I built a self-hosted period tracker because I couldn't find one worth using
(github.com)
from terraincognita@lemmy.world to selfhosted@lemmy.world on 06 Mar 16:09
https://lemmy.world/post/43939821
from terraincognita@lemmy.world to selfhosted@lemmy.world on 06 Mar 16:09
https://lemmy.world/post/43939821
My wife needed a cycle tracker. Everything out there was either Flo (which got sued twice for sharing health data) or an abandoned GitHub project. So I built Ovumcy. Single Go binary, SQLite, Docker-ready. No analytics, no third-party APIs, no cloud. Your data stays on your server. Features: period tracking, symptom logging, predictions (ovulation, fertile window), statistics, CSV/JSON export, dark mode, Russian and English. Just pushed v0.2.5. Looking for feedback from real users.
threaded - newest
.
This is super cool! I’m not afab so I can’t help test and my question may be ignorant but I’m curious why one would want this functionality to not be something native and benefits from being hosted at all?
There are some f-droid trackers that look nice (I keep seeing one there with a super pretty ui) but I’m not sure what the tradeoffs of just using a native application for something like this might be
Ownership of your data, privacy concerns, apps being tracked, cross-device, no f-droid for iOS.
The benefit over a purely local app is mainly cross-device access and easier syncing/backups, while still avoiding a third-party service storing your data.
I was going to recommend this to someone I know but when I realised your readme.md is entirely AI-generated, I guess the whole project is probably vibe-coded. I can’t in good conscience recommend someone trust their health data to a vide-coded app because they tend to have security problems.
Also all ai-generated code is public domain so your AGPL license is kinda empty. Might as well use MIT.
Charitably, it could be an AI readme and hand rolled code, but it definitely is a smell.
Yeah there are other signs too. Look at those commit messages, all vague, all perfectly capitalized. All with a nice long description with bullet points.
No one does that in a project they’re building for themselves.
I answered earlier, that I use AI and this is just a commit skill for an agent.
Judging code quality by use of LLM in a documentation and commit messages is weird.
While I write all of my code myself and I’m against vibe coding etc., there is one place where I let a LLM write for me: readmes, commit messages and Javadoc comments.
I know how to write code but at the same time I’m shit at both my native language and even more so at English. So I let Language Models write natural language texts for me and just fix them when necessary. My documentation is more clear, grammatically correct and more detailed than in any of my previous projects, and I can focus on writing code.
And I wouldn’t say “No one does that in a project they’re building for themselves”. I do that for projects that only I will ever see, and OP shared his project with others, so it’s great that he included a clear documentation
Speak for yourself, I always did that and I found it easier with LLMs nowadays.
I hate most AI shite with a passion but when it helps my colleagues write commits which are more than “add stuff”, “fix some things” I’m fine with it.
I rarely use AI to generate code, usually only when I need a starting point. It’s much easier to unfuck AI code than to stare blankly at a screen for an hour. I’d never commit code I don’t fully understand or have read to the last byte.
I hope OP is doing the same. LLMs fail at 90% of coding tasks for me but for the other 10% (mostly writing tests, readmes, boilerplate) it’s really OK for productivity.
Ethics of LLMs aside, if you use them for exactly what they’re built for – being a supercharged glorified autocomplete – they’re cool. As soon as you try to use them for something else like “autocompletion from zero” aka “creativity”, they fail spectacularly.
.
I do use AI tools while developing this project, but I also have a BSc in Computer Science. AI is a productivity tool.
Security is something I take seriously, especially since the project deals with health data. All code has test and you’re welcome to inspect the repository yourself or point out any specific security concerns if you notice them.
Regarding licensing: the AGPL license applies to the project as a whole regardless of the tools used to write parts of the code.
If you have concrete technical feedback or security issues, I’d genuinely appreciate it.
You should add a disclaimer stating that you have used an LLM. I have done so for a tool I built with an LLM that I needed, because I don’t know jackshit about coding and I am not gonna pretend I do.
Partially agree, but I do know how to code and use it as a tool.
You can see that I use some of metrics, like test coverage, estimates and so on to prove its validation as potentially serious project, that will grow from a pet one.
Testcoverage by ai generated Tests is close to worthless. “Tests are only as good as the person writing them”
Did you generate your tests?
I agree with you, therefore I also need contributors for that. It is difficult to run this on my own, as I have basic in coding, but not a tester, so I have to use agentic workflow to check after it was generated, so it is not just like hiding sh*t.
It’s not realistic to expect no AI assistance in coding in 2026.
It’s also not a stand-in for a human. There’s a huge field of gray where it’s unclear how much of it was fully vibe coded vs how much is carefully hand reviewed and/or written.
I’ve been a professional developer for decades and I’ve done both. Obviously I’ve hand coded stuff for many years. The fully vibe coded stuff is personal, to test and learn the capabilities of the tech. My professional stuff I watch much more closely, and I’m much more targeted in what I’m having the AI do.
That said, if I were gonna use this I’d actually review the code. I’m not recommending this guy’s stuff, but you can’t rule it out on the basis of ai assistance alone.
It may not be a stand in for a human, but that’s exactly how many of these vibe coded projects are. It’s not unreasonable to ask the developer to spend 30 seconds to describe how they use these tools.
Guess I’ll stick to unrealistic software then.
A bunch of people who couldn’t tell their left shift from their right shoelace think you don’t know what you’re talking about lol.
I agree, to a person who knows the machine, an AI is like a compiler: you know the output you’re going for, the tool helps you get there faster. Expecting you to do something the slow way because someone else doesn’t know how to code is nonsense. There is a massive difference between using it as a tool, and blindly taking generated code.
If the internet existed in the 70s, I bet people would have asked for a disclaimer on compiled assembly.
Pathetic. You have a serious skill issue, that much is true, but you need to keep it to yourself instead of sharting it out into society. Code better or go get a job you’re more qualified for, like operating a tollbooth.
Ignorance, fear, or are you just following the kid’s trend of anti-ai, pushback against corporate desperation?
None of the above, I just don’t suffer fools.
Why?
It makes sense to try to give users an idea of how robust a project is, but the exact details of the tools involved in its creation rarely add much to that. It gets a little weird with LLMs because they allow someone with no programming skill to create software that appears to work, which ought to be disclosed; “I don’t know what I’m doing and I asked a robot to make this” does indicate unreliable code. A skilled developer having an LLM fill in some extra test cases, on the other hand can only make the project more robust.
But if OP does know and apply that knowledge to what they are doing, it’s not the same thing and doesn’t make sense to have the same disclaimer.
How does AI help with productivity? I’ve gotten so many false answers that I quit trusting it
@militaryintelligence @terraincognita
They are tools like any other, it's how you use them that matters.
No, they’re tools different from any other due to their nondeterministic nature. That, coupled with hallucinations, are the big differences that make me automatically dismiss anything using these tools.
All sounds a bit Greek to me. Free will vs determinism with a splash of Aristotle's distaste for contradiction.
Machine learning powers the cancer drugs that keep me alive, modern banking systems and the chess and rogue like apps I've been using since the 80's.
Wasn't long ago Gutternberg's devilry was ruining the world and destroying art and creativity, now peeps treating it like Hersiod's ages of God's & Heroes.
Imagine you are on the ground under your car and need a different tool. You ask for it and somebody hands it to you. That person is young and inexperienced. It is up to You to check if it’s the right tool, and if not pass it back (and in this example tell the person about the error and help them correct it).
And sure, You can always crawl out and get the tool yourself and sometimes that is the only option and in coding terms in my opinion best practice. But you can be faster with your helper. Use it appropriately and see how it affects your work. And that’s the point, your work. Don’t pass responsibility or thought off to AI.
Ok but give me a wrench example in coding terms. What wrench are you wanting? I really am curious
“how would you approach this task where I have x prerequisite and want y”
It’s like taking the paper of your classmates as “inspiration”. It’s a lie that it is only inspiration but it’s also not a verbatim copy and got me on the right path.
Because it’s able to write boilerplate faster than a human. And because it’s able to perform refactorings that are not possible with IDEs or regex due to their lack of structure. Also because you can ask it to review your files and it does find bugs that would otherwise be missed at first. There’s a huge difference between vibe-coded slop and using the tools available to you effectively.
I use it all the time as a kind of brainstorming tool.
“I want to do X (and details), can you tell me what tools or algorithms are available to me? List their pros and cons and give me some comparison”
Or on a somewhat recent project of mine, I has to effectively stub an entire library (but didn’t have to be done well), so I just told AI “take this page (the docs) and generate empty function stubs from it”. It doesn’t need to be high quality since it doesn’t run, it’s just to fool the dotnet engine.
I also tend to ask AI to add logging to some functions, since it’s annoying to do and impossible to mess up.
Best answer I’ve read. I get why it’s used, I just don’t trust it because there’s got to be a catch as hard as companies are pushing it. It’s available for free, so we must be the product somehow
I’m guessing you let the AI make the tests and everything, which wouldn’t give me much reassurance that any of the code is good. Sadly AI will jump through any hoops it can to get tests to pass if it can’t get the code working.
I think people who let AI run wild to create a whole app should write the tests themselves or at least only with line completion (jusdging by a quick look at the project files, I am guessing an AI did everything).
Could be food for thought?
The danger being raised with the licensing is that you can’t license something if you’re not considered to be the author. There are growing examples of courts and lawmakers determining AI output to be public domain:
https://www.theregister.com/2026/03/06/ai_kills_software_licensing/
This is an evolving, global situation and hard to know what to do right now. I think what you’ve got is fine though - you’ve made it clear your intention is to license with AGPL. It’s just that depending on the jurisdiction it might be public domain instead.
This is another reason to be clear about the use of AI in the README so your users can make an informed decision.
I agree, though there is a difference in case you rovided and mine. It is a human-directed work. Thousands of libraries, Kubernetes, Kubernetes still live and license is valid.
Thanks for doing this, I was debating doing the same. It needs to exist.
F-Droid has Drip, Bluemoon and Periodical.
Yes, I’m aware of those apps. They’re great local-first mobile trackers. Ovumcy explores a slightly different approach - a self-hosted web app that can run on infrastructure you control and be accessed from multiple devices.
I did the same thing for my partner. She didn’t migrate in the end, and google killed my play store account.
bloodyhealth.gitlab.io - is also a good option.
Some kind of data import would be nice to have according to my partner, but it might be tricky with all the different apps.
I like the naming:) and is there any chance to restore access to your account? It looks like it might have a future.
That link isn’t mine, and it is available and active.
Mine is github.com/cameroncros/PrivatePeriodTracker
But it’s abandoned. Your welcome to steal anything you like from it.
Well, not stealing, being inspired)
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
6 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.
[Thread #140 for this comm, first seen 7th Mar 2026, 01:40] [FAQ] [Full list] [Contact] [Source code]
Fuck bots.
I think this particular bot is a good one
Why not use drip or mensinator? Both FOSS.
Ovumcy isn’t trying to replace them. The idea here is to explore a self-hosted, web-based approach that focuses on running the app on infrastructure you control, with simple deployment and cross-device access through the browser.
Different tools optimize for different things. Native apps like Drip or Mensinator are great for fully local tracking, while Ovumcy explores a self-hosted model that can be accessed from multiple devices without relying on a third-party service.
I see how they differ now. Local vs self hosted. Niche use. But I get your idea especially helpful between partners I suppose. Keep it going! Let’s see where it lands in time. Personally I think the name is hard to remember and pronounce correctly which means it might not be super catchy and really take off. My opinion and in no way should deter you. Perhaps tweak the name. Overall though good job and keep going. This not a negative thing I say. Just to trying to help you refine the idea to success. Best of luck!
Appreciate that!
this is great, especially when our government starts tracking everything we do online.
great forward thinking if that was your intention.
Yup. You really don’t want the maga cult monitoring your cycle. If you stopped menstruating for a bit you must be pregnant. Where is the baby? Omg you murdered the baby by taking Tylenol!
I see that we face it all over the world now.
I use a period tracker to identify file extensions.
As a non-native speaker, I had to use LLM to get that joke)
Do you know about drip? It as local non-profit cross-platform open source smartphone app and my girlfriend is a happy user for years.
It is a greap project, mine is not a replacement, but a little bit different approach. It’s a self-hosted web application that you run on infrastructure you control and access from multiple devices. In Drip you can export or import data, but this step is a payment for privacy. Mine offers privacy but from a different perspective.
So what you’re saying is, you added private Cloud storage to it?
No-no, you run your VPS and deploy it there. So you define your storage, it can be homeVPS
I use Android, my wife - iOS. So many things that on F-Droid are simply unavailable to her (yes, I tried to convince her to go to our side). So I searched for living projects with self-hosting idea, did not find one and decided to create one. I have a CS background, though my professional work today is mostly in finance as a senior analyst where I write code to automate and optimize workflows. Ovumcy started as a personal project exploring a self-hosted approach to cycle tracking.
I recommend you set the Content-Security-Policy http header so that inline javascript (commonly used for XSS attacks) cannot be executed.
https://web.dev/articles/strict-csp
CSP being off is not exactly a security hole but it makes security holes much more likely. By using a strict CSP configuration you close off the possibility of a whole class of holes.
Also think about setting the
Access-Control-Allow-Originheader and enable CORS on your REST endpoints.https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Access-Control-Allow-Origin
Again, kind of a pain in the ass but gets rid of a bunch of potential problems before they start.
Thanks for the suggestions, those are good points.
CSP is something I plan to tighten over time, but enabling a strict policy right now would require refactoring some inline JS patterns used in the templates. It’s definitely on the roadmap as part of security hardening.
Regarding CORS, the application currently runs as a same-origin server-rendered app rather than a cross-origin API, so CORS headers aren’t enabled by default. If external clients or integrations are added in the future, I’d likely introduce a restricted allowlist for specific API routes.
Your releasing a health data app without doing security hardening?
So much for you saying you take security seriously
No, we didn’t ship it without security hardening.
We already hardened the main sensitive parts:
sealed auth/recovery/reset/flash cookies no auth or recovery secrets in URLs or JSON POST + CSRF logout basic browser security headers CodeQL, gosec, Trivy, and SBOM in CI What’s still missing is a strict CSP. That’s not a one-line switch here because the current frontend still needs some refactoring first.
CSP is released.
Worth to say, that this is an ongoing development, this is not even version 1, v 0.3.1
What a douchebag
What a chad. I wish I were woman to use your app.
<img alt="" src="https://lemmy.wtf/pictrs/image/cd50d713-0903-41ac-8347-48eddf93bfb4.png">
MR PIZZA!?!?!??! O_O
Unrelated, but I love your username; and boosting for visibility.
My partner might volunteer to try it out, but since she is very regular it probably wouldn’t help much for input.
The main feature she says she misses from Flo (we are also data savy, so she left it), was for when things were irregular, the ability for it to predict the why’s and when’s like stress, etc.
In the current iteration, if something is irregular can you put in what happened and have it auto-adjust?
Also, reminder notifications a couple of days out were helpful.
I had been considering a project like this as well, but one that uses on-device analytics to record the why’s and when’s, then allowing for scrubbed anonymous submissions (date adjusting/etc like you do in a clinical trial) to allow for algorithm development while preserving privacy.
Happy to have a conversation about this for future potential PRs (I am an avid FOSS contributor in both planning and code, even working on a project for the Linux Foundation kernel dev team now).
Thanks, this is really useful feedback.
The reminder part is already on the roadmap, and I’ve now added two more issues based on your note about irregular cycles:
The direction I’d want for Ovumcy is less “the app predicts the why” and more:
The anonymous scrubbed-submission idea is interesting too, but I’d treat that as much later, because it changes the privacy/trust model a lot.
Happy to keep talking about it, and future PRs would definitely be welcome.
Awesome! My wife just had her IUD removed and will probably start tracking again. Will get this set up for her and see if she likes it, will provide feedback if she has any.
Thank you, I opened Discussions for that, fell free to communicate.
There definitely an actively developped open source privacy focused period tracker available, go check it out: gitlab.com/bloodyhealth/drip But all data stays local on your device , which is of course good from privacy pov but if you are looking for something accessible from different devices then this might not be suitable.
Thank you! I am aware of it, but mine is slightly diffrent approaches to the privacy, allowing to access from multiple devices.
A lot of cycle trackers right now sell that data and there is some concern it could be used to find women who have miscarried and charge them with a crime.
Something like your idea is safer for women to use.
How can that even be a thing? Miscarriages happen all the time
Well a miscarriage is basically an abortion and an abortion is basically a murder.
/s, to be clear, but some people will say that sincerely and in some parts of the world they get to write the law.
Yeah they have tried to prosecute women for miscarriages. Basically saying women cause them on purpose.
nbcnews.com/…/brittany-watts-miscarriage-bathroom…
The right wing conservatives often have these weird paradoxical beliefs. Like Mexicans are lazy but also stealing everyone’s jobs.
They believe women are designed to be baby incubators and are natural caregivers, but we are also naturally baby killers and have to be watched and kept from killing all the babies.
It’s ridiculous.
Any chance that we can have this translated to Spanish?
Yes, will add soon. Thank you!
Spanish released
Thank you very much, now I can ask my wife test it out.