Blog Archives

20 posts • View all posts

Balancing security and openness in web development

How does an open philosophy jive with best practices in performance and security? At Wikimedia, we’re selective in our dependencies and audit our own upstream sources. Progressive enhancement not only makes for a fast and accessible site, I argue it’s also the cheaper choice in the long run!

An Internet of PHP

Statistics and anecdotes about PHP at scale.

Browser adoption rates

For two years in 2020 and 2021, I shared Wikipedia’s worldwide browser statistics on Mastodon under #browserstats. They looked a little something like this: As the data includes the browser’s major version, I wondered whether I could use this to follow the adoption rate through each browser’s release cycle. The short answer is… Yes! Here…

HTTP/2 performance revisited

Deploying HTTP/2 support to the Wikimedia CDN significantly changed how browsers negotiate and transfer data during the page load process. We found regressions in performance during the transition and are sharing the lessons we learned.

How does Internet Archive know?

The Internet Archive discovers in real-time when WordPress blogs publish a new post, and when Wikipedia articles reference new sources. How does that work?

📎 Treasure Hunt 2021

I miss the bygone era of very internety things, geocities-style scavenger hunts, easter eggs. So, I made thing. Hope you like it!

Profiling PHP in production at scale

At Wikipedia, we built an efficient sampling profiler for PHP, and use it to instrument live requests. The trace logs and flame graphs are powered by a simple setup that involves only free open-source software, and runs at low infrastructure cost.

📎 Interview on Uses This

Today, yours truly got to add his bit.

Should I substr(), substring(), or slice()?

What’s the deal with these string methods, and how are they different?

Many dots, do not a query make

How a long sequence of dots allowed a regex to reach its internal stack limit.

To throw or not to throw, that is the question

Why does software accept invalid data? And, at what software layer should we reject it? Also, what are “namespaces” and “special pages” on Wikipedia?

Tomorrow, may be sooner than you think

These are short stories from bug hunts and incident investigations at Wikipedia.

Missing partitions, disappearing audio players, and extreme packet loss

These are short stories from bug hunts and incident investigations at Wikipedia.

Wikipedia’s JavaScript initialisation on a budget

This week saw the conclusion of a project that I’ve been shepherding on and off since September of last year. The goal was for the initialisation of our asynchronous JavaScript pipeline (at the time, 36 kilobytes in size) to fit within a budget of 28 KB.

How to protect yourself from npm

What’s the worst that could happen after npm install?

Six years of BrowseHappy

Six years ago (in 2012), I was looking for a newsletter about browser releases. At the time, my motivation was to test and update the jQuery TestSwarm framework for each new browser release. I found a simple overview at, by @WordPress.  (1/) Lacking RSS, I decided to simply check it on a regular basis, and…

Measuring Wikipedia page load times

This post shows how we measure and interpret load times on Wikipedia. It also explains what real-user metrics are, and how percentiles work.

QUnit anti-patterns

Today, I’d like to challenge the assert.ok and assert.not* methods. I believe they may’ve become an anti-pattern.

PhantomJS for CI (anno 2014)

How did Apple create Safari, and what is PhantomJS?

The word “rebuke”

re·buke verb express sharp disapproval or criticism of (someone) because of their behavior or actions “she had rebuked him for drinking too much“ “the judge publicly rebuked the jury“ noun an expression of sharp disapproval or criticism “he hadn’t meant it as a rebuke, but Neil flinched“ (from the Oxford English Dictionary) I ran into the…