Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
Sting - Sounds Like Art - Rijksmuseum Amsterdam
Aufzeichnung vom 19. Januar 2026 im Rijksmuseum, Amsterdam
Verfügbar bis zum 02/06/2027
https://www.arte.tv/de/videos/119031-004-A/sting-sounds-like-art/
You've heard of vibe-coding...
(cue the punnuendo replies)
클로드 맥스로 올렸따
US asked Ukraine for help fighting Iranian drones, Zelensky says
Link: https://www.bbc.com/news/articles/cr5llg0e9g9o
Discussion: https://news.ycombinator.com/item?id=47265291
I am convinced we are on the verge of the first "AI agent worm". This looks like the closest hint of it, though it isn't it quite itself: an attack on a PR agent that got it to set up to install openclaw with full access on 4k machines https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
But, the agents installed weren't given instructions to *do* anything yet.
Soon they will be. And when they are, the havoc will be massive. Unlike traditional worms, where you're looking for the typically byte-for-byte identical worm embedded in the system, an agent worm can do different, nondeterministic things on every install, and carry out a global action.
I suspect we're months away from seeing the first agent worm, *if* that. There may already be some happening right now in FOSS projects, undetected.
@cwebberChristine Lemmer-Webber
The postinstall script installs a legitimate, non-malicious package (OpenClaw). There is no malware to detect.
i beg to differ
Half of the zero-day bugs that Google tracked last year were found in buggy enterprise tech, such as VPNs, firewalls, and routers that are designed to protect large corporations from intruders. (And yet, the irony.)
It's also basic flaws are getting big companies hacked.
Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech | TechCrunch
Enterprise software was a major focus of zero-day activity during 2025, with security and networking devices, like firewalls, VPNs, and virtualization platforms among the most targeted by malicious hackers.
techcrunch.com · TechCrunch
Link author: 
Zack Whittaker@zackwhittaker@mastodon.social
Wisst ihr noch, als Serien früher um die 20 Folgen hatten?
I am convinced we are on the verge of the first "AI agent worm". This looks like the closest hint of it, though it isn't it quite itself: an attack on a PR agent that got it to set up to install openclaw with full access on 4k machines https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
But, the agents installed weren't given instructions to *do* anything yet.
Soon they will be. And when they are, the havoc will be massive. Unlike traditional worms, where you're looking for the typically byte-for-byte identical worm embedded in the system, an agent worm can do different, nondeterministic things on every install, and carry out a global action.
I suspect we're months away from seeing the first agent worm, *if* that. There may already be some happening right now in FOSS projects, undetected.
Just absolutely no regard for security at all. None. The entire burden of self-protection shifted to humans alone at their endpoints in systems and communities entirely, foundationally built on mutual trust and trustworthiness.
Peanut, my cat, is such a weird gremlin. She’ll stand right next to me expectantly like she wants pets. But if I go to pet her she acts so offended. Then she comes over for more pets. Which wind her up so she can’t sit still and gets the zoomies. Right now she’s burrowed under a throw blanket attacking ghosts or something
By typical use (at least after 3/11)…
iPhone Air: Everyday, always with me computer
iPad Pro 11”: Meeting computer
MacBook Neo: Fun computer
Sadly my “pro” work is mostly meetings, though occasionally a MBA will make an appearance when Keynote is required. I’m excited to use the Neo for fun, creative things: writing, personal code, deep thinking
💻 The modern terminal
🎼 Agent orchestration
☁️ Cloud agents
🧠 Agent memory
🥃 Whiskey & whatnot
⤷ https://nerdy.dev/www-ep234-pay-no-attention-to-the-LLM-behind-the-terminal-with-zach-lloyd-of-warp
I did not know a theremin could do this.
if you trust Anthropic, you really should not, based on this response.
I also just signed up and tested it on Haiku 4.5 extended, Opus 4.6 extended, Sonnet 4.6 extended. Screenshots attached. I would never, ever trust any of these people at this company (Anthropic); I'm deleting my account immediately
Obsidian 1.12.5 (early access) is now available to Catalyst members for desktop and mobile with a few fixes for Obsidian CLI and copy/pasting across apps.
Announcing Rust 1.94.0 | Rust Blog
https://blog.rust-lang.org/2026/03/05/Rust-1.94.0/
Release Rust 1.94.0 · rust-lang/rust
https://github.com/rust-lang/rust/releases/tag/1.94.0
🎉
#neovim Development News
The 0.12 version will add a built-in `:lsp` command to interactively enable, disable, restart, and stop LSP clients.
PR:
- github.com/neovim/neovi...
feat(ex): add `:lsp` command b...
Pentagon Formally Labels Anthropic Supply-Chain Risk
Link: https://www.wsj.com/politics/national-security/pentagon-formally-labels-anthropic-supply-chain-risk-escalating-conflict-ebdf0523
Discussion: https://news.ycombinator.com/item?id=47266084
Newly approved US medication offers hope for cats diagnosed with FIP https://www.wlky.com/article/newly-approved-us-medication-cats-diagnosed-fip/70469393
#CatsofBlueSky #Cat #Cats #Humane #Rescue
A character study of Amall, blond elf friend of Cepper the Gothic Sorceress, for the MiniFantasyTheater Avian Intelligence series.
i said "if you cross Jaffa Cakes and Jabba the Hutt you..." and she didnt let me finish
@whitequark✧✦Catherine✦✧ ... you get sued by HMRC who argue that Jabba Cakes are actually biscuits.
Hey everyone,
@casey and 
@rania40“a Gazan student” aya had the honour of speaking to three families from Gaza today and we’d like to welcome them to Gaza Verified.
They are:
• Esraa (
@esraa_iiEsraa)
• Raghad Rajjae (
@Raghadaln18Raghad Rajjae)
• Abeer_adel14 (
@Abeer_adel14)
Please give them a warm welcome to Mastodon and to the fediverse, follow their accounts, and donate to their fundraisers if you can (and please share this so others can do the same).
Also, remember that you can find all our families who have fundraisers listed at the following page, ordered by those who have received the least in donations over the last week (on a rolling basis):
https://gaza-verified.org/donate/
Thank you for making Mastodon and the fediverse a safe space for our friends in Gaza and for your support.
💕
#Gaza #Palestine #GazaVerified #Mastodon #fediverse #newMembers #verification
L’IAg n’est pas une fatalité : vous n’êtes pas seul·e https://vincent.jousse.org/blog/fr/tech/l-ia-n-est-pas-une-fatalite/ #ia #iagen
L’IAg n’est pas une fatalité : vous n’êtes pas seul·e
Hier, suite à un post de l’ami Ploum sur Masto qui dénonçait l’absurdité de l’utilisation des LLMs (Large Language Models ~= IA générative ~= ChatGPT, Claude, you name it ~= ce que les gens appellent IA actuellement) pour coder, une personne a répondu :Concernant les LLMs pour la programmation, le débat est clos : oui c'est utile et non, on ne peut plus s'en passer Ça m’a laissé sans voix.Non le débat n’est pas clos, oui on ~peut~ doit s’en passer, et surtout OUI vous n’êtes pas seul·e à ne pas l’utiliser.
vincent.jousse.org · Vincent Jousse
Link author: 
Vincent Jousse@vjousse@mamot.fr
おはぶりり
RE: https://journa.host/@mathewi/116178264008594192
Palantir has a system called Maven Smart System that is using integration with Claude as its AI model --- to kill children
Maho 🦝🍻 shared the below article:
Sounder at Heart @News@www.sounderatheart.com
Sounders will be first MLS team to play at a Liga MX opponent in Leagues Cup.
Read more →I am convinced we are on the verge of the first "AI agent worm". This looks like the closest hint of it, though it isn't it quite itself: an attack on a PR agent that got it to set up to install openclaw with full access on 4k machines https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
But, the agents installed weren't given instructions to *do* anything yet.
Soon they will be. And when they are, the havoc will be massive. Unlike traditional worms, where you're looking for the typically byte-for-byte identical worm embedded in the system, an agent worm can do different, nondeterministic things on every install, and carry out a global action.
I suspect we're months away from seeing the first agent worm, *if* that. There may already be some happening right now in FOSS projects, undetected.
@cwebberChristine Lemmer-Webber Having OpenClaw installed without my consent is some of the nastiest malware I've seen in a while :(
RE: https://mastodon.social/@sarahjamielewis/116161459299855467
Something I want to make clear:
The "age verification" bit of the CA/CO laws are not the bit I care about i.e. a law that requires an operating systems to implement some kind of parental control feature is...whatever.
The bits I care about are the obligations on developers to call APIs and then that invocation being taken as evidence of knowledge.
Specifically, I think a -legal- requirement to:
- make any kind of call is an attack on speech
- know a users age (bracket) is a privacy violation
My boss has asked me to explain how email works to Marketing. This may be my final transmission. Avenge me.
Byłem ostatnio na meetupie AI Safety gdzie m.in. dr Naskręcki prezentował swój krótki wykład, no i zapowiadał ten model GPT 5.4. Jak sam mówił - nie wymyśli już zadania które dla AI byłoby za trudne i nawet studenci ze smartfonem z Gemini Flash rozwiążą w sekundę każde zadanie które zada na kolokwium. A wie co mówi, bo układa egzaminy dla AI.
so let me get this straight
We don't consider it a "clean room rewrite" if a human who has previously worked on a codebase and has clearly learned how something is supposed to work does a full rewrite, even if the code looks different, right? Because it's basically a derivative work?
But if the code is laundered through a plagiarism machine instead of a human, we're golden and we can disenfranchise any past contributors who expected their code to be distributed under a certain license/attribution?
I mean, I'm not a copyright lawyer, but if, say, Wine contributors were former MSFT employees who had worked on the proprietary parts of the operating system and had intimate knowledge of its internals, that would cause problems for Wine, wouldn't it?
My boss has asked me to explain how email works to Marketing. This may be my final transmission. Avenge me.
Continued annual support is the backbone of what makes EFF's work possible. Set a recurring donation today to make sure your membership never expires, get new gear every year, and make sure EFF can continue the work that we do! https://eff.org/join-r
Huh. Probably not great that I'm down to a few GB free.
There's a definite possibility that AI incorrectly targeted a school for a missile strike and killed 160 children
Alles gut gegangen heute. 🙏
me: makes a harmless, pleasant pun
her: "Why are you like this?! What God-forsaken neuron miswiring are you suffering from to emit these words in this order?!!"
I was asking Claude Desktop some questions about the NodeBB API and it was blocked from https://docs.nodebb.org/
I think it would also be helpful for Claude Code to be able to access those docs as well. In CF just block the "surge bots" from China and Singapore and that should help. Plus, isn't docs a static site?
RE: https://mastodon.social/@fediversereport/116178002926045553
This is what I mean when I say the Fediverse is centralized around Mastodon. The number of calls I hop on where people say, "Yeah, but I need it to function with the Mastodon API first," is a problem.
The Atmosphere has a similar Bluesky-ification issue as well. We all need to do better here, and I wish the biggest platforms on both sides would take the lead on this if they care about the broader ecosystem.
There's a definite possibility that AI incorrectly targeted a school for a missile strike and killed 160 children
somewhere in rural america a divorced dad has recreated his entire family with character ai because his real kids don't call anymore
RE: https://mastodon.social/@esraa_ii/116177824398254814
Please help Asmaa, Esraa, Sama and Soso buy food to survive the coming weeks in #Gaza
https://chuffed.org/project/152432-save-asma-and-her-sisters-from-death-in-gaza #mutualaid #palestine
RE: https://mastodon.social/@fediversereport/116178002926045553
This is what I mean when I say the Fediverse is centralized around Mastodon. The number of calls I hop on where people say, "Yeah, but I need it to function with the Mastodon API first," is a problem.
The Atmosphere has a similar Bluesky-ification issue as well. We all need to do better here, and I wish the biggest platforms on both sides would take the lead on this if they care about the broader ecosystem.
I've just filed issues with npm and uv (edit: and pip) proposing that if their dependency-cooldown options are unset they should default to seven days. No safety measure is perfect but sensible defaults can hopefully improve the situation.
@
Alice I. Cecile
Gabriele Svelto
wakest ⁂
David Guillot
leyrer
KDE
