ForumsNewsUpdated CDN


Updated CDN
Author Message
Jake

Toodledo Founder
Posted: May 20, 2011
Score: 1 Reference
We have just finished migrating our CDN to Amazon's CloudFront service. In our tests, this will moderately decrease the time spent waiting for pages to load, especially over encrypted HTTPS connections, which were previously not CDN enabled.

A CDN is a network of computers spread out all over the globe that is optimized for delivering static content very quickly to your computer. We use our CDN to serve all of our images, style information and scripts. What this means, is that if you live in California and you access our webpage, your tasks will be sent from Virginia (where our servers are), but all the images and scripts will be sent from a CDN server close to you in California. This can greatly speed up page loads.

Previously, we had been using CacheFly.net, which was good, but they didn't support HTTPS connections, and recently some companies have been blocking their servers which was causing our website to appear broken to a small subset of customers.
Salgud

Posted: May 20, 2011
Score: 0 Reference
Thanks for the good work!
germike

Posted: May 21, 2011
Score: 0 Reference
I am using Firefox 4.0.1 with Noscript 2.1.0.3 on Mac OSX. I was wondering why neither the Toodledo Add-On for Firefox, nor the Toodledo web site would work any more. Finally I discovered from trial-and-error that I must allow Noscript to execute CloudFront client-side Javascript code. This is not very good from a security standpoint. It is, however, necessary in order to use Toodledo. You may want to inform your customers who are using Firefox, that Noscript must be allowed to accept Cloudfront Code. Thank you.
Jake

Toodledo Founder
Posted: May 23, 2011
Score: 0 Reference
Noscript is a pretty non-standard way to use the internet. We design our website to function using a standard web browser. When you start installing plugins that hack Toodledo or modify the way that our website works, then we can no longer support that scenario. However, I am glad that you found a way to get it to work for you.
frankie.toodle

Posted: May 23, 2011
Score: 0 Reference
Posted by Toodledo:
Noscript is a pretty non-standard way to use the internet.


Hear! Hear!

I'd say NoScript is a factual standard by security aware internet users. And as one of those I don't like the idea that information I don't know of is send to an Amazon service. Tasks may include private data.

I consider feature as critical and really would like to know, what is send to CDN.
Jake

Toodledo Founder
Posted: May 23, 2011
Score: 0 Reference
No data is sent to the CDN. Not even cookies. Only generic images and code are downloaded from the CDN. Any personal data is sent directly from our server to your browser.
Jake

Toodledo Founder
Posted: May 24, 2011
Score: 0 Reference
We have just implemented some detection code that will bypass the CDN if we detect that your proxy or browser plugin is blocking it.
Stephen

Posted: May 29, 2011
Score: 0 Reference
The detection code doesn't seem to be working for me. I haven't logged into the website for a while and things weren't working until I allowed scripts for CloudFront.net. Don't know if the bypass was intended to work with NoScript though.

Edit: The detection code is working for me. I was still logged in with a cookie and when I logged out and back in with cloud front disabled then everything worked fine. Thanks1

I agree with germike and frankie.toodle. I would prefer to not need to allow scripts for CloudFront.net in order to use Toodledo.

The basic concern is that I trust Toodledo to execute scripts but since I have to whitelist CloudFront.net now to allow Toodledo to work that means that another website that I do not trust could potentially execute scripts now by hosting them on CloudFront.net.

Perhaps this is something that NoScript should handle on its own though. I'd imagine that CloudFront might start getting used by more and more sites in this manner which will just make the potential security hole worse.


This message was edited May 29, 2011.
Jake

Toodledo Founder
Posted: May 30, 2011
Score: 0 Reference
The detection code will only trigger on the home page, so if you are having trouble with cloud front, point your browser to "http://www.toodledo.com/index.php" and it should bypass the CDN. You will need to allow cookies for it to remember this decision.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.