Speaking of VoodooPad… I just got an email from the developer:
I apologize for our quietness in the world of VoodooPad, and I hope that with the release of VoodooPad for iOS 5.1.4 and the public beta of VoodooPad for Mac 5.1.4 we can break that start talking more frequently about what we’re up to.
5.1.4 was a tricky release for us. A while back, when we were doing some unrelated work on the code, we discovered some major flaws in VoodooPad’s original implementation of encrypted documents. While it was good enough to protect documents from casual snooping, a skilled and motivated person could read an encrypted document with relatively minimal time and effort. Fixing this became our top priority.
As often happens with software projects, it looked straightforward to begin with but took on more and more complications as we dug into it. The fix ended up taking several times longer than we originally thought it would. As recent high-profile vulnerabilities like Heartbleed and Logjam have shown, security and cryptography are Hard™. We wanted to make sure we got the fix right.
Security vulnerability fixes are tricky. Once you announce it, it’s effectively an invitation to the bad guys to try to break stuff. At the same time, you can’t just count on nobody ever discovering it on their own. The best you can do is generally to get it fixed and release the fix along with the announcement so that people can update as quickly as possible, but you typically don’t want to talk about it beforehand.
So that, in a nutshell, is what’s been going on with us lately. Trying to get this fixed properly and get it out to all of you, without really being able to tell people in advance what’s going on.
For those interested in the details of this particular problem and our fix, check out our post on the Plausible Blog. For the really quick summary of what you need to do:
- If you don’t use encrypted documents, you’re fine.
- If you do use encrypted documents, get the public beta of VoodooPad 5.1.4 and use it to upgrade your encrypted documents. It will automatically prompt you to do so upon opening them. You can download it here:
All previous releases of VoodooPad are affected by these issues, including VoodooPad 4 and earlier. We recommend that all customers upgrade to VoodooPad 5. Discounted upgrade pricing is available to direct-purchase customers via the Plausible Store.
For Mac App Store customers, Apple does not support discount upgrade pricing via the Mac App Store — If you previously purchased VoodooPad 4 through the Mac App Store, please contact us directly for an upgrade.
------------------ end email
Just the other day I decided to blow my VoodooPad apps from all iOS and mac machines. At this point, I’m not convinced to bring them back.