{"id":13404535,"url":"https://github.com/captn3m0/ideas","last_synced_at":"2026-02-17T03:30:14.745Z","repository":{"id":19675478,"uuid":"22929272","full_name":"captn3m0/ideas","owner":"captn3m0","description":":rocket: Ideas for everyone under a CC licence. Feel free to use. I'll send you a postcard if you build anything on this list.","archived":false,"fork":false,"pushed_at":"2025-02-13T10:01:50.000Z","size":532,"stargazers_count":472,"open_issues_count":0,"forks_count":51,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-02-13T11:23:56.812Z","etag":null,"topics":["creative-commons","ideas","sharing"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/captn3m0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"captn3m0","ko_fi":"captn3m0","liberapay":"captn3m0"}},"created_at":"2014-08-13T19:57:47.000Z","updated_at":"2025-02-13T10:01:55.000Z","dependencies_parsed_at":"2024-11-08T05:50:40.056Z","dependency_job_id":null,"html_url":"https://github.com/captn3m0/ideas","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/captn3m0%2Fideas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/captn3m0%2Fideas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/captn3m0%2Fideas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/captn3m0%2Fideas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/captn3m0","download_url":"https://codeload.github.com/captn3m0/ideas/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239826149,"owners_count":19703431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["creative-commons","ideas","sharing"],"created_at":"2024-07-30T19:01:46.773Z","updated_at":"2026-02-17T03:30:14.685Z","avatar_url":"https://github.com/captn3m0.png","language":null,"funding_links":["https://github.com/sponsors/captn3m0","https://ko-fi.com/captn3m0","https://liberapay.com/captn3m0"],"categories":["Others"],"sub_categories":[],"readme":"---\npermalink: /ideas/\n---\n\u003e There's no such thing as an original idea. Every idea worth having has been\n\u003e had thousands of times already.\n\u003e\n\u003e - [swombat](https://news.ycombinator.com/item?id=250793)\n\n**Legend**\n\n- ✨ - Favorite Ideas. I really like this, and you could possible build a\n company of some of these.\n- 🎁 - I'd love to help you build this, consider this like a bounty\n- πŸš€ Someone (might be me) built this!\n- 🚧 There is a work-in-progress implementation.\n- πŸ‘©β€πŸ”¬ Research ideas\n\n:heart: You'll get a personal postcard from me for building something on this\nlist\n\nThe :poop: ideas (I thought might work at one point, but no longer consider\nworth building) are at [BADIDEAS.md](BADIDEAS.md).\n\n\u003c!-- npx doctoc --github --update-only --maxlevel 2 README.md --\u003e\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Introduction](#introduction)\n- [✨🎁 Collaborative Bookmarking](#-collaborative-bookmarking)\n- [πŸš€Lightspeed for Chrome](#lightspeed-for-chrome)\n- [Personal Social Media Analytics](#personal-social-media-analytics)\n- [API for Workflowy](#api-for-workflowy)\n- [Email on top of keybase (or other social-media-proofs)](#email-on-top-of-keybase-or-other-social-media-proofs)\n- [πŸš€ Newsletters for GitHub](#-newsletters-for-github)\n- [πŸš€Hacking via OAauth tokens](#hacking-via-oaauth-tokens)\n- [Pluggable Notify Daemon for Linux](#pluggable-notify-daemon-for-linux)\n- [πŸš€Telegram To RSS](#telegram-to-rss)\n- [🎁 Disable Local Fonts Extension](#-disable-local-fonts-extension)\n- [Arch Linux Package Build System](#arch-linux-package-build-system)\n- [Hacker News Research Bot](#hacker-news-research-bot)\n- [🎁 🚧 Slack Dialer](#--slack-dialer)\n- [Database Conversion Toolkit using an ORM](#database-conversion-toolkit-using-an-orm)\n- [🎁 Tachiyomi Headless](#-tachiyomi-headless)\n- [πŸš€ OPML Generator](#-opml-generator)\n- [🎁 🚧 Bangalore Events List](#--bangalore-events-list)\n- [πŸš€ Amazon Price Tracker with RSS](#-amazon-price-tracker-with-rss)\n- [OPML Sync](#opml-sync)\n- [✨🎁 Sanskari Proxy](#-sanskari-proxy)\n- [Helm Charts for Self-Hosting](#helm-charts-for-self-hosting)\n- [Fake Paytm Payment](#fake-paytm-payment)\n- [✨ Automated Personal Finance](#-automated-personal-finance)\n- [CardDAV on Slack](#carddav-on-slack)\n- [✨ UPI on Desktop](#-upi-on-desktop)\n- [Twitter Adventure Maker](#twitter-adventure-maker)\n- [:rocket: Playstore RSS Feed for Version Updates](#rocket-playstore-rss-feed-for-version-updates)\n- [Calendar Feed for Event Websites](#calendar-feed-for-event-websites)\n- [SVG to PNG on the Edge](#svg-to-png-on-the-edge)\n- [NammaBescom OCR/Overlay Bot](#nammabescom-ocroverlay-bot)\n- [🎁 Mars: Terraform Remote HTTP Backend with End-to-End encryption](#-mars-terraform-remote-http-backend-with-end-to-end-encryption)\n- [🎁 iOS OPDS File Provider](#-ios-opds-file-provider)\n- [iOS/MacOS \\*sonic File Provider](#iosmacos-%5Csonic-file-provider)\n- [collaborative-bookmarking](#collaborative-bookmarking)\n- [πŸ‘©β€πŸ”¬ Boardgame AI Gym](#%E2%80%8D-boardgame-ai-gym)\n- [🎁 ✨ Green/Yellow Pages](#--greenyellow-pages)\n- [🎁 communities browser extension](#-communities-browser-extension)\n- [onioncannon](#onioncannon)\n- [πŸš€PyPi Notifier](#pypi-notifier)\n- [codenames-ai](#codenames-ai)\n- [Verifiable Code Execution on Cloud](#verifiable-code-execution-on-cloud)\n- [Browser Extension: youtube-cue](#browser-extension-youtube-cue)\n- [Stitch EPUBs from multiple URLs](#stitch-epubs-from-multiple-urls)\n- [OpenAPI Specification Generator from HTTP Archives](#openapi-specification-generator-from-http-archives)\n- [Open ISIN API](#open-isin-api)\n- [A Survey of the Electron Supply Chain](#a-survey-of-the-electron-supply-chain)\n- [2fa.wiki](#2fawiki)\n- [Boardgame Rulebook Translation Guide :construction:](#boardgame-rulebook-translation-guide-construction)\n- [Simple Firejail/Bubblewrap wrapper for AUR/NPM/pipx packages](#simple-firejailbubblewrap-wrapper-for-aurnpmpipx-packages)\n- [Probe the Great Indian Firewall](#probe-the-great-indian-firewall)\n- [A Practical MRNL Service (Mobile Number Revocation List)](#a-practical-mrnl-service-mobile-number-revocation-list)\n- [A physical variable Fuzzy Clock](#a-physical-variable-fuzzy-clock)\n- [A curl impersonation proxy](#a-curl-impersonation-proxy)\n- [A Whisper UX Design Pattern](#a-whisper-ux-design-pattern)\n- [Tareeqh pe Tareeqh](#tareeqh-pe-tareeqh)\n- [Mobile App Traffic RE Platform](#mobile-app-traffic-re-platform)\n- [One-Page RSVP Platform on Edge Compute](#one-page-rsvp-platform-on-edge-compute)\n- [One Page Event Hosting platform](#one-page-event-hosting-platform)\n- [Price Index for Indian Grocery Websites](#price-index-for-indian-grocery-websites)\n- [Bangalore Adblock Art Project](#bangalore-adblock-art-project)\n- [PURL Canonicalization](#purl-canonicalization)\n- [Nutri-score calcuator](#nutri-score-calcuator)\n- [Indian Grocery Barcode Database](#indian-grocery-barcode-database)\n- [showtimes.in](#showtimesin)\n- [India Automobile Privacy Review](#india-automobile-privacy-review)\n- [Licence](#licence)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Introduction\n\nThis is a open repository of personal ideas. Some of these are based on personal\ninteractions, bug reports, and discussions I've had with lots of people. I've\ntried to give credit wherever possible. I also try to reference similar/existing\nprojects that might relate to the idea, so if you know of something that is\ninteresting in that space, file a PR or send me a link.\n\nThe emojis are just indicative. Make something people want is the YC motto, but\nsometimes you must make something for no good reason other than \"just because\".\n\n## ✨🎁 Collaborative Bookmarking\n\nThere are a dozen bookmarking services out there, many of them quite well done.\nHowever, most services are focused on the idea that bookmarking is a lone-person\nhabit, which someone does in isolation.\n\nI've often described the idea as \"dropbox for bookmarks\". The core concept is to\nallow a bookmarking \"tag/folder\" to be shared with another user, two-way. This\nmeans any of the shared members can add/remove bookmarks from that folder. All\nupdates (addition/deletion/edits) are notified to every member in the group.\n\nBookmarking for Teams, in essence. Some good alternatives are\n[listed in this quora answer](https://www.quora.com/Hello-What-are-the-best-web-apps-for-sharing-bookmarks-across-a-team),\nwhich you should read and follow if you're interested in this.\n\nI've described this idea somewhat better in a chat log at\n[collaborative-bookmark.md](collaborative-bookmark.md) Google Spaces did some\nnice work here, but the product was shut down within an year of launch.\n\n## πŸš€Lightspeed for Chrome\n\n[Lightspeed](https://www.youtube.com/watch?v=wLnSLFrQDG8) is an experimental UI\ndesign (not implemented) for Firefox that focuses on making the New Tab page\nmore functional by giving the browser a decent way to search across bookmarks,\nopen tabs, and history.\n\nIt is a pretty neat idea (see the video linked above). My first thought on\nseeing the video was that most of that stuff could be done using the Chrome APIs\nfor Chrome as well. Chrome does offer a way for an extension to override the new\ntab page, after all.\n\nThe discussion on [HN](https://news.ycombinator.com/item?id=8151271) is also\nvery good.\n\n_Update_: There is some progress on the WebExtension porting of Lightspeed,\ngiven the recent Firefox updates. With this in place, it should be relatively\neasier to port the webextension version to Chrome itself.\n\n_Update_: [@tallpants](https://github.com/tallpants) made this:\nhttps://github.com/tallpants/lightspeed\n\n## Personal Social Media Analytics\n\nWolframAlpha launched a [Personal Analytics](https://www.pcmag.com/news/hands-on-wolfram-alphas-personal-analytics-for-facebook)\nfeature for your facebook data back in 2013. It is no longer accessible, but\nit generated some stock analytics and boring graphs. \n\nThey weren't really that helpful. I'd like an easy query interface that let me\n\"filter\" data points, and get back open-data via the Graph API. This means, for\neg, getting the most liked music artist among a subset of my friends. The\ninterface I'm thinking of right now is like Gapminder, which allows you to\n\"play\" the dataset as it evolves over time.\n\nA recommendation engine built on top of my facebook data is a good idea, I\nthink.\n\nSince the idea is a decade old, it seems everyone has given up on using APIs for this kind of work, and modern\nincarnations of this idea are all based on data-export-dumps. See the following for example:\n\n- https://github.com/skglas/tweetarchive-to-sqlite\n\n## API for Workflowy\n\nWorkflowy is a cool tool that I use for note-taking. It allows infinitely nested\nlists with @mention and #hashtag support. One thing it lacks currently is API\nfor me to access my own data. I think workflowy is a great tool that could\nbecome a lot better if there were a way for developers to hook into it. (For\nexample using workflowy as a data-backend for a todo-app).\n\n## Email on top of keybase (or other social-media-proofs)\n\nReplace Keybase with [Keyoxide](https://keyoxide.org/), [Keys.pub](https://keys.pub/), [WKD](https://wiki.gnupg.org/WKD),\nor [rel=pgpkey](https://indieweb.org/OpenPGP).\n\nMake it easier to discover encryption keys for users via email plugins\nthat pickup keys from one of the above sources.\n\n1. Compose an email to name@username.dev.\n2. Extension pops up: \"Hey, I found a key for this email address\n published under a social proof for twitter/@username as well as on the website\n username.dev.\n3. If user clicks yes, fetch the key, and use that to encrypt your mail.\n\n**Caveats**: PGP is pretty terrible, and does not work in practice. It is probably\nbetter to just use Signal or Wire or something else.\n\nOnce [Signal launches usernames](https://www.theverge.com/2023/11/9/23953603/signal-username-feature-test-phone-numbers-privacy-security-pre-beta-2024-launch),\nwe should find a way to link social-media-proofs to signal usernames instead.\n\n## πŸš€ Newsletters for GitHub\n\nA lot of github project owners would like to send out newsletters to all of\ntheir stargazers. However, GitHub doesn't provide anything for that. An easy way\nwould be to integrate StarGazers with MailChimp, making sure that people can\nunstar a project to unsubscribe from the mailing list.\n\nOnly the repo owners and collaborators (maybe) should have access to sending out\nnewsletters. For bonus points, you can replace mailchimp with your own solution.\n\nThis could even be monetized slightly for paying off your server costs:\nnewsletter access for projects with \u003e1k stars (the mailers that would cost you\nmoney) cost money to the repo owner as well.\n\nSo a tiny python package pays nothing to update its users about a new release,\nbut if Angular team wants to send out an update, that gets paid.\n\nAnd finally, this should automatically subscribe you to any new GitHub releases\nin any project you have starred. This is a missing feature that I think can be\nbest implemented by a third-party for now.\n\n_Update_: GitHub now supports\n[watching releases](https://github.blog/changelog/2018-11-27-watch-releases/).\n\nThere are **lots** of related projects in this thread:\nhttps://github.com/isaacs/github/issues/410\n\n## πŸš€Hacking via OAauth tokens\n\nWhile pen-testing, once you've gained access to the target, it is often\nnecessary to install a backdoor to mantain the access. While this is easily done\nin case of root access to the machine, this is not that easy if the target is an\nemail account, lets say.\n\nMany online services today (with data of considerable value) offer developers\nprogrammatic access to their data by use of APIs, which are usually\nauthenticated via OAuth tokens. What I intend to build is a suite of\napplications (or a single large one) that allow you to use the application as\nanother user, just by setting up an access token.\n\nWhile this is certainly possible with existing tools (such as the Facebook Graph\nAPI Explorer), it is cumbersome and not user-friendly. The application will\nmimic the interface, usability, and looks of the actual application to let you\nmaintain access easily enough.\n\n### But OAuth tokens can be revoked\n\nThat is a good point, but one that fails in practice. A password change in most\nservices does not trigger an automatic token revocation because that would leave\na lot of developers and users unhappy. However, neither does any service warn\nyou to check your approved applications (especially after a hacking attempt).\n\n### Procedure\n\n1. You gain access to someone's account.\n2. You create an application (using a fake account or the victim's own account,\n so its not tied back to you)\n3. You setup our app (direct deploy to Heroku)\n4. You configure the app with the application credentials (app id, secret key)\n5. You authenticate the victim's account against the app\n6. You use the application to access the user's account\n\nThe account access will continue till the victim checks his/her approved\napplications.\n\nπŸš€ I made this: \u003chttps://github.com/captn3m0/amon\u003e\n\n## Pluggable Notify Daemon for Linux\n\nNot another window manager daemon, because lots of them already exist and there\nare already good APIs in almost all languages that make it easy to integrate\nwith all of them. However, Linux DEs are still missing an easy way for me to get\nnotifications about the thousands of little different things (such as build\nnotifications).\n\nThe idea is to have a simple config where you can connect your bazillian\naccounts via OAuth, and we will poll all your accounts and give you \"clickable\"\nnotifications for each of them. (GMail notifications might open your mail client\nif you click reply)\n\nKeep it pluggable, otherwise its of no use.\n\n## πŸš€Telegram To RSS\n\nThis is fairly well solved at this point, see the following:\n\n- [There is an existing `TelegramBridge` in RSS-Bridge](https://github.com/RSS-Bridge/rss-bridge/pull/1175)\n that just scrapes telegram HTML.\n- https://docs.rsshub.app/en/social-media.html#telegram\n- https://t.me/Channel2RSSBot\n- https://notifier.in/ (Free for 100 messages/month, paid beyond that)\n- https://tg.i-c-a.su/ (Free with reasonable rate-limits)\n\nYou can see a archive of the original idea at\n[telegram-to-rss.md](telegram-to-rss.md).\n\n## 🎁 Disable Local Fonts Extension\n\nA simple browser extension for web developers that disable local fonts from\nloading. Alternatively, it raises a grave warning if a web-font was bypassed for\na local font. This is helpful if you are a developer:\n\n- And have some specific font installed locally (say Font Awesome)\n- And are developing a website that uses that font locally\n- And forget to include the Font in your stylesheet\n\nThe page continues to function normally in your development setup, but breaks in\nproduction.\n\nBased upon this\n[chrome bug request](https://bugs.chromium.org/p/chromium/issues/detail?id=472136),\nwhich asks for this feature.\n\nI came to know about this because\n[of a comment](https://github.com/captn3m0/disable-web-fonts/issues/1#issuecomment-143665811)\non my \"disable-web-fonts\" extension, which does the opposite. This might be\nhandy for people who want to make sure that web-fonts are working fine for all\nusers.\n\n## Arch Linux Package Build System\n\nThe Arch Linux User Repository is great. Except, a lot of packages rely on\nbuilding-from-source since no binary releases are available. However, the build\nsteps for these packages work very well, resulting in a working build. The idea\nis to create a AUR build server that takes in a AUR package name as input (it\ncan have a whitelist of such packages), runs it in a docker container, and\noutputs a generated package file (`tar.xz`) that can then be directly installed\non any machine.\n\nThis has some security concerns, mainly how do you trust a binary package an\nexternal server built?\n\nPlanning to solve this with attempting reproducible builds, and publishing\neverything. You can audit any build artifact whenever you wish. I'll likely just\nuse the Docker ArchLinux image and build against that.\n\nMoreover, the primary audience for this would be me. I would really like to get\npackages that can be installed much faster because I don't have to build them. I\ncan just have a script that instead downloads the latest build from the server\ninstead of AUR and then just installs the package instead of building it\nlocally.\n\nTake a look at https://github.com/Foxboron/arch-auto-build, which is a very\nsimilar attempt at this idea.\n\nThis is already handled by the Arch Build System (albeit without Docker). Using\nthat might be a better idea.\n\nYou should also look at the https://github.com/archlinux/rebuilder/ if this\nlooks interesting.\n\n## Hacker News Research Bot\n\nA bot that posts paper abstracts and links to PDF whenever a paper referencing a\nresearch paper is posted to Hacker News. Most scicomm posts that make it to HN\nalmost always have a primary paper reference, and someone ends up posting the\npaper abstract along with a link to Arxiv or SciHub usually. A bot that\nautomates this for all HN submissions would be a fun project.\n\n_Update_: Someone did this! See\n[@randomdrake's comments on HN](https://news.ycombinator.com/threads?id=randomdrake).\n\n_Update 2_: The mods are not very happy with the\n[abstract being posted](https://news.ycombinator.com/item?id=16330366), but the\nrest should be good.\n\nFor Bonus Points: Include a link to the fermat library URL of the paper (if\navailable).\n\n## 🎁 🚧 Slack Dialer\n\nAll of our company has contact numbers added on Slack, but it is cumbersome to\nfind someone's profile on Slack. A simple dialer application that does\nOAuth-verification on your Slack profile to get a list of the entire\norganization, and present a simple dialer for all the people who have contact\ndetails added.\n\nInterface would be a simple grid of faces, click to dial, sorted by frequency. A\nsimple search-as-you-type box at the top. Can also be done as a PWA to easily\nmake it cross-platform.\n\nNote that this requires a Slack team with a paid account. I'll help you get a\ntrial so you can build this.\n\n🚧 \u003chttps://github.com/captn3m0/slack-dialer\u003e\n\n## Database Conversion Toolkit using an ORM\n\nSomething that lets you switch your database between SQLite/MySQL/Postgres/...\nby using an existing ORM framework to import and export out the correct\ncommands.\n\nThe grammar differences in most databases are taken care of by an ORM, and the\nremainder is just switching your ORM to use an existing database as the source\nof truth. Even a specific variant (say SQLite to MySQL) would be great to have.\n\nThought of this after spending a lot of time trying to migrate my Grafana/Gitea\nsetups from sqlite to mysql and trying every solution in\n[this SO question](https://stackoverflow.com/questions/18671/quick-easy-way-to-migrate-sqlite3-to-mysql).\n\nThere are some closed solutions to this, but would like a open-source solution\nthat does this well.\n\n## 🎁 Tachiyomi Headless\n\n[Tachiyomi](https://github.com/inorichi/tachiyomi/) is a Android application\nwritten in Kotlin that scrapes comics from various web sources. A headless\nversion of it would be great to have, replacing projects such as\n\u003chttps://github.com/evilhero/mylar\u003e with something much more stable.\n\nThe end goal is something that works as a \"minor\" (\u003c200L) patch on top of\nTachiyomi, and does a JVM-desktop build which can be run anywhere. A sample\nREADME would look something like:\n\nA headless build for [tachiyomi][0] which you can run on your server on a\nschedule to download comics. This downloads the comics in plain images and then\nconverts them to CBZ format with metadata intact. A new release is generated for\nevery Tachiyomi release.\n\nGet the latest release from the [releases page][1]. Download the\n`tachiyomi-headless.jar` file.\n\nRun it as the following:\n\n java -jar tachiyomi-headless -c config.yml\n\nWhere the `config.yml` file looks like:\n\n```yml\ndir: /home/comics/\nformat: cbz\n# All the tachiyomi extensions come pre-loaded\n# https://github.com/inorichi/tachiyomi-extensions\ncomics:\n - http://readcomiconline.to/Comic/Marvel-The-End\n - https://manga-fox.com/one-piece\n```\n\n## πŸš€ OPML Generator\n\nSimple web tool to generate OPML files to let you use RSS feeds everywhere.\n\nI :heart: RSS because it gives me the control of how to consume and read the\ncontent. While many services provide you RSS feeds, they do not give you an easy\nway to export a list of things that you follow.\n\nFor eg: Every repository on GitHub has a releases RSS feed that you can follow.\nHowever, you need to follow each one individually. Thankfully, there is a nice\nspec called OPML which is used to pass around lists of RSS feeds.\n\nWhat if one could generate a OPML feed for:\n\n1. Releases of repos that you have starred on GitHub\n2. Authors that you follow on GoodReads\n3. Bands that you follow on BandCamp\n\nπŸš€ I made a initial working demo recently for the first one, and you can check\nit at \u003chttps://opml.bb8.fun\u003e. The source code is at\n\u003chttps://git.captnemo.in/nemo/opml-gen\u003e.\n\nRelated: https://github.com/RSS-Bridge/rss-bridge (I have contributed a few\nbridges to this)\n\n## 🎁 🚧 Bangalore Events List\n\nSimilar in scope to http://webuild.sg/ or http://engineers.sg/ but for\nBangalore.\n\n- Want to keep the name generic to support non-tech events as well\n- ICS support (WeBuild.sg/cal for demo) is a must-have\n- (They have a RSS feed as well!)\n\nDomain name suggestions are welcome. Since blr doesn't have a TLD, I was\nconsidering using `.events`.\n\nInitial Work: https://github.com/captn3m0/gardencity.events There is also some\nwork from @tallpants on this at \u003chttps://github.com/tallpants/meetup2ics/\u003e\n\n## πŸš€ Amazon Price Tracker with RSS\n\nThere are some nice open source trackers available for Price Tracking Amazon\nproducts, but I would like to see something that generated an RSS Feed.\n\nThis could be built on top of\n[RSS Bridge](https://github.com/RSS-Bridge/rss-bridge) fairly easily.\nConfiguration options would include:\n\n- Min Price (Only add to feed if price is below X)\n- Amazon Country/Domain (Use the specific Amazon website)\n- Item Id\n\nπŸš€ https://github.com/RSS-Bridge/rss-bridge/pull/741\n\n(While the above is merged, this doesn't correctly work because it doesn't cache\nthe information properly).\n\n## OPML Sync\n\nInstead of forcing users to do manual imports of OPML feeds, let them\nauto-subscribe from feeds using a dynamically generated OPML feed. This is not a\nproduct idea by itself, more of a extension idea for existing RSS Readers.\n\nSee related discussion on the\n[tt-rss forums](https://discourse.tt-rss.org/t/subscribe-to-opml/1230).\n\n## ✨🎁 Sanskari Proxy\n\nA lot of Indian Government websites are inaccessible on the public internet,\nbecause they geo-fence it to within Indian Boundaries. I made a list of all\n[Indian Government Websites](https://git.captnemo.in/nemo/pulse/src/branch/master/domains.csv),\nand the idea is to make a Indian Proxy service that specifically works only for\nthe Geo-fenced Indian GoI websites.\n\nFor eg, if `uidai.gov.in` is inaccessible, hitting `uidai.gov.sanskariproxy.in`\nwill get you the same result, proxied via our servers.\n\nThis is not intended to be used for actual usage, just research purposes. Will\nhelp make the UIDAI (and other GoI) websites accessible to a much larger\ncommunity.\n\n_Update_: I made\n[a version of this](https://github.com/captn3m0/sanskari-proxy), the one that\ncomes with the least legal issues.\n\n## Helm Charts for Self-Hosting\n\nI self-host a lot of my services, and it would be great to take my existing\nservices, and convert them to compatible Helm Charts that others can re-use.\nBasically: Helm Charts for Self-Hosting.\n\nThe input for these would be the terraform code at\nhttps://git.captnemo.in/nemo/nebula\n\n## Fake Paytm Payment\n\nA fake webapp that goes fullscreen and does the following:\n\n1. Has a QR Code Scanner and OCR Scanner that scans Paytm QR Codes\n2. Lets users enters any amount\n3. And gives a green check to say that the payment was successful.\n\nWhy: To demonstrate to Paytm that they need to educate their merchants better\nabout authenticating payments.\n\n:warning: **Likely illegal to distribute.**\n\nUpdate: There are already two such apps on the Play Store. However, they don't\nwork any more since they were based on the old UI Scheme. See\n[@Oxyenyos's PR](https://github.com/captn3m0/ideas/pull/10) for some more\ndetails.\n\n## ✨ Automated Personal Finance\n\nA personal finance application that tracks things automatically, but saves all\ndata on your systems.\n\nA overwhelmingly large percentage of my finances are online or tracked somewhere\ndigitally. What is ditigal can be automated, but without any of the SMS-sniffing\napplications that currently clutter the market. The idea is to have a simple\ncross-platform application that:\n\n1. Embeds a web-browser that lets you login to various online services.\n2. Scrapes the order/payment history from these sites regularly.\n3. And provides you with monthly budget/finance history that you can use to\n track your spending.\n\nFor bonus points, figure out a way to track card expenditure. The very minimum\nservices required would be:\n\n1. Uber (Has an API)\n2. Splitwise (Has a API)\n3. Paytm (Doesn't have API, but the website backend is very much a API)\n4. Amazon\n\nI've tried something similar before:\n[captn3m0/gringotts](https://github.com/captn3m0/gringotts), but I made a few\nmistakes:\n\n1. Made it a ruby-command line application.\n2. Made it output YAML.\n\nA few related projects:\n\n- [Praseetha-KR/billfold](https://github.com/Praseetha-KR/billfold)\n- [alexjv89/cashflowy](https://github.com/alexjv89/cashflowy) - Might be worth\n using this as core.\n\nIf I were to try it again, I'd ensure a few things:\n\n1. GUI first, with a great UX.\n2. Cross platform, but I'd priritize Mac if necessary.\n3. Save all data in [plaintextaccount](https://plaintextaccounting.org)\n compatible files. This would let people use other tools on top of this.\n\n## CardDAV on Slack\n\nWhile Slack calls are great, they are not the same as a Contact Entry in your\nphonebook. Because with a phonebook entry, you can make outbound calls without\nhaving internet, and you get contact details when your colleague calls you.\n\nThe idea is to run a Slack OAuth based CardDAV server, which:\n\n1. Authenticates the user over OAuth\n2. Fetches the list of all users in a team\n3. Generates a CardDAV URL for the authenticated user\n4. Which can then be used by the user on their phone to sync Contacts one-way\n (From Server to Phone)\n\nWhy one-way? You don't want changes made on the Client side to be pushed to the\nserver.\n\nWhy CardDAV? It is an open-protocol built to exactly solve this problem.\n\nAnd since you have the user's OAuth tokens, you can verify the token on every\nrequest to ensure that it is still valid. If the token is invalid, you return an\nempty Contact List, thus ensuring that users can't fetch contacts from teams\nthey've left.\n\nAnother cool hack this enables is that for teams on Free Plans, which supports\n\"Skype\" field in your profile, but not Phone number, it allows you to use the\n\"skype\" field to build contact sync which converts the field to a\nmobile/telephone field as long as it is a valid telephone number.\n\n## ✨ UPI on Desktop\n\nA clean-room reverse engineered implementation of the NPCI Common Library.\n\nEvery UPI-supported app works using the NPCI Common Library, which takes care of\nsome crucial details:\n\n- MPIN Entry\n- Debit Card Entry for first time registration\n\nBefore encrypting those and passing them to the application code.\n\nThis project envisions to reverse-engineer the NPCI Common Library. This would\nlet people:\n\n- Build Desktop implementation of any UPI Application\n- Build BHIM on older devices\n\nThis is a necessary step, but not the final step since that would be reversing\nthe web APIs that common UPI apps use.\n\n## Twitter Adventure Maker\n\nPlay your own Adventure on Twitter threads have gotten quite famous recently:\n\n- [Being Startup CEO for a day: DON'T LET YOUR COMPANY DIE](https://twitter.com/scottburke777/status/1143356872633851906)\n- [Being Beyoncé’s assistant for the day: DONT GET FIRED](https://twitter.com/CORNYASSBITCH/status/1142591156884127744)\n\n[@ChettyArun was wondering](https://twitter.com/ChettyArun/status/1144534623642255360)\nhow these were even made with Twitter.\n\nOne line pitch: Make a simple webapp that uses the Twitter UI to generate Play\nyour own Adventures. For bonus points, add support for\n[Twine](https://twinery.org/) or perhaps DNML to let people create these easily.\n\n## :rocket: Playstore RSS Feed for Version Updates\n\nAn RSS feed to follow updates on applications would be nice. See [this issue](https://github.com/RSS-Bridge/rss-bridge/issues/1352).\n\n**:rocket:** RSS Bridge now has a Google Play Store Bridge: https://github.com/RSS-Bridge/rss-bridge/pull/2110\n\n## Calendar Feed for Event Websites\n\nWould be great if I could open my Calendar application and immediately look at\nevents that are happening around me. Aim is to subscribe to \"Fun Events -\nBangalore (Insider)\" or \"Plays in Bengaluru (BookMyShow)\" calendars for eg.\n\nInsider has an API that could help with this:\nhttps://api.insider.in/home?filterBy=go-out\u0026city=bangalore\n\n## SVG to PNG on the Edge\n\nI wanted to generate SVG images based on Social Media sharing templates that\ncould be re-purposed as header images for any of my articles. Such a solution\nwould help bloggers immensely, since your Open Graph images can be easily\ndynamically generated. Same goes for people with static sites. (Generating a\nstatic SVG is much easier than generating PNG images).\n\nIf you have a magic box that converts SVG images to PNG images just before\nserving them to Open Graph scrapers. You can implement such a box using\nCloudFlare workers for eg.\n\nA few more links on this:\n[[a](https://fransdejonge.com/2018/03/twitter-and-facebook-dont-support-svg-yet/), [[b]](https://github.com/BreakOutEvent/breakout-frontend/issues/234),\n[[c]](https://indieweb.org/The-Open-Graph-protocol#Does_not_support_SVG_images).\n\nThink of how powerful this could be:\n`\u003cmeta property=\"og:image\" content=\"https://image.sv/g/https://captnemo.in/img/title-banner.svg /\u003e`\n\nA somewhat relevant thing: https://www.bannerbear.com/. There are more details\non https://github.com/captn3m0/ideas/issues/11 if this sounds interesting.\n\n[resvg](https://github.com/yisibl/resvg-js) is a library that should fit nicely for this usecase.\n\n## NammaBescom OCR/Overlay Bot\n\nA bot that waits for tweets from\n[@NammaBescom](https://twitter.com/NammaBESCOM), OCRs the image they send,\nreplies with the OCR version of the text, and attaches a map on the tweet with\nan overlay map of all the areas that lost power in the last 24 hours.\n\nA slightly stale version of this data is available at\nhttps://www.bescom.org/upo/public.php in text format.\n\nCredits: https://twitter.com/kingslyj/status/1219697117909803008\n\n## 🎁 Mars: Terraform Remote HTTP Backend with End-to-End encryption\n\nA fork of \u003chttps://www.terraform.io/docs/backends/types/http.html\u003e, which\nchanges the configuration format to:\n\n```hcl\nterraform {\n backend \"mars\" {\n address = \"https://mars.com/03fa43d6-adbe-4e03-8e25-ffdf8a3e456a\"\n encryption_key = \"${var.MARS_ENCRYPTION_KEY}\"\n }\n}\n```\n\nThe lock/unlock address can be inferred. The service can be made public as well,\nsince the backend just needs to be a simple/dumb storage for blobs (back it by\nS3 perhaps?)\n\n### Why\n\n- For casual projects, Terraform Enterprise is too much\n- Separate Infrastructure for Terraform State store makes sense\n- Not everyone has S3 available\n- Just share your UUID and the encryption key with your teammates\n\n### Backend\n\nNeeds to be a public good with restrictions:\n\n1. Reasonable Rate limits\n2. File size limits\n3. Restrict by terraform-user-agent, because why not\n4. Block unencrypted data from being stored\n\n### Extras\n\n- This needs to be Highly Available if folks are gonna use it\n- Use NaCl for crypto\n- Support a breakdown into `read_encryption_key` and `write_encryption_key` for\n key rotation\n- The encryption parts can perhaps be merged to upstream\n\n## 🎁 iOS OPDS File Provider\n\niOS 11 and above support browsing arbitary \"cloud\" filesystems using a [\"File\nProvider Extension\"][fpe]. This allows your application to expose a arbitary\ndirectory structure to other applications using the Files app (and file-picker\ndialogs).\n\nCommon use-cases include picking files from Dropbox, GDrive, iCloud etc. Here's\na simple tutorial that demonstrates the idea:\nhttps://www.raywenderlich.com/697468-ios-file-provider-extension-tutorial.\n\nThe idea is to build a simple app that implements a dumb OPDS browser, along\nwith a File Provider Extension. This magically makes all applications on your\ndevice OPDS aware, which is a Great Thing :tm:\n\nOPDS here is the\n[open publication distribution system](https://en.wikipedia.org/wiki/OPDS),\nwhich allows a large number of clients to access digital libraries and\npublications with mostly-sane distribution and browsing semantics.\n\nAs an example, [Arxiv has a OPDS](https://arxiv-opds.herokuapp.com/) server\nwithout any authentication. You could enter this one URL in your application\nsettings, and now all Arxiv PDFs are instantly browseable in your Files\napplication.\n\nOPDS support search as well, but I'm not sure of File Provider Extension does,\nbut that would be another cool usecase. The application UI is just 2 screens:\n\n1. List of connected OPDS Servers\n2. Edit/Add screen for a OPDS Server. Includes fields for URL/Username/Password.\n\nBrownie points for adding support for rendering ebook thumbnails, but that is\noptional.\n\n## iOS/MacOS \\*sonic File Provider\n\nSimilarly, the [SubSonic API](http://www.subsonic.org/pages/api.jsp) is decently\ndocumented, reversed and re-implemented across a lot of clients. A single\napplication that adds support for SubSonic File Provider will allow any other\napplication to pick song files from a subsonic source. Not as many usecases as\npicking ebooks or PDFs, but good nonetheless.\n\n[fpe]: https://developer.apple.com/documentation/fileprovider\n\n## collaborative-bookmarking\n\nif you haven't used dropbox folder sync in the past, this is how it works:\n\nyou have a parent dropbox director you create subdirectories you pick a\nsubdirectory and you share it with people everyone with access gets the same\ndirectory in their dropbox their edits to the directory are synced with yours\nI'm skipping over conflicts for now take this to bookmarks: everyone has a\nbookmark thing in their browser chrome has 2 parent directories, though -\u003e\nbookmarks, and tab bar I add bookmarks and save them in a special directory. I\nget a share option in the extension against every parent level directory to\nshare with other people\n\nThe interface is basically:\n\n- Coding (shared with user@example.com) [Synced]\n- Books\n- Projects\n- Elixir (shared with person@mail.com) [Syncing]\n\nIf the other person checks their bookmarks directory, they see the same\ndirectory and links\n\nedits are synced as well, so you can edit bookmarks (title only) and it gets\nsynced back\n\nThere are lots of tools that already sync your browser bookmarks, but once you\nhave the base in place, you can make the \"source/sink\" configurable to things\nlike Google Save / Pockets / Pinboard etc.\n\n## πŸ‘©β€πŸ”¬ Boardgame AI Gym\n\nThe idea is a mix of 2 things: reading research papers about Monopoly, and\nplaying a lot of boardgames. There is a lot of good research work around\nmonopoly [0] and certain card games (Poker etc), but modern board games (Catan\nhas a little research community) haven't been looked at much. I wanted to do\nsimulation-based research for modern games, but found that there is no easy\ntooling available to do this.\n\nCardWorld is \"OpenAI Gym for boardgames\". The complete idea is:\n\n1. Have a board game framework in place that allows people to write rulesets for\n their favorite games. These get registered as environments in the Gym.\n2. Allow anyone to submit a agent script for this environment that plays this\n game. This could be written in any language that the platform supports.\n3. Have a runner system that runs these agents against each other.\n\nThe benefits I can see are these:\n\n1. Crowdsource AI research on turn-based games. The easier it is to write a bot\n that plays Hearts, the more people will try their hand at it.\n2. Improve our understanding of Card Game Modelling. There has been some\n research in this area earlier[1] involving languages specific to model this,\n but I think there is a lot of scope of improvement here.\n3. Give the boardgame community the tools to simulate and understand strategies\n for modern board games. Everyone knows you must buy the Transports in\n Monopoly, but what is the optimum strategy for Settlers of Catan?\n\nRelated Projects:\n\n- [Open Spiel](https://github.com/deepmind/open_spiel), [Docs](https://openspiel.readthedocs.io/en/latest/index.html)\n- [Ludii Games](https://ludii.games/contact.php)\n- [RLCard](https://rlcard.org/overview.html)\n\nWork so far:\n\n- https://github.com/captn3m0/sushigo/\n- https://github.com/captn3m0/gothok\n- https://git.captnemo.in/nemo/boardgame2vec/\n\n## 🎁 ✨ Green/Yellow Pages\n\nA distributed directory for spam reports.\n\nI despise [TrueCaller][tc], the current world-leader in this space, because\ntheir entire business model depends on users selling their data to Truecaller,\nwhich can then make as much money from this database.\n\nWhen you look at the root problem that truecaller is solving, it is a\nreverse-yellow-pages directory to avoid spam calls.\n\nTo solve this:\n\n1. You need a way to check a number against a known spam list.\n2. You need the check to be as fast as possible.\n\nIf you want to beat TrueCaller, this check should be completely offline, to\npresent a significant advantage.\n\n### API\n\nThe API has 2 endpoints:\n\n1. Register a number as spam.\n2. Check a number and get a YES/NO spam response.\n\n### Spam registration\n\nTo prevent abuse, you want the client to do some proof of work before _each_\nsubmission. Publish a hash of the input number in a ledger.\n\n### Data Store\n\nMaintain a layered bloom filter ([research][res]) for each of the\ncountry-domains. We don't store the original number, though, but the hash of the\nphone number in the bloom filters.\n\n### Check\n\nAny party can request a check by sending us a hash of the phone number (so it\ndoesn't really leak _much_ info) along with the country code. We want a slow\nhash function but since we want this to be verifiable on the client itself, the\nideal would be that it takes \\~0.25s on a average mobile device.\n\nOnce we recieve the hash, check it against all the bloom filter layers in\nparallel and return the results as a score.\n\nFor eg, if we have 1000 layers (to check upto 1000 reports), return the highest\nlayer number that has an entry for the number.\n\n### Ledger\n\nThe above-mentioned ledger is an easy way of ensuring verified sync with any\nother party that wants to maintain the same data store.\n\nThis is not a very robust solution, and an ideal solution would be to let the\nclient publish on the ledger, and everyone can just pick up from the ledger.\n\nDifferent entities can create different directories depending on the client\nproperties. For eg, if a client has reported too many spam reports, you can\nreduce their contribution.\n\nA generator might also consider the frequency of such reports, along with their\nage so that recent reports are given more weightage.\n\nThe nice thing here is that, since all violations are published on the ledger,\nyou can re-create the directory from the ledger at any time.\n\n### Directory\n\nA generated directory is a compressed export of the nth layer of the bloom\nfilter. `n` here can be decided by the customer. So you can pick n=5, for a\nhigh-false-negative rate.\n\nOver time, I expect this to be standardized as high/low/medium.\n\n### Application\n\nThe application uses a list of country codes (which it can auto-fill from the\napplication context) as input to download directories from various known\nsources. The remainder of the application is spent on interrupting inbound calls\nand adding a overlay with the call score.\n\n### Security/Privacy concerns\n\nWhile hashing is the right choice here, it still has issues. A valid phone\nnumber may be very small and we are already recording the contry code to reduce\nthe size and improve directory efficiency.\n\nSee [this][solomon] for eg, where the actual phone number is just 5 digits.\n\nEven if you use a really slow hash function, and it takes 2 seconds to hash each\nnumber, it only takes 37 hrs _total-compute time_, which can easily be run in\nparallel to guess any numbers which may have been ever entered in the ledger.\n\nThe problem here is that we want repeated numbers to hash to the same value, so\nas to ensure duplicates get recorded properly.\n\nThis might be possible if all clients can store a copy of the entire ledger, but\nthat doesn't sound like a good idea.\n\nHowever, the mere fact that a phone number is in the ledger isn't as important\nas _when_ it was added.\n\nA client should ideally add a random delay (to the tune of hours) and batch any\nwrites to the ledger so as to reduce chances of leak.\n\nIf A calls B, and B immediately writes A's number to the ledger, A can pretty\nmuch guarantee that it was B who did it.\n\nThere is a counter-argument here to be made about how you want honest clients\nand immediate publishing would increase transparency and hopefully get more\n_actual spammers_ on the list.\n\nAnother concern is about publishing the client identifier in the ledger, since\nit can lead to the network figuring your calling patterns. However, since an\nentry is only added voluntarily, and doesn't really have any PII, I think it is\na reasonable tradeoff to make.\n\n### Deregistration\n\nPhone numbers are not people. They can be transferred, and what was a spammy\ntelemarketer earlier could now be your number.\n\nThere is no easy way here, other than having a \"negative\" entry in the ledger,\nwith a far higher cost attached to it.\n\nThe client should always whitelist any saved mobile numbers as well.\n\nAnother solution is to have a second \"verified\" ledger of some sort, where\npeople can verify themselves as not-a-spammer by \"some means\". Not sure how this\ncould be done in a distributed manner though.\n\n### Cost of Computation\n\n- Verification should be fast\n- Insertions should be slow\n- Client registrations should be costly\n\nBy costly, I mean the compute price, not monetary. A nice way to equalize this\nwould be to make a registration as hard as 10 insertions, so creating a client\nand reporting 9 further times would be much more cheaper to do.\n\nThis helps in ensuring that there is still a way to counter spam reports. I'm\nsure there are better ideas, though.\n\n### Terms\n\n_Directory_: The actual data store holding a \"Yes/No\" filter of whether a number\nis spammy or not. _Ledger_: A blockchain or ditributed log that maintains any\nreports.\n\n### References\n\n- You should totally read\n [Falsehoods Programmers Believe About Phone Numbers](https://github.com/googlei18n/libphonenumber/blob/master/FALSEHOODS.md)\n- [bitly/dablooms](https://github.com/bitly/dablooms) - an attempt by bitly to\n solve spam problems with a layered bloom filter which is countable as well\n- [scalable bloom filters](https://www.sciencedirect.com/science/article/pii/S0020019006003127)\n- [A multi-layer bloom filter for duplicated URL detection](http://ieeexplore.ieee.org/document/5578947/?reload=true)\n\n[solomon]:\n https://en.wikipedia.org/wiki/Telephone_numbers_in_the_Solomon_Islands\n[res]: http://ieeexplore.ieee.org/document/5578947/?reload=true\n\n## 🎁 communities browser extension\n\nEvery community that I meet these days wants to use its own different app to\nmanage things, or alternatively create its own special forum and so on.\n\nFor instance:\n\n- The dev-s community runs its own Slack channel (which is great) but wants its\n own discussion forum.\n- ReRoll Bangalore has its own WhatsApp/Telegram group (which is great again)\n but lacks a discussion forum.\n\nThe idea is to make a Chrome/Firefox extension that:\n\n1. lets you create a community (you get a unique id + social links you can give\n out)\n2. lets others submit their identity to the community tracker via the\n extension.\n\nThe extension has the following features:\n\n1. Allows you to add \"communities\" you belong to\n2. Allows you to add your identity handles that you own. So you can specify\n multiple twitter/reddit/facebook/HN/... accounts that you own\n3. Link communities with your identities. So you can share your reddit handle\n by joining a community.\n4. Highlight a community member while browsing the site. So if you are browsing\n hacker news and have added yourselves to the community listing, you can see\n other discussions highlighted from other members.\n\nThe entire extension lives in browser space and localstorage. The backend just\nmaintains a mapping of community id to profile IDs, which is synced once in a\nwhile. A community code might be required to add yourselves to the community.\n\nThis is like Reddit flairs, but flairs only work on a single subreddit, this is\nintended to work across various discussion forums.\n\n## onioncannon\n\nSimilar to [pushjet](https://pushjet.io/), but with the following idea:\n\n- Push all app notifications to other clients\n- Add/Remove clients at will\n- All traffic reaches a central server\n- All traffic is encrypted at source, but the uuid of the client can be used to\n talk to them\n\n### Related:\n\n- https://www.ockam.io/\n\n### Use Case\n\n- I wanted to build a simple \"auto-type OTP\" Chrome Extension.\n- Without using pushbullet (Should be FOSS)\n- Without giving my OTP to anyone else (should be E2E)\n- Without having to worry about NATs and firewalls (should be a publicly hosted\n service)\n\nSomewhat related to the idea is http://github.com/decant, which allows me to\nbuild the \"read SMS\" part of it.\n\nWhat I envision is essentially a simple client-registration protocol:\n\n- `[Device A]` generates a UUID.\n- `[Device B]` generates a UUID.\n- B generates a QR code using the UUID.\n- A scans the QR code to get the UUID and pushes a sample event.\n- B gets the event, and can decide to push events to A if needed.\n\nThe QR code includes:\n\n1. The UUID of a client\n2. A public key fingerprint of the PGP key of the client\n3. Metadata containing:\n\n- Public Key\n- URL where the public key can be found\n- Misc Client Information\n\nAny client who scans this can now start sending encrypted data to the client.\n\nThe nice thing is that you can transmit data however between these two parties,\nonce it is encrypted. Use GCM/pusher if you wish.\n\n## πŸš€PyPi Notifier\n\nProblem: No way to get updates when any package I am using has a new release.\n\nSolution:\n\n- Sends an email when a package you are watching updates\n- Get starred package list from github\n- Webhooks are not possible\n- PyPi -\u003e GitHub mapping is impossible to maintain\n- Parse PyPi RSS Feed\n- Get list of packages updated and mail people\n- Maybe parse package name from setup.py\n- Allow uploading requirements.txt as well perhaps.\n\n### Sources\n\nOnce it has your GitHub credentials:\n\n- Starred github repos that are also on PyPi\n- packages menetioned in setup.py and requirements.txt files from my own\n projects\n- Allow someone to upload a requirements.txt and use that as source\n- Parse the PyPi RSS Feed to get complete updates\n\nAll the sources are merged together.\n\n### Notifications\n\n- Maybe have a curated twitter account that tweets about releases for the top\n 10% packages.\n- Create a personal RSS feed for every user\n- Send out emails (configurable) for every release.\n- Optional direct tweets as well?\n\nπŸš€ [Dependabot](https://dependabot.com/),\n[Renovate](https://github.com/renovatebot/renovate)\n\n## codenames-ai\n\nCodenames is a word game, and you can see the rules here:\nhttps://czechgames.com/files/rules/codenames-rules-en.pdf\n\nThe interesting challenge in the game is word-association:grinning:\n\n- finding a single word that\n- relates to one-or-more of words in Set A (Your color)\n- while staying away from words in Set B (Your opponent's color)\n- and staying far far away from a single word in Set C (Assasin)\n\nThe remaining AI is much simpler: Given a word and a count,\n\n- find the closest words from Set (A+B+C)\n\nI think using some clustering algorithms on top of word2vec should give decent\nresults. Maybe GPT-3 can do this much more easily.\n\n## Verifiable Code Execution on Cloud\n\nA common problem in the privacy world is that when a service says: we need your\ndata, but promise we won't store it - you have to take them at their word. This\nis a common problem. Signal for eg, hashes your contacts, and sends them to\ntheir cloud servers to see which of your contacts are on Signal. They manage to\ndo that\n[by relying on Intel SGX](https://signal.org/blog/private-contact-discovery/),\nwhich signs the code running on AWS and the Signal app validating that signature\nto ensure that the code that's processing your contacts isn't doing anything\nnefarious.\n\nHowever, there is another trusted piece of infrastructure that can be used to\nachieve a slightly lower degree of trust. Here's how you do it:\n\n1. AWS Lambda is \"verifiable infrastructure\". You can fetch the code and verify\n that it's the same code as what you've provided elsewhere (as a reproducible\n build for eg)\n2. We create a lambda for trusted-code-execution (say collecting hashes of your\n contact list, matching them against a bloom filter). The code isn't supposed\n to log these contacts, or save them in any way. We also provide this exact\n code elsewhere, for people to validate and review.\n3. You create a AWS IAM keypair that has permissions to get each revision of the\n lambda code, validate the corresponding API endpoint against this lambda.\n4. Instead of using a custom-domain API Gateway, you instead use the AWS execute\n lambda endpoint (The ones that look like\n https://api-id.execute-api.region.amazonaws.com/STAGE). The request directly\n reaches the lambda - verifiably (I think).\n5. Publish the keys for the AWS IAM keypair that was created above.\n\nAnyone in the world can then call up the Lambda management API to validate the\ncode at any time with these credentials. If you trust AWS Lambda and IAM, there\nis a verifiable trust in the code that is running on that lambda and that is\nprocessing your contacts. If/when AWS supports Intel SGX on Lambda (or Nitro\nEnclaves), additional guarantees can be provided by using that.\n\nLambda could quite possibly be replaced by similar services: Fargate/Cloud Run.\n\nLinks: https://news.ycombinator.com/item?id=25837281,\nhttps://stackoverflow.com/a/65798291/368328\n\nNot sure what the actual product here would be. Perhaps a toolkit that makes it\neasy to setup such infrastructure? Perhaps a global custody chain that acts as\nverifying nodes?\n\n## Browser Extension: youtube-cue\n\nA browser extension of https://github.com/captn3m0/youtube-cue/ would be nice,\nwhere you could click a button on the YouTube URL for a video to download a CUE\nsheet.\n\n## Stitch EPUBs from multiple URLs\n\nI wrote https://github.com/captn3m0/pystitcher, which does a great job with\ndeclaratively stitching PDFs. It would be nice if something similar could be\ndone for EPUBs. So you create an EPUB by writing down a markdown file:\n\n```markdown\ntitle: Thunder and Lightning author: Scott Rain summary: Book Summary\n\n# Thunder and Lightning\n\n# [Cover](cover.jpg)\n\n# [Chapter 1: Everything goes south](https://example.com/ch1.html)\n\n# [Chapter 2: Lightning](https://example.com/ch2.html)\n```\n\nTake the input, run it through a readability engine, and generate proper EPUBs\nout of it.\n\nSee some related stuff:\n\n- I wrote [url-to-epub](https://github.com/captn3m0/url-to-epub), which works\n nicely for single-URL books.\n- [percollate](https://github.com/danburzo/percollate) is a command-line tool\n that turns web pages into beautifully formatted PDF, EPUB, or HTML files.\n- pandoc, obviously\n\n## OpenAPI Specification Generator from HTTP Archives\n\nHAR is a JSON-formatted archive file format for logging of a web browser's\ninteraction with a site. Lots of tools already support HAR format, including\nChrome, Firefox, Fiddler, Charles Proxy, ZAP etc. There are\n[JSON schema generators](https://github.com/stoplightio/json-schema-generator)\nthat will take a JSON object and generate a OpenAPI schema accordingly. The\nusecase is:\n\n1. Browse around a website or mobile app, which happens to have a JSON API.\n2. Save a HAR file from your browser or proxy.\n3. Generate a OpenAPI Specification file.\n\nIt doesn't have to be perfect, but the following can be easily adapted for:\n\n1. List of various routes\n2. Authentication scheme\n\nI\n[wrote a few reverse-engineered OpenAPI Specifications recently](https://captnemo.stoplight.io/)\nand this would have been helpful.\n\nEdit: Found a few projects:\n\n- [akita-cli](https://github.com/akitasoftware/akita-cli#about-this-repo)\n already supports this, but I haven't tried this yet.\n- \u003chttps://github.com/dcarr178/har2openapi\u003e\n\n## Open ISIN API\n\nBased on https://github.com/captn3m0/india-isin-data.\n\n## A Survey of the [Electron](https://www.electronjs.org/) Supply Chain\n\nElectron applications are easy to build, but hard to maintain:\n\n- using npm means the dependency tree is limitless\n- using electron means most applications are static bundles containing:\n - a full chromium runtime\n - a copy of ffmpeg\n - electron\n- Chrome bugfixes take time to reach electron.\n- Older versions of electrons provided a full Node.js environment in the\n renderer process.\n\nThe [process model](https://www.electronjs.org/docs/tutorial/process-model) has\nimproved over time, but it's not perfect. There were 3 context isolation\nbypasses reported in 2020.\n\nA survey of existing applications might be worthwhile to see what's the lag\nbetween:\n\n1. A bug being reported in chrome\n2. A security fix in electron\n\nreaching end users.\n\nI did some work on it:\n\n- \u003chttps://github.com/captn3m0/which-electron\u003e\n- \u003chttps://github.com/captn3m0/electron-fingerprints/\u003e\n\n## 2fa.wiki\n\nA community maintained machine-readable wiki for information about 2fa recovery\nworkflows for various services. 2FA recovery workflows are often undocumented,\nso this would be a good thing to document across the internet.\n\nHaving this machine-readable will be even better.\n\n## Boardgame Rulebook Translation Guide :construction:\n\nTranslating technical guides (such as boardgame rulebooks) to Hindi is quite\ntough. There should be a standard guide that documents common terms so as to\navoid confusion between various games using different translations for common\nboardgaming terms.\n\n## Simple Firejail/Bubblewrap wrapper for AUR/NPM/pipx packages\n\nI trust packages in the distro far more than random dependencies.\nIt would be nice to be able to run a command with a prefix so that:\n\nIt only gets access to the files and directories mentioned on the command line.\nMaybe automatically do this at install time, to wrap it.\n\n## Probe the Great Indian Firewall\n\nThe Great Indian Firewall is what blocks Indian Government websites from being accessed outside of India. \nThis is bad for multiple reasons, including accessibility, archivability, and usability. There's multiple\nways this is applied, inculding:\n\n1. GeoDNS based blocks (DNS resolves to a blocked IP outside India)\n2. IP Address based blocks (Requests from an ASN outside India are dropped)\n3. Block ASNs from Hosting Service Providers\n\nTake an existing corpus of Indian Government websites (such as [mine](https://gist.github.com/captn3m0/4f3da8f07fe884e62bfab3ac85616936))\n, and probe it in multiple ways to detect differences between the\n\"normal response\" (What you'd get from an Indian residential IP) and a \"blocked response\" (what you see from outside India).\nTake care to account for residential v/s cloud IPs, since those are commonly blocked.\n\nThe outcome should be a self-updating report/dashboard that documents the various sites that are blocked outside India.\n\n## A Practical MRNL Service (Mobile Number Revocation List)\n\n**Note**: [TRAI](https://trai.gov.in/) (India's Telecom Regulator) publishes a [Mobile Number Revocation List][mrnl] every month. It consists of any mobile\nnumbers that were disconnected this month. The list is public, and meant to be used by Indian businesses and service providers to protect\nagainst account takeovers once these mobile numbers are re-assigned. The list is published in JSON/Excel/PDF formats, and is accessible over\nan API.\n\nAs it stands, each business must write their own code to actually use this list. A usable implementation of this list would be\nsome service that could do one or more of the following:\n\n1. Publish all revocations on a public queue, such as a publically accessible SNS topic, Amazon EventBridge, or a NATS/Kafka stream. Any business can subscribe to this, and consume it easily.\n2. Let any business subscribe to a webhook where such lists are published.\n3. Let businesses submit their existing customer dataset on a regular basis, so you can provide targeted webhooks to each business - you only get notified if your customer is impacted.\n4. A Bulk-Lookup API that takes an existing customer dataset, intersects it against this month's revocation list and returns a response of impacted customers.\n5. A historic database lookup that takes customer account creation dates along with mobile numbers as input, and returns impacted customers (mobile numbers that have been revoked since the account was created). This is important because a business might already have vulnerable customers\n\n### Security and Privacy Considerations\n\n- You do not want to store a copy of any business's customer database - relevant for (3). Especially do not link it to any identifiable Business Name. Finding a business from the list of mobile numbers might still be trivial however (if you know a subset of users for eg).\n- Support bloom filters for bulk lookup APIs to reduce the request payload.\n- Look at [Private Set Intersection](https://en.wikipedia.org/wiki/Private_set_intersection) to make bulk-lookups completely anonymous (The server learns nothing about your customer dataset).\n- Provide clear guidance as to what guarantees the MRNL provides, and what businesses should be doing after getting notified. This might be very important for 2FA considerations for example, and require complete account suspension in cases where the mobile number is the only customer identifier.\n\n### Cost Considerations\n\n* Running a public SNS/EventBridge/PubSub service with third-party subscribers has a low enough cost, since you're responsible for reasonable egress and publishing costs.\n* Running webhooks at scale does get costly, due to network costs, so don't do this unless you can monetize it.\n\n## A physical variable Fuzzy Clock\n\nI don't like the per-minute cadence of modern clocks. Fuzzy clocks reduce the\naccuracy of time to fix this. I use the Fuzzy Clock on KDE, which is described as:\n\n\u003e The fuzzy clock shows the time as a spoken expression like β€œTwenty to six”.\n Additionally, the fuzziness of the clock can be adjusted. At maximum\n accurateness, it will change all five minutes, with increasing fuzziness\n the time of changes will increase. At maximum fuzziness, it may only\n say β€œWeekend”.\n\nI like having accurate clocks at home when I'm getting ready in the morning,\nbut as the day goes by, I would like to care less about accurate time. I'd\nlike my clock to just say \"Time to Sleep\" beyond 10pm, but during working hours\nbe accurate to 15 minutes or so.\n\nI don't know what a physical version would look like, but it would be cool\nto come up with one. I am thinking of prototyping something with a e-Ink display.\n\n## A curl impersonation proxy\n\n[curl-impersonate](https://github.com/lwthiker/curl-impersonate/) is a cool\nproject which patches curl to impersonate browser signatures (TLS Cipher\nSuites, TLS Cipher Order, headers etc). This lets you use curl-enabled\ncode to behave as if the requests came from a browser. It doesn't run JS\nbut is quite helpful for lots of usecases.\n\nA common issue with curl-impersonate is using it in applications which already\nhave a HTTP Adapter, such as Faraday/Ruby or other HTTP clients. You need to\nswitch the client to curl, and then LD_PRELOAD the libcurl from this project.\n\nHowever, most adapters already support a HTTP Proxy. It would be nice to have\na MITM proxy that was curl-impersonate aware, so it becomes a cheap and easy\nway to run this in your existing codebase.\n\n## A Whisper UX Design Pattern\n\nYou can \"mute\" triggers in most platforms, where a trigger could be a\nhashtag, or a user, or a text pattern. However, the mute is always a\nbinary thing - either you see it, or you don't.\n\nA well-stated problem with muting is the echo-chamber it creates. If you\nmute all mentions of [political-term] from your feed, it could be the \nequivalent of putting your head in the sand.\n\nA \"Whisper\" is a more nuanced version of this - instead of hiding away the\nmention, it is shown in a different style, or a different color. This way\nyou can still see the mention, but it doesn't dominate your feed.\n\nYou could also club posts with the same whisper tag, and show them together\nin the feed.\n\nI've been considering something like this for \u003chttps://news.tatooine.club\u003e.\n\n## Tareeqh pe Tareeqh\n\nA website where you can visualize the pendency status of cases in courts,\nand see the reasons why court cases are not heard. Give it a date, and\nyour case details - and it can use the existing data to estimate whether\nyour case will be heard or not (and give you probabilities for reasons).\n\n## Mobile App Traffic RE Platform\n\nA platform that helps with:\n\n1. Patching an existing app to support traffic analysis.\n2. Running the app against your network.\n3. Generating HAR files using a proxy\n4. Ingesting the HAR file to generate OpenAPI Specifications\n5. Create appropriate dependency graphs for API calls\n6. Automatically generate OpenAPI Workflows for specific calls\n\n## One-Page RSVP Platform on Edge Compute\n\nhttps://rsvp.ngo/ was almost perfect (doesn't work any more), but I'd like\nsomething I can easily run on Edge compute such as Netlify Functions,\nor Cloudflare Workers. It should be a single page that lets users\ncreate events, and submit RSVPs, with a single function that is easily\nembeddable to an existing website.\n\nBuilt by @shravan20 at https://rsvp2go.ohmyscript.com. [[Source]](https://github.com/shravan20/rsvp2go).\n\n## One Page Event Hosting platform\n\nConsidering building this at `host.blr.today`: A single page no-login\nwebsite to help you host an event.\n\n1. Event Date considerations (Show weather, protests etc)\n2. No login required\n3. Semantic structure with Schema.org/Event\n4. Automatically generate banner images using something like bannerbear\n5. Embeddable RSVP Form\n6. Give a separate Payment Link.\n\n## Price Index for Indian Grocery Websites\n\nPick a basket of common goods from Indian grocery websites, and track the\nprice of these goods over time across multiple popular apps (BigBasket,\nInstamart, Blinkit, Zepto, Amazon Fresh etc).\n\nRelated work:\n\n- A [Shrinkflation Database](https://www.shrinkflation.io/products)\n- [Tracking Austrian grocery prices by scraping store sites](https://mastodon.gamedev.place/@badlogic/111071396799790275).\n // [HN Discussion](https://news.ycombinator.com/item?id=37532973), [Code](https://github.com/badlogic/heissepreise),\n [Website](https://heisse-preise.io/).\n- [9minutes.in](https://9minutes.in/) for searching across Zepto/Blinkit/Instamart/DMart\n\n## Bangalore Adblock Art Project\n\nCommercial Hoardings were banned in Bangalore throughout COVID and for quite much later:\nhttps://www.deccanherald.com/india/karnataka/bengaluru/commercial-hoardings-will-not-be-allowed-in-bengaluru-says-govt-1125535.html\n\nA cool art project would be to showcase the pre-post photos of the same places\nwith and without the hoardings in sight.\n\n## PURL Canonicalization\n\n[PURL](https://github.com/package-url/purl-spec) is the Package-URL format,\nletting systems encode a package (+version) into a URL scheme. However, there\nare often multiple ways to encode the same resource, such as:\n\n- pkg:docker/library/php\n- pkg:oci/php?repo_url=https://docker.io/library/php\n\nboth refer to the same package, with different semantics. This makes matching PURLs\nquite difficult as two tools might encode the same package in two different ways.\n\nA canonicalization scheme would be helpful.\n\n## Nutri-score calcuator\n\nhttps://github.com/openfoodfacts/robotoff seems pretty close.\n\nGiven A nutrition label (and some identifier), as specified by FSSAI, generate a [Nutri-score](https://en.wikipedia.org/wiki/Nutri-Score) label.\nMake this into an API, which can cache on the identifier (Vendor+Product ID) and provide a nutri-label.\n\nThen build interesting things on top of this API:\n\n1. A browser extension that works as you shop online, showing you the nutri-score of the product.\n2. A web-app that takes your Grocery app export data (See \u003chttps://captnemo.in/personal-finance-stack/\u003e), and generates a nutri-score for all items you buy.\n\nThere are some apps on the market that rely on barcode -\u003e UPC -\u003e Lookup and\nare probably reliant on openfoodfacts but there are no good Indian barcode\ndatabases (hence the next idea).\n\nIf a good Indian barcode database exists, this could be extended to work with\nthat database instead.\n\n## Indian Grocery Barcode Database\n\nBarcodes are great, and UPC barcodes are quite decent at being identifiers for\nproducts across sellers. Sites like \u003chttps://www.upcindex.com\u003e exist to lookup\nthis data, but they rely on US based listings.\n\nGo through all images across all product listings on Swiggy/Zomato/Zepto/Instamart/BigBasket.\nRun OCR on these images to extract the barcode, and then provide the associated metadata\nalongside each barcode. Also include the image URLs.\n\nSubmit everything to openfoodfacts.org\n\n## showtimes.in\n\nA simple website that shows you the showtimes of all movies playing across India. Easily doable using data from a few sources:\n\n1. TicketNew, now owned by Zomato\n2. Cinepolis App\n3. PVR App\n4. BookMyShow\n\n\u003chttps://showtimeapi.com\u003e does not support India currently, so it might be\nworth selling them the data feeds as well. Splitting across 4 different\nproviders gives some redundancy as well. The majority of screens get covered\n3 ways via this, however standardising the data might be a problem.\n\n\u003chttps://www.internationalshowtimes.com/markets\u003e says they support India, but\nI don't know what's the data source they use.\n\n## India Automobile Privacy Review\n\nI really wish there was a truly private modern automobile manufacturer in\nIndia that used end-to-end encryption for all data that they collected, storing\nit only on the vehicle (under device-encryption) and synced over E2E to their\napp/website if needed.\n\nUnfortunately, there is none. The best we can do to raise awareness on the matter\nis do something akin to Mozilla's [Privacy not Included](https://foundation.mozilla.org/en/privacynotincluded/categories/cars/)\nreview, where they compared 25 US car companies and found out that none care about\n[privacy](https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/).\n\nThis is a non-technical project, and quite easily doable by a bunch of policy/legal folks.\n\n---\n\n## Licence\n\nThis work is licensed under a\n[Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).\nFeel free to contribute via Pull Requests, or discuss ideas in Issues. Also feel\nfree to use these ideas in making the Next Big Thing. I promise to send you a\npostcard if you ship one of these.\n\n[![License: CC BY 4.0](https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg)](http://creativecommons.org/licenses/by/4.0/)\n\nThere is a list of other similar lists-of-ideas at [SIMILAR.md](SIMILAR.md)\n\n[mrnl]: https://mnrl.trai.gov.in \"Mobile Number Revocation List Portal by TRAI\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptn3m0%2Fideas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaptn3m0%2Fideas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptn3m0%2Fideas/lists"}