洪 民憙 (Hong Minhee)

@mkljczk Oh, thank you for buying a copy!

By the way, is it available in Europe as well? Or, have you just bought it abroad from Amazon Japan?

guess it’s time to learn some fedi dev with fedify

@hongminhee

Hackers' Pub now allows you to follow hashtags, and it's deeply integrated with tags.pub!

Hackers' Pub 새 프런트엔드(web-next)에서 해시태그를 팔로할 수 있게 되었습니다. 해시태그를 팔로하면 팔로하지 않은 계정에서 쓴 콘텐츠여도 해당 해시태그가 붙어 있을 경우 피드에 뜨게 됩니다. 또한, 기술적으로는 tags.pub과 연동되어 있어서, 연합우주(fediverse) 전체적으로 해당 해시태그를 추적할 수 있게 되어 있습니다. 참고로 자신이 어떤 해시태그를 팔로하는지는 다른 사람에게 공개되지 않습니다.

해시태그를 팔로하려면 검색창에 #해시태그_이름으로 검색하신 뒤, 검색 결과에서 팔로 버튼을 누르시면 됩니다. 또한, “사이드바에 추가” 버튼까지 누르시면, 좌측 사이드바에서 타임라인 섹션 맨 아래쪽에 해당 해시태그가 추가되어 언제나 쉽게 접근 가능해집니다.

@kodingwarrior 이거 이름 알아냈어요. 그냥 野菜(야사이)炒め(이타메)(野菜(야채) 볶음)입니다.

I write YAML list items flush with the parent key rather than indented further:

# my preference
items:
- foo
- bar
- baz

# what formatters produce
items:
  - foo
  - bar
  - baz

Every formatter insists on the two-space version instead, so across all my projects, **/*.yaml and **/*.yml end up in deno fmt's exclude list.

The other fixation is .yaml over .yml. The official YAML FAQ has explicitly recommended the longer form for years, but the three-character habit spread through GitHub Actions templates and most people never thought to check.

@hellel 저도 요즘 진밀면에 빠져 있는데, 저도 매운 걸 못 먹는 편이라 매운 소스는 조금만 넣어요 ㅋㅋㅋ

What keeps me on GitHub isn't only the social graph. Trusted publishing is the bigger obstacle.

npm, JSR, and crates.io all support GitHub Actions, or GitLab in some cases. Codeberg isn't an option yet.

crates.io says adding Codeberg/Forgejo support should be straightforward, and Forgejo is already tracking the work. Hoping npm and JSR follow. I want to move my projects to Codeberg without giving up trusted publishing.

@bgl 마음이 많이 아프시겠어요… 사람과 달리 사람과 같이 사는 강아지의 세계는 정말 그 가족으로 한정되는 경우가 많죠. 그래서 더더욱 강아지를 잊지 못하게 만드는 것 같습니다. 또미는 좋은 곳에 먼저 가서 먼 훗날 가족과 다시 만나길 기다리고 있을 거예요. 마음 추스르시길…

밤사이 강아지 또미가 세상을 떠났다. 다행히 아프지 않게 잠든 사이 편안하게 갔다. 왠지 아무 상관 없는 사람들도 얼마 전까지 이렇게 생긴 11살 요크셔테리어 한마리가 세상에 있었단걸 알았으면 좋겠단 생각이 들었다. 금방 까먹더라도.

나는 Apple이 폴더블 iPhone을 만든다는 게 아예 想像(상상)이 안 되는데, 다들 Apple이 폴더블 iPhone을 내놓을 거라고 굳게 믿는 게 놀랍게 느껴진다…

TIL Matrix supports polls

@songbirds 구매해 주셔서 감사합니다…! 🙏🏼

@yeokbo 역시 기능적인 부분보다는 네트워크 효과가 가장 문제군요… 😭 답변 감사합니다!

If you believe in the #Fediverse :

- post here
- bring your friends and family here
- tell companies, governments and creators to be here
- pay for your instance
- pay for your software

Do one thing every day. The Fediverse is worth fighting for.

@yeokbo Mastodon과 Bluesky 사이에서 고민하게 되는 요인들로 어떤 것들이 있으신가요? 페디버스 개발자로서 의견이 궁금합니다!

@burly Yeah, fair read. “Winning path” was a bad phrase. I meant path of least resistance: if the easiest thing is always to write Node.js-compatible code, there's not much reason for a Deno-native package culture to form. Nobody loses; it just never gets built.

@tychi Both Deno and Node.js run on V8, and V8 is C++, so Rust doesn't really distinguish them at the engine level. If you want a Rust-native JavaScript stack, Andromeda is probably closer: it runs on Nova, a JavaScript engine written in Rust rather than V8. Still experimental, but that's the tradeoff when you step off the compatibility treadmill.

Deno 2.8.0 is out. The compatibility work is real: the #Node.js test suite pass rate jumped from 42% to 76.4%, deno install is now a drop-in for npm install, lib.node is included by default, and setTimeout() now returns a NodeJS.Timeout instead of a number. None of that is irrational on its own. Put it together, though, and #Deno starts looking less like an alternative to Node.js and more like a cleaner way to run Node.js-shaped code.

It reminds me of OS/2's Win32 compatibility layer. IBM offered it so developers wouldn't have to choose, but the effect was the opposite: people kept writing Windows apps, and OS/2-native software never got a reason to exist. The closer Deno gets to Node.js, the less reason anyone has to think about whether their code is Deno-aware. Maybe that helps adoption. I just don't see how a Deno-native package culture survives if the winning path is “pretend it's npm.”

I did it. #Smithereen 1.0 is officially out now. Only took me 6.5 years from an idea to something I can proudly call a stable release.

BotKit security updates: 0.3.3 and 0.4.2

If you use BotKit, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and BotKit inherits the exposure through its dependency on Fedify.

The vulnerability allows an attacker to use JSON-LD graph-restructuring features—specifically @graph, @included, and @reverse—to reshape a signed ActivityPub activity without invalidating its Linked Data Signature. This can cause BotKit (via Fedify) to interpret a different ActivityPub object shape than was originally signed. The fix normalizes Linked Data Signature-verified activities against Fedify's local JSON-LD context before interpreting them, and rejects the JSON-LD constructs that enable the attack.

All versions of BotKit up to 0.3.2 (in the 0.3.x branch) and 0.4.1 (in the 0.4.x branch) are affected. Patched releases are 0.3.3 and 0.4.2.

For BotKit 0.4.x, update @fedify/botkit:

npm  update  @fedify/botkit
yarn upgrade @fedify/botkit
pnpm update  @fedify/botkit
bun  update  @fedify/botkit
deno update  @fedify/botkit

For BotKit 0.3.x, update @fedify/botkit:

npm  update  @fedify/botkit@0.3.3
yarn upgrade @fedify/botkit@0.3.3
pnpm update  @fedify/botkit@0.3.3
bun  update  @fedify/botkit@0.3.3
deno update  @fedify/botkit@0.3.3

If you use other BotKit-related packages (e.g., @fedify/botkit-postgres), update them as well. After updating, redeploy.

The CVE ID is CVE-2026-42462. See also fedify-dev/fedify#773 for Fedify's own announcement.

Thanks to @Claire for the report and responsible disclosure.

If anything is unclear, feel free to ask on GitHub Discussions or Matrix.

夕飯で焼肉食べた

羽田空港に到着！

Anyone else in the fediverse who does fieldwork in #linguistics ? #languages #language #indigenouslanguages #minoritylanguages (if you have suggestions for hashtags that will help me find other field linguists, please add them in a comment to this toot)

Working on adding support in Ghost for custom web domain for your handle so that (eg) I can be `@john@onolan.org` rather than `@john@john.onolan.org`

Lots of people run Ghost instances on subdomains, so think this will be helpful!

This is now live! If you have an old social web profile with followers that you want to move over to Ghost, that now works.

Find it under Network → Preferences → Account Migration

Set up an account alias pointing to your old handle, then initiate an account move on your old profile.

今は金浦から羽田に行く飛行機の中…

Hollo security updates: 0.7.17, 0.8.6, and 0.9.1

If you run Hollo, update to a patched release now. CVE-2026-42462 affects Fedify's Linked Data Signature handling, and Hollo depends on Fedify for ActivityPub federation.

Fedify verifies incoming ActivityPub activities with several mechanisms, including HTTP Signatures, Object Integrity Proofs, and Linked Data Signatures. The vulnerable path is Linked Data Signatures: the signature is checked over the canonical RDF graph, but JSON-LD can represent the same graph in more than one JSON shape. In affected versions, that gap could let a signed activity be reshaped so that Fedify reads a different ActivityPub object shape than intended—without invalidating the signature.

The fix makes Fedify normalize Linked Data Signature-verified activities against its local JSON-LD context before interpreting them, and rejects JSON-LD constructs that can preserve the signed RDF graph while changing the ActivityPub object shape. For full technical details of the underlying vulnerability, see the Fedify security announcement.

All Hollo versions up to and including 0.7.16, 0.8.5, and 0.9.0 are affected. Patched releases are 0.7.17 for the 0.7.x series, 0.8.6 for the 0.8.x series, and 0.9.1 for the 0.9.x series.

For 0.7.x deployments, update to 0.7.17:

docker pull ghcr.io/fedify-dev/hollo:0.7.17

For 0.8.x deployments, update to 0.8.6:

docker pull ghcr.io/fedify-dev/hollo:0.8.6

For 0.9.x deployments, update to 0.9.1:

docker pull ghcr.io/fedify-dev/hollo:0.9.1

After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.

Thanks to @Claire for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.