For a while now there’s been talk of Google favoring secure HTTPS pages in its results. We just noticed this week that any Google searches for content on our web site now return secure HTTPS URLs instead of HTTP:

It’s not clear when this happened but a quick check on our web server shows that nearly 75% of all connections were HTTPS:

Only a year or so ago HTTPS connections only made up about 10% of all connections. The percentage of HTTPS URLs being used is only going to increase as more people find HTTPS based results on Google and then share them in web pages, emails and social media.

So if your site supports based HTTP and HTTPS then HTTPS is now the most important in terms of optimising performance. The good news if that HTTPS isn’t necessarily much slower than HTTP and may be even faster if you support SPDY.

UPDATE July 7, 2014: There’s been a lot of interest in this post and some people have been jumping on the SEO implications of this. We’re not implying that your site will get ranked higher than other sites if you have HTTPS. What we’re saying is that if your site has both HTTP and HTTPS versions of the same content that Google will now return an HTTPS link. The biggest implication is that if you support HTTPS most of traffic will now be using HTTPS rather than HTTP.

UPDATE August 6, 2014 – Google has confirmed that HTTPS will be used as a ranking signal in Google Search.

You can check SSL/TLS configuration our new SSL test tool SSLRobot . It will also look for potential issues with the certificates, ciphers and protocols used by your site. Try it now for free!

The small screens of the iPad and iPhone don’t lend themselves to in-depth development tasks, but their mobility and convenience can be useful when tracking down problems in the field or providing support when you are out of the office.

Here’s a list of apps that you may find useful if you are involved in development or tech support: (Please let us know in the comments if there’s any we’ve missed)

Networking & Web

HttpWatch – of course this has to be on the list! Our app is the ultimate browser based HTTP sniffer for iOS. (Paid & Free)

iNetwork Utility – scans your network showing device types and network addresses. It also supports Wake-On-Lan and can browse services advertised with Bonjour. (Paid)

System Status – shows in-depth information about the state of your iOS device including active network connections, memory and CPU usage. (Paid)

SpeedTest – tests the speed of your internet connection using servers close to you or at chosen locations (Free)

Pingdom – view the status of sites and services that you are monitoring and receive alerts if downtime occurs (Free)

IPMI Touch – view the hardware status of IPMI supprting servers on your network including temperature, fan speed, etc. Servers can also be remotely powered on/off or restarted (Paid)

Prompt – a Telnet and SSH client for your iPhone or iPad (Paid)

Jump Desktop – a remote desktop (RDP/VNC) client for Windows PCs and Servers (Paid)

Editing and File Handling

Textastic Code Editor  – a fully featured code editor with syntax highlighting (iPhone Paid & iPad Paid)

Dropbox – iOS 7 doesn’t have a public file system for sharing files between apps. Dropbox is the best alternative until improved sharing features arrive in iOS 8. You can save files from Mobile Safari or Mail and then open them in other apps or PC/ Mac (Free)

iOS Development & App Management

AppCooker – prototype iPhone and iPad apps on your iPad (Paid)

iTunes Connect – view the sales and download data for your app on iOS (Free)

Crash Manager – view and manage crash reports from your Crashlytics account (Free)

Learning

Stack Exchange – access Stack Overflow, Super User and Server Fault from your iPhone or iPad (Free)

NewsBlur – a blog reader app that synchronizes with your NewsBlur account (Free)

WWDC – download and view videos from Apple Developer conferences (Free)

Cloud based servers are great. You can quickly fire up new instances to scale up a web site or just to make deployment easier.

However, your new cloud server may not be as clean and new as you expect. The problem is that IPv4 addresses are in short supply and your cloud server provider will maintain a pool of addresses that get recycled when a cloud server is destroyed. So when you create a new cloud server, the IP address assigned to it may have some baggage from its previous owner.

We ran into this when we deployed a major update of our site to a new server. Not long after deployment we got a Google Alert about the presence of HttpWatch related content at site with a strange domain name – let’s say malwarecentral.com. The weird thing was that this site was an exact replica of our site:

The site must have had a high page rank in Google, perhaps through dubious SEO techniques. If we searched for ‘HttpWatch’ the site appeared as one of the first search results:

Using HttpWatch we checked the IP address used by the site and found that it was the same as our latest cloud server:

It wasn’t a copy of our site it was an existing DNS entry that was pointing at the same IP address as our server.

How could this have happened? The scenario may have gone something like this:

1. A stolen credit card was used to register a domain name (e.g. malwarecentral.com) and setup an account at the cloud server provider.
2. A DNS entry for the domain was setup for the new cloud server
3. The cloud server may have been used for phishing, malware distribution or some other questionable activity
4. The cloud server provider gets a chargeback on the credit card used to setup the account. The account is shutdown and all cloud servers related to that account are destroyed.
5. The IP address of the server is returned to the provider’s pool of IPV4 addresses. The DNS entry for malwarecentral.com may have been created at another provider and was not deleted.
6. We happened to get this IP address when we created a new cloud server and the DNS entry for malwarecentral.com was still using this IP address.

Tip: Never Use Default Binding For Your Web Site

A simple way to avoid old DNS entries referring to your site is to remove the default binding that allows any hostname to be used. In IIS the entry looks like this:

Once it is removed only requests containing the hostnames that you specify will be able to load pages.

 Conclusion

There may be other consequences to reusing an IP address on your cloud server. It may have been black listed by email systems if it was sending spam and it could be blocked from other web sites or services if it was engaged in Denial Of Service (DOS) attacks or hacking attempts.

This problem doesn’t exist with IPv6 because it has such a large address space that the cloud server provider could create a new address for every server instance without ever having to reuse addresses from deleted servers. However, in today’s world where IPv4 dominates it’s worth remembering that your cloud server’s IP address may come with some baggage.