Cdnjs - the missing cdn (opens in new tab)

(cdnjs.com)

88 pointsthomasdavis14y ago39 comments

39 comments

25 comments · 8 top-level

overshard14y ago· 10 in thread

This seems to once again miss the point. The main point of a CDN is to speed up delivery of content. Having all of these different CDNs only increases the time it takes because you are adding in more DNS queries to the client and on top of that they are adding HTTPs support which even further increases load time because of the "handshake" that goes on. That being said, if this CDN is the only one you are using then great, that works out fine. But a CDN dedicated to only Javascript just seems kind of silly other than for passing aound example HTML files for how to code something.

EDIT: Also another pitfall is that you can't compress all your JS into one big JS file saving time on requests too.

garindra14y ago

The other point of a (public) CDN is to have more websites using the same kind of resources (JS/CSS files) to load them from the CDN's URLs, which in the end benefits the users by having the browsers reuse the cached version of the resources across different sites that use the public CDN.

dstein14y ago

But having fewer open HTTP connections is very likely going to result in better overall performance no matter how good this JavaScript CDN is.

2 more replies

nl14y ago

Your objections are misguided. I can't say they are outright wrong, but...

A (good) CDN speeds up content by having distribution points close to the client. An added benefit of a shared CDN (like this) is that resources can be shared by multiple pages, which will mean the cache will be shared by multiple pages. DNS lookup can be a factor in page load time, but parallelizable HTTP requests (especially to a location that is close by) can usually make up for it.

Google's recommendation is to use between 1 and 5 hosts per page: http://code.google.com/speed/page-speed/docs/rtt.html#Minimi.... For the type of clients this CDN is aimed at (people who don't have their own CDN) it is unlikely they have more than one or two hosts already used, so this CDN is likely to be useful for them.

HTTPS support is required for domains served over HTTPS. If you aren't using HTTPS then don't use it.

pbreit14y ago

I'm confused. In most cases, the libraries will arrive faster from the CDN than each user's web server. CDNjs' reason for existence is specifically that these libraries are not available in other CDNs. HTTPS must be supported on HTTPS pages to avoid security warnings. Why would you use this to pass around how-to HTML files?

overshard14y ago

It might arrive faster on a CDN but the time that it takes the user's computer to connect to a DNS server to resolve the CDN may override the benefits if the user has a slow DNS which is a fairly common problem now days. If the server used a single CDN instead of all these misc CDNs then you only have one DNS lookup and it would be worth it then. But a CDN dedicated to a single file type kind of defeats the purpose unless your website doesn't have any images, css or anything.

4 more replies

rimantas14y ago

There is a balance between DNS cost and benefits of loading resources from different domain: current browsers can use 4-6 connections per hostname, so if all are busy you'll have to wait till some gets free. With different domains you can load more resources in parallel.

Udo14y ago

True, and Javascript files are the smaller assets of a typical website - the bulk of it is usually HTML code and images. There might be some small speed-up because using a CDN doesn't count against the limited number of connections a browser makes to the page-serving domain, but I also suspect this performance advantage may be offset by DNS lookups and connection overhead. Another aspect to consider is the way a website can quickly double its potential points of failure from one to two by relying on some external CDN service.

masklinn14y ago

> True, and Javascript files are the smaller assets of a typical website - the bulk of it is usually HTML code and images.

As the number of SPA-type "sites" grows, the ratio tilts towards JS and dynamic communications (XML, JSON, etc...). Though overall I don't think it matters much.

A more interesting (I think) potential effect, should a given CDN reach a significant hold of the overall serving market, is the likelihood of a cache hit for the relevant library.

clintjhill14y ago

The HTTPS support is required so that you don't get the mixed content warnings from some browsers.

It's a must have.

mtogo14y ago

so that you don't get the mixed content warnings

And so that, yunno, you don't compromise the entire page making the use of HTTPS completely worthless.

pbreit14y ago· 3 in thread

Pro tip: leave off the protocol to support both http and https. Example:

Source: http://html5boilerplate.com/

paulirish14y ago

Secondary protip: use a DNS prefetch for even faster 3rd party asset delivery.

More at: http://html5boilerplate.com/docs/#DNS-Prefetching

iamjustlooking14y ago

If you're loading the javascript on the same page you're surely going to see no benefit at all right?

1 more reply

csulok14y ago

protocol relative URLs awesome, but be aware, because this is only good for scripts and images. stylesheets on such links are downloaded twice in internet explorer (http://www.stevesouders.com/blog/2010/02/10/5a-missing-schem...)

ch0wn14y ago· 3 in thread

Are there any statistics regarding the reliability and speed from different locations?

overshard14y ago

It's hosted on cloudflare... just google around for cloudflare statistics.

thomasdavisOP14y ago

http://stats.pingdom.com/4jg86a2wqei0/362854

Pingdom stats

pbreit14y ago

Cool. Looks like times are gradually improving.

pbreit14y ago· 1 in thread

Kudos on the recently added https support. And on CloudFlare now (vs Amazon)...interesting.

RyanKearney14y ago

https was there from day 1. They're just using CloudFront so you would have to use the CloudFront url instead of the pretty one (which doesn't matter because visitors would never see it).

phleet14y ago

I might be alone here - but I would never use a CDN that isn't back by a company with a strong vested interest in preventing security breaches of their servers.

Consider that the community CDN is compromised - if that file gets replaced with a different JS file, you've now provided an attacker an XSS hole into _every_ page using the CDN.

I have a reasonable trust in Google to secure their own servers against such a compromising attack, but have no similar reason to put faith in smaller companies/services.

evmar14y ago

Note that <script src>'ing from some random website means that site can XSS you any time it wants to. (I'm not saying the owners intend for this; a third party could just as well hack their site and do the same.)

nikcub14y ago

you should host this on a separate domain because your clients are setting cookies on your domain and when I hit one of your hosted js files I see all of those cookies

for eg. I can see techcrunch and metric fuckton of google analytics cookies

separate this from the cloudfront clients or you have a potential security problem and a definite privacy breach

rkalla14y ago

Really like the idea of this community driven cdn.

j / k navigate · click thread line to collapse

39 comments

25 comments · 8 top-level

overshard14y ago· 10 in thread

EDIT: Also another pitfall is that you can't compress all your JS into one big JS file saving time on requests too.

garindra14y ago

dstein14y ago

But having fewer open HTTP connections is very likely going to result in better overall performance no matter how good this JavaScript CDN is.

2 more replies

nl14y ago

Your objections are misguided. I can't say they are outright wrong, but...

HTTPS support is required for domains served over HTTPS. If you aren't using HTTPS then don't use it.

pbreit14y ago

overshard14y ago

4 more replies

rimantas14y ago

Udo14y ago

masklinn14y ago

> True, and Javascript files are the smaller assets of a typical website - the bulk of it is usually HTML code and images.

As the number of SPA-type "sites" grows, the ratio tilts towards JS and dynamic communications (XML, JSON, etc...). Though overall I don't think it matters much.

A more interesting (I think) potential effect, should a given CDN reach a significant hold of the overall serving market, is the likelihood of a cache hit for the relevant library.

clintjhill14y ago

The HTTPS support is required so that you don't get the mixed content warnings from some browsers.

It's a must have.

mtogo14y ago

so that you don't get the mixed content warnings

And so that, yunno, you don't compromise the entire page making the use of HTTPS completely worthless.

pbreit14y ago· 3 in thread

Pro tip: leave off the protocol to support both http and https. Example:

Source: http://html5boilerplate.com/

paulirish14y ago

Secondary protip: use a DNS prefetch for even faster 3rd party asset delivery.

More at: http://html5boilerplate.com/docs/#DNS-Prefetching

iamjustlooking14y ago

If you're loading the javascript on the same page you're surely going to see no benefit at all right?

1 more reply

csulok14y ago

ch0wn14y ago· 3 in thread

Are there any statistics regarding the reliability and speed from different locations?

overshard14y ago

It's hosted on cloudflare... just google around for cloudflare statistics.

thomasdavisOP14y ago

http://stats.pingdom.com/4jg86a2wqei0/362854

Pingdom stats

pbreit14y ago

Cool. Looks like times are gradually improving.

pbreit14y ago· 1 in thread

Kudos on the recently added https support. And on CloudFlare now (vs Amazon)...interesting.

RyanKearney14y ago

https was there from day 1. They're just using CloudFront so you would have to use the CloudFront url instead of the pretty one (which doesn't matter because visitors would never see it).

phleet14y ago

I might be alone here - but I would never use a CDN that isn't back by a company with a strong vested interest in preventing security breaches of their servers.

Consider that the community CDN is compromised - if that file gets replaced with a different JS file, you've now provided an attacker an XSS hole into _every_ page using the CDN.

I have a reasonable trust in Google to secure their own servers against such a compromising attack, but have no similar reason to put faith in smaller companies/services.

evmar14y ago

nikcub14y ago

you should host this on a separate domain because your clients are setting cookies on your domain and when I hit one of your hosted js files I see all of those cookies

for eg. I can see techcrunch and metric fuckton of google analytics cookies

separate this from the cloudfront clients or you have a potential security problem and a definite privacy breach

rkalla14y ago

Really like the idea of this community driven cdn.

j / k navigate · click thread line to collapse