洪 民憙 (Hong Minhee)

Hello! I'm Hong Minhee (洪 民憙), an open source software engineer in my late 30s, living in Seoul, Korea. I'm bisexual and non-binary (they/them), and an enthusiastic advocate of free/open source software and the fediverse.

I work full-time on @fedify, an ActivityPub server framework in TypeScript, funded by @sovtechfund. I'm also the creator of @hollo, a single-user ActivityPub microblog; @botkit, an ActivityPub bot framework; Hackers' Pub, a fediverse platform for software developers; and LogTape, a logging library for JavaScript and TypeScript.

I have a long interest in East Asian languages (CJK) and Unicode. I post mostly in English here, though occasionally in Japanese or in mixed-script Korean (國漢文混用體), a traditional writing style that interleaves Chinese characters with the native Korean alphabet. Wanting to write in that style was actually one of the reasons I joined the fediverse. Feel free to talk to me in English, Korean, Japanese, or even Literary Chinese!

#introduction

はじめまして！ソウル在住の30代後半のオープンソースソフトウェアエンジニア、洪 民憙（ホン・ミンヒ）と申します。バイセクシュアル（bisexual）・ノンバイナリー（non-binary）で、自由・オープンソースソフトウェア（F/OSS）とフェディバース（fediverse）の熱烈な支持者です。

STF（@sovtechfund）の支援を受け、TypeScript用ActivityPubサーバーフレームワーク「@fedify」の開発に専念しています。他にも、おひとり様向けのActivityPubマイクロブログ「@hollo」、ActivityPubボットフレームワーク「@botkit」、ソフトウェア開発者向けフェディバースプラットフォームHackers' Pub、JavaScript・TypeScript用ロギングライブラリLogTapeなどの制作者でもあります。

東アジア言語（いわゆるCJK）とUnicodeにも興味があります。このアカウントでは主に英語で投稿していますが、時々日本語や国漢文混用体（漢字ハングル混じり文）の韓国語でも書いています。実はこの文体で書きたくてフェディバースを始めた、という経緯もあります。日本語、英語、韓国語、漢文でも気軽に話しかけてください！

#自己紹介

安寧(안녕)하세요! 저는 서울에 살고 있는 30代(대) 後半(후반)의 오픈 소스 소프트웨어 엔지니어 洪民憙(홍민희)입니다. 兩性愛者(양성애자)(bisexual)이자 논바이너리(non-binary)이며, 自由(자유)·오픈 소스 소프트웨어(F/OSS)와 聯合宇宙(연합우주)(fediverse)의 熱烈(열렬)한 支持者(지지자)이기도 합니다.

STF(@sovtechfund)의 支援(지원)을 받아 TypeScript用(용) ActivityPub 서버 프레임워크 @fedify 開發(개발)에 專業(전업)으로 任(임)하고 있습니다. 그 外(외)에도 싱글 유저用(용) ActivityPub 마이크로블로그 @hollo, ActivityPub 봇 프레임워크 @botkit, 소프트웨어 開發者(개발자)를 위한 聯合宇宙(연합우주) 플랫폼 Hackers' Pub, JavaScript·TypeScript用(용) 로깅 라이브러리 LogTape 等(등)의 製作者(제작자)이기도 합니다.

東(동)아시아 言語(언어)(이른바 CJK)와 Unicode에도 關心(관심)이 많습니다. 이 計定(계정)에서는 主(주)로 英語(영어)로 포스팅하지만, 때때로 日本語(일본어)나 國漢文混用體(국한문 혼용체) 韓國語(한국어)로도 씁니다. 聯合宇宙(연합우주)에 오게 된 動機(동기) 中(중) 하나가 바로 國漢文混用體(국한문 혼용체)로 글을 쓰고 싶었기 때문이기도 하고요. 韓國語(한국어), 英語(영어), 日本語(일본어), 아니면 漢文(한문)으로도 말을 걸어주세요!

#툿친소 #연친소 #별친소 #자기소개

If you are working on Fediverse software, you might have heard about FEP-8a8e, which is an upcoming standard to unitize how events (as in gatherings of people) are shared via ActivityPub.

I'm currently working on a cool new validation tool that is supposed to help developers write correct implementations of this standard:

https://validate.event-federation.eu/

🧵1/7

@mkljczk Oh, thank you for buying a copy!

By the way, is it available in Europe as well? Or, have you just bought it abroad from Amazon Japan?

guess it’s time to learn some fedi dev with fedify

@hongminhee

Hackers' Pub now allows you to follow hashtags, and it's deeply integrated with tags.pub!

Hackers' Pub 새 프런트엔드(web-next)에서 해시태그를 팔로할 수 있게 되었습니다. 해시태그를 팔로하면 팔로하지 않은 계정에서 쓴 콘텐츠여도 해당 해시태그가 붙어 있을 경우 피드에 뜨게 됩니다. 또한, 기술적으로는 tags.pub과 연동되어 있어서, 연합우주(fediverse) 전체적으로 해당 해시태그를 추적할 수 있게 되어 있습니다. 참고로 자신이 어떤 해시태그를 팔로하는지는 다른 사람에게 공개되지 않습니다.

해시태그를 팔로하려면 검색창에 #해시태그_이름으로 검색하신 뒤, 검색 결과에서 팔로 버튼을 누르시면 됩니다. 또한, “사이드바에 추가” 버튼까지 누르시면, 좌측 사이드바에서 타임라인 섹션 맨 아래쪽에 해당 해시태그가 추가되어 언제나 쉽게 접근 가능해집니다.

@kodingwarrior 이거 이름 알아냈어요. 그냥 野菜(야사이)炒め(이타메)(野菜(야채) 볶음)입니다.

I write YAML list items flush with the parent key rather than indented further:

# my preference
items:
- foo
- bar
- baz

# what formatters produce
items:
  - foo
  - bar
  - baz

Every formatter insists on the two-space version instead, so across all my projects, **/*.yaml and **/*.yml end up in deno fmt's exclude list.

The other fixation is .yaml over .yml. The official YAML FAQ has explicitly recommended the longer form for years, but the three-character habit spread through GitHub Actions templates and most people never thought to check.

@hellel 저도 요즘 진밀면에 빠져 있는데, 저도 매운 걸 못 먹는 편이라 매운 소스는 조금만 넣어요 ㅋㅋㅋ

What keeps me on GitHub isn't only the social graph. Trusted publishing is the bigger obstacle.

npm, JSR, and crates.io all support GitHub Actions, or GitLab in some cases. Codeberg isn't an option yet.

crates.io says adding Codeberg/Forgejo support should be straightforward, and Forgejo is already tracking the work. Hoping npm and JSR follow. I want to move my projects to Codeberg without giving up trusted publishing.

@bgl 마음이 많이 아프시겠어요… 사람과 달리 사람과 같이 사는 강아지의 세계는 정말 그 가족으로 한정되는 경우가 많죠. 그래서 더더욱 강아지를 잊지 못하게 만드는 것 같습니다. 또미는 좋은 곳에 먼저 가서 먼 훗날 가족과 다시 만나길 기다리고 있을 거예요. 마음 추스르시길…

밤사이 강아지 또미가 세상을 떠났다. 다행히 아프지 않게 잠든 사이 편안하게 갔다. 왠지 아무 상관 없는 사람들도 얼마 전까지 이렇게 생긴 11살 요크셔테리어 한마리가 세상에 있었단걸 알았으면 좋겠단 생각이 들었다. 금방 까먹더라도.

나는 Apple이 폴더블 iPhone을 만든다는 게 아예 想像(상상)이 안 되는데, 다들 Apple이 폴더블 iPhone을 내놓을 거라고 굳게 믿는 게 놀랍게 느껴진다…

TIL Matrix supports polls

@songbirds 구매해 주셔서 감사합니다…! 🙏🏼

@yeokbo 역시 기능적인 부분보다는 네트워크 효과가 가장 문제군요… 😭 답변 감사합니다!

If you believe in the #Fediverse :

- post here
- bring your friends and family here
- tell companies, governments and creators to be here
- pay for your instance
- pay for your software

Do one thing every day. The Fediverse is worth fighting for.

@yeokbo Mastodon과 Bluesky 사이에서 고민하게 되는 요인들로 어떤 것들이 있으신가요? 페디버스 개발자로서 의견이 궁금합니다!

@burly Yeah, fair read. “Winning path” was a bad phrase. I meant path of least resistance: if the easiest thing is always to write Node.js-compatible code, there's not much reason for a Deno-native package culture to form. Nobody loses; it just never gets built.

@tychi Both Deno and Node.js run on V8, and V8 is C++, so Rust doesn't really distinguish them at the engine level. If you want a Rust-native JavaScript stack, Andromeda is probably closer: it runs on Nova, a JavaScript engine written in Rust rather than V8. Still experimental, but that's the tradeoff when you step off the compatibility treadmill.

Deno 2.8.0 is out. The compatibility work is real: the #Node.js test suite pass rate jumped from 42% to 76.4%, deno install is now a drop-in for npm install, lib.node is included by default, and setTimeout() now returns a NodeJS.Timeout instead of a number. None of that is irrational on its own. Put it together, though, and #Deno starts looking less like an alternative to Node.js and more like a cleaner way to run Node.js-shaped code.

It reminds me of OS/2's Win32 compatibility layer. IBM offered it so developers wouldn't have to choose, but the effect was the opposite: people kept writing Windows apps, and OS/2-native software never got a reason to exist. The closer Deno gets to Node.js, the less reason anyone has to think about whether their code is Deno-aware. Maybe that helps adoption. I just don't see how a Deno-native package culture survives if the winning path is “pretend it's npm.”

I did it. #Smithereen 1.0 is officially out now. Only took me 6.5 years from an idea to something I can proudly call a stable release.

BotKit security updates: 0.3.3 and 0.4.2

If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.

The vulnerability allows an attacker to use JSON-LD graph-restructuring features—specifically @graph, @included, and @reverse—to reshape a signed ActivityPub activity without invalidating its Linked Data Signature. This can cause BotKit (via Fedify) to interpret a different ActivityPub object shape than was originally signed. The fix normalizes Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects the JSON-LD constructs that enable the attack.

All versions of BotKit up to 0.3.2 (in the 0.3.x branch) and 0.4.1 (in the 0.4.x branch) are affected. Patched releases are 0.3.3 and 0.4.2.

For BotKit 0.4.x, update @fedify/botkit:

npm  update  @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update  @fedify/botkit
bun  update  @fedify/botkit
deno update  @fedify/botkit

For BotKit 0.3.x, update @fedify/botkit:

npm  update  @fedify/botkit@0.3.3
yarn upgrade @fedify/botkit@0.3.3
pnpm update  @fedify/botkit@0.3.3
bun  update  @fedify/botkit@0.3.3
deno update  @fedify/botkit@0.3.3

If you use other BotKit-related packages (e.g., @fedify/botkit-postgres), update them as well. After updating, redeploy.

The CVE ID is CVE-2026-42462. See also fedify-dev/fedify#773 for Fedify's own announcement.

Thanks to @Claire for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.

夕飯で焼肉食べた

羽田空港に到着！

Anyone else in the fediverse who does fieldwork in #linguistics ? #languages #language #indigenouslanguages #minoritylanguages (if you have suggestions for hashtags that will help me find other field linguists, please add them in a comment to this toot)

Working on adding support in Ghost for custom web domain for your handle so that (eg) I can be `@john@onolan.org` rather than `@john@john.onolan.org`

Lots of people run Ghost instances on subdomains, so think this will be helpful!

This is now live! If you have an old social web profile with followers that you want to move over to Ghost, that now works.

Find it under Network → Preferences → Account Migration

Set up an account alias pointing to your old handle, then initiate an account move on your old profile.

今は金浦から羽田に行く飛行機の中…