[HN Gopher] L(O*62).ONG: Make your URL longer
___________________________________________________________________
L(O*62).ONG: Make your URL longer
Author : lnyan
Score : 108 points
Date : 2024-06-01 05:43 UTC (1 days ago)
(HTM) web link (loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo.ong)
(TXT) w3m dump (loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo.ong)
| zer00eyz wrote:
| I hate how good this is.
|
| Here: (literally)
| https://looooooooooooooooooooooooooooooooooooooooooooooooooo...
| ccbikai wrote:
| I am the author, I wanted to publish it myself, I didn't expect
| you had already published it. Thank you very much.
|
| Encountered quite a few problems during the deployment, mainly
| related to HTTPS certificates.
|
| The longest segment of a domain name is 63 characters. The
| maximum length of an HTTPS certificate commonName is 64
| characters.
|
| This caused Cloudflare, Vercel, and Netlify to be unable to use
| Let's Encrypt to sign HTTPS certificates (because they used the
| domain name as the commonName), but Zeabur can use Let's Encrypt
| to sign HTTPS certificates.
|
| Finally, the Cloudflare certificate was switched to Google Trust
| Services LLC to successfully sign.
|
| Related certificates can be viewed at
| https://crt.sh/?q=looooooooooooooooooooooooooooooooooooooooo...
| csande17 wrote:
| Don't you have to be a Non-Government Organization, outside
| China[1], to be eligible for a .ong domain name?
|
| [1] According to https://www.godaddy.com/help/about-ong-
| domains-41384
| shawabawa3 wrote:
| Just to expand on this, commonName is not at all required in
| certificates and is basically deprecated/legacy
|
| Letsencrypt does not require you to set it, just subject
| alternate names, which can be up to 255 characters, but some
| providers require it for no reason
| semi wrote:
| surprisingly it's been deprecated since RFC 2818 was
| published 24 years ago.
|
| It's only more recently that browsers and other common
| software stopped validating it though
| throw0101c wrote:
| If a subjectAltName extension of type dNSName is present,
| that MUST be used as the identity. Otherwise, the
| (most specific) Common Name field in the Subject
| field of the certificate MUST be used. Although the
| use of the Common Name is existing practice, it is
| deprecated and Certification Authorities are
| encouraged to use the dNSName instead.
|
| * https://datatracker.ietf.org/doc/html/rfc2818#section-3.1
| Therefore, if and only if the presented identifiers do not
| include a DNS-ID, SRV-ID, URI-ID, or any
| application-specific identifier types supported by
| the client, then the client MAY as a last resort check
| for a string whose form matches that of a fully qualified
| DNS domain name in a Common Name field of the
| subject field (i.e., a CN-ID). If the client
| chooses to compare a reference identifier of type CN-ID
| against that string, it MUST follow the comparison rules
| for the DNS domain name portion of an identifier of
| type DNS-ID, SRV-ID, or URI-ID, as described under
| Section 6.4.1, Section 6.4.2, and Section 6.4.3.
|
| * https://www.rfc-editor.org/rfc/rfc6125#section-6.4.4
|
| Also from 2015: 9.2.2 Subject
| Distinguished Name Fields a. Subject Common Name
| Field Certificate Field: subject:commonName (OID
| 2.5.4.3) Required/Optional: Deprecated
| (Discouraged, but not prohibited) Contents: If
| present, this field MUST contain a single IP address
| or Fully-Qualified Domain Name that is one of the values
| contained in the Certificate's subjectAltName
| extension (see Section 9.2.1).
|
| * https://cabforum.org/wp-
| content/uploads/BRv1.2.5.pdf#page=17
|
| * https://stackoverflow.com/questions/5935369/how-do-
| common-na...
| layer8 wrote:
| To further expand, _commonName_ is only deprecated for SSL
| /TLS server certificates. It is, for example, mandatory for
| CA certificates and code signing certificates.
| rrr_oh_man wrote:
| The seemingly required https:// should be prefilled in the form
| ryan-duve wrote:
| Ah, thank you. I figured it was broken.
| shever73 wrote:
| This should be the top comment. Thank you!
| optimalsolver wrote:
| URL too beacoup.
| asplake wrote:
| Or: how to ruin hckrnews on mobile (Safari, anyway)
| renegat0x0 wrote:
| Some pages do not require your services (already quite long)
|
| https://httpscolonforwardslashforwardslashwwwdotzoltanbalazs...
|
| https://aaaaaaaaaa.org/
|
| http://thebestpageintheuniverse.net/
|
| http://bettermotherfuckingwebsite.com/
| maaaaattttt wrote:
| There used to be
| http://twoyoutubevideosandamotherfuckingcrossfader.com/ too but
| it's now broken (it loads, but the players don't).
| ilikeitdark wrote:
| That was one of the coolest sites ever, the other one being
| where you could make virtual mixtapes and send them to
| people. We can't have nice stuff anymore....
| magicalhippo wrote:
| > https://aaaaaaaaaa.org/
|
| Slightly disappointed that doesn't have a 10hr version of
| https://www.youtube.com/watch?v=dys8KUnwGGg
| teddyh wrote:
| Or a link to <https://en.uncyclopedia.co/wiki/AAAAAAAAA!>
| heyest wrote:
| This is awesome thanks!
| jan_Sate wrote:
| Be wary with making this kind of website. I made something
| similar long time ago (urllengthener.sadale.net) and got my site
| reported for "spam campaign". Turns out that the spammer was
| abusing my site to generate spam link. I handled that promptly by
| shutting down my site and didn't receive any penalty for that.
|
| The way how it worked is that the spammer used my urllengthener
| as a redirection service to a website that looks like an
| incomplete project, which is actually a disguise. There's
| javascript code on their site that if there's a URL fragment
| identifier (the hash thingie postfix for URL) detection mechanism
| and if the URL fragment identifier matches an ad of their own,
| it'd redirect to the actual spam ad.
|
| Let's say the spammer owns example.org. The spammer would
| generate link with my service such that
| https://urllengthener.sadale.net/foobarbaz would redirect to
| https://example.org. Then it'd send spam with a link of
| https://urllengthener.sadale.net/foobarbaz#identifierXYZ to the
| victim. Then the victim would click on the link, which redirects
| him to https://example.org/#identifierXYZ, which would show
| victim the ad. https://example.org/ looks legit on its own and
| there is no log shown on the HTTP server because the URL fragment
| identifier is a client-side thing. I'm kind of thankful of that
| spam abuse report. Otherwise I might have never found out.
|
| (Remarks: example.org isn't the actual spam site. I just use this
| domain name as an example.)
|
| I don't have the time for now but I think I should make a write
| up about that some time later.
|
| And I've tested your service and apparently your site is
| vulnerable for the exact same kind of abuse as mine. I'd strongly
| recommend you to at least disabling redirection of URL fragment
| identifier. Example of URL that's prone to abuse:
| https://looooooooooooooooooooooooooooooooooooooooooooooooooo...
| varelaz wrote:
| How is this different from GET arguments in the URL? I mean is
| this relates only to URL fragment, because javascript can parse
| URL parameters as well and any spam site can abuse it even with
| rewrite in the path part in the URL.
| jan_Sate wrote:
| GET arguments are not redirected to the spam site because
| when the url redirection site has received the GET argument,
| the GET argument would generally be discarded/disregarded
| before redirecting the user to the spam site.
| varelaz wrote:
| But you're not in control of fragment part. Server doesn't
| receive fragment for request, it's all managed completely
| by the browser. To handle this you need to do client side
| redirect with javascript.
| jan_Sate wrote:
| Good question.
|
| I haven't tested that but I think it's possible to modify
| the fragment with Javascript:
| https://stackoverflow.com/a/4282075
|
| So my idea would be getting looo.ong to create a special
| client-side redirection webpage that would remove the
| fragment part using Javascript before performing the
| redirection with Javascript. And no. Using HTTP
| redirection response on server side won't work.
|
| EDIT: I've actually seen URL redirection websites that
| removes the fragment part so it should be doable. Perhaps
| the purpose of that is to avoid spam abuse.
| factormeta wrote:
| thanks to the need for ES to accommodate SPA (one of the
| worse thing that has ever happens to the web), that
| allows ES/JS to change the URL of the page as long as it
| is within the same domain. What could go wrong. Don't try
| to make web a QT replacement. Crete your own freaking
| interface. Stop hijacking web as document based platform
| to squeeze everything in there.
| sva_ wrote:
| > I handled that promptly by shutting down my site and didn't
| receive any penalty for that.
|
| What kind of penalty do you think you could've gotten and by
| whom?
| bsoft16385 wrote:
| Spamhaus or another IP reputation provider will contact your
| hosting provide or ISP and warn them that either: - You need
| to follow their best practices (which practically for me
| meant paying for a subscription) - Or your upstream net block
| would be marked as untrustworthy (which basically blocks
| email delivery from that IP range)
|
| You can imagine what your hosting provider or ISP will do
| with this.
|
| Source: I ran a URL shortening service from 2004-2007 and
| this happened to me.
| chriscjcj wrote:
| Indeed. It's depressing to say, but stand by for a bad actor(s)
| to abuse this service for nefarious purposes in 3... 2... 1....
| 0x00cl wrote:
| Wouldn't it be possible to use subdomains to make it _looonger_?
|
| From my understanding the domain could be 255 characters long.
|
| https://a.lot.looooooooo(...)nger.than.looooooooo(...).ng
| layer8 wrote:
| There is a de-facto limit on the total length of an URL [0]
| which significantly exceeds 255, and the path portion of an URL
| can be arbitrarily long within that limit, so using only
| subdomains would be unnecessarily limiting, and using them in
| addition would provide no further benefit.
|
| [0] https://stackoverflow.com/questions/417142/what-is-the-
| maxim...
| omoikane wrote:
| This reminds me of hugeurl, which disappeared around 2014:
|
| https://web.archive.org/web/20140208032349/http://hugeurl.co...
| joshmanders wrote:
| I love how you encode the url as binary then replace the 0's and
| 1's with O's and o's. This is genius.
| efilife wrote:
| How do you know? Where can I read about this? Am I missing
| something?
| rwiggins wrote:
| The source is on GitHub:
|
| utils.js, which contains the (de)serialization code: https://
| github.com/ccbikai/loooooooooooooooooooooooooooooooo...
|
| tool.js, which does the serialization: https://github.com/ccb
| ikai/loooooooooooooooooooooooooooooooo...
|
| display.js, which does the deserialization and redirect: http
| s://github.com/ccbikai/loooooooooooooooooooooooooooooooo...
| GlumWoodpecker wrote:
| I did something similar when I made ghost-translator :)
|
| https://xdpirate.github.io/ghost-translator/ghost-
| translator...
| andersa wrote:
| Am I having a stroke? I am 100% certain I saw this exact topic
| with these exact comments yesterday, but here we are with all of
| them saying they're from 5 hours ago.
| lolinder wrote:
| This happens when an article is revived from the second-chance
| pool. From what I understand the only way they currently have
| to resurrect a thread involves changing timestamps, which is
| extremely disorienting for people who actually did see the
| previous thread.
|
| See dang's explanation to the same question here (and his link
| to an algolia search of other previous explanations):
| https://news.ycombinator.com/item?id=36472976
| jv22222 wrote:
| They engineered a real mandala effect!
| Dwedit wrote:
| There used to be a URL redirection service called HugeURL. Your
| URLs were extremely long.
| cush wrote:
| Similar to the small web, I equally love the silly web. Good job!
| aendruk wrote:
| .ong is intended for "organisations non gouvernementale" and the
| main difference from .org is that proof of actual NGO status is
| required.
| zakki wrote:
| I wonder why the TLD is not .ngo.
| aendruk wrote:
| The answer to that is easy enough to find. I submit that a
| better question is why not .gno a la UTC.
| Zambyte wrote:
| https://looooooooooooooooooooooooooooooooooooooooooooooooooo...
| tcsenpai wrote:
| I didn't know I needed this until I actually saw this.
|
| https://looooooooooooooooooooooooooooooooooooooooooooooooooo...
| mdrewry wrote:
| this is actually really funny
| dmitshur wrote:
| long - short
|
| https://looooooooooooooooooooooooooooooooooooooooooooooooooo...
| moritzwarhier wrote:
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
| crazygringo wrote:
| This is one of the dumbest things I've come across in a long
| time.
|
| I absolutely love it.
| elwell wrote:
| URL longerer
| AbraKdabra wrote:
| There should be a label telling people they need the protocol
| first, as soon as I entered I wrote "google.com" and nothing
| happened, confused me for a bit and thought there was something
| broken or maybe it was a victim of a HN hug.
___________________________________________________________________
(page generated 2024-06-02 23:00 UTC)