I've seen any number of people defending ChatGPT's use as a tool that
can not just write code, but find bugs in existing code. My own
position is that it could be useful for this, but only in the hands of
someone who is skeptical, detail-oriented, and experienced with the
language. This is because ChatGPT doesn't know anything about
programming; it just knows what code looks like and what people say
about it. This is sometimes good enough to write code, but it very
readily departs from reality onto its own hallucinatory journey. In my
case, it took a single line of code with one bug in it and instead of
identifying that bug decided to add 3 or 4 more.
You can find any number of examples of this online along with
discussion and analysis, so this blog post is just a vehicle for
posting my own January 9 2023 chat transcript in a way I can
conveniently link to.
(I would have posted it earlier, but OpenAI's chat history function
was down for several weeks, so I could not retrieve it.)
I've been using Firefox for something like 15 years, so it's no
surprise that I eventually ended up with a corrupted profile (perhaps
from a sudden shutdown). It was functional 99% of the time, but a few
things would break in weird ways, like Local Storage getting cleared
periodically for both web pages and extensions. It was subtle enough
that by the time I noticed, it was too late to just restore from
The way I eventually fixed it was to use Mozilla's "Firefox Sync"
service to copy the data to a new profile. This post describes the
steps I took, in case someone else wants to take the same approach.
The lxml toolkit is a library for working with XML
and HTML from Python. It includes a utility called
HTML for dangerous
and unwanted elements and attributes, although since early 2022 it has
been marked as not suitable for security
it is still used that way by many projects.
A coworker and I were recently exploring its capabilities. At one
point he made a simple mistake that is extremely common in Python, and
stumbled onto what I recognized as a vulnerability. Exploring the code
more, I found another vulnerability, this one not dependent upon
(As of this posting, the issues are not fixed and released, but
patches are available.)