![](https://static.wixstatic.com/media/913537_7b1db5a6278a4679adb5bc7766ad497c~mv2.jpg/v1/fill/w_1920,h_1012,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/913537_7b1db5a6278a4679adb5bc7766ad497c~mv2.jpg)
> Search Results
53 items found for ""
Blog Posts (32)
- Quantum computing and the threat to modern encryption
(Above: IBM's Osprey quantum computer, source: https://www.popsci.com/technology/ibm-quantum-summit-osprey/ ) The math and machines behind the future of privacy online are fiendishly complex — Modern encryption works because of the extraordinary amounts of time required to decrypt data that is passed through ‘one-way’ mathematical functions. So far, the time and computing resources needed to decrypt sensitive data have served as an effective barrier to massive, wide-ranging, brute-force decryption attacks. With advances in quantum computing, however, barriers to cracking current cryptographic standards are rapidly disappearing. Advances in the raw compute power of quantum processors are only one part of the equation; research into more efficient algorithms for decrypting encrypted data is also poised to turn quantum computers into highly adept encryption-breaking platforms. In 2017, Charles Neill at UC Santa Barbara and Pedram Roushan at Google unveiled a proof-of-concept ‘superconducting qubit’. In quantum mechanics, superconductivity can be achieved by cooling a substance (liquid metal in this case) to an extremely low temperature and introducing an electrical current. The principle of superconductivity allows this current to flow forever, in both directions simultaneously. This behavior of the electrical current in the liquid metal represents a qubit that can simultaneously represent a 0 and a 1. In classical computing, a bit can only represent a 0 or a 1 at an arbitrary point in time. Qubits, meanwhile, can store values of 0 and 1 at the same time, allowing an equivalent number of qubits to store exponentially more number values than bits. To put this in more practical terms, just 50 qubits can store 10 quadrillion numbers; a classical computer would require a petabyte-scale memory system to store the same number of values. The main concern from physicists about such a system is that mathematical errors would scale rapidly with the size of the quantum system. Neill and Roushan demonstrated that errors only increased slowly, suggesting that a meaningful superposition of up to approximately 60 qubits could be attained. A superposition of 60 qubits would surpass the researchers’ initial goal of 49 to 50 qubits, while theoretically producing a manageable number of errors. Since this research was published in 2017, the field of quantum computing has advanced rapidly. As of October 2023, the fastest quantum computer in the world has surpassed 1000 qubits . For comparison, Microsoft estimates that 2500 qubits would be necessary to crack modern 256-bit AES encryption. Just one year earlier, in 2022, the fastest quantum computer in the world was IBM’s Osprey system, at 433 qubits . If advancements continue at this pace, modern 256-bit encryption could be cracked in only a few years. While the general public does not have access to quantum computing resources, research universities, high-tech corporations, governments, and militaries certainly will. At that point, the genie will have been released from the bottle and we must then assume that data encrypted with ‘legacy’ ciphers is no longer secure. However, it’s crucial to keep in mind that sheer qubit numbers aren't the final word in quantum performance. Accuracy counts more than raw speed in most classical computing paradigms, with quantum computers being no exception. The difference, though, is that quantum computers are considered “noisy” in that they lose their quantum state over time. A degradation in quantum state means worthless results are produced; considering the running costs of a quantum computer, vast resources have been invested into improving the accuracy and reliability of these systems. Electromagnetic interference and changes in magnetic fields cause qubits to lose their quantum states, necessitating exotic and complex cooling and environmental isolation solutions which are prohibitively expensive for all but large enterprise and government institutions. As of mid-2024, research at the Chalmers University of Technology in Gothenburg, Sweden has found that the use of harmonic oscillators can control error rates and thus produce a quantum computing system that can run longer calculations. The researchers at Chalmers University explain: “The oscillators used in the study consist of thin strips of superconducting material patterned on an insulating substrate to form microwave resonators, a technology fully compatible with the most advanced superconducting quantum computers. The method is previously known in the field and departs from the two-quantum state principle as it offers a much larger number of physical quantum states, thus making quantum computers significantly better equipped against errors and noise.” Source: https://www.chalmers.se/en/current/news/mc2-breakthrough-may-clear-major-hurdle-for-quantum-computers/ While errors remain a roadblock to the “quantum supremacy” Google researchers envisioned in 2017, research into reducing error rates is producing actionable scientific results that promise to make quantum computers more accurate and less susceptible to environmental influence. Predicting the assault of more advanced and less error-prone quantum computers, the National Institute of Standards and Technology (NIST) in 2022 announced its first four quantum-resistant cryptographic algorithms. These algorithms rely on mathematical models that are designed to resist decryption attacks from both classical and quantum computers, as part of NIST’s Post-Quantum Cryptography Standardization Project . For general encryption, NIST chose the CRYSTALS-Kyber algorithm to defend against future quantum decryption attacks. For digital signatures, CRYSTALS-Dilithium (a nod to the fictitious dilithium crystals featured in Star Trek ), FALCON , and SPHINCS+ were selected. Three of the algorithms chosen by NIST operate based on a family of mathematical problems known as structured lattices , while SPHINCS+ uses more conventional hashing functions. As ever, the march of increasingly powerful microprocessors and more advanced cryptographic algorithms demands that digital citizens of all stripes adopt and maintain best security practices. Small businesses are especially vulnerable to more advanced credential theft, phishing, impersonation, and brute-force decryption attacks. Get in touch with Geeks for Business today to learn how you can secure your organization’s digital footprint.
- 9 Tips for Troubleshooting Networking Issues
There's nothing quite as frustrating as a sudden internet outage. Whether you're working from home, streaming your favorite show, or simply staying connected with friends and family, a loss of internet can disrupt your entire day. The question that inevitably arises is, "why is it down, and when will it come back?" While there's no one-size-fits-all answer, there are several troubleshooting steps you can take to diagnose and potentially resolve the issue. Basic Troubleshooting: The Quick Fixes Reboot Your Router: This classic tech remedy often does the trick. A simple restart can refresh your router's connection and resolve minor glitches. Check Connections: Ensure all cables are securely plugged into your router, modem, and devices. Loose or damaged connections can interrupt the internet signal. Advanced Troubleshooting: Network Diagnostics Run a Network Test: To assess the overall health of your network, use the ping command in your device's command prompt. Pinging a public DNS server like 1.1.1.1 will provide information about the latency and packet loss between your device and the internet. Refresh IP Address: Sometimes, a simple IP address renewal can resolve connectivity issues. Use the ipconfig /release and ipconfig /renew commands to force your device to obtain a new IP address. Software and Firmware Updates Update Router Firmware: Outdated firmware can lead to stability problems. Check your router's manufacturer's website for the latest firmware updates and install them as recommended. Provider-Related Issues Contact Your Internet Service Provider: If the above steps don't resolve the issue, it's possible there's a broader outage in your area. Contact your ISP to check for any known service disruptions or planned maintenance. Occasionally, a faulty piece of outside equipment, such as a passive coaxial splitter, is the source of trouble in your network. While end users can replace these devices, we suggest contacting your Internet Service Provider and reporting the issue so that they may troubleshoot and resolve the issue. Seeking Professional Assistance Consult Your IT Support Team: If you're unable to resolve the issue on your own, reach out to your IT support team for further assistance. They can diagnose more complex problems and provide tailored solutions. Consider Professional IT Services: If you don't have an in-house IT team, consider partnering with a professional IT service provider like Geeks for Business. We offer comprehensive network support, security, troubleshooting, and maintenance. Don't Let Internet Outages Disrupt Your Business A reliable internet connection is essential for businesses of all sizes. By following these troubleshooting steps and seeking professional help when needed, you can minimize the impact of internet outages and ensure uninterrupted productivity. If you're facing challenging network-related issues, reach out to Geeks for Business today. Whether you're managing a single office, working from home, or connecting multiple sites, Geeks for Business helps clients implement secure networking solutions that keep business running.
- Crowdstrike: A Drama in Three Acts
— Mistah Kurtz-he dead A penny for the Old Guy On July 19th, 2024, Crowdstrike, a well-known cybersecurity provider within private and public IT realms, managed to send industries from air travel to healthcare into various states of meltdown thanks to an unvalidated agent update. This update threw millions of Windows devices into bootloops, sending companies large and small into utter technical chaos for days. Delta Airlines CEO Ed Bastian alleges Crowdstrike’s botched update cost Delta $500 million, a claim which Crowdstrike CEO George Kurtz has dismissed, pinning the blame on Delta for its refusal to accept technical assistance from Crowdstrike. Delta’s legal action against Crowdstrike is one in a sea of lawsuits materializing against the company for the massive losses the defective update caused. Overall monetary losses to Crowdstrike’s Fortune 500 clients are estimated to be around $5 billion . To understand why this buggy update was so devastating, we must understand the way Crowdstrike’s Falcon EDR (endpoint detection and response) platform works. The Falcon EDR agent requires a kernel-mode driver which grants it low-level access to the Windows operating system. This kernel driver allows the Falcon agent to continuously monitor Windows user space and kernel space for malicious executables, attachments, and other potential cybersecurity threats. This model provides a substantial degree of cybersecurity protection to the device, but the use of a kernel-mode driver presents a double-edged sword: if the driver fails to initiate the Crowdstrike agent correctly, the operating system can crash and subsequently fail to boot. Microsoft’s response to this was to issue a technical incident response memo about the Crowdstrike failure, discouraging security vendors from using kernel-mode drivers. Crowdstrike’s kernel-mode driver, while signed and blessed by Microsoft, relies on frequent updates from Crowdstrike which are not individually signed or audited by Microsoft, or any other third-party. Thus, while the driver itself was deemed safe, the Falcon agent failed to parse a bad configuration file from Crowdstrike, causing the program to access memory it shouldn’t have accessed, bringing down the kernel and the operating system along with it. Kernel-space code runs close to the hardware (or ‘near the metal’), which is advantageous for cybersecurity applications that need low-level operating system access. This low-level access, however, has to be weighed against the potentially devastating outcomes of a bad update or untested configuration change. David Weston, Vice President of Microsoft’s Enterprise and Operating System Security, outlined a process for granting a security application’s kernel-space access while reducing the risk to the kernel in the event of a botched update: "For example, security vendors can use minimal sensors that run in kernel mode for data collection and enforcement, limiting exposure to availability issues," he explained. "The remainder of the key product functionality includes managing updates, parsing content, and other operations that can occur isolated within user mode where recoverability is possible." Crowdstrike places the blame for the failed update on its content validation pipeline. What remains unclear is how many standard industry practices Crowdstrike has actually adopted, such as sandboxing for update and change testing. Worryingly, this kind of failure suggests a lack of industry-standard CI/CD (continuous integration/continuous deployment) practices which most likely could have prevented the global outage caused by the bungled update. In the wake of Crowdstrike’s global IT wreckage, Microsoft announced its intention to "to work with the anti-malware ecosystem to take advantage of these integrated features to modernize their approach, helping to support and even increase security along with reliability." Microsoft’s guidance involves: Providing guidance and best practices for updating and rolling out of cybersecurity product patches Reducing need for Windows kernel space access in order to obtain critical security information Implementing enhanced isolation and anti-tampering capabilities in Windows, utilizing tech like VBS Enclaves Implementing Zero Trust approaches such as High Integrity Attestation, providing a method for determining the security status of a computer by monitoring its native security features (eg: Windows Defender for Endpoint) In spite of the initial backlash against Crowdstrike for its sloppy patching pipeline, most Crowdstrike customers report they plan to remain customers rather than migrate to competing cybersecurity platforms. Whether this speaks to the inherent complexity of switching cybersecurity providers is an open question; in the tech space, vendor lock-in is an ongoing problem that hasn’t eased much in recent decades. Some tech analysts have even suggested that now is the time to buy into Crowdstrike’s platform, as Crowdstrike is incentivized to beef up its CI/CD practices and focus on delivering a stable product, in light of its very public failure to follow best development and test practices. No matter where Crowdstrike or its users land, the incident points out very real flaws in modern endpoint detection and response platforms. Crowdstrike isn’t the only company whose application relies on kernel-level access to the host operating system. This practice is widespread throughout the industry, with Microsoft bearing its own share of culpability in all but forcing security vendors to play in the dangerous kernel sandbox in order to develop security apps that do what they claim on the tin. Microsoft’s response to the Crowdstrike fracas is a naked attempt to make Microsoft look good while not-so-subtly throwing security vendors under the bus for doing what they had to do to make their products function as intended. In Microsoft Land, throwing corporate partners, lucrative resellers, and end-users under the bus when push comes to shove is nothing new. In a world where technology is becoming increasingly enshittified , prices increasingly stratospheric, and technical sanity increasingly hard to find, the Crowdstrike fiasco underscores a more central need: to end over-reliance on single vendors, and on single points of failure in general. A company like Crowdstrike or Microsoft will promise you the world (and sell it to you, at prices to match), but when things fall apart they won’t be there to save your business. This is the importance of local IT: your business is only as resilient as the IT processes you have in place. Microsoft will sell you Exchange Online, but they won’t test your backups for you. Crowdstrike will sell you Falcon, but they aren’t going to perform phishing simulations or work with your employees to understand modern security threats. These companies are selling a solution, and it’s up to you to implement that solution in a way that makes sense for your use case while following best industry practices. Get in touch with Geeks for Business today to learn more about how managed IT can keep your business running, even when the Crowdstrikes of the world drop the ball.
Other Pages (21)
- Disaster Recovery - Geeks for Business
Business Continuity and Disaster Recovery (BCDR) Geeks for Business's Managed IT plans include options for BCDR (business continuity and disaster recovery) to keep your organization online and minimize downtime in a worst-case scenario. Even with careful planning, data loss sometimes happens. In the event of hardware or software failure leading to data loss, we partner with DriveSavers, Inc. for our clients' advanced and clean-room data recovery needs. We are also equipped to handle complex data recovery scenarios, such as recovering data from RAID arrays or flash storage. Ransomware remediation Ransomware costs both home and business users billions of dollars in lost productivity every year, and those numbers are only going up. The best defense against ransomware is a comprehensive data backup solution. Geeks for Business offers peace of mind with our data backup, virtualization, and endpoint security strategies to ensure ransomware doesn't crash your business. Virtualization and infrastructure redundancy When you rely on your IT systems for remote work or to run your own company, redundancy is key in preventing disaster. We can help you implement a plan to virtualize physical hardware and introduce failover solutions to keep your business online in the event of data loss, power outage, or Internet outages. Disaster Recovery as a Service The best offense is a good defense, after all. Take a proactive approach to disaster recovery. Talk to Geeks for Business today about our DRaaS solution for your company. Preventative maintenance, periodic backups, security and software patching are included in our monthly DRaaS plan, letting you focus on what matters. Data Recovery
- Your IT Infrastructure | Geeks for Business
Understanding Your IT Needs Your business's IT needs are unique. Learn more about how different technologies work together below. Your Internet Connection Endpoint Devices On-premises Servers VoIP, ATAs, and Fax Internet of Things Operating systems Line-of-business applications Security, IAM, and Authentication Your IT Infrastructure Virtually every business now requires some investment in tech to function optimally. How does it all work together? There are a few core elements to a modern IT system to understand: Your Internet (Wide Area Network) connection, including downstream and upstream bandwidth, latency (ping), jitter (critical for Voice over IP telephone calls), and uptime. Why are these metrics important? Bandwidth is a measurement of how many bytes per second your physical connection to the Internet can send and receive. If you rely on a cable, cellular, or DSL Internet connection you may have noticed that your downstream (download) bandwidth is significantly higher than your upstream (upload). This is because these types of Internet connections are asymmetric, meaning, generally, your download speed will run about 10-20 times faster than your upload speed. This is fine for many business users, but if your business relies on sending large files (like videos, medical imagery, or uncompressed photos) to cloud services online, you'll feel the sting of low upload bandwidth. In this case, bonding two or more Internet connections can improve things, but often at fairly considerable cost. Latency (ping) and jitter are both critical metrics in your Internet connection's overall performance. Latency, or ping, is defined as the amount of time it takes a packet to be sent from your device to a server, like Google.com. Most ping tests are performed at the transport layer of the network stack, using ICMP packets, and as such may provide a decent estimate of how applications like Voice-over-IP will perform, but Round-Trip-Time (RTT) is often the gold standard for predicting how things will perform at the application layer (like VoIP). As a simple rule of thumb, the lower your latency, the better--this influences how fast Internet browsing "feels" and how fast web services load. Jitter is related to ping , but with one important distinction: jitter is defined as the variation in latency over time. That is, say you send 1000 packets to a server at www.google.com . Your first few packets take 10ms to reach the server, but the next few take 20ms, then a few take as long as 60-80ms, then drop back down to 10ms. This scenario means your Internet connection, or the path your packets are taking to a given server, are suffering from high jitter. High jitter negatively impacts web-based applications such as Voice-over-IP and online gaming, which are highly sensitive to variations in ping or latency. Uptime is another crucial metric to consider when evaluating Internet service providers for your business. A modern ISP (internet service provider) generally measures their uptime in terms of "nines"--that is, how many decimal points after 99% can they guarantee? An uptime of 99.9% would mean that, on average during a given year, you'd experience about 526 minutes of downtime per year. This might not seem like a big deal, but you never know if this downtime will come all at once or in small blocks, which can mean a serious headache for your point-of-sale terminals and other devices you rely on in your business. Endpoint devices We refer to client PCs as “endpoint devices” in the technical service industry. Any PC or device (like a smartphone or tablet) used by an employee of a business is an endpoint device. Thus, when we sell “endpoint monitoring” as a service, it means we’re actively monitoring each endpoint on your network and looking for problems. Desktop PCs may seem fairly mundane in the modern IT universe, but they’re still an important part of a business’s IT infrastructure, as they’re generally more cost-effective than a laptop with similar hardware specifications. It’s critical to ensure that all endpoint devices are properly configured, patched, and secured in order to minimize downtime and loss of revenue for your business. On-premises Servers With the proliferation of cloud computing and more affordable access to cloud business apps, like Microsoft Office 365, so-called “on-premises” servers have seen a decline. However, some businesses still rely on physical servers at their locations and there are good reasons for keeping hardware in-house instead of migrating it to the cloud. Applications where latency is important, specialized hardware is in use, or where large amounts of data are being sent over the local network frequently favor on-premises servers. For example, if your use case involves sending big video files or photos in RAW format over the network, an on-premises server with large capacity hard drives makes more economic sense than sending those big files to a cloud service like Google Drive, where storage is much more expensive and you’re limited by a comparatively slow Internet connection. VoIP phones, ATAs (analog telephone adapters), and fax machines While the fax machine has slowly faded into obscurity, VoIP desk phones and ATAs (analogue telephone adapters) remain a common sight in businesses of all sizes. Some businesses do rely on fax, but the fax machine has largely been supplanted by IP fax, or “e-fax”, which allows the user to send faxes from any computer, over the Internet. Voice-over-IP, meanwhile, should be a core component of any business's IT strategy. Managed VoIP platforms allow businesses of all sizes to leverage powerful calling tools like departmental routing, ring groups, transcribed voicemail, and more. Your IP phones are a critical part of your business and making sure they’re secured and updated, without breaking compatibility with your SIP provider, is essential. Analogue telephone adapters (ATAs) are used to connect generic cordless or corded telephone handsets to IP phone systems, and because they are essentially just small computers with their own software and firmwa, ATAs must be managed to ensure the security of your network and phone system. Internet of Things devices Perhaps the most contentious entry on the list, Internet of Things (IoT) devices are often poorly secured from the factory and are not usually well-supported by their manufacturers after the devices are sold. So, it should come as no surprise that IoT devices require special attention in order to keep your IT infrastructure secure. There are IoT device manufacturers that do care about the security of their devices, but many, sadly, do not. Things like security cameras, wireless thermostats, wireless doorbells, and so on are all considered IoT devices. Operating systems While some businesses are Mac-only, the vast majority rely on Microsoft’s Windows operating system (OS) . Windows by itself is an extremely complex piece of software and requires a good deal of active management in order to maintain its security and performance. Your operating system is critical, as all of your other software sits on top of it; if Windows goes down, everything else goes down, which may include losing access to barcode scanners, cameras, sensors, and other important hardware. While Microsoft pushes out security, feature, and bug-fix updates for Windows on a regular schedule, they don’t offer any additional support, such as enrolling your employees’ computers into your local Active Directory, or configuring Exchange for you–that’s where we come in. Your line-of-business applications Business software is a massive industry, and includes highly specialized applications for businesses in finance, energy, banking, medicine, and more. Your business’s software may be under an active support contract with the software developer, but many business owners find that the software they rely on is either no longer supported by the publisher, or requires outdated hardware to continue functioning. This puts a considerable financial and technical burden on the customer; Geeks for Business offers consultative services for cases just like these. You shouldn't have to cobble together a solution for critical business software implementation and support. Navigating the business software landscape can be overwhelming , and migrating from one app to another is frustrating and regularly daunting. We do extensive research to keep a running catalogue of recommended business software for a variety of industries and can help you migrate your workflow from an outdated or unsupported application to a modern and functional one. Security, IAM, and Authentication Your IT infrastructure’s efficient operation depends on a properly configured security solution, which involves several different moving parts. A firewall appliance, endpoint security software, access control/permission management, and two-factor authentication tokens are all part of a modern security implementation for your business. You may have sensitive data which you’d like to grant access to only certain employees–this is where access control comes into play. Authentication is the process by which established users access a secure system (like a company file server). Owing to their relative insecurity, passwords are slowly being phased out in favor of more secure, passwordless authentication methods, such as TOTP (time-based one time passwords) codes and physical hardware tokens (such as those made by Yubico). Authentication is a critical component of building a secure access management system for your business. Geeks for Business stays up to date on current 'best practices' for authentication and follows the guidance of CISA (the United States Cybersecurity and Infrastructure Security Agency; cisa.gov) IAM (Identity and Access Management) is a framework of policies, processes, and technologies that facilitate user access to digital resources. IAM deals with how users are identified in a system; assigning permissions to users within a system; adding and removing user roles; and protecting sensitive data stored in the system. IAM and authentication aren't synonymous, however; authentication deals with the ways in which users access resources, while IAM deals with which users can access which resources. Generally, when discussing best security practices for accessing privileged information, we want a user to have something (a hardware token, for instance), to know something (a username and password), and in high security environments, to be something (biometrics; a retinal or fingerprint scan to validate a user’s identity). Integrating these components into a coherent system that works for your business can be an insurmountable task for a business owner with so many other demands on their time. Geeks for Business is ready to work with you to understand your unique needs and to design a managed service plan that keeps your business running, no matter what. Your Internet Connection Endpoint Devices On-premises Servers VoIP, ATAs, and Fax Internet of Things Operating systems Line-of-business applications Security, IAM, and Authentication
- Managed Support - Geeks for Business
Consulting and Remote Support IT Consulting Geeks for Business offers comprehensive IT consulting Whether you already run an IT department or work with another company for aspects of your existing IT systems, Geeks for Business can add value to your IT processes, reduce costs, and simplify technology stacks. If you think your business could be making better use of its IT resources Reach out to Geeks for Business for a free 30-minute consultation. We'll review aspects of your current IT setup, such as total spending, resource availability, provider reliability, and budget in order to provide you with a plan to reach your IT goals. Geeks for Business offers consulting in the following specific areas: Hardware strategy and procurement Line-of-business applications (including 'as-a-service' platforms) Cloud technology solutions (including cloud-to-multicloud integration) Cybersecurity and threat tracking Systems architecture High-availability systems engineering Webhosting and internal app hosting If you're looking to expand your current business, or start a new business, you can rely on Geeks for Business to design an IT plan that meets your requirements, without selling you more than you need. Get in touch today to learn how we help small businesses , sole-proprietorships, nonprofits, and more get the most out of their tech budgets. We'd love to help you discover how smart technology spending can increase your profits, reduce complexity, and make your day-to-day operations easier than ever. Remote Support Tech emergency that doesn't require an onsite visit? We've got you covered. Using remote support software, Geeks for Business can connect to your device over the Internet to diagnose and resolve issues, no matter where you are. Customers who opt for our comprehensive managed IT plans enjoy 24x7x365 device monitoring and proactive support. Many issues can be fixed remotely Saving you the additional time and expense of an onsite visit. Geeks for Business engineers its managed IT service portfolio specifically to minimize disruptive onsite tech work. While some onsite work is inevitable, modern remote management and automation tools make fixing many issues fast, with no site work necessary. Leveraging remote support software Geeks for Business can create a one-time support session, direct clients to our remote support web portal, and have a technician working on your issue same-day. For managed service customers Our remote support platform additionally enables us to proactively monitor your IT environment and solve issues before they become problems that interrupt your business's operations. The takeaway The key to reducing IT headaches is proactive maintenance. Our experienced technicians are well-versed in keeping your device humming along with a full suite of IT solutions, from cybersecurity to data backup, giving you peace of mind and predictable technology spending.