About
Welcome to my pint-sized mad lab — where ambition meets incompetence, and occasionally something doesn't explode. I clumsily tinker with web browsers like a digital Frankenstein, dabble in the stock market mostly to fund my belief that I'll eventually figure it out, and lately I've been letting AI help me build things I'm too impatient to build alone. The results are mixed. The enthusiasm is not.
Web Browsers
I've been poking at web browsers for over two decades. Not because I'm particularly clever — mostly because I couldn't stop. It started as "why does this crash?" and slowly became a habit of finding the weird corners where browsers misbehave. Along the way I've stumbled onto around 500 security bugs: script injections, same-origin bypasses, sandboxes that weren't, pop-up blockers that could be talked out of blocking, and a handful of things I still don't fully understand but that definitely weren't supposed to work.
All of it has been reported and patched. I take no credit for the patches — that part's on the people who actually know what they're doing. I just found the holes and knocked on doors until someone answered.
Bot Detection
A big chunk of my time goes into figuring out how automated tools pretend to be real browsers, and how to catch them doing it. It's a cat-and-mouse game where the mice are extremely well-funded and ship updates faster than I can write notes. I work on detecting things like Puppeteer, Playwright, Selenium, headless browsers, and various stealth wrappers that try very hard to look human.
There's also a whole category of bots that don't bother pretending to be a browser at all — they just hit endpoints directly. Sneaker bots, scraper farms, CAPTCHA solvers, and anything else that skips the rendering engine entirely and works at the request layer. Those are a different kind of problem: less about fingerprinting a DOM and more about spotting behavioral patterns, timing anomalies, and the subtle tells that come from traffic that moves too cleanly to be human.
The detection side is mostly JavaScript, CSS, DOM, TLS, and network quirks — places where real browsers and fake ones behave differently in tiny ways that are easy to miss. I enjoy that part. The part where fraudsters read my work and patch around it is less enjoyable, but it keeps things interesting.
Building with AI
These days I'm also building things with AI, which is a polite way of saying I describe what I want to a large language model and then spend an hour figuring out why the output is almost right. It's surprisingly productive once you accept that "almost right" is the starting point, not the finish line. I've shipped real things this way — tools, experiments, parts of this site — and I've learned a lot about what AI is good at and where it confidently leads you into a wall.
I find it genuinely useful, and also genuinely humbling. Mostly I'm trying to understand how to collaborate with it rather than just outsource to it.
Stock Market
I also have opinions about the stock market. I have strategies, notebooks full of ideas, backtests that looked great until they didn't, and a brokerage account that has heard every theory I've ever had and responded with data. The data is often unkind. I keep going anyway because the puzzle is interesting and occasionally the puzzle lets me win, which is enough to keep me hooked.
I write about strategies here sometimes — not as advice, more as thinking out loud. If something works I'll say so. If it doesn't, I'll probably also say so.