洪 民憙 (Hong Minhee)

Hello! I'm Hong Minhee (洪 民憙), an open source software engineer in my late 30s, living in Seoul, Korea. I'm bisexual and non-binary (they/them), and an enthusiastic advocate of free/open source software and the fediverse.

I work full-time on @fedify, an ActivityPub server framework in TypeScript, funded by @sovtechfund. I'm also the creator of @hollo, a single-user ActivityPub microblog; @botkit, an ActivityPub bot framework; Hackers' Pub, a fediverse platform for software developers; and LogTape, a logging library for JavaScript and TypeScript.

I have a long interest in East Asian languages (CJK) and Unicode. I post mostly in English here, though occasionally in Japanese or in mixed-script Korean (國漢文混用體), a traditional writing style that interleaves Chinese characters with the native Korean alphabet. Wanting to write in that style was actually one of the reasons I joined the fediverse. Feel free to talk to me in English, Korean, Japanese, or even Literary Chinese!

#introduction

はじめまして！ソウル在住の30代後半のオープンソースソフトウェアエンジニア、洪 民憙（ホン・ミンヒ）と申します。バイセクシュアル（bisexual）・ノンバイナリー（non-binary）で、自由・オープンソースソフトウェア（F/OSS）とフェディバース（fediverse）の熱烈な支持者です。

STF（@sovtechfund）の支援を受け、TypeScript用ActivityPubサーバーフレームワーク「@fedify」の開発に専念しています。他にも、おひとり様向けのActivityPubマイクロブログ「@hollo」、ActivityPubボットフレームワーク「@botkit」、ソフトウェア開発者向けフェディバースプラットフォームHackers' Pub、JavaScript・TypeScript用ロギングライブラリLogTapeなどの制作者でもあります。

東アジア言語（いわゆるCJK）とUnicodeにも興味があります。このアカウントでは主に英語で投稿していますが、時々日本語や国漢文混用体（漢字ハングル混じり文）の韓国語でも書いています。実はこの文体で書きたくてフェディバースを始めた、という経緯もあります。日本語、英語、韓国語、漢文でも気軽に話しかけてください！

#自己紹介

安寧(안녕)하세요! 저는 서울에 살고 있는 30代(대) 後半(후반)의 오픈 소스 소프트웨어 엔지니어 洪民憙(홍민희)입니다. 兩性愛者(양성애자)(bisexual)이자 논바이너리(non-binary)이며, 自由(자유)·오픈 소스 소프트웨어(F/OSS)와 聯合宇宙(연합우주)(fediverse)의 熱烈(열렬)한 支持者(지지자)이기도 합니다.

STF(@sovtechfund)의 支援(지원)을 받아 TypeScript用(용) ActivityPub 서버 프레임워크 @fedify 開發(개발)에 專業(전업)으로 任(임)하고 있습니다. 그 外(외)에도 싱글 유저用(용) ActivityPub 마이크로블로그 @hollo, ActivityPub 봇 프레임워크 @botkit, 소프트웨어 開發者(개발자)를 위한 聯合宇宙(연합우주) 플랫폼 Hackers' Pub, JavaScript·TypeScript用(용) 로깅 라이브러리 LogTape 等(등)의 製作者(제작자)이기도 합니다.

東(동)아시아 言語(언어)(이른바 CJK)와 Unicode에도 關心(관심)이 많습니다. 이 計定(계정)에서는 主(주)로 英語(영어)로 포스팅하지만, 때때로 日本語(일본어)나 國漢文混用體(국한문 혼용체) 韓國語(한국어)로도 씁니다. 聯合宇宙(연합우주)에 오게 된 動機(동기) 中(중) 하나가 바로 國漢文混用體(국한문 혼용체)로 글을 쓰고 싶었기 때문이기도 하고요. 韓國語(한국어), 英語(영어), 日本語(일본어), 아니면 漢文(한문)으로도 말을 걸어주세요!

#툿친소 #연친소 #별친소 #자기소개

@hongminhee So, I really appreciate that you are doing this work. I know it's hard, and it feels unrewarding, but it really matters, and it really helps the ecosystem.

Please let me know if I can help out in these efforts.

I hope that all of us in the ActivityPub community take these requests seriously when they come in.

@evan Can't agree more.

I think having good libraries can make the JSON-LD easier.

Yeah, that's one of reasons why I started Fedify; it was started from building a type-safe Activity Vocabulary library for TypeScript which lets me free from dealing with all complicated things about JSON-LD and keeping it standard-compliant at a time!

@silverpill Well, I fixed my software too:

https://github.com/fedify-dev/fedify/pull/721

@jamie Yeah, exactly such kind of thing!

@hongminhee I ran into things like this with Mastodon. I send valid AP activities but if I don’t encode them in a specific way, Mastodon silently ignores them. Like how it assumes the object of a Create activity must be inline and not a reference, but the actor must be a reference and not inline.

Honestly, I don't really care what strategy other #ActivityPub implementations follow to comply with the spec. (I solved it in #Fedify by just using a proper JSON-LD processor.) It's just a bit annoying that I always send valid JSON-LD documents, but whenever I encounter an interoperability bug where the other side can't process them, I'm the one who has to send them a patch to fix it. 😩

Or, just use a proper JSON-LD processor altogether. Of course, there would be a performance penalty. The #ActivityPub spec explicitly allows as:Public or bare Public for public addressing in to/cc, etc., but surprisingly many implementations don't handle this. All of this would actually be solved by using a JSON-LD processor.

I hope more #ActivityPub implementations start properly handling JSON-LD documents in various forms, rather than using ad-hoc approaches like only allowing specific fields to accept both arrays and scalar values.

Here are my first issue and PR for #Pixelfed:

https://github.com/pixelfed/pixelfed/issues/6588 https://github.com/pixelfed/pixelfed/pull/6589

@ntek イシューの報告ありがとうございます！本日中に確認しますね！

@lienrag Yes, Mastodon is probably too heavy to begin with, so it would be hard to run on low-end devices. We'd likely need a lightweight, bespoke ActivityPub implementation. Or we could use something like snac2 or GoToSocial.

Isn't Yunohost literally a hosting service? What I have in mind is a device that people can run like a home server in their own homes.

@ntek Holloで怪しい動作がありましたら、バグレポートをお願いします！私も確認してみます！

How Hard Is It To Open a File? via @PolyWolf https://lobste.rs/s/fbfu56 #security #unix
https://blog.sebastianwick.net/posts/how-hard-is-it-to-open-a-file/

@crepels Hello. Thank you for creating ActivityPub.Academy. I've been finding it really useful.

However, it seems like ActivityPub.Academy is down right now. Could you please check on it? Thanks as always for your help.

I think you could create a (certain type of) video game using the ActivityPub 'Question'.

https://www.w3.org/TR/activitystreams-vocabulary/#dfn-question

#ActivitiyPub #ActivityStreams #FediDev #FediGames #Games #VideoGames

@reiver That's a fun idea. I should try implementing it with BotKit sometime!

https://botkit.fedify.dev/concepts/message#polls

羊羹LAN

これまで約7年以上、1Passwordを特に不満もなく使ってきたが、最近の値上げをきっかけに代替ツールを検討し始めた。いくつか比較した結果、Bitwardenを軸に検討し、最終的にはセルフホストできる Vaultwarden を導入（クライアントは Bitwarden）することにした。

せっかくなので、HashiCorp Vault の一部用途も兼ねられないかと考え、 Bitwarden CLI を開発サーバーに入れて、CI/CD のタイミングで .env を同期する形で運用していた。

シンプルで扱いやすく、正直かなり気に入っていた。

ただ、最近になって Bitwarden CLI の npm パッケージがハイジャックされ、 SSHキーを含むサーバー内の認証情報を外部に送信する悪意あるコードが仕込まれていたというインシデントが発覚。

幸いにも、社内サーバーはプライベートネットワーク内で外部公開しておらず、さらに該当バージョンではなく旧バージョンを使っていたため、直接的な被害はなかったと思われる。

とはいえ、ツールチェーンに対する信頼が揺らいだのは事実で、このまま使い続けるのは心理的にもリスク的にも厳しいと判断。

最終的に、Bitwarden / Vaultwarden の利用はやめて、クライアントは 1Password に戻し、サーバー側のシークレット管理は HashiCorp Vault に回帰することにした。

一言まとめ

値上げをきっかけに移行を検討 → 実運用まで行ったが、サプライチェーンリスクを踏まえて元構成に戻した、という話。

@lienrag Basically, I think it will work like a router firmware update. You just click the update button on the management dashboard, and the software gets updated over-the-air.

An interesting thought has been floating around in my head lately. A single-user ActivityPub server device that's ready to use just by plugging in a power cord and an Ethernet cable. For just 200 dollars. Would you buy it?

mastodon.social is being DDoS'ed, and the rest of the Fediverse is fine.

I prefer to leave permalinks in commit messages or comments instead of just issue/PR numbers, because I'm constantly dreaming of escaping GitHub.

New from me: what makes social networks resilient?

https://connectedplaces.online/reports/fr160-everyone-wants-servers-and-nobody-wants-servers/

If you'd like to preview the #tutorial I'm writing on building a small #threadiverse software with #Fedify, here it is:

https://pr-710.fedify.pages.dev/tutorial/threadiverse

If you'd like to give feedback after reading it, please leave a comment on the following PR:

https://github.com/fedify-dev/fedify/pull/710

I've gone as far as I can with ignoring nodeinfo. I hit a piece of software tonight that won't federate unless it gets to check your nodeinfo and compare your self-reported software title against its blocklist. Nevermind that `User-Agent:` and `Server:` exist, if you're eager for some self-reported software titles!

@hongminhee 점심은 點心 (딤섬) 이 맛나죠

@octopuset 맞습니다 ㅋㅋㅋ

With Windows 9x Subsystem for Linux you can run all your favourite Windows and Linux apps side-by-side with a modern Linux kernel running cooperatively with the Windows kernel in ring 0. And unlike modern WSL, no hardware virtualisation is used so even your 486 can run it!

Please enjoy, I think this might be one of my greatest hacks of all time

https://codeberg.org/hails/wsl9x

You might look at the project and say “Okay, it adds federation capabilities to blogs, so what?” but there’s actually loads of interesting stuff under the hood:

• ActivityPub C2S API
• Adapters for many different kinds of content and media
• Lots of supported FEP extensions!
• Support for relays, including tags.pub support!
• Server-Side Events!

And that’s just some of the work that goes into this thing!

The ActivityPub For WordPress project is, in a lot of ways, one of the most impressive projects in the space for what it has accomplished. Every release gets better and better, and there’s a robustness to the project that I can’t help but admire.

Making ActivityPub federation work with the myriad of WordPress configurations out there is nothing short of a miracle, and I’m forever grateful for the work @pfefferle and the team put in.