洪 民憙 (Hong Minhee)

Brocards for vulnerability triage

https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage

#security #oss

I hold many controversial opinions. For example, I think that a process segfaulting inside of a VM should not be able to take down the host.

Unfortunately, I use macOS. Where it can. And does. To my chagrin.

Rust is Just a Tool https://lobste.rs/s/4kticv #rust
https://lewiscampbell.tech/blog/260204.html

Mastodon.py version 2.2.0 is now out! 🦣🐍

There's a quite a few bug fixes (thank you to everyone who reported and/or fixed something), and support for 4.5 functionality: Quotes as well as async refreshing! Also quite a bit of additional testing, coverage is now above 90%.

As usual, please report any bugs you see, I should have the time to do quick fixes and maintenance release in the near future hopefully.

* Changelog: https://github.com/halcy/Mastodon.py/releases/tag/v2.2.0
* Docs: https://mastodonpy.readthedocs.io/en/v2.2.0/
* PyPi: https://pypi.org/project/Mastodon.py/

#mastodev #mastodon #python #mastodonpy

#Plushtodon

Why I'm Building a Database Engine in C# via @hongminhee https://lobste.rs/s/uahlqe #databases #dotnet
https://nockawa.github.io/blog/why-building-database-engine-in-csharp/

If crates.io is public infrastructure and it's chronically underfunded, then “audit your own dependencies” is the wrong takeaway. It shifts the cost from the companies that benefit most onto individual teams. A better response is collective funding for crates.io's security work, not making every team repeat the same audit work on its own.

https://purplesyringa.moe/blog/no-one-owes-you-supply-chain-security/

No one owes you supply-chain security https://lobste.rs/s/cxwidw #security
https://purplesyringa.moe/blog/no-one-owes-you-supply-chain-security/

Fedify ActivityPub server framework

A #TypeScript library for building federated server apps powered by #ActivityPub and other standards, so-called #fediverse

https://fedify.dev

This is my take on AI's climate impact. https://dev.to/dcc/the-honest-climate-case-for-ai-5hg5

New from me: Fediverse Report #158 - What is Mastodon for?

On the recent discourse about the Mastodon becoming an echo chamber and the community's anti-ai sentiment, and how the fundamental tension in that @Mastodon allows for people to create communities and 'place' on the instance level, but people experience community and culture on the federation level

https://connectedplaces.online/reports/fr158-what-is-mastodon-for/

Hackers Pub Android v1.2.0 Released!

https://github.com/hackers-pub/android/releases/tag/v1.2.0

@dansup Congratulations!

FediCon 2026 will be part of FOSSY.

We are still trying to figure out the exact days for FediCon @ FOSSY. But, it will be 2 of the days between August 6th and 9th.

We are also planning to do a joint session between FediCon @ FOSSY in Vancouver with the Fediverse & Social Web track at COSCUP in Taiwan.

#FediCon #FediCon2026 #FOSSY #FOSSY2026 #COSCUP #COSCUP2026

@angelthorns Yeah, that's one of my goals!

@yyj1983 我来自汉阳。啊，现在都叫首尔吧？我是88年出生的。

@yyj1983 是的，我是韩国人。我年纪有点大，小时候学过汉字，所以也能稍微读写一点中文。不过口语不行。因为韩语没有声调，所以普通话的声调很难。

@bootlegrydia Okay, now it's fixed!

@yyj1983 是的，在韩国，这被称为国汉文混用体。一直使用到80年代，但现在韩文专用已经成为占主导的方式。

@bootlegrydia Thanks for letting me know! It seems broken on Chromium-based browsers. I've only tested with Firefox, haha. I'll fix it soon!

Finally have a working prototype of Bibim to show off.

The demo in the video: typing “daxueshengeun hakubutsukane ganda” in Latin letters produces “大學生은 博物館에 간다”, Korean for “The university student goes to the museum.”

The input is a mix of three languages. daxuesheng is the Mandarin reading of 大學生 (university student); hakubutsukan is the Japanese reading of 博物館 (museum); -eun, -e, and ganda are Korean. The input method finds 大學生 through the Chinese phonetic path and 博物館 through the Japanese one, then stitches them together with Korean particles into mixed-script Korean output.

Bibim treats Chinese characters as a shared logographic layer across CJK languages, so you can reach any word from whichever pronunciation you happen to remember.

Try it yourself: https://hongminhee.codeberg.page/bibim-prototype/.

@kodingwarrior 或是(혹시) to 말고 cc에 넣었다면, 그냥 to에 넣어보시는 것도…

Significant performance improvements are expected in today's latest Fedify patch releases (v1.9.9, v1.10.8, v2.0.12, and v2.1.5).

@kodingwarrior 或是(혹시) to에 멘션 받을 사람 액터 ID 넣으셨나요? 그거 없어서 그럴 수도 있어요.

아아악!! 연합우주 구현체 하나하나 믿을 수가 없어!!

@kodingwarrior 딱히 멘션 쪽에서 footgun은 없었던 것 같은데요…!?

I'm a socialist and I genuinely love Coca-Cola. I haven't made peace with that. I feel guilty every time I drink it, and then I drink it anyway.

@drwho Sure!

나름 여유 생긴 김에 하던거 계속 하는 중. 오늘은 불규칙을 좀 처리해봤는데 예쁜 접근인지는 아리까리 해서 좀 더 생각해봐야 할 듯

Fedify 같은 fediverse 소프트웨어 개발 키트가 이미 나와있고, 코딩 에이전트 덕분에 구현 속도는 어지간하면 가속화가 가능하기 때문에, Fediverse 소프트웨어를 만드는 진입장벽의 bar는 점점 낮아지고 있는 것 같은데, 사용성이라던가 제품으로서 시장에 정착할 수 있냐의 문제는 풀기 어려운 숙제인 것 같다.

Mastodon은 그래도 시장에 잘 정착한 것 같은데, "비슷한 것을 만들 수 있다"라고 해도 이게 롱런하느냐는 별개..

1. 시장에서 어떻게 정체성을 가지고 정착할 것인가
2. 사람들이 쓰기 편한 물건인가
3. 그러면서, self-host가 가능한 인프라 요구조건인가

이런 쪽으로 밸런스가 잘 맞는걸 만드는 것 자체가 굉장히 챌린징한 과제인 듯