finds.dev

public digest · 5 picks

Self-hosted photos, OAuth shortcuts, and a prompt that fights cookie-cutter design

Five repos this week that share an unusual quality: they're honest about their own limitations. LibrePhotos ships a full ML pipeline but tells you upfront it needs 8 GB RAM and a CPU scan that takes hours. The ASP.NET OAuth collection steers you toward a competing project in its own README. Hallmark admits its 57 anti-slop gates are self-graded by the LLM. That kind of candor is worth paying attention to.

The common thread is scope well matched to ambition — none of these are half-finished proof-of-concepts dressed up with a logo. LibrePhotos has 127 migrations. The OAuth library covers 80+ providers with individual NuGet packages. The Google AI notebook collection has CI that runs spell checking and secret detection. These are projects people have been maintaining, not just shipping.

// pick 1 of 5

LibrePhotos/librephotos

LibrePhotos is a self-hosted Google Photos alternative built on Django 5 with genuine ML capabilities — face recognition, scene classification, semantic search via CLIP embeddings, and auto-generated event albums. It's for people who want full control over their photo library without cloud vendor lock-in and are willing to run Docker on hardware with at least 8 GB RAM.

The ML pipeline here is more complete than almost anything else in the self-hosted photo space. You get CLIP embeddings for semantic search (type 'sunset at the beach' and it actually finds sunsets at beaches), HDBSCAN clustering for face grouping, auto-generated event albums, and geocoding against multiple providers with rate limiting built in. The monorepo consolidation kept full git history from five previously separate repos, which means you can actually bisect regressions across frontend/backend changes — an underrated operational nicety.

The weakest link is the im2txt captioning model, which is based on a 2016 paper and produces captions that feel dated next to anything built on modern vision-language models. It's the one place the stack shows its age. The 8 GB RAM minimum is also real and not negotiable — the ML models load into memory and stay there, so a NAS or low-power homelab box is a no-go. Initial scans of large libraries run on CPU only (no GPU path), so budget a few hours if you're importing years of photos.

For anyone who's been putting off moving off Google Photos because no self-hosted alternative felt serious enough: this one is serious. The 127-migration history is the tell.

View on GitHub → Our full take →

// pick 2 of 5

Hiram-Wong/zyfun

zyfun is a cross-platform Electron desktop app for aggregating and playing video content from third-party streaming sources, IPTV feeds, and cloud drives. It's aimed at Chinese-speaking users who want a single interface to browse and play content from multiple API-based video providers. Think of it as a universal frontend for the fragmented Chinese streaming ecosystem.

The architecture is the interesting part here. Supporting T0_XML, T1_JSON, T3_DRPY, T4_CATVOD, Python scripts, and WebDAV sources without touching core playback logic each time is genuinely well-designed — the adapter layer earns its keep. The SQLite migration system is versioned and incremental, which is the right call for a desktop app where you can't force users to wipe their data. The monorepo also cleanly separates the Rust/Neon VLC binding and crypto utilities from the main Electron app, each with their own build pipeline.

Head in with eyes open on two things. First, the README itself tells users to uninstall within 24 hours and discourages promotion — this is legal boilerplate covering grey-area content aggregation, and it signals real risk: the project could get DMCA'd or quietly archived, which matters if you're building anything on top of it. Second, the Rust VLC binding appears to only have macOS support implemented, with other platforms stubbed out, so the multi-platform playback story is incomplete for Windows and Linux users right now.

The data schema also has visible legacy noise — deprecated fields like `url` vs `api` sitting alongside newer shapes — suggesting the migration system hasn't fully cleaned up old state. No automated tests visible either, which is exactly the kind of gap that bites you on schema evolution.

View on GitHub → Our full take →

// pick 3 of 5

GoogleCloudPlatform/generative-ai

A Google-maintained collection of Jupyter notebooks and sample code for building with Gemini and Vertex AI on Google Cloud. It covers everything from basic API usage to multi-agent systems, RAG, embeddings, and the new Agent Development Kit (ADK). If you're evaluating whether to build on Google's AI stack, this is your first stop.

The most useful thing about this repo isn't any individual notebook — it's the map it gives you of Google's AI surface area. Function calling, vector search, multi-agent coordination, TTS, image generation, LangGraph integration: it's all here, working, with real GCP credentials wiring. The ADK samples in particular (contract compliance pipeline, new-hire onboarding) are more production-shaped than typical demo code; they include Docker, FastAPI, eval sets, and actual unit tests, which puts them above the usual 'notebook that runs once' quality bar. The CI setup — spell checking, linting, gitleaks for secret detection — shows this is maintained like a real project, not a marketing artifact. The last commit was yesterday.

What to know going in: this is a sample repository, not a library. Nothing here is importable without copy-pasting. Almost every notebook requires a live GCP project with billing enabled, so you're not running these locally or cheaply. Quality and style vary between notebooks because different engineers wrote them at different times, and the 'not an officially supported Google product' disclaimer means broken notebooks go into a general issues queue with no SLA. Treat it as a working reference, not a dependency.

View on GitHub → Our full take →

// pick 4 of 5

aspnet-contrib/AspNet.Security.OAuth.Providers

A collection of OAuth 2.0 authentication middleware for ASP.NET Core covering 80+ providers — GitHub, Discord, Apple, Keycloak, and dozens more. It's the go-to package when you need social login in a .NET app and don't want to hand-roll each provider's quirks. The maintainers themselves now recommend migrating to OpenIddict for new projects, which is an honest and unusual thing to say in your own README.

Eighty-plus OAuth providers, each as its own NuGet package so you only pull in what you need — that's the core value. The Apple provider is the standout: it correctly handles JWT client secret generation, ID token validation, and the email-hiding flow that most DIY implementations get wrong or skip entirely. The codebase uses source generators and a consistent handler pattern, so reading one provider's implementation teaches you all of them. CI runs integration tests against real OAuth endpoints using recorded HTTP interactions, which is how you actually catch provider API drift before your users do.

The maintenance posture is honest and unusual: the README itself recommends migrating to OpenIddict for new projects, which is a candid thing to put in your own documentation. That said, it means this project is in caretaker mode — issues accumulate without fixes, and several providers have known open bugs. OAuth 2.0 authorization code flow only: no refresh token grant, no client credentials, no token introspection. And if a provider changes its user info endpoint shape, your claims silently stop populating with no diagnostic output to tell you what broke.

For existing .NET apps that need quick social login and are already in the ASP.NET Core auth ecosystem, this is still the fastest path. For new projects, take the README's own advice seriously.

View on GitHub → Our full take →

// pick 5 of 5

Nutlope/hallmark

Hallmark is a prompt-engineering skill (a structured SKILL.md + reference files) for AI coding assistants that tries to stop them from generating cookie-cutter landing pages. You drop it into Claude Code, Cursor, or Codex and it guides the model to pick from 21 macrostructures, apply one of 20 themes, and run 57 anti-slop checks before emitting HTML. The target user is a developer who needs to ship a decent-looking marketing page without a designer.

The 57-gate slop test is the concrete thing that makes this interesting. Most 'design better' prompts hand the LLM vague instructions; this one gives it an enumerable checklist to falsify — specific sins like 'hero gradient that doesn't relate to brand', 'fake testimonials with stock-photo energy', 'three-column feature grid with icon-title-blurb'. That's a different kind of instruction. The macrostructure library (21 named layouts: marquee-hero, stat-led, letter, scroll-sequence, etc.) is also genuinely useful design vocabulary — forcing a structural choice up front produces more variety than the default hero→features→CTA pattern almost every LLM defaults to.

The `study` verb is a clever workflow: you point it at a screenshot, it extracts the design DNA into a portable `design.md`, and that file travels to a different session or tool. Separation of analysis from generation is underrated. The example outputs in `site/examples` look visually distinct from each other, which is the actual claim being made and it holds up.

The fundamental caveat: this is pure prompt engineering, and the LLM grades itself on all 57 gates. A cheaper model or a long context will just say it passed. There's no programmatic enforcement of anything. The output is also CSS-heavy static HTML — if you're on React, Vue, or Svelte, you're getting design reference material at best, not something droppable into your component tree. Most of the 20 named themes also lack actual reference files; the model is improvising within a label, which is a softer guarantee than the structured macrostructure specs suggest.

View on GitHub → Our full take →

That's the week. If you want picks like these in your inbox before they land here, the email signup is at the bottom of the page — no noise, just the digest.

Get this in your inbox →