Show HN: Dialtone watcher – what is my laptop doing and am I normal
Hi HN we are Andrew and Dex. We built dialtone watcher, a small Go agent for macOS and Linux with a very specific goal: tell me what my machine is doing all day and help me compare that with others.
What it does so far:
- Watches running processes, CPU and memory use, and active network endpoints.
- Groups traffic into human sized summaries by process, domain, and coarse protocol like HTTPS, DNS, QUIC, and Postgres.
- Stores a local summary and can post bounded rollups to the dialtoneapp.com api so enough installs can turn the fleet view into something real.
We kept circling the same question: why is there no simple tool that answers "what does this machine actually spend its day doing?" Activity Monitor shows one slice. Little Snitch shows another. Fleet tools exist, but usually behind a corporate wall. We wanted something more honest and inspectable. The real motivating question was not just "what is my laptop doing?" but "am I normal?"
Say I have a MacBook Pro with 14 cores and 36 GB of memory and I run Docker all day. Why is Docker chewing so much more CPU and RAM on my machine than on similar developer machines? Why do I have some weird helper process that keeps hanging around? Why is my laptop talking to domains I do not recognize? You cannot answer those questions from one machine alone. You need a baseline from many machines with comparable hardware and comparable work.
Open source MIT License: https://github.com/andrewarrow/dialtone-watcher
Andrew and I kept a history of our conversations in:
https://github.com/andrewarrow/dialtone-watcher/tree/main/pr...
The big idea is crowdsourced threat intelligence. Every installed agent becomes a sensor. Each one reports process to domain connections, DNS activity, connection frequency, bytes transferred, and basic IP context like ASN and country. On one machine that data is mildly interesting. Across thousands of machines it becomes powerful very fast.
Security companies like CrowdStrike and SentinelOne do exactly this. But those products are enterprise-only, expensive, and opaque.
If some unknown helper suddenly starts talking to the same odd domain on 27 machines in an hour, it's a pattern. If a so called PDF viewer is uploading 18 MB to a domain almost nobody has seen before, that starts to look like exfiltration. If a new VSCode release is the only build talking to some random domain, that starts to smell like a supply chain problem. If Slack or Docker suddenly behaves nothing like the baseline for similar developer machines, you can flag that too.
We think there is room for something more open, inspectable, and useful for normal developers. If you try this, feedback should focus on readability of the summary, correctness of process and domain attribution, whether the upload payload feels proportionate, and what comparisons would actually help you decide "am I normal?" If enough people install it, run it, and send data, the demo becomes real and the real product gets much smarter.
I'll leave you with the following question. Should modern software projects include a prompts directory like this? It takes so little effort to capture the prompts used and they tell a story like git history does. It's a great idea. Bandwith monitoring and historical usage is important. AppImage would be good too. I wonder if it could be used to to stop bot abuse by being server-centric, like an immune system. Another strange/unrelated idea is prompt and search term obfuscation: mixing up sources to make profiling difficult. Is it possible to introduce a middle layer to do that? great ideas! I put up https://dialtoneapp.com/explore with a live window into all the data it's collected from a whopping 2 machines so far... I think as people move to Linux on handheld (presumably) they will get more interested about who/what/how their machine is being utilized. They'll want to keep it as clean as possible to improve battery life, maximize speed and decrease bandwidth costs. I think the "one machine per person for everything" is the future with multiple adapters being available depending on the situation. That will coincide with more crypto usage too. Maybe you could take micropayments at some point as well. Just out of interest, for dialtoneapp.com - how are you viewing browsing stats? Are you able to identify actual humans? Would make for an interesting widget: "3 humans viewing now." oh cool idea. I have mixpanel javascript in there now. example payload:
https://github.com/andrewarrow/dialtone-watcher/blob/main/ex... Meh.