(no longer updated) Unofficial Tumult Hype CDN

Tumult now manages a CDN, and you load Hype's runtimes by using selecting the official CDN in Tumult Hype 4's export panel. More info here:

For Tumult Hype 3, use this URL in the 'External Runtime URL' field:

https://cdn.jsdelivr.net/gh/tumult/hype-runtime

2 Likes

Hi Daniel,

any update on this? :slight_smile:

It still works, what’s up?

Hi,

as it says ‘NO GUARANTEES’ I am a bit afraid of using this when creating ads for our customers.

It would be a bit of a crisis if it suddenly stopped working :confused:

You probably shouldn’t use this, or you can use the linked GitHub repository to setup your own. Are you using an ad network with a small file size limit?

Yes, AdForm :slight_smile: 100kB-limit.

Hmm I don’t know what to tell you…

Update:

I now recommend using:

https://cdn.rawgit.com/themorgantown/hypelibrary/master/

could you please upload the lastest HYPE-588.thin.min.js.

thx in advance,
Markus

or is there an export option available on Hype to insist on exporting with the 584.thin.min.js ?

thx, Markus

Updated: As a reminder, I recommend using this URL in the Advanced Export field:

https://cdn.rawgit.com/themorgantown/hypelibrary/master/

So the https://tumult.com/hype/runtime is up and running again?

This is not a CDN for your documents. Please see: A note about http://tumult.com/hype/runtime/ - it is not a CDN for your ads

The https://cdn.rawgit.com/themorgantown/hypelibrary/master/ CDN has been updated with the latest 3.6.5 build library.

curl -I https://cdn.rawgit.com/themorgantown/hypelibrary/master/HYPE-590.thin.min.js
HTTP/2 200 
date: Tue, 10 Apr 2018 14:58:02 GMT
content-type: application/javascript;charset=utf-8
x-content-type-options: nosniff
x-robots-tag: none
access-control-allow-origin: *
etag: "fb5ee9ac60c7338ad655a0ac3bfb51e1b7f6029b"
cache-control: max-age=86400
vary: Accept-Encoding
rawgit-cache-status: HIT
server: NetDNA-cache/2.2
strict-transport-security: max-age=31536000; preload
x-cache: HIT

Now supporting subresource integrity (SRI) if you load it through this CDN https://www.jsdelivr.com/package/gh/themorgantown/hypelibrary and generate embed codes through that service.

I understand Hype was made for so much more than just Banners so I appreciate the effort that has been put into this....

Could you "explain, like I am 5 years old" elaborate this ?

It’s an optional property you can add to the reference of a JavaScript file to ensure that it has not been modified on the server: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

So when loading the JS file, the file is hashed by the browser. If it doesn’t match the hash provided, it won’t be loaded.

<script src="https://cdn.jsdelivr.net/gh/themorgantown/hypelibrary@latest/HYPE-596.thin.min.js" integrity="sha256-8jsWtOq1n6bVjkjasnOgTTCBFaqFotJEjFJMDnVo3MQ=" crossorigin="anonymous"></script>

So if the CDN is hijacked and changes the file, they won’t be able to inject a monero crypto miner.

Perfectly fit for a 5 year old :smiley:

2 Likes

Just a little caution about Subresource Integrity, some browsers don't support it...

Also, it seems like Hype should be listed here...


Heh, it is odd to explain this in layman's terms. Let's see...

Imagine you wanted to give an animated and musical birthday card to mommy. (That's basically a Hype project.) Your card has a message that you put into the card. You don't want your cheap brother stealing the card and putting in his own message instead, pretending that he bought the card. However, he's the only one that can deliver the card, as he can deliver it faster than you and you're not allowed outside late at night. (That's the CDN. He's your older brother, so you can kinda trust him, but he's also a jerk sometimes and he hangs out with a bad crowd... and your parents are divorced. You're at dad's place tonight. HA HA. That's why mommy isn't home. Think this story is bad? Good! I think using CDNs is bad.)

So, you put a secret code word on the card that only mommy understands. (That's the Subresource Integrity code.) If the card has been tampered with, the code word won't match and then you can tell mommy that your brother is in trouble. (The sha256 checksum is based on the file. The result is different if the file is different. So, if your brother tries to create his own message, the code won't match.)

Here's how you can test this locally...

shasum -a 256 /Applications/Hype.app/Contents/Resources/HYPE.thin.min.js

Most people have Hype in the Applications directory. So, if you run that command in the terminal, it should generate the following code...

f23b16b4eab59fa6d58e48dab273a04d308115aa85a2d2448c524c0e7568dcc4

If the codes match, then it means we should have the same versions of the file.

1 Like

Still I don’t think a 5 year old knows what a “monero crypto miner” is even when you’ve explained how a subresource checksum works :grin::grin::yum: