Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
Q: 메우메우 #neo_quesdon
なるほど?BST
예를 들자면, non-synthetic한 디지털 데이터를 산출할 수 있는 장치 (디지털 카메라/캠코더 등)의 출력물이, 하드웨어 레벨에서 제조사가 당국에 등록한 암호화 키를 사용한 서명을 포함하는 포맷을 사용하도록 하는 것. 화상/영상 데이터가 이전까지 담보하던 실재성에 관한 신뢰성을 부족하나마 (이걸로도 legality로 끌고가는 것은 어렵기는 할 것) 보완할 수 있는 장치가 되지 않을까.
🟥 Folia's report on Tuesday's Higher Education Strike:
"the clearest thread running through the entire afternoon is the call on D66 to live up to its reputation as the education party"
#D66 #AcademicMastodon #AcademicChatter #Strike #WOInActie #Amsterdam #KabinetSlooptHogerOnderwijs #GeenBommenMaarBoeken #Jetten #RobJetten #DutchPolitics #FNV #AOb
余震?があったの?
イラストを出品しました。
https://auctions.yahoo.co.jp/jp/auction/x1211945211
よろしくお願いします🙇♂️
Today, with great trepidation, I'll update to Tahoe.
短かったけどそこそこわかるくらいには揺れた
Good news for Linux security! Rust in the Linux kernel is no longer experimental. it's now a core part of the kernel. It means stronger memory safety guarantees, which can mean better security, as Rust is designed with memory safety in mind. 👍
イラストを出品しました。
https://auctions.yahoo.co.jp/jp/auction/x1211945211
よろしくお願いします🙇♂️
今日のイタコ姉様
Today in #FreeSoftwareAdvent I'm thankful for the BSD projects, particularly FreeBSD & OpenBSD. Nothing against NetBSD or DragonflyBSD, I just haven't found a regular use-case for them in my day-to-day.
I recently wrote up¹ why/how I ended up on a mix of FreeBSD & OpenBSD after a long tenure with Debian since it drifted from the Unixy principles² I loved and grew up with.
bgl gwyng shared the below article:
洪 民憙 (Hong Minhee) @hongminhee@hackers.pub
If you've built CLI tools, you've written code like this:
if (opts.reporter === "junit" && !opts.outputFile) {
throw new Error("--output-file is required for junit reporter");
}
if (opts.reporter === "html" && !opts.outputFile) {
throw new Error("--output-file is required for html reporter");
}
if (opts.reporter === "console" && opts.outputFile) {
console.warn("--output-file is ignored for console reporter");
}A few months ago, I wrote Stop writing CLI validation. Parse it right the first time. about parsing individual option values correctly. But it didn't cover the relationships between options.
In the code above, --output-file only makes sense when --reporter is junit or html. When it's console, the option shouldn't exist at all.
We're using TypeScript. We have a powerful type system. And yet, here we are, writing runtime checks that the compiler can't help with. Every time we add a new reporter type, we need to remember to update these checks. Every time we refactor, we hope we didn't miss one.
The old guard—Commander, yargs, minimist—were built before TypeScript became mainstream. They give you bags of strings and leave type safety as an exercise for the reader.
But we've made progress. Modern TypeScript-first libraries like cmd-ts and Clipanion (the library powering Yarn Berry) take types seriously:
// cmd-ts
const app = command({
args: {
reporter: option({ type: string, long: 'reporter' }),
outputFile: option({ type: string, long: 'output-file' }),
},
handler: (args) => {
// args.reporter: string
// args.outputFile: string
},
});// Clipanion
class TestCommand extends Command {
reporter = Option.String('--reporter');
outputFile = Option.String('--output-file');
}These libraries infer types for individual options. --port is a number. --verbose is a boolean. That's real progress.
But here's what they can't do: express that --output-file is required when --reporter is junit, and forbidden when --reporter is console. The relationship between options isn't captured in the type system.
So you end up writing validation code anyway:
handler: (args) => {
// Both cmd-ts and Clipanion need this
if (args.reporter === "junit" && !args.outputFile) {
throw new Error("--output-file required for junit");
}
// args.outputFile is still string | undefined
// TypeScript doesn't know it's definitely string when reporter is "junit"
}Rust's clap and Python's Click have requires and conflicts_with attributes, but those are runtime checks too. They don't change the result type.
If the parser configuration knows about option relationships, why doesn't that knowledge show up in the result type?
conditional() Optique treats option relationships as a first-class concept. Here's the test reporter scenario:
import { conditional, object } from "@optique/core/constructs";
import { option } from "@optique/core/primitives";
import { choice, string } from "@optique/core/valueparser";
import { run } from "@optique/run";
const parser = conditional(
option("--reporter", choice(["console", "junit", "html"])),
{
console: object({}),
junit: object({
outputFile: option("--output-file", string()),
}),
html: object({
outputFile: option("--output-file", string()),
openBrowser: option("--open-browser"),
}),
}
);
const [reporter, config] = run(parser);The conditional() combinator takes a discriminator option (--reporter) and a map of branches. Each branch defines what other options are valid for that discriminator value.
TypeScript infers the result type automatically:
type Result =
| ["console", {}]
| ["junit", { outputFile: string }]
| ["html", { outputFile: string; openBrowser: boolean }];When reporter is "junit", outputFile is string—not string | undefined. The relationship is encoded in the type.
Now your business logic gets real type safety:
const [reporter, config] = run(parser);
switch (reporter) {
case "console":
runWithConsoleOutput();
break;
case "junit":
// TypeScript knows config.outputFile is string
writeJUnitReport(config.outputFile);
break;
case "html":
// TypeScript knows config.outputFile and config.openBrowser exist
writeHtmlReport(config.outputFile);
if (config.openBrowser) openInBrowser(config.outputFile);
break;
}No validation code. No runtime checks. If you add a new reporter type and forget to handle it in the switch, the compiler tells you.
Test reporters are a nice example, but let's try something with more variation. Database connection strings:
myapp --db=sqlite --file=./data.db
myapp --db=postgres --host=localhost --port=5432 --user=admin
myapp --db=mysql --host=localhost --port=3306 --user=root --sslEach database type needs completely different options:
Here's how you model this:
import { conditional, object } from "@optique/core/constructs";
import { withDefault, optional } from "@optique/core/modifiers";
import { option } from "@optique/core/primitives";
import { choice, string, integer } from "@optique/core/valueparser";
const dbParser = conditional(
option("--db", choice(["sqlite", "postgres", "mysql"])),
{
sqlite: object({
file: option("--file", string()),
}),
postgres: object({
host: option("--host", string()),
port: withDefault(option("--port", integer()), 5432),
user: option("--user", string()),
password: optional(option("--password", string())),
}),
mysql: object({
host: option("--host", string()),
port: withDefault(option("--port", integer()), 3306),
user: option("--user", string()),
ssl: option("--ssl"),
}),
}
);The inferred type:
type DbConfig =
| ["sqlite", { file: string }]
| ["postgres", { host: string; port: number; user: string; password?: string }]
| ["mysql", { host: string; port: number; user: string; ssl: boolean }];Notice the details: PostgreSQL defaults to port 5432, MySQL to 3306. PostgreSQL has an optional password, MySQL has an SSL flag. Each database type has exactly the options it needs—no more, no less.
With this structure, writing dbConfig.ssl when the mode is sqlite isn't a runtime error—it's a compile-time impossibility.
Try expressing this with requires_if attributes. You can't. The relationships are too rich.
Once you see it, you find this pattern in many CLI tools:
Authentication modes:
const authParser = conditional(
option("--auth", choice(["none", "basic", "token", "oauth"])),
{
none: object({}),
basic: object({
username: option("--username", string()),
password: option("--password", string()),
}),
token: object({
token: option("--token", string()),
}),
oauth: object({
clientId: option("--client-id", string()),
clientSecret: option("--client-secret", string()),
tokenUrl: option("--token-url", url()),
}),
}
);Deployment targets, output formats, connection protocols—anywhere you have a mode selector that determines what other options are valid.
conditional() exists Optique already has an or() combinator for mutually exclusive alternatives. Why do we need conditional()?
The or() combinator distinguishes branches based on structure—which options are present. It works well for subcommands like git commit vs git push, where the arguments differ completely.
But in the reporter example, the structure is identical: every branch has a --reporter flag. The difference lies in the flag's value, not its presence.
// This won't work as intended
const parser = or(
object({ reporter: option("--reporter", choice(["console"])) }),
object({
reporter: option("--reporter", choice(["junit", "html"])),
outputFile: option("--output-file", string())
}),
);When you pass --reporter junit, or() tries to pick a branch based on what options are present. Both branches have --reporter, so it can't distinguish them structurally.
conditional() solves this by reading the discriminator's value first, then selecting the appropriate branch. It bridges the gap between structural parsing and value-based decisions.
Instead of parsing options into a loose type and then validating relationships, define a parser whose structure is the constraint.
| Traditional approach | Optique approach |
|---|---|
| Parse → Validate → Use | Parse (with constraints) → Use |
| Types and validation logic maintained separately | Types reflect the constraints |
| Mismatches found at runtime | Mismatches found at compile time |
The parser definition becomes the single source of truth. Add a new reporter type? The parser definition changes, the inferred type changes, and the compiler shows you everywhere that needs updating.
If this resonates with a CLI you're building:
conditional() referenceNext time you're about to write an if statement checking option relationships, ask: could the parser express this constraint instead?
The structure of your parser is the constraint. You might not need that validation code at all.
Absolutely smashing their goals, the KDE team have managed to have a huge success for the 2025 fundraiser that's currently ongoing.
https://www.gamingonlinux.com/2025/12/kdes-2025-fundraising-has-been-a-huge-success/
弱いけどまたゆれゆれ
寝ますか
yure
auspol
You know Australia, there were easier ways to ensure every teenager has a VPN.
🖌 저거 어디가야 구하는겨(희번득
🖌 늘 강조하는 말이지만 '경제' 딱지 붙이고 있는 자칭 언론들은 걸러도 사는데 하등 지장 없는 찌라시들입니다 ㅇㅇ
이곳은 제주도에서 제가 가장 좋아하는 해산물 식당입니다. 🐟🦀🤤
[네이버지도]
고돔
제주 제주시 테우해안로 148 지하1층
https://naver.me/5Otdddt0
가게에서 본 무선마우스인데 파괴적으로 귀엽다...
밥도 먹었고..
Doing research for our new 🇪🇺 #EU #NationalSecurityStrategy Turns out Sexy Patrick Bateman doesn't even need us to run weapons for the Résistance, though I'm sure France can help him smuggle whatever bits and bobs they might need. Europeans would also not need to spend anything on brigades of little green ENBYs to infiltrate and control polling stations, Californians would secede for free.
In conclusion, we could dismantle the US on the cheap. #DonbassifyIt Will circle back with maps.
🖌 늘 강조하는 말이지만 '경제' 딱지 붙이고 있는 자칭 언론들은 걸러도 사는데 하등 지장 없는 찌라시들입니다 ㅇㅇ
정부가 인공지능 기반 생성물 표시를 의무화하는 ‘인공지능 생성물 표시제’를 사업자뿐 아니라 포털·플랫폼·게시자에게도 적용하는 법 개정안을 추진하기로 했습니다. 개정안에는 인공지능이 만든 ‘가짜 전문가’가 나오는 식·의약품 광고 행위를 금지하는 대책도 담겼습니다.
‘AI 생성물 표시제’ 내년부터 포털·플랫폼·게시자에 ...
I'm against banning social media for under 16's. Just outright banning doesn't make something unavailable - just unregulated and not monitored. Alcohol and vapes are still common among under 16's - especial those that are vulnerable.
I am for under 16's not being allowed on corporate socials though - as they are toxic places which do provably screw with brain development in youth - because of that algorithmic nature.
I am considering pitching an idea to a local established non-profit that I sometimes work with, who run a number of local youth clubs across the region.
It is an idea of setting up a fediverse instance for 11-15 year olds. An account can only be made in person alongside being a member of a youth club -with parent / guardian consent.
It will not be federated to the general social web, and begin as a self-contained bubble - but with the idea of other regions creating the same thing and federating together.
It would be moderated by the same volunteers / employees that run the youth clubs and social services - who are fully vetted, and follow the protocols - which already also includes moderating each other.
Perhaps even somehow make it so the kids can't post on it during school hours, and after, perhaps, 10pm?
There would of course be a set of standards expectations, or community codes of conduct, like here in the Fedi. Perhaps also running regular fun things too, that get kids thinking creatively (like what happens at the clubs anyway).
There are of course many many issues with this idea, and I can't see it actually happening just like that.
Not only is there unlikely the right fedi project to accommodate needs, but things like the online safety act potentially blocking the ability to create safe community based social networks for youth. And I'm sure there are many other issues as to why this idea might not work either. Like, what happens when someone turns 16? Are they just kicked off?
However, I do know that corporate socials are bad - but not providing good safe alternatives when attempting to protect children, actually makes them more vulnerable and unsafe. We need a way to embrace them, not outcast them.
#socialban #socialmedia #fediverse #activitypub #youthwork #onlinesafety
pet death, ---
I'm sad to say we lost Willoughby yesterday.
Rats know they are prey animals. They hide weakness until they can't. Willoughby was having trouble breathing Monday night. We rushed him to the vet Tuesday morning. An X-ray showed that he had advanced lung cancer. We had to let him go.
If you sponsored n4sa2e, you got Willoughby's portrait on your challenge coin.
正確にはASTIAとPROVIA400Xは各一本だけ冷蔵庫に眠っている…多分、永遠に…
Blobcat / Aの一角が気づいたらすごい密度になっててウケた
あたまかちわれてる
にゃんこになりたい
にゃーん
Q: 동대구구구구구구 비둘기야 먹자~ #neo_quesdon
질문자:
@thx@mustard.blog상어학산타 
A: 동대구역 승강장에는 비둘기 먹이 금지 표식이 걸려 있습니다... 먹이를 줄 경우 과태료 대상이 될 수 있고
사실 그러지 않아도 비둘기는 지나가는 행인을 직접 사냥해서 배를 충분히 채울 수 있기 때문에 인위적으로 모이를 줄 필요는 없다고 하네요
https://neo-quesdon.serafuku.moe/main/user/@nulta@mi.rerac.dev/cmj04kuoy1b5zo60j71b7ctek
#neo_quesdon
React2Shell 취약점을 북한이 사용하기 시작했다.
@securityaffairs https://infosec.exchange/@securityaffairs/115695813965149587
[속보]쿠팡 노조, 본사 기습 진입 시도 중 경찰과 충돌·다수 연행···“김범석 의장이 책임져야”
www.khan.co.kr/article/2025...
"공공운수노조 쿠팡물류센터지회 관계자들은 10일 오후 쿠팡 본사 앞에서 기습 시위를 벌였다. 이들은 쿠팡 측이 노조와 단협을 체결해 노동자들의 휴게시간을 보장하고, 최근 발생한 쿠팡 개인정보 유출에 대해 김범석 쿠팡 의장이 책임을 져야한다고 요구했다."
[속보]쿠팡 노조, 본사 기습 진입 시도 중 경찰과 충...
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
https://securityaffairs.com/185538/apt/new-etherrat-backdoor-surfaces-in-react2shell-attacks-tied-to-north-korea.html
#securityaffairs #hacking
ㅇ ㅠㅇ
ASTIA100FもPROVIA400XもSensiaⅢ100もワシを置いていってしまった…
ぶかぶか
Xマウントを買えばもれなくASTIAがつかえますよ
i like gary de'snake then pawbert lol
edit: lang to en
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
https://securityaffairs.com/185538/apt/new-etherrat-backdoor-surfaces-in-react2shell-attacks-tied-to-north-korea.html
#securityaffairs #hacking
MJ+
𒁹𒀭𒌍𒋾𒀀𒅆
Shye 
🇬🇧
🕊️ 
