Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.
This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.
We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.
| Field | Details |
|---|---|
| CVE | CVE-2025-68475 |
| Severity | High (CVSS 7.5) |
| Action | Upgrade to Hollo 0.6.19 |
Over 91% There! We're making great progress, please help us get there!
윈도 태블릿의 장점
원격 데스크톱으로 해상도 확장 가능
#misskey写真部 #photography
これは入曽に来て飲むべし!
となるものの一つのように感じた。
紙コップパッケージもう少しどうにかならんかなあ。
堀兼の石田園さんの抹茶だそう。
#大垣書店入曽店
7年以上前の記事だけど、「 #Vivaldi 
は結局 Chrome/Chromium だから」という話が最近 Firefox のバタバタの絡みで出てくるのを目にしてついこの記事を思い出した
VivaldiブラウザはChromiumで開発していますが、Chromeではありません | Vivaldi Browser
https://vivaldi.com/ja/blog/vivaldi-different-from-chrome/
Driving myself crazy trying to remember the name of a social media reader project. Things I (think I) remember about it:
1. Conceptually, it was basically an RSS reader but had the ability to aggregate social media sites that didn't use RSS.
2. It ran as a browser plugin, not a standalone app or website.
3. It had a very "a trans catgirl wrote this" name and aesthetic, that did not make it obvious what the project actually was. Think like "pink robot kitten explosion" except, like. Not that, obviously.
4. I've seen the engine (?) of it repackaged as a plugin/extension for other feed reader apps.
And yes I am aware the above sounds like a fever dream but I swear to gods this was (is?) real and did (does?) exist and, fedi, if there's one place on the internet that may be able to remember this for me wholesale, I believe it to be you. Halp?
Edit: Found it! Knew you'd come through, fedi!
Making great progress on the new #Pixelfed web redesign!
Nuxt is so heckin awesome 👏
A terminal emulator that runs in your terminal. Powered by Turbo Vision
Link: https://github.com/magiblot/tvterm
Discussion: https://news.ycombinator.com/item?id=46301847
speaking of shoulds, I've been occasionally tempted by the prospect of buying a Playdate. i'm sure some of you have been paying attention to it more than I am - is it a good gimmicky small game handheld?
maybe it should be whichever word instagram uses
Q: 누카-콜라에 한 표를 던집니다 #neo_quesdon
神戸関電ビル
2025/11/16 撮影
FUJIFILM X-A5+XC50-230mmF4.5-6.7OISⅡ
maybe “login” is another one
진귀한 것을 샀습니다
얼탱이가 없어서 기자사진도 지우고 링크도 안겁니다 ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ -_- 이 색기들이 진짜.
Women on the right are learning a hard truth. They are lionized when supporting the patriarch and obeying the party line.
But as soon as there’s any mold-breaking, the turn is incredibly rapid and vicious. There is no tolerance for disagreement.
https://www.nytimes.com/2025/12/13/opinion/gop-women-misogyny-problem.html?context=audio&smid=nytcore-ios-share
들인가...
One of my favorite OpenBSD features is its WiFi interface. No wpa_supplicant, etc. Just ifconfig. Once you learn how it works, it is almost second nature. Coffee shop or whereveer, it usually just works.
Fun fact: you can use the command "camcontrol inquiry" on FreeBSD to to find out the model and serial number of a connected hard drive
'소설은 AI가 썼다'
프롬프트는 뭐 조상님이 넣어 주셨대요?
RE: https://bsky.app/profile/did:plc:uabkr6tn7ru4b4e5e6udleuf/post/3mafzowcfyk2w
あと望遠で撮影できる機材が整ったので、オリオン座も撮ってみました。
#Misskey写真部
I read a post on the other blue hellsite about a migration from AWS to Hetzner. They now spend 48k instead of 420k. Nice.
But wait a minute. They say 200 concurrent users!
I don't know what that company does with those 200 users, but 4k a month at Hetzner? Even if we assume you could get away with 2k if you remove the redundancy, that's 30 really beefy bare metal machines. What work load do you have that you need to have a beefy bare metal machine for 7 users?
That's 3 cores per user!
家飲みのなにがいいかってゼロ秒で家に帰れるとこなんだよな(?)
New on Instagram: イシイさんで、買ってきたばかりの『マインド・エベレスト』を眺める。飲んでいるのは、Let’s Beer Worksのon my way to the moon。 https://instagr.am/p/DSe9kxuj6xQ/
早寝早起き民は そろそろ 寝る支度を始めます 
の 皆様も 
今日も 
では また明日ね 
유리히메 잡지 전자책 이전 시대는 나모리 정도 빼고는 표지 모아서 볼 기회가 없었는데 누가 블로그 글로 모아주지 않았을까~ 하고 검색하니까 마침 화보집이 나왔다.
color tools have such fun content to work with
For those of us tucked up warm inside, enjoy the virtual view #mountains from my archives
今年のインフルエンザ、2日くらい謎の体調不良を経たあといきなりバカ発熱したのでお気をつけて
💡 CSS Tip!
Two circles, one arrow, and CSS magic. 🪄
A cool demo packed with modern features (anchor positioning, attr(), container queries, shape(), and more!) 🤩
https://css-tip.com/connected-circles/
The shape and position of the arrow are fully controlled using CSS (Yes, there is a collision detection).
#매일전력한시간 토요일
어쩐지 요일 주제가 나오는 때마다 이 두사람으로 글을 쓰게 되는 것 같아요
비록 두번째지만...
*Dx3rd 「Storming Fairy」 PC2 시나리오 로이스 언급이 있습니다.
https://posty.pe/680dhx
@daily_1hour@uri.life매일_전력_1시간
うびびび
This is how I feel about Firefox too. There's no alternative. No, really, Librewolf is Firefox, who exactly do you think you're sticking it to? And Vivaldi is a proprietary browser built on Google's engine, you're sticking it to nobody but yourself. Oh, you're switching to Servo? Not this decade you're not.
Mozilla CEOs have always been incompetent, but there's no other alternative outside of the direct control of people who are many orders of magnitude worse. We support Firefox or we lose the web.
https://mastodon.gamedev.place/users/Doomed_Daniel/statuses/115747326352300042I don't think I'll stop using Firefox anytime soon.
Yes, their management are fucking idiots and it's annoying that I'll have to disable new AI features whenever they release them..
But the alternative is to use something Chromium-based, which would make Google's domination of web technology absolute - and Google is 100x more evil than Mozilla ever could be.
I hope this fucking bubble pops before Mozilla fucks up Firefox so badly that it becomes completely unusable
洪 民憙 (Hong Minhee) 
GENKI
JAYO♪ - Jaeyul Lee
Stefano Marinelli
かぼぷ
kazuhito
とるねど
🕊️
しゅいろ
Jan Lehnardt 
