By John Gruber
Upgraded — Get a new MacBook every two years. From $36.06/month with AppleCare+ included.
Compared to implementations for Perl, PHP, and Python, Markdown support on Ruby has generally been inferior — very slow and somewhat buggy. Ryan Tomayko has solved this with two new Ruby extensions that wrap extremely fast (and accurate) C libraries for Markdown: David Loren Parsons’s Discount and Jon MacFarleane’s peg-markdown. I prefer the RDiscount extension — it’s faster, easier to install on Mac OS X, and has a liberal BSD-style license — but they’re both good, and far better than the old BlueCloth Ruby extension.
“Prince McLean” writing for AppleInsider on the security of the new MobileMe web apps:
Data transaction security in MobileMe’s web apps is based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple’s cloud, rather than the SSL web page encryption used by HTTPS. The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication. This has caused some unnecessary panic among web users who have equated their browser’s SSL lock icon with web security.
Update: Jesse Hollington claims that SSL encryption is only used for reading, and that writes are sent from the browser to me.com in the clear. And I’ll mention again that with Gmail and Google Calendar, you get SSL for free — I can’t see how there’s any excuse for MobileMe not to at least offer the option of using SSL for everything.
Update 2: Looking at traffic with tcpdump, it appears to me that nothing other than your initial authentication/login is encrypted. All the XMLHttpRequest data, both reads and writes, appears to be sent as gzip-compressed plain text. This is not secure at all.
Steven Frank:
What I have here is a list of what I consider to be basic developer rights and a distribution model that uses that list as toilet paper, while in return presenting me with an equally long list of genuine and tangible benefits. How do I respond to that?