Panic Blog

Author Archive

App Scams

Tuesday, November 20th, 2012

Like Minecraft? Then surely you’ll love Mooncraft!

mooncraft-2

Except, well, you really won’t. Really:

http://www.youtube.com/watch?v=eqZrBGcsV9Y

What happened here? It’s pretty simple.

1. Scammer makes an extremely simple iOS app and submits it to Apple.

2. Once it’s approved, they change the screenshots, description, and name — things you can edit at any time. Piggyback off a popular game!

3. Buy hundreds of fake ★★★★★ reviews, somehow.

4. Sit back and relax as you slowly and gently travel towards hell.

This isn’t Apple’s fault, of course — it’s bait-and-switch, the classic inch/mile situation that scammers rely on. How can Apple fix this? Being able to adjust screenshots/descriptions after submitting is important, and we don’t want that to go away. And it’d be unreasonable for Apple to manually review all screenshot changes.

How about this: after an app hits the store, if it has nothing but 1-star reviews (that include text!), and those reviews mention keywords like “scam” a lot, flag it for further inspection?

scam

I bet there’s an algorithm out there that could find these apps pretty quickly.

Either way, Quang Nguyen (which might be a fake name, of course): you’re a terrible person. (Thanks to Steve for missing the tiny popup button and clicking “Buy App” by accident.)

UPDATE 12/10/2012: For a while, Mooncraft was pulled from the store. But, of course, it’s back.

UPDATE 1/10/2013: Apple has announced a new policy that screenshots can only be updated when they accompany a new application binary submitted for review. Hopefully that will put a stop to this particular type of trickery.

Posted in General | 30 Comments »

VTAC: Enhanced Online Security

Monday, November 12th, 2012

A while back, I became obsessed with getting an “Extended Validation” certificate for our website, just so that we can have a little green “Panic Inc” sitting in the address bar.

You know exactly what I’m talking about:

Getting that green rectangle was, put simply, Le Pain Royale. I suppose that’s the point. It also wasn’t cheap.

After hearing me repeatedly complain about the frustrations of getting our Extended Validation certificate, our own Mike Merrill made me a compelling offer.

For the same amount of money I’d spend on an Extended Validation certificate, Mike could provide our customers with a significantly more secure and immutable validation seal, one that would provide true “trust beyond pixels”.

With this idea, VTAC was born.

Art project? Groundbreaking new level of web security? Prank? Your call.

Should you have any doubts about panic.com security, please visit our office and ask to see Mike’s arm.

VTAC seals are now available for qualified third parties. Click here to learn more or request a quote.

Music courtesy 8-Bit Operators. Thanks!

Posted in General | 15 Comments »

Coda 2.0.5 Beta Ready to Test

Tuesday, October 23rd, 2012

For early-access, cutting-edge Coda users: we’re wrapping up another Coda update which eliminates a few possible crashes and hangs, fixes aggressive Preview caching, and improves performance.

If you’re interested, ~~grab Coda 2.0.5b1 here (51MB).~~

UPDATE 11/5: Beta complete! Coda 2.0.5 has been released.

Then, please use it, and promptly report any issues found in Hive!

Posted in Note | 18 Comments »

Burnside: our Tweet-to-Email Gateway

Thursday, September 27th, 2012

We get a lot of support questions via Twitter which, believe it or not, we love. It forces people to ask questions succinctly, and it forces us to answer succinctly. We think it’s a pretty great way to answer questions.

But the part we don’t love is trying to use the Twitter website, or a third-party web service like “ExactTarget SocialEngage”, ugh that name, to answer these questions. There’s just something inherently slow and inefficient about using the web for rapid-fire, high-volume tasks like answering support questions.

662741386-1 So, we built Burnside, a Tweet-to-Email Gateway.

Tweets go into a regular mailbox. When we reply, they go back out as tweets. Since multiple people can work out of the same IMAP box, it’s fast and efficient. And as an added bonus, as we archive tweets one by one, we’re building our own searchable index of tweets in Mail. Try searching for anything older than a week on the Twitter website!

(And what about the 140 character limit? We also wrote a plugin for Apple Mail that displays a character count in the Mac OS X Mail window.)

Burnside is notable for another reason: it’s a unique Panic foray into open source. Usually we keep these things to ourselves, but why?

We’ve just put Burnside up on GitHub for anyone to tweak and install.

FAIR WARNING: Burnside is for system administrators only. This is not a consumer app, and it requires significant configuration and understanding of your mail server.

Burnside GitHub Project

github.com/panicinc/burnside

Burnside works great for us, and we hope it can prove useful for others out there.

Posted in Engineering | 9 Comments »

Another Quick Test

Friday, August 31st, 2012

We’re almost done with Coda 2.0.3, as we keep Coda updates flowing frequently and consistently to make it the best it can be.

Interested? ~~Please download Coda 2.0.3b1.zip and give it a whirl.~~ (Update: Coda 2.0.3 is now available.)

If you find a bug login to Hive, our bug tracker, and file it well.

(No feature suggestions, please, just things that aren’t working right.) Thanks!