Projects

Things I build and write about, mostly because I needed something that didn't exist yet and couldn't stop thinking about it until it did.

Hold Your Domain — a rant about why startups lose their domains to integration companies, freelancers, and their own negligence. Ten ways it goes wrong, one checklist to not be that startup.

Bloom Filter Visualization — an interactive 4,000-bit bloom filter you can actually play with. Watch a thousand words dissolve into probability and see where false positives come from.

haveibeenfiltered

haveibeenfiltered checks passwords against breach datasets locally. It squeezes 2 billion SHA-1 hashes from Have I Been Pwned into a 1.79 GB ribbon filter that runs on your machine — if you've got 2 GB of RAM to spare, nothing leaves your box.

The npm package has zero dependencies — just Node builtins. Filter files live on a CDN and get pulled once when you ask for them; after that, every check is offline. Source is on GitHub.

haveibeenfiltered screenshot

MRI.pics

MRI.pics is a browser-based viewer for medical images — MRI, CT, X-ray, DICOM files, hospital CDs. Everything runs in your browser, nothing gets uploaded anywhere.

Built it because viewing your own scans shouldn't require installing sketchy software from a 2003-era hospital CD or begging the radiologist for a second look. Just open the page and drag your files in.

MRI.pics screenshot

88x31.lol

88x31.lol brings back the retro hit counter badge. Those 88×31 pixel visitor counters were everywhere in the early web — then they just vanished. Turns out nobody still offers a simple embeddable one, not even Google. So I made one.

It's just an image tag — no JavaScript, no cookies, nothing to configure. Paste it in and it shows today's unique visitors and your all-time total. Bloom filters handle the counting without storing anything identifiable. Comes in eight color themes.

88x31.lol screenshot

DIGUS

DIGUS does WHOIS, IP, SSL, MX and DN42 lookups in one place. 1,448+ WHOIS zones, IP geolocation with ASN data, SSL/TLS inspection down to cipher suites and security headers, MX records with SPF/DMARC/DKIM analysis, and grading for each check.

No account, just type and go. Existing WHOIS tools are either paywalled, covered in ads, or only do one thing at a time — so this does all of it.

DIGUS Whois screenshot

Who touched my SSH?

Leave port 22 open for a few hours and you'll meet the entire internet. whotouchedmyssh.com maps all that uninvited attention — every brute-force attempt geolocated and plotted as it happens.

Millions of bad passwords, thousands of source IPs, all trying root/root and hoping for the best. It's basically a lava lamp for people who read auth logs.

Who touched my SSH screenshot

☕ By the way — that coffee mug up top? It's been shattered a bunch of times.