UrlHosted Experiment: Host Content Within the URL 138
New submitter graphicore writes to point out an experimental "unhosted" app that challenges the concept of the URL. By putting the post data after the # mark, the URL is (mis-)used as the data storage. You can store your data within your bookmarks list, host it via a URL-shortener(!) like here: http://goo.gl/DYxr5m or attach it directly to a tweet
I also attached the full-url to this slashdot post :-) This raises the question about who is hosting the content and it will probably break the internet.
This is a quote from Google's shortener policy: "Please remember that goo.gl directs you to content that is already in existence on the internet. This is not content hosted by Google." It could also become a storage strategy for any other web app. The app is GPL v3, no strings attached.
And there's always DNS, too.
It will break the Internet!!?!?!?!?! (Score:2)
... it will probably break the internet...
Oh no Mr. Bill. The Internet will be broken.
.
Give me a friggin' break. Get real.
Re: (Score:2)
I think it's more likely they'd just issue DMCA takedown notices to the URL shortener providers.
Re: (Score:1)
Add a layer: Instead of posting content, post random strings. Only if XORed with another random string do you get content. At the same time, Alice posts string A, Bob posts string B, Carol posts string C, Dan posts string D, Eve posts string E. None of these strings have discernible content. A XOR B is a cat picture, A XOR C is a Beatles song, C XOR D is a PDF of the bible, D XOR E is a tarball of the Linux kernel. What do you take down?
Re: (Score:1)
The website, of course.
Re: (Score:2)
Because there are plenty of other PDF Bibles on the Internet lawfully available without charge. There's the Project Gutenberg edition of the KJV, the World English Bible (an update to the ASV), the NET Bible, the New World Translation at JW.org, etc.
Re: (Score:3)
Did you even bother to read the rest of the summary? This actually causes real potential issues if someone stores copyrighted information in a URL-shortener's database.
Heck, my movie-warez site has been doing that for years. Sure, you have to click on 800 distinct URLs to get the content of a single frame of Game of Thrones in HD, but it's a small price to pay for thumbing your nose at the man.
Re: (Score:1)
Not a Broken the Internet issue ! (Score:1)
Re:It will break the Internet!!?!?!?!?! (Score:5, Interesting)
Did you even bother to read the rest of the summary? This actually causes real potential issues if someone stores copyrighted information in a URL-shortener's database. Because in that case, it ISN'T just a link to information - it is the information itself.
no, copyright is causing issues.
So, yes, this sort of thing can potentially open ISPs and hosting companies up to all sorts of unexpected liability. If upheld that way, when the courts get involved, it could, in fact, break the internet.
this very same technique has been used for ages in several tools to store and propagate user data.
if abused it could break url shortener services for a short while (*), which aren't essential at all. i actually never liked them, i want to know where i'm clicking to.
(*) i guess i would take any service just minutes to impose size limits.
Re: (Score:2)
Yeah sure, the same issues you'd have if you put some copyrighted material into a Slashdot comment, or on any of the rest of those comment systems that infest websites. It's a problem that's been dealt with.
Besides, I expect that a URL shortener would reject your URL if you tried to put anything substantial (like a song) in the URL. It's not magic: all you're doing is attaching the data to the end of a URL.
Re: (Score:2)
It would suck to lose URL shorteners. I'm not sure I would equate that with 'breaking the internet' though.
Re: (Score:1)
Re: (Score:2)
Re:Question (Score:5, Informative)
Not sure if serious, but I'll bite. The default action for URLs ending in #~~~~ is for the browser to find a tag named ~~~~ and scroll to that. It's used to link to a specific part of the page. Originally the tag needed to be an <a name="~~~~"> tag, but modern browsers will find any tag with id="~~~~" and use that.
It's used here because the browser does not send the #~~~~ part of the URL to the server, so you're not limited by the URL length limits in certain browsers*cough*IE*cough*. Instead, the webpage includes javascript that reads the window location variable to find the #~~~~ and parse it.
Re: (Score:2)
Re:Question (Score:5, Insightful)
You know what's scary?
(1) That someone on friggin' slashdot has no clue what the # in a url is, and thinks that asking it is easier than just friggin' googling it
(2) That another poster on slashdot answers in apparent earnest with "I usually see it used to make you jump down to a particular heading in, e.g., a wiki article. I think it also activates stuff in scripts sometimes?"
For crying out loud, where did all the nerds go? Reddit?
Re:Question (Score:5, Insightful)
And maybe, maybe, sometimes non-nerds stroll here accidentally. Let's quickly chase them away!
Re: (Score:2)
Software/web development is the only field I can think of where practitioners delight in ridiculing people outside of their specialty for not knowing everything that they do. I don't see that with medical doctors or lawyers or pharmacists or physicists. Every profession seems to have its own standards for basic maturity.
Re: (Score:2)
It's a pan-field nerdish thing. Just watch The Big Bang Theory.
Oh yeah they do and with some frequency.
It's kind of hard to Google punctuation (Score:2)
That someone on friggin' slashdot has no clue what the # in a url is, and thinks that asking it is easier than just friggin' googling it
# is punctuation, and general-purpose web search engines have historically choked on queries not for letters or digits.
Re: (Score:2)
Slashdot is always at its worst this time of year. It's a seasonal thing, related to the start of the academic year and the great number of wannabee clever-than-thous who are suddenly thrust into new environments and forced into searching for new sources of ego food. It will get better around the Fall Quarter midterm exams.
Until then, us graybeards must suffer the little children and their antics. Some of them will mature into tomorrow's hope; others will drop out or flunk out.
Re:Question (Score:4, Informative)
Javashit developers abusing the structure of a URL.
It was supposed to go to an anchor tag [w3schools.com] - so that if index.html says [A NAME=foo] you could have a URL of the form index.html#foo that would go to the correct part of index.html.
Like everything else, it got ruined by Javashit when someone discovered you could manipulate things with it that had nothing to do with anchor tags.
And since Javashit "programmers" presume that everyone wants to run third-party executables within their browser, if they have nothing to supply their Javashit framework they just include the "#" and leave the rest of the URL blank.
Remember kids, without Javashit, it'd be a lot harder to have pop-ups, pop-unders, and interstitials, so always make sure your web page renders absolutely nothing without it active. The best and most portable web pages are single line obfuscated Javashit functions that load six typefaces and twenty scripts before rendering a single byte of the static HTML content that the user came from.
Re: (Score:1)
The smileys don't make your position any less smarmy. If you want the client to render something complex, a web browser is the wrong tool. You should write a client application. Of course this hasn't stopped legions of braindead idiots from including megabytes of javascript in their sites that does fuck knows what...
Re: (Score:2)
On which platform? (Score:2)
Three million downloads across how many different platforms' app stores? How do you normally reply when someone asks about wanting to use your client application on a platform for which your client application is not currently available?
Re: (Score:2)
Wasn't that what Java was supposed to be for (after it was supposed to be for set-top boxes, but before it was supposed to be the new C0807)?
Re: (Score:2)
A browser is a client application.
Re: (Score:2)
Way to miss the point.
Client application for which platform? (Score:1)
You should write a client application.
If this client application is developed for Windows, good luck running it on a Mac. Or if this client application is developed for OS X, good luck running it on a Lenovo. Not everybody has the money to maintain 14 different client applications, one for each platform, even if they do share some of the code.
Re: (Score:2)
Plain HTML/CSS is fine for read-only sites. If you make your navigation dependent on Javascript you should be taken out back and shot. On the other hand if you want a form with even a moderate level of validation, date pickers, chained selects, chosen filters, basic HTML editing (in my case, an email template) or whatever then AJAX is pretty much the only way to go. The whole "put everything in a POST and rerender the whole page on every change" method is just terrible, both from a user and developer perspe
Validate input on both client and server (Score:2)
Client side input validators LOL.
Where do you work?
Presumably somewhere that realizes the value of validating input once quickly on the client and again securely on the server.
Re: (Score:2)
While there are definitely Javashit programmers, Javascript has evolved into a solid programming language with some interesting pieces of elegance.
As to the Javashit programmers, that is a case of the 99% giving the rest of the Javascript programmers a bad name.
Collapsing a subtree (Score:2)
If you're so dead-set against JavaScript, would you rather have to reload all comments to a Slashdot article every time you expand or collapse a subtree?
Re: (Score:2)
Wait a sec. It's gonna let illegals invade your webpage? Who thinks up these stupid policies?
Re: (Score:2)
Oh no! An anonymous coward on a webpage called me names! How will I ever sleep tonight? You are a mean man, mr ac.
Still need a base URL "player" (Score:2)
You still need to point to a base URL that knows how to unwrap the URL hosted content...
So who who host those, knowing that any URL directed there might be mistakenly attributed to content they are hosting? You could make it appear as if such a site is saying ANYTHING... it's like you pre-hacked yourself.
Re:Still need a base URL "player" (Score:5, Informative)
Yes and no. You could fit a bittorrent tracker into it. Then you're hosting your bit torrent tracker files into a short URL.
It doesn't break the internet but it does dramatically shift the question of who is "Hosting" content and who is "just sharing a link". There is a lot of legal uncertainty about what constitutes for instance copyright infringement. If you post a link to a tweet with a serial number are you committing piracy? If the website has a widget which then embeds the tweet are you worse or better off? If you post a URL which has the serial number in the URL... are you then just sharing a link or are you sharing the content? Does Google's URL shortener bare any legal responsibility under safe harbor for taking down URLs that contain copyrighted material?
Re: (Score:2)
OK, now it makes sense, thanks. I was wondering what this was for, but "bit torrent tracker" makes it clear. Very nice hack indeed.
It won't break the internet, but it will perplex and confuse MAFIAA lawyers, and that's something.
Re: (Score:2)
i dont get it.
Re: (Score:2)
That is true, it still lets you store arbitrary data in a URL, but you could perform the same trick just by putting any ascii encoded data into a query param attached to any valid hostname, which a URL shortener would happily store and feed back.
I'm saying that when you give a link like this to someone else that has something like an article in the example, that site has to know how to parse the whole blob of data after the "#" to display. That opens the site that is willing to parse and display the encoded
Re: (Score:2)
If you post a link to a tweet with a serial number are you committing piracy? If the website has a widget which then embeds the tweet are you worse or better off? If you post a URL which has the serial number in the URL... are you then just sharing a link or are you sharing the content? Does Google's URL shortener bare any legal responsibility under safe harbor for taking down URLs that contain copyrighted material?
Sometimes geeks think they can get around laws with this kind of 'clever' trickery, but the answer is no, if you are purposely sharing copyrighted material in the URLs, then you are still liable.
Re: (Score:2)
Simply linking to data though is not copyright infringement. So if the public rightfully believes that simply sharing a link is legal they may not spend the necessary time nor have the technical knowledge to discern the difference from copying a URL and sharing it and copying actual copyrighted works and sharing them.
URLs are already a loop hole in copyright law in many countries. This would widen that hole since the entire copyrighted work could even theoretically be contained within a very long URL. A
Re: (Score:2)
Simply linking to data though is not copyright infringement
This is not "simply linking to data" and you know it.
So if the public rightfully believes ....
"Belief" doesn't enter into copyright law.
URLs are already a loop hole in copyright law in many countries. This would widen that hole since the entire copyrighted work could even theoretically be contained within a very long URL.
This is like a nerd dream that lacks understanding of how the law works.
Re: (Score:2)
Re: (Score:2)
Most sites, /. for example, say anything you post is owned by you. That would include links that you post.
Re: (Score:2)
And even if they aren't malicious enough to hack you, it's not a hard decision for google to say "Oops, we no longer support URLs longer than 200 characters," or just drop everything after the anchor tag, so they aren't stuck storing some million cat gifs in their database.
data:// (Score:1)
Now he just needs to get the javascript powering this to fit in a data:// uri and it can be entirely hosted in the url.
Re: (Score:1)
Write Linux in tight Perl, it'll fit.
Data URI Scheme (Score:1)
How is this different from the Data URI Scheme?
https://en.wikipedia.org/wiki/Data_URI_scheme
Because that does not trick shorteners (Score:3)
data:text/html,<html><body>Hello</body></html>
Will not be "shortended" by a url shortener like bit.ly, whereas the "#" embedding technique will (but then you need to know how to decode it)
Re: (Score:3)
I like how you can do both too (doesn't work with shortners):
data:text/html,onload=function () { document.write (document.location.hash) }#whatever
A little disappointed (Score:3)
All this stuff about non-hosted content, and the image tag points to a wikimedia picture of a kitten instead of a data: URI?
Re: (Score:2)
OO [graphicore.de]
pretty cool, let's do it local (Score:2)
i think this is kind of cool. it's clear that there's some sort of server thing that interprets the URL and spits back friendly HTMLs. it would be cool if this could be done locally, so alls you would need is a shortened URL and you would get a page of content. it would work well for wikipedia.
Re: (Score:1)
Re: (Score:2)
huh i thought that it took the URL, read it, and then sent back the plaintext. with the message you suggest there wouldn't be any plaintext transfer over the internet. that's a cool idea! also, the summary said "break the internet", which doesn't refer to KimK but rather to the fact that this method would prevent both search engine bots and hyperlinking. Kind of the fundamental cornerstone of the internet!
Re: (Score:2)
Just run a 100k webserver with an embedded single HTML file running on 127.0.0.1
Re: (Score:2)
what is 100k webserver. is that an OS like apache?
Malware (Score:2)
Wow (Score:2)
My, what an exciting new way to fuck shit up and break all sorts of standards!
I just see an empty screen... (Score:2)
and that's all. Why should I allow some unknown host to execute javascript?
WebSphere (Score:1)
Seems IBM WebSphere did something like that. Their default URL's were often longer than a Giraffe's intestines.
http://stackoverflow.com/quest... [stackoverflow.com]
Re: (Score:2)
First time I read the summary I was like WTF is this, an advertisement?
Second time, I'm still wondering WTF. Someone needs to go back and read what a URL (ahem, URI, excuse me) actually is. It's a LINK: connecting things... not storing app preferences and shit. That's like, real, old school... before sessions, and cookies!
At one time it was. Then on the second day Tim Berners-Lee said "Let there be forms"
So anyone can just submit their github project (Score:1)
Re: (Score:3)
It the github/content is interesting, why not. Your question is like asking "So anyone can just write a few words in English, and that gets to the front page now?". Yes, and no. It depends on what those words are, and if they are interesting to the readers.
Re: (Score:2)
Re: (Score:2)
But in this case, the users that browse the firehose and recommend stories, and the editors have found it interesting, so I dont see the problem.
Re: (Score:2)
Re: (Score:2)
People using the firehose. click a button to recommend stories. Obviously enough people recommended it. If they are a sleep, the story would like have been buried.
Re: (Score:2)
This is a stupid idea (Score:2)
This is against everything we know about cross site scripting. It is like having ?errormessage=text at the end of a URL. We know the security implications of this, and we know not to do it. The potential for abuse is way too high.
Re: (Score:2)
If you are worried about that, add some CSP (Content Security Policy) headers to the hosted HTML file.
And there's always nginx rewrite, too — mdoc (Score:3)
I might be subjective as I'm the author of it, but this somewhat remind me of my http://mdoc.su/ [mdoc.su] project, which is what I call a deterministic URL shortener, or, perhaps, better yet, a semantic URL provider.
The whole source code is an nginc.conf configuration file, and is just a bunch of regular expressions and `rewrite` and `location` rules, available under an BSD/ISC licence, of course -- that's the one that comes with "no strings attached", BTW!
http://mdoc.su/ [mdoc.su]
http://mdoc.su/FreeBSD-10.2/fs [mdoc.su]
http://mdoc.su/f102/resolvconf [mdoc.su]
http://nginx.conf.mdoc.su/mdoc... [conf.mdoc.su]
https://github.com/cnst/mdoc.s... [github.com]
Ingenious (Score:3, Insightful)
Re: Ingenious (Score:1)
At the very least it's an unethical hack (Score:1)
A person could use this app to run a blog of sorts, and as popular as it became the blogger would be hosting it on the cheap. You host the app and tweet the shortened URL's. The content is hosted, but not by you. The URL shortener hosts the content. But unlike LiveJournal or Wordpress.com, the URL shortener never agreed to hosting your content. You've essentially repurposed its functionality and subverted its intent.
I'm guessing the various URL shorteners will respond to this very quickly. The hack will end
Re: (Score:2)
I have a different prediction: This "hack" will continue to function unabated as it won't generate enough interest to warrant action.
Da farq.... (Score:3, Funny)
Jesus fa... what the fuck did I just read???
It reads like it's being said by an eight year old girl who's just been given two double espressos and a new kitten.
T-shirt business? (Score:2)
Mobile Gaming application of concept (Score:2)
Since getting at game saves is not something the average user can easily do in most cases on mobile platforms, would this be a useful method for sharing save games?
Just drop a URL to the desktop and now anyone can have full hearts, the champion sword, and the unobtainium underpants.
This raises the question about who is hosting (Score:2)
This raises the question about who is hosting the content and it will probably break the internet.
No, absolutely not. No on both those assertions. In fact, it really clears up who is responsible for the content of the link. As the same host contains both the "link" and the data. People have been converting data to text and embedding it directly into HTML pretty much since HTML has existed. It is neat if often the wrong way to go about it, but also very useful for userscript developers.
Re: (Score:2)
Someone mod parent up.
Hashb.in has been around for several months longer.
Mr fister may have not known about it tho.