Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
みなさまおはようございます。
今日もみなさまにとってお健やかに素敵な1日がおとずれますように。
Crypto vulns in DuckDB. I don't have a deep understanding of cryptography but these ones are pretty simple to grasp.
https://github.com/duckdb/duckdb/security/advisories/GHSA-vmp8-hg63-v2hp
The DuckDB can fall back to an insecure random number generator (pcg32) to generate cryptographic keys or IVs.
When clearing keys from memory, the compiler may remove the memset() and leave sensitive data on the heap
By modifying the database header, an attacker could downgrade the encryption mode from GCM to CTR to bypass integrity checks.
Failure to check return value on call to OpenSSL rand_bytes()
"MacKenzie Scott demonstrated the power of trusting grantees. Here in the Second Gilded Age, we need to model her sense of urgency and transparency. What is the point of so much concentrated wealth if it isn't improving the world?" From the Nov/Dec issue of the Chronicle of Philanthropy, page 10. https://www.philanthropy.com
@catsaladCatSalad🐈🥗 (D.Burch) 
It's a FOSS Stop: Free as in mattress.
If you have Firefox still set to Google as your default search engine and you don't want Firefox to offer you a context menu item "Search Image with Google Lens" (when you're over an image), the about:config preference you want is browser.search.visualSearch.featureGate (set to false). This will also disable this feature for any other search engine that Mozilla adds a visual search option for in the future.
秋の陽 秋の葉
#マストドン写真部 #photography #eosR8 #RF70200F4
I think it’s worth taking a moment to appreciate all the non technical work that goes behind this announcement.
The KDE e.V. and broader ecosystem is mature enough to develop working relationships with a major vendor, and keep working with them!
Congrats to the whole 
@kde ecosystem for these massive news again!
Anthropic invests $50B in US AI infrastructure
Link: https://www.anthropic.com/news/anthropic-invests-50-billion-in-american-ai-infrastructure
Discussion: https://news.ycombinator.com/item?id=45901543
おはようございます。
みんなのうたでミスターシンセサイザー流れててたまげた
Apple sure must be happy with all these "Sent from my iPad" screenshots going around!
#Valve announces desktop machine and #VR goggles powered by KDE's #Plasma desktop.
Ioannis Yannas invented artificial skin for treatment of burns–dies at 90
Link: https://news.mit.edu/2025/professor-ioannis-yannas-dies-1027
Discussion: https://news.ycombinator.com/item?id=45783411
Some of y'all are running servers with longer uptime than my heart. Maybe schedule some maintenance before it gets scheduled for you.
This is both literal and figurative.
ohayo
too much CPU usage? the apparently bit-banged parallel port would desync, and you'd print gibberish instead of labels.
the difference between "prints fine" and "too much CPU" could be as little as moving the mouse around "too much"
remember: the printer's vision is based on movement. keep still, and it won't see you
since "oh no chinese products" has come up in my replies a bunch recently: everything is made in china, only bringing it up when the product is shoddy is literally racism, fuck sinophobia.
if anyone has a problem with the "fediverse users always offer unsolicited technical advice, even on joke posts" trend, I can highly recommend bluesky.
they do exactly the same thing except they're coincidentally completely wrong about the advice and your problem and how any of this works
MASTODON DOT EGG:
"AT LEAST OUR REPLYGUYS KNOW LINUX"
the NTP foundation (yeah the time thing) is begging for scraps of cash, like a few thousand dollars - a low level manager at amazon, google, apple and meta could each whip out the corp credit card, give them $5k each and problem solved, but no, they're too far up their own arse to do that
Launch HN: JSX Tool (YC F25) – A Browser Dev-Panel IDE for React
Discussion: https://news.ycombinator.com/item?id=45903161
I bet a factory reset would fix me
Boost if you want less generative AI in your tech in 2025.
well that was fun. my server 'sploded while i was in the middle of german class. all fixed and i still did the work tho, so i am keeping my cyborg 'cred 
This Trump/Epstein stuff is so typical of a modern political "scandal," in that ... we know he did it. He knows he did it. Everyone knows he did it & everyone knows that everyone knows he did it. There is zero "did he do it?" involved here. The whole thing is about ... what, exactly?
RE: https://infosec.exchange/@mttaggart/113694884783855934
Since this yet again getting boosts, time's running out to pile on in 2025.
never been disappointed by a 
@404mediaco404 Media read but this one quote is my recent work life frfr
“And then you have librarians who are experiencing a real existential crisis because they are getting asked by their jobs to promote [AI] tools that produce more misinformation. It's the most, like, emperor-has-no-clothes-type situation that I have ever witnessed.”
https://www.404media.co/ai-is-supercharging-the-war-on-libraries-education-and-human-knowledge/
The first 4 minutes are of Hank yelling at the Internet—and I am here for it.
“Why is the Internet so hard now?!”
the inside of the Steam Machine is just as compact as the Xbox Series X in an even smaller cube. The GabeCube, if you like
Looks like Elon Musk botched X's passkey and security key switchover, and users are reporting that they're getting stuck in endless loops and, in some cases, getting locked out of their accounts.
Elon Musk's X botched its security key switchover, locking users out | TechCrunch
As part of an effort to retire the old Twitter.com domain, X is requiring passkey and security key users to re-enroll — but are getting stuck in endless loops and unable to finish.
techcrunch.com · TechCrunch
Link author: 
Zack Whittaker@zackwhittaker@mastodon.social
@zackwhittaker its for the best
카테고리로 로직생각하는거 왜이리 재밌지
나도 수학 잘하거싶다 ㅠㅠㅠ
교수 말 무시하고 SIGL부터 다 읽을까
Looks like Elon Musk botched X's passkey and security key switchover, and users are reporting that they're getting stuck in endless loops and, in some cases, getting locked out of their accounts.
Elon Musk's X botched its security key switchover, locking users out | TechCrunch
As part of an effort to retire the old Twitter.com domain, X is requiring passkey and security key users to re-enroll — but are getting stuck in endless loops and unable to finish.
techcrunch.com · TechCrunch
Link author: Zack Whittaker@zackwhittaker@mastodon.social
Reminder that AI is "propping up" the economy the same way a tape worm props up your metabolism.
It has completely choked off all capital investment to any other activity for years. It completely devours resources needed by any other endeavor. And for all that, it produces practically nothing that people want or need. It's strangling the economy.
Early evidence suggests that mRNA COVID-19 vaccines, when given shortly before cancer immunotherapy, may significantly boost survival rates by activating the immune system. https://www.japantimes.co.jp/commentary/2025/11/12/world/can-covid-19-vaccine-save-cancer-patients/?utm_medium=Social&utm_source=mastodon #commentary #worldnews #mrna #covid19 #vaccines #health #medicine #cancer
RE: https://infosec.exchange/@mttaggart/113694884783855934
Since this yet again getting boosts, time's running out to pile on in 2025.
If releasing the Epstein files would end your presidency, then your presidency must end. It’s that simple.
오늘 수능이라고 하니까, 2년전 마카님 수능보러 간 것 생각남...
RE: https://802.3ether.net/users/news_society/statuses/115538803051164541
Anyone have a good online source for first aid supplies? I’m doing my annual FAK restocks and trying to get away from Amazon.
Edit: lots of people recommending local pharmacies. I appreciate the thought to shop local, but my local pharmacies are hilariously ill-provisioned. Many don’t have simple things like roll gauze and 4x4s, let alone more specialized supplies like hemostatic gauze, occlusive dressings, etc.
대전·세종·충남 아침 짙은 안개…수험생 이동·교통 안전 주의
(대전=연합뉴스) 이주형 기자 = 2026학년도 대학수학능력시험 날인 13일 대전·세종·충남지역은 대체로 맑은 가운데, 아침까지 가시거리 200...
https://www.yna.co.kr/view/AKR20251113008600063
We're excited to announce we're opening applications for our Product/UX team, the Alchemist Circle! If you're excited about becoming a core influence on a FOSS project working to reshape what it means to sell as an indie creative in our world, apply here!👉https://forms.gle/sTynxKazK7G6jqZq6
simple storage as a service is our passion
We're excited to announce we're opening applications for our Product/UX team, the Alchemist Circle! If you're excited about becoming a core influence on a FOSS project working to reshape what it means to sell as an indie creative in our world, apply here!👉https://forms.gle/sTynxKazK7G6jqZq6
I bet a factory reset would fix me
Now I know why my dresser drawer is always open no matter how many times I close it.
We're potentially looking for a professional and technical writer with experience in vulnerability research to help with the backlog of Labs research waiting to be published.
If you might be a fit, please contact us with a CV/profile at hello@watchTowr.com
Gecko-engine browser users, which browser do you use?
#geckobrowserengine #GeckoEngine #firefox #iceraven #ironfox #firefoxfork #firefoxforks #weblibre #weblibrebrowser #mull #mullvadbrowser #mullvad_browser #mullvadfirefox #librewolf #librewolfbrowser #mozilla #mozillafirefox #mozilla_foundation #fennec #firefoxfocus #askfedi #poll #polls
if anyone has a problem with the "fediverse users always offer unsolicited technical advice, even on joke posts" trend, I can highly recommend bluesky.
they do exactly the same thing except they're coincidentally completely wrong about the advice and your problem and how any of this works
Felix Häcker
🦄🦄🦄 
nixCraft 🐧
daniel:// stenberg://
Em 
Kat Marchán 🐈
