Hacker News new | ask | show | jobs
by belorn 4528 days ago
ISP interference makes for a interesting question regarding liability. Their interference are now potentially causing massive amount of economic damages to companies which relies on jquery library. Webshops, economic infrastructure, hospitals, transportation systems are just a few that relies on having fully functional websites up and running.

But for liability, a few questions pops up. Who is the offended party, and how much negligence is required for software bugs. Does it need to be a civil suit with each customer, or can the website owners sue? If a truck crash right outside a store and disrupt business, the store owner can sue even if they have no formal relation with the truck company.
2 comments
raverbashing 4528 days ago
So, yeah, one thing that I learned about these CDNs

They will stop working eventually

So you may try to load from them, but always have a fallback. In your website

An example: what if code.jquery.org gets compromised?

link
aidos 4527 days ago
In that case your fallback isn't going to help - unless you're performing a checksum on the response you get from code.jquery.org.

I know it's probably not considered great practice anymore but I generally just self host js libs. One less thing to go wrong and I often develop without an internet connection. Saves on having to dropback to a fallack every time.

link
raverbashing 4527 days ago
Yes, true, in the case of a compromise it won't help. But I've found that outages are more frequent (including my own internet connection)

So yes, it also is necessary for development without an internet connection.

link
Cthulhu_ 4528 days ago
Alternatively, does code.jquery.com offer any kind of uptime guarantee? Big companies would rather rely on their own hosting / CDN than that of jquery, I'm sure.
link
eloisant 4528 days ago
Even for a small company/project, I've stopped using external CDN.

The gain is not significant enough to balance problems like this one. It's not often than a consumer ISP does this mistake, but that's pretty common for a user behind a corporate proxy.

link
davidgerard 4527 days ago
code.jquery.com has in fact gone down in the past, and this did in fact bite my workplace in the backside.

We went to locally-hosted copies of jquery stuff. We kept using Google for JS they hosted, since their uptime way beats ours.

link
repsilat 4527 days ago
> since their uptime way beats ours

You link to Google's JS so your users can still get it when your own site is down?

If you hosted it yourself your users would see a working site whenever you were up. Now they will see a working site whenever both you and Google are up. This has not improved effective uptime for anyone. (On the other hand, Google might serve the JS faster, especially if your users cache it. They may also keep their copies more up to date.)

link
andrewflnr 4527 days ago
GP's point is that it also hasn't noticeably decreased uptime. So especially if there's a speed benefit, why switch?
link
tokenizerrr 4527 days ago
https://developers.google.com/speed/libraries/devguide#jquer...
link
davidgerard 4527 days ago
Ahhh! See, we didn't realise that at that moment. Thank you :-)
link