Using TypeScript to Obtain One of the Rarest License Plates
87 comments
·December 18, 2025komali2
cyral
Different scenario but it reminds me of when Missouri prosecuted a reporter who found that teacher's SSN numbers were exposed in the HTML of a webpage
> "Parson described the journalist as a “perpetrator” who “took the records of at least three educators, decoded the HTML source code, and viewed the Social Security number of those specific educators” in an “attempt to steal personal information and harm Missourians.”"
consp
Isn't html copyrightable and thus it is a publication? (And thus exposed by the author). Or am I in the wrong ballpark here?
pavel_lishin
Arguably the most famous one is this: https://en.wikipedia.org/wiki/Aaron_Swartz#United_States_v._...
theSuda
Whoa. That was an interesting read.
wing-_-nuts
Just because you can hit a backend without a rate limit, doesn't mean you should. In my experience, government IT is very humorless about this sort of thing. Far better to blend in with normal traffic than to stand out as a bad actor.
Scaevolus
Especially given how the response time doesn't matter much here! If you're just looking at 2-character license plates, that's 676/5=136 requests to check them all, and you could easily space that out to something like one request per minute to scan the space every two hours.
jfindper
The fun thing about the computer fraud and abuse act is that just about anything can be made into a federal crime with it!
Someone1234
Considering it was created during a major moral panic after the movie "War Games" came out, by a bunch of politicians who knew nothing about computers (aside from, again, watching the movie War Games).
As a direct result, anything and everything can be a crime (e.g. violating a private company's Terms & Conditions), and the punishments are completely disproportionate to the actual criminality.
See the AT&T/iPad data leak, where AT&T were leaking private information on the internet with no security checks at all. Someone found it, told the press, who in turn told AT&T, but the FBI still investigated it as a "crime", raided their home, charged them with "conspiracy to access a computer without authorization." AT&T go no punishment at all.
FroshKiller
I was charged with felony unauthorized access of a government computer years ago for an even stupider reason. Nobody should underestimate the state's willingness to prosecute over anything.
hippich
One thing that stopped me from seeking the vanity plate - I learned that at least in Texas all plates are made by minimally paid prisoners. So any desire to finance that system beyond what's absolute possible minimum (i.e. regular plates) evaporated.
rsstack
In New York it's the same, they make the license plates and also school furniture, and maybe other things too. I was scared for a moment when I was told by USPS Informed Delivery that I have incoming mail from Auburn Correctional Facility - but it was a license plate.
reactordev
To the readers out there. Do not be put off by where it was made, how it was made. It was made.
Many of those prisoners know what they did. Are welcome to the ability to work and get out of their cells. This is a luxury for them. Yes, it’s borderline slave labor and we should probably have laws that enable them to be paid minimum wage to send that home to families, but for them to get out and do something is a blessing for them.
So advocate for minimum wage for all (including incarcerated workers) and enjoy a plate Brian “BearHug” Smith made while serving time for arson.
embedding-shape
> Yes, it’s borderline slave labor
I'm sorry, how is it "borderline" slave labour and not straight up forced labour? These people are imprisoned, and I'm assuming forced to do this work, or what happens if they say no? It's quite literally known as "penal labour" and I thought most of the world figured out that we're not supposed to treat people like that anymore.
knome
Selling prisoners as underpaid slave labor means everyone else now has to compete against companies using that slave labor. It's essentially cutting us twice. We both pay to house and feed the employees/contractors of the company benefiting who then undercuts us by not bothering to pay them.
Prisons should not be allowed to be a profit center. The ramifications of doing so create gross incentives.
komali2
> To the readers out there. Do not be put off by where it was made, how it was made. It was made.
And if it never sells, the profit margins for the slave drivers decreases.
I mean, I really, this post is trying to justify slave labor. Is that not... A little bizarre to find yourself doing that?
mc32
Also these are people found guilty of a felony and it costs us non prisoners tax money to keep them housed and fed. Is it unfair if we extract under paid or unpaid labor from them? Is it also unfair to ask drivers convicted of DWD to do free community labor?
alexfoo
> One thing that stopped me from seeking the vanity plate
I'm sure it differs between countries but in the UK vanity plates have become reasonably contentious.
As a gross generalisation they're fine if the car is worth hundreds of thousands or the plate itself is worth hundreds of thousands.
The UK plate "F1" last sold for just under £1m (about US$1.3m) over 10 years ago and it's rumoured that there are offers for ten times that from someone who wants to buy it now.
It comes down to a classic British issue of "class", which is inherently difficult to explain.
If you have the money to have, say, a Ferrari 250 GTO then you can do what the hell you like with it, including getting a vanity plate for it. You are rich enough that you don't care what anyone else thinks about you. Anyone seeing you and that car will know you are rich.
If you have the money to spend close to £1m on a plate like "X1" and decide to put it on beat up 15 year old 1.2 litre Ford Focus then, again, it shows you have stupid amounts of money and some delicious irony in putting it on an old beater of a car.
But if don't have a supercar and you get a relatively cheap vanity plate like "RMZ 1327" and stick it on a Range Rover Evoque that's only a couple of years old then it just shows that you're trying too hard and just aspire to be seen as rich. You don't have enough money for a really nice car, or a really exclusive vanity plate.
I guess the other way of looking at it is that people who don't have the money to get a vanity plate aspire to being able to do so as it would mean they have more money than they have now. Once they get to having that amount of money most realise that the money is best spent elsewhere (or not spent at all). Once they have so much money that having a vanity plate is inconsequential to their finances they may as well do it. So it's natural that some people want to pretend they've reached the "rich" state by buying a vanity plate preemptively - the problem is that this is so easy to spot it just looks gauche.
All of this obviously doesn't apply to countries where vanity plates aren't traded for stupid amounts like famous pieces of art.
embedding-shape
> I learned that at least in Texas all plates are made by minimally paid prisoners
Lol, wasn't slavery outlawed in the US, or were some states still allowed to keep it? That's absolutely bananas if true.
Aurornis
To be clear, the prisoners aren’t literally forced to do this work. It’s a job they can choose to apply for and do while in prison. (EDIT: In my state, it might be different in other states)
The contention is about how much they’re paid per hour.
rimunroe
>To be clear, the prisoners aren’t literally forced to do this work. It’s a job they can choose to apply for and do while in prison.
Sorry, do you have a source for that? The requirement to work is a major point of contention, and a very quick check with this[1] directly contradicts your claim in the federal system: "Sentenced inmates are required to work if they are medically able. Institution work assignments include employment in areas like food service or the warehouse, or work as an inmate orderly, plumber, painter, or groundskeeper. Inmates earn 12¢ to 40¢ per hour for these work assignments."
[1] https://www.bop.gov/inmates/custody_and_care/work_programs.j...
embedding-shape
> To be clear, the prisoners aren’t literally forced to do this work.
Not 100% true it seems, but happy for someone else to correct me.
> Prison labor in the US is mostly optional - https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...
grimgrin
Since you didn't know about for-profit prisons, here:
embedding-shape
I'm very well aware of private prisons, but I didn't know they also exploited essentially f̵o̵r̵c̵e̵d̵free labour, that one was new to me. Apparently in the constitution and everything. Remind me again why some people believe America to be "the land of the free"?
dogleash
Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.
rimunroe
For anyone unaware, that is nearly[1] the entirety of the text of the 13th Amendment to the US Constitution from 1865. This exception is rather (in)famous. I remember being quizzed on it in an elementary or middle school history or social studies class.
[1] the only excluded bit is the followup "Congress shall have power to enforce this article by appropriate legislation." Without this, the power to enforce the 13th Amendment would be left up to the states due to the 10th Amendment ("The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."), which would have slightly useless given the whole war that had just been fought over some states wanting to keep slavery.
htx80nerd
they shouldnt be paid at all. they're in prison for a reason. they have a debt to society. a great many of those people didnt do 'one bad thing' then got caught. it was just the last bad thing they were caught for. any many of them did 'the bad thing', then continued doing other bad things up until the point they were put in prison.
macintux
> they're in prison for a reason.
Often that reason is "too poor to afford proper representation" or "looked vaguely like the actual criminal" or "took a plea bargain because the justice system was threatening them with an immorally-long wait for a trial and a likely worse outcome".
ahmeneeroe-v2
Often that reason is "committed a horrific violent crime"
pavel_lishin
I don't agree with your "slave labor is ok if the slave committed a crime" position, and find it morally indefensible.
jollyllama
In many cases, their earnings are confiscated as part of restitution.
moduspol
I found out recently that in my state, the online vanity plate checker shows plates that were PREVIOUSLY registered but NOW available as NOT available. I wanted to get one of my own plates I had years ago and assumed there was some process to have it transferred, but was told by a DMV rep that after two years of non-registration, they're up for grabs. Apparently the web page does not take this into account.
That means there are probably a lot of great plate names up for the taking that people are just assuming are taken. You'd need to call the DMV to verify.
Hopefully Florida's web page does not have that limitation.
dustfinger
What we need is a "Little Bobby Tables" vanity plate that exploits a buffer overflow in speed cams.
kijin
Unfortunately they seem to filter special characters on input, that is, when you apply for your plate.
But don't despair! Depending on how crappy the cam's firmware is, NULL might just do the trick.
pavel_lishin
Or it might do the opposite: https://www.wired.com/story/null-license-plate-landed-one-ha...
dustfinger
Ouch!
Svip
In Denmark, you can buy a vanity plate (ønskenummerplade) for 8'000 DKK (needs renewal every 8 years), and it can be between 2 and 7 characters long; but the best part is that they permit all Danish letters, including Æ, Ø and Å. One could likely write a script quickly to check these platforms for short combinations, such as ØÅ, which appears to be available.
neilv
ØØ7
Don't forget that the cost is not only the bureaucratic fee; you also have to buy a vintage Aston Martin or Lotus, to display the plate.
josteink
While clever, as a Scandinavian I regret to inform you that I would read that as: Uh Uh Seven, not (double) Oh Seven ;)
reactordev
Shouldn’t be a problem with all that medieval money lying around. /s
Does a kit car count? You can build a Lotus for around the cost of a Honda civic. Like a Lotus 7.
mdasen
I'm imagining someone driving in England and the police having no way to input those letters into their system.
I wonder if the Danish system would prevent ÆØÅ and AEOA from both being registered. Would the Danish system Match "ÆØÅ" if someone input "AEOA"? There are unicode normalization rules, but I wonder if systems would be built to handle that. If you're Danish, you'd just use those letters so it wouldn't be a useful feature. If you're English, you wouldn't often encounter those letters so it wouldn't be a useful feature.
alexfoo
> I'm imagining someone driving in England and the police having no way to input those letters into their system.
I would assume the UK has worked out a way of dealing with this having had plenty of years of foreign plates being driven around the country.
Any Danish license plate driven in the UK will almost certainly have to a be an EU style plate with the blue band on the left with the "DK" country code. If someone needs to send a fine to the registered owner of this plate I'd guess they'd be handing over the camera footage/images to a contact in the relevant country and letting them confirm what the exact plate is.
(There may be some weird exemptions for old classic/vintage cars that can continue to be driven on their original number plates, in which case you really don't know who to contact.)
The UK is very strict on license plates. I don't think there's any valid reason for driving a car without some form of a license plate on display (cars being driven on trade plates placed in the front/rear windscreens are the closest thing I can think of). I'd expect the UK Police to pull over any car that didn't have plates on it if they spotted it. It's certainly considered very suspicious in the UK if a car is missing either of its plates.
There are plenty of examples of normal ANPR cameras failing to capture plates properly. Or even sillier examples like this: https://www.bbc.co.uk/news/uk-england-somerset-58959930
This story got referenced by the associated Government body here: https://videosurveillance.blog.gov.uk/2021/10/27/the-camera-...
monerozcash
>I would assume the UK has worked out a way of dealing with this having had plenty of years of foreign plates being driven around the country.
Based on my experience, the UK approach is to not even bother and try and collect fines from owners of foreign registered vehicles. They do sell them to some private company that has been sending me scary letters for 10 years soon.
Svip
My understanding is that most countries just don't bother; I once drove around North America on Danish plates; since European plates are much wider than North American style plates, none of their cameras could scan my plates; so camera-only toll roads were essentially free for me. I consider that it happens so rarely anyway, that they don't bother.
Similarly, I've been flashed for speeding in France, which does have cameras adjusted to my plates' size, but they also didn't bother sending a ticket. Germany - on the other hand - will send you a ticket, but since they allow Ö, Ü, etc. on their plates, their system can probably handle Æ, Ø and Å as well.
Edit: Obviously, they don't bother to a degree; severe infractions will obviously make local law enforcement do something, but it's a rather manual process. Most countries are signatures to a treaty, that recognises other countries' plates.
yesitcan
This has nothing to do with TypeScript
sphars
The scripts he wrote to pull the data were written in TypeScript, though all the TS I see is in the parameters in the function signature. Also he used Next.js for the dashboard
kelnos
I think the GP's point was that the part of the article that's most interesting is the investigation into how the DMV's plate system works. The fact that Typescript was used is incidental (of course this could have been done in pretty much any language), and it's an odd choice to include the language choice in the article title.
pavel_lishin
> Most people never think twice about the random mix of letters and numbers the DMV assigns them.
I started thinking about it when someone parked next to me in a nearly-identical model - same brand, year, etc, the only difference was some roof accessory - and a nearly identical license plate. (Think ABC D12 and ABC E12). I started trying to open their car door, and was confused until I noticed some things in their front seat that were clearly not ours.
Later that week, I was shopping around for car tires, and saw that some shop - PepBoys or something - let you punch in your license plate and let you know what kind of tires you need, and that their API response included the car make and model. I thought about poking around it, and seeing if there was a pattern to the way my state assigned license plates, but never got around to it.
(They live in town, too, and I've seen where they park. I should go introduce myself to our car twin.)
giarc
They have a license plate checker on their site. I don't live in the states, therefore I don't have a plate to check. Or do I..... HY in Florida....
@lafond - do you own a 2010 Subaru Legacy with the 2.5L SOHC engine?
masfuerte
If anyone else was wondering why it says NASCAR on the plate:
https://en.wikipedia.org/wiki/Vehicle_registration_plates_of...
tantalor
I'm not seeing what TypeScript brings to the party here? Looks like regular old JavaScript plus a vanilla dashboard.
sphars
He used TypeScript for the scripts he wrote to pull the data. He also used Next.js to build the dashboard which is written with TypeScript
rozenmd
I did something similar to get OnlineOrNot's twitter handle - I realised that unclaimed names would 404 and so I set up a check to get an alert when that happened.
vachina
I got my vanity phone number this way too. However key point is to have a registrar with an insecure lookup endpoint like in the article.
Most endpoints now only give you a list pre generated numbers to choose from, AND that endpoint is rate limited to the tits with reCaptcha. No more script kiddies.
sltkr
It's a fun story of course, but it also seems that people like OP who abuse public APIs are why we can't have nice things, and why so many web pages these days are bogged down by Cloudflare and Anubis interstitials that waste human time.
abound
Yeah, also running a scraper with no rate limit against a government website is a pretty risky endeavor.
LikesPwsh
Skiddies targeting an individual site are a drop in the ocean compared with the industrial scale LLM scraping, so blaming them for it is in bad taste.
Someone1234
The difference is that the government won't charge a major LLM vendor with a crime, but they may kick in John Smith's front door and ruin their life.
I swear I read some case a couple years back where a kid was facing serious prison time for automating requests to w publicly available government website. "Unauthorized access of a computer." I think the author may have just admitted to what the government considers a serious federal crime, as stupid as it is to consider it a crime.