cheros was one of several readers to note that today, Oct 5, in 1969 was the very first airing of Monty Python. Although not every sketch has aged particularly well, you'd be hard pressed to find a more influential and funny show. Heck, look at the Icon we use here to indicate humorous stories! Who among us can't claim to have viewed the Holy Grail at least somewhere in the double digits.

badger.foo passes on the report of Peter N. M. Hansteen that a third round of low-intensity, distributed brute-force attacks is now in progress — we earlier discussed the first and second rounds — and that sloppy admin practice on Linux systems is the main enabler. As before, the article links to log data (this time 770 apparently already compromised Linux hosts are involved), and further references. "The fact that your rig runs Linux does not mean you're home free. You need to keep paying attention. When your spam washer has been hijacked and tries to break into other people's systems, you urgently need to get your act together, right now."

alphadogg quotes from a Network World piece reporting on ICANN's study of the prevalence of proxy services that shield registrants' personal information from WHOIS queries. "Approximately 15% to 25% of domain names have been registered in a manner that limits the amount of personal information available to the public... according to the preliminary results of a report from ICANN... Domain owners who want to limit the amount of personal information available to the public generally use a privacy [proxy] service. ... [Proxy services] register domain names on behalf of registrants. The main objective of ICANN's study — which was based on a random sample of 2,400 domain names registered under .com, .net, .org, .biz, and .info — is to establish baseline information to inform the ICANN community on how common privacy and proxy services are." Spammers and other miscreants abuse the ability to register domains by proxy, in order to avoid being found; but ordinary users have a legitimate interest in keeping their personal information out of the hands of those same bad actors. What's the right balance?

Today Spamhaus announced they are releasing a new list of IP addresses from which they've been receiving "snowshoe" spam — unsolicited email distributed across many IPs and domains in order to avoid triggering volume-based filters. "This spam is sent from many small IP ranges on many Internet Service Providers (ISPs), using many different domains, and the IPs and domains change rapidly, making it difficult for people and places to detect and block this spam. Most importantly, while each host/IP usually sends a modest volume of bulk email, collectively these anonymous IP ranges send a great deal of spam, and the quantities of this type of spam have been increasing rapidly over the past few months." A post at the Enemies List anti-spam blog wonders at the impact this will have on email service providers and their customers. The author references a conversation he had with an employee from one of these providers: "... I replied that I expected it to mean the more legitimate clients of the sneakier gray- and black-hat spammers would migrate to more legitimate ESPs — suggesting that it was, in the long run, a good thing, because ESPs with transparency and a reputation to protect will educate their new clients. His reply was essentially that this would be a problem for them in the short run, because it would swamp their new customer vetting processes and so on."

As Google Wave is about to be released to 100,000 beta testers tomorrow, reader snitch writes in with a link to an in-depth interview with Dhanji Prasanna, whose title is Core Engineer. It covers some of the technologies, tools, and best practices used in building Wave. "InfoQ: Would you like to give us a short technical outline of what happens to a message (blip) from the moment a user types it in the web client, until becomes available to every one else that is participating in that wave — humans or robots? ... Dhanji: Sure, a message written in the client is transformed into a series of operations that are sent to the server in real time. After authenticating and finding the appropriate user session, the ops are routed to the hosted conversation. Here these ops are transformed and applied against other incoming op streams from other users. The hosted conversation then broadcasts the valid set of changes back to other users, and to any listening robots. This includes special robots like the ones that handle spell checking, and one that handles livesearch (seen in the center search-panel), as well as explicit robotic participants that people have developed. Robotic participants write their changes in response to a user's and these are similarly converted into ops, applied and re-broadcast."

Nithendil writes "guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I've seen today, here's what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there."

RobinH writes "StackOverflow, the successful question-and-answer website for programmers, is now over a year old and its top user has just passed 100,000 reputation points. Now one of the creators of StackOverflow, Joel Spolsky, and his company Fog Creek, are developing a software-as-a-service form of the StackOverflow engine called StackExchange to support any topic you want. The software is currently in private beta, but the first few beta sites have surfaced. Topics include business travel, the home, parenthood, the environment, finance, and iPhone game development."

An anonymous reader writes "MessageLabs unveiled a list of the top US spammed states, with surprising results — the spam capital of the US is Idaho, with 93.8 percent of spam, far exceeding the global spam rate for September 2009 of 86.4 percent. Idaho has jumped 43 spots since 2008 when it was ranked the 44th most spammed state. The difference can be attributed to the resilient and aggressive botnet market as well as a higher volume of global spam that has ensued since the beginning of the credit crisis toward the end of 2008."

Techdirt is reporting that Malaysia seems to be jumping on the copyright/trademark bandwagon and attempting to protect the "ownership" of certain ethnic foods. Of course, this may just be a massive PR push in an attempt to grab some eyeballs. "Last year, around this time, we noted that the country of Lebanon was trying to claim that it owns hummus and other middle eastern foods, such as falafel, tabouleh and baba gannouj, and that no other country could produce them. It seems that other parts of the world are seeing the same sort of thing, as Malaysia is trying to declare that it owns popular Malaysian dishes, like nasi lemak."

TimmyC writes "This story may interest the Slashdot folk, many of whom use the reCAPTCHA anti-spam service. Well, reCAPTCHA is now owned by Google. Apparently, what attracted Google to ReCAPTCHA is that the company has linked its core authentication service with efforts to digitize print books and periodicals. The search giant has a massive (and controversial) effort underway in that area for its Google Books and Google News Archive services. Every time people solve a CAPTCHA from the company, they are also, as a byproduct, helping to turn scanned words into plain text that can be indexed and made searchable by search engines. Interesting times indeed."

A Schneier blog post notes that three would-be bombers were recently convicted in the UK thanks in large part to e-mail communication that was intercepted by the US National Security Agency. This was the second time the men had faced criminal charges; in the first trial, the prosecution was unable to make part of their case because they didn't yet have the e-mail evidence. "Although British prosecutors were eager to use the e-mails in their second trial against the three plotters, British courts prohibit the use of evidence obtained through interception. So last January, a US court issued warrants directly to Yahoo to hand over the same correspondence." The BBC posted a number of e-mails used as evidence in the trial. The communication is coded, and some of it looks like what you might find in your spam folder, but the article also provides the prosecution's explanation of what they mean.

Attila Dimedici writes "According to Cloudmark, 419 spammers are using the democrats.org website to relay email and bypass spam filters. 'The abuse, which dates back at least to the beginning of this month, helps evade filters that internet service providers employ to block the messages. ... The messages were sent courtesy of this page, which allows anyone with an internet connection to send emails. The PHP script employs no CAPTCHA or other measure to help ensure there is a real human being behind each email that gets funneled through the service. The service allows messages to be sent to 10 addresses at a time and even provides a way for people to import contacts they have stored in their address book.'"

space_in_your_face writes "Want to boost the popularity of your latest iPhone app? Ask Reverb Communications! 'When it comes to winning in the App Store, this PR firm has discovered a dynamite strategy: throw ethics out the window. Reverb Communications, a PR firm that represents dozens of game publishers and developers, has managed to find astounding success on Apple's App Store for its clients. Among its various tactics? It hires a team of interns to trawl iTunes and other community forums posing as real users, and has them write positive reviews for their client's applications. ... Reverb claims that their clients have sold over $2 billion of product under their watch.'"

Techdirt is reporting that one particularly rabid anti-spam fighter has not only lost his case, but most of his worldly possessions as well. James Gordon tried to set himself up as an ISP to get around the conventions of the CAN SPAM act in order to set up a litigation house designed to sue companies that spam. Unfortunately a judge did not take kindly to this trick and ordered him to pay $110,000 to the firm he was suing, a decision that was not only upheld on appeal but accompanied by some very unkind words trying to shut down litigation mills like his. "But, perhaps even more fascinating is that the guy, James Gordon, didn't just lose the lawsuit, it appears he lost most of his possessions as well. Remember that ruling telling him to pay the $110k to Virtumundo? He refused. The company sent the debt to a collections agency, but told Gordon they'd call off the collections agency if he dropped the appeal. Gordon didn't."

Rik van der Kroon writes "Major Dutch cable provider UPC has introduced a new network management system which, from noon to midnight, for certain services and providers, caps users' bandwidth at 1/3rd of their nominal bandwidth (Google translation; Dutch original here). After the consumer front for cable providers in The Netherlands received many complaints about network problems and slow speeds, UPC decided to take this as an excuse to introduce their new 'network management' protocol which slows down a large amount of traffic. All protocols but HTTP are capped to 1/3 speed, and within the HTTP realm some Web sites and services that use lots of upstream bandwidth are capped as well. So far UPC is hiding behind the usual excuse: 'We are protecting all the users against the 1% of the user base who abuse our network.'"

Vigile writes "Performance analysis on solid state drives is still coming into clarity as more manufacturers enter the fold and more of the drives find their way into users' hands. While Intel's dominance in the SSD market was once undoubted, newer garbage collection methods from Indilinx and Samsung are now balancing performance across the the major players. What hasn't been discussed in great detail yet is the effect that drive capacity can have on overall performance. Some smaller drives (64GB versus 128GB) will actually use fewer data channels from the controller chip and thus will have lower transfer speeds. The article compares drives using controllers from Indilinx, Samsung and Intel." Note that PCPer greedily spans this review over 12 pages. Next time maybe they can keep it down to something more reasonable.

maximus1 writes "A 59-year-old election law prevents Japanese candidates from blogging and twittering during the campaigning window. So, on Tuesday, 1,370 Japanese will stop all online activity. Candidates get a brief slot on public television, usually in the early or late-night hours when few are watching, to make their pitch. The rest of the time is spent campaigning in neighborhoods, walking through the streets, and making speeches outside railway stations. If opinion polls are to be believed, the Aug. 30 election could be the law's last stand. Voter turnout among the young is poor, and some believe it's because the old-fashioned method of campaigning has failed to energize a population that is surrounded by digital media from the day they are born. 'The Internet must be made available for election campaigns as soon as possible,' the Asahi Shimbun, Japan's second-largest newspaper, wrote in a recent editorial."

Ars Technica is reporting that domain tasting has been all but eradicated now that the full penalty for excessive cancellations has taken effect. "In 2008, ICANN decided to act. It allowed domain registrars to withdraw as many as 10 percent of their total registrations; they would face penalties for anything above that. Initially, ICANN adopted a budget that included a charge of $0.20 for each withdrawal above the limit, which was in effect from June 2008 to July of this year. Later, it adopted an official policy that raised the penalty to $6.75, the cost of a .org registration; that took effect in July 2009. The results have been dramatic. Even under the low-cost budget provisions, domain withdrawals during the grace period dropped to 16 percent of what they had been prior to its adoption. Once the heavy penalties took hold, the withdrawal rate dropped to under half a percent."

An anonymous reader writes "IM company Digsby has quietly included malware in an update to their client software that utilizes users' computing power and bandwidth while idle for a quick buck. When questioned, developers at Digsby claim that they have done no wrong and that users should not complain because the client software is 'free.'" The money-making distributed computing software is in addition to six "crapware" apps that users must refuse during installation. The terms of service that no one ever reads does describe the CPU- and bandwidth-robbing moneymaker, and its off switch is located behind the "Support Digsby" menu item.

holy_calamity writes "Yahoo research have started a private beta of a scheme that resurrects the idea of charging people to send email to cut spam. Centmail users pay $0.01 for each message they send, with the money going to a charity of their choice. The hope is that the feel good effect of donating to charity will reduce the perceived cost of paying for mail and encourage mass adoption, making it possible for mail filters to build in recognition of Centmail stamps."