Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
Telnet is a remote login protocol that became obsolete in 1995 when SSH became available because SSH offers transport encryption while telnet does not.
Those who kept a telnetd running for whatever reason (and did not hide it behind a firewall) have had a root backdoor for the last ten years.
The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.
If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.
This happens because the telnetd server do not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication.
Severity: High
Vulnerable versions: GNU InetUtils since version 1.9.3 up to and including version 2.7.
History
The bug was introduced in the following commit made on 2015 March 19 […]
Recommendation
Do not run a telnetd server at all. Restrict network access to the telnet port to trusted clients.
Source (including exploit code not reproduced here): https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
おはよう世界
It shouldn’t be controversial to insist that Democrats vote to rein in this lawless and sadistic agency. https://www.yahoo.com/news/articles/ice-agents-grab-five-old-003353525.html
god I love fuzzing so much. the feeling of "there's a hater who's been trying RELENTLESSLY to find holes in your work for the last 24 hours and they got NOTHING" is incredible.
It shouldn’t be controversial to insist that Democrats vote to rein in this lawless and sadistic agency. https://www.yahoo.com/news/articles/ice-agents-grab-five-old-003353525.html
Demand that your Members of Congress use their leverage with the upcoming Homeland Security funding bill to get ICE Out For Good: https://act.indivisible.org/sign/ice-out-for-good/?source=mastodon
Hello, meine Firma hat mir nach 11 Jahren gekündigt. Jetzt such ich nach einem neuen Job als Software Entwickler. Ich geh auch gern ins Büro solangs in Nürnberg und Umgebung ist aber genau so gern mach ichs auch Remote.
CPP, Python, Go, Delphi sind so Späße die ich kann. Generell auch Datenbanken, Docker, CI/CD, ein bisschen Netwerk, Server, alles was man als Nerd halt so macht.
Wenn ihr was habt oder was wisst haut mich gern an und auch gern #repost #retoot #getfedihired
Telnet is a remote login protocol that became obsolete in 1995 when SSH became available because SSH offers transport encryption while telnet does not.
Those who kept a telnetd running for whatever reason (and did not hide it behind a firewall) have had a root backdoor for the last ten years.
The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.
If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.
This happens because the telnetd server do not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication.
Severity: High
Vulnerable versions: GNU InetUtils since version 1.9.3 up to and including version 2.7.
History
The bug was introduced in the following commit made on 2015 March 19 […]
Recommendation
Do not run a telnetd server at all. Restrict network access to the telnet port to trusted clients.
Source (including exploit code not reproduced here): https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
Whelp, one of my remote hosts got hacked. 😱 I’m sure this makes me look like an idiot, but here’s a post on what happened, anyway.
https://amxmln.com/blog/2026/that-time-i-got-hacked/
Lesson learned, I hope I can move on and not be paralysed by paranoia. 😅
お布団に潜るわよー
Länger nicht Bahn fahren können, auch bekannt als Entzug
RE: https://sfba.social/@jank0/115940093337365462
An interesting thread from Janko about the joys of publishing newsletters. It is very funny to me that writing about a terrible business model risks you getting lumped in with the business model.
I must be inside that train soon, and yes it will snow just exactly like the photo. The view from inside, looking out is beautiful.
RE: https://social.vivaldi.net/@sesivany/115939683331097935
Oooooooh.
It just hit me.
Wikipedia was born in the US. That's why there is the Wikimedia Foundation which controls the project, keeps everything inside its infrastructure, and is the single point of contact for the project.
OpenStreetMap was born in Europe. By the words of Jiří, our DNA is different: we provide the data and do the absolute minimum, allowing hundreds of companies flourish on our data. E.g. there are no official routers or search engines.
This is actually awesome
An originally closed event platform is now publishing events to the open web through atproto, and you can see and interact with the events through other apps now too
RE: https://bsky.app/profile/did:plc:l4fwwgqgc5gdvtebisdumf4x/post/3mczopqt4ds2i
seen on the road, horny?
actual bumper sticker I just saw:
If you're gonna ride my ass, at least pull my hair
and you know what, that's legit
I must be inside that train soon, and yes it will snow just exactly like the photo. The view from inside, looking out is beautiful.
Ring claims it’s not giving ICE access to its cameras https://www.theverge.com/news/866003/ring-ice-camera-access-flock
Aus aktuellem Anlass:
When they kick at your front door
How you gonna come?
With your hands on your head
Or on the trigger of your gun
When the law break in
How you gonna go?
Shot down on the pavement
Or waiting in death row
The Clash - Guns of Brixton
https://youtu.be/gVVqUuNG1ZI
#leyrerplaylist
Synced up with #ATmosphereConf sponsor @stream.place@bsky.brid.gy Confirmed we are going to have three live streams rather than just two, because we have SO MANY GREAT PROPOSALS we want to capture. Streamplace will also be launching / announcing new features at the conf 🎉🪿 Thanks for supporting us!
In the early days of personal computing CPU bugs were so rare as to be newsworthy. The infamous Pentium FDIV bug is remembered by many, and even earlier CPUs had their own issues (the 6502 comes to mind). Nowadays they've become so common that I encounter them routinely while triaging crash reports sent from Firefox users. Given the nature of CPUs you might wonder how these bugs arise, how they manifest and what can and can't be done about them. 🧵 1/31
good shitposting is all about your state of mind (unwell)
We need legislation on sideloading ASAP. Yesterday, I learned the hard way that I’m not allowed to use my own personal, paid developer certificate to sign IPAs I want to install on my own personal device. Wow. 😬
Ryan: The existence of ethernet switches implies the existen...
Partner: tackles Ryan
If you are in the US and have an Amazon Ring camera, disconnect it. The camera may be being used by ICE, by way of its participation in a Flock AI surveillance network.
Or sure, smash if it feels better.
트럼프 정부에 韓정부 제지 요청한 쿠팡측, 한미통상분쟁 노리나
www.yna.co.kr/view/AKR2026...
쿠팡 투자자들이 이재명 대통령과 민주당에 대해 '친중 성향'까지 거론
쿠팡 투자자들은 USTR에 한국산 제품에 대한 관세 부과, 미국 내에서 한국의 서비스 제공 제한, 재발 방지 대책 마련 등을 청원했다.
트럼프 정부에 韓정부 제지 요청한 쿠팡측, 한미통상분쟁...
ヽ( ・∀・)ノ ウンコー
The joys of modern email: "Has Microsoft decided to put all of our email on hold or are they having a global M365 inbound SMTP email incident?"
(For about the last hour and a half, if it's an incident someone is having a bad day.)
Hey Washington, there's a profoundly bad law making its way through the state level.
This law, will require ALL 3d printers to send copies of the files you print directly to the government to be check against a database of "banned shapes".
Literally turning your 3d printer into spyware. And if you don't voluntarily turn your printer into a spy, you will be a class C Felon.
This law affects ALL CNC machines, not just 3dps.
RE: https://mastodon.social/@sir_pepe/115940398559471098
When we built Greenkeeper, we went out of our way to ensure we’d never annoy our users by posting duplicate PRs, issues or comments.
Knowing how to write deterministic software seems to be a valuable skill in the future.
Sometimes the job interview just wants to gain code exec on your machine:
https://runjak.codes/posts/2026-01-21-adversarial-coding-test/
Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted⁉️
昨日のらくがき
先日のコラボ配信でお絵描きのお題を見抜くAIの破壊者になったスバちゃん
通りすがりのVtuberだ!
だ、だめだ…寝かけてた
今夜は寝ちゃいますね…!
A woman who I follow on the fediverse just had to delete a post due to sexual harassment.
Men if you want more diversity on the Fediverse you need to speak up and call in your peers. You need to educate them and if they persist ban them. Make it clear they aren't welcome.
Otherwise you're making it clear we aren't welcome.
It shouldn't just be us doing the work
GPTZero finds 100 new hallucinations in NeurIPS 2025 accepted papers
Link: https://gptzero.me/news/neurips/
Discussion: https://news.ycombinator.com/item?id=46720395
of all the coding I do, I never want to [redacted self violence] more than when I'm doing CSS.
does anyone know of any good guides/courses for debugging it/having better mental models for working with it?
I need to read every layout all the way through, and I have wizard zines pocket guide.
老害にならず、イキりもせず、適切に知識と常識をアップデートして、年齢でマウントを取らず、歳下だからとタメ口を使わず、異性の後輩をちゃん付け呼びせず、若い世代のグループに首を突っ込まず、自慢話も武勇伝も語らず、ありがとうとごめんなさいが言えるおじさんに私はなりたい。2
샨티 근데 이 와중에 넘 예쁘네
For the last decade, the #EU has been funding #Mastodon #KDE #Phosh #Nextcloud #OnlyOffice #PixelFed, #Libreoffice, #CryptPad, #Kdenlive, #Lemmy and many other Open Source projects you know and love through its #NextGenerationInternet programme.
But now that programme is ending and they are thinking about its successor.
They want to hear from you on what it should look like: Share your feedback to make sure the Commission keep funding amazing Open Source projects!
[JM]
Ghostty is getting an updated AI policy. AI assisted PRs are now only allowed for accepted issues. Drive-by AI-written PRs will be closed without question. Bad AI drivers will be banned from all future contributions. If you're going to use AI, you better be good. https://github.com/ghostty-org/ghostty/pull/10412
leyrer
カワウソマシンガン
Em 
グル 
Stefano Marinelli
Hyaniner
mcc
Paul Cantrell
Sara Joy 
Stefan Bohacek