A low-tech way to see the TOTP secret exported from Google Authenticator

Google Authenticator’s Export functionality produces a QR code. You can scan the QR code with another copy of Google Authenticator, to transfer the Time-based One-Time Password secret to a new phone for example. But if you want to use it in another context, it’s annoying and tricky. For example, if you need to authenticate in order to run automated tests, you can’t be getting your phone out each time your CI job runs.

These instructions are for a Debian-based Linux machine.

  1. sudo apt-get install zbarcam-gtk oathtool protobuf-compiler
  2. Click the three dots menu in Authenticator, choose Export, and select the accounts you want to export
  3. Run zbarcam-gtk and point your computer’s camera at the QR code displayed on your phone
  4. Copy the URL at the bottom of the window
  5. Paste it somewhere and delete the prefix, QR-Code:otpauth-migration://offline?data=
  6. Open Python3 and run:
    from urllib.parse import unquote
    import base64
    with open("secret.proto") as out:
     out.write(unquote("the rest of the decoded QR"))
  7. Back in the terminal, run protoc --decode_raw < secret.proto
  8. rm secret.proto
  9. Copy the thing that looks like \123WE\012 etc – the binary representation of the TOTP secret – not including its quotation marks.
  10. Back in Python, type
    base64.b32encode(b"PASTE HERE")

    You should get back a bytes object that’s all letters and numbers. That’s the TOTP secret, encoded in base32.

  11. Now, any time you need a one-time password, you can run
    oathtool -b --totp the_base32_secret

This is less secure than your phone, e.g. your secret will be visible in your shell history file. But it can be worthwhile in certain cases.

I did it this way because I didn’t know what TOTP desktop apps were trustworthy or would send your passwords to Nocturnal Aviation Associates. I figured these tools were low-level enough that they wouldn’t be scams?

Barometz (The Vegetable Lamb)

When cotton was first introduced to Europeans in medieval times, they were mystified. What was the source of this marvelous material? Theories abounded. For a time, the source was thought to be ‘the Vegetable Lamb of Tartary’—a plant with tiny sheep on stems bowing down and grazing the undergrowth. One can only imagine how they thought all those tiny sheep were shorn.

From The Practical Spinner’s Guide: Cotton, Flax, Hemp, Stephenie Gaustad, 2014

My wife Jessica showed me this passage, and we obviously had to know more. The creature’s wikipedia page quoted some extraordinary verse by Dr. Erasmus Darwin (one of those Darwins):

E’en round the Pole the flames of love aspire,
And icy bosoms feel the secret fire,
Cradled in snow, and fanned by Arctic air,
Shines, gentle borametz,1 thy golden hair
Rooted in earth, each cloven foot descends,
And round and round her flexile neck she bends,
Crops the grey coral moss, and hoary thyme,
Or laps with rosy tongue the melting rime;
Eyes with mute tenderness her distant dam,
And seems to bleat – a vegetable lamb

(Listen, because I am telling you that there is a two-volume book of rapturous poetry about botany, by Darwin’s grandpa, available for free on Project Gutenberg: The Economy of Vegetation and The Loves of the Plants.)

I decided that this lovely misconception needed to be set to music. It’s in iambic pentameter, so I looked through Hymnary by meter and found Magda by Ralph Vaughan Williams to be suitably tender.

So! Here is the sheet music (revision 5) if you would like to sing about this earthy plant-beast. Maybe you can use it in a concert about… misconceptions? Exoticism? Evolution? Fabric? Sheep?

The sheet music is licensed CC-BY 4.0; I would love to know if you use the music, my email address is in the footer. Error reports also welcome.


Engraving by Sir John Mandeville, 14th century

  1. Borametz, Barometz, and Borometz all seem to be valid names. Also Scythian Lamb. 

Dissecting an asthma inhaler with a dose counter

Back in the 90s, before Le Chiffre made asthma inhalers cool, my mother taught me how to tell if my Proventil canister was empty. If there was any of that sweet sweet albuterol left, it would float vertically in water, but if it went horizontal it was empty.

Apparently, in the years since I was a wheezyboy, inhaler technology has advanced a bit. Modern ones have clockwork contrivances to tell you how much is left, which I have to admit is convenient.

Photo of part of a Symbicort inhaler, showing the dose counter

I got curious about its inner workings, so I pried the whole thing apart and took pictures. Click through to see!

Continue reading...

System76 Darter Pro 6: power supply, case screws

I like this laptop a lot! It comes with a Chicony power supply, 19V 3.42A 65W. Those are easy to find, but you have to get the right barrel connector. The nominal outer diameter of the barrel is 5.5mm, the nominal inside is 2.5mm. The tip is positive. I ordered this power adapter from amazon, and the brick part is exactly what I got from System76. The barrel fits correctly except it’s a couple mm too long, which I don’t mind. If that link is dead, try searching for “chicony toshiba satellite 19v 65w.” I like supporting System76, but not quite enough to buy replacement AC adaptors from them.

My case screws keep slowly working out somehow, which is annoying. The screws are M2 by 5 mm long if you need to order them. This screw assortment included them.

Delights of a Minnesotan Gigabit Switch (part 3, good hax!)

Welcome back! I’m rehabilitating and taking control of a Waters Network Systems GSM-2112-POE 12-port managed Ethernet switch. You can check out part 1 or part 2 if you feel like it.

In case you don’t feel like it, I’ll sum up where we are in the story: my current Ethernet switch has no character and isn’t rack-mounted so much as rack-zip-tied:

My old switch held onto a rack shelf by ignominious zip ties

I expect to need more than its four power-over-ethernet ports. I’ve bought a high-quality but decade-old switch from eBay for pretty cheap. The people who sold me the switch did not do a factory reset, and I don’t have the admin password. My attempts to hack the thing over the network have failed up to this point. They could possibly be successful eventually, but they seem like an annoying amount of work. I have bought the cable to go from my USB port to this Serial console on the back of the box:

Photo of the serial port on the back of the ethernet switch

Okay, I hook the new cable up between the Serial port and my laptop. How do I actually talk to it?

In my youth, my daddy taught me to use a program called Kermit to dial into some computer at his work so that I could read rec.pets. Fond memories, and Kermit is furthermore a great name for a program, but alas: I now find it 100% incomprehensible. GNU Screen seems to be the actual thing to use.1

The baud2 rate 57600 comes from the manual. Here’s the command line to connect and start interacting:

sudo screen /dev/ttyUSB0 57600

And rebooting the switch gives:

Read system parameters from IIC EEPROM...Done!

BIOS v1.07 

BIOS(0)> ................................................
............Now booting image...

Followed by the normal login prompt - the login isn’t any different from what I see on telnet. But hey, the BIOS(0)>. The > looks like a command prompt? Yes actually! Apparently you have to be quite speedy, there’s only a few seconds grace period, but after a few tries:

BIOS(0)> help
        BIOS Command line interface HELP     
 help       :  Help for bios command. 
 ls         :  Display the bios command list. 
 sysconf    :  System parameter configuration. 
 flash      :  Flash Device Utility. 
 load(r)    :  Excutable image download[load] & run[loadr] at free memory area. 
 boot       :  vLinux Boot Loader can be selected. 
 dump       :  Memory Dump Command. 
 sys        :  Usage : sys {model|mac{0|1}|prod|ser|hard|mech|ram|flash|show} value . 
 look       :  look ext 0 , 1 ,2 . 
 fill       :  fill memory (4 byte) . 
 sdram      :  SDRAM test . 
 p1         :  p1 {0|1} GBIO Port 1. 
 rd         :  rd block sublock reg 


Huh, sysconf looks vaguely interesting, let’s look:

BIOS(1)> sysconf view

Read system parameters from IIC EEPROM...Done!

|           System Configuration Table             |
|  Configuration Parameter valid !!!               |
|               Boot Configuration                 |
|  BOOT Method : manual                            |
|  Boot File Name :                                |
|  TFTP Server IP Address :          |
|             Ethernet Configuration               |
|  Host Name : RubyTech                            |
|  Ethernet IP Address :               |
|  Ethernet Default Gateway :        |
|  Ethernet Default Subnet Mask :    |
|  Ethernet H/W Address : 00:40:c7:d0:00:00        |

Cool! You love to see the text-based tables, for one thing. But more pertinently, it looks like if I created a bootable firmware image, the BIOS would let me load it onto the switch using TFTP and boot into it! So how do I do that?! Actually, it’s not super easy.3 So I put this possibility in my back pocket for now. Another interesting thing we can see here is the name RubyTech. I asked Jeeves, and RubyTech is apparently a Taiwanese supplier of private label network equipment. Presumably it’s where Waters bought the hardware?

I poked around the menu a while longer, which I’ll spare you. The most useful thing turned out to be the memory dump command:

BIOS(4)> dump 0x0
00000000:0000000f   18 f0 9f e5 18 f0 9f e5  -  18 f0 9f e5 18 f0 9f e5 
00000010:0000001f   18 f0 9f e5 18 f0 9f e5  -  18 f0 9f e5 18 f0 9f e5 
00000020:0000002f   01 18 a0 e3 01 24 a0 e3  -  04 30 90 e4 04 30 82 e4 
00000030:0000003f   04 10 51 e2 fb ff ff 1a  -  58 23 5e 00 ff 10 a0 e3 
00000040:0000004f   00 10 80 e5 14 01 9f e5  -  20 10 a0 e3 00 10 80 e5 
00000050:0000005f   f8 00 9f e5 f8 10 9f e5  -  00 10 80 e5 5c 00 8f e2 
00000060:0000006f   fe 1f 90 e8 ec 00 9f e5  -  fe 1f 80 e8 f0 00 9f e5 
00000070:0000007f   01 18 a0 e3 5e 28 a0 e3  -  04 30 90 e4 04 30 82 e4 
00000080:0000008f   04 10 51 e2 fb ff ff 1a  -  5e f8 a0 e3 00 00 00 00 
00000090:0000009f   f8 3f 50 05 60 00 00 04  -  50 00 08 24 4c 00 09 25 
000000a0:000000af   00 00 00 00 00 00 00 00  -  00 00 00 00 80 03 04 20 
000000b0:000000bf   00 00 00 00 00 00 00 00  -  00 00 00 00 60 83 21 9c 
000000c0:000000cf   f8 3f 50 05 60 00 04 14  -  50 00 08 24 4c 00 09 25 
000000d0:000000df   00 00 00 00 00 00 00 00  -  00 00 00 00 80 03 00 10 
000000e0:000000ef   00 00 00 00 00 00 00 00  -  00 00 00 00 60 83 21 9c 
000000f0:000000ff   f8 3f 50 05 60 00 00 04  -  50 00 08 24 4c 00 09 25 

=   1. Next Memory Address View![Any Key] =
=   2. New Address Input![N]              =
=   3. Exit [Q]                           =

Well, cool - we can see the memory in hexadecimal format. That page doesn’t actually mean anything to me yet, but there’s got to be good stuff in there if we look through everything! At last, a clear direction - time to start hackin’, baby! That’s what real hackers say, right?

Here’s a script using pexpect to start the serial communication and interact with the BIOS menu to record everything to a file, memory_dump.txt.

Assuming you’ve got a Python 3 virtualenv env with pexpect installed, and the script is dump_memory.py, you’d invoke it as sudo env/bin/python dump_memory.py. Once the script is started, you would Reset the switch.

import pexpect
import time

# Start communicating with the switch
child = pexpect.spawn('screen /dev/ttyUSB0 57600')
# Tell pexpect to record one side of the conversation -
# everything the switch sends to the laptop - to a file
child.logfile_read = open('memory_dump.txt', 'wb')

# This means to ignore everything the switch sends to us,
# UNTIL we get the '> ' - the BIOS command prompt.
child.expect('> ')
# Start the memory dump at address 0
child.send('dump 0\r\n')

# Keep sending Space every time it's done printing
# a block of memory
while True:
    child.expect('Next Memory Address View')
    child.send(' ')

I run it for a while - maybe an hourish? At some point, I notice that it only seems to be reading f8 3f 50 05 over and over and over again. This pattern seems to start at the 20 megabyte boundary (0140 0000 hex). There are a few other bytes thrown in, but this seems boring, so I stop the process.

I don’t want to deal with this as hex, I want to make it a binary file so that I can unzip it if it’s zipped, search for strings, and so on. So I write another small python3 script, to separate the lines with hex data from the lines with BIOS(0), the instructions, and so on, and then convert the hex to the binary characters it represents:

out = open('memory_dump.bin', 'wb')

# Example lines this will deal with:
000000e0:000000ef   00 00 00 00 00 00 00 00  -  00 00 00 00 60 83 21 9c
000000f0:000000ff   f8 3f 50 05 60 00 00 04  -  50 00 08 24 4c 00 09 25

=   1. Next Memory Address View![Any Key] =
=   2. New Address Input![N]              =
=   3. Exit [Q]                           =
00000100:0000010f   00 00 00 00 00 00 00 00  -  00 00 00 00 13 02 04 a0
00000110:0000011f   00 00 00 00 00 00 00 00  -  00 00 00 00 60 83 21 9c
for line in open('memory_dump.txt', 'r'):
    # Exclude lines with only instructions & stuff.
    # There's also all kinds of control codes and junk
    # in there, but I ignored it and it didn't
    # seem to matter?
    if line and line[0] in '01234567890abcdef':
        line = line.strip()
        # The sections of the line are separated by double spaces.
        # We don't care about the address or the dash, just the
        # first and second sections of data.
        addr, first, dash, second = line.split('  ')


So I’ve got a 20+ megabyte binary file - what is in there? I have seen people do pretty wild stuff to firmware images with a program called binwalk, so I install that and set it loose. Unfortunately, it misidentifies basically everything. Nope, that’s not a stuffit file, and that other thing isn’t 7zip. I don’t know. It doesn’t do it for me.

Presumably there must be a kernel in there, and possibly file data, but I don’t get as far as figuring that out, because strings turns out to be the only analysis tool I need. strings is a basic Unix tool that looks inside a binary file for parts that look like text. I spend a bit of time paging through the results, but eventually I get bored, and search for admin, the administrator username from the documentation. Boom!


There it is! Very likely the password!4

I had been expecting a normal Linux /etc/passwd or shadow file entry like admin:$1$YjOzcqrf$Zqx4sx5CQRuEIFCdOLAJV0:0:0:admin:... but no, it seems to be sitting there in plain text, no password cracking required! Sure enough:

L2 Managed Switch - GEPoEL2-SW12

Login: admin


If you’re doing this on your system and the memory layout is identical, then you should just have to dump one block, starting at 0x011b0400. This switch has the concept of two independent configurations, one that’s used when rebooting and another that can be made active by a command. So that you can really screw up the temporary config, and when everything goes to hell, reboot the switch and everything should be peachy again. Anyway, I did see another copy of the user/pass data at 0x013b0400, two megabytes after the first copy, so maybe that’s how this double config thing works.

Anyhow! Yay! The switch is mine now! My naming scheme for computers is names of fictional musicians (e.g. Jake and Elwood Blues), plus fanciful stage names of real musicians (e.g. Tank Slagknuckle and Stellar Tellar).5 So, I’m pleased to introduce Mr. Fabulous:

Beauty shot of the switch installed in a network rack Wider shot of the network rack

Mr. Fabulous been doing strong work for a month or two now, and I’m very pleased. I set up a VLAN for some of my Internet of Shit devices, and the switch’s port mirroring capability made that very easy to debug. The switch’s extremely beefy-looking internal power supply has had zero trouble taking care of the four powered devices on my network - I’ve never noticed the switch get perceptibly warmer than ambient temperature.

relaxen und watschen der blinkenlichten

Given the one to two decade old network security of the switch’s web interface, I’ve placed that off in an inaccessible subnet, and I do all my admin through the serial console. Just because I’m too lazy and simpleminded to hack this thing over the network, that doesn’t mean everyone is.

Thanks for reading!

  1. Why is Screen a serial communication console as well as a window manager and a bad process supervisor? IDK, I slightly resent Screen. Give me Tilix any day! Except the day I need to talk to a crusty ol’ serial console. Humph. 

  2. Re: data transmission, check these videos out if you want to be fascinated, or this paper if you want to be both fascinated and bored! 

  3. According to an article from hackaday,

    There is no uniform way that ARM processors are booted and there’s no uniform or even standardized boot software for ARM-based chips.

  4. It’s not the real one, since I told you too much about the institution the box came from. The real password had an air of sadness though. 

  5. I made an exception for this switch’s predecessor. I thought that since it was a Power over Ethernet (PoE) switch, it should be called Edgar Allan. But I bet everyone with a PoE switch thinks the same thing :-/ 

Delights of a Minnesotan Gigabit Switch (part 2, good fans and bad hax)

My charming blue piece of history arrived with two problems:

  1. Its fans were noisy
  2. Its management interface was locked and I didn’t know the password

Good Fans

For problem 1, the solution was obvious: new fans. It needs two of these:

IMG_0617 fan-3f7b15.JPG

The OEM parts only seems to exist in odd places now, but the concept is universal and cheap: 5 Volt 40x40x10mm fans. PCs use 12 Volt versions, you have to be careful to get 5V. And match or go under the watts of the existing item. I bought Noctua NF-A4x10 5V fans, with 3-pin connections. This worked fine, except that the original fans’ power connectors appeared to be wired backwards from the new ones. WTF wat. I checked with a voltmeter and yeah.


The helpful Austrians at Noctua anticipated this kind of problem, and sent some solderless, insulation displacement connectors and plenty of adaptors and extension cables. This let me fix the wiring without destroying anything actually connected to the fan. The connectors, the transparent orange thingies flopping around below, work great, but only if you squash them COMPLETELY. My fingies, my hands, and even I’m ashamed to say my teeth, were not sufficient to close them and make a good connection - pliers are a must.

fan wiring screengrab.jpg

The fans are quiet! One reason they’re quiet is that they’re lower power than the old ones, but with only three Powered Devices attached, I’ve never noticed the switch get hotter than ambient.

A weird thing is that I’m 80% sure the fans blow in opposite directions. The one you can see well in the video is an exhaust fan, but I think the other one blows on the “lee side” of the PoE power supply, so that it isn’t becalmed.

Bad Hax

Anyway, that accomplished, it was time to attempt to gain control. The switch’s model number is Waters Network Systems GSM-2112-POE. Here is its manual. As it arrived, I did not even know its IP address - I tried pinging its factory default, but no dice.

To find what it thought of as its address, I connected to it with an ethernet cable and ran sudo tcpdump -i enp38s0f1 (the latter being the name of my wired ethernet device apparently). This worked, it considered itself I set my laptop up as its neighbor, .209, added a route, and sure enough I could ping it now. Time to telnet!

Screenshot_2020-10-22 Microsoft Word - GSM2112_poe_manual doc - GSM2112_poe_manual pdf.png

That’s from their manual - it looks so easy! But the default admin/admin login was not in place. I dejectedly tried passwords like admin, nimda, root, toor, wizard, 12345, qwerty, asdf, zxcv, xyzzy, hunter2, and so on, but alas: nuthin.

I poked around for a telnet password brute-force program, and found Hydra plus a list of the 10k most common passwords. I set it going, but it turned out that the telnet service on the box was not actually reliable enough to brute force very well. Apart from actual failed logins, it would also just disconnect pretty often.

I had noticed that if you fail to login, it will eventually provide you help:

Please keep the serial number and contact the sales representative !


L2 Managed Switch - GEPoEL2-SW12


This implies that there’s some way to reset the password over the network, maybe over telnet or maybe with a magic packet of some kind, computed from the serial number? Without anything more specific to go on, I didn’t feel like investigating further. I did try actually contacting sales, but Waters Network Systems’ sales staff did not get back to me despite my polite and complimentary e-mail. All the phone numbers I tried from the web site were disconnected. I tried hard in google and found a current office for the company in a town called Hayfield: it does seem to exist still, but I was making progress on other fronts so I never did manage to get in touch.

Inside the case are two jumper switches, and on the outside is a Reset button. I thought maybe it would do a factory reset if you cross your eyes, remove one jumper, hold Reset for 22 seconds, and pray to Saint Dunstan (patron saint of locksmiths)? I tried every combination of the jumpers and the button I could think of, but no joy.

The switch runs its management web site on thttpd 2.0.4, which was released in 1998.

HTTP/1.1 200 OK
Server: thttpd/2.04 10aug98

And sure enough, it has a 1998-style security hole: a buffer overflow when parsing the If-Modified-Since header, discovered by DJB (who has the coolest domain name, cr.yp.to). Unfortunately, I was not able to find a pre-made exploit for this two decade old vulnerability. And in terms of actual development of exploits, I know just nothing at all. Smashing the Stack for Fun and Profit passed me right by…

But there could still be web app vulnerabilities! Command injection! Arbitrary file reads! That would also be right in style for 1-2 decade old software! Even before I logged in, some of the pages would load skeleton versions with no data. But I was having a heck of a time guessing more than a couple page names, and the manual frustratingly did not show the URL bar on the screen caps. One feeble exception:


At this point, I ordered a USB -> db9 serial cable. I hoped that the console port on the back would give me more privileged access.

Screenshot_2020-10-23 Waters Network Systems GSM-2112-POE 12-port ProSwitch PoE Gigabit Switch eBay.jpg

Spoilers, YES it did! I recommend that you get excited for PART THREE in which I… PWN! THAT! SWITCH!

Delights of a Minnesotan Gigabit Switch (part 1, background)

My old Asus wireless router was done. Dropped connections, Drawfee constantly interrupted, the black box physically hot all the time. Hardware fault? Crypto miner? Unauthorized host of copyrighted videos and malware? Who could say? I felt the pain, but an excitement was also brewing: A chance to Do It Right, read, obsess, crawl on my belly like a reptile (under the house with Ethernet cable). Yes. r/HomeNetworking shot up the ranking on my new tab screen. (I poked my head briefly into r/homelab before deciding that honestly I do have limits). After a discernment process, I bought a lightly used UniFi ensemble, and the calm blue glow cheered my heart.


I made what I felt were elegant loopies going up to my patch panel.

network on wall.jpeg

But what is someone who buys the fanciest system and then… stops? The boring kind of nerd. They have no ambition, only purchasing power from a good job in IT related fields. I thirsted for something more. Something rack-mounted, yeah, and old. Something inscrutable. But something supplying power over Ethernet, because a separate PoE injector is inelegant. And not 100 megabit, hey, even our Comcast is faster than that.

Many fresh faces stared at me from eBay. But too fresh.

Screenshot_2020-10-21 BV-Tech 5 Port Gigabit PoE  Switch (4 PoE  1 Ethernet Uplink) – 65W – 802 3at 813076025507 eBay.png BVTech, gadish!

Screenshot_2020-10-21 Netgear Prosafe FS728TP 24 Port 10 100 POE Smart Switch w Rack Ears 801096835138 eBay.png Netgear, at least it’s metal

Screenshot_2020-10-21 TRENDnet 10-Port Gigabit PoE  Switch Web Smart 710931161106 eBay.png TRENDnet, entertaining that the status LEDs’ arrangement has no relationship at all to the row of ports

The Cisco Catalyst and HP ProCurve stirred me a little more. Screenshot_2020-10-21 Cisco Catalyst 3560 WS-C3560-48PS-S 48 Port 100Mb s Fast PoE Ethernet Switch eBay.png Screenshot_2020-10-21 HP ProCurve 2520-8 8 Port PoE 10 100 Rack Mountable Network Switch J9137A eBay.png

Gigabit is cheap, actually, in the used market, and so is PoE. But the combination is both expensive and bulky. I realized that almost all of the charming ones were a few inches too deep for the tiny network rack I’d bought from a German roboticist in a police station parking lot outside Indianapolis.

Frustrated and increasingly frantic, I returned to the very, very end of my eBay watch list, to a box that had caught my eye a week earlier. Waters Network Systems, you say? Who the heck is that?

Screenshot_2020-10-21 Switches from Waters Network Systems.png

A website ©2011, featuring case studies of jelly bean iMacs!

Screenshot_2020-10-21 Google Maps.png

A sheet metal office in a Minnesota town literally called Hayfield!

Screenshot_2020-10-21 Waters Network Systems GSM-2112-POE 12-port ProSwitch PoE Gigabit Switch eBay.png

A blue metal case with noisy fans, for $50 OBO. Pulled from a school in Boca Ratón but currently living in Brooklyn. Yes. This is the level of mystery I want in my life. Gigabit, PoE, AND it fit the rack with whole inches to spare. I bought it for $45 plus shipping, and it arrived strong and blue, four days later.

The fans had the shottest bearings I ever did hear.

And the management interface was still password protected. The Reset button wasn’t that kind of reset button. Por favor, get excited to hear how I beat down these obstacles! You can now read part two, in which I fix the fans and don’t quite own the switch, and part three in which I break in!

Doctests in Octave

Hey nice, ten years later my goofy hack of prefixing all the variables with DOCTEST__ still lives on in the octave-doctest package! I love to see it.

Blog renewal / sorry for RSS spam

Hey, I’m switching around my blog hosting. Hopefully if it’s easy to post, I will post more than once every 6 years. And, just in case there’s somehow still someone using Atom to follow this blog, sorry for reposting all that stuff from 2014.

Wait, is that William Carlos Williams?

3-part PSA:

  1. Don’t run the disposal if there is glass in it.

  2. Remove glass from the disposal if it ends up there, or at least let people know.

  3. The disposal is broken because it is full of glass.

– Paul Stewart, a former housemate.