I was today years old when this first penny dropped for me. Email Link-following. Cool term, what does it mean? In hindsight, it's obvious. In order to protect you from bad guys including bad links in the email they send to you, your email server is most likely... wait for it... waaaaaiiit... "clicking" on every link, in every inbound email, to check it, before sending it on to you. Once more, in case the significance of that went skating past you, like it has me... Every.link.in.every.inbound.email. The tactic works, and is pretty much the only way it can be done, but gracious, there are some privacy issues, right there! And, while we're stirring this *particular "email is stupid"* pot.... here's another GEM. "Microsoft says that Midnight Blizzard, a cyber unit inside Russia's SVR Foreign Intelligence Service, has begun using a clever new technique to compromise victims and deploy malware on their systems. The technique involves sending malicious RDP configuration files to victims via email." Translation: This version of Ivan has stopped trying to break into your computer. Now, he'd like you to click on this file that he's sent to you via email, which will connect you to him! With every administrator privelege that Windows can give, and then some. Read every byte on every hard drive. Install any software on your computer. Terrifying as it is, you just have to say, this.is.brilliant! "I won't call you, I'll just give you my number. You'll call me." It's also absurdly stupid. Configuration files are common and necessary. Almost every application has one. Most of them are text files. Or they should be. Text files are pretty harmless. Buuuut... *sinister voice* what happens when you make a configuration file executable? Believe it or not, this is not the first time Microsoft has done this. They used to have a ... feature ... where if you downloaded a file like a .doc for example, if it was associated with an application in Windows, IT WOULD RUN THAT APPLICATION! And before you think "Well, that's quite useful and convenient?" I'll just remind you that .py and .bat and .vbs and .cmd and .js are ALSO examples of text files that are associated with an application. (python3.exe, cmd.exe, vb.exe etc).

I see Cuddy have these little gizmos, and they're quite cheap. Really useful for people who travel or need a remote VPN.

Curious to see what projects people have been working on this year. Share below (if it's NDA type stuff then rather done, but tell us it's top secret anyway). I'll go first.

Where do you go for tech content? Podcasts, YouTube, Newsletters? And who do you follow the most? LTT? MKBHD?

So, in the ongoing battle to make email trustworthy again (you can catch-up here), a new player has "broken cover"***. Please meet BIMI (Brand Indicators for Message Identification). Beep-beep. The BIMI project is being managed by an industry working group, with members Fastmail, Google, MailChimp, Proofpoint, SendGrid, Validity, ValiMail and Yahoo! The project began TEN YEARS ago, in 2014, and so far, the display of BIMI logo icons is supported by Apple, Cloudmark, Fastmail, Google, Yahoo! And Zoho. So, what's a BIMI, you might cleverly ask? Many/most/almost all email clients display a icon/avatar beside the email in the listings. Systems like Gravatar might provide that icon, or it might just be initials in a coloured circle. Idea! Let's make that icon a trust-anchor, like a verified checkmark for email, but way (comically WAY) more stringent. Imagine if Twitter's blue checkmark process involved a full corporate audit, legal reviews, Home Affairs, FICA, RICA and trademark verification... that's BIMI. Here's what it takes: First, you need perfect email security (SPF, DKIM, DMARC) with the strictest settings. Then you need your logo in a arcane SVG format that's so specific and locked-down that most companies need specialized help to create it. Then you need a "Verified Mark Certificate" (VMC) which is like a super-charged version of a website security certificate. And, right now, the only two CA's who can issue these VMCs (atm) are.. Digicert and Entrust** The certification process is thorough. Requirements are: Corporate documentation proving you are who you say you are. Brabys, Dun & Bradstreet, people calling your company phone number. NSA Mega Extended Validation certificate process stuff. Legal proof you own the trademark for the logo. Verification that you have the rights to use the logo in every country you operate in.