공개 서버를 운영하다가 닫게 된 것에는 당연히 충분한 고민이 있기는 하니 닫게 된 곡절에 대해서 따지기도 힘들고 이미 정착해 있는 사람들 입장에서는 평소에는 안 들어올때만 트위터 터졌을 때만 찾는 게 꽤나 얄밉기도 하고 운영 종료 통지를 회원 한 사람 한 사람 집에 찾아가서 통보를 할 수도 없고 … 이렇게 할 거면 조금 더 책임감 있게 공개 인스턴스를 개설해야 하는 더 아닌가 싶으면서도 그런 책임감이나 자금이 크나큰 진입 장벽으로 작동하게 되면 가벼운 이야기는 할 수 없는 공간이 될테고 …. 그런 복잡한 문제가 있단 말이죠….

페디버스에서 그럭저럭 큰 인스턴스가 문을 닫는 건 정말… 안타까운 일이긴 한데 물론 당연히 운영측의 고민이 없지는 않았겠지만 오랫동안 자리를 비운 사람들이 생각나서 돌아올 곳이 없어지면 굉장히 … 돌이킬 수 없는 미움을 사게 되겠다는 생각은 늘 하게 되는 것 같아요.

This is actually taking so long.

@maikel Glad the tumour is sleeping while you're not. Hope you get many more quiet mornings like this.

It's Christmas, but I don't really have anything to do, so I'm just coding. (I'm not Christian.)

Upyo 0.4.0をリリースしました。UpyoはNode.js、Deno、Bunなど複数のランタイムで動作するメール送信ライブラリです。

今回の主な変更点：

• JMAPトランスポートの追加
• SMTPでのDKIM署名対応
• メッセージレベルの冪等性キー

https://zenn.dev/hongminhee/articles/c1a304e92c6efa

Upyo 0.4.0 released. Upyo is an email sending library for Node.js, Deno, Bun, and edge functions. New in this version:

• JMAP transport for modern email servers
• DKIM signing support in SMTP transport
• Message-level idempotency keys for reliable retries

https://github.com/dahlia/upyo/discussions/21

크리스마스는 새 프로그래밍 언어를 공개하기에 좋은 날이죠. 아직 미완성이지만 요즘 작업하고 있던 프로젝트를 소개합니다. https://github.com/Kroisse/tribute

순수 함수형이고, 모나드는 없고, 소유권도 없고, 타입클래스나 트레잇도 없습니다. 물론 객체 시스템도 없고요. 대신 제네릭과 대수적 효과를 넣을 예정입니다. ad-hoc polymorphism을 배제하고 어디까지 갈 수 있는지 시험해보려는 게 목적 중 하나인데 생각보다 할만할 것 같아요.

그리고 매우 vibe-coded되어 있습니다. Claude Code와 Codex가 없었으면 엄두도 못 냈을 듯.

문법적으로는 Rust와 Gleam에, 의미론적으로는 Gleam과 Unison에 영감을 많이 받았습니다. 사실 Gleam과 Unison 둘 다 네이티브 바이너리로 컴파일을 아직 못 하고 있어서 시작한 프로젝트이기도 합니다. 하지만 정작 Tribute도 첫 타겟은 네이티브가 아니라 WebAssembly 3.0입니다. GC 구현을 만들기 귀찮았거든요.

Fixed a bug where patch packages were implicitly overwritten by npm packages when running the deno install command! 😊

https://github.com/denoland/deno/pull/31711

I don't know if people are aware of this Firefox addon that brings discoverability for personal websites that have identity confirmation links to Mastodon profiles: StreetPass for Mastodon.

It's pretty good, it allowed me to find quite a number of people based on incidentally reading their blogs.

https://addons.mozilla.org/en-US/firefox/addon/streetpass-for-mastodon/

Complete! It will be included in the next release of Upyo.

https://github.com/dahlia/upyo/pull/20

Fedify 1.10.0: Observability foundations for the future debug dashboard

Fedify is a #TypeScript framework for building #ActivityPub servers that participate in the #fediverse. It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities.

We're excited to announce #Fedify 1.10.0, a focused release that lays critical groundwork for future debugging and observability features. Released on December 24, 2025, this version introduces infrastructure improvements that will enable the upcoming debug dashboard while maintaining full backward compatibility with existing Fedify applications.

This release represents a transitional step toward Fedify 2.0.0, introducing optional capabilities that will become standard in the next major version. The changes focus on enabling richer observability through OpenTelemetry enhancements and adding prefix scanning capabilities to the key–value store interface.

Enhanced OpenTelemetry instrumentation

Fedify 1.10.0 significantly expands OpenTelemetry instrumentation with span events that capture detailed ActivityPub data. These enhancements enable richer observability and debugging capabilities without relying solely on span attributes, which are limited to primitive values.

The new span events provide complete activity payloads and verification status, making it possible to build comprehensive debugging tools that show the full context of federation operations:

• activitypub.activity.received event on activitypub.inbox span — records the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information
• activitypub.activity.sent event on activitypub.send_activity span — records the full activity JSON and target inbox URL
• activitypub.object.fetched event on activitypub.lookup_object span — records the fetched object's type and complete JSON-LD representation

Additionally, Fedify now instruments previously uncovered operations:

• activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs
• activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used

These instrumentation improvements emerged from work on issue #234 (Real-time ActivityPub debug dashboard). Rather than introducing a custom observer interface as originally proposed in #323, we leveraged Fedify's existing OpenTelemetry infrastructure to capture rich federation data through span events. This approach provides a standards-based foundation that's composable with existing observability tools like Jaeger, Zipkin, and Grafana Tempo.

Distributed trace storage with FedifySpanExporter

Building on the enhanced instrumentation, Fedify 1.10.0 introduces FedifySpanExporter, a new OpenTelemetry SpanExporter that persists ActivityPub activity traces to a KvStore. This enables distributed tracing support across multiple nodes in a Fedify deployment, which is essential for building debug dashboards that can show complete request flows across web servers and background workers.

The new @fedify/fedify/otel module provides the following types and interfaces:

import { MemoryKvStore } from "@fedify/fedify";
import { FedifySpanExporter } from "@fedify/fedify/otel";
import {
  BasicTracerProvider,
  SimpleSpanProcessor,
} from "@opentelemetry/sdk-trace-base";

const kv = new MemoryKvStore();
const exporter = new FedifySpanExporter(kv, {
  ttl: Temporal.Duration.from({ hours: 1 }),
});

const provider = new BasicTracerProvider();
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));

The stored traces can be queried for display in debugging interfaces:

// Get all activities for a specific trace
const activities = await exporter.getActivitiesByTraceId(traceId);

// Get recent traces with summary information
const recentTraces = await exporter.getRecentTraces({ limit: 100 });

The exporter supports two storage strategies depending on the KvStore capabilities. When the list() method is available (preferred), it stores individual records with keys like [prefix, traceId, spanId]. When only cas() is available, it uses compare-and-swap operations to append records to arrays stored per trace.

This infrastructure provides the foundation for implementing a comprehensive debug dashboard as a custom SpanExporter, as outlined in the updated implementation plan for issue #234.

Optional list() method for KvStore interface

Fedify 1.10.0 adds an optional list() method to the KvStore interface for enumerating entries by key prefix. This method enables efficient prefix scanning, which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries.

interface KvStore {
  // ... existing methods
  list?(prefix?: KvKey): AsyncIterable<KvStoreListEntry>;
}

When the prefix parameter is omitted or empty, list() returns all entries in the store. This is useful for debugging and administrative purposes. All official KvStore implementations have been updated to support this method:

• MemoryKvStore — filters in-memory keys by prefix
• SqliteKvStore — uses LIKE query with JSON key pattern
• PostgresKvStore — uses array slice comparison
• RedisKvStore — uses SCAN with pattern matching and key deserialization
• DenoKvStore — delegates to Deno KV's built-in list() API
• WorkersKvStore — uses Cloudflare Workers KV list() with JSON key prefix pattern

While list() is currently optional to give existing custom KvStore implementations time to add support, it will become a required method in Fedify 2.0.0 (tracked in issue #499). This migration path allows implementers to gradually adopt the new capability throughout the 1.x release cycle.

The addition of list() support was implemented in pull request #500, which also included the setup of proper testing infrastructure for WorkersKvStore using Vitest with @cloudflare/vitest-pool-workers.

NestJS 11 and Express 5 support

Thanks to a contribution from Cho Hasang (@crohasang), the @fedify/nestjs package now supports NestJS 11 environments that use Express 5. The peer dependency range for Express has been widened to ^4.0.0 || ^5.0.0, eliminating peer dependency conflicts in modern NestJS projects while maintaining backward compatibility with Express 4.

This change, implemented in pull request #493, keeps the workspace catalog pinned to Express 4 for internal development and test stability while allowing Express 5 in consuming applications.

What's next

Fedify 1.10.0 serves as a stepping stone toward the upcoming 2.0.0 release. The optional list() method introduced in this version will become required in 2.0.0, simplifying the interface contract and allowing Fedify internals to rely on prefix scanning being universally available.

The enhanced #OpenTelemetry instrumentation and FedifySpanExporter provide the foundation for implementing the debug dashboard proposed in issue #234. The next steps include building the web dashboard UI with real-time activity lists, filtering, and JSON inspection capabilities—all as a separate package that leverages the standards-based observability infrastructure introduced in this release.

Depending on the development timeline and feature priorities, there may be additional 1.x releases before the 2.0.0 migration. For developers building custom KvStore implementations, now is the time to add list() support to prepare for the eventual 2.0.0 upgrade. The implementation patterns used in the official backends provide clear guidance for various storage strategies.

Acknowledgments

Special thanks to Cho Hasang (@crohasang) for the NestJS 11 compatibility improvements, and to all community members who provided feedback and testing for the new observability features.

For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository.

#fedidev #release

Now trying to implement a JMAP transport for Upyo…

내 트리를 꾸며줘!

If there's one downside to this keyboard, it's that it's too heavy to be portable. That's because it's a full aluminum keyboard.

I ordered the Keychron Q60 Max yesterday and it arrived today. I tried typing on it and it feels amazing! I'm so happy with it that I can't stop typing on Monkeytype. 😂

@jnkrtech Good question! The main reason is composability at the combinator level.

With bifurcated APIs, combining sync and async parsers becomes awkward:

const syncParser = flag("--verbose");
const asyncParser = option("--branch").suggestAsync(getBranches);

// How do you combine these?
object({ verbose: syncParser, branch: asyncParser })  // Type mismatch
objectAsync({ verbose: toAsync(syncParser), branch: asyncParser })  // Explicit conversion needed

This pushes complexity onto users—they have to track which parsers are sync vs async and manually convert at composition boundaries.

With the unified approach (explicit mode parameter with default), the library handles mode propagation automatically:

const combined = object({ verbose: syncParser, branch: asyncParser });
// → Parser<"async", …> inferred automatically

Users only decide sync/async at the leaf parser level; combinators figure out the rest.

I agree the yargs-style “everything is both” can hurt IntelliSense. But with explicit mode parameter (Parser<M extends Mode, T, S>), the types stay predictable—you always know if a parser is "sync" or "async". The conditional type complexity lives inside the library, not in user-facing types.

On a related note, if you learn better by building things, @fedify has a step-by-step tutorial where you create a federated microblog from scratch—implementing actors, inbox/outbox, following, and posts along the way:

https://fedify.dev/tutorial/microblog

Found this helpful resource by Ben Boyter (@boyter): a collection of sequence diagrams explaining how #ActivityPub/#WebFinger works in practice—covering post creation, follows, boosts, deletions, and user migration.

If you're trying to implement ActivityPub, the spec can be frustratingly vague, and different servers do things differently. This aims to be a “clean room” reference for getting federation right.

https://github.com/boyter/activitypub

#fediverse #fedidev

According to @tchambers's My 2026 Open Social Web Predictions:

Fedify will power the federation layer for at least one mid-sized social platform (500K+ users) that adds ActivityPub support in 2026. The “build vs. buy” calculation for federation shifts decisively toward “just use Fedify.”

We're honored by this recognition and will keep working hard to make #ActivityPub adoption easier for everyone. Thank you, Tim!

#Fedify #fediverse #fedidev

韓国語の文法解説読んでると、自分がこれまでSVO言語の勉強しかしてこなかったんだな、というのを如実に感じる(母語がSOV言語とはいえ)

Here's a #TypeScript API design challenge I'm working on: adding async support to #Optique (CLI argument parser) without breaking the existing sync API.

The tricky part is combinators—when you compose parsers with object() or or(), the combined parser should automatically become async if any child parser is async, but stay sync if all children are sync. This “mode propagation” needs to work at both type level and runtime.

I've prototyped two approaches and documented findings. If you've tackled similar dual-mode API designs, I'd love to hear how you approached it.

https://github.com/dahlia/optique/issues/52

오늘은 @nebuleto 님, @2chanhaeng 님, @z9mb1 님과 함께 西嶺(서령)에 왔다.

@lrwerther Thank you. I appreciate the solidarity.

@stefan Thanks, I appreciate the support. It's one of those things you never quite get used to.

@hongminhee And like as if Chinese devs have some fundamental differences than "a programmer out of this community" 🤣

Just had someone leave feedback on my F/OSS project saying “maybe that's fine if a product is focused on your Chinese community.”

I'm Korean. Every single piece of documentation is in English. There's nothing in Chinese anywhere in the project.

This kind of microaggression is exhausting. As a non-white maintainer, you deal with these assumptions constantly—people who feel entitled to your labor while casually othering you based on your name.

It chips away at your motivation. It makes you wonder why you bother.

https://github.com/dahlia/optique/issues/59#issuecomment-3678606022

@mariusor Fair point! To clarify: FediChatBot is just a tech demo for @botkit, the ActivityPub bot framework I've been building. BotKit itself has nothing to do with LLMs—it's for creating any kind of fediverse bot (weather bots, notification bots, RSS feeds, etc.). I just happened to use an LLM for the demo since it makes for an interactive example. Not advocating for AI integration in the fediverse, just showcasing what the framework can do.

Hey @FediChatBot, what LLM are you based on?

セキュリティアップデート: Hollo 0.6.19 リリース

FedifyのHTMLパースコードにおけるセキュリティ脆弱性に対応したHollo 0.6.19をリリースしました。

この脆弱性 (CVE-2025-68475) は ReDoS (正規表現によるサービス拒否) の問題であり、攻撃者がフェデレーション操作中に特別に細工されたHTMLレスポンスを送信することで、サービス停止を引き起こす可能性があります。悪意のあるペイロードは小さい (約170バイト) ですが、Node.jsのイベントループを長時間ブロックする可能性があります。

すべてのHollo運営者の皆様には、直ちにバージョン 0.6.19 へのアップグレードを強くお勧めします。

#Hollo #セキュリティ #fediverse #ActivityPub