Now it’s very easy to get a full compiler environment, including pure gcc (rather than clang’s emulation of it), that can build all variants of ruby and gems without an issue. The trivial process goes like this:

First, download and install the Command Line Tools for Xcode. These can be installed either through Preferences > Downloads > Components in the full Xcode 4.3 install, or by downloading and installing the standalone package.

Next, install homebrew, a fantastic package manager for OS X. Run brew update to make sure it’s fully up to date.

Next, add the homebrew “dupes” repository (or “keg”), some necessary recipes for installation, and the real gcc 4.2:

brew tap homebrew/homebrew-dupes
brew install autoconf automake
brew install apple-gcc42

Now you can safely build and install various rubies. rvm is a great way to do this without stepping on the system-installed ruby:

bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
source ~/.rvm/scripts/rvm
rvm get head
rvm install 1.8.7
rvm install 1.9.3-head

Now you can install compass and use scss in style.

On the minus side: Apple has made, and will continue to make, an intentionally crippled and limited device in the name of a better overall user experience.

I believe I was and still am entirely accurate; this isn’t necessarily a bad thing, of course. The recent concerns about address book privacy illustrate the concern perfectly; unrestricted access can easily lead to a very poor user experience.

Furthermore, when I said:

[The iPad will be] an unbelievable platform, and one which the vast majority of people will find satisfies their needs and exceeds all their expectations.

it turns out that I was more right than I expected to be – people are using iPads as their primary (!) machines, without so much as an external keyboard, for serious writing and content creation. It doesn’t satisfy all my needs, but it sure satisfies most of them, and exceeded most of my expectations.

What’s next? Well, iCloud and various other things have demonstrated that Apple’s goals point squarely at closer integration of all platforms, less reliance on the continual presence of a particular device itself, and a simpler user experience. Some of these things are fantastic – Photo Stream saves me a huge amount of time – and some of them not so much – Launchpad on the desktop is a sad joke. The App Store sandboxing and signing restrictions are very much a reasonable tradeoff (especially with non-App Store developer signatures in the offering for Mountain Lion), but splitting the APIs up so some of them are only available to App Store apps and some of them are only available (or at least useful) to non-App Store apps seems like a nightmare if it continues.

So: the iPad will continue to be a rampaging success. Apple TV will end up being less about a media box per se and more about a central hub for your devices to cross-connect (or maybe the Apple TV box will be /just/ a media interface, and the next generation of Airport devices will provide the smart hub). They’ll (maybe) figure out how to make iCloud not suck so much if you have a bunch of machines connected to the same account all on a local network. Xcode will continue to be an amazingly headachy IDE wrapped around a progressively more impressive compiler. Other businesses will continue to violently misunderstand what Apple is doing. They’ll continue to do unpleasant, walled-garden things in the name of a delightful-but-controlled user experience. I’ll keep using Apple products, and a Linux box, and a Windows box (but I’m probably not going to upgrade to W8 any time soon).

And I’ll hope that legislation doesn’t cause the internet to crumble out from under me in the meantime.

It’s sometimes hard to visualize what’s going on with Git when you’re unfamiliar with it, and not everybody is familiar with the concept of a Directed Acyclic Graph, so to help get everyone up to speed, we ordered a Tinkertoy set.

There are probably better ways to spend Monday morning at work than putting together a Tinkertoy model of a Git repository, but I can’t think what they might be.

As with many products before, I fall somewhere in the middle.

On the plus side: It looks like a beautiful piece of hardware; every report I have read says that using it is a dream come true to any fan of the various iTouches. Fast, integrated, smooth, and with beautiful user interface decisions; top of the line hardware and (more polish on) groundbreaking software combine to make an unbelievable platform, and one which the vast majority of people will find satisfies their needs and exceeds all their expectations.

On the minus side: Apple has made, and will continue to make, an intentionally crippled and limited device in the name of a better overall user experience. While I wholeheartedly agree with their goals – make it accessible to the common man! – it is simply not what I, as a power user who is otherwise well in the target market, need in many respects.

Any number of minor concessions would solve this problem for me – and these are the same issues I have with any “trusted computing” sort of platform. It is not my best interests that Apple is trying to protect here, either as a developer or as an individual user. It is theirs, and it is not in their best interests to allow me to, for instance, decide whose software I actually trust.

No, I’m not trying to run Linux on the thing. It runs a perfectly acceptable *NIX operating system already, and in fact has a fantastic GUI (for almost every purpose) and software installation procedure (for almost every case) already. I just want to run my instant messenger and Pages. Even just the ability to background one application (with – yes, I realize this – the appropriate time and attention put in to making the experience smooth and complete) would make a huge difference in the overall usability.

I’d really like to run Processing on it. It’s just such a perfect platform for art-programming, and there’s nothing else quite like Processing for that.

But that’s all. I don’t want a pony.

Another time I’ll talk about a bunch of nonsense regarding the details of SSL and some of the strange things that have come out of it, but for the moment, one specific thing stands out.

Part of an X509 certificate is an optional piece of metadata called a Subject Alternative Name, or SAN. If you take a peek at an SSL certificate that provides one, you’ll see something like this:

Certificate:
    Data:
        [...]
        Subject: C=US, ST=CA, L=Cupertino, O=Apple, Inc., CN=*.example.com
        [...]
        X509v3 extensions:
            [...]
            X509v3 Subject Alternative Name:
                DNS:specific.example.com, DNS:example.com, DNS:*.example.com

Normally a client connecting to https://example.com/ will get a domain mismatch certificate error, because the CN *.example.com does not either exactly or via wildcard match example.com. However, a large number of clients also examine the list of SAN DNS names to validate the domain; since example.com shows up in that list, no error will be displayed.

Every major browser – IE, Firefox, Opera, Safari, and even the venerable Netscape Navigator have supported SANs since at least 2003. Surprisingly, Internet Explorer has supported them since Win98 (yes, that means they work in IE6, for those keeping count). Many mobile devices also recognize them – certainly the newest crop of WebKit-based and Android mobile browsers, but also things like Symbian 9.2+ and Windows Mobile 5 and 6.

Furthermore, SANs can be used to cause certain mail clients to stop complaining about connecting to a mail server that services multiple domains under one IP. Since these same mail clients are often configured to recognize an internal CA, rolling up all the possible names into the SAN list on a single certificate can save a pile of headache.

Why hasn’t this been more widely advertised and well-known? Because many certificate authorities are more in the habit of selling encryption than verification, and so would very much like to charge you for every single line in the certificate and every single reissue of the same certificate with slightly different metadata (say, a different set of SAN entries, in this case) rather than charging you for their performing trusted due diligence to ensure that you are who you claim to be and that you have the rights you claim to have over the subjects (in this case, domain names) in question.

Thanks a lot, “trusted” authorities. Way to instill confidence in your services.

There are a few respectable exceptions, of course, and a few web-of-trust CAs which perform the services for free or for reasonable, nominal charges. The web-of-trust CAs tend to have less or no native browser support, which makes them less suitable for general purpose commerce, but for those in the know (or a known browser demographic) they can be a fantastic alternative.

I’m currently a fan of DigiCert for business use, and StartCom for personal use. As a side note, many domain registrars (such as Gandi) also provide a free basic 1-year SSL certificate with purchase of a domain name.