Keonwoo Kim
@dev.kanu.kim
he/him • 🇰🇷🇺🇸🇯🇵
🧑💻 TypeScript • Next.js • etc.
🌱 @kanu.kim
🧑💻 TypeScript • Next.js • etc.
🌱 @kanu.kim
Reposted by Keonwoo Kim
havin' a play with: backdrop-filter: url(#glass);
Gecko/Webkit 🙏
Gecko/Webkit 🙏
June 12, 2025 at 1:47 AM
havin' a play with: backdrop-filter: url(#glass);
Gecko/Webkit 🙏
Gecko/Webkit 🙏
Reposted by Keonwoo Kim
⚛️📝 New on Overreacted: What Does "use client" Do?
What Does "use client" Do? — overreacted
Two worlds, two doors.
overreacted.io
April 25, 2025 at 4:22 PM
⚛️📝 New on Overreacted: What Does "use client" Do?
Reposted by Keonwoo Kim
ECMAScript excitement 😉
Congrats to Dan Minor et al on landing *experimental* support for TC39 Stage 3 proposal Temporal in SpiderMonkey. Heading for Firefox 135 behind a flag 🎉
Temporal is the modern replacement for the JavaScript Date API 👍
www.mozilla.org/en-US/firefo...
Congrats to Dan Minor et al on landing *experimental* support for TC39 Stage 3 proposal Temporal in SpiderMonkey. Heading for Firefox 135 behind a flag 🎉
Temporal is the modern replacement for the JavaScript Date API 👍
www.mozilla.org/en-US/firefo...
December 19, 2024 at 10:06 PM
ECMAScript excitement 😉
Congrats to Dan Minor et al on landing *experimental* support for TC39 Stage 3 proposal Temporal in SpiderMonkey. Heading for Firefox 135 behind a flag 🎉
Temporal is the modern replacement for the JavaScript Date API 👍
www.mozilla.org/en-US/firefo...
Congrats to Dan Minor et al on landing *experimental* support for TC39 Stage 3 proposal Temporal in SpiderMonkey. Heading for Firefox 135 behind a flag 🎉
Temporal is the modern replacement for the JavaScript Date API 👍
www.mozilla.org/en-US/firefo...
Reposted by Keonwoo Kim
TanStack Form now supports Standard Schema validators!
🔀 You can swap between Zod, Valibot and ArkType without zero effort, give it a try on the stackbliz you can find in the official docs 👇
tanstack.com/form/latest/...
🔀 You can swap between Zod, Valibot and ArkType without zero effort, give it a try on the stackbliz you can find in the official docs 👇
tanstack.com/form/latest/...
React TanStack Form Standard Schema Example | TanStack Form Docs
An example showing how to implement Standard Schema in React using TanStack Form.
tanstack.com
December 11, 2024 at 7:17 PM
TanStack Form now supports Standard Schema validators!
🔀 You can swap between Zod, Valibot and ArkType without zero effort, give it a try on the stackbliz you can find in the official docs 👇
tanstack.com/form/latest/...
🔀 You can swap between Zod, Valibot and ArkType without zero effort, give it a try on the stackbliz you can find in the official docs 👇
tanstack.com/form/latest/...
Reposted by Keonwoo Kim
Wrote down the process to build your own custom feeds for Bluesky programmatically in Python and run it 100% free
Uses @skyfeed.app + @github.com actions to do periodic filtering and re-ranking and @cloudflare.social static pages to provide data to @bsky.app
Uses @skyfeed.app + @github.com actions to do periodic filtering and re-ranking and @cloudflare.social static pages to provide data to @bsky.app
Zero-Cost Custom Feeds on Bluesky
A simple stack for generating custom feeds for Bluesky programmatically without a backend server
amitness.com
December 1, 2024 at 2:43 PM
Wrote down the process to build your own custom feeds for Bluesky programmatically in Python and run it 100% free
Uses @skyfeed.app + @github.com actions to do periodic filtering and re-ranking and @cloudflare.social static pages to provide data to @bsky.app
Uses @skyfeed.app + @github.com actions to do periodic filtering and re-ranking and @cloudflare.social static pages to provide data to @bsky.app
Reposted by Keonwoo Kim
@samuelscheit.com is cooking something incredible. I am very bullish on this new list approach. samuelscheit.github.io/react-native...
React Native Skia List
The fastest react-native list renderer
samuelscheit.github.io
November 7, 2024 at 9:13 PM
@samuelscheit.com is cooking something incredible. I am very bullish on this new list approach. samuelscheit.github.io/react-native...
Reposted by Keonwoo Kim
Oh also I forgot the best part
Say you only want to run a service that consumes Bluesky posts.
Using the full protocol firehose you'd be downloading ~9.5Mib/s -> 108 GB/day
Using Jetstream you're only downloading ~3 GB/day
Much easier to host somewhere with bandwidth constraints on the cheap :)
Say you only want to run a service that consumes Bluesky posts.
Using the full protocol firehose you'd be downloading ~9.5Mib/s -> 108 GB/day
Using Jetstream you're only downloading ~3 GB/day
Much easier to host somewhere with bandwidth constraints on the cheap :)
September 21, 2024 at 1:46 AM
Oh also I forgot the best part
Say you only want to run a service that consumes Bluesky posts.
Using the full protocol firehose you'd be downloading ~9.5Mib/s -> 108 GB/day
Using Jetstream you're only downloading ~3 GB/day
Much easier to host somewhere with bandwidth constraints on the cheap :)
Say you only want to run a service that consumes Bluesky posts.
Using the full protocol firehose you'd be downloading ~9.5Mib/s -> 108 GB/day
Using Jetstream you're only downloading ~3 GB/day
Much easier to host somewhere with bandwidth constraints on the cheap :)
Reposted by Keonwoo Kim
Just a little Jetstream fun
Makes it a lot easier to play around with data and explore Bluesky's AT Proto Firehose!
Only get the collections you need, only deal with JSON over a websocket, pipe it into your familiar CLI tools to analyze and explore :)
github.com/bluesky-soci...
Makes it a lot easier to play around with data and explore Bluesky's AT Proto Firehose!
Only get the collections you need, only deal with JSON over a websocket, pipe it into your familiar CLI tools to analyze and explore :)
github.com/bluesky-soci...
September 21, 2024 at 1:39 AM
Just a little Jetstream fun
Makes it a lot easier to play around with data and explore Bluesky's AT Proto Firehose!
Only get the collections you need, only deal with JSON over a websocket, pipe it into your familiar CLI tools to analyze and explore :)
github.com/bluesky-soci...
Makes it a lot easier to play around with data and explore Bluesky's AT Proto Firehose!
Only get the collections you need, only deal with JSON over a websocket, pipe it into your familiar CLI tools to analyze and explore :)
github.com/bluesky-soci...
Reposted by Keonwoo Kim
Worried about View Transitions breaking incremental rendering?
Well, that's an unwarranted concern: Cross-document View Transitions were carefully designed to not break this fundamental aspect of the web.
Find more info (and 5 more misconceptions) in this post: developer.chrome.com/blog/view-tr...
Well, that's an unwarranted concern: Cross-document View Transitions were carefully designed to not break this fundamental aspect of the web.
Find more info (and 5 more misconceptions) in this post: developer.chrome.com/blog/view-tr...
Misconceptions about view transitions | Blog | Chrome for Developers
With more and more people starting to look into the View Transition API, it's time to debunk some misconceptions.
developer.chrome.com
July 13, 2024 at 1:03 AM
Worried about View Transitions breaking incremental rendering?
Well, that's an unwarranted concern: Cross-document View Transitions were carefully designed to not break this fundamental aspect of the web.
Find more info (and 5 more misconceptions) in this post: developer.chrome.com/blog/view-tr...
Well, that's an unwarranted concern: Cross-document View Transitions were carefully designed to not break this fundamental aspect of the web.
Find more info (and 5 more misconceptions) in this post: developer.chrome.com/blog/view-tr...
Reposted by Keonwoo Kim
Introducing @bramus/style-observer, a MutationObserver for CSS.
It allows you to attach JavaScript callbacks to changes in computed values of CSS properties.
🔗 bram.us/2024/08/31/i...
It allows you to attach JavaScript callbacks to changes in computed values of CSS properties.
🔗 bram.us/2024/08/31/i...
August 30, 2024 at 11:23 PM
Introducing @bramus/style-observer, a MutationObserver for CSS.
It allows you to attach JavaScript callbacks to changes in computed values of CSS properties.
🔗 bram.us/2024/08/31/i...
It allows you to attach JavaScript callbacks to changes in computed values of CSS properties.
🔗 bram.us/2024/08/31/i...
Reposted by Keonwoo Kim
Today, I'm releasing a TypeScript compiler called ts-blank-space 🎈
We use this at Bloomberg to perform type-stripping on a modern subset of TypeScript.
It's written in TypeScript and is fast because it uses whitespace to enable work-skipping.
bloomberg.github.io/ts-blank-space
We use this at Bloomberg to perform type-stripping on a modern subset of TypeScript.
It's written in TypeScript and is fast because it uses whitespace to enable work-skipping.
bloomberg.github.io/ts-blank-space
ts-blank-space
A small, fast, pure JavaScript type-stripper that uses the official TypeScript parser.
bloomberg.github.io
September 19, 2024 at 2:23 PM
Today, I'm releasing a TypeScript compiler called ts-blank-space 🎈
We use this at Bloomberg to perform type-stripping on a modern subset of TypeScript.
It's written in TypeScript and is fast because it uses whitespace to enable work-skipping.
bloomberg.github.io/ts-blank-space
We use this at Bloomberg to perform type-stripping on a modern subset of TypeScript.
It's written in TypeScript and is fast because it uses whitespace to enable work-skipping.
bloomberg.github.io/ts-blank-space
Reposted by Keonwoo Kim
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.