What is Hackers' Pub?

Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.

1
0
0
1
0
0
0
0
0
lazarusholic @lazarusholic@infosec.exchange
Public

"Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime" published by USTreasury. , , , , home.treasury.gov/news/press-r

U.S. Department of the Treasury

Sanctions Imposed on DPRK IT Workers Generating Revenue for the Kim Regime

WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Song Kum Hyok, (Song), a malicious cyber actor associated with the sanctioned Democratic People’s Republic of Korea (DPRK) Reconnaissance General Bureau (RGB) hacking group Andariel.Song facilitated an information technology (IT) worker scheme in which individuals, often DPRK nationals working from countries such as China and Russia, were recruited and provided with falsified identities and nationalities to obtain employment at unwitting companies to generate revenue for the DPRK regime.  In some cases, these DPRK IT workers have been known to introduce malware into company networks for additional exploitation.  OFAC is also sanctioning one individual and four entities involved in a Russia-based IT worker scheme that has generated revenue for the DPRK. “Today’s action underscores the importance of vigilance on the DPRK’s continued efforts to clandestinely fund its WMD and ballistic missile programs,” said Deputy Secretary of the Treasury Michael Faulkender.  “Treasury remains committed to using all available tools to disrupt the Kim regime’s efforts to circumvent sanctions through its digital asset theft, attempted impersonation of Americans, and malicious cyber-attacks.”Today’s designation is part of the U.S. government’s objective to counter the DPRK’s efforts to advance its strategic goals through cyber espionage and revenue generation.  On March 2, 2016, the United Nations Security Council (UNSC) adopted Resolution 2270 designating the RGB for its role supporting the Kim regime’s unlawful weapons development.  Today’s action reaffirms that relevant UNSC resolutions remain in full force.  On September 13, 2019, OFAC designated the Lazarus Group, Bluenoroff, and Andariel:  all DPRK-sponsored cyber groups subordinate to the RGB, which have carried out numerous high-value virtual currency heists to offset the impact of U.S. and multilateral sanctions.  Additionally, on May 23, 2023, OFAC designated the Technical Reconnaissance Bureau, which leads the DPRK’s development of offensive cyber tactics and tools, and its subordinate cyber unit, the 110th Research Center.Illicit DPRK IT Worker SchemeSThe DPRK generates significant revenue through the deployment of IT workers who fraudulently gain employment with companies around the world, including in the technology and virtual currency industries.  The DPRK maintains a workforce of thousands of highly skilled IT workers globally, primarily located in the People’s Republic of China and Russia, who generate significant revenue that contributes to its WMD and ballistic missile programs.These workers are instructed to deliberately obfuscate their identities, locations, and nationalities, typically using false personas, proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs at these companies.  They target employers located in wealthier countries, utilizing a variety of mainstream and industry-specific freelance contracting, payment, and social media and networking platforms.  Applications and software developed by DPRK IT workers span a range of fields and sectors, including business, health and fitness, social networking, sports, entertainment, and lifestyle.  DPRK IT workers often take on projects that involve virtual currency, and they use virtual currency exchanges and trading platforms to manage funds they receive for contract work as well as to launder and remit these funds to the DPRK.KEY FACILIATOR FOR KIM REGIME’S OVERSEAS IT WORKFORCESong is a DPRK-based cyber actor who used foreign-hired IT workers to seek remote employment with U.S. companies and planned to split income with them.  In 2022 and 2023, Song used U.S. persons’ information, including names, social security numbers, and addresses to create aliases for the hired foreign workers.  The workers then used the accounts to pose as U.S. persons looking for remote jobs with U.S. companies.Song is being designated pursuant to Executive Order (E.O.) 13694, as further amended by E.O. 14306, for being responsible for or complicit in, or having engaged in, directly or indirectly, the receipt or use for commercial or competitive advantage or private financial gain, or by a commercial entity, outside the United States of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information misappropriated through cyber-enabled means, knowing they have been misappropriated, where the misappropriation of such funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information is reasonably likely to result in, or has materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States.ASATRYAN IT WORKER NETWORK Gayk Asatryan (Asatryan), a Russian national, has used his Russia-based companies to employ North Korean IT workers.  In mid-2024, Asatryan signed a 10-year contract with a DPRK company, Korea Songkwang Trading General Corporation (Songkwang Trading), to dispatch up to 30 DPRK IT workers to work in Russia for his company, Asatryan Limited Liability Company (Asatryan LLC).  Asatryan also signed a contract with DPRK company Korea Saenal Trading Corporation (Saenal Trading), in which they planned to dispatch 50 DPRK IT workers to Russia for his company, Fortuna Limited Liability Company (Fortuna LLC).OFAC designated Asatryan pursuant to E.O. 13722 for having attempted to engage in, facilitate, or be responsible for the exportation of workers from North Korea, including exportation to generate revenue for the Government of North Korea or Workers’ Party of Korea.  Asatryan LLC and Fortuna LLC are designated pursuant to E.O. 13722 for being owned or controlled by or acting or purporting to act for or on behalf of, directly or indirectly, Asatryan, a person whose property and interests in property are blocked pursuant to E.O. 13722.  Songkwang Trading and Saenal Trading are designated pursuant to E.O. 13810 for being North Korean persons, including North Korean persons that have engaged in commercial activity that generates revenue for the Government of North Korea or Workers’ Party of Korea.SANCTIONS IMPLICATIONS As a result of today’s action, all property and interests in property of the designated or blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.  In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked persons. Violations of U.S. sanctions may result in the imposition of civil or criminal penalties on U.S. and foreign persons.  OFAC may impose civil penalties for sanctions violations on a strict liability basis.  OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. economic sanctions. In addition, financial institutions and other persons may risk exposure to sanctions for engaging in certain transactions or activities involving designated or otherwise blocked persons. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated or blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person. The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the Specially Designated Nationals and Blocked Persons List (SDN List), but also from its willingness to remove persons from the SDN List consistent with the law. The ultimate goal of sanctions is not to punish, but to bring about a positive change in behavior.  For information concerning the process for seeking removal from an OFAC list, including the SDN List, or to submit a request, please refer to OFAC’s guidance on Filing a Petition for Removal from an OFAC List.For more information on the individuals and entity designated today, click here.To read the DPRK IT Workers Advisory, click here. 

home.treasury.gov · U.S. Department of the Treasury

0
0
0
lazarusholic @lazarusholic@infosec.exchange
Public

"US Treasury Sanctions North Korean Cyber Facilitator Linked to IT Worker Scheme" published by Trmlabs. , , , trmlabs.com/resources/blog/us-

US Treasury Sanctions North Korean Cyber Facilitator Linked to IT Worker Scheme | TRM Blog

The US Treasury sanctions North Korean cyber facilitator Song Kum Hyok for orchestrating an illicit IT worker scheme tied to DPRK’s WMD funding. Learn how North Korea exploits crypto, remote jobs, and false identities to evade sanctions.

www.trmlabs.com

0
0
0
⁸⁹⁶⁴小豆泥上学记 :verified_misskey: @nosquito@stelpolva.moe
Public

上午光顾着震撼去了,现在才想起来说,红姐那些视频真的狠狠震惊了我

那一堆男的,就这样,远远的跑过来,然后脱衣服,当一个无情的打桩机,没了,然后走人,无聊得令人震惊,我真的有点刷新世界观了,我点外卖都要45分钟呢……

说实话我之前没见过顺直男是怎么做爱的……我对异性恋doi的全部了解来自于porn……但是,porn演员都比这些人有真情实感,起码不会视线涣散,根本不看对方,纯粹发泄欲望……

RE: https://stelpolva.moe/notes/a9yue53ek6ge007s

1
0
0
1
0
0
0
0
0
Khürt Williams @khurtwilliams@indieweb.social
Public
Shared by just small circles 🕊

Important work happening around HTTP Signatures in the Fediverse. Stronger key validation, better digest handling, clearer test vectors—all steps toward more secure and trustworthy ActivityPub communication.
HTTP Signature Upgrades Coming Soon

activitypub.blog/2025/07/03/ht

HTTP Signature Upgrades Coming Soon

Ever wonder how your site proves it’s really you talking to the rest of the Fediverse? It’s not magic—it’s HTTP signatures, the digital equivalent of a secret handshake. With our next release, we’r…

activitypub.blog · ActivityPub for WordPress

Link author: ActivityPub for WordPress@activitypub.blog@activitypub.blog

0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
봄별 Haruboshi @haruboshi@aoharu.place
Public

오늘 브챗 하면서 얻은 새 아바타.

처음으로 친추도 해봤고(저 아바타도 처음 친추한 분의 도움으로 얻었습니다) 이런저런 알찬 브챗 라이프를 즐겼는데 이제 등급도 올라서 자캐를 업로드할 수 있는 권한도 주어졌으니 조만간 저만의 자캐 아바타로 찾아뵙겠습니다.

1
0
0
1
0
0
just small circles 🕊 @smallcircles@social.coop
Public
Shared by just small circles 🕊

Just now I added a list of protocol bridges to the delightful curated Fediverse Experience list. Check them out at:

delightful.coding.social/delig

The list was moved from delightful-activitypub-development, which will be overhauled (thanks to @nlnet) to fully focus on of new applications and services and evolution of the open standards of the ActivityPub family of social web technologies.

delightful fediverse experience

Delightful curated lists of free software, open science and information sources.

delightful.coding.social

0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Collabora Office @CollaboraOffice@mastodon.social
Public
Shared by nogajun🍉

Set up Collabora Online in minutes!

Watch how to set up Collabora Online on a Raspberry Pi or Linux system using the Collabora/CODE Docker image — simple and efficient.

☑️ Quick Raspberry Pi setup
☑️ Easy Docker installation
☑️ The simplicity of running Collabora Online without complex setups

🎬 Ready to get started? Watch the full guide: buff.ly/ddlzXH0

0
0
0
0
0
0
0
0
0
kazuhito @kazuhito@vivaldi.net
Public
Shared by GENKI

掲載いただきました、ありがとうございました / 木達 一仁氏 による「アクセシビリティ特別セミナー」を実施いたしました!(産学連携授業) - 東京電子専門学校 公式ブログ blog.tokyo-ec.ac.jp/%E6%83%85%

木達 一仁氏 による「アクセシビリティ特別セミナー」を実施いたしました!(産学連携授業) - 東京電子専門学校 公式ブログ

Web業界において黎明期よりWebアクセシビリティに取り組んでこられた、株式会社ミツエーリンクスの木達氏をお招

blog.tokyo-ec.ac.jp · 東京電子専門学校 公式ブログ - 東京電子専門学校の公式ブログです。学校の最新情報を発信しています

0
0
0
0
0
0
0
0
0
0
0
0
Tom :damnified: @thomas@metalhead.club
Public
Shared by Emelia 👸🏻

With Mastodon v4.4.0 instance owners can enable HTTP referrers. That means:

If somebody clicks a link in a Mastodon post (e.g. to a news article), the link target owner (such as the news site operator) can see that a user from that instance has visited their website.

They do _only_ get the instance domain (e.g. metalhead.club). No information about the user!

I've enabled this setting, because I am sure that it will increase awareness of Mastodon's existence. 💪

Edit: (in previous versions, Mastodon did not send referrer-Headers)

Screenshot shows setting for enabling the referrer.
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Fedify: an ActivityPub server framework @fedify@hollo.social
Public
Shared by 이찬행

🎉 Big thanks to @2chanhaeng이찬행 for his first contribution to ! He implemented the new fedify webfinger command in PR #278, which allows isolated lookups for testing configurations. This addresses the need for developers to test WebFinger functionality without performing comprehensive object retrieval.

The contribution includes:

  • A new fedify webfinger <handle> command that accepts @user@domain format handles or URIs
  • Clean JSON output of WebFinger JRD results
  • Proper error handling for invalid handles and lookup failures
  • Complete integration with help text and usage examples

This was originally filed as issue #260 and marked as a good first issue—perfect for newcomers to learn the codebase structure while contributing meaningful functionality. The PR has been merged and will be included in the upcoming Fedify 1.8.0 release.

We appreciate all first-time contributors who help make Fedify better for the entire community. Welcome aboard, ChanHaeng!

fedify: CLI toolchain | Fedify

The fedify command is a CLI toolchain for Fedify and debugging ActivityPub-enabled federated server apps. This section explains the key features of the fedify command.

unstable.fedify.dev

Link author: Fedify: an ActivityPub server framework@fedify@hollo.social

6
0
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
Hacker News 100 @hn100@social.lansky.name
Public

Phrase origin: Why do we "call" functions?

Link: quuxplusone.github.io/blog/202
Discussion: news.ycombinator.com/item?id=4

Phrase origin: Why do we “call” functions?

On StackExchange, someone asks why programmers talk about “calling” a function. Several possible allusions spring to mind: Calling a function is like calling on a friend — we go, we stay a while, we come back. Calling a function is like calling for a servant — a summoning to perform a task. Calling a function is like making a phone call — we ask a question and get an answer from outside ourselves. The true answer seems to be the middle one — “calling” as in “calling up, summoning” — but indirectly, originating in the notion of “calling for” a subroutine out of a library of subroutines in the same way that we’d “call for” a book out of a closed-stack library of books.

quuxplusone.github.io · Arthur O’Dwyer

0
0
0
Hacker News 100 @hn100@social.lansky.name
Public

Most RESTful APIs aren't really RESTful

Link: florian-kraemer.net//software-
Discussion: news.ycombinator.com/item?id=4

Most RESTful APIs aren’t really RESTful

When talking about REST, it is worth reading the dissertation of Roy Thomas Fielding. The original paper that describes RESTful web, “Architectural Styles and the Design of Network-based Software Architectures” Roy T. Fielding (2000), introduces the Representational State Transfer (REST) architectural style as a framework for designing scalable, performant, and maintainable networked systems, particularly web services.

florian-kraemer.net · Florian Krämer

0
0
0