Markdown On

November 19th, 2013

The folks at have great news for fans of Markdown. It’s now built-in by default to every blog, and it’s super-easy to enable:

To start using Markdown, go to Settings → Writing in your blog dashboard, check the box next to Use Markdown for posts and pages, and save.

I just enabled it for one of my test blogs and am happy to report that MarsEdit works perfectly for publishing with Markdown to They mention that it’s best to stick to the “plain text” editor on, and the same is true for MarsEdit. You’ll want to stick with editing in “HTML Text” mode so the plain Markdown text can get to your blog without being wrapped in HTML generated by MarsEdit’s rich editor.

I wrote recently about MarsEdit’s ability to automatically convert Markdown to HTML before publishing a post. It’s worth noting that if you use the new Markdown functionality on WordPress, you probably want to avoid MarsEdit converting to HTML. This is because WordPress’s implementation of the Markdown feature does things “the right way” in my opinion, storing the original Markdown as the text of the post, so you can make further edits to the post by editing the original Markdown and not the converted HTML.

The only downside I’ve noticed so far is that when you download a post through the API from MarsEdit or from the official WordPress apps, the content is converted to HTML even though it shouldn’t be. The original Markdown does show up in the web-based WordPress admin panel. I’m going to report this as a bug and hopefully they will agree that it should be fixed.

OS X Mavericks Compatibility

October 22nd, 2013

All Red Sweater apps are compatible with OS X Mavericks.

Over the past-several months we have tested all our apps against pre-release versions of OS X Mavericks. Minor bug-fixes were required here and there but have been actively deployed in the released versions of apps for several months.

Should you run into any issues at all with OS X Mavericks, please get in touch and we will make it a priority to address any outstanding compatibility issues as soon as possible.

Markdown Anywhere With MarsEdit

October 7th, 2013

For years, MarsEdit has supported Markdown in a manner that makes it easy to write, preview, and publish to a blog without ever dealing in HTML or Rich Text.

However, for years it has also been confusing how exactly one goes about using Markdown with MarsEdit. Because there is no explicit “Markdown mode,” many people assume there is no support for Markdown. I agree that Markdown should be more explicitly supported, but the extent of Markdown support in MarsEdit may surprise you.

To assist customers who wish to write in Markdown when publishing to their blogs, I present these guidelines for making the most of MarsEdit. Note that if you happen to want to use another markup script such as Textile or MultiMarkdown, these guidelines also apply.

Guideline 1: Edit In “HTML Text” Mode

MarsEdit supports two modes of editing: “HTML Text” and “Rich Text.” It’s important to appreciate that in Rich Text mode, everything is converted to pure HTML before publishing to your blog. There is no room within “pure HTML” for Markdown to exist. Any Markdown content will be wrapped up in pure HTML tags, which prevents the Markdown from being rendered either by MarsEdit’s preview window or on your blog.

In MarsEdit, “HTML Text” is a synonym for “unadulterated markup.” It’s called HTML Text because that’s what the majority of users understand it to be useful for. In fact, you can type arbitrary text content in “HTML Text” mode and MarsEdit will not alter it, with one exception that I’ll get to later.

In MarsEdit’s preferences, you can opt to have posts open in “HTML Text” mode by default. Alternatively, you can switch to HTML Text mode at any time by selecting Post -> Edit HTML Text.

Guideline 2: Set The Preview Filter To “Markdown”

MarsEdit supports a flexible preview system designed to simulate how your blog content will look after it is published to the site. The two main components of this system are the preview template, which consists of arbitrary HTML with placeholders for your blog entry contents, and the preview filter, which transforms the content of your post to simulate server-side transformations.

By default, MarsEdit uses a preview filter called “Convert Line Breaks,” which simulates the common behavior across many blog systems of converting blocks of text separated by two newlines into “paragraphs.” This is what enabled you to write in “HTML Text” mode with paragraph clumps, and have it appear in the preview window as paragraphs, even though strict HTML would treat those clumps as a contiguous block of text.

Markdown is also included as a built-in preview filter, so you can write your “HTML Text” using Markdown syntax, and see how it will look after your blog processes it.

Skitched 20131006 001532

This assumes your blog knows how to process Markdown. Some blog systems include Markdown support by default, but many do not. If your blog system doesn’t understand Markdown by default, pay close attention to the next and final guideline.

Guideline 3: Convert Markdown To HTML If Needed

Generally speaking I encourage Markdown fans to keep their content in Markdown format when possible. For example if you publish a long post and want to go back to make substantial edits later, it will always be preferable to have the original in Markdown format.

Unfortunately preserving content in Markdown format is not feasible for all blogs. If you are publishing to a blog system that does not recognize Markdown, and you can’t for example install a custom WordPress plugin to facilitate such recognition, you will need to see that your Markdown content is converted to HTML before publishing.

Starting in MarsEdit 3.6, a new per-blog option makes it easy to automatically convert Markdown content to HTML when you publish to a blog.


Simply check the “Apply preview filter to content” box in the blog settings for your blog, and whatever preview filter is configured for your preview window will also be applied to the content before submitting it to your blog. This is the great exception to my previous promise that MarsEdit will not alter your content in “HTML Text” mode. If you check this box, your content may be dramatically altered, but hopefully to your great delight.

Guideline 4: Have Fun

Experiment with MarsEdit’s versatile previewing system, and let me know how the Markdown support is working for you. I have ideas for improving it even further, but your feedback will help to clarify those ideas as I move forward.

MarsEdit 3.6.2: Tumblr Security Fix

July 17th, 2013

MarsEdit 3.6.2 is available now from the MarsEdit home page, and has been submitted to the Mac App Store for review by Apple.

Last night Tumblr revealed on their staff blog that the Tumblr for iOS app sends a user’s password in plain-text when authenticating for the service. They published an updated version of the app which addresses the problem by connecting to Tumblr using the secure HTTPS protocol.

MarsEdit had precisely the same flaw in the way it communicates with Tumblr, so the fix is the same as Tumblr’s: use HTTPS when communicating a user’s password to Tumblr.

Who Should Update?

If you use MarsEdit to connect to a Tumblr blog, you should update to ensure that your password is sent securely to Tumblr.

What Was The Risk?

Because MarsEdit communicated a user’s Tumblr password in plain-text across a regular HTTP connection, it was theoretically possible for the communication to be intercepted en-route and read by an untrusted person.

What Else Should I Do?

After updating to MarsEdit 3.6.2, you may want to change your Tumblr password to be absolutely sure that it has not been compromised. Starting with MarsEdit 3.6.2 your Tumblr password will never be transmitted insecurely to Tumblr’s servers.

Tumblr uses an authentication system through which clients can maintain permission to connect even after your password has been changed. To be absolutely sure that your password is secure and that no unauthorized entities have authentication tokens to your blog, I recommend visiting Tumblr’s Apps Settings Page, where you can view a list of authenticated applications and revoke access to any that you are uncertain about.

Finally, as a matter of general internet security, don’t use the same password on any two services. By using unique passwords for each of the various web services you connect to, a compromised password will only ever provide an attacker with access to a single system.

What About Other Systems?

Many popular blogging systems use authentication schemes that are less secure than they ideally would be. For example, the XMLRPC-based APIs that WordPress, Movable type, and many other systems are based upon also require clients such as MarsEdit to communicate the authentication password in plain-text to the server.

However, many of these systems also support accessing the API endpoint via HTTPS, which ameliorates the problem. If you are connecting to a blog, the HTTPS version of the API Endpoint URL should be set up for you automatically. If you are connecting to a self-hosted WordPress blog, you may need to ask your hosting providers about whether you can switch to an HTTPS URL for accessing the blog.

For WordPress-style systems, you can get a sense for whether MarsEdit is connecting to your blog via a secure HTTPS connection by examining the blog settings in MarsEdit:

Screenshot of MarsEdit's blog settings

Note that for Google Blogger blogs that although the API Endpoint URL is HTTP-based, the authentication is handled separately from that URL, using a mechanism that prevents transmitting the password as plain text over the internet.

Anything Else?

MarsEdit 3.6.2 is primarily a “one-fix wonder,” but it also addresses some minor memory-usage issues, and another subtle
Tumblr authentication issue. Here are all the changes for this release:

  • Improve security of Tumblr connections
  • Fix an issue where MarsEdit would fail to re-authenticate with Tumblr after revoking privileges
  • Fix some memory performance issues