I've been working from home for a few years now, and my happiest work environment is the front porch. It's in the breeze and (optionally) in the sun, but protected from light rain; I can hear birds and say hello to neighbors. The problem is that I have nothing even remotely resembling an ergonomic workstation: There's a chair, and the steps, and the floor. No desk. So I can't do it for very long before I start risking a return to the physical therapist.

I've been wanting to build a standing desk for the porch for a while now, and recently a design finally crystallized. In just a few days I had slapped something together from scrap wood and stray hardware.

It turned out to be just fantastic, and I'd like to share it with you. Maybe you'll be inspired to make your own design and share it too.

Read more

With the current exodus from both Twitter and (to some degree) Reddit, there's a lot of discussion right now about what the replacements should look like. There's a rising wave of sentiment in my circles: Having corporations in control of the public square is terrible, in terms of both individual experience and the health of our societies. There's a lot of energy right now in designing systems that are cooperatively owned and run, based on federated protocols, and/or managed by non-profits — and I think that's fantastic.

But I don't think all the ills of these systems can be placed at the feet of capitalism alone. It is fundamentally difficult to have a large number of people interacting in a digital space. (I'll refer to such a forum, messageboard, or microblog space as a "group", for lack of a better term.)

I think the core problem is that these groups are too big. And I think we can make them smaller without losing the benefits.

Read more

I've seen any number of people defending ChatGPT's use as a tool that can not just write code, but find bugs in existing code. My own position is that it could be useful for this, but only in the hands of someone who is skeptical, detail-oriented, and experienced with the language. This is because ChatGPT doesn't know anything about programming; it just knows what code looks like and what people say about it. This is sometimes good enough to write code, but it very readily departs from reality onto its own hallucinatory journey. In my case, it took a single line of code with one bug in it and instead of identifying that bug decided to add 3 or 4 more.

You can find any number of examples of this online along with discussion and analysis, so this blog post is just a vehicle for posting my own January 9 2023 chat transcript in a way I can conveniently link to.

(I would have posted it earlier, but OpenAI's chat history function was down for several weeks, so I could not retrieve it.)

Read more

I've been using Firefox for something like 15 years, so it's no surprise that I eventually ended up with a corrupted profile (perhaps from a sudden shutdown). It was functional 99% of the time, but a few things would break in weird ways, like Local Storage getting cleared periodically for both web pages and extensions. It was subtle enough that by the time I noticed, it was too late to just restore from backup.

The way I eventually fixed it was to use Mozilla's "Firefox Sync" service to copy the data to a new profile. This post describes the steps I took, in case someone else wants to take the same approach.

Read more

The lxml toolkit is a library for working with XML and HTML from Python. It includes a utility called Cleaner that supports filtering HTML for dangerous and unwanted elements and attributes, although since early 2022 it has been marked as not suitable for security purposes. Nevertheless, it is still used that way by many projects.

A coworker and I were recently exploring its capabilities. At one point he made a simple mistake that is extremely common in Python, and stumbled onto what I recognized as a vulnerability. Exploring the code more, I found another vulnerability, this one not dependent upon misconfiguration.

(As of this posting, the issues are not fixed and released, but patches are available.)

Read more