Thank HN: From Google form to $1k in revenue in on...

[jbyers]

This is a good reason to never prefix generated Javascript with hex hashes, at least without swapping out vowels. We rolled the dice one and had this happen on Wikispaces once; it was utterly infuriating to debug.

[blaze33]

Nice catch, never thought about it. Is it more problematic with preffixes (vs. suffixes etc.) or should we generally avoid any random string? Appending a hash to the script is very convenient to force the download of the new version of an asset (but maybe we have better solutions now, haven't considered this issue in a while).

[imron]

In your site's code, reference the asset in a path that includes the timestamp the asset file last changed.

e.g.

/js/1476929634/myscript.js instead of /js/myscript.js

Then use your webserver to rewrite /js/<any number>/myscript.js to /js/myscript.js

[Scaevolus]

You can also do /js/myscript.js?v=1476929634 -- this generally works without any server-side changes. A CRC32 might work better, since controlling mtimes can be annoying.

[imron]

You can, but that can cause issues with browser caching (http://www.stevesouders.com/blog/2008/08/23/revving-filename...) and in any case I prefer the cleaner urls :-)

Plus, once it's configured you never have to worry about it again.

[e12e]

Or just use a decimal hash, rather than hex? Eg in python3:

  import hashlib as h
  int(h.sha256(b" ").hexdigest(), 16)

> 24725091799402603688614593151141908335745916334489781770578761787218146381928

  h.sha256(b" ").hexdigest()

> 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

It's longer, but even a 256-hash isn't that long? (and sha1 would probably be fine, obviously)

[methyl]

Why is there a problem exactly? It seems even if hash contains "ad", uBlock origin is not blocking it. Does this problem exist for some specific ad blocking software?