What is Hackers' Pub?

Bro you’re not prompt engineering you’re writing code fanfic

It seems that py/cryptography's thoughts about OpenSSL (https://cryptography.io/en/latest/statements/state-of-openssl/) are doing the rounds at the moment.

I've not touched OpenSSL directly in a long time. In fact, it appears that the 10-year anniversary of that (https://www.imperialviolet.org/2015/10/17/boringssl.html) passed by a few months ago!

So I've no direct comments on the piece but, a long time ago, I was in the position where I was landing changes in both OpenSSL and NSS (Mozilla's TLS library). OpenSSL was somewhat famous for having bad code. And, indeed, if you looked at it back then the functions were full of single-letter variable names with pointer arithmetic everywhere and context-free, somewhat scary comments. It wasn't outside the norm for 1990s C code, but I understand why people recoiled.

In contrast, if you looked at NSS code, it looked good! Consistent formatting (before clang-format), good naming, good comments.

But NSS had a PKCS#11 abstraction layer and, even after years, I never could understand how the control flow worked there. I would have to single-step in gdb every time to figure out where an operation grounded out into actual code. I was reminded of that when reading py/cryptography's descriptions of OpenSSL 3.0.

I had a pet theory at the time that, because OpenSSL was repulsive on the surface, it inhibited people enough that they couldn't add much deeper complexity. But NSS, with its invitingly clean-looking code, was understandable and then people had enough capacity left over to add deeper complexity.

There might be something to it, although you shouldn't discount the fact that entities who are willing to fund cryptography libraries often have demands that are contrary to clean code. Things like FIPS compliance and compatibility with a zoo of different accelerators and bespoke needs.

So rather it might have been that old OpenSSL was old OpenSSL because it was mostly unfunded. That meant that it looked pretty ragged, but also there weren't so many demands in tension with good design.

NSS was funded by interests that really cared about PKCS#11 compatibility so that you could use a super-expensive, certified-everything HSM with it. When OpenSSL got shocked into switching to a higher-funding model, that brought lots of those same sorts of competing interests, and then the incentives pointed towards adding slow, impenetrable layers of abstraction all over.

@quixoticgeek @stefanoStefano Marinelli Also known as "shoot at the monkey's feet, make the monkey dance faster." We've all been there.

(It stops being funny when they miss the floor, maim the monkey, and the monkey they depend on for some critical function spends two months in hospital.)

#WindowsAppSDK 1.7.7 (1.7.260114001) has shipped!

This is a servicing release that includes critical bug fixes for the 1.7 release.

Release notes: https://learn.microsoft.com/windows/apps/windows-app-sdk/release-notes/windows-app-sdk-1-7?pivots=stable#version-177-17260114001

Download package: https://www.nuget.org/packages/Microsoft.WindowsAppSDK/1.7.260114001

#WASDKday

You are reading

- 캐시태그 • 해시태그처럼 쓰지만 주식과 관련된 이야기를 할때 사용할 수 있습니다. • 게시물에 $AAPL, $NVDA 등 원하는 태그를 달아 사용할 수 있습니다. (한정적 지원으로 모든 문자에서 적용가능하진 않음) •캐시태그를 탭하면 다른 사람들의 전문성 없는 분석을 확인할 수 있습니다. (2/2)

RE: https://bsky.app/profile/did:plc:z72i7hdynmk6r22z27h6tvur/post/3mcibiyf7fs2r

📢 블루스카이 v1.114 업데이트 - '라이브 중' 베타 기능을 모든 사용자에게 확대 제공 • 이 실험적 기능을 통해 아바타에 임시 '라이브' 배지를 추가할 수 있으며, 이를 통해 다른 사용자들이 현재 Twitch에서 생방송 중임을 알 수 있습니다 그리고 이 배지를 클릭하면 스트림 페이지로 바로 이동 가능합니다. • 베타 기간 동안 '지금 생방송 중'은 현재 Twitch 링크로만 제한됩니다. 베타 운영을 통해 얻은 경험을 바탕으로 다른 스트리밍 플랫폼 지원도 추가될 예정입니다. (1/2)

RE: https://bsky.app/profile/did:plc:z72i7hdynmk6r22z27h6tvur/post/3mcibezwvxk2g

Please share
I need your help: For an investigation into dating app algorithms, I am looking to get in touch with developers and others who work/have worked for such providers and would be willing to talk to me. Anonymous responses are also welcome. Questions include: What mechanisms are used to keep users on the platform? What ideas/constructs of partnership/matching are embedded in the algorithm? Please share widely! Thank you❤️
Anonymous and other contact options: see bio.
#dating

​​​​

漁村の夕景 #misskey写真部

Hardware, n.: The parts of a computer system that can be kicked.

—fortune(6)

we're seeing unprecedented bullshit levels

(100%) ■■■■■■■■■■

ohayo

Do you know any new open source projects that deserve recognition?

Projects that are:
- Solving real world problems and driving technical innovation
- Improving science, research or medicine
- Challenging long standing platforms or paradigms
- Just super nerdy and doing something novel!

If you do, please share them and perhaps we can help them get the attention they deserve. 🧡
#opensource #linux #Innovation

conversation I had today:
- is it a nonprofit?
- …not on purpose, no

​​​​​​

​​​​​​

Question: when did security analysts start describing leveraged exploit paths as "primitives"? Did this start with the FORCEDENTRY JBIG2 exploit or does this terminology have a longer history, maybe in gadget-based exploitation?

https://projectzero.google/2026/01/pixel-0-click-part-1.html

Heute ist es so richtig schief gegangen mit der Bahn. Selbst für meine Verhältnisse. Ich hatte eine Verbindung mit gut Umsteigezeit und Puffer. Die oft auch funktioniert: Sprinter Berlin- Nürnberg, Intercity bis Aalen (und dann RE nach Oberkochen zu einem Termin). Ich hab drei Anschlüsse verpasst und musste am Ende vom vorletzten Bahnhof abgeholt werden, um nur zwei Stunden zu spät zu sein.
Ich frage mich, wie Leute unter diesen Bedingungen überhaupt irgendwo ankommen.
#EvaTraindestroyer #bahn

어휴 아부 잘하네…

​​

Pixel dailies: Secret Wall
#pixelart #pixel_dailies #secretwall #ドット絵 #aseprite #Procreate @pixel_dailies

RIIR

Pixel dailies: Secret Wall
#pixelart #pixel_dailies #secretwall #ドット絵 #aseprite #Procreate @pixel_dailies

It seems that py/cryptography's thoughts about OpenSSL (https://cryptography.io/en/latest/statements/state-of-openssl/) are doing the rounds at the moment.

I've not touched OpenSSL directly in a long time. In fact, it appears that the 10-year anniversary of that (https://www.imperialviolet.org/2015/10/17/boringssl.html) passed by a few months ago!

So I've no direct comments on the piece but, a long time ago, I was in the position where I was landing changes in both OpenSSL and NSS (Mozilla's TLS library). OpenSSL was somewhat famous for having bad code. And, indeed, if you looked at it back then the functions were full of single-letter variable names with pointer arithmetic everywhere and context-free, somewhat scary comments. It wasn't outside the norm for 1990s C code, but I understand why people recoiled.

In contrast, if you looked at NSS code, it looked good! Consistent formatting (before clang-format), good naming, good comments.

But NSS had a PKCS#11 abstraction layer and, even after years, I never could understand how the control flow worked there. I would have to single-step in gdb every time to figure out where an operation grounded out into actual code. I was reminded of that when reading py/cryptography's descriptions of OpenSSL 3.0.

I had a pet theory at the time that, because OpenSSL was repulsive on the surface, it inhibited people enough that they couldn't add much deeper complexity. But NSS, with its invitingly clean-looking code, was understandable and then people had enough capacity left over to add deeper complexity.

There might be something to it, although you shouldn't discount the fact that entities who are willing to fund cryptography libraries often have demands that are contrary to clean code. Things like FIPS compliance and compatibility with a zoo of different accelerators and bespoke needs.

So rather it might have been that old OpenSSL was old OpenSSL because it was mostly unfunded. That meant that it looked pretty ragged, but also there weren't so many demands in tension with good design.

NSS was funded by interests that really cared about PKCS#11 compatibility so that you could use a super-expensive, certified-everything HSM with it. When OpenSSL got shocked into switching to a higher-funding model, that brought lots of those same sorts of competing interests, and then the incentives pointed towards adding slow, impenetrable layers of abstraction all over.

Beim IHK-Empfang in Sachsen-Anhalt sagt Kanzler Merz, dass er das Arbeitszeitgesetz loswerden wolle – und beweist erneut, dass er als Kanzler nicht geeignet ist.
https://taz.de/!6145854

エアコンつけて寝たのにiPad君充電できてないにゃ…​​
温度足りなかった…？​​

​​

@quincyQuincy ⁂ #wasFehlt: ein #RadioEriwan Account (Bot?) im Fedi

​​​​

OpenBSD-current now runs as guest under Apple Hypervisor https://undeadly.org/cgi?action=article;sid=20260115203619

Also new in v1.114 today: cashtags! Like hashtags, but for stocks. Tag your posts with $AAPL, $NVDA, whatever, then tap to see everyone else's equally unqualified analysis!

当時の警察ににらまれるきっかけだったかもしれない絵です　​​

I'm a professional shitpollster.

I'm a professional shitpollster.

a bit silly that X shows up on app store when searching for 'bluesky' but bluesky doesn't show up when searching 'twitter' i wonder if this is due to ads or keywords or something. cc @esb.lol@bsky.brid.gyEric

Jeff Bezos is saying the quiet part out loud. They want to kill local computing.

You will own nothing and be happy. You will rent your computing power from the cloud. You pay a subscription for the privilege of using a computer.

AI demand is artificially spiking DRAM prices and Big Tech is pushing "AI PCs," the squeeze is on to force us into a rental model.

Reject this future.

Keep your hardware local.

Run #Linux.

Own your data.

The "cloud" is just a landlord for your data.

#NoAi #FOSS #OpenSource #Privacy #SelfHost #SelfHosting #BigTech #RightToRepair #RAM #Amazon #EatTheRich

https://www.windowscentral.com/artificial-intelligence/jeff-bezos-says-the-quiet-part-out-loud-bezos-envisions-that-youll-give-up-your-pc-for-an-ai-cloud-version

@liwLars Wirzenius Wikipedia literally just sold out. We should start thinking about what comes next.

https://money.usnews.com/investing/news/articles/2026-01-15/wikipedia-owner-signs-on-microsoft-meta-in-ai-content-training-deals

​​

- "Kann Amazon eine europäische souveräne Cloud betreiben?"

- "Im Prinzip ja. Die Frage ist nur, wer ist dann der Souverän."

OpenBSD-current now runs as guest under Apple Hypervisor https://undeadly.org/cgi?action=article;sid=20260115203619

New music!

"Just Walk Away" is now live — that's me (@hisham_hmHisham) and my friend Chico, we share lead vocals and performed all instruments. (Detailed credits on the Bandcamp page!)

We're especially looking forward to getting some feedback. To your ears, what does it sound like?

Here's some links:

Bandcamp: https://signifierproject.bandcamp.com/track/just-walk-away

Deezer: https://link.deezer.com/s/32agiT6WpybSC5AytlAhm

Spotify: https://open.spotify.com/album/7IAI6i16VDKYQTZOAYPZTh

...and everywhere and anywhere you can find "Signifier - Just Walk Away"!

What @anildash said: https://www.anildash.com/2026/01/15/wikipedia-at-25/

You know, I am occasionally shocked when someone I think of as smart or admirable or nice starts talking about how Wikipedia sucks. There are a few reasons why someone might feel that way, and none of them reflect well on them.

UK offshore wind prices come in 40% cheaper than gas in record auction

Link: https://electrek.co/2026/01/14/uk-offshore-wind-record-auction/
Discussion: https://news.ycombinator.com/item?id=46637399

Animals X'mas - Masashi Ichikawa
https://macthemes.garden/themes/0ebd9a86b153-Animals-Xmas

News release: Privacy Commissioner of Canada expands investigation into social media platform X following reports of AI-generated sexualized deepfake images - Office of the Privacy Commissioner of Canada https://www.priv.gc.ca/en/opc-news/news-and-announcements/2026/nr-c_260115/

Emperor X just released a new song...

https://emperorx.bandcamp.com/album/renee-nicole-nicole-renee

#ReneeNicoleGood #Music #EmperorX

why is it always longread

Tschechien: Oberster Gerichtshof kippt die anlasslose Vorratsdatenspeicherung

Nach langem Rechtsstreit hat der Nejvyšší soud die staatliche Praxis des Protokollierens von Nutzerspuren für illegal erklärt und die Privatsphäre gestärkt.

https://www.heise.de/news/Tschechien-Oberster-Gerichtshof-kippt-die-anlasslose-Vorratsdatenspeicherung-11142948.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Netzpolitik #Vorratsdatenspeicherung #news