On 12/13/2009 09:34 PM, Andrea Giammarchi wrote:
> Just to underline another thing:
> On Sun, Dec 13, 2009 at 6:38 PM, Douglas Crockford
> <douglas@... <mailto:douglas%40crockford.com>>wrote:
> > The point I was making was that if you care about reliability, security,
> > and performance
> reliability ... they are including the de facto official JSON library for
> security ... they trust your implementation and they trust the fact
> you keep
> updating it
> performances ... they are using a potentially "common used external
> resource" so if the browser cached already that version performances
> will be
> better for every website that includes it plus they are saving bandwidth.
> As you can see somebody could think that your points ARE the reason they
> included JSON via the direct source, rather than their local copy
> potentially non updated and served even if almost every browser has stored
> somewhere exactly the same library.
I think you are forgetting that the (current) json.org website is
probably just a shared-hosting
So that probably means it's not as reliable as something Google or Yahoo
might do for some of the js-libraries.
Performance-wise it would be really bad if everyone started hotlinking
to just that one (or maybe 2 or 3) server(s) as well.
Security-wise, something like the CDN-like setup Google and Yahoo are
doing have a lot of save-gaurds,
like monitoring tools and employees for file-changes. Seperate dedicated
datacenters or atleast 'cages' of
dedicated 19"-racks of servers. And not to forget procedures.
While I do think getting automatic updates of json.js would be really
interresting, because it's a very
So in the current situation, it's a really bad idea.
> So, finally, I would think about a proper specific server or an official
> repository Github style so that people than use the raw minified and
> version with the 304 response, but if you think nobody should ever include
> external scripts, you should tell us why we all have YUI configurator
> scripts, google adsense/analytic files, etc etc.
Yes, I think some people would love to see Yahoo add json.js to their
list of js-libraries
they are already hosting on their own CDN (I think Google has a whole
list of libraries).
But maybe Mr. Crockford does not want his personal project to be tied to
employer or Google. I don't know their, could be many reasons.
> [Non-text portions of this message have been removed]