This seems like as good a place as any to link to some of my favorite posts:

But here are the most recent pieces...

Work in progress: Reversing Blink cameras

I received some Blink outdoor security cameras a while ago but haven't been able to make use of them because they require a smartphone and internet access to set up, and I don't have a smartphone and don't want these things streaming video of my comings and goings to Amazon.

According to what I've read, I should be able to turn off cloud streaming and have the cameras instead stream to the sync module, which will store videos on a thumb drive. That's what I'd like to do, but without the cloud connection. Maybe I could set them up on a temporary wifi network and then remove their internet access again? But again, I don't have a smartphone. I'd have to borrow one.

In the meantime. I've decided to try reverse-engineering them to see if I can make them into something useful—and also just for the fun of it. I haven't succeeded, but I've made a little bit of progress, so I'm posting what I have in the hopes that someone else will be able to build on it.

I'll update if I learn more.

Read more

Outdoor standing desk

I've been working from home for a few years now, and my happiest work environment is the front porch. It's in the breeze and (optionally) in the sun, but protected from light rain; I can hear birds and say hello to neighbors. The problem is that I have nothing even remotely resembling an ergonomic workstation: There's a chair, and the steps, and the floor. No desk. So I can't do it for very long before I start risking a return to the physical therapist.

I've been wanting to build a standing desk for the porch for a while now, and recently a design finally crystallized. In just a few days I had slapped something together from scrap wood and stray hardware.

It turned out to be just fantastic, and I'd like to share it with you. Maybe you'll be inspired to make your own design and share it too.

Read more

Groups too big, start over

With the current exodus from both Twitter and (to some degree) Reddit, there's a lot of discussion right now about what the replacements should look like. There's a rising wave of sentiment in my circles: Having corporations in control of the public square is terrible, in terms of both individual experience and the health of our societies. There's a lot of energy right now in designing systems that are cooperatively owned and run, based on federated protocols, and/or managed by non-profits — and I think that's fantastic.

But I don't think all the ills of these systems can be placed at the feet of capitalism alone. It is fundamentally difficult to have a large number of people interacting in a digital space. (I'll refer to such a forum, messageboard, or microblog space as a "group", for lack of a better term.)

I think the core problem is that these groups are too big. And I think we can make them smaller without losing the benefits.

Read more

ChatGPT hallucinates software bugs and ignores real ones

I've seen any number of people defending ChatGPT's use as a tool that can not just write code, but find bugs in existing code. My own position is that it could be useful for this, but only in the hands of someone who is skeptical, detail-oriented, and experienced with the language. This is because ChatGPT doesn't know anything about programming; it just knows what code looks like and what people say about it. This is sometimes good enough to write code, but it very readily departs from reality onto its own hallucinatory journey. In my case, it took a single line of code with one bug in it and instead of identifying that bug decided to add 3 or 4 more.

You can find any number of examples of this online along with discussion and analysis, so this blog post is just a vehicle for posting my own January 9 2023 chat transcript in a way I can conveniently link to.

(I would have posted it earlier, but OpenAI's chat history function was down for several weeks, so I could not retrieve it.)

Read more

Fixing a broken Firefox profile via Sync

I've been using Firefox for something like 15 years, so it's no surprise that I eventually ended up with a corrupted profile (perhaps from a sudden shutdown). It was functional 99% of the time, but a few things would break in weird ways, like Local Storage getting cleared periodically for both web pages and extensions. It was subtle enough that by the time I noticed, it was too late to just restore from backup.

The way I eventually fixed it was to use Mozilla's "Firefox Sync" service to copy the data to a new profile. This post describes the steps I took, in case someone else wants to take the same approach.

Read more

URL filtering vulnerabilities in lxml

The lxml toolkit is a library for working with XML and HTML from Python. It includes a utility called Cleaner that supports filtering HTML for dangerous and unwanted elements and attributes, although since early 2022 it has been marked as not suitable for security purposes. Nevertheless, it is still used that way by many projects.

A coworker and I were recently exploring its capabilities. At one point he made a simple mistake that is extremely common in Python, and stumbled onto what I recognized as a vulnerability. Exploring the code more, I found another vulnerability, this one not dependent upon misconfiguration.

(As of this update, a fix is merged into lxml but not yet released.)

Read more