Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
❝As I returned from the wilderness—back to the world of luxuries like hash tables & built-in libraries that I’d previously taken for granted—I brought back with me a new awareness of the intricacies of the machine, & maybe even a little hope. Forth is how Dupras prepares for the worst, but it’s also helping people like 
@neauoireDevine Lu Linvega & 
@rek code—and live—more sustainably. If we can all do that, perhaps the end of the world isn’t as inevitable as it seems.❞ Tiffany Ng in 
@WIRED
https://archive.ph/lm0x8
nuintari's rules of networking 0x26:
It isn't aways DNS. Sometimes it is BGP, and sometimes it is an ID10T with a backhoe.
And sometimes, it is an even bigger ID10T with a git push --force blaming DNS.
How to Delete Your 23andMe Data
Link: https://www.eff.org/deeplinks/2025/03/how-delete-your-23andme-data
Discussion: https://news.ycombinator.com/item?id=43486236
uspol, signal leaks, geopol, yemen
The one thing that fucks me up reading all these articles on the signal leaks is that not one journalist has even approached the subject of bombing Yemen. No one has been like "And why the fuck are we bombing Yemen?!"
Its all clutching pearls over how incompetent morons could have fucked up this bad, and how the trump admin really does hate europe that bad after all. Everyone in the media is tacitly accepting the framing that bombing Yemen will "serve US national interests" (read: make rich people richer) which is not only asinine, but violates human rights.
Corpos and mainstream journalists alike are up in arms over how service members were put in danger. But no one has asked why those service members were in danger in the first place?
Its all very frustrating. We should not be carpet bombing major civilian population centers, period. How is that a controversial take? Why do I feel like I'm the only one making this point? Am I going insane?
If we keep accepting the fascist's framing of events, they will win. Fucking stop, for the love of god.
- There are no known vulnerabilities for Signal that don't come down to "if you intentionally show someone your messages, they can see them". - The social-engineering/"linked devices" attack DOD/Google warned about was real, but since February it's not been exploitable in practice. Update your apps
To summarize - The use of Signal in the "Houthi PC Small Group Chat" was legitimately bad, for security, opsec and legal reasons - Signal is agreed by security experts to be the best available messenger; you should install it; it can and should replace your regular IM/SMS app.
There are laws about this. One expects the executive branch should be using communication methods/servers that comply with these laws. Signal—where by design no one retains or has the ability to read messages except the recipient's own phones—surely doesn't. I believe this is *why* they used Signal.
When the executive branch makes decisions, records need to be preserved for - Auditors and law enforcement, later investigating if a crime was knowingly performed - The *next* executive branch, in four years, following up on the decision - Historians, when everything's declassified decades from now
4. Government officials are subject to record retention laws that you are not.
I wrote about this last night— there's already been a lawsuit filed over the "Houthi PC small group" because of this: bsky.app/profile/chri...
RE: https://bsky.app/profile/did:plc:2aebn3xk5t63net43eeepire/post/3llalazio6k2y
I mentioned above if you message on Signal, the logs could get subpeonaed. I didn't mention that Signal has a "disappearing messages" feature, which could prevent that. But the other party could screenshot or copy the messages before the disappear. If that's a problem, don't put it in the computer!
It seems like information was being shared with this group chat simply because it is cool and interesting, and shared with members of the executive who simply would find it cool to be in the loop. Moreover, it seems the Trump WH is doing this regularly. How many other "small group" chats are there?
The chat included operational details of a specific bombing run. It's unclear why, say, Steve Witkoff was on this chat. Or the two people from the Treasury department. Did *everyone* need *all* these details? Honestly, Goldberg had *more* reason to review this data, to the extent he's a journalist!
The US government has entire systems whereby sensitive data doesn't leave certain rooms, and is seen only by cleared people who are entered in an access log. If you send a message to *eighteen cell phones*, the information could be anywhere, be shown to anyone, or seen over a recipient's shoulder.
Continuing: 3. Certain kinds of government information should only be accessed at specific secure sites. A good demonstration of this is that one member of the Hegseth chat—Steve Witkoff—was at that point physically in Moscow, visiting the Kremlin. (The White House says he didn't bring his phone).
But that's *you*. As for the DOD— The fact Mike Walsh was *able* to CC Jeffery Goldberg *is* a sign of why Signal is inappropriate for the White House's use! In Signal's address book your personal and professional contacts are commingled; there are no data access controls on who can join a group.
Signal also made changes in February making it harder to get phished like this; the UI now follows up awhile after linking, to make sure you meant it. If you want to verify the linked devices on your Signal account are legitimate, go to "Settings" on your phone and then tap "Linked devices". (3/3)
The DOD believes that Russian agents are attempting to trick DOD staff into adding the hostile agents to the DOD staff's Signal accounts, so that all their messages get forwarded to them. That would be bad, actually! It's not an attack *on Signal*. It would work with other types of messengers. (2/3)
2. Even if the messenger & phone are secure, the user can be hacked. Encryption doesn't help if the recipient of the message voluntarily shows it to another person. Or semi-voluntarily, even: "under threat", or "under subpeona from a government" or "accidentally CCed Jeffery Goldberg like a goofus"
It's possible Hegseth and Rubio are only doing work on phones cleared by White House technical staff and thus as secure as they could be. However, there were many people in the chat, and it is known that at least one member on that chat (Jeffery Goldberg) was using an insecure personal phone.
1. Even if the messenger is secure, your phone can be hacked. Phone OSes, especially from Apple, are pretty secure. But if your adversary is a nation-state, they sometimes find OS-level vulnerabilities. Pete Hegseth and Marco Rubio should assume they will be targeted by a nation-states.
I want to talk about this Associated Press article: apnews.com/article/hegs... Specifically, this sentence. I don't like this sentence! The wording implies Signal has known vulnerabilities. That's untrue. I think more people should use Signal, & don't want reporting to discourage people from it.
액티비티펍을 사용하는지는 중요하지 않지만 제품이 훌륭하면 그 기반이 되는 액티비티펍이 장점을 더욱 발휘하는게 있는 것 같음. 액티비티펍이 장점으로 먼저 내세워져서는 안되는 것 같음. 액티비티펍을 쓰는지는 개발자한테나 어필이 되는 것이 아닌가..
で、日本の大学はやれないのか?それとも既にやってるのか?/ 仏大学などが米研究者を受け入れへ トランプ政権の予算削減で | NHK | トランプ大統領 https://www3.nhk.or.jp/news/html/20250327/k10014761191000.html
Hackers Pub PWA 앱 만드는걸로도 한번 기여해보고 싶다
Google makes Android development private, will continue open source releases
Link: https://arstechnica.com/gadgets/2025/03/google-makes-android-development-private-will-continue-open-source-releases/
Discussion: https://news.ycombinator.com/item?id=43485950
소프트웨어 개발자들이 자주 틀리는 외래어 표기법.
| 영어 | 틀린 표기 | 올바른 표기 |
|---|---|---|
| app | 어플 | 앱 |
| application | 어플리케이션 | 애플리케이션 |
| directory | 디렉토리 | 디렉터리 |
| front-end | 프론트엔드 | 프런트엔드 |
| message | 메세지 | 메시지 |
| method | 메소드 | 메서드 |
| release | 릴리즈 | 릴리스 |
| repository | 레포지토리 | 리포지터리 |
또 있을까요?
기능적으로 눈에 바뀌는 것은 없겠지만, 아마 성능상으로는 약간의 개선이 있을 수 있습니다. 기존에는 복잡한 관계 필터를 서브쿼리 방식으로 해 왔는데, 릴레이셔널 API v2를 쓰면 JOIN으로 바뀌는 것 같아요. 물론 PostgreSQL의 쿼리 최적화기가 뛰어나다면 두 방식 중 어떤 방식을 쓰든 같은 실행 계획을 수립할 것이므로 성능 차이가 없을 수도 있지만요. 아니면 더 느려질 수도 있겠죠. 거기까지 세세하게 비교 테스트해보진 않았습니다. 😅
참고로 해당 변경은 이미 배포된 상태입니다. 아무튼 고생해주신
I just had another listen to 
@meljoann’s new album, Status. This time accompanied by the lyrics in one tab and the song breakdowns from an article in an Irish underground culture mag in another.
Doing so took my understanding of and connection to the album to greater depths. I could say a lot but I’ll keep it to three brief things here:
1. I’m looking forward to the Rainbow Language (Is For Losers) video.
2. It’s mad that the article goes through what the songs and album are about and then finishes with ‘Follow Meljoann on Insta’, with no mention of her Fedi profiles. 🤦♂️
3. I highly recommend you do the same:
- Listen here: https://faircamp.meljoann.com/status/
- Lyrics here: https://meljoann.com/album-lyrics/status/
- Track breakdown here: https://thethinair.net/2025/03/track-by-track-meljoann-status/
Oh and of course, if you like it then buy it!
Hackers' Pub에 글을 쓸만한게 뭐가 있을까 하고 생각해봤는데, 알고리즘 문제풀이 컨텐츠로 채우는것쯤은 금방금방 가능할 것 같지만 이런식의 양치기보다는 그래도 엑기스를 모아서 정제되어있는 형태의 글을 올리는게 나을 것 같아
주기적으로 홈 서버를 사고 싶다는 생각이 자꾸 드는데, 홈 서버를 산다면 무엇부터 설치하는게 나을까요?
When your brain constructs sentences like a program:
Then end up asking yourself; is this a programmer thing, a neurodivergent thing, or maybe even both? 
Playwright Tools for MCP
Link: https://github.com/microsoft/playwright-mcp
Discussion: https://news.ycombinator.com/item?id=43485740
@AlexWolfeAlexandra 🇺🇦 🇨🇦 thank you :)
What is the standard method of specifying primary language of a post in #ActivityPub?
Mastodon and Hollo add contentMap.[languageCode] to object. But Pleroma and Misskey don't.
And what if there are multiple keys in contentMap?
Fully cosigned. Signal is probably the best option that most people have for realistically secured sensitive communications. I have a lot of criticisms for them, but that doesn't mean there's a better option! Personally I think we all need to have a rule that if you are jumping ship on some tool, "it's insecure" is insufficiently detailed, because that is a phrase so vague as to be basically meaningless. What's the threat, what's the vulnerability, how does it fit into your threat model?
Farid Zakaria set out to build a Nix derivation from scratch—no helpers, just raw JSON! 🛠️ After battling errors, missing keys, and hashing surprises, he finally got it working. 🎉
Read the full adventure here: https://discourse.nixos.org/t/nix-derivations-by-hand/62089
If any journalist going to WWDC is reading this, I would love it if you could press folks involved with App Review to give a statement on what their plan is for when armed DOGE agents extrajudicially seize the app store's datacenters in order to deploy tracking software to migrants & trans people's phones.
Not a shitpost; this is a serious question. This is not a plan that we will get to develop after the fact. Do they have a hot spare of their trust root in a different jurisdiction?
When your brain constructs sentences like a program:
Then end up asking yourself; is this a programmer thing, a neurodivergent thing, or maybe even both?
New Signal update just dropped
r) 연대합니다!! 일을 계속 해야 하는 분들은 이렇게 지지하는 내용의 글을 올리셔도 오케이!! 저도 회사에서 자체적으로 일을 게을리 해보겠습니다.. 뭐든지 하기 눈치보이고 나쁜 회사를 다니는 죄인 입장에서 슬프지만... 뭐라도 해봐야지요
silverpill shared the below article:
洪 民憙 (Hong Minhee) @hongminhee@hackers.pub
최근 X(구 Twitter)를 떠나는 사용자들이 늘면서 Bluesky에 대한 관심이 높아지고 있습니다. Bluesky는 깔끔한 인터페이스와 과거 Twitter와 유사한 사용자 경험을 제공하며, '신뢰할 수 있는 이탈'이라는 매력적인 개념을 내세워 X의 유력한 대안으로 떠오르고 있습니다. 하지만 이 글에서는 Bluesky와 그 기반 프로토콜인 AT Protocol이 연합우주(fediverse)의 대안이 될 수 없는 이유를 설명합니다. Bluesky는 메시지 전달 방식 대신 공유 힙 방식을 사용하며, 이는 중앙 릴레이에 의존하게 만들어 탈중앙화의 이상과는 거리가 멀어집니다. 또한, 전역 뷰에 대한 집착은 차단 목록의 전체 공개와 같은 개인 정보 보호 문제를 야기하며, AT Protocol은 아직 특정 사기업에 의해 주도되고 있어 개방형 표준으로서의 한계를 가지고 있습니다. Bluesky는 이동 가능한 아이덴티티를 제공하지만, 여전히 중앙화된 요소에 의존하고 있으며, DM은 완전히 중앙화되어 있습니다. 결론적으로, Bluesky는 X의 훌륭한 대안이 될 수 있지만, 연합우주가 제공하는 탈중앙화된 가치와 경험을 대체하기는 어려울 것입니다. 이 글을 통해 Bluesky와 연합우주의 차이점을 명확히 이해하고, 자신에게 맞는 플랫폼을 선택하는 데 도움이 될 것입니다.
Read more →It's appropriate that people say “ironic” when they mean “appropriate” because that's ironic.
This is not how you report a security issue:
https://rachelbythebay.com/w/2025/03/25/atop/
Neither is this:
https://rachelbythebay.com/w/2025/03/26/atop/
You can certainly do it this way, but it’s going to cause all sorts of unnecessary pain and bad days. Hundreds of people are going to have their weeks upended because of this choice.
There are norms and standards around reporting security issues, and even the most cursory web searches will turn them up. Please try to follow them.
#meermittwoch
'Geh- / Wanderwege' #FotoVorschlag
Wandern an der Biskaya 08 / 2025
Doctors invariably won't take the time to truly listen and solve the problems you're facing if they don't have an easy answer, but then they get annoyed when you start trying to figure it out for yourself or question their conclusions. Cue the comments about Doctor Google. Well, I wouldn't have to do my own research or question the conclusions you draw if any of you would actually listen to what I need and carry things to completion, so maybe keep the snark and attitude to yourself, doctor.
I'll just live with the same problems for the rest of my life, and be gaslighted about their existence while I'm at it. Sounds great! Thanks! /s
Kilo Code: Speedrunning open source coding AI
Link: https://blog.kilocode.ai/p/kilo-code-speedrunning-open-source-coding-ai
Discussion: https://news.ycombinator.com/item?id=43483802
DNA見てもらった方〜
악하
echo ✨
