洪 民憙 (Hong Minhee)

Hello, I'm an open source software engineer in my late 30s living in #Seoul, #Korea, and an avid advocate of #FLOSS and the #fediverse.

I'm the creator of @fedify, an #ActivityPub server framework in #TypeScript, @hollo, an ActivityPub-enabled microblogging software for single users, and @botkit, a simple ActivityPub bot framework.

I'm also very interested in East Asian languages (so-called #CJK) and #Unicode. Feel free to talk to me in #English, #Korean (#한국어), or #Japanese (#日本語), or even in Literary Chinese (#文言文, #漢文)!

#introduction

安寧(안녕)하세요, 저는 서울에 살고 있는 30代(대) 後半(후반) 오픈 소스 소프트웨어 엔지니어이며, 自由(자유)·오픈 소스 소프트웨어와 聯合宇宙(연합우주)(fediverse)의 熱烈(열렬)한 支持者(지지자)입니다.

저는 TypeScript用(용) ActivityPub 서버 프레임워크인 @fedify 프로젝트와 싱글 유저用(용) ActivityPub 마이크로블로그인 @hollo 프로젝트와 ActivityPub 봇 프레임워크인 @botkit 프로젝트의 製作者(제작자)이기도 합니다.

저는 東(동)아시아 言語(언어)(이른바 #CJK)와 유니코드에도 關心(관심)이 많습니다. 聯合宇宙(연합우주)에서는 國漢文混用體(국한문 혼용체)를 쓰고 있어요! 제게 韓國語(한국어)나 英語(영어), 日本語(일본어)로 말을 걸어주세요. (아니면, 漢文(한문)으로도!)

#툿친소 #연친소 #별친소

こんにちは、私はソウルに住んでいる30代後半のオープンソースソフトウェアエンジニアで、自由・オープンソースソフトウェアとフェディバースの熱烈な支持者です。名前は洪 民憙（ホン・ミンヒ）です。

私はTypeScript用のActivityPubサーバーフレームワークである「@fedify」と、ActivityPubをサポートする1人用マイクロブログである 「@hollo」と、ActivityPubのボットを作成する為のシンプルなフレームワークである「@botkit」の作者でもあります。

私は東アジア言語（いわゆるCJK）とUnicodeにも興味が多いです。日本語、英語、韓国語で話しかけてください。（または、漢文でも！）

#自己紹介

One thing I find a bit disappointing is that the Sanitizer API is [Exposed=Window] only, so there's no way to use it server-side in Node.js or Deno. A simple sanitize(html: string): string method would have been enough to retire a whole category of npm packages. The irony is that sanitizing untrusted HTML is arguably more common on the server—that's where you receive user input, store it, and render it back.

For now, server-side JavaScript still has to rely on DOMPurify (dragging jsdom along with it) or something like sanitize-html, each shipping its own HTML parser that may subtly disagree with how browsers actually parse markup—which is exactly the problem this API was supposed to solve.

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

The Sanitizer API landed in Firefox 148, along with element.setHTML().

This lets you fully configure how HTML strings are cleaned as they're parsed.

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

洪民憙さんのサイトめちゃくちゃ恰好いいな

@Gargron @liaizon That might be the case for European languages. But for distant language pairs like English → Korean, LLM-based translation is necessary. This is especially true for deep discussions like in @tante's writing.

「@tante's decision to block LLM scrapers is consistent with his own logic, but it ended up reinforcing the asymmetry between readers who are fluent in English and those who are not. This is not just an irony. The asymmetry operates across the whole of technology discourse. Whose viewpoint is set as the default? What social relations produced that default?」
- @hongminhee
https://writings.hongminhee.org/2026/02/acting-materialistically-in-an-imperfect-world

https://writings.hongminhee.org/2026/01/histomat-foss-llm/index.ja.html

労働が非人間的になるのは「疎外」と呼ばれるけど、先日洪民憙さんの記事を読んだばかりだった。

Marxは『資本論』第一巻で、イギリスのラッダイト運動をこう評した。

労働者が機械そのものと機械の資本主義的利用とを区別し、したがって物質的生産手段そのものではなく、その社会的搾取形態を攻撃することを学ぶまでには、時間と経験が必要だった。

機織り機を打ち壊した労働者たちの怒りは正当だった。方向が間違っていただけだ。問題は機械ではなく、機械をめぐる資本主義的社会関係だった——機械が労働時間を短縮するどころか延長し、労働者を解放するどころか機械の付属物にしてしまうのは、機械の本性ではなく、機械を配置する方式の問題だった。Marxは彼らを嘲笑したのではなく、闘争が成熟していく過程を叙述したのだ。

https://writings.hongminhee.org/2026/02/acting-materialistically-in-an-imperfect-world/

F/OSSの唯物史観——LLMを拒絶するのではなく、取り戻すべきだ — 洪民憙雑記
https://writings.hongminhee.org/2026/01/histomat-foss-llm/

🚀 New libraries for @graphql on Vapor and Hummingbird dropped!

Expose GraphQL APIs with just one line of code:
routeBuilder.graphql(schema: schema) { ... }

✅ Full spec compliance
✅ WebSocket subscriptions
✅ Built-in GraphiQL IDE

Check them out 👇
https://forums.swift.org/t/introducing-graphql-vapor-hummingbird-packages/84758

Fedify로 어디까지 할 수 있나 프로덕션에서 실험하는 사람이 돼

미스키에서도, 마스토돈에서도, 해커스펍에서도 호환이 되는 밋업 플랫폼 만들고 있는데 관심있으신분

@julian That's a fair point; honestly, right now there's no reliable way to know. If a server supports both RFC 9421 and draft cavage, and you lead with cavage, you can't infer anything about its RFC 9421 support from a successful response.

The workaround I applied is intentionally temporary, just to keep things working while Bonfire instances catch up with the fix. Once they do, I'll revert firstKnock back to RFC 9421.

The longer-term answer to your question might be FEP-844e, which proposes a capability discovery mechanism—servers could explicitly advertise which specifications they implement (including RFC 9421) via an Application object. That would make the guesswork unnecessary. It's still a draft, but worth keeping an eye on.

@elena Thanks! 🥰

A couple days ago, I got a DM from a #Bonfire user. I happily replied and sent a follow request—but the Accept never came back, even though they hadn't enabled manuallyApprovesFollowers. My DM reply probably never arrived either. Classic interop bug.

I checked out the Bonfire source and dug in. Turns out Bonfire hasn't implemented RFC 9421 yet, so it was silently discarding any activity signed with it. That alone would be workable, except for one more issue: Bonfire was responding 200 OK even when signature verification failed, instead of 401 Unauthorized.

This matters because Fedify implements a double-knocking mechanism—if a request signed with RFC 9421 fails, it retries with the older draft cavage signature. But since Bonfire returned 200 OK on the failed first knock, #Fedify had no reason to send a second one.

I filed two issues on the Bonfire #ActivityPub repo—one requesting RFC 9421 support, and one about returning 401 on invalid signatures. For the latter, I also sent a PR, which got merged pretty quickly: bonfire-networks/activity_pub#9.

That said, individual Bonfire instances won't pick up the fix until they actually deploy it. So in the meantime, I patched Hollo and Hackers' Pub to use draft-cavage-http-signatures-12 as the firstKnock, so Bonfire instances can at least understand the first request.

One last thing: Fedify caches whether a given server supports RFC 9421, and the Bonfire servers I'd already talked to were cached as “supports RFC 9421”—because they'd been returning 200 OK. I had to manually clear that cache on both hollo.social and hackers.pub before everything finally worked.

After all that, the mutual follow went through and my DM reply landed. Worth it.

#fedidev #fediverse #Hollo #HackersPub

The recent Hollo 0.7.3 and 0.7.4 updates have improved interoperability with #Bonfire. The issue where sending/receiving DMs or mutual following with Bonfire wasn't working properly has been resolved.

@box464 Thank you! I've got an account on the indieweb.studio instance for now, but I'll ask you if I need another one later!

@fedicat Oh, didn't know that. Thank you!

Hi #fediverse and #ActivityPub developers!

I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.

Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!

#fedidev #BonfireNetworks

"問いはF/OSSコードに対するLLM訓練がある抽象的意味で倫理的かではない。どのような条件で倫理的かだ。答えはF/OSSがこれまで示してきた答えと同じだと信じる。我々が付与する自由が保存され伝達されるとき、改善がコモンズに戻るとき、知識が自由に留まるとき、倫理的なのだ。"

まさに「これが唯物史観だ」という文章。

F/OSSの唯物史観——LLMを拒絶するのではなく、取り戻すべきだ — 洪民憙雑記
https://writings.hongminhee.org/2026/01/histomat-foss-llm/index.ja.html

日本のIT系はこういう主張する人をあんまり見たことないのはおろか、日本の左派からも、こんな硬派なマルクス主義的主張はほとんど見ない気がする。

いやていうか生産手段のコモン化ってもともとマルクス主義のテーゼだよな

洪民憙さんのこの記事、ブーストしてたが読んでなかった。

めちゃくちゃおもしろかった。 https://writings.hongminhee.org/2026/01/histomat-foss-llm/

ベンヤミンが、映画技術が少数の権力に寡占されていることに対して、市民による再領有を要求したことを思いだしながら読んだ(「複製技術時代の芸術」)。ベンヤミンが生きているころに、まだ技術の再領有は実践的にはかなり困難だったとおもう(というか方法論もなにもなかった)けど、いま同じ問題が実践的に解決可能な課題として問われているのだなと思う。

https://writings.hongminhee.org/2026/01/histomat-foss-llm/index.ja.html

>私は自分のコードがLLM訓練に使われることを望んでいる。望んでいないのは、その訓練によってAI企業の私有財産となるプロプライエタリなモデルが作られることだ。

とてもいい文章だった。
まぁ、自分はフルスクラッチで良いOSSを作れるような技術力はなく、LLMにおんぶにだっこ状態なので、あんまり何かを言う権利は無いけど。

今のOSS、詳しくは知らんけど、多くの人は本業があって、その稼ぎでご飯を食べながらcontributeして成立していると思っているので、じゃあ仮にLLMのモデル公開まで含めたライセンシングになったとき、そのLLMのコストは持続可能な形でどこから出るべきなんだろうか？と思った(オープンなLLMモデルも、戦略としてオープンにしてるけど、かなりの額の赤字を垂れ流してると思うので)。

Instead of trying to prevent LLM training on our code, we should be demanding that the models themselves be freed.

I want my code to be used for LLM training. What I don't want is for that training to produce proprietary models that become the exclusive property of AI corporations. The problem isn't the technology or even the training process itself. The problem is the enclosure of the commons, the privatization of collective knowledge, the one-way flow of value from the many to the few.

This isn't a new problem. It's the same problem FLOSS has always fought, just wearing new clothes.

https://writings.hongminhee.org/2026/01/histomat-foss-llm/

@stefan Thanks!

@smallcircles Okay, we'll look into the list, and send pull requests!

The really cool thing about this new architecture is that it can enable Client to Server architecture for AP with fedify (maybe vocab packages could be used in the browser too!)

@david_megginson @ben

Btw, just found the v2 release announcement of @fedify and that is a prime example on how, on the grassroots environment end of the spectrum we can maneuvre into better territory.

Kudos to the #fedify developers. Handing people tools they need to focus on solutions, and build without getting thrown into deep on-the-wire impl detail reeds to worry about.

That is the positive side of the equation. There's not only a big uptick in interest for the #SocialAPI i.e. #ActivityPub client-to-server, which offers new opportunity to correct course. But also are there more #FOSS projects focused on robust tool and library support for the 'Solution developer' stakeholder.

In the revamp of the delightful commons initiative, made possible with support of @nlnet I emphasized all these projects, while I de-emphasized the apps that are already doing good for themself, but contribute to further divergence from open standards.

https://delightful.coding.social

https://hollo.social/@fedify/019c8521-92ef-7d5f-be4d-c50eae575742

"Fedify 2.0.0 está aqui!

Esta é a maior atualização da história do Fedify. Destaques:

**Arquitetura modular** – O pacote monolítico `@fedify/fedify` foi dividido em pacotes independentes e focados: `@fedify/vocab`, `@fedify/vocab-runtime`, `@fedify/vocab-tools`, `@fedify/webfinger` e outros. Pacotes menores, imports mais limpos e a possibilidade de estender o ActivityPub com tipos de vocabulário personalizados.

**Painel de depuração em tempo real** – O novo pacote `@fedify/debugger` oferece um dashboard ao vivo em `/__debug__/` que mostra todo o tráfego de federação: traces, detalhes das atividades, verificação de assinaturas e logs correlacionados. Basta envolver seu objeto `Federation` e pronto.

**Suporte a relay do ActivityPub** – Suporte nativo a relays via `@fedify/relay` e o comando CLI `fedify relay`. Compatível com os protocolos Mastodon-style e LitePub-style (FEP-ae0c).

**Entrega ordenada de mensagens** – A nova opção `orderingKey` resolve o problema do "post zumbi", quando um `Delete` chega antes do seu `Create`. Atividades com a mesma chave são entregues garantidamente na ordem FIFO.

**Tratamento de falhas permanentes** – `setOutboxPermanentFailureHandler()` permite reagir quando uma inbox remota retorna 404 ou 410, possibilitando limpar seguidores inacessíveis em vez de tentar reenviar indefinidamente.

Outras novidades incluem negociação de conteúdo no nível do middleware, `@fedify/lint` para regras compartilhadas de linting, `@fedify/create` para scaffolding rápido de projetos, arquivos de configuração para a CLI, suporte nativo à CLI em Node.js/Bun e diversos fixes de bugs.

Esta versão conta com contribuições significativas de participantes do OSSCA da Coreia. Agradecemos imensamente a todos envolvidos!

Trata-se de uma release major com breaking changes. Consulte o guia de migração antes de atualizar.

Notas completas da release: https://github.com/fedify-dev/fedify/discussions/580

#Fedify #ActivityPub #fediverso #fedidev #TypeScript"

@fediverse @tecnologia @academicos @internet (pode seguir para acompanhar os assuntos ou marcar para amplificar a postagem até no #lemmy tb)

@fedify https://hollo.social/@fedify/019c8521-92ef-7d5f-be4d-c50eae575742