Image Editing with LLMs

Yes, you read that correctly. Large language models (LLMs) can come in handy for not just text and image generation—they can be versatile image editors too. Perhaps you’ve uploaded a photo of yourself to your favorite LLM and asked it to generate a caricature of you or portrayed you as a celebrity being chased by paparazzi. These are LLM-based examples of image editing in which you start with an image, add your text-based prompt to manipulate the image, and the result will hopefully resemble what you had in mind.

I recently came up with another use case for image editing. I was trying to find a high quality image of the Eagles’ Hotel California album cover. I searched the web and found many photos and scans of the album cover, but they all had one major shortcoming—the dark areas in the bottom half of the image had little to no detail. Here are 2 such examples:

I uploaded the images to both Copilot and ChatGPT and entered the following prompt: “These are 2 photos of the cover of the Eagles "Hotel California" album with different exposures and levels of detail in the shadows. Merge them into 1 photo and recover details from the shadows. Significantly boost the shadows so that it is possible to see the trees and bushes. Preserve the fluorescent "Hotel California" words that are superimposed on what looks like a car's side view mirror. Also boost the fluorescent "Hotel California" words so they are more bold. Preserve the original aspect ratio. Reduce overall contrast by making the sky a warmer golden glow and increase overall brightness, especially in the darker shadows.” I got very similar results with both Copilot and ChatGPT, and here is the result from the latter:

As you can see, ChatGPT did a remarkable job of creating the bushes in the lower half of the album cover. I honestly don’t know if it was able to recover detail from the source images or if it generated the bushes from scratch (or perhaps a combination of both). In any case, I was very happy with the recovery of what was otherwise lost detail. It also slightly sharpened the palm trees and did a very nice job of highlighting the “Hotel California” stylized wording while preserving its original look and feel. This was exactly the kind of image quality I had hoped to find in a Hotel California album cover, and although I was unsuccessful with my search, I was thrilled to learn that LLMs could generate the next best thing.

If you’re wondering why I wanted such an image, it’s because I wanted to 3D print the Hotel California album cover, and I wanted to include some detail in the bottom half rather than have it appear pure black. Here is the resultant 3D print:

If you have a 3D printer, you can access the 3D model and print profiles here. I hope this give you ideas for how you can use LLMs to edit photos.

TP-Link Router Exploitation

I recently received an email notification from Spectrum, my internet service provider. It warned that some TP-Link routers may be vulnerable following a recent FBI-identified security issue. Because I don’t rent my modem and router from Spectrum, they can’t fix it remotely. They recommend that I (1) update the firmware, (2) change the admin password, and (3) replace the router if it’s over 5 years old.

I explored the links provided in the Spectrum email notification. The first is a link to an FBI Public Service Announcement (PSA). It says that the Russian military, specifically the group known as APT28, Fancy Bear, or Forest Blizzard, is conducting attacks on vulnerable home and small-office routers around the world. This allows them to intercept internet traffic so they can steal passwords, authentication tokens, emails, and browsing data. High-value targets include military, government, and critical infrastructure.

Specifically, the PSA refers to CVE-2023-50224 where CVE stands for “common vulnerabilities and exposures”, 2023 is the year the vulnerability was found, and 50224 is a unique identifier for the flaw. A TP-Link security advisory lists the legacy products that are impacted by CVE-2023-50224 (i.e., the models targeted by APT28) and their remediation status.

Fortunately my TP-Link Deco S4 version 3.6 mesh router system is not on the list. I updated the firmware just over a year ago to build 20240927 (i.e., September 27, 2024). The firmware description does not comment on whether specific CVEs have been fixed, but given that CVE-2023-50224 was identified in 2023 and the firmware update was Build 20240927 (i.e., September 27, 2024), I assume the vulnerability, if it existed on my model in the first place, has been patched.

On a related note, I came across a list of TP-Link End of Life Products and discovered that my TP-Link Deco S4 version 3.6 has an “EOS Notification Date” of 7/27/2025 and an “EOS Date” of 1/27/2026. TP-Link defines End of Life (EOL) products as “products where the production has either ended on the model or the specific version of the model.” Of greater relevance to security vulnerabilities are 2 additional milestones as defined in the TP-Link EOL Policy. The End of Sales (EOS) date is when TP-Link discontinues a product. The End of Maintenance (EOM) date is when TP-Link will no longer provide support or maintenance for a product. So if I interpret these definitions correctly, the first thing that happens is EOL when TP-Link stops producing a model. Then EOS occurs when TP-Link stops selling and accepting new orders for the product. And finally EOM occurs when TP-Link no longer supports the product (I assume this includes firmware updates). So even though my Deco S4 version 3.6 is no longer sold (at least not by TP-Link; it is still sold by Amazon via the link above) according to the EOS Date, I have not received any clear indication that it is no longer maintained. According to ChatGPT, TP-Link does not publicly disclose EOM dates but in general, EOM occurs roughly 3 years after EOS and the only way to determine the EOM date for a specific model is to contact TP-Link support.

The PSA also refers to a UK National Cyber Security Centre Cybersecurity Advisory. It provides a more detailed description of APT28 malicious activity and provides a non-exhaustive list of specific TP-Link router models targeted by APT28 that closely resembles the TP-Link security advisory for CVE-2023-50224.

The bottom line, as described in the Spectrum email notification, is that your router is a device that can have security holes, similar to your desktop/laptop computer or phone. It is therefore important to keep your router firmware updated similar to how you’d update the operating system on your computer or phone. Additionally, you should practice good security hygiene by using strong passwords and replacing equipment that is no longer supported by the manufacturer.

Website Change Detection

I recently encountered a work-related scenario in which I felt that it would be beneficial for me to know when a website had been updated. The website in question performs periodic updates of certain kinds of data in a downloadable file format, but it does not offer a notification mechanism (e.g., via email, RSS, or other technology) when such changes occur. That led me to explore options for website change detection.

There appear to be many options available, but I found that most of them required subscriptions. Because I am merely evaluating these technologies, I was only looking for free options. That led me to sign up for accounts at Visualping and PageMonitor. I configured both of them to monitor my blog, https://digitaldaddyla.blogspot.com/.

Visualping and PageMonitor use slightly different methods to determine if a change has occurred. For Visualping, setting up a new monitor requires entering the URL and specifying either an AI prompt to describe what changes you are looking for or “Any changes” which they label as “No AI used” as depicted below. I used the “Any changes” option. I also had the option to specify the frequency of page checks, and I chose “every day”. It did not allow me to specify an exact time.

For PageMonitor, setting up a task requires that you specify a URL to display the current webpage. From there, you specify both an “Anchor area” and “Region of interest” by drawing boxes around both regions. The region of interest is the part of the page you want to monitor. The anchor area is a reference point that is used to relocate the region of interest each time the page is checked—this should be an area of the page that is not expected to change. You then specify how often to run the task. When I chose “once a day”, it prompted me to enter a time, for which I think I chose 7 AM.

I have since published 7 new blog entries and have been receiving email notifications from both Visualping and PageMonitor. For the purpose of this blog post, I am presenting my findings based on review of change logs in each of my accounts. Here is a summary.

I have several observations. First, I noticed that Visualping failed to detect my most recent blog post on 4/17/2026, while PageMonitor has not missed any new blog posts. It is not clear to me why Visualping did not detect the 4/17/2026 blog post. One possibility is that I have not logged in to my account since setting up the monitoring job. I received an email from Visualping on 5/2/2026 that stated, “We have not seen you for 3 months! We would like to confirm that you are still interested in us checking things for you. Please login in the next 3 days to keep your current monitoring frequency. Otherwise, your job frequency will be reduced to checking only once a month.” However, my monitoring frequency would have to have been reduced prior to 4/17 to explain the false negative.

Second, the elapsed time between blog publication and webpage change detection was generally 1 day for both Visualping and PageMonitor. However, there was one blog post (Chicken Al Pastor and Oxford Commas) which was not detected by Visualping until after 2 days.

Third, Visualping seems to detect website changes at different hours of the day, while PageMonitor allowed me to specify exactly what time to run my daily task. Notice that the transition from 7:01 AM to 8:01 AM can be explained by Daylight Saving Time beginning on Sunday 3/8/2026.

My final observation is that PageMonitor occasionally alerted me to changes to my blog when I didn’t make any. For example, the “3D Printing Without Wi-Fi” blog that I published on 2/13/2026 was correctly detected on 2/14/2026. However, PageMonitor detected changes on 2/25/2026 and 2/26/2026. I suspect that maybe an image did not load on 2/25 which resulted in a conclusion that the page appeared different, and then the image properly loaded on 2/26 which resulted in another conclusion that the page changed again.

Another example of a false positive from PageMonitor is from my “3D Printing and Firearm Blocking Technology” blog post on 4/17/2026. Following a successful detection on 4/18/2026, it falsely detected a change on 4/29, errored out on 4/30, and falsely detected another change on 5/1, even though I did not make any edits to the blog post or publish any new blogs.

In conclusion, based on a small sample size, Visualping appears to err on the side of false negatives, and PageMonitor seems to err on the side of false positives. It is possible that some of these errors could be due to webpage itself (e.g., images not loading). In any case, I find both Visualping and PageMonitor to be useful for detecting changes to websites. If you are looking for free options, I would recommend checking out both of them.