Russian Spam and Profanities Are Now Plaguing the Arch Linux AUR
The Arch Linux User Repository “AUR” is facing another issue just days after more than 1,500 packages were found carrying malware. According to Phoronix, over 70 AUR packages have reportedly been modified to insert Russian spam and profane messages into users’ shell configuration files. From the report: Nicolas Boichat with his AI/LLM detection bot … ⌘ Read more

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR
After days of dealing with 1,500+ packages in the Arch Linux AUR containing malware, the latest headache in the Arch Linux User Repository is Russian spam and offensive messages… ⌘ Read more

@movq@www.uninformativ.de Hahaha, great timing! :-D I love your article and agree with almost all your points.

On the AI changelog part, though, I’d rather recommend to just not have a changelog at all.

Another important thing for me is the deprecation notice section. What do I need to look out for in the future? Should I start to migrate to another API soon? Even right now? Or does it have time?

While going through these terrible GitHub release pages, I also found these “New Project Contributors” sections (yeah, for that, they found the time to make a section) annoying. Don’t get me wrong, sure, credit where credit is due. But come on. Soooooo much space for an inefficiently formatted (and also unsorted) list. At least it was easy enough to skip over it.

And then, there are also these changelogs or rather notice documents in general that are infested with multicolored emojis all over the place. My brain’s spam filter kicks in and shoves everything to /dev/null immediately. It’s especially a thing at work.

In my previous work project, we also used the Keep A Changelog Format. That was great. You wouldn’t believe how often I resorted back to that document. At least twice a week, often several times a day. I was very glad that we put in this effort. Of course, writing the changelog took its time, but it was worth every minute and more. Reading a many months old item, it was immediately clear. I was our best customer in that regard.

Now, it’s just the same auto shitshow with MR titles in a rolling date-versioned release scheme. It’s just our team who has to deal with that, though. I think I’m the only one who is not a fan of it.

Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. ⌘ Read more

Companies Are Using Reddit To Manipulate ChatGPT and Google AI Search
An anonymous reader quotes a report from 404 Media: The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots. The strategy is an effort to systematically manipulate the answers provided by chatbo … ⌘ Read more

How to Block Spam Calls and Spam Texts on iPhone and Android (2026)
Fight the scourge of unsolicited rings and pings from spammers, scammers, and telemarketers. ⌘ Read more

Please don’t spam people looking for employment. It’s just cruel
Earlier I posted in a “Who wants to be hired?” thread, looking for a place where I could apply my experience in hospitality, food tech and automation.

A couple hours later I received an email:

“Hi Ilia,

I saw your comment on the June Who’s Hiring thread. I build production-ready TypeScript and Python systems that integrate LLMs into real workflows, with particular focus on RAG, agent orchestration, and clear blah-blah-blah”

Come on.
I am a forced immigra … ⌘ Read more

Scammers Are Abusing an Internal Microsoft Account to Send Spam Links
“For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts,” TechCrunch reports:

[The scammers] have been able to set up new Microsoft accounts as if they are new customers and use that access to send out … ⌘ Read more

30 WordPress Plugins Turned Into Malware After Ownership Change
Wednesday BleepingComputer reported that more than 30 WordPress plugins “have been compromised with malicious code that allows unauthorized access to websites running them.”

A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instruct … ⌘ Read more

Rspamd 4.0 Released For Open-Source Spam Filtering
Rspamd 4.0 is out today as a big update to this powerful open-source spam filtering system… ⌘ Read more

Linus Torvalds Drops Old Linux Kconfig Option To Address Tiresome Kernel Log Spam
Following yesterday’s Linux 7.0-rc1 release, Linus Torvalds authored and merged a patch to get rid of the Linux kernel’s WARN_ALL_UNSEEDED_RANDOM Kconfig option. While that option was added with good intentions, on some systems it can yield a lot of unnecessary kernel log spam… ⌘ Read more

There’s a Rash of Scam Spam Coming From a Real Microsoft Address
There are reports that a legitimate Microsoft email address – which Microsoft explicitly says customers should add to their allow list – is delivering scam spam. ArsTechnica: The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various source … ⌘ Read more

Wow, as I anticipated, this is waaay out of my capabilities to really understand it. But I’m quite happy to just have spotted a mistake in an explanatory comment in section 4.5.2 “The icode Array”. Of course, it should be /e + tc + /i + ni + t\0. Let’s hope that my e-mail with the patch actually makes it into Briam’s inbox. I fear GMail just hides it in the spam folder.

@lyse@lyse.isobeef.org I even got spam on ICQ, back when ICQ was a thing. I see spam as an innate thing. 😅

Oh no, spam via Jabber is new for me. Fuck them!

Microsoft Cancels Plans To Rate Limit Exchange Online Bulk Emails
Microsoft has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. From a report: The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on cloud-hosted … ⌘ Read more

Google To Kill Gmail’s POP3 Mail Fetching
Google is quietly killing Gmail’s ability to fetch mail from third-party email accounts using POP3, a long-standing feature that has allowed users to consolidate multiple inboxes into a single Gmail interface. The change takes effect this month and also ends Gmailify, the companion feature that applied Gmail’s spam filtering and inbox organization to linked third-party accounts.

Google buried … ⌘ Read more

Rob Pike Angered by ‘AI Slop’ Spam Sent By Agent Experiment
“Dear Dr. Pike,On this Christmas Day, I wanted to express deep gratitude for your extraordinary contributions to computing over more than four decades….” read the email. “With sincere appreciation,Claude Opus 4.5AI Village.

“IMPORTANT NOTICE: You are interacting with an AI system. All conversations with this AI system are published publicly online by default … ⌘ Read more

@movq@www.uninformativ.de @bender@twtxt.net I’ll also start spamming from my upcoming Vietnam holiday (flying out this Friday) for a couple of soliday weeks 🤣

@bender@twtxt.net Once Advent of Code starts, I’ll start spamming, don’t worry. 😅

Android shopping list apps disappointed me too many times, so I went back to writing these lists by hand a while ago.

Here’s what’s more fun: Write them in Vim and then print them on the dotmatrix printer. 🥳

And, because I can, I use my own font for that, i.e. ImageMagick renders an image file and then a little tool converts that to ESC/P so I can dump it to /dev/usb/lp0.

(I have so much scrap paper from mail spam lying around that I don’t feel too bad about this. All these sheets would go straight to the bin otherwise.)

@prologic@twtxt.net @movq@www.uninformativ.de Same here, I give each service a dedicated e-mail address. It’s very interesting to see how e-mail addresses are transferred to other actors. Luckily, this only happens rarely. But it does happen. In surprising ways.

Aliases not only help to fight spam, but are also a great way to specify filter rules to sort e-mails.

@prologic@twtxt.net FWIW, I love the idea and I do the same with my email domains. It’s the most effective way to fight spam, IMO. 🥳

@bender@twtxt.net I think that’s where it sends the capture verification requests. It’s based on PoW, so it has to perform validation somehow. It actually looks pretty decent as far as a way to prevent spam/abuse of forms on the open web (e.g: Waitlist on SnipMail).

I had a looksie (just to be sure) at the database, and they were thankfully legit test events. But this did spark/trigger me to make sure I have some form of anti-spam measures in place. So I added some per-event / per-rsvp rate-limiting and honeypot(s).

This is Spam Musubi ⌘ Read more

@bender@twtxt.net Is dealing with spam fun though? DDoS attacks? DoS attacks? Scans for all kinds of stupid shit™? Malware? Advertising? Tracking? Spying? ..

I finally solved the loading issue in my WIP reader, TwtStrm (and apologies again to anyone that got spammed while I was diagnosing the issue).

After another round of coding this weekend, I’m happy to report that it now renders all the twts (with markdown parsing), complete with localstorage and server-based file caching.

@lyse@lyse.isobeef.org Thanks, I think I fixed it now. Sorry for the spam.

@prologic@twtxt.net I know we won’t ever convince each other of the other’s favorite addressing scheme. :-D But I wanna address (haha) your concerns:

1. I don’t see any difference between the two schemes regarding link rot and migration. If the URL changes, both approaches are equally terrible as the feed URL is part of the hashed value and reference of some sort in the location-based scheme. It doesn’t matter.

2. The same is true for duplication and forks. Even today, the “cannonical URL” has to be chosen to build the hash. That’s exactly the same with location-based addressing. Why would a mirror only duplicate stuff with location- but not content-based addressing? I really fail to see that. Also, who is using mirrors or relays anyway? I don’t know of any such software to be honest.

3. If there is a spam feed, I just unfollow it. Done. Not a concern for me at all. Not the slightest bit. And the byte verification is THE source of all broken threads when the conversation start is edited. Yes, this can be viewed as a feature, but how many times was it actually a feature and not more behaving as an anti-feature in terms of user experience?

4. I don’t get your argument. If the feed in question is offline, one can simply look in local caches and see if there is a message at that particular time, just like looking up a hash. Where’s the difference? Except that the lookup key is longer or compound or whatever depending on the cache format.

5. Even a new hashing algorithm requires work on clients etc. It’s not that you get some backwards-compatibility for free. It just cannot be backwards-compatible in my opinion, no matter which approach we take. That’s why I believe some magic time for the switch causes the least amount of trouble. You leave the old world untouched and working.

If these are general concerns, I’m completely with you. But I don’t think that they only apply to location-based addressing. That’s how I interpreted your message. I could be wrong. Happy to read your explanations. :-)

Here is just a small list of things™ that I’m aware will break, some quite badly, others in minor ways:

1. Link rot & migrations: domain changes, path reshuffles, CDN/mirror use, or moving from txt → jsonfeed will orphan replies unless every reader implements perfect 301/410 history, which they won’t.
   
2. Duplication & forks: mirrors/relays produce multiple valid locations for the same post; readers see several “parents” and split the thread.
   
3. Verification & spam-resistance: content addressing lets you dedupe and verify you’re pointing at exactly the post you meant (hash matches bytes). Location anchors can be replayed or spoofed more easily unless you add signing and canonicalization.
   
4. Offline/cached reading: without the original URL being reachable, readers can’t resolve anchors; with hashes they can match against local caches/archives.
   
5. Ecosystem churn: all existing clients, archives, and tools that assume content-derived IDs need migrations, mapping layers, and fallback logic. Expect long-lived threads to fracture across implementations.

@alexonit@twtxt.alessandrocutolo.it I took it down mostly because of continued abuse and spam:l. I intend to fix I and improve the drive and its sister at Summer point 🤞

Apologies if I’ve been spamming anyone out there in twtxt-land today.

I’ve been working on a couple of twtxt-related projects, and one of them is a reader (tentatively called twtstrm) written in JS. I used dummy data for the first few stages of development, but now I’m at the point where I need some real data, and that meant hitting up my actual following list.

Of course, it didn’t help that I had a typo in my If-Modified-Since headers, but all that has since been resolved.

Anyways, if I accidentally spammed you with requests today, I am sorry, and it shouldn’t happen anymore.

We thank you for your patience, and apologize for the inconvenience.

I have a Python script that transforms the original YouTube channel Atom feed into a more useful Atom feed by removing the spam description and replacing it with the video duration, filtering out videos by title, duration, etc. I just updated it to exclude the damn Shorts garbage more efficiently. Finally, YouTube updated their Atom feed generation, so that the video URL contains /short/ if it’s of this useless kind. Never thought that they ever actually will improve their Atom feeds. Thank you, much appreciated!

ProcessOne: ejabberd 25.07

Image

Release Highlights:

This release focus on integration in a wider federated network, with support for spam fighting features, better compliance with Matrix network and native support for PubSub Server Information to have your server count as part of the wider XMPP network (for example, you can register your server on XMPP Network Graph).

• **Spam filter … ⌘ Read more

My idea of how a modern mailing service should work
Comments ⌘ Read more

ALTCHA - Next-Gen Captcha and Spam Protection
Comments ⌘ Read more

Chromium to use “AI” to combat the spam notifications it helped create
Notifications in Chrome are a useful feature to keep up with updates from your favorite sites. However, we know that some notifications may be spammy or even deceptive. We’ve received reports of notifications diverting you to download suspicious software, tricking you into sharing personal information or asking you to make purchases on potentially fraudulent online store fronts. To defend agai … ⌘ Read more

Unlimited Emails: A Bug That Let Me Spam Anyone =>$250

Image

Free Article Link: Click for free!

Continue reading on InfoSec Write-ups » ⌘ Read more

Definitely open to taking on users 👌I only have open registrations turned off because of spam accounts and my pod being the most popular amongst spammers 🤣

(#t4cgo2a) Definitely open to taking on users 👌I only have open registrations turned off because of spam accounts and my pod being the most p …
Definitely open to taking on users 👌I only have open registrations turned off because of spam accounts and my pod being the most popular amongst spammers 🤣 ⌘ Read more

Gajim: Gajim 2.0.0
Gajim 2.0 is here and it comes with a big upgrade 🎉 Gajim migrated its user interface toolkit to GTK 4, which brings performance improvements and sets the ground for great features to follow. Additionally, this release brings improved image previews, better tools for fighting spam, and much more. All of these changes were only possible by touching a lot of Gajim’s code base, and we appreciate all the feedback we got from you.

Switching Gajim’s major ver … ⌘ Read more

Codeberg Announces “Fight Against Far-Right”
The Git source code hosting organization, in response to anonymous spam, declares war on “Right-Wing Forces”, encourages others to do the same. ⌘ Read more

reviewing logs this morning and found i have been spammed hard by bots not respecting the robots.txt file. only noticed it because the OpenAI bot was hitting me with a lot of nonsensical requests. here is the list from last month:

• (810) bingbot
  
• (641) Googlebot
  
• (624) http://www.google.com/bot.html
  
• (545) DotBot
  
• (290) GPTBot
  
• (106) SemrushBot
  
• (84) AhrefsBot
  
• (62) MJ12bot
  
• (60) BLEXBot
  
• (55) wpbot
  
• (37) Amazonbot
  
• (28) YandexBot
  
• (22) ClaudeBot
  
• (19) AwarioBot
  
• (14) https://domainsbot.com/pandalytics
  
• (9) https://serpstatbot.com
  
• (6) t3versionsBot
  
• (6) archive.org_bot
  
• (6) Applebot
  
• (5) http://search.msn.com/msnbot.htm
  
• (4) http://www.googlebot.com/bot.html
  
• (4) Googlebot-Mobile
  
• (4) DuckDuckGo-Favicons-Bot
  
• (3) https://turnitin.com/robot/crawlerinfo.html
  
• (3) YandexNews
  
• (3) ImagesiftBot
  
• (2) Qwantify-prod
  
• (1) http://www.google.com/adsbot.html
  
• (1) http://gais.cs.ccu.edu.tw/robot.php
  
• (1) YaK
  
• (1) WBSearchBot
  
• (1) DataForSeoBot
  

i have placed some middleware to reject these for now but it is not a full proof solution.

It’s surprising how much I can reduce the amount of spam that Rspamd needs to filter – whether it ends up in my junk folder or even my inbox – just by blocking certain recipient addresses. Using unique email addresses for each service, like “deezer @ example.com” for Deezer, was one of the best decisions I made, especially combined with a catch-all address. ⌘ Read more

(#37ktxtq) e.g Spam Act 2003 of Australia
e.g Spam Act 2003 of Australia ⌘ Read more

Ok, it’s really spam account: https://twtxt.net/twt/xu3u7zq . Damn spammers. Can you delete this?

Is it spam bot or just innocent citizen? But nickname looks suspious

Google begins requiring JavaScript for Google Search
Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In an email to TechCrunch, a company spokesperson claimed that the change is intended to “better protect” Google Search against malicious activity, such as bots and spam, and to improve the overall Google Search experience for users. The spokesperson noted that, with … ⌘ Read more

(#nm5tj6a) @andros I believe I disabled new registrations by default due to increase in levels of “spam accounts”. If you could email me, or D …
@andros @twtxt.andros.dev I believe I disabled new registrations by default due to increase in levels of “spam accounts”. If you could email me, or DM me (IRC) your Github username, I’ll add an account for you that matches your Github profile and you can sign-in that way.

Respectfully, I will not move any of my proje … ⌘ Read more