What is Hackers' Pub?

また寝落ちしたあ！​​

Question: when did security analysts start describing leveraged exploit paths as "primitives"? Did this start with the FORCEDENTRY JBIG2 exploit or does this terminology have a longer history, maybe in gadget-based exploitation?

https://projectzero.google/2026/01/pixel-0-click-part-1.html

So, the cat likes cheese, cream, chicken, cassoulet, cauliflower...

Beginning to see a pattern here.

Ask HN: How can we solve the loneliness epidemic?

Discussion: https://news.ycombinator.com/item?id=46635345

You can create a SimpleX Chat chat-bot with 17 lines of JS code using the new Node.js library.

Beta version: https://npmjs.com/package/simplex-chat/v/6.5.0-beta.4.4

Source code: https://github.com/simplex-chat/simplex-chat/tree/master/packages/simplex-chat-nodejs

To run this example with Node.js:

npm i simplex-chat@6.5.0-beta.4.4

node ./node_modules/simplex-chat/examples/squaring-bot-readme.js

oh sick a little visual refresh! yay

How to Carry a Bike With Another Bike mschausprojects.blogspot.com/2020/07/how-...

How to Carry a Bike With Anoth...

@bori.bsky.social보리 강황 삼계탕이라고 명명해서 K-워싱 해버리죠. 이것은 한국의 고유 음식이다.

@:

RE: https://bsky.app/profile/did:plc:srdu2w3qc3aqh2ovez4rvql4/post/3mcgl2lgzzs2y

Ich als Sportmuffel bin heute zum aller ersten Mal länger am Stück gejoggt und ich bin ganz furchtbar stolz auf mich.

​​​​

When you’re over 60, you start to appreciate design principles of software you wrote. Like „graceful degradation“ — fall back to an experience that while not as good still delivers essential functionality. 😎😆

WIP

Project Zero releases a 0-click exploit chain for the Pixel 9. This one targets the Pixel, but the 0-click bug and exploit techniques used also apply to most other Android devices.

https://projectzero.google/2026/01/pixel-0-click-part-1.html

🎊 Go 1.26 Release Candidate 2 is released!

🔐 Security: Includes security fixes for archive/zip (CVE-2025-61728), net/http (CVE-2025-61726), crypto/tls (CVE-2025-68121, CVE-2025-61730), cmd/go (CVE-2025-61731, CVE-2025-68119).

🏃‍♂️ Run it in dev! Run it in prod! File bugs! https://go.dev/issue/new

🔈 Announcement: https://groups.google.com/g/golang-announce/c/6KZPBmTkX0E/m/56NuP1MaCQAJ

📦 Download: https://go.dev/dl/#go1.26rc2

#golang

Also new in v1.114 today: cashtags! Like hashtags, but for stocks. Tag your posts with $AAPL, $NVDA, whatever, then tap to see everyone else's equally unqualified analysis!

🥳 Go 1.25.6 and 1.24.12 are released!

🔐 Security: Includes security fixes for archive/zip (CVE-2025-61728), net/http (CVE-2025-61726), crypto/tls (CVE-2025-68121, CVE-2025-61730), cmd/go (CVE-2025-61731, CVE-2025-68119).

🗣 Announcement: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc/m/pQP7Bk0aCQAJ

📦 Download: https://go.dev/dl/#go1.25.6

#golang

#CatsOfMastodon

탄수화물과 단백질만 좋아하는 요리 잘하는 남성이 강원도에 장가 오면서 기대한 것 : 끝내주게 맛있는 평창 한우, 고구마, 옥수수, 감자 궤짝으로 배송 받아서 에어프라이기에 요리해 먹기 실제로 얻게 된 것 : 무한 한정식 산나물 곤드레밥 두부요리 제공 사건 (투명도 20%의 내적 비명 소리가 들리며)

RE: https://bsky.app/profile/did:plc:32ffmsxrwnugpta5nopzr6lk/post/3mcgi6dwgks2s

앆!!!! 메인보드에서 USB-C 선을 뽑는데 소켓이 같이 나옴

26-009 ⛄

#art

Running Debian on the OpenWrt One (Collabora Blog)

https://lwn.net/Articles/1054519/ #LWN

📢 v1.114 is rolling out! Today, we're expanding access to the Live Now beta to everyone. This experimental feature lets you add a temporary LIVE badge to your avatar, helping others discover that you're currently live-streaming on Twitch. They can click it to land directly on your stream page.

Winter is coming ❄️ (we’re excited about it!). Join the Tailscale Winter Update webinar with updates for dev workflows, performance, compliance, and securing AI systems.
📅 Feb 19 🕐 1pm ET / 10am PT

https://tailscale.com/events-webinars/tailscale-winter-update-2026/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=tailscale-winter-update-2026

#블친소 #그림러_블친소 자캐 그리고 커뮤 가끔 갑니다 그림 게임 덕질 일상 사담 등 편하게 씁니다 스터디, 커뮤, 디코, 같겜 등 환영 맞구독 느낌도 괜찮습니다~ 천천히 찾아가용

From a pragmatic standpoint I get Wikimedia making deals with AI companies: They will scrape anyways, this way you might get some money.

But it still _feels_ off. Telling all volunteers "you are working for Microsoft/Perplexity/etc for free now" _feels_ wrong.

졸려서 이만 자러 갑니다 안녕히 주무시고 좋은 꿈 꾸세요 고양이 사진 투척

@0xabad1deaabadidea I feel the same when I have to explain that FFMPEG rawdogging assembly is not the "performance" tradeoff that people should look at and go "holy based".

They openly admit to lying about ABI-stability when they know damn well they re-shuffle enum values between random updates, why the fuck would anyone trust them to be able to maintain assembly code with instructions that look like passwords.

The code is already unreadable, the specs for it are buried in NDAs and patent hellholes, which doesnt matter because FFMPEG is very proud to diverge from specs. That codebase does not need to include assembly to become a security nightmare and going "see no evil hear no evil" while closing your eyes and plugging your ears doesn't fucking work because some fucker is 100% gonna speak a lot of evil. Media files are historically one of the most reliable things to look into if you're looking for a 0-click 10/10 RCE.

It is impossible to trust a review of projects like these, I don't care how skilled and certified the team signing off on it was, if they don't find anything they did not understand what they were reading and one day someone on the red team will do a better job than them.

Notice for Players Regarding Server Time Adjustment

A very early reminder to many players, mostly in Europe DCs - remember that on March 30, the server time will be adjusted by an extra hour ahead to align with the in-game day-night cycle. This may interfere with many features such as public transit, career quests, and some items with a clock feature may display incorrect time.

well. i guess it’s time for a look in the mirror

it has the energy of someone desperately trying to sustain a redditor’s attention. pathetic

🚀 Heute startete die AWS European Sovereign Cloud in Potsdam & wir waren als BSI vor Ort.

Denn: Wir unterstützen den US-Cloud-Anbieter Amazon Web Services (AWS) bei der Ausgestaltung von Sicherheits- & Souveränitätsmerkmalen seiner European Sovereign Cloud (ESC).

Zur Pressemitteilung:
👉️ https://www.bsi.bund.de/dok/1190346

🎬️ Ein Statement unserer Präsidentin Claudia Plattner gibt's im Video.

Denmark's struggle to break up with Silicon Valley

Link: https://www.politico.eu/article/denmark-declared-war-against-big-tech-digital-sovereignty/
Discussion: https://news.ycombinator.com/item?id=46636445

CVEs Affecting the Svelte Ecosystem

Link: https://svelte.dev/blog/cves-affecting-the-svelte-ecosystem
Discussion: https://news.ycombinator.com/item?id=46636387

So I'm looking to supplement my current income with around 10hr/week 1099 engagements. I would be happy doing sysadmin or software development work.

My resume: https://hardenedbsd.org/~shawn/2026%20Shawn%20Webb%20Resume.pdf

#FediHire

So which is your favorite anime girl from genshin impact?
I'm between Hu Tao and Sucrose

it's called fermentation because it was invented in 1864 by louis fermat

how is claude so decent at writing code and still no good at writing. just totally no juice. what am i doing wrong

Here are some thoughful words on community, the "forkiverse" and the fediverse more generally from @mapacheMaho 🦝🍻

https://maho.dev/2026/01/the-forkiverse-experiment-and-why-instance-choice-matters/

#forkiverse #mastodon

?

중국이 해외 AI를 활용해서, 미성년자가 성적인 대화를 할 수 있게 개조한 서비스를 제공한 개발자와 운영자를 체포, 4년/18개월 징역을 먹였습니다. www.chinadaily.com.cn/a/202601/13/... 중국 법원은 이 서비스가 음란물이라고 판결했습니다. 조사 결과 피고인들은 성능향상이 아니라 섹텐을 위해 시스템을 튜닝했다고.

AI software under lens for fac...

We're building #BetterSocial for #Cymru #Wales

Be there for the launch of the new Tŵt app in Cardiff on Feb 28!

https://croeso.toot.wales/en/twt-app-launch-event/

RE: https://mastodon.social/@verge/115899865680907343

this was very annoying yesterday, twenty bucks feels low, but i have no idea what a fair dollar amount for one day of cellular inconvenience should be.

졸려서 이만 자러 갑니다 안녕히 주무시고 좋은 꿈 꾸세요 고양이 사진 투척

@whitequark✧✦Catherine✦✧ Free-space communication using anything longer than 1.2um (e.g. 1550nm SFP modules) might be quite unlikely to be detected, due to invisibility to Si cameras. The government where I live believes itself entitled to regulate all communication via infrared, but has graciously granted the public a licence to use TV remotes, perhaps to gratify themselves that they are not being disobeyed. The power limit of 125mW probably means that many hot objects are illegal to communicate with.

寝るのだ​​

​​​​

Found: Medieval Cargo Ship – Largest Vessel of Its Kind Ever

Link: https://www.smithsonianmag.com/smart-news/archaeologists-say-theyve-unearthed-a-massive-medieval-cargo-ship-thats-the-largest-vessel-of-its-kind-ever-found-180987984/
Discussion: https://news.ycombinator.com/item?id=46633574