While Windows is a powerful operating system for productivity, so much of what we do with work these days revolves around the web. Whatever your browser of choice — Chrome, Firefox, Edge, Brave, or any of the more contemporary options — there’s a decent chance you spend a fair amount of your workday working with apps inside that environment.
That’s fine: I recommend using the right tool for the job, whatever that is. And often, it’s a web app! But when nearly every application you use exists in a browser tab within a single desktop window, you’re missing out on some of Windows’ most powerful productivity advantages.
So consider this: What if all those web apps you rely on were integrated into Windows — with their own desktop windows, taskbar icons, and more? What if they worked with the Windows taskbar, Alt+Tab switcher, Task View, and Snap?
It’s something you can make happen in just a few clicks — if you know the tricks.
Many popular web apps now offer official Windows versions, too. It sounds a little obvious, but this wasn’t always as common as it is today. You may have started using a web-based tool when it was available only in a browser, but it may work nicely on your Windows desktop today without any real effort other than taking the time to find the right option.
For example, at our email newsletter-focused small business The Intelligence, we use applications like Notion for documents, Trello for planning, and Microsoft Designer to whip up the occasional piece of AI art. These are normally thought of as web apps, but every single one of them offers an installable Windows desktop application — and I’ve linked the desktop versions in that list.
For file and photo storage, of course, services like Google Drive and even Apple iCloud offer downloadable Windows apps.
And yes, whether you’re using Windows 11 or Windows 10, many of those installable apps are still based on web technologies. But they don’t have to be confined to a browser tab, and going with the “app” version gives you an even richer and more integrated experience.
When in doubt, search the Microsoft Store app for an application or check out its official website for a Windows desktop download.
Windows web app trick #2: Instant install
Even if an official download isn’t available, you can turn any web page into an “app,” complete with its own dedicated window, taskbar icon, desktop shortcut, and Start menu shortcut. This is particularly useful for strictly web-based applications like Gmail, which you might want to keep just a single click away.
All you need is Google Chrome, Microsoft Edge, or some other Chromium-based browsers. (Unfortunately, Mozilla Firefox doesn’t offer this feature.)
In Google Chrome, first head to the web page you want to use as an app — like Gmail.com, for example. Then, click the menu button, point to “Cast, save, and share,” and select the “Install page as app” option.
In Microsoft Edge, head to the page you want to transform into an app and click menu > Apps > Install this site as an app.
Some pages offer the option to be installed as progressive web apps (PWAs). If you try this same process on such a page, you’ll see a slightly different “Install” option. PWAs often offer more features, like offline support — and they similarly transform the website into its own unique window, with a more native-app-like feel that’ll be right at home on your Windows PC.
With Gmail in its own window, you won’t have to hunt down your email in a browser tab again.
Chris Hoffman, IDG
Windows web app trick #3: The alternate route
While you could give Gmail and Google Calendar their own taskbar icons using the trick we just went over, you also have another option: You could access things like your email and calendar events by pulling their data into other dedicated desktop apps.
There’s no shortage of available native-to-Windows options, but the new Outlook is built right into the Windows operating system you’re using — and it works seamlessly with Gmail and Google Calendar. The classic and once-again-under-development Mozilla Thunderbird application works with both Gmail and Google Calendar, too.
By bringing your web-centric data into any such application, you can then read your emails, get desktop notifications, and send emails right from the native Windows app environment. Unfortunately, Outlook will only let you view Google Calendar events, but Mozilla Thunderbird will let you modify your Google Calendar, too.
While I’m focusing on Gmail here, you could also add mail and calendar from Apple iCloud or Yahoo to these applications. You’d get a more desktop-style email experience complete with offline access.
Microsoft’s new Outlook email app supports a variety of email accounts.
Chris Hoffman, IDG
Windows web app trick #4: The third-party path
Beyond the big names, your Windows PC supports an array of less well-known native apps that can also do the job and let you work with web-centric data in a Windows app environment. For example, the Fantastical calendar application that was long popular on Macs is now available on Windows PCs. If you use quite a few different calendars and want them all in one powerful application, the $57 per year it costs may be well worth it — particularly for professional purposes. I’ve heard so many good things from Mac users about this application over the years.
Windows 10 had a very nice calendar feature: It would show your calendar events when you clicked the clock, and that worked with Google Calendar. This feature is missing in action on Windows 11 and was lost in the operating system transition, but for $4 you can get the similar Calendar Flyout application for convenient access to Google Calendar and Microsoft-powered calendar events, too. It adds a handy icon to your system tray for easy viewing and clicking. My colleague JR Raphael of Android Intelligence fame says it looks and works exactly as described — and is quite nice to use!
The point: There’s a whole universe of applications that can better integrate whatever web apps and services you use with Windows. You’ll just need to do a little digging to find the right ones for you.
Windows web app trick #5: The browser tune-up
At the end of the day, there’s nothing wrong with using web apps in your browser — if that’s really how you prefer it. You may go full circle playing with the other options here and conclude that some applications just work best in a traditional browser tab. But there’s still a lot you can do with a browser-tab-based app to turn it into an even more effective productivity tool.
For example, some web applications offer offline support, even while running in your browser. (While many people wonder why offline support is so necessary these days, I like the knowledge that I can always use applications on my laptop even if an airplane’s Wi-Fi isn’t working properly, if there’s some kind of connection blip, or if I’m out and about in an area without readily available internet access.)
Google’s web applications have powerful offline features, but you have to go out of your way to activate them.
Chris Hoffman, IDG
Web applications like Gmail and Google Calendar can also be set as your PC’s default applications for their respective purposes. That means whenever you click an email address on the web or in any other program on your computer, Windows will automatically open a new email draft with that address present within Gmail in Google Chrome. Gmail will normally ask you to set this up when you start using it, so you may have already granted it default email client status.
Beyond that, it’s a good idea to bookmark web apps you use regularly within your browser’s bookmarks toolbar for easy ongoing access. That way, you can get to those quickly by pressing Ctrl+Shift+B from anywhere on the web.
You may also want to pin especially common applications like Gmail so they’re always ready to go. Check out my collection of Windows browser tab tricks for even more ideas!
Get Windows knowledge in your inbox with my free Windows Intelligence newsletter — three new things to try every Friday and free in-depth Windows Field Guides as soon as you sign up.
While Windows is a powerful operating system for productivity, so much of what we do with work these days revolves around the web. Whatever your browser of choice — Chrome, Firefox, Edge, Brave, or any of the more contemporary options — there’s a decent chance you spend a fair amount of your workday working with apps inside that environment.
That’s fine: I recommend using the right tool for the job, whatever that is. And often, it’s a web app! But when nearly every application you use exists in a browser tab within a single desktop window, you’re missing out on some of Windows’ most powerful productivity advantages.
So consider this: What if all those web apps you rely on were integrated into Windows — with their own desktop windows, taskbar icons, and more? What if they worked with the Windows taskbar, Alt+Tab switcher, Task View, and Snap?
It’s something you can make happen in just a few clicks — if you know the tricks.
Many popular web apps now offer official Windows versions, too. It sounds a little obvious, but this wasn’t always as common as it is today. You may have started using a web-based tool when it was available only in a browser, but it may work nicely on your Windows desktop today without any real effort other than taking the time to find the right option.
For example, at our email newsletter-focused small business The Intelligence, we use applications like Notion for documents, Trello for planning, and Microsoft Designer to whip up the occasional piece of AI art. These are normally thought of as web apps, but every single one of them offers an installable Windows desktop application — and I’ve linked the desktop versions in that list.
For file and photo storage, of course, services like Google Drive and even Apple iCloud offer downloadable Windows apps.
And yes, whether you’re using Windows 11 or Windows 10, many of those installable apps are still based on web technologies. But they don’t have to be confined to a browser tab, and going with the “app” version gives you an even richer and more integrated experience.
When in doubt, search the Microsoft Store app for an application or check out its official website for a Windows desktop download.
Windows web app trick #2: Instant install
Even if an official download isn’t available, you can turn any web page into an “app,” complete with its own dedicated window, taskbar icon, desktop shortcut, and Start menu shortcut. This is particularly useful for strictly web-based applications like Gmail, which you might want to keep just a single click away.
All you need is Google Chrome, Microsoft Edge, or some other Chromium-based browsers. (Unfortunately, Mozilla Firefox doesn’t offer this feature.)
In Google Chrome, first head to the web page you want to use as an app — like Gmail.com, for example. Then, click the menu button, point to “Cast, save, and share,” and select the “Install page as app” option.
In Microsoft Edge, head to the page you want to transform into an app and click menu > Apps > Install this site as an app.
Some pages offer the option to be installed as progressive web apps (PWAs). If you try this same process on such a page, you’ll see a slightly different “Install” option. PWAs often offer more features, like offline support — and they similarly transform the website into its own unique window, with a more native-app-like feel that’ll be right at home on your Windows PC.
With Gmail in its own window, you won’t have to hunt down your email in a browser tab again.
Chris Hoffman, IDG
Windows web app trick #3: The alternate route
While you could give Gmail and Google Calendar their own taskbar icons using the trick we just went over, you also have another option: You could access things like your email and calendar events by pulling their data into other dedicated desktop apps.
There’s no shortage of available native-to-Windows options, but the new Outlook is built right into the Windows operating system you’re using — and it works seamlessly with Gmail and Google Calendar. The classic and once-again-under-development Mozilla Thunderbird application works with both Gmail and Google Calendar, too.
By bringing your web-centric data into any such application, you can then read your emails, get desktop notifications, and send emails right from the native Windows app environment. Unfortunately, Outlook will only let you view Google Calendar events, but Mozilla Thunderbird will let you modify your Google Calendar, too.
While I’m focusing on Gmail here, you could also add mail and calendar from Apple iCloud or Yahoo to these applications. You’d get a more desktop-style email experience complete with offline access.
Microsoft’s new Outlook email app supports a variety of email accounts.
Chris Hoffman, IDG
Windows web app trick #4: The third-party path
Beyond the big names, your Windows PC supports an array of less well-known native apps that can also do the job and let you work with web-centric data in a Windows app environment. For example, the Fantastical calendar application that was long popular on Macs is now available on Windows PCs. If you use quite a few different calendars and want them all in one powerful application, the $57 per year it costs may be well worth it — particularly for professional purposes. I’ve heard so many good things from Mac users about this application over the years.
Windows 10 had a very nice calendar feature: It would show your calendar events when you clicked the clock, and that worked with Google Calendar. This feature is missing in action on Windows 11 and was lost in the operating system transition, but for $4 you can get the similar Calendar Flyout application for convenient access to Google Calendar and Microsoft-powered calendar events, too. It adds a handy icon to your system tray for easy viewing and clicking. My colleague JR Raphael of Android Intelligence fame says it looks and works exactly as described — and is quite nice to use!
The point: There’s a whole universe of applications that can better integrate whatever web apps and services you use with Windows. You’ll just need to do a little digging to find the right ones for you.
Windows web app trick #5: The browser tune-up
At the end of the day, there’s nothing wrong with using web apps in your browser — if that’s really how you prefer it. You may go full circle playing with the other options here and conclude that some applications just work best in a traditional browser tab. But there’s still a lot you can do with a browser-tab-based app to turn it into an even more effective productivity tool.
For example, some web applications offer offline support, even while running in your browser. (While many people wonder why offline support is so necessary these days, I like the knowledge that I can always use applications on my laptop even if an airplane’s Wi-Fi isn’t working properly, if there’s some kind of connection blip, or if I’m out and about in an area without readily available internet access.)
Google’s web applications have powerful offline features, but you have to go out of your way to activate them.
Chris Hoffman, IDG
Web applications like Gmail and Google Calendar can also be set as your PC’s default applications for their respective purposes. That means whenever you click an email address on the web or in any other program on your computer, Windows will automatically open a new email draft with that address present within Gmail in Google Chrome. Gmail will normally ask you to set this up when you start using it, so you may have already granted it default email client status.
Beyond that, it’s a good idea to bookmark web apps you use regularly within your browser’s bookmarks toolbar for easy ongoing access. That way, you can get to those quickly by pressing Ctrl+Shift+B from anywhere on the web.
You may also want to pin especially common applications like Gmail so they’re always ready to go. Check out my collection of Windows browser tab tricks for even more ideas!
Get Windows knowledge in your inbox with my free Windows Intelligence newsletter — three new things to try every Friday and free in-depth Windows Field Guides as soon as you sign up.
Ah, the holidays. No matter what manner of winter celebration you prefer (I’m a Festivus man myself), late December is a fine time for kickin’ back and collecting your thoughts for the coming year.
That means it’s also a fine time for contemplating that crazy little computer in your pocket and the steps you can take to make it even more powerful — ’cause guess what? A few minutes of tuning up now will make your life measurably easier throughout all of 2025. Think of it as a gift to yourself — one that keeps on giving and, best of all, doesn’t cost you a single dime.
In case you missed any of ’em the first go-round or maybe just didn’t have the time to try everything out, here are some of my favorite productivity-boosting Android tips from Android Intelligence in 2024.
So pour yourself some cocoa, polish up the ol’ Festivus pole, and give yourself the gift of finely tuned technology — and be sure to sign yourself up for my free Android Intelligence newsletter, too, so you can get my best Android tips in your inbox all year round (and get a free copy of my awesome Android Notification Power-Pack the second you sign up!).
Google’s next big Android version has an extremely useful new nuisance-reducer — and with a teensy bit of crafty configuration, you can bring a similar superpower to any Android device this instant.
These out-of-sight Android shortcuts can make you meaningfully more efficient — if you (a) figure out how to tap into their full potential and (b) remember to use ’em.
We all love getting new gadgets, but what to do with the old ones? Here are 25 clever ways to put all your old Android phones and tablets to good use, too.
Thanks as always for reading, and happy holidays to you and yours!
Ah, the holidays. No matter what manner of winter celebration you prefer (I’m a Festivus man myself), late December is a fine time for kickin’ back and collecting your thoughts for the coming year.
That means it’s also a fine time for contemplating that crazy little computer in your pocket and the steps you can take to make it even more powerful — ’cause guess what? A few minutes of tuning up now will make your life measurably easier throughout all of 2025. Think of it as a gift to yourself — one that keeps on giving and, best of all, doesn’t cost you a single dime.
In case you missed any of ’em the first go-round or maybe just didn’t have the time to try everything out, here are some of my favorite productivity-boosting Android tips from Android Intelligence in 2024.
So pour yourself some cocoa, polish up the ol’ Festivus pole, and give yourself the gift of finely tuned technology — and be sure to sign yourself up for my free Android Intelligence newsletter, too, so you can get my best Android tips in your inbox all year round (and get a free copy of my awesome Android Notification Power-Pack the second you sign up!).
Google’s next big Android version has an extremely useful new nuisance-reducer — and with a teensy bit of crafty configuration, you can bring a similar superpower to any Android device this instant.
These out-of-sight Android shortcuts can make you meaningfully more efficient — if you (a) figure out how to tap into their full potential and (b) remember to use ’em.
We all love getting new gadgets, but what to do with the old ones? Here are 25 clever ways to put all your old Android phones and tablets to good use, too.
Thanks as always for reading, and happy holidays to you and yours!
Apple has been accused of knowingly financing a trade characterized by atrocities in criminal litigation launched by the Democratic Republic of Congo (DRC). It relates to use of so-called “blood minerals” in its devices.
While Apple will be the first tech firm to be targeted, it is unlikely to be the last, given that every digital device makes use of these materials.
The accusations reflect an unfortunate truth: that to some extent, the digital world and the devices used to drive it are built on slavery and other forms of human misery.
That’s the take-home message at the heart of the litigation. It claims Apple’s supply chain is contaminated by “blood minerals” (also called “conflict minerals”) sourced in sub-Saharan Africa. Criminal complaints have been filed against subsidiaries of Apple in France and Belgium. In its complaint, the DRC argues that by enabling such contamination within its supply chain, Apple is contributing to atrocities taking place across the region.
What exactly are blood minerals?
They are rare materials, in this case including tin, tantalum, and tungsten, that are extracted by various forms of coerced labor, including slave and child labor, at mines controlled by armed groups in eastern Congo. These materials are in enormous demand across tech.
To understand the vast suffering generated by the hugely profitable trade, it is important to note that the region has an estimated $24 trillion value of these materials remaining to be tapped — and also has one of the world’s poorest populations. Blood minerals fuel instability and conflict, with armed groups using the profits to purchase weapons, creating a never-ending cycle of violence and misery. Millions have died as a result of the ongoing conflict. This is far from being a new problem.
While attempts have been made to mitigate this trade by use of various verification schemes, it remains highly possible that at least one and possibly all of the electronic objects that you use contain at least some minerals sourced from this exploitation.
After all, tin, tantalum, and tungsten are used in solder, semiconductors, batteries, memory, RF filters, and microprocessors, all of which you’ll find in almost any digital device.
Most manufacturers have adopted some form of policy concerning the trade. In fact, the denials of any involvement in the mining and use of conflict minerals are so strong you’d be forgiven for wondering how the trade actually makes any money. But that plausible deniability may not be all it seems.
Apple perhaps not the biggest culprit
While it is the whipping horse for this litigation, Apple may not be the biggest culprit. Eager to be recognized for its “values,” Apple has made big commitments to responsible sourcing, saying that while it doesn’t source materials directly, it does require its suppliers to source materials responsibly.
“In 2023, 100 percent of the identified tin, tantalum, tungsten, gold (3TG), cobalt, and lithium smelters and refiners in Apple’s supply chain completed assessments to verify compliance with our standards,” the company said last year. “We work with third-party audit programs at an industry-wide level to identify environmental and social, and governance risks at the smelter, refiner, and mining levels.”
The company also sits on the steering committee of the Responsible Minerals Initiative (RMI).
Apple will presumably soon publish its 2024 Conflict Minerals Report, as required by the SEC. Its last report covering 2023 appeared in March 2024. In it, Apple confirmed that it removed 14 smelters and refiners unwilling to face an audit to ensure lack of involvement in the conflict minerals trade. The company has cut ties with 25 manufacturing supplier facilities and 231 suppliers since 2009.
“We view removing a supplier from our supply chain as a last resort, because in our experience, it does not provide workers with needed remedy and could allow violations to continue elsewhere in the industry,” Apple said in its report.
“Based on our due diligence efforts, including analyzing the information provided by third-party audit programs, upstream traceability programs, and our suppliers, we found no reasonable basis for concluding that any of the smelters or refiners of [tin, tungsten, tantalum, and gold] determined to be in our supply chain as of December 31, 2023, directly or indirectly financed or benefited armed groups in the DRC or an adjoining country,” that report said.
A reliance on systemic wrongdoing?
The DRC’s litigation doesn’t buy some of Apple’s arguments, claiming instead that the company is using them to mask the damage it is doing.
In a press release supplied by Amsterdam & Partners, the litigants claim Apple uses minerals laundered through international supply chains. It is also accused of “using deceptive commercial practices to assure consumers that the tech giant’s supply chains are clean.”
Reuters reports that the complaint filed in France states, “It is clear that the Apple group, Apple France and Apple Retail France know very well that their minerals supply chain relies on systemic wrongdoing.”
The claim points to Apple’s use of the International Tin Supply Chain Initiative (ITSCI), arguing that Apple is using the discredited monitoring and certification scheme to falsely claim its supply chain is clean. The RMI — a group Apple helps steer — rejected ITSCI two years ago.
The criminal complaint cites research from the United Nations, US State Department, and international NGOs that shows an extensive laundering enterprise through the illegal trade in conflict minerals sourced from Congolese territory.
“These organizations have demonstrated the dependent nature of relationships between perpetrators of this looting and some of the biggest producers of consumer electronics, such as mobile telephones and computers, and companies in the automotive, aviation and renewable energy sectors,” the press release explains.
A need for a united front
That may be true, and Apple may be able to defend itself using the same argument.
To truly combat this trade, a true industry-wide commitment must be reached, regulated or self-regulated. In its absence, conflict laundering will continue to be a problem.
Paula Pyers, Apple’s then Senior Director of Supply Chain Social Responsibility, said as much in 2017: “If more companies do not come to the table to press for change through their own supply chains, particularly in the absence of regulation, the types of systemic change we are all seeking are frankly not going to occur.”
Ultimately, the situation is hard to clarify, in part because alongside the conflict minerals there are also thousands of informal small-scale mines and miners, with some of the world’s poorest people taking great risks to make some money. Corruption and instability at some otherwise ‘clean’ mining sites means conflict minerals can still get into the system, making it next to impossible to deliver a cast-iron guarantee.
The inability to make that guarantee forms part of the argument the DRC is making in this case.
However, it also forms part of Apple’s counter-argument, giving it the power to say that it is already doing everything it can to combat the trade using what resources it has available.
The truth of that argument will be for the courts to decide.
Putting them out of business
The biggest way to prevent any illicit trade is simply to stop using the products based on it.
Its most recent Environmental Progress Report promises that cobalt, tin soldering, gold plating, and rare earth elements will all be 100% recycled by 2025. Already, “more than 99 percent of the tungsten in our products comes from recycled sources,” the company said.
While the criminal lawsuit against Apple may generate problems, it may also give the company a podium from which to promote the need for a more unified approach to policing the trade in blood minerals. It will certainly give it a pulpit from which to preach its move to recycled components and work toward a circular manufacturing system.
What the truth of the matter turns out to be will be for the courts to decide.
You can do a lot more with generative AI (genAI) in Google Sheets than get help writing spreadsheet formulas. Thanks to extensions such as Claude for Sheets, you can also do things like:
Determine whether text sentiment is positive, negative, or neutral
Classify text into categories
Extract email addresses, phone numbers, and other entities from plain text
And you can do this without having to write computer code in a language like Python.
Instead, you only need spreadsheet formulas as simple as:
=claudeExtract("sentiment of positive, negative, or neutral", A2)
Let’s see how to implement some of these use cases with the help of Claude for Sheets, an add-on for Google Sheets offered by Anthropic, maker of the Claude family of large language models (LLMs).
Just remember:
LLMs aren’t always accurate. The more important your task, the more effort you should put into checking Claude’s results.
Think twice about sending sensitive data to an LLM. If it’s corporate data, follow company policies.
Claude for Sheets costs money to use. It’s a pretty trivial amount for moderate amounts of text, but understand the pricing if you’ve got a massive data set. (Although for a lot of data, performance will be slow and you’re probably better off with another solution.) More on pricing in a bit.
Claude for Sheets setup
You’ll need two things in addition to a Google account in order to run Claude for Sheets: an Anthropic API key and the Claude for Sheets extension.
You can get an Anthropic API key by creating a free account. Once you log in, your dashboard home page should show an option to create API keys.
You can request an API key from the Anthropic dashboard home page.
Sharon Machlis / IDG
Click the button to create a key and heed the warning to copy your API key (just a string of characters) when it appears — once you close that dialog box, you won’t be able to access it again on the Anthropic website. Store the key securely, just as you would a password.
You’ll likely need to add some money to your Anthropic account before you can use the Claude API. You shouldn’t need much unless you’re uploading a lot of data. (I added $20 months ago and still have more than half left — and I’ve coded public-facing apps using Claude in addition to playing with Sheets.)
You need to set up Claude for Sheets in each spreadsheet where you want to use it. Create a new Google spreadsheet and go to Extensions > Claude for Sheets > Open Sidebar. Then click on the sidebar’s hamburger menu (three horizonal lines), choose Settings, and click on API provider. You want to choose Anthropic. Enter your API key where it says the key is missing.
Choose a default model to use in Claude for Sheets. Haiku is the smallest and least expensive.
Sharon Machlis / IDG
As of this writing, Haiku costs 80 cents per million tokens in and $4 per million tokens out. One million tokens is roughly 4 million characters or 750,000 English words. The priciest and most powerful model, Opus, is $15 per million input and $75 per million output. The middle model, Claude 3.5 Sonnet, is $3/M in and $15/M out.
Whatever you choose as the default model for a spreadsheet, you can override it by specifying a different model in the formulas you create, as we’ll see in the examples below.
Case 1: Sentiment analysis
Start by entering the text you want to analyze in your A column. I entered the following five sample “review” text blurbs into my spreadsheet’s A column (ReviewText), one item per row:
ReviewText
Sentiment
The new iPad Mini 7 has a great display, speedy response, and is light enough to hold for long periods of time. It’s a significant upgrade from my old (ancient?) iPad 5. My lone nit is that the form factor is thicker and less sleek now due to the change in connectors, but I’m still glad I upgraded.
This desktop computer has a better processor and can handle much more demanding tasks such as running LLMs locally. However, it’s also noisy and comes with a lot of bloatware.
The charger is affordable and does exactly what I want.
This charger doesn’t work like I expected.
This charger seems like a great value – until you try to use it. The connection is flakey and my device often ends up not fully charged overnight.
In column B (Sentiment) — more specifically, in cell B2 next to my first text item, I added the formula
=claudeExtract("sentiment analysis of 'positive', 'negative', or 'neutral’", A2, "claude-3-5-haiku-latest", "temperature", 0)
And then I clicked and dragged the formula down the rest of the rows next to cells with text.
Here’s an explanation of the formula.
=claudeExtract uses the syntax claudeExtract(property, text, model, argumentValuePairs)
Property is defined in the help file as “The property to extract from the text, e.g. ‘phone’.” For this case, I used a property of “sentiment analysis of ‘positive’, ‘negative’, or ‘neutral’” since that’s what I want Claude to extract from my text.
Text is my source cell location. If my first row of text is in cell A2, text value will be cell A2. Clicking and dragging the formula down the rest of the column applies it appropriately to the other text cells.
Although I chose a default model in Claude for Sheets main settings, I specified a model in the formula too so I could add optional arguments at the end of the formula. Google Sheets formulas don’t like it if you skip expected parameters when adding more at the end. Anthropic’s Model names documentation helpfully lists the specific syntax to use in formulas for each of its available models. In this case I chose claude-3-5-haiku-latest — which specifies the latest available version of the Claude 3.5 Haiku model.
The one optional argument I added was to set the model’s temperature to 0. An LLM’s temperature tells it how much randomness to use. Should it opt for the most likely result again and again (low temperature) or try to mix things up a bit (higher temperature)?
It’s sometimes helpful to view temperature as a measure of model “creativity.” Higher temperature can be nice when chatting with an LLM, so it doesn’t sound robotic and repetitive. However, for technical tasks, “more likely to be accurate” is a better idea than “be creative,” and that means lower temperatures. Anthropic advises: “For multiple-choice or analytical tasks, you’ll want [temperature] close to 0.”
Note: This ability to set model parameters like temperature is one advantage of using the LLM’s API via a spreadsheet or computer programming instead of a free chatbot without granular temperature control.
Results
Below is Claude’s sentiment analysis on my sample text. I agreed with all of them:
Haiku: Sentiment analysis
ReviewText
Sentiment
The new iPad Mini 7 has a great display, speedy response, and is light enough to hold for long periods of time. It’s a significant upgrade from my old (ancient?) iPad 5. My lone nit is that the form factor is thicker and less sleek now due to the change in connectors, but I’m still glad I upgraded.
positive
This desktop computer has a better processor and can handle much more demanding tasks such as running LLMs locally. However, it’s also noisy and comes with a lot of bloatware.
neutral
The charger is affordable and does exactly what I want.
positive
This charger doesn’t work like I expected.
negative
This charger seems like a great value – until you try to use it. The connection is flakey and my device often ends up not fully charged overnight.
negative
Two important tips:
If you see errors or delays in some cells, you can ask Claude for Sheets to recalculate those by opening the Claude extension’s dropdown menu (Extensions > Claude for Sheets) and clicking on Recalculate all “DEFERRED / THROTTLED / #ERROR! Cells.
Claude may not finish all your spreadsheet calculations in one pass. If that happens, you can ask it to recalculate cells with missing values via the Extensions menu.
Sharon Machlis / IDG
To keep results from updating — which might change them and costs more API money — copy and paste the column values only (excluding the formulas) to a new column and then delete the original column with formulas. Anthropic says Claude for Sheets results are cached for a week, so opening the spreadsheet again after a week may cause everything to recalculate.
Case 2: Text classification into categories
For this test, I took a few social media posts about the R programming language (often used for data analysis), genAI tools, and other topics — some modified to try to make the topics slightly less obvious — and asked Claude to categorize them as Data, Generative AI, Security & Privacy, or Other.
I used the same workflow as above, just changing the formula’s property text using natural language instructions:
=claudeExtract("one or more categories among 'Data', 'Generative AI', 'Security & Privacy'. If more than one apply, include all. If none apply, say 'Other'.", A2, "claude-3-5-haiku-latest", "temperature", 0)
Results weren’t bad but were imperfect. The Haiku model didn’t apply both Security & Privacy and Generative AI to the text about LLM vulnerabilities, and it didn’t know that R involves data.
Haiku: Text categorization
Kyle has some great resources for using the GIS data sets he mentions, especially “Analyzing US Census Data: Methods, Maps, and Models in R” and the tidycensus package
data
OpenAI today announced new model 4o — basically 4o preview out of preview — it says is better and faster than the preview version. And multimodal. Also a new “pro” tier for ChatGPT and its 4o model, at an eye-popping $200/month.
generative ai
An Introduction to R is a free online book by several professors (Univ of Aberdeen, Danish Technical Univ) and R practitioners that aims to, well, introduce you to using R. If you teach R, feel free to use some or all of the content in this book [with attribution]”. https://intro2r.com
other
Prompt injection and supply chain vulnerabilities remain the main LLM vulnerabilities but as the technology evolves new risks come to light including system prompt leakage and misinformation. https://www.csoonline.com/article/575497/owasp-lists-10-most-critical-large-language-model-vulnerabilities.html
security & privacy
This story “tracked thousands of US military & intel personnel coming & going from classified sites, incl. NSA hubs & nuclear vaults. We know where they sleep, what they eat, and which brothels they visit. It’s an ocean of blackmail & national secrets within reach of every spy agency in the world.”
data,security & privacy
“Logging on to Bluesky for the first time felt a bit like walking into your apartment after a professional deep clean. The layout is the same, as are the appliances and furniture. But it just felt good to be there. I wanted to hang out.”
other
When I tried with the Sonnet model (by swapping in claude-3-5-sonnet-latest as the model name), it did apply both categories to the LLM security text but also couldn’t recognize the R blurb as being data-related. The Opus model (claude-3-opus-latest) didn’t know R is data-related either.
My conclusion on categorizing text after this and other experiments: Either the text needs to be fairly straightforward about topics, or the prompt should include specific instructions about phrases likely to show up in your data that the LLM doesn’t know how to classify. In other words, experiment a bit and add examples or more detailed explanations when needed. When I added “Text about the R programming language is topic Data.” to the end of my prompt’s property text, Haiku applied “data” to my R-related posts.
Case 3: Entity extraction
I used some sample text to test extracting email addresses and phone numbers. The text was originally generated by a chatbot (Perplexity), and I modified it a bit. I then added that text to a new tab on the spreadsheet, and inserted the following formulas in columns B and C:
The team is at marketing@company.com and (914) 737-9938. Headquarters is @ 512 Main St.
914-737-9938
marketing@company.com
John Smith from accounting (j.smith@business.net) will be out of office until Friday. For urgent matters, reach him at 888-555-9012.
888-555-9012
j.smith@business.net
Contact support: help_desk@tech.org or 1-800-555-3456 Technical issues? sarah.tech@company.com For appointments: +1 (444) 867-5309
1-800-555-3456, +1 (444) 867-5309
help_desk@tech.org, sarah.tech@company.com
Meeting notes from yesterday: – Dave (d.wilson@dept.com) will handle the project – Marketing team contact: marketing@company.com / 555.777.8888 – Emergency line: 911-555-0123
555.777.8888, 911-555-0123
d.wilson@dept.com, marketing@company.com
Please forward any invoices to billing@finance.com or fax to (777) 555-0147
777-555-0147
billing@finance.com
Trying to extract company names was tougher, since it’s a lot easier to spot phone number and email address patterns than to know the difference between a company name and a product name.
I tested company and product extraction with some recent headlines and summaries from Computerworld’s home page, asking simply for “companies” and “products” in my formulas. Haiku’s results:
Haiku: Company and product name extraction
Text
Companies
Products
10 steps to smarter Google account security Give yourself some added peace of mind by giving your Google account a thorough set of security reinforcements, both on Android and your desktop.
Google
Google account, Android, desktop
How ChatGPT works with iOS 18.2 iPhones and Siri Apple Intelligence is about to receive its first important update — introducing ChatGPT access.
ChatGPT, iOS, Apple, Siri
ChatGPT, iOS 18.2 iPhones, Siri, Apple Intelligence
OECD: GenAI is affecting jobs previously thought safe from automation Though the technology will likely lead to new jobs, they may not benefit those who lost work due to automation.
OECD
GenAI
Microsoft moves to stop M365 Copilot from ‘oversharing’ data The generative AI assistant can surface sensitive information in over-permissioned files, a growing concern for businesses testing the technology. Microsoft is adding new features to SharePoint and Purview to make it easier to control what the tool can access.
Microsoft
Microsoft 365 Copilot, SharePoint, Purview
It was a bit disappointing that Haiku tagged ChatGPT, iOS, and Siri as companies. Sonnet did better on that one overall but worse on the last listing, adding two products as companies along with Microsoft:
Sonnet: Company and product name extraction
Text
Companies
Products
10 steps to smarter Google account security Give yourself some added peace of mind by giving your Google account a thorough set of security reinforcements, both on Android and your desktop.
Google
Google account
How ChatGPT works with iOS 18.2 iPhones and Siri Apple Intelligence is about to receive its first important update — introducing ChatGPT access.
Apple
iOS 18.2, iPhones, Siri, ChatGPT
OECD: GenAI is affecting jobs previously thought safe from automation Though the technology will likely lead to new jobs, they may not benefit those who lost work due to automation.
OECD
GenAI
Microsoft moves to stop M365 Copilot from ‘oversharing’ data The generative AI assistant can surface sensitive information in over-permissioned files, a growing concern for businesses testing the technology. Microsoft is adding new features to SharePoint and Purview to make it easier to control what the tool can access.
Microsoft, SharePoint, Purview
M365 Copilot, SharePoint, Purview
When I tried the pricey Opus model, it got rows 2-4 correct but added Android as a company on the first row. My conclusion: I either need to give these models better prompts and more examples for a task like this or tolerate some inaccuracies.
However, models continue to improve, and a task that’s beyond their capabilities now may work better a few months down the road.
For the sake of comparison, I gave all this text to OpenAI’s new o1 model in the ChatGPT Plus chatbot and asked it to extract products. Those results were better: o1 correctly identified Google account, Android, ChatGPT, iOS 18.2, iPhones, Siri, M365 Copilot, SharePoint, and Purview as products.
And it was the only model to extract just Google, Apple, and Microsoft as “companies” — OECD, the Organisation for Economic Co-operation and Development, is not technically a company. When I asked o1 to extract both companies and organizations, it responded: Google (company), Apple (company), OECD (organization), and Microsoft (company).
(OpenAI doesn’t have its own extension for Google Sheets, although there are some paid third-party applications.)
Meanwhile, though, if you can tolerate some imperfect results and less than top-speed performance, you can start doing LLM-based natural language processing right within a spreadsheet. As Ethan Mollick, author of Co-Intelligence: Living and Working with AI, advised on Bluesky recently:
“I think firms worrying about AI hallucination should consider some questions:
1) How vital is 100% accuracy on a task?
2) How accurate is AI?
3) How accurate is the human who would do it?
4) How do you know 2 & 3?
5) How do you deal with the fact that humans are not 100%?
AI is everywhere, but from where I sit, there are some strong signals that suggest the road to AI Everywhere is going to be a long-distance endurance race, rather than a sprint.
While these tools are seeing a lot of use since ChatGPT burst upon the scene, they are also generating lots of cost — and despite all the marketing, it still isn’t really clear if consumers are buying hardware based on ‘AI Inside.’ (Though it is already clear that workers are using AI in the shadows).
Even iPhone users — usually the fastest adopters of cutting-edge tech — seem to want convincing that AI is all it’s cracked up to be.
It’s almost as if people purchasing these products are a little turned off by a technology that threatens to destroy their employment, exacerbate wealth inequalities, and supercharge surveillance advertising in exchange for email summaries and a search engine powerful enough to help you file your next welfare benefit claim.
A recent survey of 2,000 US smartphone users by trade-in site SellCell found that 73% of iPhone users and 87% of Samsung users say the AI features they have been provided with in the latest software updates are adding little or no value. Samsung introduced its first genAI smartphone in March this year, while Apple rolled out Apple Intelligence with iOS 18.1 in October.
The survey was taken before Apple introduced iOS 18.2, and while it can’t be seen as representative, I think it shows that the expectation that AI will somehow deliver a big bump in device and PC sales may be misplaced — though server sales will see a big spike as service providers and businesses implement AI in their systems.
This doesn’t mean iPhone users aren’t interested in AI. Among iOS users who responded to the SellCell survey, 47.6% called it “key” in choosing a new phone; just 23.7% of Samsung users felt the same way. It may also matter that 21.1% of smartphone users already see AI as a very important deciding factor when choosing a new device.
What are the most popular AI features on phones?
While the survey does show there’s some journey to go before the promise of AI resonates fully with its audience, it also reveals which of the features made available in iOS 18.1 (pre-Genmoji) most interested users: Writing Tools (72%), Notification summaries (54%), Priority Messages (44.5%), Clean Up in Photos (29.1%), and Smart Reply in Mail and Messages (20.9%).
For comparison, Samsung AI users checked out thusly: Circle to Search (82.1%), Photo Assist (55.5%), Chat Assist (28.8%), Note Assist (17.4%), and Browsing Assist (11.6%).
It’s clear that Apple’s decision to Sherlock Grammarly (and do it privately) has given the company its most attractive suite of AI tools. People like tools that help them do everyday things better, it seems.
That desire for enhanced productivity is also what is driving employees to use AI services for their work, sometimes to the detriment of security policies and customer privacy.
At this stage in AI deployment, consumers still need convincing, and companies still need time to think about how best to deploy the tech — though a recent CCS Insight survey of business leaders showed that 82% are in the process of deployment. We are early in the mass adoption curve, and in that environment, taking a cautious and deliberate stance to adoption seems to be the best way to avoid falling into any unexpected disasters. Which is, oddly enough, how Apple has been approaching the topic since the get-go.
Will you pay for AI?
While I don’t see platform-wide AI as anything like the same animal as the fast-growing assemblage of customized focused AI services for specific industries and tasks, it still feels like the opportunity to monetize general purpose mass-market AI services remains some way off.
Apple users are a little more ready.
They are a lot more likely to consider investing in AI subscriptions (which may yet justify OpenAI’s gamble to offer its services through Apple’s kit), but subscription is a trickle, rather than a flood. The survey tells us 11.6% of them are likely to pay for a subscription to use AI services, in contrast to just 4% of Samsung users.
However, most smartphone users (86.5% of iPhone users and 94.5% of Samsung users) said they would not pay to use AI.
The decision seems pretty polarized in that just 1.9% of Apple users aren’t sure if they’d pay or not — in other words, there’s a pretty clear division between the two sides. That means the task of convincing people to adopt is already entirely based on showing those refuseniks compelling usage cases that help them come to terms with, trust, and develop the desire to use AI in some way.
Gathering the tribes
Eroding this resistance and bestowing these services with an increased perception of value will clearly be part of the product management journey for Apple AI, and every other kind of artificial intelligence. It may well be that as the uses of these tools become more widespread, people’s enthusiasm will increase. It is worth noting that at some point prior to the introduction of Apple Intelligence, some reports were claiming that some inside Apple themselves remained uncertain if the first echelon of tools to ship would resonate with consumers.
They may find themselves slightly relieved that while AI features don’t seem to grab the attention of every iPhone user, the ones who are making use of the tools seem pretty enthusiastic. iPhone users are also trying the new AI services as they appear, with 41.6% of those owning an iPhone that supports them confirming they’d used them, mostly writing tools, notification summaries, and priority messages.
What does this tell us?
I think it tells us that the current trend of just waving at a gadget that happens to support genAI and calling it an “AI smartphone” or an “AI PC” — or, in Apple’s case, a “complete mobile to PC AI ecosystem” — may need to be refined.
People need to feel more trust in these solutions, want to be convinced that potential damaging use is mitigated against, and most of all want applied use cases in which the tech can be applied in positive, life-enhancing ways. It’s also possible that the hype of AI is already behind us, and that now the search must shift to identifying those compelling instances in which the tech addresses significant human need.
Despite low unemployment in the IT industry, IT hiring has slowed over the past two years and is expected to plateau in 2025 as employers prioritize experienced candidates with specialized skills, according to three new studies. They found that companies are shifting from volume hiring to “quality hiring,” leading to fewer roles for tech job candidates.
Staffing firm ManpowerGroup, which just published its Q4 report on hiring, claimed IT hiring leads all other professions in the US but predicted employers will still pull back on hiring next year because of “economic uncertainty.”
“As we move into 2025, we’re seeing stable year-over-year hiring trends, with employers holding onto the talent they have and planning muted hiring for the quarter ahead,” said Jonas Prising, ManpowerGroup Chair & CEO.
Overall, the studies by ManpowerGroup, online hiring platform Indeed, and Deloitte Consulting showed that IT hiring will increasingly be based on having flexible skills that can meet changing demands. “Employers know a skilled and adaptable workforce is key to navigating transformation, and many are prioritizing hiring and retaining people with in-demand flexible skills that can flex to where demand sits,” Prising said.
Becky Frankiewicz, president of the North America Region at ManpowerGroup, said that while hiring plans remain steady, a closer look at the data indicates employers will adopt a more strategic approach in the first quarter of 2025, with a focus on retaining existing talent and prioritizing in-demand skills in areas like IT, financial services, and manufacturing, she said.
“Real time, we are seeing companies take longer to make a hire — and seasonal hiring patterns are changing too, [with] more hiring earlier on in the season and less intense [during] holiday periods,” Frankeiwicz said. “This tells us this isn’t your typical cycle. We’re watching the labor market normalize at different speeds across industries. It’s a sign that organizations are adapting and becoming more precise in their workforce planning.”
ManpowerGroup
Indeed economist Cory Stahle said the latest US jobs data shows increased IT hiring, indicating stability heading into the new year. At the same time, Stahle reiterated past assessments by others of a potential cooling, as companies continue to rebalance after a hiring surge in 2021 and early 2022 driven by pandemic-related demand for tech services.
Quit rates also reflect labor market dynamics and job seeker confidence. A declining quit rate could signal lower enthusiasm, as workers are less confident in finding new jobs, according to Indeed. After rising sharply during the “Great Resignation” of 2021-2022, the quits rate has steadily declined, Indeed said. In September, it hit 1.9%, its lowest since July 2015, before rising to 2.1% in October.
The pullback in job postings, particularly in tech, likely affects job seekers’ confidence, Indeed said.
Additionally, generative artificial intelligence (genAI) is affecting entry-level hiring, as more and more repetitive or lower-level jobs, such as helpdesk tasks, get automated. Those jobs can often be handled by AI agents such as Microsoft 365 Copilot, Amazon CodeWhisperer, and IBM Watson Assistant.
Indeed
“Right now, genAI appears to have the greatest potential impact on knowledge workers,” Stahle said. “Recently released Hiring Lab research shows that genAI often does well with theoretical tasks like creating a recipe and does less well at hands-on tasks like making food.”
AI isn’t replacing jobs so much as it is reshaping the nature of work, said Elizabeth Lascaze, a principal in Deloitte Consulting’s Human Capital practice. She, too, sees evidence that entry-level roles focused on tasks like note-taking or basic data analysis are declining as organizations seek more experienced workers for junior positions.
“Today’s emerging roles require workers to quickly leverage data, generate insights, and solve problems,” she said, adding that those skilled in using AI, such as cybersecurity analysts applying AI for threat detection, will be highly sought after.
Although the adoption of AI has led to some “growing pains,” many workers are actually excited about it, Lascaze said, with most employees believing it will create new jobs and enhance their careers. “Our survey found that just 24% of early career workers and 14% of tenured workers fear their jobs will be replaced by AI,” Lascaze said. “Tenured workers are more likely to lead organizational strategy, so they may prioritize AI’s potential to improve efficiency, sophistication, and work quality in existing roles rather than AI’s potential to eliminate certain positions.
“These workers reported being slightly more focused on building AI fluency than early-career employees,” Lascaze said. “With so many early-career employees reporting excitement around using AI, organizations should establish reverse mentorship opportunities where tenured staff can learn the ropes.”
GenAI-related jobs are still rare, accounting for about two in 1,000 nationwide as of October. But they are growing quickly, according to Indeed.
Along those lines, a new report by online interview platform Karat found that the share of US engineering leaders now hiring for AI engineer roles (60%) has nearly doubled compared to last year (35%) – and they’re prioritizing AI skills:
AI engineering (74%)
Integrating AI functionality into products via API (62%)
Data science (58%)
The arrival of AI and genAI tools in the workplace has meant increased workloads and higher expectations for many workers. Both are major AI-related career issues: Indeed’s recent survey on genAI’s impact on workers found that 77% of AI users reported heavier workloads, yet nearly half were unsure how to use AI for efficiency.
Many of Indeed’s survey respondents said they face a lack of training, AI quality issues, ethical concerns, and disappointment with AI tools. That’s a critical mismatch with the 96% of C-suite leaders who expect AI to boost productivity, which is unlikely to happen until they align AI tools and training with workforce capabilities and expectations, the survey indicated.
Indeed
Deloitte’s own survey found 68% of older workers — and 83% of early-career workers — now use AI. Tenured employees with AI experience remain just as likely to embrace AI when given the right learning opportunities. And that opens the door for internal training possibilities.
“An internal AI skills marketplace could connect them with projects to apply their skills and enhance strategic planning,” Lascaze said. “Formal mentorship programs, where early-career employees are paired with tenured staff, can become safe places for junior staff to experiment with problem-solving, learn how to navigate their careers and deepen their interpersonal skills.”
Microsoft released 74 updates in its December Patch Tuesday update, with patches for Windows, Office and Edge — but none for Microsoft Exchange Server or SQL server. One zero-day (CVE-2024-49138) affecting how Windows desktops handle error logs requires a “Patch Now” warning, but the Office, Visual Studio and Edge patches can be added to your standard release schedule. There are also several revisions this month that require attention before deployment, including two (CVE-2023-36435 and CVE-2023-38171) that will need extensive testing.
Other than the Roblox issue, Microsoft has published a reduced set of known issues for December:
There have been reports that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process. Microsoft has offered several mitigation options for those still affected.
For those still on Windows Server 2008 you might receive warnings that Windows Update failed to complete successfully. Microsoft is working on this issue and expects a fix to be released soon. Many users will now have to move to the second stage of “Extended Support Updates) or “ESU.”
Major revisions
For the final Patch Tuesday in 2024, there are these revisions to previously released updates:
CVE-2023-36435 and CVE-2023-38171: Microsoft QUIC Denial of Service Vulnerability. This is the third update to this two-year-old series of patches to the Microsoft .NET platform. Rather than a strictly information update, these patches will need to be added to your December release schedule.
CVE-2024-49112 : Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This is a release for this month’s update. This does not happen often, as this patch was only released 24 hours ago. (In fact, due to an error in the documentation, this patch was duplicated in the release notes as well.)
CVE-2023-44487: HTTP/2 Rapid Reset Attack. The update relates to a change in affected software — meaning all recent supported versions of Microsoft .NET and Visual Studio are included in the scope of the patch. Add this to your development update release schedule for the month.
CVE-2024-43451: NTLM Hash Disclosure Spoofing Vulnerability. This late edition revision has been widely reported in the news as it affects older versions of Windows Server (2008 and 2012) and has received some generous technical support from outside Microsoft.
This is an unusual month for revisions, with several patches from 2023 updated in the final months of 2024, with increased scopes and associated testing requirements. The Readiness team advises extra caution addressing both CVE-2023-36435 and CVE-2023-38171.
Windows lifecycle and enforcement updates
There were no product or security enforcements for this update cycle. However, Microsoft has noted that:
“There won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for December 2024. Normal monthly servicing for both security and non-security preview releases will resume in January 2025.”
Each month, we analyze the latest Patch Tuesday updates from Microsoft and provide detailed, actionable testing guidance based on a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and application installations.
For this cycle, we have grouped the critical updates and required testing efforts into different functional areas including:
Networking and Remote Desktop Services
This month’s update addresses key components of Microsoft’s Remote Desktop Services with the following testing guidance:
Test RDP connections over the Microsoft Remote Desktop Gateway.
Try RPC over HTTP/HTTPS pathways while validating Remote Desktop broker features.
Validate WAN port operations (try netsh commands).
Local Windows File System and Storage
Minor changes to the Windows desktop file system will require a test of the ReFS system (light CRUD testing required). Due to changes in how Windows handles non-English characters, a test of Input Method Editors (IME’s) is required for Japanese formats.
Virtual Machines and Microsoft Hyper-V
A minor update to a key virtualization driver will require some traffic testing and monitoring for Microsoft’s Hyper-V and virtualization platforms. While these recent updates are generally low-profile patches to Windows subsystems, we feel that the primary testing this month should focus on validating remote network traffic. The file system and Hyper-V changes require light testing. The goal for most enterprises is to get these Microsoft updates deployed before change control “lock-down” arrives.
Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:
Browsers (Microsoft IE and Edge)
Microsoft Windows (both desktop and server)
Microsoft Office
Microsoft Exchange Server
Microsoft development platforms (ASP.NET Core, .NET Core and Chakra Core)
Adobe (if you get this far)
Browsers
There were just two minor updates for Microsoft Edge this month, with CVE-2024-12053 and CVE-2024-49041 both rated as important. Add these low-profile changes to your standard release schedule.
Windows
Though there is a strong focus on networking, this release also affects the following Windows features:
Windows Remote Desktop and related routing servers
Unfortunately, there is a zero-day (CVE-2024-49138) that has been reported as publicly disclosed and exploited in the wild that affects how Windows creates error log files. Add these Windows updates your Patch Now cycle.
Microsoft Office
Microsoft released nine patches to Office, all rated important. In addition, the company offered some additional security measures and mitigations to the platform with the release of the advisory ADV240002, which covers the following areas:
Perimeter Defense
Network Security
Endpoint Protection
Application Security
This month’s update affects Microsoft Excel, SharePoint and core Microsoft Office libraries. Add these patches to your standard Office release schedule.
Microsoft SQL (nee Exchange) Server
There were no updates for either Microsoft SQL or Exchange server.
Microsoft development platforms
Microsoft released a single update to the experimental AI music project Muzic with CVE-2024-49063. We’ll take this as a “win” with no further updates to Microsoft .NET or Visual Studio.
Adobe Reader (and other third-party updates)
Adobe has released a completely normal, run-of-the mill update to both Reader and Acrobat (Adobe Release notes). This is good news. This update has not been included in the Microsoft release cycle, which is as it should be. Adding to the huge, globally shared sense of relief, Adobe has chosen to modify its patching methodology to fall in line with industry best practices. Long-suffering IT admins have had to create (and maintain) “process workflow exceptions” to handle Adobe updates, usually with complex PowerShell scripts. No longer!
Thank you, Adobe; there is no greater gift than a few less things to do (repeatedly).
For those readers who have enjoyed delving into the deeper details of all things patching, the Readiness team would like to say, “Thank you for the time and attention and we look forward to the New Year.”
The Macy’s accounting nightmare is only getting worse, with the $24 billion retailer telling the SEC on Wednesday that both its annual report from last year and its auditor report “should no longer be relied on.”
Although the amount “hidden” was only $151 million — at the high end of Macy’s original estimate of “$132 million to $154 million” — the retailer said it exposed a massive weakness in its checks and balances procedures.
Macy’s did not get specific about the nature of the flaws, but the problem seems to be that the software charged with monitoring financial transactions was never designed to catch accountants doing what they do best: categorizing numbers in ways designed to make the company’s performance look better than it is.
Such software is typically designed to catch true fraud, such as an employee exfiltrating money out of an enterprise into bank accounts they control, or payments to fraudulent contractors or even simple math errors. Apparently, the Macy’s system had weak safeguards that were easily sidestepped. Accounting officials say these same technology deficits likely exist in every enterprise.
Macy’s “management identified a material weakness in its internal control over financial reporting related to the design of existing internal control activities involving manual journal entries over delivery expenses and certain other non-merchandise expenses, and the reconciliation of the related accrued liabilities,” the SEC filing said. “The Company identified that a single employee, who is no longer with the Company, intentionally made erroneous accounting entries and falsified underlying documentation, to understate delivery expenses from the fourth quarter of 2021 through the third quarter of 2024.”
When Macy’s first reported the incident, it used the word “hidden” and made no reference to “falsified underlying documentation.” Those are big clues about what likely happened.
“The material weakness was the result of deficiencies in the design of controls over delivery expense and certain other non-merchandise expenses, and the related accrued liabilities, whereby the design of the controls did not consider the potential for employee circumvention of these controls,” the company said in its filing, adding there were “failures to obtain, or generate and use, relevant, quality information to support the functioning of these controls, including validation of the reliability of the information.”
Here’s the key “you’ve got to be kidding” point: “The design of the controls did not consider the potential for employee circumvention of these controls.”
Really? The designers for an accounting system managing $24 billion in cash flow never considered that somebody might try to circumvent controls? Like perhaps someone engaged in naughtiness?
The filing also showed some seeming contradictions. It stressed, for example, that this problem was done by just one employee — as though that’s a good thing. Imagine a Pentagon official explaining how 40 nuclear warheads were stolen and said, “I know this sounds bad, but this wasn’t done by a squadron on enemy fighters. This theft was just done by one guy, so all is fine.”
Macy’s also tried to say that this was not that big a deal. “The Company evaluated the errors and determined that the related impact was not material to results of operations or financial position for any historical annual or interim period.”
But by the end of the filing, Macy’s attorneys used a lot of words to essentially say this actually was a big deal.
“As a result of the material weakness in the Company’s internal control over financial reporting described above, on December 10, 2024 the Audit Committee of the Board of the Company determined, based on the recommendation of management following its consultation with the Company’s independent registered public accounting firm KPMG LLP, that management’s report on internal control over financial reporting as of February 3, 2024…should no longer be relied upon. Additionally, KPMG LLP’s opinion as to the effectiveness of the Company’s internal control over financial reporting as of February 3, 2024 included within the Report of Independent Registered Public Accounting Firm in the Company’s Annual Report on Form 10-K for the fiscal year ended February 3, 2024, should no longer be relied upon.”
In accounting speak, declaring that their financials are not to be trusted is admitting that this is a big deal. Why? Given the lack of meaningful controls and strong safeguards in this one business unit, there is every reason to believe that the same lack of safeguards exist elsewhere in the company — and according to accountants, in just about every enterprise.
Stefan van Duyvendijk, an industry principal with accounting software vendor FloQast, reviewed Macy’s filing and said that the retailer “is trying to distract people” by implying that the “small package delivery” unit is “the only place where Macy’s has this weakness.”
This happened because that small package area was likely deemed low-risk, van Duyvendijk said, but Macy’s “reviews over journal entries are the same across the company.”
That means Macy’s likely knows that other similar issues could easily crop up — and that is what is tainting all of their reported financials and audits.
The lone employee apparently reported that the small package unit owed less than it really did. “ERP is incapable of catching something like this,” van Duyvendijk said.
For other enterprises, this glaring hole in controls could be worse. The Macy’s problem appears— so far –to be one employee manipulating numbers to make the department look better.
It wasn’t outright fraud or theft. But that’s merely because the employee didn’t try to steal. But the same lax safeguards that allowed expense dollars to be underreported could have just as easily allowed actual theft.
“What will happen when someone actually has motivation to commit fraud? They could have just as easily kept the $150 million,” van Duyvendijk said. “They easily could have committed mass fraud without this company knowing. (Macy’s) people are not reviewing manual journals very carefully.”
Another accounting specialist, JR Kunkle, an auditor and GRC specialist who runs his own consulting firm, Kunkle Consulting, agreed that the ERP and accounting systems used today can’t prevent accounting fraud in the way they should.
“If an individual is hellbent, he can change codes in the software. (Management) is going to rely on the accountant to setup the accruals,” Kunkle said. “Any kind of accounting entry requires judgment.” And today’s business software systems are incapable of reviewing and managing human judgment.
“Once you get inside (the accounting decision process) and there is a judgment factor, ERP can give you data about it, saying that it’s a shipping expense, but I don’t think systems in general can figure out what an accountant should enter,” Kunkle said. “I don’t know that you can automate that.”
Another financial specialist, Emburse CFO Andriana Carpenter, said that the software problem exists, but there areaccounting tactics that can minimize exposure.
“It’s true that most ERPs are not designed to catch erroneous accounting,” she said. “However, there are software tools that allow CFOs and CAOs to create more robust controls around accounting processes and to ensure the expenses get booked to the correct P&L designation. Initiating, approving, recording transactions, and reconciling balances are each steps that should be handled by a separate member of the team. There are software tools that can assist with this process, such as those that enable use of AI analytics to assess actual spend and compare that spend to your reported expenses. Some such tools use AI to look for overriding journal entries that reverse expense items and move those expenses to a balance sheet account.”
The specific problem Macy’s is struggling with could be minimized for others, she said. For example, someone bypassing safeguards can eventually be detected.
“In the event of management overriding accounting controls, leveraging the spend data on an end-to-end spend management platform and using AI analytics can identify this type of override by automatically comparing total spend to your P&L and identifying discrepancies,” Carpenter said. “In the case of this Macy’s accounting error, AI analytics would have identified differences in total payments versus the expense that was being reported.”
The ultimate problem here involves enterprise CIOs and their teams who trust software controls too much. Trusting software to religiously do what it is supposed to do is asking for trouble. Trusting that software to do what it was never designed to do? That is just demanding trouble.
