Things I've built and thought about.
Project writeups, technical deep-dives, and whatever else I found interesting enough to write about.
For nearly four years, a script has been logging every song I listen to on Spotify into Google Sheets. I forgot about it. Then I needed it.
Comick.dev's comment API was leaking user emails for replies to shallow comments. I found the pattern, proved it, and reported it.
An artist I follow on Instagram posts hundreds of drawings, but mixed in are variations of this one specific hamster reaction image. I scraped their entire profile and built a classifier to find them all.
YouTube only shows like counts after you open a video. I built a Chrome extension that fetches them from YouTube's internal API and displays them inline on every video listing across the site.
Popular manga reading site Mangabats leaks every commenter's email and phone number through its public comments API. I wrote a script to prove it.
Every manga site is either drowning in ads or missing the series I'm reading. So I built my own reader that scrapes over two dozen sources, caches chapters for offline reading, and runs as a PWA.
I wanted a music player that streams from my own server. I don't own a Mac. So I wrote a native iOS app on my phone, compiled it on a jailbroken iPhone, and connected everything through a VPN.
Numerade's undocumented API exposes their entire textbook catalog. The books are stored on Google Drive with public access, and some appear to come from shadow libraries. Any registered user can retrieve them.
Numerade locked video answers behind a subscription paywall. The videos themselves lived in public AWS S3 buckets. A userscript, a few HEAD requests, and you had unrestricted access.