18 comments

[ 2.7 ms ] story [ 51.3 ms ] thread
Had to enable 3 different external JS sources to get the page to work. I don't mind sites using CDNs but please try and reduce the surface for external threats!
are people doing this? What's the attack surface of a private hosted JS library vs. a well known TLS/SSL secured CDN for JS libraries? Threats are not restricted to CDNs.
CDNs are much more reliable than your avg. 'stuff.com' hosted js. It shouldn't be an issue
That would depend on what CDN you use and how it works. If the CDN is just a caching CDN in front of your own site then the CDN typically won't be any more secure than your own site.
(comment deleted)
This is a falsehood i've seen repeated over and over.

CDN's fail. You already have a connection to the 'stuff.com' self-hosted js. If your site is up but the cdn breaks you have another problem.

Also the perf win for using a shared cdn version of for instance jquery is totally overstated. See discussions here too: https://news.ycombinator.com/item?id=11549131

You have subresource integrity. If in use, that only leaves the privacy implications of using a CDN.
It's quite easy not to play with them on iPhone :/
Huh? The demo seems to be working fine on my iPhone. I'm using a 6s+ / current version of mobile safari.
Also having troubles, iPhone 6 with latest mobile safari
On Android, pulling sliders from left to right bring out some type of index/menu drawer that obscures 90% of the screen, and I have to hit a narrow strip to dismiss it; if I miss that strip, I navigate away from the page.
It is quite difficult to do that on iOS since the "hit box" of the slider is rather small. You need to exactly hit the little point or it won't register (if you are used to iOS's native sliders, they are quite unsual).
It's actually fun trying to sync it with the music...
A less clck-baity title would be appreciated.