Portrait of Lars Holmström

I build native apps and privacy-first web tools.

Melbourne, cyber-security graduate, everything here shipped solo.

@larsitodev lars-1987 larsh.dev@proton.me

Work

In progress, and shipped.

Newest first.

Bedcheck screen Bedcheck screen

in development

Bedcheck

An iOS accountability app for your bedtime, not your wake time. Escalating notifications, an integrated wake alarm, and HealthKit tracking — no streaks, scores, or shame metrics.

Swift 6 (strict concurrency) · iOS 26 · SwiftUI + @Observable · SwiftData · AlarmKit · ActivityKit · WidgetKit · HealthKit · AppIntents

  • Built against AlarmKit on day one — before the docs existed. AlarmKit shipped in iOS 26 with little beyond one WWDC session, so I read the .swiftinterface directly to verify API shapes. Found that Xcode silently drops NSAlarmKitUsageDescription from the generated Info.plist (not in its key allowlist), that stopButton was quietly deprecated in 26.1, and that a missing Live Activity widget leaves alarms stuck as an empty Dynamic Island — all from device dogfooding, not documentation.
  • Three-rail reliability for the load-bearing feature. If the wake alarm fails, someone oversleeps — so it's layered: local on-device notifications, the system-scheduled AlarmKit alarm (fires through Silent/Focus/lock/force-quit), and a best-effort Live Activity. Each rail can fail without breaking the safety net. A documented "independence invariant" guarantees no server roundtrip is ever in the alarm's critical path.
  • Known limitations treated as decisions, not embarrassments. A ~7,000-line spec written before code, with deviations tracked in a decisions log so docs never drift — and every accepted MVP failure mode documented with why it's acceptable and what fixes it in v1.1.
Visit site · coming soon App Store · coming soon
Helio screen Helio screen Helio screen Helio screen Helio screen

in development

Helio

A native macOS app for solo multi-project people — schedule focused work sessions, capture context at the end of each, and pick up exactly where you left off. Every project gets its time.

SwiftUI · SwiftData · CloudKit · Swift 6 (strict concurrency) · EventKit · macOS 14+

  • The unit of work is the project, not the task. Task-first tools break for people running several long-running projects in parallel — the failure isn't forgetting a task, it's neglecting a whole project for weeks because re-loading the context feels insurmountable.
  • A forced wind-down ritual closes every session. Structured capture of what got done, what's unfinished, and what's next — which auto-loads when you start the next session for that project. The chain stays unbroken across weeks.
  • Getting the carry-forward chain right under CloudKit needed a non-obvious data model. Storing "next session" tasks as a JSON blob works on one device but breaks under CloudKit's last-write-per-field merge — a stale device silently overwrites the other's tasks. The fix: decompose the blob into individual PendingTask CloudKit records, each with its own merge resolution, materialised atomically into session tasks on next start. The broader lesson: schema choices that look fine on one device hide their pathologies until you add distribution.
Visit site · coming soon App Store · coming soon
MetaStrip terminal interface MetaStrip terminal interface

shipped · open source

MetaStrip

Browser-based metadata removal — GPS, EXIF, AI tags, author data stripped from photos, docs, video and audio. Nothing ever leaves your device.

Next.js · 100% client-side · MIT · piexifjs / pdf-lib / jszip + custom binary parsers

  • Custom equal-size replacement for audio & video. Hand-wrote an in-browser MP4 atom walker that swaps metadata atoms for free atoms of identical size — plus custom ID3/Vorbis/RIFF parsers replacing blocks with equal-length PADDING/JUNK. No length recomputation, no broken offset chains, playback never breaks.
  • Structural privacy, not a promise. Zero upload, zero server, zero cache — verifiable in the Network tab. The guarantee is the architecture.
  • Deliberate library-vs-custom split. Mature libs for the well-trodden image/PDF/Office paths; bespoke parsers only where byte-level control was required.
Visit site Source
SanctumPDF interface SanctumPDF interface SanctumPDF interface SanctumPDF interface

shipped

SanctumPDF

Privacy-first PDF & financial-file conversion PWA. Processing happens in the browser; files are never persisted server-side.

Next.js · Tailwind · Supabase · Stripe · Vercel · Wasm: pdf-lib / pdf.js / QPDF

  • Client-heavy, server-light. Wasm does the PDF work in-browser; the server only handles auth, payments and licence checks. Files live in memory and vanish on tab close.
  • Avoided the AGPL trap. Chose pdf-lib + QPDF Wasm over Ghostscript/MuPDF — cut the Wasm payload ~7× (≈4MB → ≈580KB compressed) and removed a licensing landmine.
  • 14-locale i18n. SEO-driven internationalisation expanded the indexed surface from ~36 to 335+ pages.
Visit site
Renew app screen Renew app screen Renew app screen Renew app screen Renew app screen

shipped

Renew

Skincare tracking with real analytics — and an OCR→AI pipeline that reads a product label and structures it.

React Native · Expo · Supabase · OCR + Gemini

  • OCR → Gemini extraction pipeline. Point the camera at a product; OCR lifts the text, Gemini parses it into structured INCI / brand / product data and translates Korean & Japanese labels into a normalised, searchable form.
  • Analytics as the differentiator. Skin-score trending, ingredient-conflict detection, and time-lagged correlation linking a breakout to something used days earlier.
  • Backed by Supabase — on purpose. A real backend where longitudinal cross-device data warrants it, in a portfolio that otherwise defaults to on-device.
Visit site Visit App Store
Vesper app screen Vesper app screen Vesper app screen Vesper app screen

shipped

Vesper

Multilingual contemplative scripture app with a dynamic time-of-day sky system. Fully on-device.

Expo · React Native · on-device SQLite · RevenueCat · no backend

  • Two-database design. A read-only content DB (~94MB, four translations) cleanly separated from a user-data DB — shippable content distinct from user state.
  • No backend, by design. Privacy plus zero infra cost, consistent across the portfolio.
  • Dynamic sky system. Seven time-of-day phases cycle through the day — atmosphere and craft without a server.
Visit site Visit App Store
Virtus app screen Virtus app screen Virtus app screen

shipped

Virtus

Stoic daily-wisdom and journaling — 150 public-domain passages, entirely on-device.

Expo · React Native · RevenueCat · PostHog (cookieless) · no backend

  • On-device content pipeline. A curated passage set with journaling prompts, shipped without any server dependency.
  • Shared design system. The same architecture cleanly reskins into sibling apps — systematised, not copy-pasted.
Visit site Visit App Store

Homelab

What I run.

Services I operate and maintain at home, across a few stacks.

Virtualisation
Proxmox·VM/LXC host running everything below
Docker + Compose·service deployment & orchestration
Portainer·container management across hosts
Linux·Ubuntu / Arch / Debian, headless
Arch VM + systemd·persistent Python Discord bot (PUBG API + Steam RSS)
Networking & access
Unifi·managed network + segmentation
Caddy·reverse proxy, automatic TLS
PiHole + Unbound·DNS filtering with recursive resolution — no upstream resolver
Tailscale·WireGuard-based secure remote access
Storage
ZFS·snapshots, integrity, redundancy
Observability & services
Uptime Kuma·service health monitoring & alerting
Grafana + Teslamate·self-hosted vehicle telemetry dashboards
Jellyfin·self-hosted media streaming