Dmitry Petrakov

Hi, I'm Dmitry.

I'm an indie maker with a background in large-scale systems, now building small, focused Chrome extensions and practical, offline-first tools.

I care about clarity, reliability, and tools that quietly fit into real workflows.

View my CV / résumé →

What I build

I design tools the same way I design systems: clear boundaries, predictable behavior, and no hidden complexity.

Most of my work lives inside the browser and focuses on:

Current projects

MAK Cards Online

OPEN BETA

A web platform for working with metaphorical associative cards – online, in real-time.

  • Infinite canvas for card layouts
  • Collaborative group sessions
  • No registration required
  • Built-in chat and notes
Try it for free →
MAK Cards Platform
PDF to Markdown

PDF to Markdown

Turn any PDF into clean, readable Markdown – for people and for AI agents.

Handles messy, real-world documents, not just perfect ones. Use it as a web app, a browser extension, a REST API or a hosted MCP endpoint.

  • Web app at pdf2md.dev – convert without installing anything
  • Preview, copy or download clean Markdown
  • Real backend: two public domains, one entitlement-aware job core
  • API and hosted MCP for agents and automation
Floating Notes

Floating Notes

Notes that live directly on any website.

Floating Notes is a Chrome extension that lets you capture thoughts, links, and context exactly where they happen – without switching tabs or breaking focus.

Notes can be tied to:

  • a specific page
  • an entire site
  • or live independently in a floating window

Designed to stay out of the way until you need it.

Multi Timer

Multi Timer

Multiple parallel timers and alarms in Chrome. Named timers, presets, group launch – offline, no accounts.

Journaling App

Journaling App

AI-powered journaling with metaphorical cards. Draw a card, reflect with guided templates, get a clear next step in 2-7 minutes.

Secure File Transfer

Secure File Transfer

Send files directly between devices, end-to-end encrypted. P2P via WebRTC – no cloud, no sign-up, no size limits.

Image to Base64 & Base64 to Image

Image to Base64 &
Base64 to Image

Two-way converter: turn any image into a Base64 / data URI string, or decode Base64 back into an image. SVG supported. No uploads, no network – everything runs locally.

How I think about tools

After years of building large systems, I've learned that most tools fail not because they lack features, but because they interrupt the user.

I believe good tools:

  • respect context
  • do one thing well
  • stay reliable over time
  • and don't demand attention they haven't earned

Under the hood

These dashboards and the architecture map aren't slideware. They're generated straight from each repository by tooling I built – a metrics pass over the git tree plus a live snapshot from production. The numbers here are the numbers in the source.

MAK Cards Online

Real-time card platform · Go + React + MCP · v0.8.1
130Klines of code
169REST routes
38DB tables
245accounts
8.3Kcards drawn

PDF to Markdown

PDF → Markdown · Go + Python engines · MV3 · v2.1.3
3,615users
197Kpages converted
36Klines of code
42REST routes
5.0store rating
PDF to Markdown system architecture diagram System architecture – many entrypoints, one entitlement-aware job core. Click to zoom.

Research & articles

Secure File Upload in Go Article on Substack

Secure File Upload in Go: 7 Attacks and How We Blocked Them

"Add a PDF upload form" sounds like a 30-minute task. But a working upload and a secure upload are two different things. I broke down 7 real attack vectors on file upload and showed how we mitigated each one in a Go backend – with real code and honest trade-offs.

  • File type spoofing – magic bytes %PDF validation, never trust extensions
  • Disk overflow – MaxBytesReader + per-device slot limits
  • Path Traversal – fixed paths {UUID}/input.pdf, zero user input in paths
  • SSRF – pre-request DNS resolve, redirect blocking, private IP denylist
  • Replay attack – nonce + timestamp + ECDSA signature per request
  • Device spoofing – cryptographic identity via WebCrypto (ECDSA P-256)
  • Application-level abuse – rate limit + signatures + slot system
With LLM tools, the barrier to entry for development has dropped radically. But so has the barrier to entry for vulnerabilities.
Read on Substack → Read on Medium →
What Dog Training Taught Me About AI Agents Article on Substack

What Dog Training Taught Me About AI Agents

What dog training unexpectedly teaches a manager who works with AI agents: about signal quality, safe autonomy, and the cost of literalness. Five lessons that changed the way I work with agents and assign work to people.

  • Clarity is not politeness – it is a safety practice: agents amplify both competence and vagueness
  • Reinforcement beats endless correction – successful sessions become an operating standard
  • Autonomy is useful only inside a good fence – freedom without boundaries is negligence
  • Environment shapes behavior more than one-off instructions – management in the AI age is behavior architecture
  • An agent's error is a diagnostic signal: in 9 out of 10 cases the problem is the task framing, not the tool
A prompt is not a request. It is an execution environment.
Read on Substack →

Writing & notes

I occasionally write about building tools, architectural decisions, and lessons learned from shipping and maintaining real products.

Selected articles:

About dimlight

dimlight is my personal space on the internet.

It's where I share what I build, experiment with ideas, and publish tools that don't fit into big platforms.

You may also see me online as dim0802.