Fahrenheit 451, drafted in the last couple of days in honour of Mr. Bradbury? I do find it fitting that if this passes, we have a cultural reference to remind of its significance. I look forward to seeing some interesting error pages in the future.
Was only the other day that my mate pointed out to me that 451 is DEA if you transcribe it. And after all, there are all kinds of paper and they don't all catch fire at one given temperature, do they?
If I recall correctly, Mr. Bradbury called a firehouse and asked the guy there "what temperature does paper ignite at?" and they thought about it for a moment and looked up some value in a reference manual. So don't go reading too much into the number. Also, note that the (US) DEA was founded in 1973, while _451_ was published in 1953.
Also, casual Internet browsing suggests values closer to 450 celsius for the autoignition point of typical paper, so don't go relying too much on any one number you get from the title of a book (or from a hacker news post, for that matter)
Not sure I see the applications of this, but I guess more high-level error messaging is something that is in general a good thing so I guess that should hold for the web, too.
Application will be www.google.com, www.youtube.com, etc. They'll get censorship instruction from gov bodies. There are two things that are obvious now, fight google vs facebook is like who will be big brothers right hand and other is that RMS was right. Sad thing is that it is first time in human history that evil oligarchy can be beaten by engineers (google, facebook, ...). Too bad they don't get it :-(
Destruction of 'counterfeit' media. Because after all, just because you have a vast zero-scale network on which to distributively backup the collected artistic works of society in real time, doesn't mean you should, obviously. I mean, that would amount to the most complete open library of knowledge ever created in history, which would make so many existing business models obsolete that we just can't justify doing it, for the sake of the economy, cos y'know, money works, right?
I'd believe the Bradbury conspiracy theories since this should otherwise be a 5xx error code for server errors. The client certainly didn't do anything wrong (4xx)
Technically, the client did err, as it performed a request that is not legally permitted in its jurisdiction. For example, this response could be used for geographically-limited resources (such as BBC iPlayer), which means your client erred by not being in Britain.
If it's a takedown of some kind, your client erred by being subject to a government that ordered you unable to see the resource that you requested. The 4xx code fits, in this case, as 5xx implies the server made a mistake (it didn't).
requesting info on a real, existing user on illegal-in-USA.ru
-> GET /users/real-user-name HTTP/1.1 Host: illegal-in-USA.ru
<- HTTP/1.1 451 Unavailable For Legal Reasons
requesting info on a fake, nonexistent user on illegal-in-USA.ru
-> GET /users/no-such-user HTTP/1.1 Host: illegal-in-USA.ru
<- HTTP/1.1 451 Unavailable For Legal Reasons
If the .ru site sent 404s for nonexistent users and 451s for real ones, you'd be able to gather potentially useful information. It's like if I go to bad-porn.com and type your email into "forgot my password", it should neither confirm nor deny the existence of your account, simply tell me the request was received. In any event if delivery of the requested resource is legally prohibited, why would I go to the trouble to determine whether the resource exists?
A final analogy: 10 year old enters US gas station: "Have you Marlboro 100s, menthol?" gas station attendant (without checking whether or not he has this particular brand/style of cigarette): "get out of here, kid. [HTTP/1.1 451 Unavailable For Legal Reasons]."
> If something didn't exist at all, why would I send a 451?
You just don't acknowledge the existence.
> So... everybody can ignore 451?
The status code is optional in the sense that you don't have to use it if a resource is unavailable for legal reasons. You can use it if you want to inform the user what exactly is going on.
>You can use it if you want to inform the user what exactly is going on.
That's exactly the purpose.
>The 4xx class of status code is intended for cases in which the client seems to have erred. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents SHOULD display any included entity to the user.
If you're trying to "hide" something on the web, there's 401 Unauthorized and 404 Not found. If you cannot acknowledge the existence of a resource, either of these status codes would be fine. If, however, you feel the need to correctly communicate that a resource is legally unavailable (whether or not it exists), then 451 is an alternative.
But, no one ever said status codes had to tell the truth.
The 400 series implies that there was an error on the client side, when there clearly isn't one. The client has made a valid request that a middleman refuses to honor.
This better fits into the 300 series as a permanent addition.
But it's conceivable it could be related to you. "I'm sorry, this content is not viewable by non-<insert group of choice>" or "You are on the Anonymous watch list". That makes it a client error.
In the end, many times the response codes are murky. I'm very comfortable with it being a 4xx; you'd put it somewhere else. The working group will hash it out and we'll use what they say. shrug
Isn't it quite close to both 403 Forbidden, "request was a legal request, but the server is refusing to respond to it" and 401 Unauthorized? And now it's on the wikipedia http://en.wikipedia.org/wiki/HTTP_status_codes , and that equates with being approved, right?
TIL Microsoft uses 450 for parental control. And now 451 for legal censorship. Perhaps we could use the 450-459 range to signify various censorship scenarios. The 450s is also a nice middle ground between 400s and 500s.
The argument against 403 is that the server might not get to the resource at all, so it doesn't get a chance to refuse the response. A router with filtering capabilities might also terminate the connection and return 451 if the target server is censored and won't be reached. (wether that's practically likely to happen—e.g., at the Great Firewall, or for ICE seizures—is a different matter entirely)
300s indicate that client must take a follow-up action to fulfill the request. This would be misleading as the request is denied permanently.
Further, the closest match among the currently implemented statuses is a 403. As per the "Acknowledgements" section:
Thanks to Terence Eden, whose blog observed that the existing status code 403 was not really suitable for this situation, and suggested the creation of a new status code.
Propaganda is a poor excuse for a technical decision. Such decisions should be made on a rational basis, not because someone got their feeling bent out of shape or for political reasons.
Yes, I understand the rationale. I agree that there needs to be a code to denote "Access denied due to legal reasons". But I also know that personal is not the same as important, and in this case, a decision is being made that we'll be stuck with for quite some time to come and the choice of the code is purely a propaganda play.
At any rate, the client has not made an error. The client is the requesting entity (ie., browser or other program). The client in the error message does not refer to the potential human that may have caused the client to initiate the request.
Unless you can magically plug an ethernet connection into your mouth and spew http requests.
Assuming you know what you are talking about, do you mind if I restate your argument?
A 500 means the server is doing the wrong thing. You are suggesting that a server which blocks illegal requests is broken.
If you think servers should block illegal requests, then a 403 (Forbidden - The server understood the request, but is refusing to fulfil it) would have been most appropriate, but a new 4XX is useful given the prevalence of things like DCMA and censorship.
But since censorship is a bug, then a 5XX is more appropriate.
You could jokingly suggest a 305 redirect (Use Proxy), but technically it might not work (the proxy could get blocked too, or the server would get in trouble).
> You are suggesting that a server which blocks illegal requests is broken.
What? I suggested no such thing. What I am suggesting (if you read up the comments) is that a middleman has made the error and thus it is incumbent on that middleman to return a proper error of "Access denied for legal reasons".
If you use the 451 error to denote censorship, what code do you use when access is denied for a legitimate legal reason?
* broken multitasking - accidentally inserted political for legal in the last sentence.
>What? I suggested no such thing. What I am suggesting (if you read up the comments) is that a middleman has made the error and thus it is incumbent on that middleman to return a proper error of "Access denied for legal reasons".
1) There isn't necessarily a middleman. A server can self-censor in order to obey the law and return a 451.
2) A censoring firewall that blocks content is doing precisely what it's supposed to do, and returning a 4xx code keeps it in line with HTTP. It is not an error.
>If you use the 451 error to denote censorship, what code do you use when access is denied for a legitimate legal reason?
I don't think it's up to HTTP to distinguish between censorship and other kinds of laws (or more broadly, other government directives). Censorship that happens because of non-legal reasons (e.g. the website admin doesn't want to serve a resource due to personal beliefs) should just be a 403.
>At any rate, the client has not made an error. The client is the requesting entity (ie., browser or other program). The client in the error message does not refer to the potential human that may have caused the client to initiate the request.
Typing google.com/asdfhjk in the address bar yields a 404, even though the error is clearly with the human, not the browser.
>Yet, that's what's happening with the 451 error code. This is clearly aimed at government censorship - what the writer considers the wrong kind.
I'm not sure I agree. While the author may have a certain connotation in mind, "not available for legal reasons" is a simple statement of fact that can be useful for the user, regardless of whether it was a "good" or an "evil" law.
>Unless I'm mistaken, "client" means the browser, not the person operating the browser.
So it shouldn't return a 404? Are you proposing the use of 6xx codes for user error, and keep 4xx for purely client errors? How can the server distinguish between a browser and somebody using telnet? What if another program is performing automated clicks in a browser and navigates to google.com/asdfhjk?
I believe the "client" is "everything on the other end of the tcp connection."
There are situations where a resource is blocked, but transparently. For example, the pirate bay is blocked in some countries. However, it's done publicly, and that the site exists isn't denied. The ISPs that effect the blocking could use this status code to inform people who try to visit it that the site does exist, but they can't access it because the government says so. This could, in theory, divert activity towards the ISP (which has nothing to gain from implementing such blocks) to the government. That is, instead of spamming the ISP's helpdesk, they could petition their representatives.
Of course, in some situations the block is supposed to be also denying the existence of the site, and in such cases this status code wouldn't apply. That's mentioned in the RFC (section 4.1).
Maybe, but if I have to guess differently than you think: They probably want to use this to "troll" governments and heavy users of DMCA take-down notices. These people usually don't like it if users notice that they were responsible, so this is against their interests.
