Blog Archives

TL;DR: My updated take is Lockfiles for Node.js apps, not for other projects. When you run npm install, after you add or change a dependency in package.json, npm finds and selects the latest compatible version, downloads it, and replaces your package-lock.json file to describe what it found. The npm install command does not consider lockfiles…

How does an open philosophy jive with best practices in performance and security? In short, we’re selective in our dependencies and audit our own upstream sources. Progressive enhancement not only makes for a fast and accessible site, I argue it’s also the cheaper choice in the long run!

Statistics and anecdotes about PHP at scale.

For two years in 2020 and 2021, I shared Wikipedia’s worldwide browser statistics on Mastodon under #browserstats. They looked a little something like this: As the data includes the browser’s major version, I wondered whether I could use this to follow the adoption rate through each browser’s release cycle. The short answer is… Yes! Here…

Deploying HTTP/2 support to the Wikimedia CDN significantly changed how browsers negotiate and transfer data during the page load process. We found regressions in performance during the transition and are sharing the lessons we learned.

The Internet Archive discovers in real-time when WordPress blogs publish a new post, and when Wikipedia articles reference new sources. How does that work?

I miss the era of very Internet-y things, geocities-style scavenger hunts, with easter eggs and all. So, I devised a treasure hunt of my own!

At Wikipedia, we built an efficient sampling profiler for PHP, and use it to instrument live requests. The trace logs and flame graphs are powered by a simple setup that involves only free open-source software, and runs at low infrastructure cost.

Today, yours truly got to add his bit.

What’s the deal with these string methods, and how are they different?

How a long sequence of dots allowed a regex to reach its internal stack limit.

Why does software accept invalid data? And, at what software layer should we reject it? Also, what are “namespaces” and “special pages” on Wikipedia?

These are short stories from bug hunts and incident investigations at Wikipedia.

These are short stories from bug hunts and incident investigations at Wikipedia.

This week saw the conclusion of a project that I’ve been shepherding on and off since September of last year. The goal was for the initialisation of our asynchronous JavaScript pipeline (at the time, 36 kilobytes in size) to fit within a budget of 28 KB.

What’s the worst that could happen after npm install?

Six years ago (in 2012), I was looking for a newsletter about browser releases. At the time, my motivation was to remember to regularly check and update the jQuery TestSwarm framework as needed for each new browser release. I found a simple overview at browsehappy.com, run by WordPress. Lacking RSS, I decided to simply check…

This post shows how we measure and interpret load times on Wikipedia. It also explains what real-user metrics are, and how percentiles work.

Today, I’d like to challenge the assert.ok and assert.not* methods. I believe they may’ve become an anti-pattern.

How did Apple create Safari, and what is PhantomJS?

re·buke verb express sharp disapproval or criticism of (someone) because of their behavior or actions “she had rebuked him for drinking too much“ “the judge publicly rebuked the jury“ noun an expression of sharp disapproval or criticism “he hadn’t meant it as a rebuke, but Neil flinched“ (from the Oxford English Dictionary) I ran into the…