PG could configure the news.ycombinator.com server to return a 301 to any request which has a HOST header that's not news.ycombinator.com - either that or hardcode the domain name in links.
I'm sure that Volida's motives are honest as he stated but this practice - buying a domain name that sounds like something popular and setting the A records to the intended site - has the potential to be used maliciously. All you'd have to do is wait for traffic to grow and then, in time, switch the DNS records to your own site. Of course, the HTTPS pages are going to show certificate problems while your A record is pointing at the original target - but many users will just go ahead and accept bad certificates.
How would a legitimate site owner defend against this sort of thing? Would the solution I described in the top paragraph be effective? Has this ever been done maliciously?
I don't know too much about web whatnots but couldn't this be done through virtualhosts? like say ip/other domains go to nothing or another place, domain.tld/subd.domain.tld goes to the main website?
I never claimed that his example was representative of a useful, short domain name, I simply pointed out that you came to a conclusion that was wrong after doing far too little research. If you have a problem with the length of his domain name, I'd suggest commenting to him, not me.
The downmods are ridiculous, did I honestly distract from the conversation or did everyone disagree that putting www in front fixes it? This place is dying.
I typically get as far as "new", but then, I routinely have more than a hundred tabs open in Firefox. If Chrom(e|ium) worked on FreeBSD, I'd probably be using that instead.
I like leaving things open, but I'm really curious how having over 30 tabs is an improved user experience. The most common places I visit are either always etched in the address bar history, and so are reachable in a few keystrokes, or have outright aliases, so I can type a keyword and it transforms into a URL. Everything else is just a handful of keystrokes away, via Selfmarks (my bookmarks-on-the-internet service).
How can you navigate among your tabs with any semblance of ease or speed?
Yeah, I keep hearing of people (esp. power users) using web browsers with hundreds of tabs open, and I don't understand why they need so many, nor how it remains manageable/useful/navigable. When I end up with > 25 tabs, it usually just means I need to run a garbage collection cycle. Whatever the reason is, it's probably some use case(s) that could be better handled by the browser or an extension. Are they using all the tabs as a queue of stuff to read? That's a problem I run into, and I deal with it by keeping a vim buffer open with a list of URLs.
I use my browser as my 'auxiliary memory', if I don't have time to read something right away I just open a tab and leave it until I have time.
On a typical day this means that in the morning I start with the session I left the evening before, say 25 tabs or so (usually project + whatever documentation I need for it), then as the day goes by the number of open tabs slowly increases. By the evening it probably is at its peak somewhere between 50 and 70 or so, then before I go to bed I catch up on my reading and close anything that doesn't have to do with work ready for the next cycle.
When I end up with > 25 tabs, it usually just means I need to run a garbage collection cycle.
I agree in theory; that many tabs are pretty difficult to manage. Unfortunately, a garbage collection cycle forces me to focus on garbage collecting (since I will usually have several important sites open among the trash), breaking my concentration on the research. It ends up being more productive to leave them open for a while, until they reach some threshold where I have to do too much work to find the important open sites among the garbage. That point for me is definitely more than 25 but also less than 100. I assume that it's different for different people.
Why should he donate it? He should sell it. If PG decides it adds usefulness, guy should at least get the purchase price back, if not more.
Obviously it's just a convenient domain name, so he won't sell it for a lot of money, but should sell it for _something_. PG can afford a reasonably priced domain, I think.
"Well, I don't plan in doing any kind of man-in-middle attack. Neither I am planning to selling the domain to a 3rd party."
Well, I still think it's irresponsible to provide or use such a "service". I can't think it's good for security if people get in the habit of relying on potentially unreliable third-parties just for the heck of it.
Why ask people to trust that you have only good intentions when that wouldn't even be necessary if you didn't provide a (IMHO less than worthless) "service"?
I might sound harsh, but the whole matter just reeks of sloppiness to me.
"I'd have to setup a server, which would enforce the notion that I am doing some kind of man-in-the-middle attack. There is also some obvious reason pointed out by HN members, no need to refer to it."
The first one isn't a good reason. If it immediately redirects the user will then be at news.ycombinator.com, which can be trusted.
What was the second reason?
Also, pg could solve this by performing the redirect himself whenever the "Host" header is not equal to "news.ycombinator.com"
I'm sure that Volida's motives are honest as he stated but this practice - buying a domain name that sounds like something popular and setting the A records to the intended site - has the potential to be used maliciously. All you'd have to do is wait for traffic to grow and then, in time, switch the DNS records to your own site. Of course, the HTTPS pages are going to show certificate problems while your A record is pointing at the original target - but many users will just go ahead and accept bad certificates.
How would a legitimate site owner defend against this sort of thing? Would the solution I described in the top paragraph be effective? Has this ever been done maliciously?