Handling CNAME Web Requests

I was recently playing around with DNS CNAME aliasing and I began to wonder how different sites handle an incoming request which has a different host header than the one that was expected.

Virtual Hosting
In the early days of the web (before the mid-1990s) it wasn't always possible to host multiple domains at the same IP address unless the web server supported virtual hosting. Virtual hosting allows a server at a single IP address to analyze the host header of each request to properly serve up the correct web page. This is a brilliant solution and Amazon's S3 web service makes excellent use of this technique so you can use your own domain name to serve up content from S3.

For example, here is a static webpage, hosted on Amazon's S3, but you'd never know where it's hosted by looking at the URL. One way to find out that this is hosted on S3 is to use the dig or host command from the command line:

[jmoreno@ ~]$ host web.joemoreno.com

web.joemoreno.com is an alias for web.joemoreno.com.s3.amazonaws.com.

web.joemoreno.com.s3.amazonaws.com is an alias for s3-directional-w.amazonaws.com.

s3-directional-w.amazonaws.com is an alias for s3-2-w.amazonaws.com.

s3-2-w.amazonaws.com has address 207.171.185.131


CNAME to Another Website
This got me thinking, "What if I pointed my own host name at another website?" This would be less like framing another website (via an HTML frame or iframe) and more like hyperlinking to other's content.

So, I tried it out with three popular sites and each handles it differently.

CNN
http://news.joemoreno.com
CNN doesn't appear to look at the host name header for the incoming request and simply serves up its content. It seems that the only problem this presents is when content is served up via Flash such as ads and video. In other words, Flash ads and video are broken when the host name isn't cnn.com. Since the links on the CNN website are relative, the host name in the web browser doesn't change when clicking on other cnn.com links.

NY Times
http://nytimes.joemoreno.com
The NY Times also doesn't look at the host name of the incoming request to see if it's nytimes.com or www.nytimes.com. However, the NY Times uses absolute URLs on its website so clicking on any link clears out the previous host name and replaces it with www.nytimes.com.

Twitter
http://twitter.joemoreno.com
Twitter handles this issue perfectly. Their web server looks at the host name of the incoming request and, if it's not twitter.com, it returns a 301 redirect to twitter.com while keeping the rest of the request intact.

Legal Issues
I spoke with a couple attorneys who specialize in Internet law to see if this has ever been an issue. They were not aware of any cases where the CNAME aliasing was challenged in court. The most similar case was in 1997 when the Washington Post sued Total News, Inc. since the latter was framing the former's news content. However, a court decision was never reached since it was settled out of court a few months later.

Regardless of the lack of legal challenges, it's possible that a company would be concerned about brand dilution. However, the issues with HTML framing, CNAMES, etc. would most likely be solved by implementing a simple and inexpensive technical solution instead of suing.

Solution
Some companies might not like another website aliasing their website without explicit permission and others might not care. In practice, the deciding factor would be lost revenues or brand damage. Solving this problem is much like preventing someone from framing, deep-linking or hot-linking into your website. The solution is to look at the referrer of each web request and change it if it's not what it should be.

Conclusion
The benefits of aliasing another website, via a CNAME, without them knowing isn't clear. Although many sites will frame other's content without them knowing, the web site that's the target of the framing can simply break the frame with just a single line of JavaScript embedded in the page's HTML:

<script type="text/javascript">
if (parent.frames.length > 0)
{ parent.location.href = location.href; }
</script>


A very similar JavaScript could be written to simply look at the request's host name. If it's not the correct host name then reload the page with the correct host name (although I haven't tested this theory).

This observation is simply offered as a proof of concept.

Short Sale Surprise

This afternoon my wife and I checked out a short sale in North Park (San Diego) that seemed too good to be true and we were pleasantly surprised. My experience with distressed home sales, like short sales or foreclosures, is that they are generally a "pit" (as today's real estate agent described it). Typical short sales have marked up walls and stained carpets, while most everything else is in a state of disrepair.

The only problem we noticed with the property we looked at today was the up-heaved sidewalk. Hopefully that doesn't affect the foundation.

Unfortunately, we learned the obvious lesson you'll encounter when a home is aggressively priced: multiple offers after being on the market for only a few days which usually leads to a bidding war.

What do you mean my iPad is "Not Charging"?

I was highly disappointed the first time I plugged my iPad into my MacBook Pro. My laptop is a little long in the tooth, but I didn't expect it to indicate "Not Charging". I thought, for sure, that it was just a bug until I did a little digging. It turns out that the iPad pulls more power than my MacBook delivers over its USB connection. I've seen problems like this, in the past, when plugging into low power USB ports typically found on keyboards. These keyboard ports were only designed to power mice not recharge an external device. So it's surprising that the iPad wouldn't charge when plugged directly into my MacBook.

Well, it turns out that the "Not Charging" message isn't entirely true. The iPad in the screenshot, above, had about an 81% charge when I plugged it in and now, several hours later, it's at 100%. I guess it's just a trickle charge.

Update: Great point from SteamAtom in the comments, below. It seems, in my case, that the iPad is only charging when it's sleeping. As soon as I turn it on it stops charging.

Learning to Land an Airplane

A few months ago I started flight school when I discovered that my GI Bill would cover most of the training costs beyond my private pilot certification. There's a popular saying that flying is a pilot's second most favorite activity. The first is landing.

I've been having problems consistently landing smoothly. It seems that each time I fly a textbook landing pattern approach I end up flaring too early and floating until I stall. This results in a landing that's harder than it should be. But, if the tower controller directs me to follow something other than a standard landing pattern such as a short approach ("direct to the numbers") or extends me downwind, I end up making a much better landing. Very odd.

Last week, I came across Philip Greenspun's website. One of his hobbies is general aviation. About six months ago he wrote a piece on How to Land an Airplane. This article, in addition to an earlier one, Learning to Fly, helped me make better landings.

The key, for me, is to not try to land right on the numbers, especially since the runway I'm landing on is several times longer than needed for the Cessna-152 that I use for training. Instead, I've been holding the aircraft just above the runway and gently floating down onto it while flaring when just a couple feet off the ground. It seems to be helping. Stay tuned.

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

I just saw the Apple's Worst Security Breach: 114,000 iPad Owners Exposed post on Valleywag. It sounds like this is an AT&T SNAFU, but, even if it is, it won't bode well for Apple.

Key points from the article

– AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise. This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple.

– Then there's the question of whether any damage can be done using the ICC IDs. The Goatse Security member who contacted us was concerned that recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID. Two other security experts we contacted were less confident in that assessment. Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been "vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID... as far as I know, there are no vulnerability or exploit methods involving the ICC ID."

Apple's Knowledge Navigator and the iPad

More than 20 years ago, Apple envisioned the Knowledge Navigator in the form of a tablet computer. Using hypertext, video conferencing, and artificial intelligence (AI) made the Knowledge Navigator a perfect personal assistant. The tablet form factor of the iPad (and maybe even the iPhone) would be ideal, but the technology just isn't possible, yet.



The key to the Knowledge Navigator is its AI. Advances in this area are slow due to the complexity of mimicking a human and getting it to pass the Turing Test. Keep in mind that it took mother-nature more than four billion years to create human intelligence.

Crowd Sourcing at it Finest

This afternoon, I was at my local cafe. I'd been there before and I never really noticed the piano in the corner, but this guy did.



He hopped on the piano, played some songs, and then left the cafe. I recorded one and posted it. But, I couldn't figure out the name of the song and it was killing me. I knew that I'd heard it before.

I tried to get Shazam and SoundHound to figure it out without any luck. Shazam came up with a different answer each time and SoundHound wouldn't even make a guess.

So, I decided to crowdsource the answer and I posted it to Reddit. Eight minutes later RambleMan figured it out.

The song is "The Scientist" by Coldplay. The reason it was so stuck in my head was because of the sad music video which was filmed in reverse.

Forecasting the future

I came across this forecast that Apple Could Surpass Microsoft in 2010 which I blogged about more than three years ago.

Apple may not have surpassed Microsoft in revenue, but they certainly surpassed them in market capitalization.

Six Solopreneur Branding Boo-boos

I cowrote a piece, with Guy Kawasaki, about common mistakes that one person companies make when they try to grow. Drop by and check it out at the American Express OPEN Forum.

Two Million iPads Sold

It's been less than two months since the iPad went on sale and Apple has sold more than two million. It first become available this past Friday overseas - but, Apple doesn't break down their sales figures by market.

I really love mine. It's actually good enough to use for word processing. I recently wrote an article on it, using the wireless keyboard, without any problems.


Here's a statistic that I came across which shows the growing usage of the iPad for surfing the web. What's most interesting is that usage seems to spike on the weekends.