Hacker Newsnew | past | comments | ask | show | jobs | submit | futmacl's commentslogin

FWIW, I added several improvements, and according to the built-in survey, it works for about 95% of all visitors. If you had bad results initially, clear you cache and give it a second try.


Chiefly because if you have a fast machine, good connection, and a nearby CDN node, ~10 ms may be enough to establish a connection, make a request,and see the response.

Plus, if you do setInterval(..., 1) and then measure new Date().getTime() deltas, you will probably see that even if the browser isn't doing anything taxing, you get 100 ms or more every now and then...

I'm assuming there is someone working on JavaScript-RT as we speak, though ;-)


Author here. It's not exactly that; the <img> approach is commonly suggested, but it has some serious limitations (explained in the source code).

Instead, I time <iframe>s, which allows SOP violations to be trapped the moment the browser barely starts thinking about rendering the target page. The other benefit is that <iframe> requests can be aborted quite easily when they are taking long enough for us to suspect cache miss - before the request is completed and cached.

The results should not be fuzzy, although the PoC uses hardcoded timings instead of doing calibration, which makes it a bit tricky with "outlier" clients (very fast or very slow).

I made some minor tweaks today, and the success rate should be greatly improved; there's now a mini-survey on the page, looks like ~90% of the people who bother to complete it are getting accurate results.


Seems like a good way to calibrate is to have the client cache a file from your targets list (you can cachebust by adding "?some_random_junk" at the end). Then, see how long it takes to get a hit.

Better yet, do this for each target URL. Knowing the time that a miss takes vs. a hit will greatly increase your accuracy.


If it loads the page in an iframe, wouldn't future loads give a false positive?

Also, does this work for Google+ (I don't have an account)? I'd be surprised if it did, since it uses X-Frame-Options.


If you allow the load to complete, yes. But the idea here is to very quickly decide that you're not getting a cached copy, and abort the request (by changing src=) before the browser has a chance to read anything back and figure out what to do with it.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: