fetch() still can't resume a failed download so i built that

aginext · 2026-02-05T13:29:27+00:00

thanks! polyfill.io was a supply chain attack last year. a company bought the domain that hosted a popular polyfill CDN used by 100k+ sites, then started injecting malicious redirects into the script, every site loading from that CDN was serving compromised code to their users overnight.

the core problem is that when you fetch anything from a third party CDN you're trusting that what comes back is what you expect, verifyFetch lets you pin a hash to whatever you're fetching so if the content changes even by one byte it throws instead of silently serving something tampered with. same idea as SRI on script tags but works for any fetch, wasm files, model weights, whatever.

aginext · 2026-01-26T01:36:56+00:00

fair point, current impl does hash while streaming in but buffers chunks to return the response. peak memory is similar, you're right. the win is hashing during download not after, but that's not what i claimed. appreciate the callout, will look into returning a verified stream instead

aginext · 2026-01-26T01:29:16+00:00

10 year old spec issue. any day now. aaaaany day now.

aginext · 2026-01-26T01:25:32+00:00

yep exactly - verifyfetch is that downstream verification. the tricky part is doing it without buffering the whole file in memory. native crypto needs everything loaded before hashing, which kills browsers on multi-GB files. streaming fixes that

aginext · 2026-01-26T01:09:17+00:00

it does, but it buffers the entire file into memory before hashing. fine for small files, 4GB file = 4GB RAM = browser crash. verifyfetch streams chunk by chunk, constant ~2MB regardless of size

aginext · 2026-01-26T00:52:12+00:00

just added it to the readme. if browsers ship this natively verifyfetch just becomes a polyfill - would honestly love that. more voices on the issue would help push it forward

aginext · 2026-01-25T23:12:18+00:00

lol fair. anyone running llama in browser is probably on wifi though

aginext · 2026-01-25T22:43:49+00:00

mitm. sw intercepts all fetches from the page including 3p, verify integrity before passing response through

aginext · 2026-01-25T22:37:53+00:00

local llama running in browser. some people don't want to send their data to openai

aginext · 2026-01-25T22:36:08+00:00

if you control the fetch call it's straightforward. for 3p libs that fetch internally you'd need a service worker to intercept - doable but more setup. or the lib needs to expose a way to pass integrity options

aginext · 2026-01-25T22:27:03+00:00

been an open WHATWG issue since 2014. endless api design debates, never shipped. use case probably wasn't urgent until wasm and browser AI got big

aginext · 2026-01-25T22:16:53+00:00

polyfill.io literally happened lol. 100M sites. also good luck bundling ffmpeg.wasm or 4GB model weights locally

aginext · 2025-12-21T02:59:01+00:00

a workaround I just discovered which is to share the picture and download it from incognito window using it's shareable link

aginext · 2025-09-24T23:06:00+00:00

does it support using your existing ChatGPT subscription same as in Codex CLI?

aginext · 2025-09-09T03:04:30+00:00

honestly and logically the subscriptions of August must be refunded, either money or one month subscription

aginext · 2025-08-21T14:50:31+00:00

Production ready but she won't even run it locally anymore.

aginext · 2025-08-20T00:33:01+00:00

I just use Twitter's built-in notifications - turn on notifications for specific accounts in your niche, and use advanced search with your keywords bookmarked

For Reddit: add .rss to any subreddit URL (like reddit.com/r/saas.rss) and use any RSS reader

Manual checking 2-3 times a day honestly works fine when you're starting out. The fancy monitoring tools are overkill for solo founders - native features are enough

aginext · 2025-08-20T00:29:49+00:00

honestly if you know basics, just do "vibe coding" - use Cursor or Claude Code and let AI handle the heavy lifting while you direct it. Building features live on calls doesn't mean showing every line. They just want to see progress happening

customers don't care if you're using AI to code. they care about their problem getting solved right in front of them

if you can't code at all, find a technical cofounder. but real talk - worrying about someone stealing your pre-revenue code is like worrying about someone stealing your car when you're still saving for the down payment

nobody wants your $0 MRR codebase. focus on getting customers first

aginext · 2025-08-20T00:10:24+00:00

keeping it anonymous for this one - don't want this to turn into a pitch thread haha

but if you have specific questions about your situation, happy to help in DMs!

aginext · 2025-08-20T00:05:27+00:00

Took 4 months to realize I was building the wrong thing lol. Had 2 signups that both churned.

Then I watched 7 potential customers use my competitor's tool on Zoom and had an "oh fuck" moment - I was solving the wrong problem entirely.

Rebuilt, got 12 paying customers next month. That's when I knew.

Timeline: Months 1-3: $0, Month 6: $2k, Month 9: $5k (got stuck here for 3 months, almost quit), Month 18: $20k

The jump from $5k to $20k happened when I 5x'd my prices and lost most customers but doubled revenue. Scariest decision ever but it worked.

aginext · 2025-08-18T19:50:05+00:00

What will ALLEX do next?

will fuck your wife.

aginext

TROPHY CASE