Two weeks ago I got my first parking ticket. Ever. P5 VC 22500A - PARKED WITHIN INTERSECTION. $48. I honestly deserved it. Not going to pretend I was wronged by the system or anything.
What actually annoyed me wasn't the ticket itself, it was paying for it. The city directs you to this ancient web portal called AIMS (Automated Issuance Management System). The UI looks like it was designed in 2006 and never touched again. You punch in your citation number, it loads for a weirdly long time, and then gives you a page with all your ticket details plus a link to pay.
And when I say all your ticket details, I mean all of them. Location, time, violation code, fine amount, officer device number, your car's make, model, color. Everything. Just sitting right there on a public page with zero authentication. You don't need to prove you own the car. You don't even need to know whose ticket it is. Just type in a number and you get everything.
That's when my brain started doing the CS major thing.
Take a citation number like 26SC100001. 26 is the year. SC1 is the enforcement device. 00001 is the sequence number, meaning it was the 1st ticket device SC1 wrote in 2026. These IDs are completely sequential. If I wanted to look up ticket #2, I could just change the last digit and hit enter. And #3. And #4. All the way up to whatever the latest one is. Genuinely have no idea why they did it like this. Literally what we're taught not to do.
I remembered reading about Ryan Walz's SF parking project. He'd done something similar with San Francisco's citation system. SF is a massive city with actual engineering resources, and even their system was scrapable. Santa Cruz has maybe 1/10th the budget. I figured if SF couldn't keep their parking data locked down, there was zero chance Santa Cruz had it figured out either.
I was right.
There's no rate limiting. No CAPTCHA. No authentication. No randomized IDs. The entire system is wide open. I wrote a scraper that evening. It sends two HTTP requests per citation (one to search, one to grab the detail page), strips out any PII like license plates and VINs, and stores the rest. At about 8 seconds per citation, it's not fast, but it's steady.
The city runs 8 enforcement devices labeled SC1 through SC8. Each one has its own sequence counter per year. So I set up jobs for every device going back to 2019. That's 8 devices × 7 years = 56 jobs. Left it running overnight. By morning I had over 200,000 citations in a database.
Then came the fun part. I geocoded the addresses using Nominatim (free, open-source, no API key needed) and started plotting them on a map. Within a couple hours I could see exactly where the city's parking enforcement concentrates. Which streets, which hours, which days. Device SC8 alone accounts for about 25% of all tickets and never stops writing them, which makes me pretty sure it's an LPR (license plate reader) mounted on a vehicle rather than a handheld unit.
I set up a WebSocket so new citations appear on the map in real-time. Added a dashboard with charts. An explorer for searching through all 218K records. An insights page with revenue analysis and enforcement patterns.
The whole thing is live here. I called it SlugMeter because I go to UC Santa Cruz and our mascot is a banana slug. That's the entire depth of thought that went into the name.
A few things I want to be clear about: I don't store any personal information. License plates and VINs are stripped before anything hits my database. Everything I'm using is public record under the California Public Records Act. And I scrape at a low rate with a descriptive User-Agent header. I'm not trying to hammer their servers.
I also wrote up some security recommendations for the city on the about page. The fixes are straightforward: randomize the citation IDs, add rate limiting, require proof of ownership for lookups. Most modern parking portals already do this stuff. The combination of predictable IDs, no auth, and no rate limiting is what made this entire project possible in basically a weekend.
Anyway. The $48 is paid. At least I got a project out of it.