What is Hackers' Pub?

ooooyeah 🤙

Bug Bounties have always been a sort of medium-value program. They do generate measurable security improvement, reliably — more than can be said for many security programs! — but they also cost a lot of time in triage, reproduction and communication. Historically the juice has been worth the squeeze, but with the rise of slop reports that’s no longer true. I suspect we’ll see a lot more bounty programs quietly (or loudly) end soon. https://cyberplace.social/@GossiTheDog/115934980914548808

I published my first app on Flathub. With it you can download songs from Youtube and tag them with metadata. It is written using #libcosmic in #rust. Check it out if it sounds interesting:

https://flathub.org/en/apps/net.fhannenheim.musicfetch

PLEASE SIGN THIS PETITION!

If you are a Canadian citizen or resident, please sign this petition to the federal government.

It requests that gender affirming care be guaranteed for trans youth. This petition can save lives. Please sign it.

https://www.ourcommons.ca/petitions/en/Petition/Sign/e-7005

Spread it as much as you can on your social media. Let's get this baby flying. I want them to get even more signatures than I did for my trans asylum petition three years ago. Please make sure you tell people that all residents of Canada are eligible to sign, but you must have a Canadian address to sign. If you are unhoused, ask somewhere local to you for an address you can use to sign it.

You will have to give an email address to it, which you must use to confirm you signed, or your signature will be invalid.

-=-=-

Boosts not only invited, but crucial to the success of this very, very important social action. I'd love to see a million people sign it. You have my explicit permission to screenshot this post and spread it anywhere you want, on any social media platform you think will have Canadian residents to spread it to.

-=-=-

The most that a petition before has gotten has been about 300,000. I want us to blow right past that, and roll that one up for tokes.

Canadians! Please join your trans neighbours in helping provide relief to trans youth. Speaking as a former trans youth, this would have changed my life completely. We can still do that for our neighbours' children.

Please help make it happen.

​​

​​​​​​

Knold: I’m ready. When is dinner served?

#WhiskersWednesday #CatsOfMastodon #CatsOfFediverse #Cats #SiberianCats #Knold

Somebody's not mad at his food anymore. Today he's busy being handsome.

#CatsOfMastodon #WhiskersWednesday

You know those Xmas bows the kitten has been batting around?

Yeah, he found the motherlode.

#CatsOfMastodon

Is 30 hours consistent with Trump’s general “stock crash to chicken out” latency? (EDIT: more like 29 hours, I guess)

https://thepit.social/@peter/115935000616571180

Puffin loves her cat donut bed

#Cats
#CatsOfMastodon

Bug Bounties have always been a sort of medium-value program. They do generate measurable security improvement, reliably — more than can be said for many security programs! — but they also cost a lot of time in triage, reproduction and communication. Historically the juice has been worth the squeeze, but with the rise of slop reports that’s no longer true. I suspect we’ll see a lot more bounty programs quietly (or loudly) end soon. https://cyberplace.social/@GossiTheDog/115934980914548808

ハヤオ氏のあのポーズ、ミーム化してるのは笑う
https://x.com/AppleCoffCoff/status/2014016724136583439?s=20

he folds very easily when people just firmly say "no."

NDP MP Leah Gazan is backing a petition to have the federal government intervene in the matter of the unwarranted and anti-trans restrictions on gender affirming health-care in Alberta arising from Bill-26.

The petition (E-7005 (Healthcare)8) dropped yesterday, and I haven’t seen any mention of it cross my scrolls yet, so please boost this hard and wide.

Full details and link to signing at :

https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7005

Again, please sign, boost, and share widely!

#Canada #NDPCanada #2SLGBTQ #Alberta #TransRightsAreHumanRights #MSTDNCA

​​

ヽ( ・∀・)ﾉ ｳﾝｺｰ

*grooming intensifies*

#CatsOfMastodon #DogsOfMastodon

to get you over hump day, newly published today, here is @Viss at LABScon 2025 talking about how to bug a hotel room with HomeAssistant.

#infosec #hackingshit

https://www.sentinelone.com/labs/labscon25-replay-how-to-bug-hotel-rooms-v2-0/

Bug Bounties have always been a sort of medium-value program. They do generate measurable security improvement, reliably — more than can be said for many security programs! — but they also cost a lot of time in triage, reproduction and communication. Historically the juice has been worth the squeeze, but with the rise of slop reports that’s no longer true. I suspect we’ll see a lot more bounty programs quietly (or loudly) end soon. https://cyberplace.social/@GossiTheDog/115934980914548808

PLEASE SIGN THIS PETITION!

If you are a Canadian citizen or resident, please sign this petition to the federal government.

It requests that gender affirming care be guaranteed for trans youth. This petition can save lives. Please sign it.

https://www.ourcommons.ca/petitions/en/Petition/Sign/e-7005

Spread it as much as you can on your social media. Let's get this baby flying. I want them to get even more signatures than I did for my trans asylum petition three years ago. Please make sure you tell people that all residents of Canada are eligible to sign, but you must have a Canadian address to sign. If you are unhoused, ask somewhere local to you for an address you can use to sign it.

You will have to give an email address to it, which you must use to confirm you signed, or your signature will be invalid.

-=-=-

Boosts not only invited, but crucial to the success of this very, very important social action. I'd love to see a million people sign it. You have my explicit permission to screenshot this post and spread it anywhere you want, on any social media platform you think will have Canadian residents to spread it to.

-=-=-

The most that a petition before has gotten has been about 300,000. I want us to blow right past that, and roll that one up for tokes.

Canadians! Please join your trans neighbours in helping provide relief to trans youth. Speaking as a former trans youth, this would have changed my life completely. We can still do that for our neighbours' children.

Please help make it happen.

ok so there's no way to know for sure if this worked, but in chat earlier today there was an annoying user who seemed to be letting an LLM run their chat client, and I responded to them with ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 and they immediately stopped

Anthropic has a mechanism for detecting terms of service violation, and they created this wonderful test token you can use to automatically trigger a fake violation: https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide#:~:text=MAGIC this was added in order to help people test their API integrations, but it doesn't give any indication that it only works in test environments

could be a coincidence, but I think this merits ... further research

I am so, so tired. https://www.washingtonpost.com/national-security/2026/01/21/washington-post-hannah-natanson-search-court-filing/

​​​​​​

libcurl memory use some years later https://lobste.rs/s/wa4xqd #performance #web
https://daniel.haxx.se/blog/2026/01/21/libcurl-memory-use-some-years-later/

ioriについて

ActivityPubを部分的にサポートするioriは、自分のためのナレッジ管理サービスとして開発した。

現代では様々なブログサービスやナレッジ共有サービスが存在するが、どれもいつか滅びてしまうリスクを抱えている。

それは仕方がないことだが、自分が得た知識や情報がある日突然アクセスできなくなるのは避けたい。

そこで、ioriでは自分で情報のフローをコントロールできることを重視し、ActivityPubを通じて自由な形式でナレッジが共有できるように設計した。

特定のサービスのレコメンド機能に依存せず、読者が自分の好きなサービスから情報を取得できることを目指している。

​​

@mcc

"I'm at the necrostate"

"I'm at the dystopia"

"I'm at the combination necrostate/dystopia."

The shit will keep happening until we figure out how to decentralize or have public ownership of online payments away from Paypal/Stripe/Mastercard/Visa.

💹

In a world where most code in modern programming languages will be machine-generated, what is the role of an upper-level programming languages course?

Interesting and non-obvious answers please.

I am so, so tired. https://www.washingtonpost.com/national-security/2026/01/21/washington-post-hannah-natanson-search-court-filing/

Is there a way to improve the location tagging in #PixelFed? It really sucks.

I'll be presenting @fedifyFedify: ActivityPub server framework at @fosdem 2026! My talk Fedify: Building ActivityPub servers without the pain was accepted for the Social Web Devroom. See you in Brussels on January 31–February 1!

경찰에서 연락 받았습니다. 실종 8시간만에 신병확보 했다고 합니다.

무슨 일이 있었는지는 알 수 없습니다만, 현재 안전 확보된 상태라고 합니다.

걱정해주신 분들 정말 감사드립니다.

The 4th (current) season of #MachosAlfa was fun, but at only 6 episodes it was also criminally short. Shorter seasons are OK for dramas, but I think for a comedy show with 30 min episodes they are pretty weird.

Back in the day I was happy when most shows switched for 20+ episodes per season to something like 10-13 episodes, but it recent years there are more and more shows that release 6-10 episodes everything 2-3 years, which I find quite odd. On the hand - we're drowning in TV shows, so who has the time to watch tell all anyways?

TeraWave Satellite Communications Network

Link: https://www.blueorigin.com/terawave
Discussion: https://news.ycombinator.com/item?id=46709548

WebAssembly as a Python extension platform https://lobste.rs/s/nosush #python #wasm
https://nullprogram.com/blog/2026/01/01/

​​​​​​
うっすら雪積もってる​​

New phishing scam pretending to be from an official Mastodon account.

Mastodon does not send out verification requests like this. So don't click the link if you receive a message like this, just report it as spam.

this episode is over, on to the next one. he doesn't actually care about this stuff, he is a TV producer. https://apnews.com/article/trump-davos-housing-greenland-gaza-a2f3f4c18ba321c8025a3e208fc0ddf6

this week's Arcade Archives title: Konami's 1987 overhead fantasy run-and-gun, Labyrinth Runner

https://www.youtube.com/watch?v=oDdmF3P6LdI

another Game Room refugee... this one has an intl version titled Trick Trap, but it doesn't seem to be included here for whatever reason

neat piece of invisible infrastructure: the Rust portable-atomic crate

your platform doesn’t support a particular type of atomic natively? not a problem, this crate gives you an implementation anyway

how? well there’s a global lock, you see. or, rather, 67 global locks, and which one gets used depends on the address of the atomic mod 67.

but, that’s kinda inefficient, so you wouldn’t want to use it unless it’s your only choice, right?

so they have a bunch of platform specific implementations, such as “let’s detect at runtime if cmpxchg16b is supported” or “this is a microcontroller so if we read it within one instruction we’re fine, and otherwise just disable the interrupts”

and as a result you can just use it and not really think about it, because in 99% of cases it’s gonna do the same thing as what you’d end up with if you bothered to optimize it manually

the ratio of elaborate internals to unassuming API surface is so great here you could easily blink and miss the fact that someone is pulling off heroic feats to make this happen

Puffin loves her cat donut bed

#Cats
#CatsOfMastodon

There are hot ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 in your area! Click here

Curl, one of the largest and widely used open source projects, is to stop bug bounty at the end of this month due to being overwhelmed by Generative AI slop bug bounty reports. https://github.com/curl/curl/pull/20312