Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
Novo Nordisk launches Wegovy weight-loss pill in US, triggering price war
Link: https://www.theguardian.com/business/2026/jan/05/novo-nordisk-launches-wegovy-weight-loss-pill-us-price-war
Discussion: https://news.ycombinator.com/item?id=46503554
So, you want to chunk really fast?
Link: https://minha.sh/posts/so,-you-want-to-chunk-really-fast
Discussion: https://news.ycombinator.com/item?id=46501665
RE: https://mastodon.social/@eunews/115842737580067593
This is all very concerning I know - I just need some levity and this flashback brought me a smile I thought I would share:
To me that phrase said by Tusk belongs not to Dumas' Three Musketeers books, but to the anthropomorphic dog version, Dogtanian:
"One for all and all for one,
Muskehounds are always ready.
One for all and all for one,
Helping everybody."
https://youtube.com/playlist?list=PL_QGcqw1GW_UWBGJXNAhon8khXpB4Sjqi
Anyone using Cloudflare as a domain name registrar?
I went to try them. It seems impossible to transfer in a domain without hosting your DNS with Cloudflare.
I have my own name servers. I don't need theirs.
pilfered from around the web
Microsoft's CEO is really sad we keep using the word "slop":
https://futurism.com/artificial-intelligence/microsoft-satya-nadella-ai-slop
So, which one is it going to be?
@catsalad@infosec.exchangeCat 🐈🥗 (D.Burch) 
@BardBard 
@yassie_j@labyrinth.zone:baba_yaseen: :agenderFlag: :transgenderFlag: this is revenge for my cucumber post isn't it
London tonight - 2,000 people outside Downing Street tell prime minister Starmer to condemn Trump's war crimes in Venezuela.
Thread: 1
🤘 New episode of Changelog News!
Brian Guthrie lists his seven rules for moving faster in software, Continuous-Claude-v2 is a context management system for Claude Code, Gas Town is Steve Yegge's multi-agent orchestrator for Claude Code, Paul Dix sees a great engineering divergence in 2026, and Mattias Geniar thinks web development is fun again.
@inthehandsPaul Cantrell Oh, that makes sense. I figured it was because they were worried that their employees would wind up deported and they'd have trouble getting new ones, and was surprised that a large corporation would have that much foresight
@Canageek @inthehandsPaul Cantrell
This is also true. ICE has to book under false pretenses for exactly that reason. Most hotels don't want them, at the very least for practical reasons. They absolutely do abduct hotel staff.
With that said, Marriott has a history of collaborating with ICE. There's this article for an example, plus when I see activists banging pots outside a hotel where ICE is staying, more often than not it's a Marriott brand.
https://www.theguardian.com/us-news/2025/aug/19/ice-marriott-hotel-detentions
@catsaladCat 🐈🥗 (D.Burch) @BardBard @yassie_j:baba_yaseen: :agenderFlag: :transgenderFlag: 
@puppygirlhornypost2Amber "This meme is from the future, you don't get it yet" ass image
@Viss 
@juJu 
@badsamuraiB'ad Samurai 🐐 Exactly. "We now support Wireguard. Kind of."
Okay #MedMastodon folks - The instance is now back up and running I'm pleased to share. Things might take a moment to catch-up and I have sent out an announcement so hopefully anyone that had accounts that doesn't see this will get the e-mail ping letting them know everything is currently back online.
I will post a bit more about the plan in the near future but the long story short is nothing is planned to change that folks will see, the main goal for me is to get the site up and running, catch up on the activities that look to be outstanding and get a plan together for migrating everything onto new infrastructure.
Also a huge shoutout to 
@mastohost who have been excellent at keeping the server "Paused" effectively without deleting data even when there was no confirmed migration path and a real big thanks to Nick for being willing to transfer the server and keep the community running!
Did you do it? Did you hack the Ubiquiti shit? Good. Here's more.
Something that's been bugging me for the past couple of years was that the #PyPI search bar wasn't returning the "most accurate" result first.
Not being an #OpenSearch expert, I got the query syntax tweaked to boost a better match on explicit name.
Search for `psycopg`, `boto3`, and more!
See the goodies here: https://github.com/pypi/warehouse/pull/19224
X blames users for Grok-generated CSAM; no fixes announced
Link: https://arstechnica.com/tech-policy/2026/01/x-blames-users-for-grok-generated-csam-no-fixes-announced/
Discussion: https://news.ycombinator.com/item?id=46503199
I caught up on some podcasts during a long walk today. 
@joshbressers chatting with 
@cadeyXe 
is my favorite of the day. I already understood anubis, but thinking about as a sort of WAF is a very interesting idea that hadn't occurred to me. It was also just a tremendously fun listen and touched some important ideas about FOSS sustainability. Josh does an amazing job of keeping every podcast he makes short and focused, even when you can tell he could've happily make the interview 3x as long and covered 4x as many topics.
Gute-Nacht-Kater #fedicats #catsoffediverse
안녕하세요, 플래닛 등의 연합우주 SNS를 사용한 적 있는 모든 사람을 대상으로, 동인을 위한 더 나은 SNS 및 서비스 개발을 위한 설문조사를 1월 11일(일)까지 진행 중입니다.
혹시 설문조사에 대한 질문이나 개선점 등이 필요하다 생각하시다면 편히 멘션이나 DM으로 이야기해주세요. 감사합니다.
I love the Mac but recent changes, idiotic Liquid Glass and a company that has lost it's way has made me never want to upgrade to Tahoe. So, I think 2026 is the year of Linux for me. In a few months I will be "in between" projects so this might be a good time to change. The big issue is a C++ IDE. I'll give JetBrains a good try. I hear mixed things.
This time for sure!
Non-privacy advocates say "I haven't got anything to hide. Have you?"
That's the wrong end of the stick. It isn't *what* is known which is the problem, so much as *who* knows it, and whether they have goodwill towards you.
Governments are supposed to have goodwill towards you, but at best, they have indifference. Corporations declare that they have goodwill towards you, but they are lying; they have the same amount of goodwill towards you as a fox has to a chicken.
>systemd v256 automatically runs sshd listening on a vsock interface in the global network namespace
>The official way to disable this behavior requires appending "systemd.ssh_auto=no" to the kernel boot line.
??? on the *kernel* command line? who thought this was acceptable??????
@nuintariThe Psychotic Network Ferret It was 2006, I think (or 2007 at the latest), and I went with a colleague to a company - the same one that, incidentally, gave us some decommissioned Digital AlphaStations. They showed me a machine (not connected to the network, obviously) that they were still using for payroll. I couldn't quite tell what it was exactly, but it was some kind of Unix system and it had been rebooted for the last time... in 1986.
I believe it’s the longest uptime I’ve ever seen.
January in Montreal is a time that people can ask you things like "Would it kill you to leave the house and go pick up groceries?" or "Would it kill you to step out and take the recycling to the curb?" and you can honestly answer "YES PROBABLY"
It's time to push this over the finish line https://github.com/kean/Nuke/pull/802. I'm going to do a final pass and see how "approachable concurrency" affects it.
실례지만 왜 여권을 2개 이상씩이나 갖고 계시는 거죠...?
It's hard to justify webpage snowflakes. 🤪
지금 이시간 가내 털공주
길가다 본 벨벳질감 고양이
X blames users for Grok-generated CSAM; no fixes announced
Link: https://arstechnica.com/tech-policy/2026/01/x-blames-users-for-grok-generated-csam-no-fixes-announced/
Discussion: https://news.ycombinator.com/item?id=46503199
@puppygirlhornypost2Amber I quote words written by anime girls
RE: https://transfem.social/notes/ah5221v3kkcv0bzv
pilfered from around the web
<공지>
더 버지 등의 취재 결과 이 게시물은 AI 생성된 거짓 내용이고 작성자가 제시한 사원증, 내부 문건 역시 AI로 생성된 가짜임이 밝혀졌습니다.
www.theverge.com/news/855328/...
RE: https://bsky.app/profile/did:plc:eeffxw7sfmqw2rv2cgi3uj3l/post/3mbjd6n7ryc2j
That viral Reddit post about f...
I know cats have an very precise internal timer when it comes to feeding time, but I wonder if the kitty recognizes it visually on the clock?
@catsaladCat 🐈🥗 (D.Burch) 7:15 on the dot every morning our cat would throw herself at our bedroom door howling for food. So I put the dry food on a timer for 7:15. Now the throws herself at the door at 7:16 howling for her wet food.
How Y Combinator made it smart to trust founders
Link: https://elbowgreasegames.substack.com/p/when-good-actors-can-trust-each-other
Discussion: https://news.ycombinator.com/item?id=46501677
I worry she watches too much TV.
But when I buy her a book, she refuses to even try it.
Marius replied to the below article:
Marius @Marius@marius.federated.id
The way GoActivityPub services function at the moment in respect to having any maintenance tasks performed by the site operator is by using a “control” binary that sends a signal to the server and then effectuate the changes.
The main reason for this method is that we treat our storage backends as not supporting multi process access (for most this is not a requirement, but it’s better to be safe than sorry) and we need to interleave the normal operation of the service with the maintenance tasks.
This is not a great solution as signal passing isn’t very efficient, it isn’t very pretty - we need to send two signals, one to lock and one to unlock storage. Additionally, while the maintenance task is running, the users are faced with an out of order response because the service’s storage backend is no longer available. If the signals fail to be processed correctly for some reason, the server can remain in an inconsistent state that needs further handling. Overall not a very robust and user friendly user experience.
So, in order to change this, I want to introduce a method I cribbed from Stegodon’s implementation, which uses an SSH server where a user (or a script) can authenticate and run commands exposed by the custom implementation.
So I’m thinking to expose the existing commands of the control binary as commands in a REPL environment, or eventually, a TUI (for which we already have some elements up and running)
The end result would be that a site operator can ssh at a specific address for the server, a Bubble Tea interface would pop up and they would be able to run commands in a REPL environment or, in the case of the TUI, be presented with it directly.
This environment would fully run in the same process as the service itself, so no more need for interleaving access to the storage backend, decreasing friction for both operator and users.
marius shared the below article:
Marius @Marius@marius.federated.id
After a couple of days percolating the idea, I made a couple of improvements to the tooling around #GoActivityPub services towards the goal of having a cool SSH based admin interface for them.
The first one was to add support for running the SSH server in parallel to the HTTP one, and respond to the same logic for starting and shutting down. This led to a refactoring the HTTP server initialization that was part of the signal wrapper module into its own separate module.
Before moving to an actual REPL interface I have added a basic middleware for Wish to handle commands passed through the ssh connection. The difficult part was to actually interface the existing types I was using for CLI commands, on top of Kong with the ssh middleware, which by itself was trivially simple. This led to quite a heavy refactoring of the packages, forced by Go’s prohibition of dependency cycles.
In the end it’s possible to pass a command to the ssh connection and it gets executed just as if it was run through the control binary on the host machine.
Another largish change this required was into passing io.Writer (and soon io.Reader) instances that corresponded to the output and error outputs (and soon input like I said). This was needed because by default commands executed by Kong use the default standard os.Stdout and os.Stderr and the commands themselves output text. This needs to get refactored into something better but for now it’s workable. So now we can pass the PTY from the ssh session to the commands and output gets sent to the correct place.
One downside to all of this, besides the forced package refactoring, is that the dependencies for the FedBOX service, which is the main place where I’m testing all of this, have increased somewhat with the inclusion of the Charm and Wish related modules. At least I added all this functionality behind a build tag.
To give an idea about what this allows me to do is that now I can operate the production, erm, testing, FedBOX server directly from my machine without needing to ssh to the box that hosts it just by configuring my local ssh client to use the host machine as a jump server:
Stefano Marinelli
Jenniferplusplus
초무
Host admin.fedbox
# Currently we use the full IRI for the Service actor
# of FedBOX as a user
User https://fedbox.example.com
# The private key extracted from the Service actor
IdentityFile ~/.ssh/admin.fedbox.example.com
# The host server
ProxyJump example.com:22
# The local address on the host for FedBOX SSH
Hostname 127.0.0.1
# The local port on the host for FedBOX SSH
Port 40022
To run a command now I just need to do the following:
$ ssh admin.fedbox oauth client list
0 beefaa5a-d00d-4767-94d9-f00ba4d6396d - http://127.0.0.1
1 18e8beef-1d2e-449d-a4d6-5f507f00bac1 - https://client.example.com/callback
Commodore Disk Drive Becomes General Purpose Computer
https://hackaday.com/2026/01/05/commodore-disk-drive-becomes-general-purpose-computer/
We went on a family walk
あめー
“Screw this, I’m going back indoors.”
起きてたけど 
We are matching $5000 due to a generous donor!! So your impact can be huge. Give to support many families struggling through a severe winter in Gaza. They need medicine, warm blankets and clothes, and food.
Matt Massicotte