$20/mo for SSL is crazy.

It's because they have to provision an Elastic Load Balancer to sit in front of your app. That's the only way they can acquire additional IP addresses from AWS.

They make no money on this arrangement, they are simply passing the ELB costs on to you.

I guess this is an opportunity for any PaaSes that aren't built on EC2.

It definitely is, but AWS has made it clear they will be rolling out multiple IPs per EC2 instance this year.

The downsides of not being on EC2 these days are many. You wouldn't be able to offer the fleet of bonus services that Heroku can offer.

ELB endpoints are domain names, not IP addresses. How would ELB help them "acquire additional IP addresses"?

Domains that resolve to an IP... I'm not 100% sure how they are configured behind the scenes, but the ELBs have a bunch of physical IPs wired into them, so they can SSL terminate for many domains, something that EC2 instances cannot (currently) do.

So Heroku leverages the ELBs to circumvent the 1 IP address per EC2 instance issue.

EDIT: more info here http://serverfault.com/questions/285680/what-is-the-technolo...

Unless you use SNI (which is only supported in some browsers) you have to have one IP per SSL host as the certificate is sent before decoding the request. ELB doesn't use that and must have 1 IP per hostname.

Most importantly -- any IE on Windows XP.

Ah, right -- kind of an oh, duh moment for me. Thanks!

On Appharbor (The Heroku of the .Net world), SNI Based SSL is $10/m, Hostname based SSL is $50/m, and IP-based SSL is $100/m.

Let's see how many people pay it, and then decide whether or not it's crazy.

Is the solution given in the article any different than using this?

config.active_record.whitelist_attributes = true

Also, this isn't the first time someone's been bit by this: http://www.kalzumeus.com/2010/09/22/security-lessons-learned...

I didn't know about the solution you mention at the time I wrote the post. I'm reading up on it now and I think it's actually going to end up being the official solution so it's a good flag:

https://github.com/rails/rails/commit/06a3a8a458e70c1b6531ac...

Ha, I know.. I couldn't tell if it is "Pompeii" or "Pompeii of the Permian period". I hate that professional articles have so many typos in them these days.

Here is one in C# https://github.com/jaredpar/VsVim/

That's not what the GP meant. He meant getting Vi key bindings in any imaginable text field.

This sounds like it has potential, although I can't test it yet. You should try searching Google for information on COM programming. Try finding information on "COM Events", for example. Good luck. Macy's is on the the first page! Bing is not any better.

I get "Understanding COM Event Handling" at #1, but agree that it's not ideal. Some words like COM or IT have dual meanings where sometimes you want to treat them like stopwords and sometimes you don't.

Just tried it with verbatim but results are still no good =( I can see how it is doing exactly what it is told to do ("www.yelp.com/events"), but not what I would like. I like the idea of being able to do verbatim searches though! (and still miss the + button...)

I think there is a bug if you only enter 1 link (it gives the "Something went wrong" popup).

It is on purpose. Sharing just one url is not the intention.

I wrote this game as a fun project to learn javascript and jQuery, and to work on my web design skills a bit. Let me know what you think and if it is any fun! :)

Visual Studio may not be the choice environment for many HN'ers, but if you are stuck using it I made free extension to make #regions in Visual Studio less noticeable and work a bit better.

The font of the headers looks a bit jagged for me for some reason. Not sure why but it really stands out. You may want to look into that.

You should have two options, one to use my account, one to use a sample account. People would probably view the sample first, and then if they were interested then they might sign in themselves.

A video would suffice for me (but I've tried it anyhow).