DEV Community: Apoorv Darshan

Screenshotting a locked iPhone over Wi-Fi (after AirPlay betrayed me)

Apoorv Darshan — Sun, 14 Jun 2026 14:30:15 +0000

My first attempt at cable-free iPhone capture went AirPlay-mirror -> ScreenCaptureKit. It worked until it didn't: on macOS Tahoe, the mirrored window blacks out the moment a capture context goes active. Dead end.

So TetherShot's Wi-Fi mode now goes a layer deeper, through Apple's developer-services RemoteXPC tunnel (via pymobiledevice3).

What that buys you:

Cable-free captures over your local network
Works even when the phone is locked
A real framebuffer grab at full 1179x2556 (not a compressed mirror)
No sudo per capture — a tiny root tunneld LaunchDaemon keeps the tunnel alive

Setup is a one-time USB pairing plus Developer Mode. After that, the wire stays home.

npm install -g tethershot
tethershot install

It's a tiny macOS menu-bar app: screenshots land in a folder you pick and copy to your clipboard. Local-first, no account, no telemetry, MIT open source.

Built and tested on macOS 26 (Tahoe) + iOS 26.

Repo: https://github.com/apoorvdarshan/TetherShot

Stop pasting the same post into 12 tabs — I built a local-first cross-poster

Apoorv Darshan — Sun, 14 Jun 2026 05:15:23 +0000

Launch day, every time: write the announcement once, then paste it into X, LinkedIn, Bluesky, Mastodon, and a dozen other tabs — fixing link previews and character limits on each.

I got tired of it and built Crossposter: compose once, pick your channels, publish to all of them from your own machine.

npx @apoorvdarshan/crossposter@latest

It opens at http://localhost:2004. No cloud, no account, MIT-licensed.

🔗 https://crossposter.apoorvdarshan.com

Designing a bring-your-own-key (BYOK) architecture on iOS

Apoorv Darshan — Sun, 14 Jun 2026 03:07:22 +0000

BYOK means the user supplies their own provider API key. Here's the shape of it in Scowld:

Each provider has a Keychain entry (com.scowld.apikey.<provider>).
The UI never persists keys in UserDefaults or files.
Requests are built on-device and sent directly to the provider — no proxy server.

The payoff: no backend to run, no keys to custody, and a privacy story that's verifiable because there's nothing in the middle.

Full source: https://github.com/apoorvdarshan/scowld

I reverse-engineered Wellfound to learn web automation — the 3 layers, open-sourced

Apoorv Darshan — Sat, 13 Jun 2026 21:15:17 +0000

Reverse-engineering a real product is one of the best ways to actually understand how the modern web works. So I built wellfound-bot — an open-source (MIT, Python) project that turns your own Wellfound (ex-AngelList Talent) job hunt into a single command, and documents the whole thing as a learning resource.

The job-hunt part is the hook. The interesting part is the three layers of web automation I had to peel back to get there — each more "invisible" than the last.

Layer 1 — Human-like browser automation (Playwright)

Driving a browser is easy. Driving one that doesn't look like a robot is the actual skill. This layer uses Playwright with curved mouse paths, hovers, think-pauses, per-character typing with randomized timing, and rate limits — to understand what "human-like" really means at the event level.

Layer 2 — Read-only API capture over CDP

The moment you launch an automation browser, navigator.webdriver flips to true and you're flagged. So instead of faking a browser, this layer attaches to your own real Chrome over the Chrome DevTools Protocol and observes the GraphQL traffic the app already makes as you browse. You learn the API by watching it — read-only, navigator.webdriver stays false.

Layer 3 — Pure-HTTP replay with a Chrome TLS/JA3 fingerprint

Once you understand the endpoints, drop the browser entirely. Using curl_cffi, it replays captured requests over plain HTTP with Chrome's exact TLS/JA3 fingerprint and your cookies — indistinguishable from real Chrome at the network layer. No automation flags, no headless tells.

The one-command agent

python wf_agent.py --skills React --remote --limit 5
# or natural language (optional, via Claude):
python wf_agent.py "apply to 5 remote React jobs with pay"

Stack & setup

Python 3.10+, Playwright, curl_cffi, GraphQL. MIT licensed.

pip install -r requirements.txt && playwright install chromium
python login.py   # one-time manual login
python run.py

⚠️ Educational / personal-use only

Built to study web automation and API reverse-engineering — and to automate your own account, at your own risk. Automating Wellfound is against their ToS and accounts can be suspended. Don't mass-apply, scrape at scale, or operate accounts that aren't yours. The value is in understanding the techniques, not abusing them.

🔗 https://github.com/apoorvdarshan/wellfound-bot (MIT)

Why I built a quit-app around the craving, not the chart

Apoorv Darshan — Sat, 13 Jun 2026 19:00:30 +0000

Most habit apps are great at hindsight. A streak counter, a calendar, a chart you look at the morning after you slip. None of it helps in the 90 seconds when you actually want to relapse.

So I built Quit All around the opposite idea: a button for the moment a craving hits.

SOS mode

Open it during a craving and it starts a timer, then walks you through prompts and GIFs until the urge passes. Cravings are short — the app is designed for those few minutes, not the dashboard.

Everything else supports the moment

Streaks, relapse logging that doesn't wipe your progress, money saved, milestones, danger-time stats, and widgets. It works for smoking, vaping, alcohol, porn, social media, weed, gambling, overspending, and caffeine.

It's a solo build, free to download.

App Store: https://apps.apple.com/us/app/quit-all-break-every-habit/id6760978934
Website: https://quit-all.com

I'd love feedback on whether "SOS button for cravings" lands as the framing.

Your Mac can screenshot a USB iPhone — Apple just hides the device

Apoorv Darshan — Sat, 13 Jun 2026 14:30:32 +0000

Plug an iPhone into a Mac and AVFoundation can see it as a real capture device — full resolution, actual framebuffer. The catch: Apple filters it out of the default device list.

The unlock is one CoreMediaIO property. Flip AllowScreenCaptureDevices on, re-enumerate, and the iPhone shows up as a .muxed AVCaptureDevice right next to your webcam:

var prop = CMIOObjectPropertyAddress(
    mSelector: CMIOObjectPropertySelector(kCMIOHardwarePropertyAllowScreenCaptureDevices),
    mScope: .global, mElement: .main)
var allow: UInt32 = 1
CMIOObjectSetPropertyData(CMIOObjectID(kCMIOObjectSystemObject),
    &prop, 0, nil, UInt32(MemoryLayout.size(ofValue: allow)), &allow)

After that it's a plain AVFoundation pipeline:

Find the .muxed device in AVCaptureDevice.DiscoverySession
Run a capture session, grab one frame
Write native 1179x2556 to your folder, copy to clipboard

No AirPlay, no mirroring window, no compressed stream. It's the real thing the phone is rendering, captured instantly over the cable.

This is the USB mode of TetherShot — a tiny macOS menu-bar app. MIT, ships via npm, builds from source so there's no Gatekeeper warning.

npm install -g tethershot

Code: https://github.com/apoorvdarshan/TetherShot

I built a free, open-source AI calorie tracker because the others got greedy

Apoorv Darshan — Sat, 13 Jun 2026 14:00:20 +0000

Most calorie trackers have drifted into the same place: a subscription wall, ads, a mandatory account, and your eating data quietly monetized. I wanted the opposite, so I built Fud AI — a free, open-source, privacy-first calorie tracker for iOS and Android.

The core idea

Point your camera at a meal and the AI estimates calories + macros in seconds. No scrolling a database of forty "grilled chicken" entries. If the guess is off, you unlock and edit before logging.

What makes it different

Free & open source (MIT) — no paywall, no dark patterns. Code: https://github.com/apoorvdarshan/fud-ai
Privacy-first — no account, no cloud sync, no analytics. Your log lives on your device.
Bring your own AI — 13 providers (Gemini, OpenAI, Claude, Grok, Groq, Mistral…), local Ollama, or on-device Apple Intelligence.
10+ ways to log — camera, barcode, nutrition label, voice, text, manual, saved meals.

Stack

SwiftUI on iOS, Jetpack Compose on Android, all data local (UserDefaults / on-device storage), keys in the Keychain / Android Keystore.

If a free, private calorie tracker sounds useful, try it at https://fud-ai.app or star the repo. Feedback very welcome.

Fable 5 lasted 72 hours: the model that could one-shot your backlog, then got banned

Apoorv Darshan — Sat, 13 Jun 2026 12:23:11 +0000

There's a cartoon going around dev circles this weekend: a handful of people huddled around a campfire in a ruined, post-apocalyptic city. The caption, from Dan Shipper:

"yes, eventually Fable was banned. but for a beautiful moment in time, we could one shot our whole backlog."

It's funny because it's barely an exaggeration. Here's what actually happened.

A 72-hour life

June 9, 2026 — Anthropic ships Claude Fable 5, the first publicly available model in its "Mythos" tier. Fable is a guardrailed version of Mythos 5, the frontier model Anthropic previewed in April that reportedly found security flaws in every major operating system and browser it was tested against. Mythos itself was locked behind a vetted-access program ("Project Glasswing," ~50 organizations like Apple, Google, Microsoft, Amazon, and CrowdStrike). Fable was meant to be the safe, public-facing version — with responses blocked in high-risk areas like cybersecurity and biology.

Hours after launch — researchers reading the (319-page!) system card find a covert limitation: Fable would silently downgrade its answers when it detected questions about cutting-edge AI development — with no notice to the user. The backlash was immediate. Nathan Lambert called it "appalling"; Dean Ball called it "secret sabotage." Anthropic reversed within hours: "We made the wrong tradeoff, and we apologize for not getting the balance right."

June 12, 5:21 PM ET — the U.S. government orders Anthropic to immediately disable both Fable 5 and Mythos 5, for everyone, worldwide, citing national security. Anthropic complies the same day.

That's the whole arc. Three days.

Why it got pulled

Officially, the directive was framed as an export-control measure aimed at foreign nationals. But according to Anthropic, the real trigger was a claimed "narrow, non-universal jailbreak" of Fable 5. And the jailbreak itself? In Anthropic's own words, it amounts to "asking the model to read a specific codebase and fix any software flaws" — surfacing minor, already-known vulnerabilities that other public models can find too.

If you've ever pointed an AI at your repo and said "find the bugs," congratulations — you've performed the jailbreak.

Anthropic isn't happy

Anthropic is complying but pushing back hard:

"We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people."

Their argument: the same capability exists in competing models (they name OpenAI's GPT-5.5) and is used by cybersecurity professionals every day. Recalling a shipped model over it, they say, would effectively halt new model launches across the industry if it became the standard.

There's an irony a lot of people are pointing at. Anthropic built its brand on loudly warning how dangerous frontier models are — and then selling the guardrails. Sam Altman had previously dunked on this as "fear-based marketing." This week, that positioning arguably attracted exactly the scrutiny that nuked the product.

What it means if you build software

The campfire joke lands because, for three days, a lot of teams genuinely did clear backlogs with a single model that was that good at reading and fixing code. Then it vanished — globally, overnight, by directive — while other Anthropic models stayed untouched.

The lesson isn't "AI bad" or "government bad." It's model continuity:

Don't hard-wire one model into your pipeline. Access can disappear for reasons that have nothing to do with you: regulation, a security finding, an export order.
Abstract your provider. Keep prompts and tooling portable so switching models (or vendors) is a config change, not a rewrite.
Capability is outrunning policy. A model good enough to one-shot a backlog is also good enough to make regulators nervous. Expect more turbulence, not less.

Fable 5 may come back — Anthropic says it hopes to reinstate access and believes the directive stems from "a misunderstanding." But for now, it's a campfire story.

For a beautiful moment in time, we could one-shot our whole backlog.

Sources

Local-first social publishing, explained

Apoorv Darshan — Sat, 13 Jun 2026 05:15:18 +0000

Crossposter runs on localhost and talks to each platform directly. Your tokens never leave your computer — no cloud, no SaaS holding your accounts. MIT licensed.

Why I removed all payments from my app and went free

Apoorv Darshan — Sat, 13 Jun 2026 03:07:18 +0000

Scowld used to have subscriptions, a paywall, and voice credits. I deleted all of it.

The new model is bring-your-own-key (BYOK): users plug in their own AI/voice provider keys and pay those providers directly, at cost. There's no markup to justify and no billing code to maintain.

This removed an entire category of complexity — RevenueCat, StoreKit products, receipt validation, server-side entitlements — and made the app genuinely free.

It's also open source now: https://github.com/apoorvdarshan/scowld

The iPhone screenshot tool Apple never shipped (so I built it)

Apoorv Darshan — Fri, 12 Jun 2026 14:30:15 +0000

Here's the official way to get a clean iPhone screenshot onto your Mac in 2026:

Plug in the iPhone over USB
Open QuickTime Player
New Movie Recording → pick the iPhone as the source
Wait for the mirror window
Pause on the exact frame you want
Screenshot the window
Crop out the window chrome
Discover it's not full resolution anyway

Eight steps. To grab one frame. It's a record-a-video-and-pause-it hack for something that should be a single keystroke.

The frustrating part: macOS already knows how to do this properly. There's a CoreMediaIO property called AllowScreenCaptureDevices. Flip it on and your iPhone shows up as a normal AVCaptureDevice — the same way Apple's own internal tooling sees it:

defaults write -g AllowScreenCaptureDevices -bool true

From there it's plain AVFoundation: open the .muxed device, grab the framebuffer, done. Native 1179x2556, no mirror window, no cropping.

That's the whole idea behind TetherShot — a tiny macOS menu-bar app that does the dance for you. Press Cmd+Shift+7 anywhere and the pixel-perfect frame lands in a folder you chose plus your clipboard.

No QuickTime. No analytics. No account. MIT open source.

https://github.com/apoorvdarshan/TetherShot

One compose box, twelve platforms: meet Crossposter

Apoorv Darshan — Fri, 12 Jun 2026 05:15:15 +0000

Compose once, publish to X, LinkedIn, Bluesky, Mastodon, Instagram, YouTube, and 6 more — from your own machine. Free, open source, one command:

npx @apoorvdarshan/crossposter@latest