We're leaning in, once again, to the hodgepodge-enabling "multi-threaded” theme, today, since the first two topics may not have broad appeal (one deals with socmed threads, and another is only useful on macOS). I would argue, however, that said socmed thread section does present a fully working web application that is something one might want to peruse and riff from since it is built extremely well.

TL;DR

This is an AI-generated summary of today's Drop.

Perplexity died on the first run, and I forgot to edit my usual prompt to tell it we had four sections this issue. So, I ended up doing a third try, and it turned out super well (I really dislike the lack of reproducibility in LLM/GPT model output).

1. Threadr: A microblogging threads editor compatible with Bluesky, Mastodon, and Twitter, offering a well-crafted, fully working web application.

2. OrbStack: A fast, light, and simple way to run containers and Linux machines on macOS, serving as a supercharged alternative to Docker Desktop.

3. Mistral-7B-v0.1: A controversial AI model released without safety evaluation, sparking debate about the responsibilities of AI companies and ethical information delivery.

4. Electron Apps Vulnerability: A guide to auditing Electron apps for a nasty vulnerability in a foundational image encoding/decoding library, affecting numerous server and client software.

Threadr

When the boy billionaire turned the birdsite into a haven for Nazis he broke a ton of things and fragmented the social media/network ecosystem. Sure, some folks are still there — and at this point I kinda will judge anyone who still is — but many made the switch to other sites/apps.

In the before times, Twitter's mass appeal and giant user base fueled creativity that brought many Twitter-focused apps to life. One such category of apps were those that helped craft, schedule, and publish Twitter threads. Threads are necessary on what some folks call microblogging platforms due to character limits. I wasn't much of a “threader” on the bird site, but did use some of those tools, occasionally.

While it's 100% possible to manually create threads on social networks like Mastodon and Bluesky, it's a very manual process. And, while tools like Buffer have recently added support for Mastodon account, almost no multi-posting apps have bothered to incorporate Bluesky support — yet.

A friend of the Drop was looking for a decent thread creator a few weeks ago, so I added a search for one to the Drops' TODO list and finally got to that entry over the weekend. After a bit of spelunking, I came across the resource that is the topic of this section.

Threadr is a “microblogging threads editor (compatible with Bluesky, Mastodon and Twitter)”. As noted in the Drop's preamble, it's also a well-crafted, fully-working web application that is based on Nuxt (an enhanced Vue.js framework), and a Docker-composed stack that bundles MinIO, Postgres, and Redis. We don't have time to dig into all the tech behind the app, today, so I'll shift focus to the app's functionality.

The above shows the fully working app with a thread I posted to both Bluesky and Mastodon over the weekend. It's a really straightforward and intuitive interface. You start a new thread, add posts in a sequence, and then hit Save, Send, or Schedule.

To get to the point where you can do all that does require a tad bit of effort.

First, you have to:

$ git clone git@github.com:jbuget/threadr-app.git && cd threadr-app

then edit a .env configuration file to:

• set your DISPLAYING_NAME and AVATAR_URL (you can use Gravatar)

• store your Bluesky application credentials (generate the app password in the Bluesky settings)

• Mastodon server and bearer token (which you have to manually create). Use this web app to create it after going to Preferences -> Development and creating a new application.

• modify POSTGRES_USER and POSTGRES_PASSWORD to be threadr (yeah, yeah… that sounds like a bad thing but it's only running locally and the app is a WIP; feel free to modify docker-compose.yml to use different credentials and modify the .env accordingly)

Once you do that, you can do:

$ docker compose up -d

and follow the instructions to set up the MiniIO bucket (the credentials are in the .env file).

I didn't realize the Postgres bit initially and ended up having to

$ psql --user threadr

and use prisma/migrations/20230906200241_init/migration.sql to create the necessary tables for the app to work.

If you made it through all that, then all that is left is to:

$ npm install && npm run dev -- -o

and head to localhost:3000 in a browser.

The application is getting quite a bit of 💙 from the devs, so I'm sure the above steps will be much less clunky in the future. Meanwhile, hit me up on Mastodon or Bluesky if you run into any troubles.

P.S. you can safely docker-compose stop after emitting your thread(s) to save a bit on battery/CPU/memory.

Share

OrbStack

We're only partially covering OrbStack (GH) today because I was super impressed with the UX — seen in the section header — for the docker-compose app stack UX for Threadr. I still need to do a full Knowledge Drop on it since it has enough features to warrant it.

OrbStack is a fast, light, and simple way to run containers and Linux machines on macOS. It serves as a supercharged alternative to Docker Desktop, and is a 100% full, drop-in replacement for it. All the usual Docker CLI commands work, just much spiffier.

It starts in (literally) just 2 seconds, with optimized network and file system performance, and fast x86 emulation (it's designed for Apple Silicon). In comparison, Docker Desktop takes more than 10 seconds to launch. It's also more battery-friendly than Docker Desktop, with very low CPU and disk usage, along with minimal memory consumption. A big plus is that it also allocates memory on demand, unlike Docker Desktop.

As if those weren't sufficient reason to at least give it a try, OrbStack also offers a more straightforward setup process and user interface than Docker Desktop. It also provides automatic domain names and migration, CLI & file system integration, VPN, and SSH support.

On top of all that, OrbStack is a native Swift app, whereas Docker Desktop uses Electron.

If you're in the complexity cult, OrbStack supports Kubernetes, enabling you to infest your system with YAML to create and manage Linux VMs on macOS.

It's free for personal use, and I've been using it since it first came out. Amazingly, it even survived the beta jump to Sonoma back in June.

The documentation is impeccable, so I'm going to have to leave you in its capable hands to explore it a bit further (before the aforementioned Knowledge Drop), given the increasing length of this edition.

Share

MurderGPT

404 Media is a new digital media company created, owned, written, edited by four journalists who until very recently worked at VICE’s Motherboard. They've already done some stellar reporting, and their work is solid enough that I'm a paid subscriber.

They recently did a great story on Mistral-7B-v0.1. Mistral AI is a French AI startup founded by Google and Meta alums (read: “high-functioning and wealthy sociopaths”).

Mistral-7B-v0.1 was released without evaluating its safety first. Testing found the model would readily discuss harmful topics like ethnic cleansing, suicide instructions, and how to murder your spouse.

It was released as a magnet link to a torrent, which means that the model cannot, effectively, be deleted from the internet. This highlighted divisions amongst AI wonks between those who believe models should have restrictions and oversight, and those who think fully open models are safer and will advance the technology more rapidly.

However, even advocates for open models acknowledge they come with (obvious) risks. The release sparked debate about the responsibilities of AI companies and whether there is an ethical way to deliver all information online.

The article goes into much more detail and is 100% worth your time.

Share hrbrmstr's Daily Drop

Electron PSA

There as a very nasty vulnerability in a foundational image encoding/decoding library that's in a plethora of server and client software, including virtually every app that lets you view web content. Apps that are lazily built with Electron (like Slack, and the aforementioned Docker Desktop) are glorified web apps with an embedded Chromium engine. All your Electron apps (unless you updated them all last week) are vulnerable.

The problem is that you likely don't know if an app is an Electron app.

A spiffy human and old cow-orker of mine did a solid Mastodon thread showing macOS folks how to find Electron apps and determine if they're vulnerable.

On Saturday, I riffed from it to create a dedicated app an and modified instructions that you can use to audit your Electron installs. That GitLab repo has a signed, universal macOS binary for the utility.

As you can see in the section header, there are still some apps I need to delete or find an update for.

Give it a spin and drop an issue if any problems arise.

Share

FIN

Time sure does fly. It's hard to believe my grandson turns two this month. Hope all are rested from the weekend and ready to charge into October! ☮️