洪 民憙 (Hong Minhee)

Hello! I'm Hong Minhee (洪 民憙), an open source software engineer in my late 30s, living in Seoul, Korea. I'm bisexual and non-binary (they/them), and an enthusiastic advocate of free/open source software and the fediverse.

I work full-time on @fedify, an ActivityPub server framework in TypeScript, funded by @sovtechfund. I'm also the creator of @hollo, a single-user ActivityPub microblog; @botkit, an ActivityPub bot framework; Hackers' Pub, a fediverse platform for software developers; and LogTape, a logging library for JavaScript and TypeScript.

I have a long interest in East Asian languages (CJK) and Unicode. I post mostly in English here, though occasionally in Japanese or in mixed-script Korean (國漢文混用體), a traditional writing style that interleaves Chinese characters with the native Korean alphabet. Wanting to write in that style was actually one of the reasons I joined the fediverse. Feel free to talk to me in English, Korean, Japanese, or even Literary Chinese!

#introduction

はじめまして！ソウル在住の30代後半のオープンソースソフトウェアエンジニア、洪 民憙（ホン・ミンヒ）と申します。バイセクシュアル（bisexual）・ノンバイナリー（non-binary）で、自由・オープンソースソフトウェア（F/OSS）とフェディバース（fediverse）の熱烈な支持者です。

STF（@sovtechfund）の支援を受け、TypeScript用ActivityPubサーバーフレームワーク「@fedify」の開発に専念しています。他にも、おひとり様向けのActivityPubマイクロブログ「@hollo」、ActivityPubボットフレームワーク「@botkit」、ソフトウェア開発者向けフェディバースプラットフォームHackers' Pub、JavaScript・TypeScript用ロギングライブラリLogTapeなどの制作者でもあります。

東アジア言語（いわゆるCJK）とUnicodeにも興味があります。このアカウントでは主に英語で投稿していますが、時々日本語や国漢文混用体（漢字ハングル混じり文）の韓国語でも書いています。実はこの文体で書きたくてフェディバースを始めた、という経緯もあります。日本語、英語、韓国語、漢文でも気軽に話しかけてください！

#自己紹介

安寧(안녕)하세요! 저는 서울에 살고 있는 30代(대) 後半(후반)의 오픈 소스 소프트웨어 엔지니어 洪民憙(홍민희)입니다. 兩性愛者(양성애자)(bisexual)이자 논바이너리(non-binary)이며, 自由(자유)·오픈 소스 소프트웨어(F/OSS)와 聯合宇宙(연합우주)(fediverse)의 熱烈(열렬)한 支持者(지지자)이기도 합니다.

STF(@sovtechfund)의 支援(지원)을 받아 TypeScript用(용) ActivityPub 서버 프레임워크 @fedify 開發(개발)에 專業(전업)으로 任(임)하고 있습니다. 그 外(외)에도 싱글 유저用(용) ActivityPub 마이크로블로그 @hollo, ActivityPub 봇 프레임워크 @botkit, 소프트웨어 開發者(개발자)를 위한 聯合宇宙(연합우주) 플랫폼 Hackers' Pub, JavaScript·TypeScript用(용) 로깅 라이브러리 LogTape 等(등)의 製作者(제작자)이기도 합니다.

東(동)아시아 言語(언어)(이른바 CJK)와 Unicode에도 關心(관심)이 많습니다. 이 計定(계정)에서는 主(주)로 英語(영어)로 포스팅하지만, 때때로 日本語(일본어)나 國漢文混用體(국한문 혼용체) 韓國語(한국어)로도 씁니다. 聯合宇宙(연합우주)에 오게 된 動機(동기) 中(중) 하나가 바로 國漢文混用體(국한문 혼용체)로 글을 쓰고 싶었기 때문이기도 하고요. 韓國語(한국어), 英語(영어), 日本語(일본어), 아니면 漢文(한문)으로도 말을 걸어주세요!

#툿친소 #연친소 #별친소 #자기소개

Hollo 0.8.0 is out. The main additions: you can now run web and worker processes separately via NODE_TYPE, which helps on instances with large follower counts where federation load was slowing down API responses. Mastodon clients that support the 4.5 quote post API will now work with Hollo. Remote actor profiles are refreshed automatically in the background when they go stale, and dead follower records are cleaned up on permanent delivery failures. There's also a new dashboard page for mass-deleting cached thumbnails from remote posts to free up storage.

https://github.com/fedify-dev/hollo/discussions/449

My CLI parser library, Optique, got featured in this week's issue of Node Weekly!

https://nodeweekly.com/issues/621

The official Hackers' Pub Android app has finally been released on Google Play! Android users of Hackers' Pub, please download the app here!

I added my first PR to #Mastodon today!

https://github.com/mastodon/mastodon/pull/38809

It's to add a notifications policy to filter notifications from bots; it's one of the big requests I've had for tags.pub. It turns out Mastodon has a really complete framework for filtering notifications, as well as a user flag for bots, and I was able to hook into those and make a very minimal set of changes to add this useful feature.

Fingers crossed that it gets reviewed and accepted! 🤞🏼

Every #TypeScript library I maintain uses Twoslash. I still haven't regretted it, even when Fedify's docs take nearly ten minutes to build. That wait is annoying. I keep paying it.

For a TypeScript library, the type signature often does most of the explaining. I used to write sentences describing what a function returns. Now I'd rather let #Twoslash show the compiler's answer inline. That removes one common way my docs used to go stale.

Hackers' Pub is now integrated with tags.pub. What this means is that public posts with hashtags will automatically be relayed to tags.pub, reaching a wider audience. Of course, if you have the #NoTagsPub, #NoBot, or #NoBots tag on your bio, your posts will not be relayed to tags.pub.

Cc: @evan #TagsPub

What percentage of code in a Free and Open Source software project should be written by the core maintainers?

#EvanPoll #poll #OpenSource #FreeSoftware

@hongminhee So, I really appreciate that you are doing this work. I know it's hard, and it feels unrewarding, but it really matters, and it really helps the ecosystem.

Please let me know if I can help out in these efforts.

I hope that all of us in the ActivityPub community take these requests seriously when they come in.

@evan Can't agree more.

I think having good libraries can make the JSON-LD easier.

Yeah, that's one of reasons why I started Fedify; it was started from building a type-safe Activity Vocabulary library for TypeScript which lets me free from dealing with all complicated things about JSON-LD and keeping it standard-compliant at a time!

@silverpill Well, I fixed my software too:

https://github.com/fedify-dev/fedify/pull/721

@jamie Yeah, exactly such kind of thing!

@hongminhee I ran into things like this with Mastodon. I send valid AP activities but if I don’t encode them in a specific way, Mastodon silently ignores them. Like how it assumes the object of a Create activity must be inline and not a reference, but the actor must be a reference and not inline.

Honestly, I don't really care what strategy other #ActivityPub implementations follow to comply with the spec. (I solved it in #Fedify by just using a proper JSON-LD processor.) It's just a bit annoying that I always send valid JSON-LD documents, but whenever I encounter an interoperability bug where the other side can't process them, I'm the one who has to send them a patch to fix it. 😩

Or, just use a proper JSON-LD processor altogether. Of course, there would be a performance penalty. The #ActivityPub spec explicitly allows as:Public or bare Public for public addressing in to/cc, etc., but surprisingly many implementations don't handle this. All of this would actually be solved by using a JSON-LD processor.

I hope more #ActivityPub implementations start properly handling JSON-LD documents in various forms, rather than using ad-hoc approaches like only allowing specific fields to accept both arrays and scalar values.

Here are my first issue and PR for #Pixelfed:

https://github.com/pixelfed/pixelfed/issues/6588 https://github.com/pixelfed/pixelfed/pull/6589

@ntek イシューの報告ありがとうございます！本日中に確認しますね！

@lienrag Yes, Mastodon is probably too heavy to begin with, so it would be hard to run on low-end devices. We'd likely need a lightweight, bespoke ActivityPub implementation. Or we could use something like snac2 or GoToSocial.

Isn't Yunohost literally a hosting service? What I have in mind is a device that people can run like a home server in their own homes.

@ntek Holloで怪しい動作がありましたら、バグレポートをお願いします！私も確認してみます！

How Hard Is It To Open a File? via @PolyWolf https://lobste.rs/s/fbfu56 #security #unix
https://blog.sebastianwick.net/posts/how-hard-is-it-to-open-a-file/

@crepels Hello. Thank you for creating ActivityPub.Academy. I've been finding it really useful.

However, it seems like ActivityPub.Academy is down right now. Could you please check on it? Thanks as always for your help.

I think you could create a (certain type of) video game using the ActivityPub 'Question'.

https://www.w3.org/TR/activitystreams-vocabulary/#dfn-question

#ActivitiyPub #ActivityStreams #FediDev #FediGames #Games #VideoGames

@reiver That's a fun idea. I should try implementing it with BotKit sometime!

https://botkit.fedify.dev/concepts/message#polls

羊羹LAN

これまで約7年以上、1Passwordを特に不満もなく使ってきたが、最近の値上げをきっかけに代替ツールを検討し始めた。いくつか比較した結果、Bitwardenを軸に検討し、最終的にはセルフホストできる Vaultwarden を導入（クライアントは Bitwarden）することにした。

せっかくなので、HashiCorp Vault の一部用途も兼ねられないかと考え、 Bitwarden CLI を開発サーバーに入れて、CI/CD のタイミングで .env を同期する形で運用していた。

シンプルで扱いやすく、正直かなり気に入っていた。

ただ、最近になって Bitwarden CLI の npm パッケージがハイジャックされ、 SSHキーを含むサーバー内の認証情報を外部に送信する悪意あるコードが仕込まれていたというインシデントが発覚。

幸いにも、社内サーバーはプライベートネットワーク内で外部公開しておらず、さらに該当バージョンではなく旧バージョンを使っていたため、直接的な被害はなかったと思われる。

とはいえ、ツールチェーンに対する信頼が揺らいだのは事実で、このまま使い続けるのは心理的にもリスク的にも厳しいと判断。

最終的に、Bitwarden / Vaultwarden の利用はやめて、クライアントは 1Password に戻し、サーバー側のシークレット管理は HashiCorp Vault に回帰することにした。

一言まとめ

値上げをきっかけに移行を検討 → 実運用まで行ったが、サプライチェーンリスクを踏まえて元構成に戻した、という話。

@lienrag Basically, I think it will work like a router firmware update. You just click the update button on the management dashboard, and the software gets updated over-the-air.

An interesting thought has been floating around in my head lately. A single-user ActivityPub server device that's ready to use just by plugging in a power cord and an Ethernet cable. For just 200 dollars. Would you buy it?

mastodon.social is being DDoS'ed, and the rest of the Fediverse is fine.

I prefer to leave permalinks in commit messages or comments instead of just issue/PR numbers, because I'm constantly dreaming of escaping GitHub.