元來(원래)는 Surface 시리즈를 主(주)로 고르는데, 아무래도 Surface 시리즈가 同時代(동시대) 다른 器機(기기)에 比(비)해 性能(성능)이 한 級(급) 떨어지는 것 같아서, 다른 걸 찾아야 하나 싶다.

問題(문제)는 내가 Windows 쓸 일이 그리 많지 않다는 건데… 🤔

Surface Pro 9 팔고 제대로 된 Windows 랩톱을 하나 장만해야겠다. 느려서 못 쓰겠음.

I had so much fun playing Ghost of Tsushima, so I want to play Ghost of Yōtei too, but for some reason, I can't be bothered to turn on my PlayStation 5. I'm sure I'll get hooked as soon as I start, though… 🤔

函數型(함수형) 프로그래밍 컨퍼런스인 liftIO 2025에 參加(참가) 申請(신청)했다. Optique로 發表(발표)하려고 演士(연사)도 申請(신청)했는데 될지 모르겠네…

@thx ActivityPub 具顯(구현)은 於此彼(어차피) 해야 하니까, Fedify를 쓰면 좋지 않을까요…? 플러그인 構造(구조)는 直接(직접) 만드셔야겠지만요. 😅

@thx Fedify 써서 하나 만들어주세요!

Google Slides는 甚至於(심지어) <ruby>도 提供(제공) 안 한다. 으으으…

Noto Sans는 提供(제공)하는데 어째서…!

Google Slides는 CJK 文字用(문자용) Noto Serif 書體(서체)를 提供(제공) 안 하는구나… 🤦

It seems like more Linux users prefer KDE over GNOME, but I'm way more of a GNOME fan myself. I wonder if it has something to do with using a Mac for so long when I was a kid.

The capitalism society tried so hard to tell you all your problems are personal. Is it?

You have no job? Not personal.
You can't afford your rent? Not personal.
You are homeless? Not personal.
You or your loved one is sick and can't afford the cure? Not personal.

Quick update on our release schedule! While we initially planned for Fedify 2.0 to follow version 1.9, we've decided to release Fedify 1.10 next instead. A few features originally slated for 1.9 need more time to mature, and we want to ensure Fedify 2.0 gets the careful attention it deserves for its breaking changes. This means you'll get incremental improvements sooner with 1.10—including our new RFC 6570 URI Template implementation for better expansion and pattern matching—while we continue preparing the more substantial architectural changes for 2.0 in parallel. Rest assured, this doesn't change our long-term roadmap; it just gives us more flexibility to deliver features when they're ready rather than holding them back for a major release.

I think NewJeans' Cool With You is a legit R&B track.

Developers building ActivityPub applications picking what AS2 object type to use when doing ActivityPub federation:

Fedify 1.9.0: Security enhancements, improved DX, and expanded framework support

We are excited to announce Fedify 1.9.0, a mega release that brings major security enhancements, improved developer experience, and expanded framework support. Released on October 14, 2025, this version represents months of collaborative effort, particularly from the participants of Korea's OSSCA (Open Source Contribution Academy).

This release would not have been possible without the dedicated contributions from OSSCA participants: Jiwon Kwon (@z9mb1), Hyeonseo Kim (@gaebalgom), Chanhaeng Lee (@2chanhaeng), Hyunchae Kim (@r4bb1t), and An Subin (@nyeong). Their collective efforts have significantly enhanced Fedify's capabilities and made it more robust for the fediverse community.

Origin-based security model

Fedify 1.9.0 implements FEP-fe34, an origin-based security model that protects against content spoofing attacks and ensures secure federation practices. This critical security enhancement enforces same-origin policy for ActivityPub objects and their properties, preventing malicious actors from impersonating content from other servers.

The security model introduces a crossOrigin option in Activity Vocabulary property accessors (get*() methods) with three security levels:

// Default behavior: logs warning and returns null for cross-origin content
const actor = await activity.getActor({ crossOrigin: "ignore" });

// Strict mode: throws error for cross-origin content
const object = await activity.getObject({ crossOrigin: "throw" });

// Trust mode: bypasses security checks (use with caution)
const attachment = await note.getAttachment({ crossOrigin: "trust" });

Embedded objects are automatically validated against their parent object's origin. When an embedded object has a different origin, Fedify performs automatic remote fetches to ensure content integrity. This transparent security layer protects your application without requiring significant code changes.

For more details about the security model and its implications, see the origin-based security model documentation.

Enhanced activity idempotency

Activity idempotency handling has been significantly improved with the new withIdempotency() method. This addresses a critical issue where activities with the same ID sent to different inboxes were incorrectly deduplicated globally instead of per-inbox.

federation
  .setInboxListeners("/inbox/{identifier}", "/inbox")
  .withIdempotency("per-inbox")  // New idempotency strategy
  .on(Follow, async (ctx, follow) => {
    // Each inbox processes activities independently
  });

The available strategies are:

• "per-origin": Current default for backward compatibility
• "per-inbox": Recommended strategy (will become default in Fedify 2.0)
• Custom strategy function for advanced use cases

This enhancement ensures that shared inbox implementations work correctly while preventing duplicate processing within individual inboxes. For more information, see the activity idempotency documentation.

Relative URL resolution

Fedify now intelligently handles ActivityPub objects containing relative URLs, automatically resolving them by inferring the base URL from the object's @id or document URL. This improvement significantly enhances interoperability with ActivityPub servers that use relative URLs in properties like icon.url and image.url.

// Previously required manual baseUrl specification
const actor = await Actor.fromJsonLd(jsonLd, { baseUrl: new URL("https://example.com") });

// Now automatically infers base URL from object's @id
const actor = await Actor.fromJsonLd(jsonLd);

This change, contributed by Jiwon Kwon (@z9mb1), eliminates a common source of federation failures when encountering relative URLs from other servers.

Full RFC 6570 URI template support

TypeScript support now covers all RFC 6570 URI Template expression types in dispatcher path parameters. While the runtime already supported these expressions, TypeScript types previously only recognized simple string expansion.

// Now fully supported in TypeScript
federation.setActorDispatcher("/{+identifier}", async (ctx, identifier) => {
  // Reserved string expansion — recommended for URI identifiers
});

The complete set of supported expression types includes:

• {identifier}: Simple string expansion
• {+identifier}: Reserved string expansion (recommended for URIs)
• {#identifier}: Fragment expansion
• {.identifier}: Label expansion
• {/identifier}: Path segments
• {;identifier}: Path-style parameters
• {?identifier}: Query component
• {&identifier}: Query continuation

This was contributed by Jiwon Kwon (@z9mb1). For comprehensive information about URI templates, see the URI template documentation.

WebFinger customization

Fedify now supports customizing WebFinger responses through the new setWebFingerLinksDispatcher() method, addressing a long-standing community request:

federation.setWebFingerLinksDispatcher(async (ctx, actor) => {
  return [
    {
      rel: "http://webfinger.net/rel/profile-page",
      type: "text/html",
      href: actor.url?.href,
    },
    {
      rel: "http://ostatus.org/schema/1.0/subscribe",
      template: "https://example.com/follow?uri={uri}",
    },
  ];
});

This feature was contributed by Hyeonseo Kim (@gaebalgom), and enables applications to add custom links to WebFinger responses, improving compatibility with various fediverse implementations. Learn more in the WebFinger customization documentation.

New integration packages

Fastify support

Fedify now officially supports Fastify through the new @fedify/fastify package:

import Fastify from "fastify";
import { fedifyPlugin } from "@fedify/fastify";

const fastify = Fastify({ logger: true });
await fastify.register(fedifyPlugin, {
  federation,
  contextDataFactory: () => ({ /* your context data */ }),
});

This integration was contributed by An Subin (@nyeong). It supports both ESM and CommonJS, making it accessible to all Node.js projects. See the Fastify integration guide for details.

Koa support

Koa applications can now integrate Fedify through the @fedify/koa package:

import Koa from "koa";
import { createMiddleware } from "@fedify/koa";

const app = new Koa();
app.use(createMiddleware(federation, (ctx) => ({
  user: ctx.state.user,
  // Pass Koa context data to Fedify
})));

The integration supports both Koa v2.x and v3.x. Learn more in the Koa integration documentation.

Next.js integration

The new @fedify/next package brings first-class Next.js support to Fedify:

// app/api/ap/[...path]/route.ts
import { federation } from "@/federation";
import { fedifyHandler } from "@fedify/next";

export const { GET, POST } = fedifyHandler(federation);

This integration was contributed by Chanhaeng Lee (@2chanhaeng). It works seamlessly with Next.js App Router. Check out the Next.js integration guide for complete setup instructions.

CommonJS support

All npm packages now support both ESM and CommonJS module formats, resolving compatibility issues with various Node.js applications and eliminating the need for the experimental --experimental-require-module flag. This particularly benefits NestJS users and other CommonJS-based applications.

FEP-5711 collection inverse properties

Fedify now implements FEP-5711, adding inverse properties to collections that provide essential context about collection ownership:

const collection = new Collection({
  likesOf: note,  // This collection contains likes of this note
  followersOf: actor,  // This collection contains followers of this actor
  // … and more inverse properties
});

This feature was contributed by Jiwon Kwon (@z9mb1). The complete set of inverse properties includes likesOf, sharesOf, repliesOf, inboxOf, outboxOf, followersOf, followingOf, and likedOf. These properties improve data consistency and enable better interoperability across the fediverse.

CLI enhancements

NodeInfo visualization

The new fedify nodeinfo command provides a visual way to explore NodeInfo data from fediverse instances. This replaces the deprecated fedify node command and offers improved parsing of non-semantic version strings. Try it with:

fedify nodeinfo https://comam.es/snac/

This was contributed by Hyeonseo Kim (@gaebalgom). The command now correctly handles various version formats and provides a cleaner visualization of instance capabilities. See the CLI documentation for more options.

Enhanced lookup with timeout

The fedify lookup command now supports a timeout option to prevent hanging on slow or unresponsive servers:

fedify lookup --timeout 10 https://example.com/users/alice

This enhancement, contributed by Hyunchae Kim (@r4bb1t), ensures reliable operation even when dealing with problematic remote servers.

Package modularization

Several modules have been separated into dedicated packages to improve modularity and reduce bundle sizes. While the old import paths remain for backward compatibility, we recommend migrating to the new packages:

• @fedify/cfworkers replaces @fedify/fedify/x/cfworkers
• @fedify/denokv replaces @fedify/fedify/x/denokv
• @fedify/hono replaces @fedify/fedify/x/hono
• @fedify/sveltekit replaces @fedify/fedify/x/sveltekit

This modularization was contributed by Chanhaeng Lee (@2chanhaeng). The old import paths are deprecated and will be removed in version 2.0.0.

Acknowledgments

This release represents an extraordinary collaborative effort, particularly from the OSSCA participants who contributed numerous features and improvements. Their dedication and hard work have made Fedify 1.9.0 the most significant release to date.

Special thanks to all contributors who helped shape this release, including those who provided feedback, reported issues, and tested pre-release versions. The fediverse community's support continues to drive Fedify's evolution.

For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository.

@lil5 Yeah, I've tried it from my local machine too, and it still sometimes happens.

My package's release CI job has been stuck for an hour because of JSR. 😩

Every time I try to publish a package to #JSR (JavaScript Registry), it frequently gets stuck in the “processing” state, so I'm seriously considering whether I should stop publishing my TypeScript packages there altogether. 🤔

올 해 가장 잘 購買(구매)한 것: MacBook Air (M4, 32 GB RAM). 元來(원래) 昨年(작년)까지만 해도 랩톱을 쓸 일이 잘 없었는데, 마침 올해 랩톱을 바꾸고 나니까 나가서 作業(작업)할 일이 많아졌다. 데스크톱보다 더 많이 쓰게 된 듯. 꽤 가벼운데 배터리까지 오래 가서 좋다. 性能(성능)도 快適(쾌적)하고.

finally 🥳

#loops #activityPub

This is my largest commit of all time I think 😅

https://github.com/joinloops/loops-server/commit/5b0e77806c53c0cd1c68c9f09e06f16ad0debc3e

@ianthetechie Haha, 光酒, that's quite funny!

리트코드 문제들 풀고 좀 쉬다가 갑자기 일본어에서 어떤 동사일 때 목적어에 を가 아니라 が를 붙이는지 꽂혀서 일본 언어학계에서 고전으로 취급받는 문법서^[1] 좀 보다가, 다시 리트코드 풀려고 하니깐 배고파서 머리가 안 돌아가네...라고 생각한 순간 점심 타임인 걸 깨달았다. 뭐 먹지?

@ianthetechie Yeah, I always find the season and the weather influence what kind of music I listen to!

@ianthetechie Haha, I'm glad you find my posts in Korean mixed script interesting. Hanja isn't essential for learning modern Korean, but it's still a lot of fun, eh!

I'm giving the keynote at the FOSS for All Conference 2025, but the organizers told me I have to provide my slides in English too, which means I'm now stuck having to explain what the heck Korean mixed script (國漢文混用體) is in English. 😇

@thx 맞습니다. 😌

I have a habit of listening to Chick Corea & Return to Forever's Light as a Feather (1973) whenever the weather starts to get chilly. The night air felt cool all of a sudden, so I put it on for the first time in a while. It's a masterpiece that's great no matter when you listen to it.

同じ時期に韓国でリリースした曲と比べると、やっぱり日本でリリースした曲のほうがいい。たぶん当時の両国の音楽産業の成熟度の差が反映されていたんだろうけど。