Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
I love the Mac but recent changes, idiotic Liquid Glass and a company that has lost it's way has made me never want to upgrade to Tahoe. So, I think 2026 is the year of Linux for me. In a few months I will be "in between" projects so this might be a good time to change. The big issue is a C++ IDE. I'll give JetBrains a good try. I hear mixed things.
This time for sure!
Non-privacy advocates say "I haven't got anything to hide. Have you?"
That's the wrong end of the stick. It isn't *what* is known which is the problem, so much as *who* knows it, and whether they have goodwill towards you.
Governments are supposed to have goodwill towards you, but at best, they have indifference. Corporations declare that they have goodwill towards you, but they are lying; they have the same amount of goodwill towards you as a fox has to a chicken.
>systemd v256 automatically runs sshd listening on a vsock interface in the global network namespace
>The official way to disable this behavior requires appending "systemd.ssh_auto=no" to the kernel boot line.
??? on the *kernel* command line? who thought this was acceptable??????
@nuintariThe Psychotic Network Ferret It was 2006, I think (or 2007 at the latest), and I went with a colleague to a company - the same one that, incidentally, gave us some decommissioned Digital AlphaStations. They showed me a machine (not connected to the network, obviously) that they were still using for payroll. I couldn't quite tell what it was exactly, but it was some kind of Unix system and it had been rebooted for the last time... in 1986.
I believe it’s the longest uptime I’ve ever seen.
January in Montreal is a time that people can ask you things like "Would it kill you to leave the house and go pick up groceries?" or "Would it kill you to step out and take the recycling to the curb?" and you can honestly answer "YES PROBABLY"
It's time to push this over the finish line https://github.com/kean/Nuke/pull/802. I'm going to do a final pass and see how "approachable concurrency" affects it.
실례지만 왜 여권을 2개 이상씩이나 갖고 계시는 거죠...?
It's hard to justify webpage snowflakes. 🤪
지금 이시간 가내 털공주
길가다 본 벨벳질감 고양이
X blames users for Grok-generated CSAM; no fixes announced
Link: https://arstechnica.com/tech-policy/2026/01/x-blames-users-for-grok-generated-csam-no-fixes-announced/
Discussion: https://news.ycombinator.com/item?id=46503199
@puppygirlhornypost2Amber I quote words written by anime girls
RE: https://transfem.social/notes/ah5221v3kkcv0bzv
pilfered from around the web
<공지>
더 버지 등의 취재 결과 이 게시물은 AI 생성된 거짓 내용이고 작성자가 제시한 사원증, 내부 문건 역시 AI로 생성된 가짜임이 밝혀졌습니다.
www.theverge.com/news/855328/...
RE: https://bsky.app/profile/did:plc:eeffxw7sfmqw2rv2cgi3uj3l/post/3mbjd6n7ryc2j
That viral Reddit post about f...
How Y Combinator made it smart to trust founders
Link: https://elbowgreasegames.substack.com/p/when-good-actors-can-trust-each-other
Discussion: https://news.ycombinator.com/item?id=46501677
I worry she watches too much TV.
But when I buy her a book, she refuses to even try it.
Marius replied to the below article:
Marius @Marius@marius.federated.id
The way GoActivityPub services function at the moment in respect to having any maintenance tasks performed by the site operator is by using a “control” binary that sends a signal to the server and then effectuate the changes.
The main reason for this method is that we treat our storage backends as not supporting multi process access (for most this is not a requirement, but it’s better to be safe than sorry) and we need to interleave the normal operation of the service with the maintenance tasks.
This is not a great solution as signal passing isn’t very efficient, it isn’t very pretty - we need to send two signals, one to lock and one to unlock storage. Additionally, while the maintenance task is running, the users are faced with an out of order response because the service’s storage backend is no longer available. If the signals fail to be processed correctly for some reason, the server can remain in an inconsistent state that needs further handling. Overall not a very robust and user friendly user experience.
So, in order to change this, I want to introduce a method I cribbed from Stegodon’s implementation, which uses an SSH server where a user (or a script) can authenticate and run commands exposed by the custom implementation.
So I’m thinking to expose the existing commands of the control binary as commands in a REPL environment, or eventually, a TUI (for which we already have some elements up and running)
The end result would be that a site operator can ssh at a specific address for the server, a Bubble Tea interface would pop up and they would be able to run commands in a REPL environment or, in the case of the TUI, be presented with it directly.
This environment would fully run in the same process as the service itself, so no more need for interleaving access to the storage backend, decreasing friction for both operator and users.
marius shared the below article:
Marius @Marius@marius.federated.id
After a couple of days percolating the idea, I made a couple of improvements to the tooling around #GoActivityPub services towards the goal of having a cool SSH based admin interface for them.
The first one was to add support for running the SSH server in parallel to the HTTP one, and respond to the same logic for starting and shutting down. This led to a refactoring the HTTP server initialization that was part of the signal wrapper module into its own separate module.
Before moving to an actual REPL interface I have added a basic middleware for Wish to handle commands passed through the ssh connection. The difficult part was to actually interface the existing types I was using for CLI commands, on top of Kong with the ssh middleware, which by itself was trivially simple. This led to quite a heavy refactoring of the packages, forced by Go’s prohibition of dependency cycles.
In the end it’s possible to pass a command to the ssh connection and it gets executed just as if it was run through the control binary on the host machine.
Another largish change this required was into passing io.Writer (and soon io.Reader) instances that corresponded to the output and error outputs (and soon input like I said). This was needed because by default commands executed by Kong use the default standard os.Stdout and os.Stderr and the commands themselves output text. This needs to get refactored into something better but for now it’s workable. So now we can pass the PTY from the ssh session to the commands and output gets sent to the correct place.
One downside to all of this, besides the forced package refactoring, is that the dependencies for the FedBOX service, which is the main place where I’m testing all of this, have increased somewhat with the inclusion of the Charm and Wish related modules. At least I added all this functionality behind a build tag.
To give an idea about what this allows me to do is that now I can operate the production, erm, testing, FedBOX server directly from my machine without needing to ssh to the box that hosts it just by configuring my local ssh client to use the host machine as a jump server:
초무
Host admin.fedbox
# Currently we use the full IRI for the Service actor
# of FedBOX as a user
User https://fedbox.example.com
# The private key extracted from the Service actor
IdentityFile ~/.ssh/admin.fedbox.example.com
# The host server
ProxyJump example.com:22
# The local address on the host for FedBOX SSH
Hostname 127.0.0.1
# The local port on the host for FedBOX SSH
Port 40022
To run a command now I just need to do the following:
$ ssh admin.fedbox oauth client list
0 beefaa5a-d00d-4767-94d9-f00ba4d6396d - http://127.0.0.1
1 18e8beef-1d2e-449d-a4d6-5f507f00bac1 - https://client.example.com/callback
Commodore Disk Drive Becomes General Purpose Computer
https://hackaday.com/2026/01/05/commodore-disk-drive-becomes-general-purpose-computer/
We went on a family walk
あめー
“Screw this, I’m going back indoors.”
起きてたけど 
We are matching $5000 due to a generous donor!! So your impact can be huge. Give to support many families struggling through a severe winter in Gaza. They need medicine, warm blankets and clothes, and food.
I worry she watches too much TV.
But when I buy her a book, she refuses to even try it.
아니 뭐 나도 클린한 인간은 아니라 누굴 비난하고 그럴 류는 못되는데.. 그래도 보이는 데서까지 추해지진 말아야지 싶은거ㅇㅇ 전기세 오른다고 하면 극빈층 생존 걱정보다 한전 주식 이야기부터 하는 부류 종종 봐서 좀 그러함.
<공지>
더 버지 등의 취재 결과, 해당 레딧 게시물을 쓴 사람이 증거로써 제시한 사원증, 내부 문건이 AI 생성된 것으로 밝혀졌으며, 이 사실에 대해 질문하자 연락망으로 쓰던 시그널 계정을 삭제함.
위 레딧 게시물 역시 AI로 생성된 가짜로 판명됨.
www.theverge.com/news/855328/...
That viral Reddit post about f...
내가 받으면... 난 막내니까 받으려면 조카들한테나 받을텐데 진짜 표정관리만 겨우 하면서 "아유 진짜 다 만들었어? 고생했네" 하고 등 토닥여주면서 누나한테 눈빛으로 '이거 뭔데 왜 나한테 이런걸 주는 건데' 할 것 같음 누나들은 '걍 좋다고 해 분위기 망치지 말고' 이러고ㅋㅋㅋㅋ 그러고 그냥 본가 창고에다 가져다 둘 듯... ㅈㅅ...ㅋㅋ...! 근데 내 주변에 두면 떨어트려서 부숴먹을 확률이 더 큼 걍 손 안 닿는 곳에 두는 게 낫지ㅋ
@pauloxPaolo Melchiorre it has been suggested that your team may have gotten funding from odoo (an open source ERP written in Python).
Any input? I ask because I'm somehow surrounded by billboards from them (in the 3rd most populous county in the 3rd most populous nation in the world) and I've never heard of a sponsorship from them at PyCon US, DjangoCon US or any regional Python conferences.
https://mastodon.social/@EmmaDelescolle/115841531272718702
"However, if you scoff at the idea that one should have any ethical boundaries at all, and think that there’s no reason to care about the overall utilitarian impact of this technology, that it’s worth using no matter what else it does as long as it makes you 5% better at your job, that’s sociopath behavior."
https://blog.glyph.im/2026/01/how-to-argue-with-me-about-ai.html
@catsaladCat 🐈🥗 (D.Burch) 
"oh shit, there's a massive leak under the boiler" gets my boyfriend EVERY time I buy leaks.
https://www.reddit.com/r/funny/comments/2ii1rw/coworker_came_running_into_my_office_and_said/
There's a leek in the boat! AHHHHHH!
@ret @catsaladCat 🐈🥗 (D.Burch)
A quick post on some fun I had redesigning (again) my personal website using an AI agent.
https://wsvincent.com/new-year-new-website-design/
We all need fun projects to hack on that have some meaning, but not so much that we could truly mess things up!
Just to be clear:
This is not just because somebody at Hilton Corporate has a stellar conscience. I mean, somebody there very well might — but that is not the reason for this. Corporations are by and large amoral actors even when the individuals within them are not.
This is surely because of activists banging pots and pans and drum kits outside the Hilton where ICE agents in MSP were staying, making the hotel a nightmare for everyone staying there and thus losing Hilton business.
Keep it up, activists!
hey, listen! 🦋
So Stefan has been working on something regarding the #mansplaining and general passive aggressive racism. Please pay attention to this.
From: 
@stefanStefan Bohacek
https://stefanbohacek.online/@stefan/115838969201343832
This is the gold standard for about-the-author photos
🧵 My sense of justice was triggered by #Palantir corporate gaslighting two Swiss investigative journalists on LinkedIn.
This is something most people won’t even see, but I was angry, so I looked while my kid was still asleep.
Here’s what it looks like when tech bros attack journalists while you and I have too much food over Christmas.
Two Swiss journalists spent a year filing 59 #FOIA requests to document Palantir’s 7-year campaign to sell surveillance software to Swiss authorities (army and health services in particular).
📄: https://www.republik.ch/2025/12/09/warum-palantir-zum-risiko-fuer-die-schweiz-wird
The Swiss army’s internal report concluded they couldn’t rule out US intelligence accessing data through Palantir systems, despite reassurances.
Their story hit The Guardian, and #UK MPs are now questioning £825M in Palantir contracts.
The journalists were rejoicing on LinkedIn. It’s a big deal to have your story picked up by mainstream UK media, especially after a year of hard work.
This is where it gets ugly.
Did you know it's been 2 years since SB17, #Texas' anti-DEI campus law went into effect?
I'm working on a survey of #LGBTQ+ orgs affected by this law, for The Barbed Wire. If you were part of, or know of a campus org that shut down or was forced to change goals due to SB17, please get in touch.
#education #LGBTQIA #news #culture #DEI #TXlege #queer #trans #journalism
"There’s a reason DHS and its counterparts keep getting humiliated in court when they pretend to be victims," FPF's Adam Rose told Straight Arrow News.
"They’re losing in front of juries, judges are calling them not credible."
https://san.com/cc/filming-ice-agents-is-a-first-amendment-right-so-why-might-it-land-you-in-jail/
This is the gold standard for about-the-author photos
작.누.는 주면 그래도 뭐 어디 이쁘게 둬서 장식품으로라도 쓸 것 같은데 큰.누.는 주면 진짜 어디서 먼지 쌓이고 있을 것 같음ㅋㅋ 엄빠한텐 주면 이거 할 시간에 일을 해서 돈을 벌어오라고 할 것 같고ㅋㅋㅋㅋ
If you think this is a niche #schweiz national interest story, think again, because Palantir are spreading their influence all over Europe.
Their software is used by ICE to track and deport migrants in the U.S., and in military targeting systems.
German civil society organizations are now citing the Swiss findings in their fight against Palantir’s expansion into German police forces.
Scrutiny is essential at this stage.
When journalists investigate and document *with proof*, the playbook comes out: Deny, obfuscate, claim they’re “misrepresenting” work that they don’t want scrutinized, mobilize the allies on LinkedIn, and bury critics in corporate double-speak.
Adrienne Fichter and Marguerite Meyer did excellent work. They deserve our support, not tech bros calling them “luddites” while Palantir rewrites what they actually reported.
I *will* repeat their names so they’re not just “some journalists” somewhere.
@adfichterAdrienne Fichter / https://www.linkedin.com/in/adriennefichter
@marguerite_jayMarguerite Meyer / https://www.linkedin.com/in/marguerite-meyer-a828539
Their investigation speaks for itself. So does Palantir’s response. That tells you everything you need to know about who’s operating in good faith.
What you can do:
1. Read the original investigation. Judge for yourself:
📄 https://www.republik.ch/2025/12/09/warum-palantir-zum-risiko-fuer-die-schweiz-wird
2. Support #InvestigativeJournalism. These reporters aren’t getting rich doing this work. They’re doing it because someone needs to document what powerful companies don’t want documented. A year spent in FOIA requests is not nothing.
3. *Do* pay attention to the LinkedIn drama
The tactic of replying to critical journalism where the general public won’t see is deliberate. They’re trying to discredit journalists among decision-makers and industry insiders. Make this stuff visible if you can.
4. Make your politicians answer questions about government contracts. If the Swiss said no NINE times after careful evaluation, why did the UK say yes? Who benefits from these deals? This matters for #DataSovereignty and national security.
Once again, support #InvestigativeJournalism. They are fighting battles most of us will never see.
Thanks for reading.
Matt Massicotte
Jan Lehnardt 
@
Jenniferplusplus
Wouter Tebbens ⁂
