Your calendars is the default page Calendar 2 shows you, but it’s not all this device can do. There are several tabs you can click through: Lists, Tasks, Rewards, Meals, Recipes, and Photos, then Sleep and Settings. Besides Sleep and Settings, which both relate to different settings on your device, these pages will take some work to become truly useful. Some of these features are also blocked by a paywall. You’ll need a Plus Plan subscription, which costs $79 a year or $8 a month, to get access to Rewards, Meals, and Skylight’s in-app AI tool, Sidekick.
Photograph: Nena Farrell
Meals is easy to start casually using to plan out your meals for the week, but if you have a bunch of homemade recipes you love, you can manually add them to the Recipes tab. Why bother with adding an entire recipe? Because then, when you add that recipe to your meal list for the week, the Skylight will ask if it should also add the ingredients to your grocery list over on the Lists tab. I didn’t love that every time I added one of my recipes manually it would ask if I wanted to add the ingredients to my shopping list, but it’s a reasonable flow of actions and one that could be more useful if I converted to Skylight being my sole grocery shopping list.
I really like the visual aspect of both my family’s calendar and the Meals page. I quickly typed in “Giant Meatball” for one of our dinners to represent a Costco dinner in our fridge and was able to assign it to Friday’s dinner. You can either add items to your meal plan on Calendar 2 itself or in the Skylight app, which provides access to all the same pages you see on the device. The Calendar 2 doesn’t seem to memorize any quick meals I write in, though; I’d have to save them to Recipes to use continually or mark them as a repeating meal on a specific day. I also love that if there’s an event on both my husband’s calendar and mine, the Skylight will only have it on the screen once and will put both colors for our calendars to indicate it’s a shared event.
The Tasks page also works fine if you want a list of tasks for each family member, but even for tasks I set a certain time for, I didn’t see any alerts on the device or my phone. Once I opened the Tasks page, I could see that I was two days late to “Bring Form to Dentist Appointment,” but I think these pages would be easy to ignore. It’s something you’d have to build as a habit and shouldn’t be relied on for a timed task you’d like to complete. Meanwhile, Rewards is linked to tasks, letting you set how many stars you need to earn by completing tasks to earn a reward you’ll set for yourself or other members of your house, such as your kids.
The Paywalled Garden
Photograph: Nena Farrell
My biggest complaint with Skylight is its paywall. Its calendar devices require the Plus Plan ($79 a month or $8 a year) to use all features, including the photo screen saver, which I think is a huge bonus for the device. While Skylight isn’t my favorite digital photo frame, and the 15-inch frame doesn’t have the perfect orientation for showing photos, having the screen saver option turns the device into a great multiuse screen that the entire family can enjoy.
For most of us, desk space is at a premium. Between the computer, keyboard, speakers, and maybe a few photos of your family or a mesh Wi-Fi node, things can quickly feel a little cramped. Desk-mounted accessories make your workspace look and feel better. Mounted office accessories are perfect for standing desks because everything stays firmly in place when you lift and lower your position. Even if you stay seated, these devices can clear some of the clutter off your desktop—and maybe clear your mind a bit by giving yourself some space to focus. As a dedicated clamper, closing in on three decades at a desk, I’ve tried every desk-mounted accessory I could get my hands on. I have a few favorite devices which I’ll share below.
Before you buy any desk-mounted accessory, make sure that you measure your desk and scope out a suitable spot for the clamp. Don’t assume it will fit, since they all have a thickness range, and some desks don’t play nicely with clamps. There’s also a risk that the clamp will discolor or mark your desktop over time, especially if it’s softwood or in direct sunlight.
Monitor Arms
Number one on my list of desk-mounted accessories is monitor arms. With no need for a stand, you can free up a lot of space, and monitor arms enable you to fix your screen at the ideal height and position, making it easy to adjust the angle should you need to. I’m a fan of the dual-monitor setup with a wide-screen in landscape orientation and a portrait monitor on the left because it’s perfect for my workflow.
Ergotron
LX Pro Monitor Arm
I like Ergotron’s monitor mounts because they are seriously sturdy, yet allow for a wide range of movement to get your screen into the sweet spot (the top of the screen should be at eye level and your monitor should be roughly at arm’s length). I use the LX Pro alongside the older Ergotron LX ($189), which has a wider base and can handle more weight. What I like best, compared to other monitor arms I’ve tried, is that my monitors stay properly still once positioned. With some arms, the slightest bump on your desk has your screen vibrating.
Pet Perch
While a dog might be content to curl up at your feet, cats like to be up high. My cats are always jumping on my desk, walking in front of the monitor, and scratching the back of my chair. They also love nothing more than to steal my warm seat when I get up for a coffee. But there is a clamping solution to the pet problem.
Modern chief information security officers (CISOs) face a threat landscape defined by distributed systems, volatile supply chains, and expanding attack surfaces. Platform consolidation is often used to reduce complexity, yet only architectures with deep integration across data, control, and identity planes achieve the intended security benefits. This makes the integration layer a dominant source of enterprise risk.
While unified security platforms promise simplicity, attackers are increasingly bypassing core systems and exploiting the connections between them: API links, OAuth tokens, third‑party apps, and automation workflows. These integrations quietly expand the enterprise trust boundary and introduce new single points of failure. Over‑privileged tokens, undocumented workflows, vulnerable open/closed source components, and fragmented ownership make it possible for attackers to authenticate themselves through trusted integrations rather than breach the platform directly.
All this means that this integrated layer, not the platform itself, is the new enterprise perimeter, meaning CISOs must govern delegated trust with the same rigour as they do for core systems. When converging multiple solutions they must mitigate the inherent security risks that come with single‑point‑of‑failure systems through architectural redundancy and modularity and ensure true integration.
Demand evidence of true integration, not integration theatre
There are several factors that distinguish a true platform from integration theatre. Scrutinising these will show where vendors are using marketing to obscure a lack of genuine integration:
Data: A platform should decouple the data plane from the control plane. At the data layer, it should allow for a single data lake that all security logs feed into and all solutions read from simultaneously. Aggregated data can then be correlated to deliver full visibility across systems and detect sophisticated multi‑stage attacks instead of having multiple databases connected via APIs and sync actions.
Policy orchestration: Policies should be written once, be consistent and propagated across the stack, from endpoints and email to firewalls and intrusion detection systems (IDS), without the need to deploy them through different user interfaces (UIs).
Identity and authorisation: All platform components should integrate through a common identity broker, using a central policy orchestrator to enforce both Role‑Based and Attribute‑Based Access Control consistently across the environment. Multiple logins, inconsistent roles, or fragmented identity experiences are strong indicators of integration theatre rather than true unification.
Interoperability: Integration theatre provides a collection of black boxes with no meaningful influence on each other. Unified solutions, on the other hand, work together and do not just coexist. They use telemetry to provide context and build a complete attack‑path picture, offering seamless connectivity to edge devices and third parties, such as Microsoft Defender’s 57 API connectors or Cisco’s 100+ third‑party integrations.
Architect for resilience, not dependency
Vendor consolidation can simplify environments but also create monocultures and single points of failure. To avoid over‑reliance on any one platform, organisations should adopt a cyber security mesh architecture. This is a central policy source with distributed enforcement across global locations, ensuring that critical controls remain functional even if the core platform fails. Pairing the platform with best‑of‑breed niche tools preserves flexibility and reduces vendor lock‑in. The Q3 2025 Forrester Zero Trust Landscape reinforces the view that zero-trust has to be an overall strategy, not a single product. This can then build higher resilience, greater architectural flexibility, and a reduced likelihood that systemic platform failure will lead to business disruption.
Govern the integration layer as a first-class asset
With integrations now acting as primary vectors of delegated trust, organisations must treat them with the same scrutiny as they would for any core security asset. This requires continuously inventorying all integrations, enforcing least‑privilege API scopes, mandating short‑lived and automatically rotated credentials, and applying real‑time anomaly detection to API behaviour. Threat modelling must precede deployment, and integration risk must be embedded into third‑party governance frameworks.
When exposure is high, organisations should rapidly map critical integrations, assess token lifetimes and privilege levels, and execute targeted remediation such as rotation, down‑scoping, monitoring, or removal. They should create a tightly controlled blast radius, a hardened identity perimeter, and a measurable reduction in delegated trust risk as these are the very factors attackers increasingly exploit.
Organisations that succeed will be those that govern the integration layer with the same discipline as the platforms themselves. That means CISOs must look beyond vendor claims and examine how data, identity, and policy truly operate. Authentic platforms share telemetry, policy engines, and a unified identity layer, while theatrical ones rely on brittle connectors.
But they need to recognise that even the strongest platform reshapes risk rather than removing it. To prevent the platform becoming a single point of failure, organisations must pair consolidation with disciplined governance of delegated trust, continuous integration‑layer risk assessment, and architectural safeguards such as mesh‑based enforcement and distributed control planes. The strongest strategy blends unified efficiencies with the resilience and scrutiny required to withstand inevitable failures.
Joe Mayhew and Ahmed Tikail are cyber security experts at PA Consulting
Health workers are urging NHS decision-makers not to sign contracts with controversial US data analytics firm Palantir, citing ethical concerns around human rights and data privacy.
In 2023, Palantir won a seven-year, £330m NHS England contract to deliver the Federated Data Platform (FDP), a nationwide system intended to connect disparate healthcare data from across the NHS while maintaining security and patient privacy.
While the system is not yet fully operational, many hospital trusts and integrated care boards (ICBs) have already signed up to use the platform.
Highlighting how Palantir’s operations around the world have allegedly contributed to “human rights abuses, war crimes, discriminatory policing practices and mass surveillance”, Medact said the firm’s cosiness with law enforcement and border agencies could lead to “data-driven state abuses of power” if people’s sensitive health information is shared with these bodies.
“This report is concerned that the FDP, by bringing together disparate health datasets onto a single platform run by Palantir, could enable UK government departments, such as the Home Office and police departments, to more easily access patient data,” it said.
Medact added that Palantir’s services to other governments, including in its contract with US Immigration and Customs Enforcement (ICE), have “involved significant cross-departmental data compiling and analysis”, enabling data given to one government department to be repurposed for profiling and surveillance by others.
[We are] concerned that the FDP, by bringing together disparate health datasets onto a single platform run by Palantir, could enable UK government departments to more easily access patient data Medact report
“As well as the potential risk for a current or future UK government to attempt to emulate US-style cross-governmental data sharing, there is a serious risk of Palantir’s contract alienating patients most affected by health inequalities due to this perceived risk,” said Medact, adding that during the pandemic, health advocacy group Patients not Passports found that around 57% of migrants avoided seeking healthcare because they were concerned about being reported to or identified by the Home Office.
Medact said it is concerned that this situation will be made worse by the involvement of Palantir, given its enthusiasm for working with ICE and the existing data-sharing agreements in place between the UK Home Office and the NHS.
These concerns are compounded by the prospect of a potential Reform UK government, as the party has already pledged to facilitate “mass deportations” if it wins power.
According to a Reform policy document published in August 2025, titled Operation restoring justice, the party is aiming to implement an “uncompromising legal reset” and promises to “relentlessly identify and detain all illegal migrants in the UK”. It stated: “Using powers granted by the new legislation, it will automatically share data between the Home Office, NHS, HMRC, DVLA, banks and the police.”
Alongside Palantir’s stated intention to dominate national software provision in the US and allied countries, as well as its active contracts with UK police forces and the Ministry of Defence (MoD), Medact warned that there is a real threat of its involvement undermining data privacy and public trust in UK healthcare institutions.
Policing and military contracts
Outside of its close collaboration with ICE – which is currently engaged in aggressive mass deportation efforts across the US, using unidentified masked agents to conduct operations, and employing fascist rhetoric in its communications and recruitment drives – Medact also highlighted how Palantir assists violent military and policing institutions.
This includes supplying software to the US military during its illegal wars of aggression in Iraq and Afghanistan, providing police forces across the US and Europe with widely critiqued digital “predictive policing” tools, and supplying artificial intelligence (AI) products to the Israeli military.
Storebrand Asset Management, one of the largest asset managers in the Nordic region, divested its holding in Palantir in October 2024, stating that its research indicates that Palantir’s “AI-based predictive policing systems” support Israeli surveillance of Palestinians in the West Bank and Gaza.
Given Palantir’s penchant for working with defence and policing organisations, Medact reiterated that the firm’s involvement in the FDP and other NHS systems represents a clash of values that could undermine public trust.
It added that Palantir is also “likely to benefit reputationally” from NHS contracts, by essentially allowing the firm to launder its own public image by associating with a popular institution.
We argue that NHS England’s contract with Palantir is likely to strengthen Palantir’s software and reputation as a company. Given the highly interoperable nature of Palantir’s different civil and military products, this could indirectly result in the NHS contributing to the advancement of militarised technology used to commit alleged human rights abuses Medact report
“We argue that NHS England’s contract with Palantir is likely to strengthen Palantir’s software and reputation as a company,” said Medact. “Given the highly interoperable nature of Palantir’s different civil and military products, this could indirectly result in the NHS contributing to the advancement of militarised technology used to commit alleged human rights abuses.”
Medact added that, given Palantir’s questionable track record on surveillance and human rights around the world, adopting its technology could see hospital trusts, ICBs and NHS England fall foul of their own ethical procurement policies.
It added that there is a risk of trusts and ICBs being locked into a single supplier, reducing their “ability to transfer to a different supplier or retain full autonomy over the code behind their data management systems”.
In particular, the CDAON cited issues of public trust associated with Palantir’s handling of sensitive health data, and highlighted that viable alternatives already exist.
“We already have similar tools in use that presently exceed the capability and application of what the FDP is currently trying to develop or roll out at a system level,” they wrote.
Medact’s report has been sent to decision-makers sitting across the NHS, including trust boards, ICBs, health scrutiny committees and the Health Data Governance Committee.
Recommendations and Palantir response
To alleviate the concerns identified in its report, Medact has recommended that NHS decision-makers decline to implement the FDP or any other Palantir products in their local data systems, scrutinise their current contracts with the supplier, and investigate the feasibility of in-house or open source alternatives.
Medact has called for NHS England to immediately terminate its Palantir contract.
A spokesperson for Palantir said the firm’s “software is playing an important role in improving patient care – helping to deliver 100,000 additional operations, a 12% reduction in discharge delays and the removal of 675,000 patients from waiting lists”.
They added: “How that software is used is entirely under the control of the NHS, with data only able to be processed in accordance with their strict instructions.”
The spokesperson said the firm also has “no intention of and no means of using the data in the way that the Medact report is suggesting”, adding that “to do so would be illegal and in breach of contract”.
This includes claiming that it is “a matter of company policy” not to support predictive policing applications, that it’s work with ICE is long-standing and dates back to the Obama administration, and that there are “comprehensive” data processing safeguards and controls in place for the FDP.
“Palantir engineers are only able to access NHS data under the direction of the data controllers. This only takes place for appropriate engineering activities like data pipeline deployment and product support tasks,” the company said.
“The technology includes granular access controls and full auditability, ensuring that individuals within the institutions we serve can access only the information necessary to perform their roles. It also provides a clear, traceable record of who accessed specific data, when they accessed it, and for what purpose.”
Palantir added that while it has not been involved in the most high-profile Israel Defense Forces (IDF) artificial intelligence (AI) targeting systems, “we are, however, very proud of the work and support we have provided to Israel following the vicious attacks of October 7th”.
Sports1 week ago
Fashion1 week ago
Fashion6 days ago