Mac and iOS Bug Crashes Apps With a Single Indian-Language Character (mashable.com) 114
A lone Indian-language character is crashing a number of messaging apps on iOS, users are reporting. The problem also extends to the Apple Watch and even Macs, all of which struggle to process the character specific to the Telugu language spoken in India.
huh (Score:3, Funny)
Re:huh (Score:5, Funny)
And I thought it was bad enough trying to understand them on support calls......
Re:huh (Score:5, Informative)
Ehh, the issue was fixed in the public betas before Mashable had even published their story about it.
For a better writeup, check out MacRumors' reporting on it [macrumors.com] (which was published prior to Mashable's). They mention that the bug was reported to Apple on Monday and was fixed at some point between then and now, so Apple has had a pretty quick turnaround on this one. Even so, it remains to be seen whether these fixes will be published in a minor update prior to their next intended release, or whether we'll have to wait for iOS 11.3 and macOS 10.13.4 before we get the fixes, which would likely be next month.
Meanwhile, Mashable's reporting is lagging. While they've found the time to update their article to indicate they finally managed to reproduce the issue, they apparently haven't had the time to update it with the fact that the bug was fixed before they ever wrote a word about it.
Re: (Score:3)
Apple has now confirmed that the fixes they have in the public betas will be rolled out as minor releases for the current versions of iOS and macOS, rather than being kept for the next big release of each.
As for Mashable's reporting? Still lousy. They finally updated their article with the information it was missing at the time it was originally published, but then they went and added that "the fix will slowly roll out to older software", suggesting that the current versions won't get the fix until after th
Re: (Score:2)
So what are your options if this bug caused a boot loop? If the character gets too your home screen somehow, say via home screen notification, you can't boot the phone to install updates.
https://twitter.com/MalwareTec... [twitter.com]
Can you update via USB without wiping the phone?
Re: (Score:2)
Can you update via USB without wiping the phone?
I can't say with certainty. I know it's possible to update via USB under normal circumstances, and I know it's possible to use DFU mode when you're stuck in a reboot loop, but DFU mode will leave you with a wiped phone, so far as I know. It might be possible to clear the notification in some other way, but I admit I don't know how that'd be done.
That said, for any normal users encountering this issue, they're likely to be fine. The default behavior once an iPhone user sets up an iCloud account is to enable
Re: (Score:2)
So what are your options if this bug caused a boot loop?
So what are your options if a bug in your Android CPU caused a boot loop?
Re: (Score:1)
As soon as I heard of this I posted an message on Porter Industries internal message board in Telugu inviting everyone to an expensive restaurant for a free meal.
All who turned up were FIRED.
Re: (Score:1)
A UTF8 processing failure? (Score:2, Insightful)
In 2018? Apples quality control really is on the slide.
Either it can't process the utf8 code or its crashing when it doesn't have the font installed. Either way, these were solved problems 30 years ago, never mind now.
Re: (Score:3)
Solved 30 years ago? try 2017 [pcworld.com]...
Re: (Score:2)
That's not a UTF processing fail, it's just a MS fail.
Re: A UTF8 processing failure? (Score:1)
https://github.com/sqlcipher/android-database-sqlcipher/issues/199
Re: A UTF8 processing failure? (Score:5, Informative)
A lot of embedded systems will behave strangely if you feed them a lot of characters like this
https://en.wiktionary.org/wiki... [wiktionary.org]
http://www.unicode.org/cgi-bin... [unicode.org]
That character is four bytes in UTF-8 which kills systems that assume a maximum of three - which used to be true for Chinese and Japanese, but isn't now.
It's also two UTF-16 code points, which will mess up systems that assume each character is a single code point.
Now you'll say "Those systems are all buggy". That's true now, but it wasn't true when a lot of them were designed - Unicode used to be limited to 64K characters which meant it was a fixed width encoding for UCS-2. And that three bytes was the maximum encoding for UTF-8.
When it grew those ceased to be true. Which is fine for systems that are maintained - the vendor would find bugs created by the standard change and push an update. Unfortunately a lot of systems - particularly embedded ones - aren't like that. Hell, Android isn't like that. Google push updates out to vendors but if your machine is EOL you're SOL.
Re: A UTF8 processing failure? (Score:5, Interesting)
Unicode is broken, and most Unicode apps are even more broken.
It's time we replaced Unicode. Make 32 bits the only encoding. Ditch all combinational characters. Separate out all merged languages. Create some solid libraries to handle it an convert UTF8/16.
With Unicode you can't even reliably tell how long a string is. Most software that claims to support it is buggy as hell. Programmers can't be expected to become language experts.
Re: A UTF8 processing failure? (Score:5, Funny)
We all need to adopt the Mojibake [wikipedia.org] standard for non ASCII characters, like Slashdot.
Re: (Score:2)
It even includes Emoji and Klingon. Ridiculous!
No, it does not include Klingon - there was a proposal, but Klingon was rejected (people use the private area to encode them). In fact, it would be better if it was accepted, because that way it would mean that Unicode is at least fair in its all-inclusiveness, as apart from the various poo emojis, they have also accepted weird constructed alphabets (e.g. Deseret, Shavian) and even two of JRR Tolkien's fictional languages are scheduled to be added!
So it they accept any crap (even literally - remember poo em
Re: (Score:2)
A lot of embedded systems will behave strangely if you feed them a lot of characters like this
This is a good point but IOS and MacOS are general purpose OS's, not embedded systems. They should be expected to gracefully handle unexpected input. Even Windows can manage that, and has been managing it for well over a decade (almost 15 years, when was XP SP2 released).
Re: (Score:2)
To their credit MS spent a lot of time on Unicode support. All Win32 functions have an A version which takes 8 bit chars and a W one which takes 16 bit ones. And Windows has moved smoothly from supporting UCS-2 for the W functions to UTF-16.
Re: (Score:3)
Android sucks for patching because it's all up to the vendors who don't care about old machines - they want you to buy a new device.
However Apple sucks too - they force everyone to the latest version to get patches, and that version may run so slowly that you need to buy a new device.
Actually Google have a clever idea called Project Treble to solve the update problem
https://android-developers.goo... [googleblog.com]
The idea is that there's a stable vendor interface to the low level parts so the stuff above that can be swapp
Re: (Score:2)
um... this is /. after all. UTF is still in its infancy.
Re: (Score:2)
In 2018? Apples quality control really is on the slide.
Either it can't process the utf8 code or its crashing when it doesn't have the font installed. Either way, these were solved problems 30 years ago, never mind now.
Posted on Slashdot, where you don't dare even use the "wrong" quote character...
Re: (Score:2)
30 years ago? UTF-8 didn't exist 30 years ago.
Re: (Score:2)
In 2018? Apples quality control really is on the slide.
Either it can't process the utf8 code or its crashing when it doesn't have the font installed. Either way, these were solved problems 30 years ago, never mind now.
I don't think it was solved 30 years ago. That would have been 1988 when the C64, Apple IIe and Atari 800XL roamed the earth. But it was awhile ago. For the uninitiated, check this [stackoverflow.com] out.
Re: (Score:2)
How exactly do you quality control random stuff no one is thinking about?
Re: (Score:2)
You do sanity checks on values you're presenting to the display layer.
Re: (Score:2)
No, you don't.
The display layer, displayes.
For what exactly would it need 'sanity' checks, and what exactly would be a sanity check in case of a unicode display?
Hu? Yes, this UTF-8 code is a valid UTF-8 code: please display it! Yes, this UTF-16 code is a valid UTF-16 code, please display it. Yes, this UTF-32 code is a valid UTF-32 code, please display it.
That would be a pointless excercise as all UTF-8/16/32 ccodes are valid codes, there is nothing to 'sanity' check!
Re: (Score:2)
Re: (Score:2)
Why don't you read the article you linked? While 'fuzzing' would be possible, no one likely evver thought about it.
Who in his sane mind would think that a random UTF code can crash a software, even the whole computer?
So it brings us back to square one: why and how would you test something you never thought about?
Re: (Score:2)
Either it can't process the utf8 code or its crashing when it doesn't have the font installed. Either way, these were solved problems 30 years ago, never mind now.
Can't handle UTF-8? Now we now were the Slashcode developers went!
Re: (Score:1)
this bug can be fixed thru updation.
plaintext FTW, eh? (Score:3, Interesting)
Right on the heels of the article and discussion of plaintext vs. rich text vs. whateverthefuck Google is about to unleash on email comes this screwup.
I say it's high time that any and all text-ish messaging systems require just plain ASCII characters and if people insist on using alternative alphabets they dang well should be required to paste them in as images, not Unicode 84E0DDC2834A or however big the field is these days.
Re: (Score:3)
I think if you have room for a picture of turds in your character set, you have been given too much space.
Re: (Score:3)
Right on the heels of the article and discussion of plaintext vs. rich text vs. whateverthefuck Google is about to unleash on email comes this screwup.
I say it's high time that any and all text-ish messaging systems require just plain ASCII characters and if people insist on using alternative alphabets they dang well should be required to paste them in as images, not Unicode 84E0DDC2834A or however big the field is these days.
I agree that the unicode emojis are ridiculous but plain ascii barely works for english let along other languages. You could map other languages onto english characters but even that presents a problem because many languages have more than 26 letters in their alphabet. A two byte character code either DBCS or unicode makes sense but any system that implements it should have a default for all 65k characters including the ones that it doesn't know how to display. The most common way I'm used to seeing it i
Re:plaintext FTW, eh? (Score:5, Insightful)
I say it's high time that any and all text-ish messaging systems require just plain ASCII characters
Great idea. I totally agree that we should all adopt a single alphabet, but obviously the standard should be based on Chinese hanzi ideograms, not ASCII. Hanzi have a bigger user base, don't depend on a single spoken language, and are more compact since each character represents an entire syllable.
If everyone is in agreement, we can start working on the unification immediately.
Re: (Score:2)
I propose using Futhark as it's easier to carve into stone making it future proof to the world after WW III.
Re: (Score:2)
Re: (Score:2)
Re: plaintext FTW, eh? (Score:2)
In other words, it's not an alphabet at all, rather it's a syllabary.
Re: (Score:3)
As long as the standard characters are Telugu and you have to paste in English characters I am on board
Re: (Score:2)
There's nothing wrong with using either unicode or UTF8 in the 21st century, but if a particular subsystem isn't prepared to cope with input, it should reject any attempt to submit input it cannot properly handle. Even rendering unknown characters each in a small box with the unicode value written in it is an entirely reasonable coping mechanism. Rendering the wrong thing, or worse, crashing, is a result of either poor QA or lazy developers or both.
Re: (Score:2)
The problem is Unicode is complex. A "character" can be com
Re: (Score:2)
A sane way to properly handle that would be to reject code sequences that the system cannot cope with before attempting to display something it cannot handle, or in the case of overly long codepoint sequences, display any excess codepoints beyond what it is desi
Re: (Score:2)
I think that illustrates well the point that Unicode is a badly designed mess of a standard. It isn't a replacement for ASCII or other character encoding but something that is so complex to fully support that there are very little software that do.
A better design would IMO be something that divides characters and (necessarily) complexity in 2 or 3 layers so that simple software can handle basic rendering and software that support more complex scripts use the other layers to properly fuse/split text accordin
Re: (Score:3)
There's nothing wrong with using either unicode or UTF8 in the 21st century, but if a particular subsystem isn't prepared to cope with input, it should reject any attempt to submit input it cannot properly handle. Even rendering unknown characters each in a small box with the unicode value written in it is an entirely reasonable coping mechanism. Rendering the wrong thing, or worse, crashing, is a result of either poor QA or lazy developers or both.
Sez the person who has never coded a modern Operating System, that has to operate flawlessly WORLDWIDE, with a plethora of languages, fonts, even writing direction.
And as I said earlier, Slashdot can't even handle an alternate "Quote" character without displaying gibberish. So I don't want to hear it...
Re: (Score:2)
My friends and I communicate exclusively in Telugu, you insensitive clod!
Re: (Score:2)
I'm switching to smoke signals. Fucking Natives had it right all along.
Re: (Score:2)
Well the language is actually from england, which is part of europe, and the americans adopted it just fine.
See! It just works! (Score:2)
Used to be, for crashing an app, you'd have to put in a bit of actual EFFORT.
Now, these kids today...one character.
POOF!
Re:See! It just works! (Score:4, Funny)
Now, these kids today...one character.
POOF!
Note that this character was developed by the Indian military industry in a project with similar goals as the "Killer Joke": https://en.wikipedia.org/wiki/... [wikipedia.org]
The intent is that people reading the character die.
Joke warfare is officially banned by the Geneva Convention, but India's archenemy Pakistan has been working on their own form of joke warfare involving a schoolgirl and a Nobel Peace Prize, and India felt threatened.
Re: (Score:2)
You sir just won the internets!!!!
'Lone' character (Score:2)
You'd think (Score:2)
In this day and age, running all possible unicode characters in testing would not be an afterthought.
Talk about things that would be trivial to automate....
Re: (Score:2)
Unicode has a ton of unallocated character space and frequently adds new ones so testing all possible characters isn't really practical or desirable. What should be tested on the other hand is support for unknown characters. You have defined characters and an associated bitmap and then undefined characters that need to have a default. That default can be either a static image or another way I've seen it is the unicode number crammed inside a small box. Either way, testing for a single valid character an
Re: (Score:2)
Unicode has a ton of unallocated character space and frequently adds new ones so testing all possible characters isn't really practical or desirable.
The theoretical maximum number of unicode characters is "only" 2^32, and in practice the limit is set at 1,111,998 characters [stackoverflow.com]. While it might not be practical to test that they all render correctly, it wouldn't be difficult to set up an automated test that at least verifies that they don't cause the renderer to crash when used.
ASCII ASCII ASCII (Score:2, Insightful)
Re: (Score:1)
You certainly won't be reading it here on Slashdot (tm)!
Re: (Score:2)
Welcome to Slashdot.
How does this happen? (Score:2)
Can anybody with experience in programming unicode handling explain how a bug like this happens? It seems weird that a specific character could trigger a crash like this - what is being handled at such an individual level?
Re: (Score:2)
Can anybody with experience in programming unicode handling explain how a bug like this happens? It seems weird that a specific character could trigger a crash like this - what is being handled at such an individual level?
The only way this would make sense to me is either they didn't code for an undefined character or if instead of storing bitmaps for the font they are storing vector graphics for each character and there was something wrong with their renderer code.
Re: (Score:2)
Re: (Score:2)
Developer doesn't provide for a branch in the code to handle a case that they think won't ever happen. Or even a catch-all branch that just prints a '?' and carries on. The exception is carried back up the app uncaught until it crashes.
Sanitizing input is old fashioned (Score:1)
Sanitizing input is old fashioned and not brave, I guess.
Sheesh. Any programmer with more than 6 months of experience should know these things.
Er, shouldn't they? Or am I living in a world that's somehow passed me by. Again...
Sigh...
Re: (Score:3)
Don't blame programmers when management is an adequate explanation for the problem. Managers are the cause of most problems in the world. They know this, and so they try to CYA on everything. It is because of their managers. It's managers all the way down, until you get into the infernal nether regions.
And, they have the value hierarchy inverted. The "higher" up the org chart you
No problem on other OSs (Score:1)
Re: (Score:1)
The summary talks about "a number of messaging apps", which translates as: there are a lot of garbage messaging apps in the App store that were built with Apple's SDK, and there are some weak libraries in there that are now causing common problems. Inexperienced developers, poor project management, and Apple's corporate priorities are all to blame.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Please Please Please start posting this character on every slashdot story. Lets rid ourselves of all these mac/ios isheep and their fucked up character posts.
Apple's evil plan with this "bug" is actually to force Slashdot to support more UTF chars!
How does something like this even happen? (Score:2)
Yes, I know, characters have been a mess ever since back in the day. Glyphs are difficult and academic debates over what constitutes an own seperate glyph are probably never going to end ... but how on earth does something like this even happen? Could someone explain?
I don't get it. So the bitrange for UTF8 is widened and processing chars at international scale is a tad more resource hungry - I get it. But crashing a system with a character? What is this? It's not that we're back in punchcard era with killp
Fake news! (Score:2, Funny)
Which character (Score:2)
Killer Glyph (Score:2)
Back in the day we used to have killer pokes, that would do things like cause the electron gun to stop sweeping and put a hole in your monitor with a single BASIC ("POKE") instruction. The assembly equivalent of course is the Halt-and-Catch Fire [wikipedia.org] instruction (eg: 0xDD on a M6800).
Nice to see kids with their fancy new fonts can get in on the act with Killer Glyphs.
Re: (Score:2)
Power Word: Crash?
Shady Indian Characters (Score:1, Funny)
Re: (Score:2)
What to call this character? (Score:2)
A lone Indian-language character Shall we call this "Tonto"? No,not the Jonny Depp movie