Hackers' Pub is a place for software engineers to share their knowledge and experience with each other. It's also an ActivityPub-enabled social network, so you can follow your favorite hackers in the fediverse and get their latest posts in your feed.
https://www.openwall.com/lists/oss-security/2026/03/09/7
Misskey and Sharkey, ActivityPub-based social network services (similar to Mastodon), have released updates to patch vulnerabilities Sharkey maintainers describe as "extremely severe".
Details have not been not published yet but "missing permission checks" and "authentication bypass" sound like vulnerabilities that could be prevented by following recommendations from FEP-fe34: Origin-based security model.
자율주행 수동이라니 갭모에
Meet Selection.getComposedRanges() 🆕
Unlike getRangeAt(), it returns selection ranges across Shadow DOM boundaries, essential for modern web components.
Since August 2025, this feature is Baseline.
Learn how it works 👇
https://developer.mozilla.org/en-US/docs/Web/API/Selection/getComposedRanges
Emelia has already done so much great standards and auth work behind the scenes, which benefits not just atproto/atmosphere, but also ActivityPub, Solid, and other social web ecosystems.
really excited about the potential for FedCM to make login flows slick and competitive with Google/Apple/Meta
RE: https://bsky.app/profile/did:plc:5w4eqcxzw5jv5qfnmzxcakfy/post/3mgniewoy322j
Toni is a wonderfully thoughtful and insightful exec, who has shown that you can build a real business around open software. Finding someone who can execute and who understands the vision of an open protocol at the same time is rare—Toni gets it. I'm excited to see what Toni and Jay build together.
RE: https://bsky.app/profile/did:plc:cwf4mmm7mpzistinx3ox2zhj/post/3mgnkln3fmk2j
Recap from my Year of the Snake.
And yes I've given plenty of critiques (including not always agreeing with those engineering decisions). But nonetheless I don't think giving the engineering team space to do what they thought was right has always been the easy thing to do, and I thought it was worth saying the positive thing here.
(Real talk I did not know this was coming when I posted this and the following reply 3 days ago tho, heh) https://bsky.app/profile/dustyweb.bsky.social/post/3mgfo3mg4jk2h
generator-eslint generator-eslint-v6.1.0 has been released: https://github.com/eslint/generator-eslint/releases/tag/generator-eslint-v6.1.0
one of the difficulties of chatting online with cool techy trans girls is that it can at times be difficult to tell a keysmash from an encryption key
a lot of y'all still don't get it. ape holders can use multiple slurp juices on a single ape.
RE: https://dair-community.social/@Meron/116199326654385711
As someone who came to the US as a refugee with political asylum I can't overstate how cruel this is. I was already terrified and had nightmares every day. And here they're telling you that you didn't get to safety after all that, that they will reverse your status on a whim, if they deem it safe for you to return. As Warsan Shire wrote, no one leaves home unless home becomes the mouth of a shark.
a lot of y'all still don't get it. ape holders can use multiple slurp juices on a single ape.
I am about to start my fourth attempt at transferring my old iPad to my new iPad. It has failed twice in the data transfer stage and once before we even got there. This is the stuff we used to be able to rely on with Apple. I don’t particularly want to set this thing up from scratch but I also don’t want to waste another hour. Sigh.
Toni is a wonderfully thoughtful and insightful exec, who has shown that you can build a real business around open software. Finding someone who can execute and who understands the vision of an open protocol at the same time is rare—Toni gets it. I'm excited to see what Toni and Jay build together.
RE: https://bsky.app/profile/did:plc:cwf4mmm7mpzistinx3ox2zhj/post/3mgnkln3fmk2j
I'm super hyped to announce that Bluesky Socal PBC has given me a grant to work on the Federated Credential Management (or FedCM) standards to make them really work for all decentralized web applications.
This is why I stepped up to be an Invited Expert with the W3C FedID Working Group earlier in the year. The missing part at that time was "how do I fund this work?" so I'm super happy that Bluesky Social PBC really came through with a grant to fund this work.
A really interesting thing that Bluesky Social PBC did here was they could have said "just make this work for AT Protocol" but instead they said "make this work for the entire decentralized web", and the contract explicitly states I should be working with the IndieAuth, Solid and other communities interested in federated and decentralized identity to make this happen.
개웃긴 즉석밥 봄 5곡이라고 써져있는데 쌀, 찹쌀, 현미, 흑미, 기장 넣었대 5곡 중에 넷이 쌀이잔아 米친놈아
@cwebberChristine Lemmer-Webber “great question! I know it might seem shocking to you that I have spent all of your savings on a jpeg of the worst picrew you’ve ever seen. Here is why it’s a genius investment: Not only is the token not fungible,
@erikaErika 
@cwebberChristine Lemmer-Webber "Buddy, they won't even let me funge it"
Loom (DOS EGA)
Congrats to @thisismissem.social@bsky.brid.gyEmelia for the well deserved financial support.
She contributes across atproto and ActivityPub, & with the IETF OAuth standards.
FedCM is a W3C web platform API that “allows users to login to websites with their federated accounts in a privacy preserving manner”
RE: https://bsky.app/profile/did:plc:5w4eqcxzw5jv5qfnmzxcakfy/post/3mgniewoy322j
did you know that SSH has a little-known secret menu?
i wrote a post about this on cohost a while back, but since that site shut down i'm posting it here too
RE: https://hachyderm.io/@pointfreeco/116200369552646802
Let the fun begin!
神奈川県清川村 道の駅清川
#バイク旅
#風景写真
#photography
撮影日 2026/02/28
Heeey, look, it's me!
I'm super hyped to announce that @bsky.app@bsky.brid.gyBluesky have given me a grant to work on the standards for the Federated Credential Management API (or FedCM) to make them really work for all decentralized web applications.
RE: https://bsky.app/profile/did:plc:ewvi7nxzyoun6zhxrhs64oiz/post/3mgni4shwas2k
Christ I never thought I'd say this but I wish the NFT craze was still going right now. Absolutely all these people would find a whole new way for all their apes to be gone
@cwebberChristine Lemmer-Webber “great question! I know it might seem shocking to you that I have spent all of your savings on a jpeg of the worst picrew you’ve ever seen. Here is why it’s a genius investment: Not only is the token not fungible,
eslint/json 1.1.0 is here!
✨ Autofix for no-unnormalized-keys
🔧 JSONRuleDefinition can now report on tokens
🔧 Updated ESLint dependency
Details:
https://github.com/eslint/json/releases/tag/json-v1.1.0
Fairplayer is sort of like a federated Bandcamp...
"Fairplayer plays music from a decentralized ecosystem. Artists and communities publish their music on their own websites and link them to a player where the user can listen to them all."
Christ I never thought I'd say this but I wish the NFT craze was still going right now. Absolutely all these people would find a whole new way for all their apes to be gone
@cwebberChristine Lemmer-Webber this is absolutely unhinged. i can hardly believe it
@cwebberChristine Lemmer-Webber this is absolutely unhinged. i can hardly believe it
@cwebberChristine Lemmer-Webber like... have people completely lost it? are they not seeing all the stories about credentials being exfiltrated by LLMs? do they just not know what a credential is?? i am truly baffled
now, if bsky was employing like 1000 people, one thing that can happen in situations like this is "it's unpopular to fire 800 people so you have an interim ceo do it" but that isn't where/how bsky is operating at. but i promise you, the eventual real CEO will matter far more than this one
Launch HN: Terminal Use (YC W26) – Vercel for filesystem-based agents
Discussion: https://news.ycombinator.com/item?id=47311657
eslint/css 1.0.0 is here!
✨ Function-based customSyntax options
🔧 Export types from main entry; remove /types export
⚠️ ESM-only, Node.js ^20.19.0+ required
Details:
https://github.com/eslint/css/releases/tag/css-v1.0.0
Toni has been an advisor to us for years, and it's an honor to have him come in to lead us into this next phase 🚀
RE: https://bsky.app/profile/did:plc:cwf4mmm7mpzistinx3ox2zhj/post/3mgnkln3fmk2j
also, you know what is a great way to get a bunch of people to apply for a job? you announce a job opening it's a straightforward as that
1. have her wait half a year to start doing that 2. let her go do that and have someone else do the operational stuff while you look for a replacement
startups are a battle against time. if you think that jay's time is better served working on the technology and not on the operational work, do you:
Welcome to the team, Toni!
RE: https://bsky.app/profile/did:plc:cwf4mmm7mpzistinx3ox2zhj/post/3mgnkln3fmk2j
Thank you, Jay! None of this would exist without you.
RE: https://bsky.app/profile/did:plc:oky5czdrnfjpqslsw2a5iclo/post/3mgnkkbkw2c2v
Some personal news: I’m transitioning from CEO to a new role as Bluesky’s Chief Innovation Officer! I’m excited to welcome @toni.bsky.team@bsky.brid.gy as our interim CEO.
More here: bsky.social/about/blog/0...
A New Chapter for Bluesky - Bl...
名刺代わりのNFCタグを買っておいてもいいかもしれないと思ったのだけど送料を無料にするには安すぎてなあ
Leadership change announced at Bluesky.
I think Jay Graeber's biggest accomplishment: she allowed the Bluesky engineering team to follow their hearts on what they saw as pursuing the best design. Not easy to do given all the other pressures in the role.
Best of luck with what's next, and I hope future leadership does the same.
No leap second will be introduced at the end of June 2026
Link: https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/P6D36VZSZBUSSTSMZKFXKF4T4IXWN23P/
Discussion: https://news.ycombinator.com/item?id=47308059
Algebraic topology: knots links and braids
Link: https://aeb.win.tue.nl/at/algtop-5.html
Discussion: https://news.ycombinator.com/item?id=47309605
Point-Free
Tom Casavant
jnkrtech
Andy Piper
Erik Uden 🍑
@
