Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
Tapestry’s app can now de-dupe your social feeds https://techcrunch.com/2025/04/08/tapestrys-app-can-now-de-dupe-your-social-feeds/
3Dセキュア、何が3Dなのかわかってない
yeah, one could say i'm a little alarmed that zionists are publicly talking about where to deport all the palestinians in gaza to, and are putting forth the island of socotra—an island of 60,000 people and its own history and language, but to these zionists is an island with "almost no inhabitants"—which is sickeningly alike the european plan in the 20th century to mass deport jewish folk to madagascar.
I changed my name to a gender neutral name because of this on all the delivery apps
Guys, for someone who wants to make a GTK + libadwaita application but doesn't know anything about either technology, where do you recommend starting to study?
I continue to be incredibly frustrated with how difficult it is to fabricate a test virtual machine from an arbitrary #NixOS configuration and have that test virtual machine actually match the real thing on basic details like the (virtualized) disk layout and filesystem mounts.
Maybe I'm doing something weird here, but basically all the tests I want to do before pulling the trigger on a real installation are invalidated by this semantic gap!
Zig doing "compilation in one unit" vs Rust doing "permanent compilation" (dear god andrew if you ever read this i am so sorry) is an interesting tradeoff here for sure
Fediverse Report – #111
A new security fund for the fediverse, and the Lemmy developers held an AMA.
The Nivenly Foundation, the organisation that administers the Hachyderm.io instance, is opening a new security fund to sponsor contributors who disclose security vulnerabilities. All software has security vulnerabilities, and the fediverse is no exception. The recent Pixelfed vulnerability, which affected non-Pixelfed servers, is a clear example of how fediverse software can make software vulnerabilities more complex due to the interaction between different software platforms.
The Nivenly Fediverse Security Fund will sponsor $250 USD for vulnerabilities that are rated as high risk (7-9 CVSS score) and $500 USD for vulnerabilities with a critical score (9+ CVSS). The program will run until the end of September 2025. Nivenly members “hold a member vote to determine if we want to continue the program, and to establish a longer-term committee to steward and maintain the program.”
Last week, I wrote how Pixelfed’s vulnerability actually showed three different problems: The main problem is Pixelfed’s software vulnerability itself, but there were also two other problems: other software like Mastodon do not make it clear which risk comes with their private posts feature. And once a leak like this one happens, very few fediverse software admins communicated to their users that they might have been affected.
A security fund contributes to combating software vulnerabilities, but it can also help with communication to the rest of the fediverse once a vulnerability is found. It incentives that standard industry practices regarding software vulnerability get followed, and make communication clearer to a wider audience. For example, if Pixelfed’s recent vulnerability had gotten a CVSS classification, it might have been easier to make the severity of the vulnerability explicit to other fediverse software admins. In turn, this might have made it more likely that server admins would communicate the situation with their users.
In last week’s email essay I also wrote about how the fediverse is missing governance infrastructure that connects the various independent nodes and communities. One way to view the fediverse is as a response to centralised Big Tech platforms. These platforms have centralised governance, and are under the control of few people. The fediverse’s response to this is to build a social network that consists of tens of thousands of independent communities, all with their own governance structure. The fediverse has been successful in decentralising the single entity that oversees a social network into many pieces that all oversee a small portion of the network. But it has struggled to build a governance structure that ties all these individual pieces together again.
The Nivenly Fediverse Security Fund is a good example of this problem: software security impacts all the thousands of independent fediverse communities, but there is no overarching structure to collaborate and improve the security. It took one server taking the initiative into their own hands and provide a service for the entire network, at their own cost. Ideally, communities would collaborate on such a security fund instead. Nivenly’s announcement does leave space for such a future direction of the fund, saying that they are open to “establish a longer-term committee to steward and maintain the program”.
Note: if you sign up for my email newsletter, you get a weekly essay about the open social web that I do not publish anywhere else. You can sign up right here:
The Lemmy developers, Dessalines and nutomic, held an Ask Me Anything recently, and here are some of the answers that stood out to me:
Ahoy! is a one-day conference for the European Social Web, and will be held on April 24th 2025 in Hamburg, Germany. The conference is mainly focused on Bluesky and the AT Protocol, and has some super fascinating speakers of people who are in the forefront of building new communities on the open social web. If you’re around I can definitely recommend it. I’ll be doing some interviews with people there, so if you are considering joining, let me know and we can say hi!
That’s all for this week, thanks for reading! You can subscribe to my newsletter to get all my weekly updates via email, which gets you some interesting extra analysis as a bonus, that is not posted here on the website. You can subscribe below:
Fediverse Report #111
This week's news:
- A new security fund for the fediverse, by Hachyderm.io's parent organisation 
@nivenlyThe Nivenly Foundation
- The Lemmy developers held an AMA, in which they talked about the upcoming 1.0 release of Lemmy and more.
I think the Fitbit is useful by Heisenberg's principle - simply because I'm observing and measuring my behaviour, it's changing. Hopefully for the better 😅
Another one of my stash busting projects is the Sprig Slipover by Sarah Opie. This pattern only has 18 projects on Ravelry and I don't know why. It looks amazing and it's only garter slip stitch. Knit in 4 colours, switching every two rows. This is a perfect project for an ambitious beginner. #knitting 
@knittingknitting group https://www.ravelry.com/patterns/library/sprig-slipover-vest
I ordered something from Apple 3 weeks ago and it's been sitting for a week and a half now waiting for customs clearance. Is this just how things work now?
Fediverse Report – #111
A new security fund for the fediverse, and the Lemmy developers held an AMA.
The Nivenly Foundation, the organisation that administers the Hachyderm.io instance, is opening a new security fund to sponsor contributors who disclose security vulnerabilities. All software has security vulnerabilities, and the fediverse is no exception. The recent Pixelfed vulnerability, which affected non-Pixelfed servers, is a clear example of how fediverse software can make software vulnerabilities more complex due to the interaction between different software platforms.
The Nivenly Fediverse Security Fund will sponsor $250 USD for vulnerabilities that are rated as high risk (7-9 CVSS score) and $500 USD for vulnerabilities with a critical score (9+ CVSS). The program will run until the end of September 2025. Nivenly members “hold a member vote to determine if we want to continue the program, and to establish a longer-term committee to steward and maintain the program.”
Last week, I wrote how Pixelfed’s vulnerability actually showed three different problems: The main problem is Pixelfed’s software vulnerability itself, but there were also two other problems: other software like Mastodon do not make it clear which risk comes with their private posts feature. And once a leak like this one happens, very few fediverse software admins communicated to their users that they might have been affected.
A security fund contributes to combating software vulnerabilities, but it can also help with communication to the rest of the fediverse once a vulnerability is found. It incentives that standard industry practices regarding software vulnerability get followed, and make communication clearer to a wider audience. For example, if Pixelfed’s recent vulnerability had gotten a CVSS classification, it might have been easier to make the severity of the vulnerability explicit to other fediverse software admins. In turn, this might have made it more likely that server admins would communicate the situation with their users.
In last week’s email essay I also wrote about how the fediverse is missing governance infrastructure that connects the various independent nodes and communities. One way to view the fediverse is as a response to centralised Big Tech platforms. These platforms have centralised governance, and are under the control of few people. The fediverse’s response to this is to build a social network that consists of tens of thousands of independent communities, all with their own governance structure. The fediverse has been successful in decentralising the single entity that oversees a social network into many pieces that all oversee a small portion of the network. But it has struggled to build a governance structure that ties all these individual pieces together again.
The Nivenly Fediverse Security Fund is a good example of this problem: software security impacts all the thousands of independent fediverse communities, but there is no overarching structure to collaborate and improve the security. It took one server taking the initiative into their own hands and provide a service for the entire network, at their own cost. Ideally, communities would collaborate on such a security fund instead. Nivenly’s announcement does leave space for such a future direction of the fund, saying that they are open to “establish a longer-term committee to steward and maintain the program”.
Note: if you sign up for my email newsletter, you get a weekly essay about the open social web that I do not publish anywhere else. You can sign up right here:
The Lemmy developers, Dessalines and nutomic, held an Ask Me Anything recently, and here are some of the answers that stood out to me:
Ahoy! is a one-day conference for the European Social Web, and will be held on April 24th 2025 in Hamburg, Germany. The conference is mainly focused on Bluesky and the AT Protocol, and has some super fascinating speakers of people who are in the forefront of building new communities on the open social web. If you’re around I can definitely recommend it. I’ll be doing some interviews with people there, so if you are considering joining, let me know and we can say hi!
That’s all for this week, thanks for reading! You can subscribe to my newsletter to get all my weekly updates via email, which gets you some interesting extra analysis as a bonus, that is not posted here on the website. You can subscribe below:
Steven “stargate” Universe.
Tess (Renfrewshire, Scotland) likes to be brushed, but only if she is free to groom her human at the same time. It must be a two way exchange.
Oh my god the new Game Changer
Vic is a fucking MENACE
いとこの所のねこさん
My cousin's cat
#猫 #cat #かわいい #カワイイ #可愛い #kawaii #cute #cutie #スーツケース #suitecase #エース #ace #catphotography #animalphotography #photography
Building the System/360 Mainframe Nearly Destroyed IBM
Link: https://spectrum.ieee.org/building-the-system360-mainframe-nearly-destroyed-ibm
Discussion: https://news.ycombinator.com/item?id=43619229
Allergy test tomorrow, hot damn am I going to be happy to go back on the antihistamines immediately after.
I was starting to question whether they were doing anything, whether I needed them - yup!! Once they wore off, the increase in snots and sneezes and itchy eyes has been obvious. I'm more tired too, when that's all going on.
👋💻 Hey #Developers!
🆓✨ Libre React UI Alert!
FOSS-UI: A freedom-respecting UI library (Radix UI-based).
🔧 Features:
✅ Navbars/Sidebars
✅ Sign-Up Forms
✅ Copy-paste-ready
✅ 100% Libre
🌐 Demo/Docs (decentralized):
https://bafybeihpnjgdjrc7eujhsj4rvfypylfoyr2va2m5usnca3wiz5dg7ky6b4.ipfs.dweb.link/
📂 Repo: https://codeberg.org/MukiOpenSource/FOSS-UI
Join the libre movement! 🌍
Use, study, modify, share! - Becouse software should empower everyone!
[GitHub] Found means fixed: Reduce security debt at scale with GitHub security campaigns (2025-04-09)
You can press Ctrl-L while in the shell to clear the screen.
i'm grumpy that all the modern open source collaborative markdown document editors (but probably also the closed source ones) don't actually let you see or edit the markdown source of the docs anymore (tried so far: docmost, appflowy, affine [well, that one's just totally over the top]). i want to replace my NIH solution, but howww
edit: should have written that i mean web-based
So this is weird I think. Gmail is sending me emails for someone else but their email is the same as mine except it has a period in it. Is this expected?
Like, should I recieve emails for my.same.email@gmail.com and that person just gave out the wrong email address? Or is this a Gmail bug?
이건 홀로의 문제인가 미스키의 문제인가...
RE: https://hollo.ingyeo.net/@everclear/019614c9-8b5f-7090-992e-b66f08c9193e
@paul_ipv6 
@nixCraftnixCraft 🐧
Ok, that’s actually kinda good because you have no idea how the puppy was raised or where it came from…
ゆかりさんお顔
Meta got caught gaming AI benchmarks
Link: https://www.theverge.com/meta/645012/meta-llama-4-maverick-benchmarks-gaming
Discussion: https://news.ycombinator.com/item?id=43620452
Is it a mystery?
has anyone coaxed the #rp2350 into using PSRAM with embassy-rs? I couldn't find an obvious example in my searches this morning. I did find some arduino startup code that I can probably translate and adapt, but if someone has already done the heavy lifting, that would save me some effort! #rust #embeddedrust #rustembedded #pico2
'Unstoppable force' of solar power propels world to 40% clean electricity
Link: https://news.sky.com/story/unstoppable-force-of-solar-power-propels-world-to-40-clean-electricity-report-finds-13344230
Discussion: https://news.ycombinator.com/item?id=43620007
#Calculemus: Demostraciones con Lean4 y con Isabelle/HOL de "Si f es inyectiva, entonces f⁻¹[f[s]] ⊆ s". https://jaalonso.github.io/calculemus/posts/2021/06/09-imagen_inversa_de_la_imagen_de_aplicaciones_inyectivas/ #LeanProver #IsabelleHOL #Math
dreckly: pkgsrc fork focused on quality and portability to all UNIX-like platforms via 
@fs111 https://lobste.rs/s/spjeuv #dragonflybsd #freebsd #linux #netbsd #openbsd #unix
https://github.com/drecklypkg/dreckly
No conocía esto de #portfolioday
¿Existe algo así como un portfolio de podcasting?
Si fuese así este sería el mío:
- Colaborador en 
@ultimosfeedLos últimos de FEEDlipinas con 
@DavidMarzalCDavid Marzal hablando sobre Podcasting 2.0
- Colaborador en Enredando recomendando podcasts de tecnología
- Podcast personal sobre tecnología, sobre todo: 
@disperso
- Podcast con mi hijo: 
@charlasconaita
- Podcast friki con 
@iregidorIgor: 
@orbitafrikiÓrbita Friki
ディビジョン2、何のイベントかしらんが敵にウサ耳生えててキモい。十字キー↑でアクティブMod強制発動問題は発動キーを↓にして解決したのね。なるほど最初からやれや。
Explain “free as in beer” concept in opensource like I’m five.
看見Linus再不是我頭像那個樣子,就覺得自己真的老了
年老的Linus感覺像絕地大師…
P.S. 不過他才55歲而已 
https://github.blog/open-source/git/git-turns-20-a-qa-with-linus-torvalds/
tl;dr: compilers are magic, but they're also not magic thanks for coming to my ted talk
now, this isn't always true! #cpp folks have been investigating adding pattern matching, even though they have std::variant
Sometimes, it generates the same code, but is just way harder to write: godbolt.org/z/59rWd1E45
or if you want to get fancy (got help for this one) godbolt.org/z/6W4b89GKd
Compiler Explorer
here, we have a language feature (range types in Ada) and a library feature (just write some code in rust) you'd think that because it's a language feature, you could optimize it more in Ada. but in practice, llvm is quite good at sorting this out, and you get good code anyway
'Inktzwarte dag voor het Nederlandse onderwijs'
🟥
Eerste Kamer neemt begroting van het Ministerie van Onderwijs, Cultuur en Wetenschap (OCW) (en daarmee de bezuinigingen van meer dan een miljard op het hoger onderwijs) aan
It's nice when you finish a bit of work that goes well and requires no yak shaving in order to get done.
For the past week I've been struggling again with the #frontend bits of #ONI, the single user #ActivityPub server, when I decided to take a little break and work on something else.
So today I've add support for the traversal resistant file API for the FS storage part of #GoActivityPub. I'm still waiting for the symlink support to be added in the next major #Go version, but other than that we've increased robustness a little bit despite it being designed mainly for full transparency development work and not being run in production environments.
米ベッセント財務長官 関税をめぐる交渉「日本は非常に早く交渉に名乗りをあげたので優先される」 | TBS NEWS DIG (1ページ) https://newsdig.tbs.co.jp/articles/-/1839727
やっぱ自民有能だわ
The quick fix has been published - #Fedilab 3.32.1
Fixed:
- Fix a crash on some devices
- Hide quote button
- Fix a layout issue with pictures in landscape
- Fix a crash when opening the original message from a picture
Connected Places
잉어구이
Dr. Anna Latour
