What is Hackers' Pub?

@quincy I need a toot rebase!

Node.jsのセキュリティリリース、さらに延期されてるけど、年末年始の間にゼロデイになったりしないかちょっと心配ではある

로제 "히트곡 '아파트', 혼자 커서 하버드 법대 간 자식 같아" 송고2025-12-18 18:22 애플뮤직 '더 제인 로우 쇼' 출연…"인생 바꿔줄 노래라고 예감" www.yna.co.kr/view/AKR2025...

로제 "히트곡 '아파트', 혼자 커서 하버드 법대 간 ...

​​へようこそ！​​

消しちゃったので再掲 #しゅいろアート

爪切りもうした

„Jeder wird spüren, dass wir sparen“
(Klingbeil)

Wohl kaum jeder. Das Vermögen der Reichen steigt und steigt, bei grundsätzlicher Schonung.
Ich ahne schon, wer das spüren wird...

https://www.tagesspiegel.de/politik/jeder-wird-spuren-dass-wir-sparen-finanzminister-klingbeil-erwartet-sehr-herausfordernde-jahre-15061817.html

来週月曜冬至
その週終われば年末年始
2週間後には正月

………​​

Something that hasn't been made clear: Firefox will have an option to completely disable all AI features.

We've been calling it the AI kill switch internally. I'm sure it'll ship with a less murderous name, but that's how seriously and absolutely we're taking this.

…

AP multi-parent posts / toots when?

to gather conversation threads

right now, they can only fray, not merge

이불 밖은 위험해

:bagpipes:

#MissingEmoji #Emoji

Warteschleife in Form eines Möbiusbands

Dudelsackmusik für Ihre Warteschleife 🎶

As @FreddieJFreddie Johnson comes to the end of his time with the Newsmast Foundation team, we'd like to take a moment to celebrate all he's achieved.

Freddie has been with us since the start, from the original idea and through the many evolutions that have grown Newsmast.

Instrumental in building our relationships with others in this space, he has helped build the Foundation into what you see today.

We really hope that Freddie will stay involved in the Social Web, especially in areas of advocacy and policy where he excels.

But, for now, we just want to say a huge thank you 🧡

#ThankYou #SocialMedia #SocialWeb #Fediverse #Mastodon

Ich bin die #Warteschleife ♾️ 🎶

https://inv.nadeko.net/watch?v=uPAt4Rh6tkM

新しみ

気づけば今年もあと6営業日

OpenSSH runs a large number of tests via Github Runners, both Github supplied ones on a public repo, and on selfhosted runners on a private repo. The latter covers a bunch of platforms Github doesn't support, and is private not because we don't want it accessible (in fact we would prefer it be public) but because as far as we can tell, making it public would represent a significant security risk.

Github have announced that they will begin charging per-minute fees for Github Actions self-hosted runners starting next year. These fees apply only to runners on private repos, but "actions will remain free in public repositories."[0] This is going to be a significant problem for us.

Github's own documentation points out allowing selfhosted runners on public repositories is unsafe, because it's a potential remote code execution vector via running arbitrary workflows in modified pull requests:

"As a result, self-hosted runners should almost never be used for public repositories on GitHub, because any user can open pull requests against the repository and compromise the environment."[2]

There are some controls[1], but the documentation on them doesn't exactly instill confidence (emphasis on the weasel words added):

"Anyone can fork a public repository, and then submit a pull request that proposes changes to the repository's GitHub Actions workflows. [...] To *help* prevent this, workflows on pull requests to public repositories from *some* outside contributors will not run automatically, and *might* need to be approved first. Depending on the "Approval for running fork pull request workflows from contributors" setting, workflows on pull requests to public repositories will not run automatically and *may* need approval if: The pull request is created by a user that requires approvals based on the selected policy.[or] The pull request event is triggered by a user that requires approvals based on the selected policy."

All of this uncertainty could be addressed by completely disabling pull requests on a repo, but while that has been requested many many times over the course of a decade([3] [4]), this is still not possible.

It *is* possble to *temporarily* disable pull requests on a repository via Interaction Limits[5], but using this as a security control that (silently?) fails open after some amount of time is problematic to say the least. The required functionality is almost there, it just needs a "forever" option.

So, in summary: self-hosted runners remain free as long as you run them on public repos, which you shouldn't because it's unsafe, unless you also disable pull requests, which you probably can't.

[0] https://resources.github.com/actions/2026-pricing-changes-for-github-actions/
[1] https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#controlling-changes-from-forks-to-workflows-in-public-repositories
[2] https://docs.github.com/en/actions/reference/security/secure-use
[3] https://github.com/orgs/community/discussions/8907
[4] https://github.com/dear-github/dear-github/issues/84
[5] https://docs.github.com/en/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository

If you're in STEM, at what level did you first get taught ethics (in general, and as specifically relevant in your field)?

Mastodon only allows 4 poll choices so please write in the comments if these choices don't cover you.

#Ethics #Science #AcademicChatter #STEM

생각해보면 이렇게 사제끼면서 공부하는데 만화를 하고 싶은 건 맞는 것 같긴 해

レポート課題をしばきました

아미가 아무거나 말도 안되는 양자택일 자주 묻고 다닌댔는데, 릭한테도 저거 물어보면 좋겠땈ㅋㅋㅋㅋㅋㅋㅋㅋㅋ
릭릭, 렉누 vs 불닭
...(하늘을 우러러보기)
대답~
하.......하나 택해야하나요. 꼭?
응!
...불닭. 그건 어레인지라도 되지...렉누 그건 구제가 안 돼(지나가던 힐데 : 아 왜 그러세요!)

Irgendwie seid ihr Tröties immer mit dabei…

#plushtodon

Gibts hier paar Ost West Beziehungen/Ehen?

Ich liebe einfach diese Geschichten, also haut mal raus 😍

#ostwestbeziehung #ostwestehe

Neutrino Transmutation Observed For the First Time

https://hackaday.com/2025/12/18/neutrino-transmutation-observed-for-the-first-time/

アンチ絞り開放戦線みたいな名前のアメ車あったな

@LijoInspektionsleiterin Lijo 🌱 Ich korrigiere das mal:

"Es ist davon auszugehen, dass eine Person, die drei Termine beim Jobcenter nicht wahrnehmen kann, ernsthaft Hilfe braucht."

Grüße von einer bipolaren Frau, bei der durch Hartz IV eine Depression getriggert wurde und die ohne ihre WG-Mitbewohnerin zu oft nicht in der Lage gewesen wäre, zu einem Termin zu erscheinen.

​​ ​​

졸리다

아빡쳐

양배추랑 당근 익힌거 잘게 잘라서 사료랑 같이 줘봤는데 싹 비웠네 그래 덩 말고 이거 먹어

ちょっとうさ子と遊んでた

​​遊んであげまシタ​​​​

죽여야 할 상황에서 '공짜로' 살려주니까 무적인줄 아는 것 아닌가. 살려준 대가를 제대로 챙겼어야 했다. 그야말로 국유화쯤은 했으면 이야기가 달라졌을 거다 (반비아냥).

​​​​

Zoveel hartjes voor Teen Vogue
https://infosec.exchange/@codinghorror/113885527573067117

내일 일을 오늘 걱정하지 마라.

어제의 비로 오늘의 옷을 적시지 말고
내일의 비를 위해 오늘의 우산을 펴지도 말아라.

남자프로농구 최초 ‘여성 심판’ 두 명이 한 코트에 섰습니다. 남자프로농구 출범(1997년) 이후 여성 심판이 등장한 것은 2007년이 처음인데요. 2017년부터 여성 심판 두 명이 존재했으나, 두 심판이 한 경기에 배정된 것은 이번이 처음입니다.

KBL 최초로 ‘여성 심판 2명’ 한 코트에…“당연하게...

🦊 Firefox 146 is out! What's new:

• Inspector: auto-hides unused CSS custom properties
• contrast-color() + text-decoration-inset support
• scope enabled by default
• WeakMap/WeakSet now accept Symbol keys
• WebDriver BiDi upgrades

Release notes 👇
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/146

𒂗

Reading: en
Meaning: lord

#cuneiform #sumerology #civilisation #Sumer #learning

I submitted my PyCon US 2026 talk proposal this morning. Not quite as early as I had hoped, but one day ahead of the deadline is better than the last day. :)

If you're considering a proposal, please make the time today or tomorrow to submit it! Talking at PyCon is always a great experience; you really can't find a more supportive and welcoming audience.

#Python #PyConUS

Here's a neat quick terminal tip! 🐧

Follow us for more! ♥️

#linux #debian #ubuntu #tip

혹자는 당시의 [XX를 봐서 한 번 살려주마]가 완전히 틀리진 않았다고 할 지도 모르겠다. 나는 [당시의]의 조건을 붙여서만 부분적으로 고개를 끄덕일 것 같다. 그리고 지금 우리는 한정된 공적 자원을 거기에 차출해도 되는 상황이라고 생각하지 않는다.

Heute Abend ist zwar #vegan Stammtisch, aber vorher nix essen ist keine Option.

Schon leider deswegen nicht, weil die paar veganen Optionen im Restaurant teilweise für mich nix taugen.

Aber hey: endlich mal wieder Vegane live, in Farbe & mit bunt 🎉😁

Aber zurück zum Essen: es ist kalt & deswegen gibt's ein schnelles Reissüppchen mit Bimi, Karotte, Champignons & Tofupuffs.

#vegan #goVegan

Early birthday/Christmas gift to myself

#Gift #eBookReader #kobo

Interview: "Genocide is coded in the DNA of imperial powers."

"In the face of this murderous onslaught, how do we resist?

What are the mechanisms to fight back against a tide of rising authoritarianism?

Can we topple global ruling elites whole policies ensure collective suicide?"

https://chrishedges.substack.com/p/taking-power-amidst-the-turbulence

#GazaGenocide #USPol #Europol #Imperialism #Racism #Fascism #palestine @palestinePalestine_Group .

역시 탈게임 한 사람들 다 잘됐다.