Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
If we enumerate possible design choices there are thousands of possible social media platforms - but is anyone actually good?
Are better experiences to be found within this vast configuration space or do we need a more fundamental rethink?
And how can we go about finding out?
Hoist those colors, you bunch of scally degenerates.
Minnesota is leading the way toward a general strike to grind down Trump's hostile takeover of America
Meanwhile in Borkum
I’m helping Indivisible Santa Fe with a campaign to show support for #Minnesota today. Somebody just sent us this graphic!
@lcamtuflcamtuf 
that matches my short list: I look at 1, 2, 3. For 4, I know about it, but I only use them as switches (i.e. <1 hz), so gate capacitance isn't an issue for me. Thanks!
連絡も返した……………
The word audio dates only to 1934. The word video dates to 1935, and was modeled on the word audio.
It makes sense that neither word existed 100 years ago, but both are so ubiquitous now that it feels weird to think that both of those concepts were invented in recent history.
오늘 본 유튜브 동영상에서 '네가 AI보다 잘난 게 뭐냐. 네 코드가 AI보다 낫다는 걸 증명하지 못하면 취업은 꿈도 꾸지 마라' ← 이런 정서가 너무 짙게 느껴져서 힘들었다...
Ported some in-request HTML munging from beautifulsoup (+ lxml) to selectolax (lexbor), and saved over 150ms!
Maybe beautifulsoup has had its day... Even JustHTML was about on-par with bs4 + lxml, and that's pure Python.
#TwinCities Workers #Strike Against #ICE. Two Hundred Cities Follow.
https://migrantinsider.com/p/twin-cities-workers-strike-against
As two hundred and fifteen cities prepare to walk out today in solidarity with #Minneapolis, the whole world is watching.
God bless our brave neighbors in Minnesota.
If Anyone Can Pull Off a General Strike, It’s Minnesotans
The massive outpouring of support for Friday’s day of action against ICE builds on long-term organizing that residents of the North Star State have tended to for a long time.
https://newrepublic.com/article/205318/minnesota-general-strike-ice-protest
#Republicans #MAGA #GOP #Trump #Minnesota #GeneralSrike #press
果穂ちゃん
@laxsillmarxist-luiginist re: emacs vs vi
https://www.facebook.com/share/p/1DaRqLriVy/
(《おわびとおしらせ》
大雪の被害にあわれたみなさまにお見舞い申し上げます。22日付の日刊紙は、記録的大雪のため一部の地域で新聞輸送を断念しました。読者のみなさまにおわび申し上げます。22日付の紙面PDFを掲載いたします。
#しんぶん赤旗は日本共産党の新聞 #日本共産党
https://www.jcp.or.jp/akahata/』
頑張れ!赤旗
#さすあか
내숭 떠는 남자가 있고 그렇지 않은 남자가 있다는 걸 얼마 전에 알게 됐다.
난 내숭 떠는 남자를 선호하는구나.라는 것도 알게 됐다.
ガチで歴代1うまかった
#ActivityPub is getting its first formal update path since 2018. I wrote about why this matters, how this leads to some strange and funny power dynamics, and about who actually participate
https://connectedplaces.online/reports/fediverse-report-148-on-protocol-governance/
RE: https://mastodon.social/@fediversereport/115905739520020086
It does feel like #activitypub has been frozen in amber, maybe this will help. I'm hoping #mastodon developers get involved or its very hard to see how things will change.
Especially the Live Online Account Portability stuff which #atprotocol just has from the get go.
本物だよ
아방가르드라는 말 들을때마다 아스가르드하다는 말로 바꾸고싶어(???)
Achieving a 0-CVE OS for VMs: The End of Traditional Patching https://lobste.rs/s/2x5eee #security
https://tuananh.net/2026/01/21/achieving-a-0-cve-os-for-vms-the-end-of-traditional-patching/
Odin saw two teenage girls making the "aww how cute" face from across the street, and he planted himself down and stared at them until they crossed the street to pet him.
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
For reference, Fedify makes implementing this kind of fine-grained access control quite straightforward—you can check the Fine-grained access control section in the documentation.
@lcamtuflcamtuf Nice, and I found your updated illustrations in the radio article too.
I find I go back and forth on the "paper" background of the illustration.[1] It is nice to have a delineation of the figure area but the fill sometimes gives me the feeling of a different paper taped inside a notebook.
[1] Here is a 'corner' on my display where the paper effect background is shown:
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
For reference, Fedify makes implementing this kind of fine-grained access control quite straightforward—you can check the Fine-grained access control section in the documentation.
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
今日はみんなとお散歩できてとっても楽しかった!
それではーー!
Cryptographic public-keys are one way that one can have an identity (on the Fediverse, and elsewhere) while also having privacy — through a pseudonymous identity.
Yes, we have Fediverse IDs such as:
@joeblow@example.com
But a (non-delegated) public-key can function as a PORTABLE form of identity on the Fediverse.
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
Cryptographic public-keys are one way that one can have an identity (on the Fediverse, and elsewhere) while also having privacy — through a pseudonymous identity.
Yes, we have Fediverse IDs such as:
@joeblow@example.com
But a (non-delegated) public-key can function as a PORTABLE form of identity on the Fediverse.
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
In his #rustconf 2025 talk, "From Blue Screens to Orange Crabs" Mark Russinovich shared how Rust is being adopted across large, established platforms at Microsoft Azure — from security improvements to real integration challenges. Revisit this memorable #rustconf moment here:
https://www.youtube.com/watch?v=uDtMuS7BExE
Following its launch in 2025, the #OpenTelemetry eBPF Instrumentation (OBI) project is planning for an exciting 2026! Read our latest post to learn about the project's goals and how you can get involved with OBI.
햄써타가 몰아주는 신화생물 시날에 미카를 데려가몬 되겟구만
While working on #Fedify, I noticed something about how #Misskey handles #ActivityPub object access. When a remote server requests a followers-only post or DM with a valid HTTP Signatures (draft-cavage) from an authorized actor, Misskey still returns 404 instead of the content. It seems Misskey only checks the visibility field (public/home) without verifying the signature at all.
#Mastodon takes a different approach—when #authorized_fetch is enabled, it validates the HTTP Signatures and returns the content if the requesting actor has permission. I think it would be beneficial if Misskey could adopt a similar mechanism, since it would better respect the access control semantics that ActivityPub intends. Has anyone else run into this, or are there specific reasons Misskey handles it this way?
julian shared the below article:
julian @julian@activitypub.space
<p>Can you guess when I turned Anubis back on?</p> <ul> <li>Grey line (left-hand; y-axis) tracks page views</li> <li>Blue line (right-hand; y-axis) tracks unique users</li> </ul> <p><img src="https://activitypub.space/assets/uploads/files/1769183491489-6fef34a9-80f9-4b9f-b266-212a31f486cb-image.png" alt="6fef34a9-80f9-4b9f-b266-212a31f486cb-image.png" /></p> <p>You can even see the spike in traffic that brought down the site hard enough that I got my butt in gear to tune Anubis and turn it back on.</p> <p>Based on the numbers here, there is a thirteen-fold decrease in activity (or a ~92% drop in traffic), all identified by Anubis as bots and blocked.</p>
Read more →Douglas Adams on the English–American cultural divide over "heroes"
Link: https://shreevatsa.net/post/douglas-adams-cultural-divide/
Discussion: https://news.ycombinator.com/item?id=46719222
Radicle: The Sovereign Forge
Link: https://radicle.xyz
Discussion: https://news.ycombinator.com/item?id=46732213
#mastobada soir (tonight 🇬🇧 )
City hunter || Kiyomi Suzuki - give me your love tonight
It's gettin' late now
I'm wide awake now
A lover's moon on the rise
I'm feelin' restless
A little breathless
Will you be comin' tonight ?
https://www.youtube.com/watch?v=bm2A207GxPc&li
#cityhunter #suzukikiyomi #kiyomisuzuki #anime #musique #music
julian @julian@activitypub.space
<p>Can you guess when I turned Anubis back on?</p> <ul> <li>Grey line (left-hand; y-axis) tracks page views</li> <li>Blue line (right-hand; y-axis) tracks unique users</li> </ul> <p><img src="https://activitypub.space/assets/uploads/files/1769183491489-6fef34a9-80f9-4b9f-b266-212a31f486cb-image.png" alt="6fef34a9-80f9-4b9f-b266-212a31f486cb-image.png" /></p> <p>You can even see the spike in traffic that brought down the site hard enough that I got my butt in gear to tune Anubis and turn it back on.</p> <p>Based on the numbers here, there is a thirteen-fold decrease in activity (or a ~92% drop in traffic), all identified by Anubis as bots and blocked.</p>
Read more →A while back I wrote a blog post about what knitting means to me and how I think it can be a good hobby for tech folks. A few readers rightly said it would be better with photos, so I went back and added a bunch:
https://journal.stuffwithstuff.com/2025/05/30/consider-knitting/
Callout component (#37590) by ChaosExAnima has been merged! https://github.com/mastodon/mastodon/commit/c1414f1161b5fc1b8b6755d22b76415c82b64d7c
2/
To handle public-key cryptography safely, often a user should be able to have multiple public-keys.
For example, a user might have a different public-key on each device, rather than sharing public-keys.
A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.
Key-rotation is also often necessary for safety reasons.
Etc.
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
3/
All that requires that a Fediverse user can have multiple public-keys specified for them.
...
Although https://w3id.org/security/v1 seems to allow for multiple public-keys —
I wonder how much Fediverse software could actually handle multiple public-keys (rather than just one)?
(And, don't just assume one public-key?)
How mucg Fediverse software could handle public-keys changing over time?
Etc?
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
1/
One way ActivityPub can be extended is — through JSON-LD namespaces.
For example, many Fediverse servers use the following JSON-LD namespace to specify cryptographic public-key(s) for the user.
(This particular namespace is an HTTPS URL.)
...
But, does extant Fediverse software support cryptographic public-key(s) well?
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
2/
To handle public-key cryptography safely, often a user should be able to have multiple public-keys.
For example, a user might have a different public-key on each device, rather than sharing public-keys.
A user might delegate to a 3rd party — and there may be a delegated versus non-delegated public-key distinction.
Key-rotation is also often necessary for safety reasons.
Etc.
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
1/
One way ActivityPub can be extended is — through JSON-LD namespaces.
For example, many Fediverse servers use the following JSON-LD namespace to specify cryptographic public-key(s) for the user.
(This particular namespace is an HTTPS URL.)
...
But, does extant Fediverse software support cryptographic public-key(s) well?
...
#ActivityPub #Cryptography #Fedidev #Fedidevs #Fediverse #JSONLD
Finished is better than terrible #oldknees
This weekend I'll have something to read.
This looks interesting: https://radicle.xyz/
For the benefit of people on various illumos distributions (x86 for these) that might not provide a current jdk build (or who are on old releases and are unable to update) I've put up some builds of the latest jdk 11/17/21/25 LTS update releases for download here:
Today's politicians are the human version of Large Language Models: they just predict the next word you want to hear, regardless of the truth.
Christine Lemmer-Webber
David Beazley
🫧 socialcoding..
@reiver ⊼ (Charles) 
Inside Fediverse
Stefano Marinelli
