What's really needed is a token (nonce) that is tied to the session. That's like CSRF Prevention 101.
> POST (and restricting to same-origin)
In a CSRF scenario, the client itself can presumably be "trusted" - A client behaving maliciously can only hurt itself, not any one else. The important thing is to not trust anything that may have been provided by a third party.
Side Note: I've always wondered why HN doesn't let you reneg on your upvote. I imagine this would have a good deal fewer votes if people could.
[EDIT: corrected link. Thanks ma2rten!]
EDIT: You are welcome. I am not sure this is comprehensive either, though. For one it will only include submissions with a space in the title, I think.
(edit: nope, I was 3 off, you get the point though, apparently a lot of people are commenting at the moment, ha)
The easiest way to do it would be to pick an ID in the future (say 20 ahead of the latest one) then type the title and link out, then just keep refreshing the page for your selected ID minus one (for example, if your chosen ID is 3743040 refresh news.ycombinator.com/item?id=3743039) until you get a result then hit submit, if you're not too slow you'll get the ID 3743040.
(Maybe _that_ explains why so many TechCrunch articles make the front page?)
Not that I'd ever be crazy enough try this for real of course.
EDIT: According to posts I've read the votes aren't valid if the referrer isn't Hacker News. So the only thing possible is what's on display.
"Can't make that vote."
Also a good example of why you need to use POST for stuff like this :)
I think you need to set "showdead" in your profile to see this. It got killed pretty quickly, but netted me ~150 karma which was amusingly nontrivial back then. And as a byproduct, I think I became the first "public member" to get a glimpse of Arc, which was closed-source at the time. I won't disclose how (since I haven't asked for permission to share the details) but it was pretty much one of the happiest days of my life, for some stupid reason. I was young and giddy and felt like I'd just won something special.
To give you an idea of how ancient this is, check out the id of the thread -- only #27,615. Man, time flies when you're watching a community grow, eh? It's like watching a child mature over years -- into an increasingly-annoying version of themselves while slowly getting fatter and fatter over the years, of course. (I kid, I kid.)
Bonus: I just now noticed that I'd gotten into a debate with Paul B in that thread. Hah. I was too cocky back then... I should have been listening and asking questions, not talking!
Man, I miss those days so much. I never knew how rare they were until they were gone. Like, my girlfriend (now wife) and I went on vacation, during which we prototyped and launched a whole webapp in Rails 1.0! Who does that? Not me, anymore -- At least, not until I lose my day job like a bad case of music. Makes me wonder if I still have my old "hey, I'm 18 and ignorant of my own flaws!" level of productivity...
EDIT: Oh, look. I have the attention of the majority of HN. Allow me to now exploit you:
To whomever has read upto here: you hereby implicitly agree my EULA, in which you swear to enjoy each of your scientific pursuits with intensity and to your fullest degree; and sometimes even to a dangerous degree, if the mood carries you thus. Additionally, you agree to never allow an employer, family member, or any other authority to break your intrinsic spirit; for they have no means of dominating your spirit except that which you subconsciously allow them. You shall be true to yourself and to your own principles, regardless of society (though in privacy). You shall hereby refuse to believe any scientific statement as "true", however benign, except those in which you alone have proven to yourself to be true, by your own hand and evidence. (Though it doesn't hurt to check out what other people have to say on the subject, from time to time; in fact, it turns out to often be a more valuable course of action, for the careful analysis of a close friend can often reveal subtle flaws in your process and in your logic, while occasionally forcing you to re-evaluate your core reasoning for choosing that process in the first place, which always leads to the path of learning and thus improvement and satisfaction.) You agree to eventually die with no regrets. Let no one impose themselves upon your judgement without merit. You shall endeavor to enjoy life to the fullest extent of the law (where applicable), and to realize that money is merely a means, not an end unto itself. In your spare time, you shall research that which is impossible, but intriguing, in order to always have something to strive for, thereby improving your skill and your spirit. You shall follow your curiosity wherever it leads (but keep both eyes open for signs of danger).
Most importantly: thou shalt enjoy every week, else thou shalt fix your life's situation regardless of how immutable it may seem.
Go -- build something out of passion. Right now!
OT but funny story: back when I was first getting into programming heavily (I had dabbled for about 4 years, but wasn't particularly good), I started learning perl, and got into a flame war on freenode with some random guy I had never seen on before (in the three times I had visited). It was weird - everybody sided with him, so strongly that I was really confused. His username was strange, too - something about "toady".
Yup, I, a perl programmer of 2 weeks, got into a flame war with Larry Wall. Didn't realize it for years, until I saw his IRC nick mentioned somewhere else. Ouch.
pg 1744 days ago
Ok, will fix.
Your edit is the best thing to come out of this entire ordeal. Thanks for not abusing your newfound fame :)
Edit: Lotsa serious folks on tonight.