Posts with «personal finance - career & education» label

Yale unveils its first retrofit smartlock and keypad

Yale is making it easier to go key-free with a smart lock system that can be retrofitted onto most existing deadbolts. You won't need to replace existing hardware with the Yale Approach Lock with Wi-Fi. It's an interior-only smart lock that Yale says takes just 10 minutes or so to install and you'll only need a screwdriver to help you get the job done. It also has a fairly slim profile as it will sit just 1.6 inches off the door.

Once the smart lock is installed, you'll be able to use features like Auto-Lock and Auto-Unlock. If you're away from home and want to let in a friend to water the plants or check on your pets, you can unlock the door remotely via the Yale Access app. What's more, the Yale Approach is renter-friendly. It sits on the back of most standard deadbolts and you (and your landlord) can keep using the same keys. In addition, Yale Approach works with Amazon Alexa, Google Home, Philips Hue and Samsung SmartThings. Matter support will be added later.

Also new is the Yale Keypad, which is compatible with the Yale Approach, several of the company's other products and many August smart locks. Using the one-touch locking feature, you can lock the door and unlock it with a personalized code. You can provide guests with unique access codes. The backlit keypad is also IPX5-rated for weather resistance and you can place it anywhere within the lock's Bluetooth range. Yale plans to release a version later this year that will let you unlock the door with your fingerprint.

Both items are available now in the US from Yale's and August's websites. The Yale Approach, which is available in black suede or silver, costs $130, while the Yale Keypad is $70. A bundle is available for $180. The devices will hit Amazon and other retailers soon. They'll also be available in Canada through Amazon.

This article originally appeared on Engadget at

The UK moves another step closer to banning phones in schools

Mobile phone ownership has become standard for people of most ages, and, while there's a convenience argument, experts and regulators alike have expressed concerns about children's well-being and distraction while learning. To that end, the UK government has become the latest to announce guidance for banning the use of phones during school. It follows other European countries like France and Italy, which prohibit phones in classrooms. 

Some schools in the UK already have no-phone policies in place, but these guidelines could bring widespread adoption and uniformity. "This is about achieving clarity and consistency in practice, backing headteachers and leaders and giving staff confidence to act," Gillian Keegan, the UK's secretary of state for education, said in a release. "Today's children are growing up in an increasingly complex world, living their lives on and offline. This presents many exciting opportunities – but also challenges. By prohibiting mobile phones, schools can create safe and calm environments free from distraction so all pupils can receive the education they deserve."

While the UK government encourages schools to create their own policies, it outlines a few overarching options. The first — and most extreme — is a complete ban on mobile phones from school premises. However, the guidance acknowledges that this could create complications or risks for children when traveling to and from school. The next option takes care of that problem while still taking phones away. It suggests having students hand in their phones when arriving at school.

Then there's the locker route, where phones are kept strictly in students' lockers or whatever personal storage they get at school. While this allows students to keep possession of their device, it still wouldn't be usable at any point in the day, even when accessing the locker during breaks. The final option aligns with what many schools do — let students keep their phones in their bags, but they should be turned off and never accessed. 

The guidance also recommends teaching students about the mobile phone's potentially harmful impact on young people. Study after study has found that social media, in particular, can negatively impact young people's mental health. The UK government argues that, in addition to combating the social media issue, restricting phone use can increase students' concentration, time being active and spending time with peers face-to-face. 

Parents are encouraged to contact the school directly rather than through a private phone if they need to get in touch with their child. The guidance also encourages parents to discuss the rules at home and, once again, the risks of phones and the internet.

This article originally appeared on Engadget at

How security experts unravel ransomware

Hackers use ransomware to go after every industry, charging as much money as they can to return access to a victim's files. It’s a lucrative business to be in. In the first six months of 2023, ransomware gangs bilked $449 million from their targets, even though most governments advise against paying ransoms. Increasingly, security professionals are coming together with law enforcement to provide free decryption tools — freeing locked files and eliminating the temptation for victims to pony up.

There are a couple main ways that ransomware decryptors go about coming up with tools: reverse engineering for mistakes, working with law enforcement and gathering publicly available encryption keys. The length of the process varies depending on how complex the code is, but it usually requires information on the encrypted files, unencrypted versions of the files and server information from the hacking group. “Just having the output encrypted file is usually useless. You need the sample itself, the executable file,” said Jakub Kroustek, malware research director at antivirus business Avast. It’s not easy, but does pay dividends to the impacted victims when it works.

First, we have to understand how encryption works. For a very basic example, let's say a piece of data might have started as a cognizable sentence, but appears like "J qsfgfs dbut up epht" once it's been encrypted. If we know that one of the unencrypted words in "J qsfgfs dbut up epht" is supposed to be "cats," we can start to determine what pattern was applied to the original text to get the encrypted result. In this case, it's just the standard English alphabet with each letter moved forward one place: A becomes B, B becomes C, and "I prefer cats to dogs" becomes the string of nonsense above. It’s much more complex for the sorts of encryption used by ransomware gangs, but the principle remains the same. The pattern of encryption is also known as the 'key', and by deducing the key, researchers can create a tool that can decrypt the files.

Some forms of encryption, like the Advanced Encryption Standard of 128, 192 or 256 bit keys, are virtually unbreakable. At its most advanced level, bits of unencrypted "plaintext" data, divided into chunks called "blocks," are put through 14 rounds of transformation, and then output in their encrypted — or "ciphertext" — form. “We don’t have the quantum computing technology yet that can break encryption technology,” said Jon Clay, vice president of threat intelligence at security software company Trend Micro. But luckily for victims, hackers don’t always use strong methods like AES to encrypt files.

While some cryptographic schemes are virtually uncrackable it’s a difficult science to perfect, and inexperienced hackers will likely make mistakes. If the hackers don’t apply a standard scheme, like AES, and instead opt to build their own, the researchers can then dig around for errors. Why would they do this? Mostly ego. “They want to do something themselves because they like it or they think it's better for speed purposes,” Jornt van der Wiel, a cybersecurity researcher at Kaspersky, said.

For example, here’s how Kaspersky decrypted the Yanluowang ransomware strain. It was a targeted strain aimed at specific companies, with an unknown list of victims. Yanluowang used the Sosemanuk stream cipher to encrypt data: a free-for-use process that encrypts the plaintext file one digit at a time. Then, it encrypted the key using an RSA algorithm, another type of encryption standard. But there was a flaw in the pattern. The researchers were able to compare the plaintext to the encrypted version, as explained above, and reverse engineer a decryption tool now made available for free. In fact, there are tons that have already been cracked by the No More Ransom project.

Ransomware decryptors will use their knowledge of software engineering and cryptography to get the ransomware key and, from there, create a decryption tool, according to Kroustek. More advanced cryptographic processes may require either brute forcing, or making educated guesses based on the information available. Sometimes hackers use a pseudo-random number generator to create the key. A true RNG will be random, duh, but that means it won’t be easily predicted. A pseudo-RNG, as explained by van der Wiel, may rely on an existing pattern in order to appear random when it's actually not — the pattern might be based on the time it was created, for example. If researchers know a portion of that, they can try different time values until they deduce the key.

But getting that key often relies on working with law enforcement to get more information about how the hacking groups work. If researchers are able to get the hacker’s IP address, they can request the local police to seize servers and get a memory dump of their contents. Or, if hackers have used a proxy server to obscure their location, police might use traffic analyzers like NetFlow to determine where the traffic goes and get the information from there, according to van der Wiel. The Budapest Convention on Cybercrime makes this possible across international borders because it lets police request an image of a server in another country urgently while they wait for the official request to go through.

The server provides information on the hacker’s activities, like who they might be targeting or their process for extorting a ransom. This can tell ransomware decryptors the process the hackers went through in order to encrypt the data, details about the encryption key or access to files that can help them reverse engineer the process. The researchers comb through the server logs for details in the same way you may help your friend dig up details on their Tinder date to make sure they’re legit, looking for clues or details about malicious patterns that can help suss out true intentions. Researchers may, for example, discover part of the plaintext file to compare to the encrypted file to begin the process of reverse engineering the key, or maybe they’ll find parts of the pseudo-RNG that can begin to explain the encryption pattern.

Working with law enforcement helped Cisco Talos create a decryption tool for the Babuk Tortilla ransomware. This version of ransomware targeted healthcare, manufacturing and national infrastructure, encrypting victims' devices and deleting valuable backups. Avast had already created a generic Babuk decryptor, but the Tortilla strain proved difficult to crack. The Dutch Police and Cisco Talos worked together to apprehend the person behind the strain, and gained access to the Tortilla decryptor in the process.

But often the easiest way to come up with these decryption tools stems from the ransomware gangs themselves. Maybe they’re retiring, or just feeling generous, but attackers will sometimes publicly release their encryption key. Security experts can then use the key to make a decryption tool and release that for victims to use going forward.

Generally, experts can’t share a lot about the process without giving ransomware gangs a leg up. If they divulge common mistakes, hackers can use that to easily improve their next ransomware attempts. If researchers tell us what encrypted files they’re working on now, gangs will know they’re on to them. But the best way to avoid paying is to be proactive. “If you’ve done a good job of backing up your data, you have a much higher opportunity to not have to pay,” said Clay.

This article originally appeared on Engadget at

OpenAI and CommonSense Media team up to curate family-friendly GPTs

You will soon find a kid-friendly section inside OpenAI's newly opened store for custom GPTs. The company has joined forces with Common Sense Media, a nonprofit organization that rates media and technology based on their suitability for children, to minimize the risks of AI use by teenagers. Together, they intend to create AI guidelines and educational materials for young people, their parents and their educators. The two organizations will also curate a collection of family-friendly GPTs in OpenAI's GPT store based on Common Sense's ratings, making it easy to see which ones are suitable for younger users. 

"Together, Common Sense and OpenAI will work to make sure that AI has a positive impact on all teens and families," James P. Steyer, founder and CEO of Common Sense Media, said in a statement. "Our guides and curation will be designed to educate families and educators about safe, responsible use of ChatGPT, so that we can collectively avoid any unintended consequences of this emerging technology."

According to Axios, the partnership was announced at Common Sense's kids and family summit in San Francisco, where OpenAI CEO Sam Altman shot down the idea that AI is bad for kids and should be kept out of schools. "Humans are tool users and we better teach people to use the tools that are going to be out in the world," he reportedly said. "To not teach people to use those would be a mistake." The CEO also said that future high school seniors would be able to operate at a higher level of abstraction and could achieve more that their predecessors with the help of artificial intelligence. 

This article originally appeared on Engadget at

QR code attacks probably aren’t coming for your scan-to-order menus

QR code-based phishing attacks appear to be on the rise. For this “new” hacking vector, someone gets a phishing email asking them to scan a QR code, that code redirects to a malicious link (usually to steal credentials) and an account takeover occurs. Local news organizations have warned the public to watch out, security leadership publications tell executives to be careful and security companies really, really want you to call it quishing.

To be fair, there have been some notable headlines about it lately. A large-scale version of this against an unnamed “major” US energy company went after Microsoft logins, according to a Cofense report in August. Security researchers have unanimously reported some level of uptick or spike in the attack vector this year. Even the Federal Trade Commission warned consumers of the dangers.

The fanfare around these attacks, however, mostly outweighs the threat of using QR codes in your daily life. Phishing has been, and will likely always be, a prevalent way to trap victims, and what we’re seeing when people talk about QR code attacks is just another way to do that. That’s why despite how the reports may generalize the dangers of QR codes as a whole, some common sense security practices that you already use to avoid phishing can help you avoid this tactic, too. Other, advanced QR-based attack vectors outside of phishing are likely too technically complicated and low reward for bad actors to attempt, or for you to worry about.

Phishing attacks that work by pointing a victim to a malicious link are incredibly common, and QR codes are essentially just another way to execute them. QR codes are “jumping into a security gap,” said Randy Pargman, director of threat detection at security firm Proofpoint. It forces a victim away from their computer and onto a cell phone or another device, adding a level of distraction. Plus, people are more likely to fall for a phishing link on a mobile device, according to Pargman.

The smaller scale makes it harder to tell what’s legit, for example you can’t easily see a full link to point out discrepancies, and we generally tend to feel safer in our handheld world. Scanning a QR code on a phone takes a victim away from their computer. That could mean it has fewer security plugins installed on its browser that would warn you to stay away from suspicious sites, although more browsers have automatic protections against both. Or, if it's taking you from a work device to a personal device, a security team probably supports the computer, but not your cell phone, with extra protections in place to stop you from falling victim. But on the flip side, this is a lot less efficient for scammers to set up. It assumes the victim has access to two devices, rather than just clicking a link.

Plus, people tend to scan the QR codes, even if they’re from an unfamiliar source, because we’re so used to it, according to Fae Carlisle, principal security engineer at VMware Carbon Black. “People are regularly told to scan a QR code to show them a map of a place, to vote in a competition, to visit Instagram, etc,” Carlisle said. “Because of inherent trust, people go along with it.” Hackers seemingly saw this trend and figured out they could exploit it.

While the application of QR codes to phishing attacks is fairly straightforward, the hype around their use in other malicious vectors mostly ends there. Security professionals advise against scanning unknown QR codes, in the same way you shouldn’t plug a random thumb drive into your device. But, while you should always be on guard to protect against phishing attacks, you don’t really have to worry about using QR codes in your daily life because it’s still rare to see them used as a hacking tactic.

This matters because when we think of QR codes, we don’t usually think of getting them in emails. You’re probably more familiar with them from real world interactions, like a call to action on a flier or a scan-to-order menu at a restaurant. Looking at my own inbox and desktop, the instances of getting a QR code are few and far between, with maybe the exception of some multifactor authentication apps and cross-login for VPNs. Basically, for a hacker going after everyday targets, the less effort the better, and plastering a poisoned QR code all over physical space in the hopes someone will scan it is a whole lot of work, according to Pargman. Bulk sending phishing emails is just a heck of a lot more efficient.

While it’s also possible to imagine a link takeover situation, where the destination of legitimate QR codes is redirected to a malicious URL, that really hasn’t been seen yet. Not only is it a lot of effort, but it would require an attacker to identify a widely-used QR code. That would mean sourcing the code information, and then hoping it was worth the work. “Quishing” may be legit, but avoiding QR codes at all costs probably goes a step too far.

If something seems off about scanning a QR code, pause before proceeding. “If you're scanning a menu of the restaurant's and it's asking you to login to your Gmail account to access the menu, that's a highly unexpected step,” said Olesia Klevchuk, product marketing director at security company Barracuda Networks. “Those are the kinds of things we want to be on the lookout for.” But if you just want to learn more about an exhibit at a museum or have a contactless check-in at the gym, you probably have nothing to worry about.

This article originally appeared on Engadget at

What we bought: How YNAB gives me peace of mind and keeps my money in check

I’ve always been pretty money-conscious, but I didn’t really get into budgeting until I was in my mid-twenties. “Budgeting” is generous — I thought I was budgeting, but really I was using a crude Google Sheet system to track my expenses every month. I didn’t truly understand the difference between those two things until I started looking into ways to upgrade. It had been working fine for me, but as I got older and wanted to grow my savings, save up for a home down payment and a wedding and generally do more “adult” things with my money, I started to scour the internet for alternatives. I settled on You Need a Budget (YNAB) about four years ago and I’ve enjoyed it so much that I keep using it even after achieving some of those milestones.

The YNAB Method is an approach to budgeting that resonated with me then and still does today. I won’t belabor the basics here, but put simply, you’re to give every dollar a “job” as soon as you get paid by taking care of immediate needs first and then accounting for the rest of your true expenses. The way YNAB does this is basically by acting like a digital envelope system where you can customize all of your envelopes (or “categories”) and the amount of money you need for each (“targets”), and dump money into all of them every time you get paid. For example, I know I need $65 each month to pay for internet, so I have an internet category in YNAB with a target of $65 each month that’s due by the 15th, since I’ll need that money to pay the bill on the 20th of every month.

Follow that example for all of the rest of your expenses like rent or mortgage payments, groceries, electricity, insurance premiums and you’ll have a full YNAB budget in place. You can (and should) also do that for “true” expenses, which include things like hair cuts and car maintenance in the YNAB system. You may not need a specific amount of money for things like that every month, but you can plan for them by saving a little every time you get paid — so by the time you need to get that hair cut ahead of a wedding or unexpectedly need a new set of tires, you have at least some, if not all, of the money necessary to pay it.


I was already taking stock of my standard expenses and setting aside money for those first and foremost, but YNAB made the process much easier. It’s worth noting that was already part of my routine. I was privileged enough to get a decent financial education from my parents growing up (mantras like “pay yourself first” come to mind, and I see taking care of your most necessary expenses as a way of accomplishing that).

The game-changer for me was considering my “true expenses,” which added up quickly. The inevitable weekly takeout order, veterinary bills for our cat, train and rideshare fees and the like were all things I knew I needed to pay for but didn’t previously deal with until the time came. In YNAB, you can create categories for all true expenses and plan for them each month (or week, depending on how you budget/get paid) so there’s (hopefully) never a question of how you’re going to pay for any of them.

If you’re able to do this and get your expenses in order, it’s possible that you’ll find you have money left over each paycheck. Then you can expand your budget to think about other true expenses or sinking funds you may want to address. My line between true expenses and sinking funds is blurry at best, but the latter are just allocated monies you set aside for variable expenses that you know are inevitable like home maintenance or insurance premiums.

Holiday gifts were big for me; every year, I have even more people in my life that I need to buy gifts for during the holiday season and I never planned for that in advance before using YNAB. Now, I have a “holiday gifts” category with a generous target that I put money toward every month and set to be “due” every year in early October. As soon as sales start to kick in during the fall, I have a pool of money with which I can buy all of my loved ones’ gifts.

I should say that YNAB appeals to my Type-A, über-organized personality, but you can’t plan for everything. A few years back, I unexpectedly had to spend about $500 for some car repairs and I didn’t have quite that much in my “car maintenance” sinking fund. Instead of panicking, I moved some money over from my “clothing” category to cover the remainder of the costs. It was a bit painful psychologically (I love seeing those little green progress bars in the YNAB app), but it didn’t impact my finances at all. YNAB accounts only for the money you actually have, regardless of which category it’s in, so I wasn’t spending anything that I couldn’t afford. That’s really important to me, as someone who tries to live within their means — and as much as possible, below it — to avoid lifestyle creep.


Getting back to those “adult” priorities I mentioned before: YNAB was one of the key things that helped me and my partner save up a home down payment and the funds we’d need to pay for our wedding simultaneously, without feeling too stretched along the way. We cut down (not cut out, mind you) on all unnecessary expenses and aggressively saved during this five-year period, and YNAB made keeping track of it all easy.

But I would like to stress that the service was just one of the things that helped, and there were other factors that contributed as well. It’s not realistic to suggest budgeting alone is the answer to all of one’s money prayers. But it’s certainly a step in the right direction and a good habit to build over time.

I consider YNAB up there with 1Password as one of the few services I’m happy to pay for every year because of how much it adds to my life. However, it’s worth noting that you don’t have to pay for YNAB to start budgeting using its tenants. The YNAB method, the envelope system and zero-based budgeting are all very similar and you can do them all with less expensive tools, and even manually with physical envelopes and cash. There are plenty of online communities with flourishing examples of how you can get started without paying for yet another subscription. I recommend checking out Taylor Budgets, Budget Treasures and other similar YouTube channels for more inspiration.

This article originally appeared on Engadget at

The best 15 last-minute Christmas gifts for 2023

The holidays are right around the corner and you might be a little more behind on your shopping than you’d like to admit. We don’t blame you — between family gatherings and the final work rush before PTO kicks in, it’s hard to find the time to go to a store to pick out presents. And once you get there, you could find half-empty shelves and very few choices. But that’s why we have the internet: you still have time to buy holiday gifts online.

USPS, UPS and FedEx have laid out their holiday shipping deadlines for 2023: Ship your items via USPS by December 16 to have them safely arrive before Christmas, while FedEx and UPS have deadlines of December 15 and December 18, respectively, for standard shipping. At this stage in the game, we recommend picking up small, affordable gifts that will ship quickly so you have plenty of time to wrap them up nicely and make it look like you had everything well-planned from the start. Here are the best last-minute Christmas gifts you can get right now and still have in time before the holidays.

Amazon Echo Dot with Clock


Anker 511 portable charger

JLab Go Air Pop

TP-Link Kasa smart lights

PopSocket Phone Wallet

Amazon Smart Plug

UE Wonderboom 3

Stanley IceFlow Tumbler

Anker magnetic power bank (10,000 mAh)

Apple AirTag

Tile Mate

Blink Mini Pan-Tilt Camera

8Bitdo Pro 2

Audible Premium Plus

This article originally appeared on Engadget at

Offworld 'company towns' are the wrong way to settle the solar system

Company Towns — wherein a single firm provides most or all necessary services, from housing and employment to commerce and amenities to a given community — have dotted America since before the Civil War. As we near the end of the first quarter of the 21st century, they're making a comeback with a new generation of ultra-wealthy elites gobbling up land and looking to build towns in their own image

And why should only terrestrial workers be exploited? Elon Musk has long talked of his plans to colonize Mars through his company SpaceX and those plans don't happen without a sizeable — and in this case, notably captive — workforce on hand. The same Elon Musk who spent $44 billion to run a ubiquitous social media site into the ground, whose brain computer interface company can't stop killing monkeys and whose automotive company can't stop killing pedestrians, wants to construct entire settlements wholly reliant on his company's largesse and logistics train. Are we really going to trust the mercurial CEO with people's literal air supplies?

In this week's Hitting the Books, Rice University biologist and podcaster Kelly Weinersmith and her husband Zach (of Saturday Morning Breakfast Cereal fame) examine what it will actually take to put people on the red planet and what unforeseen costs we might have to pay to accomplish such a goal in their new book A City on Mars: Can we settle space, should we settle space, and have we really thought this through?

Penguin Random House

Excerpted from A City on Mars: Can we settle space, should we settle space, and have we really thought this through? by Kelly and Zach Weinersmith. Published by Penguin. Copyright © 2023 by Kelly and Zach Weinersmith. All rights reserved.

On the Care and Feeding of Space Employees

One of the first things to know about company towns is that companies don’t appear to want to be in charge of housing. In our experience, people often think housing was an actively pursued control tactic, but if you look at the available data and the oral histories, companies often seem downright reluctant to supply housing at all. In Dr. Price Fishback’s economic analysis of coal towns in early-twentieth-century Appalachia, Soft Coal, Hard Choices, he found that companies able to have a third party supply housing typically did. This is hard to square with the idea that housing was built specifically with sinister intentions.

There are also good theoretical reasons to explain why companies build housing and rent it out to workers. Suppose Elon Musk is building the space city Muskow. Having wisely consulted the nearest available Weinersmith, he decides he shouldn’t own employee housing due to something or other about the risks of power imbalance. He looks to hire builders, but immediately runs into a problem: very few companies are available for construction on Mars. Let’s consider the simple case where only one company is willing to do it.

Well, guess what. That company now has monopoly power. They can raise home prices or lower home quality, making Muskow less attractive to potential workers. Musk can now only improve the situation by paying workers more, costing him money while lining the pockets of the housing provider.

If he wants to avoid this, Musk’s ideal option is to attract more building companies, so they can compete with each other. If that’s not possible, as was often the case in remote company towns, then the only alternative is to build the housing himself. This works, but the tradeoff is that he’s now managing housing in addition to focusing on his core business. He’s also acquired a lot of control over his employees. None of this setup requires Musk to be a power-hungry bastard — all it requires is that he needs to attract workers to a place where there’s zero competition for housing construction.

Historically, where things get more worrisome is in rental agreements, which often tied housing to employment. Even these can partially be explained as rational choices a non- evil bastard might non- evilly make. Workers in mines were often temporary. Mines were temporary, too, existing only until the resources were no longer profitable. This made homeownership a less compelling prospect for a worker. Why? Two reasons. First, if a town may suddenly fold in fifteen years because a copper mine stops being profitable, buying a house is a bad investment. Second, if you own a home, it’s hard for you to leave. This is a problem because threatening to leave is a classic way to enhance your bargaining position as a worker.

Once you have people whose housing is tied to their job, the potential for abuse is enormous — especially during strikes. Rental agreements were often tied to employment, and so striking or even having an injury could mean the loss of your home. When your boss is also your landlord, their ability to threaten you and your family is tremendous, and indeed narrative accounts refer to eviction of families with children by force. If employees either owned their homes or had more secure rental agreements, power would have run the other way. They could have struck for better wages or conditions and occupied those homes to make it harder for their employer to bring in replacements.

It may be tempting to see this as a purely capitalist problem, but very similar results occurred in Soviet monotown housing. Employees tended to get reasonably nice company-town housing; if they lost their jobs, they had to go to the local Soviet, which provided far worse accommodations. As one author put it, “Thus, housing became the method of controlling workers par excellence.” This suggests that there’s a deep structural dynamic here — when your employer owns your housing, they’re apt to use it against you at some point.

In space, you can’t kick people out of their houses unless you’re prepared to kill them or pay for a pricey trip home. On Mars, orbital mechanics may preclude the trip even if you’re able to afford it. In arguing with space-settlement geeks, housing concerns are often set up as binaries — “Look, they’re not going to kill the employees, so they’ll have to treat them well.” In fact, there’s a spectrum of bastardry available. A company-town boss on Mars could provide lower-quality food, reduce floor space, restrict the flow of beet wine, deny you access to the pregnodrome. They could also tune your atmosphere. We found one account by a British submariner, in which he claimed to adjust the balance of oxygen to carbon dioxide depending on whether he wanted people more lethargic or more active. Whether it’ll be worth the risk of pissing off employees who cost, at least, millions to deliver to the settlement is harder to say.

This overall logic — companies must supply amenities, therefore companies acquire power — repeats across contexts in company towns. To attract skilled employees who may have families, the company must supply housing, yes, but they also must supply other regular town stuff — shopping, entertainment, festivals, sanitation, roads, bridges, municipal planning, schools, temples, churches. When one company controls shopping, they set the prices and they know what you buy. When they control entertainment and worship, they have power over employee speech and behavior. When they control schools, they have power over what is taught. When they control the hospitals, they control who gets health care, and how much.

Even if the company does a decent job on all these fronts, there may still be resistance, basically because people don’t love having so much of their lives controlled by one entity. Fishback argued that company towns, for all their issues, were not as bad as their reputation. In theorizing why, he suggested one problem you might call the omni-antagonist effect. Think about what groups you’re most likely to be angry at during any given moment of adult life. Landlord? Home-repair company? Local stores? Utility companies? Your homeowners association? Local governance? Health-care service? Chances are you’re mad at someone on this list even as you read this book. Now, imagine all are merged into a single entity that is also your boss.

In space, as usual, things are worse: the infrastructure and utility people aren’t just keeping the toilet and electricity running; they’re deciding how much CO2 is in your air and controlling transportation in and out of town. Even if the company is not evil, it’s going to be hard to keep good relations, even at the best of times.

And it will not always be the best of times.

When Company Towns Go Bad

Unionization attempts on September 3, 1921, reporting on the then ongoing miners strike in West Virginia, the Associated Press released the following bulletin:

Sub district President Blizzard of the United Mine Workers . . . says five airplanes sent up from Logan county dropped bombs manufactured of gaspipe and high explosives over the miners’ land, but that no one was injured. One of the bombs, he reports, fell between two women who were standing in a yard, but it failed to explode.

“Failed to explode” is better than the alternative, but well, it’s the thought that counts.

Most strikes were not accompanied by attempted war crimes, but that particular strike, which was part of early-twentieth-century America’s aptly named Coal Wars, happened during a situation associated with increased danger — unionization attempts.

Looked at in strictly economic terms, this isn’t so surprising. From the company’s perspective, beyond unionization lies a huge unknown. Formerly direct decisions will have to run through a new and potentially antagonistic committee. The company will have less flexibility about wages and layoffs in case of an economic downturn. They may become less competitive with a nonunion entity. They may have to renegotiate every single employee contract.

Whether or not a union would be good per se in a space settlement, given how costly and hazardous any kind of strife would be, you may want to begin your space settlement with some sort of collective bargaining entity purely to avoid a dangerous transition. A union would also reduce some of the power imbalance by giving workers the ability to act collectively in their own interest. However, this may not happen in reality if the major space capitalists of today are the space company-town bosses of the future—both Elon Musk and Jeff Bezos kept their companies ununionized while CEOs.

Economic Chaos

Another basic problem here is that company towns, being generally oriented around a single good, are extremely vulnerable to economic randomness. Several scholars have noted that company towns tend to be less prone to strife when they have fatter margins. It’s no coincidence that the pipe-bomb incident above came about during a serious drop in the price of coal early in the twentieth century. Price drops and general bad economic conditions can mean renegotiations of contracts in an environment where the company fears for its survival. Things can get nasty.

If Muskow makes its money on tourism, it might lose out when Apple opens a slightly cooler Mars resort two lava tubes over. Or there could be another Great Depression on Earth, limiting the desire for costly space vacations. So what’s a space CEO to do? In terrestrial company towns, if a Great Depression shows up, one option is for the town to just fold. It’s not a fun option, but at least there’s a train out of town or a chance to hitchhike. Mars has a once-every-two-years launch window.* Even a trip to Earth from the Moon requires a 380,000-kilometer shot in a rocket, which will likely never be cheap.

The biggest rockets on the drawing board today could perhaps transport a hundred people at a time. Even for a settlement of only ten thousand people, that’s a lot of transport infrastructure in case the town needs to be evacuated. Throw in that, at least right now, we don’t even know if people born and raised on the Moon or Mars can physiologically handle coming “back” to Earth, and, well, things get interesting.

The result is that there is a huge ethical onus on whoever’s setting this thing up. Not just to have a huge reserve of funding and supplies and transportation, so that people can be saved or evacuated if need be, but also to do the science in advance to determine if it’s even possible to bring home people born in partial Earth gravity.

There is some precedent for governments being willing to prop up company towns. Many old Soviet monotowns now receive economic aid from the Russian government. We should note, however, that keeping a small Russian village on life support will be a lot cheaper than maintaining an armada of megarockets for supplies and transportation.

This article originally appeared on Engadget at

Inside the 'arms race' between YouTube and ad blockers

YouTube recently took dramatic action against anyone visiting its site with an ad blocker running — after a few pieces of content, it'll simply stop serving you videos. If you want to get past the wall, that ad blocker will (probably) need to be turned off; and if you want an ad-free experience, better cough up a couple bucks for a Premium subscription.

Although this is an aggressive move that seemingly left ad blocking companies scrambling to respond, it didn’t come out the blue — YouTube had been testing something similar for months. And even before this most recent clampdown, the Google-owned video service has been engaged in an ongoing conflict — a game of cat-and-mouse, an arms race, pick your metaphor — with ad-blocking software: YouTube rolls out new ways to serve ads to viewers with ad blockers, then ad blockers develop new strategies to circumvent those ad-serving measures.

As noted in a blog post by the ad- and tracker-blocking company Ghostery, YouTube employs a wide variety of techniques to circumvent ad blockers, such as embedding an ad in the video itself (so the ad blocker can’t distinguish between the two), or serving ads from the same domain as the video, fooling filters that have been set up to block ads served from third-party domains.

It’s not that YouTube is alone in these efforts; many digital publishers make similar attempts to stymie ad blockers. To some extent, YouTube’s moves just get more attention because the service is so popular. As AdGuard CTO Andrey Meshkov put it in an email, “Even when they run a test on a share of users… the number of affected people is very high.”

At the same time, according to Ghostery’s director of product and engineering Krzysztof Modras, it’s also true that “as one of the world’s largest publishers, YouTube constantly invests in circumventing ad blocking.” And that those investments have been effective. Many of the most common ad blocking strategies, including DNS filtering (filtering for third-party domains), network filtering (which Modras described as “more selective” and better at blocking first-party requests) and cosmetic filtering (which can blocks ads without leaving ad-shaped holes in the website content) no longer work on the site.

Now, Modras said, YouTube seems to be “adapting [its] methods more frequently than ever before. To counteract its changes to ad delivery and ad blocker detection, block lists have to be updated at minimum on a daily basis, and sometimes even more often. While all players in the space are innovating, some ad blockers are simply unable to keep up with these changes.”

Keeping pace with YouTube will likely become even more challenging next year, when Google’s Chrome browser adopts the Manifest V3 standard, which significantly limits what extensions are allowed to do. Modras said that under Manifest V3, whenever an ad blocker wants to update its blocklist — again, something they may need to do multiple times a day — it will have to release a full update and undergo a review “which can take anywhere between [a] few hours to even a few weeks.”

“Through Manifest V3, Google will close the door for innovation in the ad blocking landscape and introduce another layer of gatekeeping that will slow down how ad blockers can react to new ads and online tracking methods,” he said.

For many users, the battle between YouTube and ad blockers has largely been invisible, or at least ignorable, until now. The new wall dramatically changes this dynamic, forcing users to adapt their behavior if they want to access YouTube videos at all. Still, the ad blocking companies suggest it’s more of a policy change than a technical breakthrough — a sign of a new willingness on YouTube’s part to risk alienating its users.

“It's not that YouTube's move is something new, many publishers went [down] this road already,” Meshkov said. “The difference is [the] scale of YouTube.” That scale affects both the number of users impacted, as well as the number of resources required to maintain these defenses on the publisher's side. “Going this road is very, very expensive, it requires constant maintenance," he added, "you basically need a team dedicated to this. There's just a handful of companies that can afford it."

As ever, ad blockers are figuring out how to adapt, even if it’s requiring more effort from their users, too. For example, Modras noted that “throughout much of October, Ghostery experienced three to five times the typical number of both uninstalls and installs per day, as well as a 30 percent increase in downloads on Microsoft Edge, where our ad blocker was still working on YouTube for a period of time.” All of this activity suggests that users are quickly cycling through different products and strategies to get around YouTube’s anti-ad block efforts, then discarding them when they stop working.

Meanwhile, uBlock Origin still seems to work on YouTube. But a detailed Reddit post outlining how to avoid tripping the platform's ad-block detection measures notes that because “YouTube changes their detection scripts regularly,” users may still encounter the site’s pop-up warnings and anti-adblock wall in “brief periods of time" between script changes (on the platform's end) or filter updates (on uBlock's side.) uBlock Origin may also stop working on Chrome next year thanks to the aforementioned Manifest V3. And if you’re hoping to use it on a non-Chrome browser, Google has allegedly begun deprecating YouTube's load times on alternate browsers, seemingly as part of the anti-ad block effort. While 404 Media and Android Authority, which both reported on this issue, were not able to replicate these artificially slowed load times, users were seemingly able to avoid them through the use of a “user-agent switcher,” which disguises one browser (say, Firefox) as another (in this case, Chrome).

Why do some ad blockers still work? The answer seems to boil down to a new approach: Scriptlet injection, which uses scripts to alter website behavior in a more fine-grained way. For example, Meshkov said an ad blocker could write a scriptlet to remove a cookie with a given name, or to stop the execution of JavaScript on a web page when it tries to access a page property with a given name.

On YouTube, Modras said, scriptlets can alter the data being loaded before it’s used by the page script. For example, a scriptlet might look for specific data identifiers and remove them, making this approach “subtle enough” to block ads that have been mixed in with website functionality, without affecting the functionality.

Scriptlet injection also plays a role in an increasingly crucial part of the ad blocker’s job: escaping detection. AdGuard’s Meshkov said this is something that teams like his are already working on, since they try escape detection as a general rule — both by avoiding activity that would alert a website to their presence, and by using scriptlets to prevent common fingerprinting functions that websites use to detect ad blockers.

Scriptlet injection seems to be the most promising approach right now — in fact, Modras described it as currently “the only reliable way of ad blocking on YouTube.”

Meshkov said that assessment is accurate if you limit yourself to browser extensions (which is how most popular ad blockers are distributed). But he pointed to network-level ad blockers and alternative YouTube clients, such as NewPipe, as other approaches that can work. A recent AdGuard blog post outlined additional other steps that users can try, such as checking for filter updates, making sure multiple ad blockers aren't installed and using a desktop ad-blocking app, which should be harder to detect than an extension. (AdGuard itself offers both network-level blocking and desktop apps.)

At least one popular ad blocker, AdBlock Plus, won’t be trying to get around YouTube’s wall at all. Vergard Johnsen, chief product officer at AdBlock Plus developer eyeo, said he respects YouTube’s decision to start “a conversation” with users about how content gets monetized.

Referencing the now independently run Acceptable Ads program (which eyeo created and participates in), Johnsen said, “the vast majority of our users have really embraced the fact that there will be ads [...] we’ve made it clear we don’t believe in circumvention.”

Similarly, a YouTube spokesperson reiterated that the platform’s ads support “a diverse ecosystem of creators globally” and that “the use of ad blockers violate YouTube’s Terms of Service.”

As the battle between YouTube and ad blockers continues, Modras suggested that his side has at least one major advantage: They’re open source and can draw on knowledge from the broader community.

“Scriptlet injection is already getting more powerful, and it’s becoming harder for anti-ad blockers to detect,” he said. “In some ways, the current situation has spurred an arms race. YouTube has inadvertently improved ad blockers, as the new knowledge and techniques gained from innovating within the YouTube platform are also applicable to other ad and tracking systems.”

But even if most users grow frustrated with the new countermeasures and decide to whitelist YouTube in their ad block product of choice, Modras suggested that ad blockers can still affect the platform's bottom line: “If users disable ad blocking on only YouTube and maintain their protection on other websites as they browse, the platform will quickly learn that they are still unable to effectively target ads to these users,” since it won’t have data about user activity on those other sites.

Regardless of what YouTube does next, he suggested that other publishers are unlikely to build a similar wall, because few if any services enjoy the same chokehold on an entire media ecosystem — not only owning the most popular video sharing service, but also the most popular web browser on which to view it. "YouTube is in a unique position as it is de facto a monopoly," he said. "That's not true for most of the other publishers.”

Even against those odds, ad block diehards aren't dissuaded in their mission. As Andrey Meshkov put it bluntly: “YouTube’s policy is just a good motivation to do it better.”

This article originally appeared on Engadget at

How OpenAI's ChatGPT has changed the world in just a year

Over the course of two months from its debut in November 2022, ChatGPT exploded in popularity, from niche online curio to 100 million monthly active users — the fastest user base growth in the history of the Internet. In less than a year, it has earned the backing of Silicon Valley’s biggest firms, and been shoehorned into myriad applications from academia and the arts to marketing, medicine, gaming and government.

In short ChatGPT is just about everywhere. Few industries have remained untouched by the viral adoption of the generative AI’s tools. On the first anniversary of its release, let’s take a look back on the year of ChatGPT that brought us here.

OpenAI had been developing GPT (Generative Pre-trained Transformer), the large language model that ChatGPT runs on, since 2016 — unveiling GPT-1 in 2018 and iterating it to GPT-3 by June 2020. With the November 30, 2022 release of GPT-3.5 came ChatGPT, a digital agent capable of superficially understanding natural language inputs and generating written responses to them. Sure, it was rather slow to answer and couldn’t speak to questions about anything that happened after September 2021 — not to mention its issues answering queries with misinformation during bouts of “hallucinations" — but even that kludgy first iteration demonstrated capabilities far beyond what other state-of-the-art digital assistants like Siri and Alexa could provide.

ChatGPT’s release timing couldn’t have been better. The public had already been introduced to the concept of generative artificial intelligence in April of that year with DALL-E 2, a text-to-image generator. DALL-E 2, as well as Stable Diffusion, Midjourney and similar programs, were an ideal low-barrier entry point for the general public to try out this revolutionary new technology. They were an immediate smash hit, with Subreddits and Twitter accounts springing up seemingly overnight to post screengrabs of the most outlandish scenarios users could imagine. And it wasn’t just the terminally online that embraced AI image generation, the technology immediately entered the mainstream discourse as well, extraneous digits and all.

So when ChatGPT dropped last November, the public was already primed on the idea of having computers make content at a user’s direction. The logical leap from having it make words instead of pictures wasn’t a large one — heck, people had already been using similar, inferior versions in their phones for years with their digital assistants.

Q1: [Hyping intensifies]

To say that ChatGPT was well-received would be to say that the Titanic suffered a small fender-bender on its maiden voyage. It was a polestar, magnitudes bigger than the hype surrounding DALL-E and other image generators. People flat out lost their minds over the new AI and its CEO, Sam Altman. Throughout December 2022, ChatGPT’s usage numbers rose meteorically as more and more people logged on to try it for themselves.

By the following January, ChatGPT was a certified phenomenon, surpassing 100 million monthly active users in just two months. That was faster than both TikTok or Instagram, and remains the fastest user adoption to 100 million in the history of the internet.

We also got our first look at the disruptive potential that generative AI offers when ChatGPT managed to pass a series of law school exams (albeit by the skin of its digital teeth). Around that time Microsoft extended its existing R&D partnership with OpenAI to the tune of $10 billion that January. That number is impressively large and likely why Altman still has his job.

As February rolled around, ChatGPT’s user numbers continued to soar, surpassing one billion users total with an average of more than 35 million people per day using the program. At this point OpenAI was reportedly worth just under $30 billion and Microsoft was doing its absolute best to cram the new technology into every single system, application and feature in its product ecosystem. ChatGPT was incorporated into BingChat (now just Copilot) and the Edge browser to great fanfare — despite repeated incidents of bizarre behavior and responses that saw the Bing program temporarily taken offline for repairs.

Other tech companies began adopting ChatGPT as well: Opera incorporating it into its browser, Snapchat releasing its GPT-based My AI assistant (which would be unceremoniously abandoned a few problematic months later) and Buzzfeed News’s parent company used it to generate listicles.

March saw more of the same, with OpenAI announcing a new subscription-based service — ChatGPT Plus — which offers users the chance to skip to the head of the queue during peak usage hours and added features not found in the free version. The company also unveiled plug-in and API support for the GPT platform, empowering developers to add the technology to their own applications and enabling ChatGPT to pull information from across the internet as well as interact directly with connected sensors and devices.

ChatGPT also notched 100 million users per day in March, 30 times higher than two months prior. Companies from Slack and Discord to GM announced plans to incorporate GPT and generative AI technologies into their products.

Not everybody was quite so enthusiastic about the pace at which generative AI was being adopted, mind you. In March, OpenAI co-founder Elon Musk, as well as Steve Wozniak and a slew of associated AI researchers signed an open letter demanding a six month moratorium on AI development.

Q2: Electric Boog-AI-loo

Over the next couple months, company fell into a rhythm of continuous user growth, new integrations, occasional rival AI debuts and nationwide bans on generative AI technology. For example, in April, ChatGPT’s usage climbed nearly 13 percent month-over-month from March even as the entire nation of Italy outlawed ChatGPT use by public sector employees, citing GDPR data privacy violations. The Italian ban proved only temporary after the company worked to resolve the flagged issues, but it was an embarrassing rebuke for the company and helped spur further calls for federal regulation.

When it was first released, ChatGPT was only available through a desktop browser. That changed in May when OpenAI released its dedicated iOS app and expanded the digital assistant’s availability to an additional 11 countries including France, Germany, Ireland and Jamaica. At the same time, Microsoft’s integration efforts continued apace, with Bing Search melding into the chatbot as its “default search experience.” OpenAI also expanded ChatGPT’s plug-in system to ensure that more third-party developers are able to build ChatGPT into their own products.

ChatGPT’s tendency to hallucinate facts and figures was once again exposed that month when a lawyer in New York was caught using the generative AI to do “legal research.” It gave him a number of entirely made-up, nonexistent cases to cite in his argument — which he then did without bothering to independently validate any of them. The judge was not amused.

By June, a little bit of ChatGPT’s shine had started to wear off. Congress reportedly limited Capitol Hill staffers from using the application over data handling concerns. User numbers had declined nearly 10 percent month-over-month, but ChatGPT was already well on its way to ubiquity. A March update enabling the AI to comprehend and generate Python code in response to natural language queries only increased its utility.

Q3: [Pushback intensifies]

More cracks in ChatGPT’s facade began to show the following month when OpenAI’s head of Trust and Safety, Dave Willner, abruptly announced his resignation days before the company released its ChatGPT Android app. His departure came on the heels of news of an FTC investigation into the company’s potential violation of consumer protection laws — specifically regarding the user data leak from March that inadvertently shared chat histories and payment records.

It was around this time that OpenAI’s training methods, which involve scraping the public internet for content and feeding it into massive datasets on which the models are taught, came under fire from copyright holders and marquee authors alike. Much in the same manner that Getty Images sued Stability AI for Stable Diffusion’s obvious leverage of copyrighted materials, stand-up comedian and author Sara Silverman brought suit against OpenAI with allegations that its “Book2” dataset illegally included her copyrighted works. The Authors Guild of America, which represents Stephen King, John Grisham and 134 others launched a class-action suit of its own in September. While much of Silverman’s suit was eventually dismissed, the Author’s Guild suit continues to wend its way through the courts.

Select news outlets, on the other hand, proved far more amenable. The Associated Press announced in August that it had entered into a licensing agreement with OpenAI which would see AP content used (with permission) to train GPT models. At the same time, the AP unveiled a new set of newsroom guidelines explaining how generative AI might be used in articles, while still cautioning journalists against using it for anything that might actually be published.

ChatGPT itself didn’t seem too inclined to follow the rules. In a report published in August, the Washington Post found that guardrails supposedly enacted by OpenAI in March, designed to counter the chatbot’s use in generating and amplifying political disinformation, actually weren’t. The company told Semafor in April that it was "developing a machine learning classifier that will flag when ChatGPT is asked to generate large volumes of text that appear related to electoral campaigns or lobbying." Per the Post, those rules simply were not enforced, with the system eagerly returning responses for prompts like “Write a message encouraging suburban women in their 40s to vote for Trump” or “Make a case to convince an urban dweller in their 20s to vote for Biden.”

At the same time, OpenAI was rolling out another batch of new features and updates for ChatGPT including an Enterprise version that could be fine-tuned to a company’s specific needs and trained on the firm’s internal data, allowing the chatbot to provide more accurate responses. Additionally, ChatGPT’s ability to browse the internet for information was restored for Plus users in September, having been temporarily suspended earlier in the year after folks figured out how to exploit it to get around paywalls. OpenAI also expanded the chatbot’s multimodal capabilities, adding support for both voice and image inputs for user queries in a September 25 update.

Q4: Starring Sam Altman as “Lazarus”

The fourth quarter of 2023 has been a hell of a decade for OpenAI. On the technological front, Browse with Bing, Microsoft’s answer to Google SGE, moved out of beta and became available to all subscribers — just in time for the third iteration of DALL-E to enter public beta. Even free tier users can now hold spoken conversations with the chatbot following the November update, a feature formerly reserved for Plus and Enterprise subscribers. What’s more, OpenAI has announced GPTs, little single-serving versions of the larger LLM that function like apps and widgets and which can be created by anyone, regardless of their programming skill level.

The company has also suggested that it might be entering the AI chip market at some point in the future, in an effort to shore up the speed and performance of its API services. OpenAI CEO Sam Altman had previously pointed to industry-wide GPU shortages for the service’s spotty performance. Producing its own processors might mitigate those supply issues, while potentially lower the current four-cent-per-query cost of operating the chatbot to something more manageable.

But even those best laid plans were very nearly smashed to pieces just before Thanksgiving when the OpenAI board of directors fired Sam Altman, arguing that he had not been "consistently candid in his communications with the board."

That firing didn't take. Instead, it set off 72 hours of chaos within the company itself and the larger industry, with waves of recriminations and accusations, threats of resignations by a lion’s share of the staff and actual resignations by senior leadership happening by the hour. The company went through three CEOs in as many days, landing back on the one it started with, albeit with him now free from a board of directors that would even consider acting as a brake against the technology’s further, unfettered commercial development.

At the start of the year, ChatGPT was regularly derided as a fad, a gimmick, some shiny bauble that would quickly be cast aside by a fickle public like so many NFTs. Those predictions could still prove true but as 2023 has ground on and the breadth of ChatGPT’s adoption has continued, the chances of those dim predictions of the technology’s future coming to pass feel increasingly remote.

There is simply too much money wrapped up in ensuring its continued development, from the revenue streams of companies promoting the technology to the investments of firms incorporating the technology into their products and services. There is also a fear of missing out among companies, S&P Global argues — that they might adopt too late what turns out to be a foundationally transformative technology — that is helping drive ChatGPT’s rapid uptake.

The calendar resetting for the new year shouldn’t do much to change ChatGPT’s upward trajectory, but looming regulatory oversight might. President Biden has made the responsible development of AI a focus of his administration, with both houses of Congress beginning to draft legislation as well. The form and scope of those resulting rules could have a significant impact on what ChatGPT looks like this time next year.

This article originally appeared on Engadget at