Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
#Gießen: Bündnis widersetzt sich Aufmarsch der Höcke-Jugend. Musik von #lebenslaute wird auch dabei sein.
https://www.taz.de/!6132815
#Gießen: Bündnis widersetzt sich Aufmarsch der Höcke-Jugend. Musik von #lebenslaute wird auch dabei sein.
https://www.taz.de/!6132815
2시간밖에 못잤네
大いに喋って許される存在がいるというのは本当に最後の砦だと思っている
⚠️注意⚠️
排ガス規制によって50ccの原付の生産が終了し、新基準原付(最高出力4.0kW以下に制御された110ccなど)が出てきました
その際取得している免許の区分で運転できる車種が変わったわけですが、これは「新基準原付」として発売されるバイクは50cc以上の排気量でも原付免許で運転できるのであって、原付免許で通常の110ccや125ccを運転出来るようになったわけではないので注意しましょう
通常の110ccや125ccに乗る場合は最低でも小型二輪免許を取りましょう
The #Zig language has moved from #GitHub to #Codeberg. Read about the why and how at https://ziglang.org/news/migrating-from-github-to-codeberg/
処方箋の話
一日を色々頑張りすぎて目が冴えてしまい、
眠りにつくまでの時間が増えつつあったので処方量を少し増やしてもらったンゴ
Midi Meets CSS out now!
@btconfbeyond tellerrand
compiler errors per questionable undulation
Was ist eigentlich das gegenstück zu kernkompetenz? Schalenkompetenz?
"요즘 누가 강의 듣나요" 학생들 돌변…대학가에 무슨 일이
수정2025.11.27 15:11
AI가 '대신 듣는' 시대…대면 교육 위기
암기식 시험 치르는 교양 수업서 두드러져
학생들 사이서 족보 대신 녹음본 거래도
"대학가 AI 과도기 봉착…가이드라인 시급"
www.hankyung.com/article/2025...
"요즘 누가 강의 듣나요" 학생들 돌변…대학가에 무슨 ...
the site is called medium because nothing on it is ever rare or well done send toot
우리 집 양손검들 보고 가세요
Was ist eigentlich das gegenstück zu kernkompetenz? Schalenkompetenz?
About 1.5 years ago my friend was (wrongly) accused of terrorism.
All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).
Of course police didn’t find any evidence. Culprit that framed my friend (and many others) got arrested recently (article in Polish).
Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.
Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.
My crime is that of curiosity
As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.
Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.
If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.
Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:
Rough execution flow:
Quincy
💨ヴォォ 
✧✦Catherine✦✧
pkg update
1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules
4. Module 'hid_akeys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
- /data/local/tmp/chrome-command-line
- /data/local/tmp/android-webview-command-line
- /data/local/tmp/webview-command-line
- /data/local/tmp/content-shell-command-line
- /data/local/tmp/frida-server-16.1.4-android-arm64
- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)
# Unanswered question: What the hell is "jtcb.sdylj.axpa" running as root? Seems to have been dropped around the same time...
Have fun!
Misskeyサーバーのメモリ使用量半分くらい減らせる可能性が出てきた
내가 가전제품회사였으면 지금 빨리 가습기에 이름을 아나따라고 붙여서 출시할 것이다...
OpenAI has experienced a data breach. Any user who utilized their API services should assume that personal data, including their name, location, user ID, and other details, is now in the possession of the hacker
"90% unseres BIP basiert auf Schutzgelderpressung."
Tidnw j'ai rêvé que faute de budget, le CNRS était aboli.
Tidnw j'ai rêvé que faute de budget, le CNRS était aboli.
커밋 이력 싹 지우고 자기 커밋으로 만든거봐 ㅋㅋㅋ 이사람 git도 안 쓴다는거 아님? 어케 믿지..
RE: https://qdon.space/users/yumeka/statuses/115620316612841830
옳은 비판도 SNS에 하면 싸불로 변질될 가능성이 있다는 사실은 사람들이 일부러 무시한다
바수키는 플랫폼 내 아동 성범죄자 문제를 묻는 질문에 “반드시 문제만은 아니며, 기회일 수도 있다”고 답해 비판을 받았다. 이어 진행자가 지적하자 그는 불편한 기색을 보이며 대화를 돌리려 했다. 수정 2025-11-26 오전 3:14:09 www.edaily.co.kr/News/Read?ne...
[美특징주]로블록스, CEO 인터뷰 논란에 하락… 아동...
[속보] 검찰, 국힘 '국회 패스트트랙 충돌' 1심 결과에 항소 포기
www.yna.co.kr/view/AKR2025...
[속보] 검찰, 국힘 '국회 패스트트랙 충돌' 1심 결...
[속보] 검찰, 국힘 '국회 패스트트랙 충돌' 1심 결과에 항소 포기
송고2025-11-27 16:27
www.yna.co.kr/view/AKR2025...
[속보] 검찰, 국힘 '국회 패스트트랙 충돌' 1심 결...
GPT왜 진짜 짜증나게 맨날 수학 틀리냐???
depol
und des Familienbenutzers, äh, ...versorgers, äh, ...oberhaupts
아 그 GPT한테 고마워하는 만화를 어디서 봤었지 못찾겠다
Epstein-Files, Joscha Bach, 39C3
(1/23)
Ja, die Joscha Bach/Jeffrey Epstein Mails sind ein gigantischer Skandal.
Die Verbindung Bachs zu Epstein sind aber schon viele Jahre zuvor bekannt gewesen.
Warum wurde Bach zum 37C3 und 38C3 als Speaker eingeladen?
Ich finde ich es wichtig, dass sich das Content-Team der letzten beiden Congresse (37C3/38C3) sowie des kommenden #39c3 sich diesen unangenehmen Tatsachen stellen sollte.
Ein Thread. 🧵
+Quellenverzeichnis
Fascinating tech, but 2400°C molten tin just sounds scary.
악몽 꿨는데 악몽 치고는 귀여운편 아닌가 뭐랄까 일차원적인
✍️ New post showing how to implement HTTP Bearer authentication in Django.
No need for a heavyweight framework: you can write token-based auth for a small API in just a few lines of code, for which this post shows a reusable decorator.
https://adamj.eu/tech/2025/11/25/django-bearer-authentication/
Django: implement HTTP bearer authentication - Adam Johnson
HTTP has a general authentication framework that defines a pattern into which various authentication schemes can fit. Clients may provide an authorization request header that contains a credential. If authorization is missing or invalid, the server may respond with a 401 (Unauthorized) status code, including a www-authenticate header advertising what authentication schemes are supported. Otherwise, the server can respond with the authenticated resource.
adamj.eu
Link author: 
Adam Johnson 
@adamchainz@fosstodon.org
Misskeyサーバーのメモリ使用量半分くらい減らせる可能性が出てきた
8️⃣ Here's the 8th post highlighting key new features of the upcoming v259 release of systemd. #systemd259 #systemd
systemd-modules-load.sevice is an early-boot service that loads a list of kernel modules into the kernel that is configured via /etc/modules-load.d/ (and similar dirs under /usr/ + /run/ as usual). It's half a legacy feature, because nowadays kernel modules are generally auto-loaded based on "modalias" information they expose, which binds them to certain hardware vendor/product …
"요즘 누가 강의 듣나요" 학생들 돌변…대학가에 무슨 일이
수정2025.11.27 15:11
AI가 '대신 듣는' 시대…대면 교육 위기
암기식 시험 치르는 교양 수업서 두드러져
학생들 사이서 족보 대신 녹음본 거래도
"대학가 AI 과도기 봉착…가이드라인 시급"
www.hankyung.com/article/2025...
"요즘 누가 강의 듣나요" 학생들 돌변…대학가에 무슨 ...
上向きフリーレン描いた #イラスト
로블록스, CEO 인터뷰 논란에 하락
www.edaily.co.kr/News/Read?ne...
바수키는 플랫폼 내 아동 성범죄자 문제를 묻는 질문에 “반드시 문제만은 아니며, 기회일 수도 있다”고 답해 비판을 받았다.
[美특징주]로블록스, CEO 인터뷰 논란에 하락… 아동...
There's a nasty #OpenSource #SupplyChain worm going around named Shai-Hulud. It's also capable of exposing some projects' long-lived PyPI API Tokens. Read more on what's happening, and what you can do to protect your projects.
TL,DR: Adopt Trusted Publishing 🔐🚀📦
OH: "Ich guck mir das Rechenzentrum an, schau ob die einen Feuerlöscher haben"
Wie putzig. 🙃
개인 맵 Private map을 가질 수 있고, 연인, 가족이나, 지도를 공유하면 좋은 동호회(낚시, 캠핑, 라이딩...) 분들이 공유할 수 있는 맵으로 쓸 수도 있습니다.
맵에 아무나 읽을 수 있는 권한을 주고, 블로그나, 회사 페이지 등에도 임베드할 수 있습니다.
아직은 UI가 심히 엔지니어 손 맛인데, 계속 고민하고 있습니다.
病院にゃう
4번째 누리호, 역대 최다 13기 위성 탑재···‘우주 손님’ 면면은?
www.khan.co.kr/article/2025...
"누리호에는 초소형 위성(큐브위성) 12기도 실렸다. 초소형 위성 동체는 ‘007 가방’ 크기를 넘지 않을 정도로 작다. 중량도 2~20㎏ 수준으로 가볍다. 하지만 우주에서 구현하고자 하는 기능은 눈길을 사로잡는다. 특히 주목되는 것은 인하대 연구진이 개발한 ‘인하 로샛’이다. 인하 로샛은 돌돌 말거나 풀 수 있는 세계 최초의 초소형 위성용 태양전지를 탑재했다. 바로 ‘롤러블 태양전지’다."
4번째 누리호, 역대 최다 13기 위성 탑재···‘우주...
ich habe ein selbstpferdgefühl wie ein esel
しゅいろ
Richard "RichiH" Hartmann
Chao-c'
Paolo Melchiorre
bgl gwyng
MJ+