Dmitry Petrakov

Hi, I'm Dmitry.

I'm an indie maker with a background in large-scale systems, now building small, focused Chrome extensions and practical, offline-first tools.

I care about clarity, reliability, and tools that quietly fit into real workflows.

What I build

I design tools the same way I design systems: clear boundaries, predictable behavior, and no hidden complexity.

Most of my work lives inside the browser and focuses on:

Current projects

MAK Cards Online

OPEN BETA

A web platform for working with metaphorical associative cards — online, in real-time.

  • Infinite canvas for card layouts
  • Collaborative group sessions
  • No registration required
  • Built-in chat and notes
Try it for free →
MAK Cards Platform
Floating Notes

Floating Notes

Notes that live directly on any website.

Floating Notes is a Chrome extension that lets you capture thoughts, links, and context exactly where they happen — without switching tabs or breaking focus.

Notes can be tied to:

  • a specific page
  • an entire site
  • or live independently in a floating window

Designed to stay out of the way until you need it.

floatingnotes.app Chrome Web Store Product Hunt
Secure File Transfer

Secure File Transfer

Send files directly between devices with end-to-end encryption. No cloud storage, no sign-up, no size limits on P2P connections.

Data goes straight from one browser to another via WebRTC — the server never sees your content. Share with a simple code: drop a file, send the code, done.

  • P2P file sharing — data goes directly between browsers
  • End-to-end encryption with ECDSA + AES-256-GCM
  • No size limits, no accounts, no cloud storage
  • Side panel workspace with real-time progress
  • Web app at huskyhaul.online — share without the extension
huskyhaul.online Chrome Web Store
Multi Timer

Multi Timer

Multiple parallel timers and alarms in Chrome. Named timers, presets, group launch — offline, no accounts.

multitimer.info Chrome Web Store
Journaling App

Journaling App

AI-powered journaling with metaphorical cards. Draw a card, reflect with guided templates, get a clear next step in 2-7 minutes.

chrome.journalingapp.app Chrome Web Store
PDF to Markdown

PDF to Markdown

Turn PDFs into clean, readable Markdown. Handles real-world PDFs, not just perfect ones.

pdf2md.huskyhaul.online Chrome Web Store
Image to Base64

Image to Base64

Offline-first image to Base64 converter. No uploads, no network — drag, copy, use.

image2base64.huskyhaul.online Chrome Web Store

How I think about tools

After years of building large systems, I've learned that most tools fail not because they lack features, but because they interrupt the user.

I believe good tools:

  • respect context
  • do one thing well
  • stay reliable over time
  • and don't demand attention they haven't earned

Research & articles

Secure File Upload in Go Article on Substack

Secure File Upload in Go: 7 Attacks and How We Blocked Them

"Add a PDF upload form" sounds like a 30-minute task. But a working upload and a secure upload are two different things. I broke down 7 real attack vectors on file upload and showed how we mitigated each one in a Go backend — with real code and honest trade-offs.

  • File type spoofing — magic bytes %PDF validation, never trust extensions
  • Disk overflow — MaxBytesReader + per-device slot limits
  • Path Traversal — fixed paths {UUID}/input.pdf, zero user input in paths
  • SSRF — pre-request DNS resolve, redirect blocking, private IP denylist
  • Replay attack — nonce + timestamp + ECDSA signature per request
  • Device spoofing — cryptographic identity via WebCrypto (ECDSA P-256)
  • Application-level abuse — rate limit + signatures + slot system
With LLM tools, the barrier to entry for development has dropped radically. But so has the barrier to entry for vulnerabilities.
Read on Substack → Read on Medium →
What Dog Training Taught Me About AI Agents Article on Substack

What Dog Training Taught Me About AI Agents

What dog training unexpectedly teaches a manager who works with AI agents: about signal quality, safe autonomy, and the cost of literalness. Five lessons that changed the way I work with agents and assign work to people.

  • Clarity is not politeness — it is a safety practice: agents amplify both competence and vagueness
  • Reinforcement beats endless correction — successful sessions become an operating standard
  • Autonomy is useful only inside a good fence — freedom without boundaries is negligence
  • Environment shapes behavior more than one-off instructions — management in the AI age is behavior architecture
  • An agent's error is a diagnostic signal: in 9 out of 10 cases the problem is the task framing, not the tool
A prompt is not a request. It is an execution environment.
Read on Substack →

Writing & notes

I occasionally write about building tools, architectural decisions, and lessons learned from shipping and maintaining real products.

Selected articles:

4 Chrome Extensions in 4 Weeks: What I'm Learning Building a small Chrome extension after years of large systems The Age of AI Agents: How the Role of Humans is Changing A Million Tokens and Moby-Dick: What Large Context Windows Really Mean for AI How to Grow — Not Stall — In the GenAI Era
Substack Medium

About dimlight

dimlight is my personal space on the internet.

It's where I share what I build, experiment with ideas, and publish tools that don't fit into big platforms.

You may also see me online as dim0802.