43 comments

[ 3.1 ms ] story [ 92.6 ms ] thread
This brought down our website. Lesson learned, host your own JavaScript.
Or use a CDN you have more trust in, like Google's.
please fix asap!
Wouldn't this be solved by hosting it on your own site?
I assume that will work,but it will introduce two problems.

1. Keep a local copy means you will be the one paying for the bandwidth to serve it.

2. You will have to manually update your local copy everytime upstream makes improvements.

Having things locally increases reliability but it carries its own costs.

But a minified library is loaded once per visitor (then cached) and is lilely is not going to have a greater bandwidth impact than any one of your actual pages. My site surprisingly breaking without me making changes to it (whether due to third party unreliability, security issues with their server, or surprise updates) sounds like a really, really bad thing.
No these are not the reasons:

1. This cost is minimal, and most of the time will be served from cache anyway. I'd be willing to stake a claim that literally zero people ever have worried about the cost of serving jQuery when they weren't already worried about the cost of serving a bunch of other shit that eliminating just jQuery wouldn't fix.

2. This is completely undesirable, and doesn't happen anyway because you like to a specific version which does not change from under you.

The arguments in favor of hosting it on a CDN like googles are:

1) Clients who visit other sites will precache the file, so there is a chance they wont even need to load jQuery at all, and this can increase perf

2) Pushing some files to different domains can decrease load times because browsers can load files from multiple domains in parallel instead of serially like they would from one domain.

3) For smaller sites the google CDN is likely actually more dependable than your own. But if you've invested in a CDN this is no longer true.

#2 isn't solved with a CDN since you'd always hotlink a specific version - the version you tested your code with.

The main reason I think isn't even really #1 (cost) but a general assumption that CDNs are faster than your servers, and the chance that if multiple sites are sharing one of these CDNs, you actually have first-time users who can visit your site a bit faster because they already have that resource cached.

Some CDNs like Google's will let you specify just the major version, so in the case of jQuery it would serve 1.<latest> or 2.<latest>.

Generally undesirable in a production environment, though.

Paying for jQ bandwidth is like paying for air, seriously.

With jQ, you're most likely defining the version you need, so getting upstream improvements with jQ is a bit more involved than the library simply updating itself if you aren't using the edge version.

A better argument for using a CDN is that jQ library is likely going to be cached if the user's been on the web for more than 5 minutes. Chances are, your version will be one that's cached and, instead of waiting for the downloading of a library that already exists on the users system, the library is immediately loaded and perceived PLT is decreased as a result.

There are also numerous CDNs out there, I would use a fallback stack to ping the next CDN in line as it would be a cold day if every major CDN that hosts jQ were to lose SSL support for a time.

You will have to manually update your local copy everytime upstream makes improvements.

Isn't this true of every library, framework, language, kernel, etc, that drives websites?

Keep a local copy means you will be the one paying for the bandwidth to serve it.

This should never be a consideration. It's not really stealing bandwidth, since all are welcome to download, but the idea that an asset my site (which presumably makes money) needs should be paid for by someone else really is in the same ballpark ethically.

just took down our site - can't sign up users
Because not everyone requires jQuery with a script tag. Especially with require/common.js.
I am some kind of weird mutant because I consider having external javascript on my website to be an embarrassment for anything bigger than a hobby project -- but 99% of the universe behaves otherwise.
That's because the other 99% understands how browser caching works. If you use JQuery.com, Google, or Microsoft's CDNs then MOST of the time users won't have to download a JQuery/Boostrap/etc library as the browser would already have an unexpired cache of it.

For example, the OP's link's cache will expire (theoretically) in the year 2079. So if a user visited ANY page that utilises JQuery v1.10.2 they already have it. That is a HUGE win. It is an even huger win for mobile (e.g. for small sites you could cut your network traffic in half, which in turn increases loading speed).

It is also trivial to set it up so the page tries the CDN first and if that fails then grab a local copy e.g.

<script src="//code.jquery.com/jquery-1.10.2.js"></script> <script>window.jQuery || document.write('<script src="lib/jquery-1.10.2.js">\x3C/script>')</script>

Would just using another CDN be just as safe?
Some users block the big CDNs for privacy reasons, so local is a safe fallback.
No, no particular reasons. It is just the safest fallback. Presumably if a user is even able to run that script (since you yourself are hosting it) the library would also be available (i.e. either both are down or neither).
I fully understand how browser caching works, which is why I know that making the first request to my website immeasurably faster is not worth betraying my user's privacy and my website's stability. At the very least, everybody using CDN-hosted jQuery should also have a fallback copy.
Wow, how can a prominent internet library that advises its users to use this server make such an avoidable rookie mistake...
Well, because chances are they gave the job of renewing the certificates to the rookie, and he may not have known how to do it, or raised the issue multiple times and nobody knew the implications of it. I know the last place I worked at, I mentioned that the certificates were expiring, and I needed to pay to renew them, yet they didn't seem to care until our customers couldn't connect anymore.
CloudFlare CDN: http://cdnjs.com/libraries/jquery

I use to use the Google CDN but cdnjs.com has a huge amount of javascript libraries hosted on it and it is usually updated faster.

Any "big" website is broken because of this?
eBay was down earlier, but I have no idea if this was the reason.
Big websites would host jQuery themselves typically on their own CDN.
Good news! They renewed the certificate...... For one year.

facepalm

Are there any proposals for a local CDN-like caching system capable of handling these sorts of "universal resources"?

I understand the difficulties would be many (trusted sources, versioning, etc.) but I bet it would have a huge impact on the overall web's bandwidth consumption if a page could say "load standard jQuery v1.10.2 on this page, if not cached find it here or here".

Why you guys talking about minuses of jQuery? Donate some bucks to jQuery creators instead.