Unofficial Tumult Hype CDN


#1

Updated August 21, 2018

We (At Tumult) do have a library CDN on our todo list, but in the meantime I setup a quick CDN. There are no guarantees to this and this is not provided by Tumult. There are a number of free services that allow you to CDNify any repository’s files, so I did just that for the library repository which contains all the Hype runtimes. You would use either of these in your Advanced Export CDN Field:

Recommended:

https://cdn.jsdelivr.net/gh/themorgantown/hypelibrary/

uses JSdelivr |

Also:

https://cdn.rawgit.com/themorgantown/hypelibrary/master uses Rawgit’s CDN
&
https://gitcdn.xyz/repo/themorgantown/hypelibrary/master uses Gitcdn.

I won’t be taking my version down (more info below), but the above option is a bit more robust, and hosted by Stackpath.

This option below is fronted by Cloudflare with 30 day expires headers. The server is hosted by Nearly Free Speech.

You would use:

https://hypelibrary.rememberi.es

… in your Advanced Export CDN field.

NO GUARANTEES. Please turn on notifications for this thread if you use it in case I need to remove this in the future. Want to host your own? Here’s a repo to get started: https://github.com/themorgantown/hypelibrary

Notes

This server is Gzipped, HTTPS-friendly, and should be speedy. I do not have any logging enabled whatsoever besides what cloudflare provides (and Google Analytics on the landing page).

Response headers from August 30, 2017 12:45 PM PST:

https://hypelibrary.rememberi.es/HYPE-584.thin.min.js

accept-ranges:bytes
cache-control:public, max-age=2592000
cf-cache-status:HIT
cf-ray:396a34fbf82911d7-SJC
content-encoding:gzip
content-length:24262
content-type:application/javascript
date:Wed, 30 Aug 2017 19:37:50 GMT
etag:"ddab-557fcf1308863"
expires:Fri, 29 Sep 2017 19:37:50 GMT
last-modified:Wed, 30 Aug 2017 18:46:13 GMT
server:cloudflare-nginx
status:200
vary:Accept-Encoding
via:e4


Export settings: how to combine SVG and html elements, and how to specify path to Hype library files
Best solution for approved CDN for DoubleClick HYPE-538.thin.min.js
Decreasing load times and optimizing performance: Preparing a Large project in Hype
Hype.full.min.js
Latest HYPE lib on cloudflare or similiar? (CDN)
How to change name of container id after advanced export
A note about http://tumult.com/hype/runtime/ - it is not a CDN for your ads
Animation: To use proportional Scale or Width/Height properties?
(Jon EJ) #2

Hi Daniel,

any update on this? :slight_smile:


#3

It still works, what’s up?


(Jon EJ) #4

Hi,

as it says ‘NO GUARANTEES’ I am a bit afraid of using this when creating ads for our customers.

It would be a bit of a crisis if it suddenly stopped working :confused:


#5

You probably shouldn’t use this, or you can use the linked GitHub repository to setup your own. Are you using an ad network with a small file size limit?


(Jon EJ) #6

Yes, AdForm :slight_smile: 100kB-limit.


#7

Hmm I don’t know what to tell you…


#8

Update:

I now recommend using:

https://cdn.rawgit.com/themorgantown/hypelibrary/master/


(Markus Gerhard) #9

could you please upload the lastest HYPE-588.thin.min.js.

thx in advance,
Markus


(Markus Gerhard) #10

or is there an export option available on Hype to insist on exporting with the 584.thin.min.js ?

thx, Markus


#11

Updated: As a reminder, I recommend using this URL in the Advanced Export field:

https://cdn.rawgit.com/themorgantown/hypelibrary/master/


#12

So the https://tumult.com/hype/runtime is up and running again?


#13

This is not a CDN for your documents. Please see: A note about http://tumult.com/hype/runtime/ - it is not a CDN for your ads

The https://cdn.rawgit.com/themorgantown/hypelibrary/master/ CDN has been updated with the latest 3.6.5 build library.

curl -I https://cdn.rawgit.com/themorgantown/hypelibrary/master/HYPE-590.thin.min.js
HTTP/2 200 
date: Tue, 10 Apr 2018 14:58:02 GMT
content-type: application/javascript;charset=utf-8
x-content-type-options: nosniff
x-robots-tag: none
access-control-allow-origin: *
etag: "fb5ee9ac60c7338ad655a0ac3bfb51e1b7f6029b"
cache-control: max-age=86400
vary: Accept-Encoding
rawgit-cache-status: HIT
server: NetDNA-cache/2.2
strict-transport-security: max-age=31536000; preload
x-cache: HIT

Best solution for approved CDN for DoubleClick HYPE-538.thin.min.js
#14

Now supporting subresource integrity (SRI) if you load it through this CDN https://www.jsdelivr.com/package/gh/themorgantown/hypelibrary and generate embed codes through that service.


(lee) #15

I understand Hype was made for so much more than just Banners so I appreciate the effort that has been put into this…

Could you “explain, like I am 5 years old” elaborate this ?


#16

It’s an optional property you can add to the reference of a JavaScript file to ensure that it has not been modified on the server: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

So when loading the JS file, the file is hashed by the browser. If it doesn’t match the hash provided, it won’t be loaded.

<script src="https://cdn.jsdelivr.net/gh/themorgantown/hypelibrary@latest/HYPE-596.thin.min.js" integrity="sha256-8jsWtOq1n6bVjkjasnOgTTCBFaqFotJEjFJMDnVo3MQ=" crossorigin="anonymous"></script>

So if the CDN is hijacked and changes the file, they won’t be able to inject a monero crypto miner.


#17

Perfectly fit for a 5 year old :smiley:


#18

Just a little caution about Subresource Integrity, some browsers don’t support it…

Also, it seems like Hype should be listed here…


Heh, it is odd to explain this in layman’s terms. Let’s see…

Imagine you wanted to give an animated and musical birthday card to mommy. (That’s basically a Hype project.) Your card has a message that you put into the card. You don’t want your cheap brother stealing the card and putting in his own message instead, pretending that he bought the card. However, he’s the only one that can deliver the card, as he can deliver it faster than you and you’re not allowed outside late at night. (That’s the CDN. He’s your older brother, so you can kinda trust him, but he’s also a jerk sometimes and he hangs out with a bad crowd… and your parents are divorced. You’re at dad’s place tonight. HA HA. That’s why mommy isn’t home. Think this story is bad? Good! I think using CDNs is bad.)

So, you put a secret code word on the card that only mommy understands. (That’s the Subresource Integrity code.) If the card has been tampered with, the code word won’t match and then you can tell mommy that your brother is in trouble. (The sha256 checksum is based on the file. The result is different if the file is different. So, if your brother tries to create his own message, the code won’t match.)

Here’s how you can test this locally…

shasum -a 256 /Applications/Hype.app/Contents/Resources/HYPE.thin.min.js

Most people have Hype in the Applications directory. So, if you run that command in the terminal, it should generate the following code…

f23b16b4eab59fa6d58e48dab273a04d308115aa85a2d2448c524c0e7568dcc4

If the codes match, then it means we should have the same versions of the file.


Useful Web Development / Design Links
#19

Still I don’t think a 5 year old knows what a “monero crypto miner” is even when you’ve explained how a subresource checksum works :grin::grin::yum: