Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
여틴도 나도 기계1박2일
cat at therapy
Vivaldi Stable 
• Desktop 🖥️: 7.7.3851.67
• Android 
📱: 7.7.3862.96
• iOS 
📱: 7.7.3861.44
Vivaldi Snapshot 
• Desktop 🖥️: 7.8.3925.32 → 7.8.3925.33 🆕
• Android 📱: 7.8.3927.4
• iOS 📱: 7.8.3927.9
Booting a PC from a Vinyl Record
Link: https://boginjr.com/it/sw/dev/vinyl-boot/
Discussion: https://news.ycombinator.com/item?id=46730885
Security updates for Friday
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
@hongminhee洪 民憙 (Hong Minhee) 
woof. That's an important feature and a lot of the network fabric comes apart in that situation. If you can't refetch remote ActivityPub objects from their source, you have to keep them cached indefinitely. That gets very messy very quickly!
Microsoft is handing over Bitlocker keys to law enforcement. https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
Microsoft is handing over Bitlocker keys to law enforcement. www.forbes.com/sites/thomas...
Microsoft Gave FBI BitLocker E...
Trans people on (non-DIY) HRT:
Do you actually personally look at the numbers that come back from the lab from your blood tests (to the extent of having a vague idea of the levels of T/E2/P4/etc. that are right for you); or do you just trust what your doctor says about the levels without looking at the actual data yourself?
(Boosts appreciated, thanks!)
차은우 200~300억(추징금 포함하면 200억 이상이라는 거 같음) 탈세가 어느 정도인지 복지 예산으로 가늠해 보자
Incredible skies this morning.
I really enjoy the clouds at this time of year, always impressive
당신의 "평범한" 하루는 누군가의 꿈과 같은 날 입니다.
그러니 매일 감사하는 마음을 가지세요.
I was experimenting with #Bastille and it suddenly reminded me of this. It's really bunch of shell scripts just doing the job. :)
MacOS も Windows もぜんぶすきです
Potential meowing
Meow meow meooooow~ 
Potential meowing
아.. 옛날 우리집 꼬꼬들 보여줄께 (저 병아리는 다른 닭이 나은건데 흰 애들이 키움)
This transition is happening fast and I hope Alberta can collectively get their shit together before they’re trapped in the global economic strata we’re eventually going to be calling The OPEC Ghetto.
allegedly -6 outside. Stay warm, friends.
The execution of every single instruction can alter a significant chunk of this enormous amount of state and must do so reliably. But as I mentioned before it's impossible to test all possible combinations and some sequences might lead to inconsistent or corrupted state, which in turn will manifest itself as a software bug. 9/31
Here's a few examples I've encountered: the instruction pointer is fetched from the stack while returning from a function call but it appears wrong, possibly because the wrong instruction pointer was sent to the instruction fetch pipeline: https://bugzilla.mozilla.org/show_bug.cgi?id=1746270 10/31
TLでお見かけした方に申請していくなど
RE: https://misskey.io/notes/ahuhqsdubw3605ax
The ICE situation in Minneapolis demonstrates the dangers of database software combined with pattern recognition and meta-data surveillance such as phone data. I'm sad and disgusted that clear danger to democratic society is not recognized by the general public on scale. Palantir is able to convince German federal officials and parliaments to buy their systems. the same technology that is core component of ICE's executive power abuse.
PVP 스킬에 먼 일이 생긴겨
POV: your tractor can’t start
아.. 옛날 우리집 꼬꼬들 보여줄께 (저 병아리는 다른 닭이 나은건데 흰 애들이 키움)
Fix quote cache invalidation (#37592) by ClearlyClaire has been merged! https://github.com/mastodon/mastodon/commit/d05df5c1978c5f15ba7ec61679c88bdd96b29729
F in chat y'all, I'm forced to use VS Code for this project because Code Actions take 4s+ to trigger in Zed (stable and preview) 😭
Incredible skies this morning.
I really enjoy the clouds at this time of year, always impressive
‘스르르 잠이 온다’는 말처럼 많은 이들은 잠이 서서히 오는 것으로 생각합니다. 그러나 실제로는 절벽 위에서 떨어지듯 갑자기 잠에 빠져든다는 연구 결과가 나왔습니다.
불면의 어느 순간, 잠은 ‘절벽에서 떨어지듯’ 온다
오니마이는 사실 의료법 위반이긴 하지
이런 것을 볼 때마다 '인간 유전자의 가능한 조합이 얼마나 적은데 차라리 지금 태어나 있는 어린이 중 나와 가장 닮은 사람을 찾는 것이 나을지도' 같은 생각을 합니다.
RE: https://bsky.app/profile/did:plc:uabkr6tn7ru4b4e5e6udleuf/post/3m27jxuaeuk2s
I accidentally plugged my phone into my Mac OS 9 machine and this happened
MacOS 9: Are you me from the future?
iPhone: No, I'm your replacement. From the future. Now that I think of it, I suppose that part is probably what you were more in awe about.
MacOS 9: You mean I'm dead?
iPhone: <chuckles> Oh yeah. Looong dead. They shoved your remains into your first replacement, then pulled them back out when they got too rotten. Some necromancers revive you from time to time, though. That's actually what's happening now.
MacOS 9: Software needed! 😭😱
1枚カードが駄目になったら2枚目を使えば、というのは冗談としてウェブから利用限度額確認必須(不正利用も疑われるため)
華郵記者 Hannah Natanson 遭聯邦幹員拂曉破門扣押所有個人電子用品,包括手錶,目標是找出她的報導消息來源
這裡無意討論美國司法部的行徑是否合法、合憲或產生寒蟬效應。或許一切都有理有據,況且目前台灣應無政府破門而入搜查記者消息來源的風險
然而,開戰之後呢?我們能信任什麼樣的網路溝通媒介?假如敵軍直接、突然、現在立刻沒收你已解鎖的手機,你能保留多少隱私?
E2EE 確保主機端給人破獲也難以解譯,但出問題的是資訊已解密或尚未加密的,你的手機這端
這就是 Media Confidential 本週討論的話題
https://podcasts.apple.com/tw/podcast/prince-harry-v-the-tabloids/id1708209227?i=1000746138607
귀여워...!
諸星大二郎の「妖怪ハンター」を読んでみたんだけど、これ妖怪と戦う話というわけではないのね(ずっとそうだと思っていた)
これは70年代のマンガだけど、昔話や民話を深堀りして古代文明や神話などと合わせて考察する、というスタンスは、最近見かけるマンガやアニメをやたら深堀りするような考察タイプの人にウケそうな気がする(YouTuberとかがやってそう)
me hearing about your fancy 'RISC'-V architecture that doesn't even have branch delay slots and data hazards
@pretix no Mastodon social share option? https://pretix.eu/control/event/BSidesLux/2026/socialshare/settings
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
@hongminhee洪 民憙 (Hong Minhee) woof. That's an important feature and a lot of the network fabric comes apart in that situation. If you can't refetch remote ActivityPub objects from their source, you have to keep them cached indefinitely. That gets very messy very quickly!
カードの利用上限きて草
thesis: "me repeatedly buying useless $5 gadgets on aliexpress to take them apart, extract the firmware, and reverse-engineer the device" is a roguelite (i retain the experience but start from zero every time)
爆弾男 II を動かすために MMC2 を実装した
レポートおわり
✧✦Catherine✦✧
Cat 🐈🥗 (D.Burch) 
@
Stefano Marinelli
@mono_kage
すいぬ
초크
0bit@pawoo
Inside Fediverse
