duration (worth 50 points), bedtime (worth 30 points), and interruptions (worth 20 points). Then, you're given one of five scores: very low (0-29), low (30-49), OK (50-69), high (70-89), or excellent (90-100). That "excellent" score will soon be no more.

SEE ALSO: I tested the top fitness trackers for running a marathon (by running the NYC marathon)

Apple is changing the new sleep scores by eliminating the score "excellent" and replacing that with "very high." It is also easier to get a very low score and more difficult to get that very high score. According to 9 to 5 Mac, very low will now be 0-40 points, low will be 41-60 points, OK will be 61-80 points, high will be 81-95 points, and very high will be 96 to 100 points.

In general, I've found that the Apple Watch overestimates my quality of sleep, so I see this change as a good thing. For example, last night I slept for seven hours and 16 minutes and went to bed around 10:30, which earned me a 47/50 for duration, a 30/30 on bedtime, and a 16/20 on interruptions (I have a chatty cat). In total, that was a 93 — an "Excellent." In comparison, my WHOOP MG 4.0 gave me an 87 percent sleep performance score, based on sleep duration vs. need, consistency, efficiency, and stress.

Tesla has launched a rental program letting customers drive one of its cars for three to seven days starting at just $60 per day, plus taxes and fees. The deal comes with perks like unlimited mileage, free Supercharging, and access to Full Self-Driving (Supervised) while you’re behind the wheel.

Google’s Gemini for Home voice assistant is officially two weeks into its rollout, and early reactions from users suggest it’s already changing how people talk to their smart homes.

A Nov. 11 update on the Google Nest Community blog said the Gemini for Home team has been collecting feedback "across support channels, social media, in-app feedback, and the community itself." The post claims users have praised the Gemini upgrade for making Google Home "actually useful beyond asking for today’s weather" and called it a "massive improvement" over the old Google Assistant.

The biggest question, however, remains: when will everyone get it? Google said the Gemini for Home rollout is still limited to U.S. users but will expand to other regions starting in early 2026. The company advised users to make sure their home address is current in the Google Home app.

Google also clarified confusion for people managing multiple homes. Gemini for Home is enabled at the Home level, not per account — meaning an upgrade in one household doesn’t automatically apply to others linked to the same user.

The post noted updates to the FAQ page addressing early-access questions, including troubleshooting, and how to submit feedback directly by saying, "Hey Google, send feedback."

Google said its teams are investigating reported issues and iterating quickly. Future progress updates will be posted on the company’s "Things to Know" blog.

"Your feedback is critical to helping us improve," the post said. "Please keep it coming."

Gmail continues to improve over time, which is good news, considering it's one of the most popular email services around, and it's about to get even better. Last month, news began to surface that Google was planning to add a few new filters and labels to help with organization. And now, right in time for the holiday season, two new labels are almost here to make life easier.

Hybrid cars used to take a hit on resale compared to gas-powered rides, but lately they’re holding their value better thanks to improved reliability and growing familiarity with American buyers. Rising fuel costs have pushed these efficient models into higher demand.

Apple has a new iOS beta out now for your perusal.

Specifically, the beta for iOS 26.2 is out now for iPhone users. As the second update to iOS 26, it doesn't seem like it's going to be especially transformative or revolutionary. But, the fine folks at places like 9to5Mac have dug into iOS 26.2 and come back with information about the biggest new features you can expect when the update drops in the near-ish future.

SEE ALSO: iOS 26.2, macOS 26.2, and iPadOS 26.2 betas are here: How to download iOS 26.2 beta: The biggest new features

Here's what you can expect from iOS 26.2.

Changes to Apple Podcasts

As I said, iOS 26.2 isn't a huge update. Many of the changes are minor updates to apps and whatnot, starting with Apple Podcasts.

Specifically, podcasts will now have AI-generated chapters with timestamps. Podcast creators are free to make their own chapters that will override the AI-generated ones, but if they don't feel like doing that, you'll at least have something to use as a guide for when to avoid spoiler discussions about a movie you haven't seen yet. There's also a new "Podcast Mentions" feature that will link to other podcasts that are mentioned in the one you're listening to.

Sleep Score adjustments

Interestingly, Apple decided to refine the Apple Watch Sleep Score system. Here are the new score classifications, with the previous ones in parenthesis:

• Very Low: 0-40 (was 0-29 before)

• Low: 41-60 (was 30-49 before)

• OK: 61-80 (was 50-69 before)

• High: 81-95 (was 70-89 before)

• Excellent: 96-100 (was 90-100 before)

In other words, it's a little less forgiving than it used to be.

Apple News redesign

Apple also made some UI changes to the Apple News app. For instance, the "Today" screen now has easy-access buttons for food, puzzles, politics, and sports, so you don't have to seek those out yourself. There's also a new "Following" tab that will surface stories you've saved and things you've favorited.

Liquid Glass lock screen customization

Lastly, Apple is continuing its quest to make people like Liquid Glass more.

After introducing an ability to tint the Liquid Glass UI in iOS 26.1, the new iOS 26.2 beta gives you even more control over it. There's now a slider that lets you adjust the opacity of the clock on your lock screen. This isn't a huge change, but it should be welcome for people who really, really don't like Liquid Glass.

It's happened to all of us. You fully charge your smartphone battery because you know you'll be out for the whole day and, somehow, your battery dies. Your smartphone doesn't always run out of charge this quickly, so it can't be solely a battery-related issue. There has to be some other culprit.

Good news, Android users. Google is going to step in and help you find the perpetrators.

Google just announced the launch of a new beta vitals metric for Android app developers that will result in a visible warning in the Google Play store for end users if an app causes excessive battery drain.

Google's new “excessive partial wake locks” metric, co-created by Samsung, aims to deter app developers from creating battery-draining apps while also warning users.

Rapid battery drain is usually the result of third-party apps that use wake locks to prevent smartphones from entering sleep mode in order to run background processes on the device when the screen is off.

Google says excessive wake locks are a “heavy contributor to battery drain.” As such, the company has created a threshold of what is deemed acceptable and unacceptable for apps running in the background.

According to Google, the company "considers a user session excessive if it holds more than 2 cumulative hours of non-exempt wake locks in a 24 hour period." Google has exemptions for apps that offer "clear user benefits" and provides "audio playback or user-initiated data transfer" as examples that would not fall under its bad behavior threshold.

However, the company says the bad behavior threshold for most apps will be crossed "when 5% of an app’s user sessions over the last 28 days are excessive."

When this happens, Google will warn the app developer in their Android vitals overview dashboard.

This is how the Google Play warning label for battery draining apps will be displayed. Credit: Google

If an app developer doesn't deal with their excessive wake locks issue, then it will affect how users see the app. According to Google, apps that cross the bad behavior threshold will receive a warning label in the Google Play store.

"This app may use more battery than expected due to high background activity," reads the notice.

Furthermore, Android users may have trouble finding these apps at all as Google will also make these apps ineligible for some discovery sections in the Google Play store.

This new update from Google seems like a pretty clear win-win. It forces app developers to create better apps and helps preserve users' battery life.

Paramount+ subscribers will be ringing in 2026 with a price increase.

During its Q3 2025 earnings report on Monday, the newly merged Paramount Skydance announced that it would be raising prices on both Paramount+'s ad-supported and ad-free plans, effective Jan. 15, 2026. The company will also be terminating free trials for any new users.

SEE ALSO: How much does Paramount+ cost per month?

The news comes as Paramount CEO David Ellison revealed plans to cut 1,600 employees in South America, in addition to the 1,000 employees already impacted by layoffs in October. It is just the latest in a series of price hikes from major streaming services, including Disney+ and HBO Max.

How much will Paramount+ cost after the price hikes?

Paramount+ currently offers two plans: one with ads and one without. The ad-supported tier, called Paramount+ Essential, currently costs $7.99 per month, or $59.99 per year. On Jan. 15, the monthly cost will go up $1 to become $8.99 per month, while the annual subscription will cost $89.99 per year.

With the annual subscription, Paramount+ subscribers will save $17.89 per year. That's less than half of the savings under the old plan, which came out to $35.89.

Paramount+'s ad-free tier, Paramount+ Premium, will also increase by $1, going from $12.99 per month to $13.99 per month. Come Jan. 15, the annual plan will cost $139.99, as opposed to $119.99. Subscribers who choose the new annual plan will ultimately save $27.89 per year, as opposed to the $35.89 savings under the old plan.

Did you know you can open tabs, click links, scroll through pages, and even navigate menus in Chrome—all using just your keyboard? It’s possible with a simple extension. It took me a bit of time to get used to it, but now I browse Chrome like a pro without ever touching the mouse or touchpad.

With so many power tool brands producing a ton of excellent tools, we have more options than ever these days. And while Ryobi, Milwaukee, DeWALT, and others all offer common tools like drills, drivers, sanders, and saws, Ryobi also manufactures some rather obscure items you may not have been aware of. So, here are five Ryobi tools that you'll probably want to buy once you hear about them.

SAVE 40%: As of Nov. 11, the Lego Christmas Tree (40573) is on sale for $26.99 at Amazon. That's a 40% discount on list price.

Opens in a new window Credit: Lego Lego Christmas Tree (40573) $26.99 at Amazon
$44.99 Save $18.00   Get Deal

I'm already making my holiday gift list, and I'm trying to find something for my nephew that isn't just another video game. This Lego Christmas Tree set is the perfect find — it's a fun holiday project that's way more engaging, and it's on sale for a great price.

SEE ALSO: 10+ best Advent calendars that are on sale right now at Amazon

As of Nov. 11, the Lego Christmas Tree (40573) is on sale for $26.99 at Amazon, down from $44.99. That's a 40% discount that you can secure for a limited time.

What's great about this 784-piece set is that it's a 2-in-1 build. Your giftee can choose to build one large tree that stands over 11 inches tall, or two smaller trees (one nine-inch and one six-inch). It’s a great solo activity, and the finished trees, adorned with ornaments, candles, and a yellow star, make for a festive piece of decor for their room.

Whether it's the nearest floor lamp or an open window, lighting is important to every space in your home. It’s easy to focus on flashy fixtures, but don’t forget about natural light. The windows in your home are a wonderful resource that, depending on your preferences, can be modified to complement your lighting needs (and even style) with the right shades. Shades can even dampen sound and manage room temperature.

Early Black Friday deals aren't anything new—but typically, companies will wait until we're a bit closer to the big shopping holiday to start rolling out their best deals. But NordVPN and Surfshark are bucking this trend, and you can save on their VPNs now. No need to wait until after Thanksgiving!