Along with the MobileMe fixes that 10.5.6 brought along with it, Apple has updated it on the server side as well. Minor changes have been brought about for the Contacts, Calendars, Gallery, iDisk as well as the login screen.

Before you get excited, there still is no “Share File” button in iDisk that we have all longed for. The feature is still has a ‘coming soon’ status on the MobileMe iDisk feature page. Oh how I long to send those huge attachments, and just imagine the look on the face of the one who finds out how awesome my way of sending email attachments is. 

Nevertheless, I’m happy that Apple is constantly working on MobileMe. The detailed support document mentions features like “adds shortcut for creating new contact”, and “Long event titles now appear properly in Month view” when it comes to the Calendars. They have also included a “Tell a friend” link for MobileMe web galleries, although we’re still lacking photo comments to make this a Flickr alternative. Check out the full document for whole list. 

Unfortunately though, I could not test any of this, as MobileMe refused to log in (for the first time in months) and repeatedly told my Safari and Firefox browsers that Internet Explorer 7 is not fully supported. The desktop features work just fine though.

[Thanks Dan for the link up!]

Apple has spoken out about the changes it has made to MobileMe since its rocky (to put it politely) launch. I don’t know why this wasn’t posted in the largely useless MobileMe News page but I can’t complain. Something tells me this bit of text was written by Steve Jobs himself. 

Apple is always working to improve MobileMe. Since MobileMe is primarily a server-side, or “cloud”-based, service, the MobileMe team can make improvements and push updates to MobileMe without any action being required of MobileMe customers. Since server-side updates are a bit more innocuous than a standard software update to Mac OS X or Microsoft Windows, it’s easy not to notice that updates are occurring. Usually the only hint of these updates is that things just “work better”.

The article then lists out a whole bunch of changes, including nitty-gritty details like “provides a “loading” graphic to indicate that messages are still being loaded instead of a blank page”.

A lot of attention has been given to localisation of the service. A lot of users were complaining about calendar dates being inconsistent across the service and during the last two weeks I have noticed that this problem has been solved. 

If you haven’t already, check out our article on making the best of MobileMe. And if you have any problems or queries, don’t hesitate to shout out in the comments.

MobileMe, despite all the bad press it has been subjected to since its launch, is a really great service. Three members of the Smoking Apples team have been using MobileMe and are extremely happy (for the most part) using it. Even besides the “push” email functionality, there are a lot of other features that just get swept under the rug. This little guide will help you explore MobileMe even further and put those features to good use.

Email Aliases

MobileMe allows you to create email aliases, which are virtual email IDs that don’t exist as separate email addresses by themselves. The emails that come through to an alias are delivered to your original mailbox. You can create up to five aliases at a time and then turn them off or delete them when you are done with them.

This not only allows you to have a ‘myname.junk@me.com’ email ID for Internet signups but also lets you create a serious and professional email ID in addition to your usual funky one (of course, if you happen to be anything like our Editor saab, a “funky” email address is the last thing you’d want). Aliases once turned off can never be used by anyone, including yourself. You can mark aliases with a different colour and direct messages sent addressed to it to a certain folder. Emails sent to any of your aliases will come to your one unified inbox only. You will not have to check any other mailbox to check for messages. Of course, with your desktop Mail client, you can set filters to automatically direct that email to particular folders. 

To create an alias, open http://me.com in your web browser and access the preferences from the Mail toolbar. Clicking on the Alias tab allows you to enter up to five email addresses and then choose to mark them with different colours or add a different name to each one’s “From” field.
Continue Reading »

It looks like Apple is desperately trying to cover lost ground with regards to MobileMe. In a recent email, the MobileMe team announced that, in addition to the thirty-day extension they gave the first time, they will provide all users of MobileMe with an additional extension of sixty days. This includes all accounts which were active as on 19 August 2008, i.e. today, including those on a free trial. 

Here’s the exact text of the email: 

We have already made many improvements to MobileMe, but we still have many more to make. To recognize our users’ patience, we are giving every MobileMe subscriber as of today a free 60 day extension. This is in addition to the one month extension most subscribers have already received. We are working very hard to make MobileMe a great service we can all be proud of. We know that MobileMe’s launch has not been our finest hour, and we truly appreciate your patience as we turn this around. Read this article for more details.

The MobileMe Team

This doesn’t come as a surprise, given that MobileMe is still not fixed and various issues have been cropping up all over the place even now. Steve Jobs, his highness, was clearly miffed by the shabby launch of the service and its continuing problems. Here’s hoping for an error-free, secure and push filled Christmas!

The MobileMe saga continues. The lack of SSL among the web applications, including email, calendars, contacts and everything in between, has caused panic among subscribers of the service. MobileMe uses the standard ‘http:’ protocol, as opposed to the more secure ‘https:’ that Gmail offers as an option. What does this mean and how does it affect you?

AppleInsider’s McLean went about analysing the web apps and made a big blunder in his article stating that SSL is not required and Mobileme is actually secure. Looking at the evidence provided, I will agree with Jeff Alfke’s comment, that McLean either isn’t very knowledgeable about data security and the importance of SSL or his system of email access is totally insecure. 

Data transaction security in MobileMe’s web apps is based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple’s cloud, rather than the SSL web page encryption used by HTTPS.

This means that your emails and calendars will show up in your inbox only if you have gone through the authentication in the beginning. But, on digging a little deeper, it appears that anyone can read your email once you’ve logged in. 

The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication.

The web apps themselves are not authenticated and only the data that is transferred is authenticated. Note the use of the word authenticated instead of encrypted. Several bloggers have proved that using simple network sniffers like WireShark or tcpdump, the plaintext of the entire message, the calendar events and your contacts can easily be pilfered! So some hacker jack sitting across the room sharing your Wi-Fi network could take a sneek peek into your online life if he’s so inclined. 

Another problem with the lack of SSL is that if your router is infected—with the DNS for me.com pointing to some phishing site, for example—there is absolutely no way for you, the user, to know the difference. Firefox will not show the yellow address bar and Safari won’t show the lock icon. So using something like a man-in-the-middle attack, the web app would be authenticated by the user and the hacked app would then act as an intermediary between your web app and the Apple servers.

An important point to note, however, is that this only pertains to the web apps. The IMAP support on the iPhone and desktop clients all transfer data over SSL so no one’s looking at that data. 

Moral of the story: If you really care about data security and are secretly an undercover agent for the CID, stop using the web apps for a while, at least on an unsecured Wi-Fi network. If, on the other hand, you are like me and not overly (or even remotely, for that matter) paranoid about the security of your inbox (and usually leave the ‘Keep me logged in’ box checked), then continue using the web interface in all its Web 2.0 glory.