Hacker News new | past | comments | ask | show | jobs | submit login
Self-referential URL (stanford.edu)
62 points by runn1ng on Sept 16, 2012 | hide | past | web | favorite | 32 comments



Let's assume this site does exactly what the author thinks it does, and by clicking "accept", you agree to never give anyone the url submitted here.

How, then, could runn1ing have submitted this link? Let's look at the page containing the license agreement: http://www.stanford.edu/~laurik/.book2software/ . Let's assume that opening a page doesn't make you agree to any of its content, so you can read the agreement without being bound to it. Look at the source of that page. Beyond the boilerplate "you can't sue us for our software kicking your puppy; we get your firstborn child unless it's ugly", there's a <button> element. Its _onclick_ method? window.location='publishing_this_url_is_probited_by_the_license_you_accepted_getting_here_from_the_previous_page.html'

So simply append that url to the folder in the current page, and you get to the submitted link without ever accepting the terms in the agreement.

Besides, as polemic says, 4(a) says nothing about sharing the download url.

And also, there's no text on the download page that says that downloading any content indicates you accept the agreement, so you can even download the software without agreeing. The license agreement page does say "BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THE SOFTWARE, ... YOU AGREE TO THE TERMS OF THIS AGREEMENT."

So, arguably, if you read the agreement page, downloading the software on the download page indicates you agree to the terms. But if you've never seen that page, you haven't agreed to the terms.

Oh, and if it's not obvious, I'm not a lawyer. If you mistake any of this for legal advice, please let me know so I can laugh at you.


You could also align the pointer over the button, shine a laser pointer on your mouse button, and have your cat click it for you. Since you didn't click the button, you didn't accept the license. Arguably.


Instead of this, I believe we need a kosher computer mouse (like the light switch here: http://www.kosherswitch.com/live/). You click the button. In some random amount of time the mice might or might not produce a click event. So you hit the button on the mouse and walk away for a cup of tea :-)


If it's good enough for God, it has to be legal!


I wonder about the religious ramifications of the fact that this is patented. Is it allowed by doctrine to attempt to hold a monopoly for profit over items that are designed for religious observance?


I believe they patented the specific way that they remove causality and interaction with electronic circuits, not the idea itself. I'm reasonably certain one could come up with a few different/non-infringing designs that accomplish the same goal.


> You could also align the pointer over the button, shine a laser pointer on your mouse button, and have your cat click it for you. Since you didn't click the button, you didn't accept the license. Arguably.

Nice try, but no. Courts are run by human beings, who apply their own judgement to the case at hand and take things like that into account. Intent is definitely part of what's considered for most crimes.

The legal system is weird, political, too-insular at times, and funny-looking from the outside and the inside, but it's a system that's evolved, in the case of Common Law, in parts from pre-Roman Germanic tribal customs. The system has been dealing with smartasses like you since before your ancestors had been deloused.


I believe we agree.


In some countries the argument would rather be that the guy who wrote the page is a smartass and it cannot be held as a binding contract.


And here I was expecting tomfoolery!

I used to do something similar with this early into the beta of my product by using LocalStorage. If someone went to the URL without first seeing the license, the page would be redirected back at the license. I see no reason why they can't just do that here.

~~~

...If you do want some self-referential URL tomfoolery: https://twitter.com/simonsarris/status/223794554040623104


Here's a self-referential URL that doesn't use any URL forwarding/shortening service:

https://twitter.com/#!/selfrefer/status/3128391843


I would love to know how this was done. Given you can't edit tweets, and the ID of said new Tweet is going to change rapidly (given the number of new Tweets per second).

Did it involve basically predicting what the number was likely to be by observing the current posting rate, tweeting a bunch of times, and then stopping when one of the tweets matched? Or am I missing something?


Yes, that's more or less how it was done. The explanation is here: http://www.spinellis.gr/blog/20090805/index.html


I'd say that's all it took, a lot of automated tweeting with better guesses.


I would imagine posting a bunch of tweets at once with the same number, and deleting the ones which didn't match. That's assuming that deleted tweets completely disappear though.


It involves multiple redirects. One goes to http://simonsarris.com/recurse, which surely can be modified at any time. So, goo.gl short link to a controlled resource that shortly afterward is made to point back to the tweet.


The post I was replying to wasn't the goo.gl one; it was the @selfrefer tweet link, which has a link to the tweet at twitter.com in a tweet: http://twitter.com/SelfRefer/status/3128391843


Can you edit goo.gl URLs?


Reminds me of http://bit.ly/6EzdE


This is your basic such tomfoolery right here. [1]

[1] https://news.ycombinator.com/item?id=4530929


You can find the same content here: https://news.ycombinator.com/item?id=4530929


At my last^2 job we had an IRC bot with an HTTP interface. Someone made a url-forwarding-service link that would, when clicked, post itself to the channel. Hours of fun with that one.


4 (a) of the agreement says:

> "shall not post, distribute, transfer, loan, lease, rent, license, market, sell, or otherwise provide the Software to any third party, and shall not copy, reverse compile, reverse engineer or disassemble the Software, the sole exception being that a copy of the Software may be made for back-up purposes;"

So how is sharing the download page URL prohibited by the agreement (4 ((a))?


Looks like someone mistakenly thought "shall not post [...] the Software" applied to links to the software. This language clearly does not mention links.

I'm sure (:-s) the surge in traffic with an incorrect referrer will prompt them to modify the language in the agreement.


Nice loophole. I am going to assume you got to that URL by some means other than the previous page, and are therefore not violating any licenses.


On that note, the page linked is hereby released into the public domain. Of course I don't own it, but as indicated on the page itself, the referrer specifies the license.


Where does it say that on that page? It says "Thank your (sic) for accepting the license agreement.", but it doesn't say anything about 'the referrer', and in fact links to the license agreement that it claims we've accepted.


It doesn't say anything like that on the page, but it does in the URL: publishing_this_url_is_probited_by_the_license_you_accepted_getting_here_from_the_previous_page.


The previous page is, by definition, the page you were viewing previously. Which could be almost any page, including this one.


But does the document say the URL is meant to be read as instruction or agreement?


The acceptance of terms (clicking Agree on the previous page), can store a value in a session variable, or post a parameter to the site in question, which could then safely determine whether the user is authorized to see the content.


Pretty good viral marketing plan.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: