back to article Google fixes world's most stupid bug

Google has issued a fix to the G1 handset, to stop it executing commands just because they appear in an entered text message - preventing punters from rebooting the handset just by typing the word "reboot". The bug can hardly be called a security problem, given it requires access to the handset, but the fact that until the fix …

COMMENTS

This topic is closed for new posts.
  1. Joseph Haig
    Happy

    Simple fix

    Text message:

    cat 0 > /proc/features/stupid/most

  2. Anonymous Coward
    Anonymous Coward

    Looks like someone wasn't paying attention

    when Apple made the same booboo of letting everything run as root on the iPhone.

  3. Anonymous Coward
    Happy

    There is no title

    Nor do I have anything constructive to say about this. However for some reason I find the whole situation extremely funny and have been chuckling about it for five minutes now. I can just see someone showing their new Android phone off to their friends, comparing it to their iPhone and Blackberry and having the phone randomly reboot or some other thing. Much hilarity and laughing at said Android owner would occur. Thank El Reg, now my co workers think I'm totally out to lunch.

  4. Roger Garner
    Linux

    Surely...

    rm -rf would be worse? At least -r on its own would ask you before it committed user assisted suicide... ;)

  5. Anonymous Coward
    Coat

    Security issue

    Larry: Hey what's that command again?

    Moe: rm -rf /

    Larry: thanks Moe , have you seen Curly?

    Larry: Moe?

    Larry : You there Moe?

  6. Jimmy Floyd
    Black Helicopters

    Help!

    Can anyone please explain how that bug might have been created? As a programmer, I am at a complete loss to understand how such an error would occur.

    Unless they're reading all your messages. Which would explain the black helicopter.

  7. Anonymous Coward
    Stop

    "It's hard to imagine the circumstances..."

    No it's not: one techie sat in front of system, txts colleague for assistance... lots of potential for commands to be txted there! :-O

  8. BillyBoy

    Right on!

    Get me one of those fancy G1 handsets!

    Nice one Google!

  9. aaron

    Uk Updates

    Has anyone in the UK had an OTA update yet? it seems we are on a different build to the US. Mine is currently at kila_uk-user .10 RC5-RC7 112931 which is the initial version it came out the box with

  10. Anonymous Coward
    Anonymous Coward

    So not really rushed to market then..

    Anyone would think they rushed this to market, what with Xmas coming up, and marketshare being lost to the Jesusphone.. ("Jesus, why did I wasted my cash on this iPhone crap..")..

  11. James Le Cuirot
    Stop

    WTF?

    I'm a Linux developer and I can't even begin to imagine how they managed to create such a stupid bug.

  12. Michael

    It's not hard to imagine.

    You just get a bit drunk and decide to do something "funny".

  13. Anonymous Coward
    Anonymous Coward

    A title should not be required

    Hard to see when a text message contains 'rm -r'? Unlikely a message will contain the word 'reboot'??

    Clearly, you've never done any form of out of hours support before, telling people how to fix things...

  14. MrWeeble

    stop

    while reboot would be fairly rare, I can confirm that "stop" on a line by itself will freeze your G1 requiring you to remove the battery to get it to reset.

    Stoooooooooooooopid

  15. Dean
    Thumb Up

    Nice..

    Just tried it and yes, it rebooted.

    Let's hope TMobile send the patch out asap..

  16. Mike Groombridge
    Thumb Up

    I would just like to point out

    that during my spell as a Hell desk engineer i quite often got text messages from users with problems who were traveling or were doing work on the weekend asking for some friendly out of hours support (as this was a best efforts deal only the CEO or CIO actually called unless it was life and death ) the rest mostly work mates would text me and hope i called or text back with an answer. this would often contain the words reboot and restart in typical help desk style.

    thankfully those days are over and now i'm a systems engineer and my out of hours support is paid :-) but about 100 times harder :-(

  17. Anonymous Coward
    IT Angle

    cancer?

    What has "cancer" being in a T9 dictionary got to do with this story?

    And what does a T9 dictionary have to do with a phone which has a full qwerty keyboard? Which doesn't lend itself to predictive text software at all?

  18. MD Rackham

    Debug Mode

    Sounds to me like someone left a debugging flag set in the release build.

    I can see the utility of this "feature" during testing. But you're right that it should have been caught before final release.

    But that's what users are for in the open source world: cheap testers.

  19. Dick Pountain
    Happy

    Reboot

    >Of course, not many messages contain the word "reboot"

    That one did, and so does this one. Perhaps we should call it the R-word in future to spare all those Android users. Oh, forgot, there aren't any...

  20. Daniel B.
    Coat

    I can see it now...

    Receiving an SMS from the NOC saying something along the lines of

    "CRITICAL ALERT: REBOOT SERVER"

    ... and sending your G1 into an infinite loop!

  21. Dean

    RE: Uk Updates

    Same, no updates for me yet..

  22. J
    Thumb Down

    Pathetic

    Indeed.

  23. Anonymous Coward
    Dead Vulture

    Pedant

    That would be `sudo rm -rf /`, actually.

  24. Fraser
    Thumb Up

    hmmm

    That makes me want to get a G1 even more. There must be loads of wacky bugs to find. Then its just a case of setting up a website for people to share their creative ways of bricking a gPhone. What fun to be had...

  25. Anonymous Coward
    Boffin

    the bug

    The bug was created by piping /dev/console, nothing to do with google's software it self but with the OS conf.

  26. Anonymous Coward
    Anonymous Coward

    ahahahaaaaaa

    I can't deal with any more of these hilarious messages from El Reg.

    So I'm going to try texting

    STOP

    to 0203 178 6500

    ..except it will freeze my Googlephone ahahahahaaaaaaaaa

  27. mittfh
    Paris Hilton

    Ho hum...

    (To the tune of Camptown Races)

    rm -rf *

    Doo dah, doo dah,

    rm -rf *

    Doo, doo dah day!

    I wonder... does it just happen on texts you type yourself, or can received texts also trigger the command sequence? :)

    Mind you, such a silly "bug" would certainly cause a few days of fun for wannabe BOFHs volunteering to offer "support" to Android (l)users :)

    Paris, because. (Oh come on, I'm sure you can think of plenty of excuses for warranting her presence on this thread!)

  28. Anonymous Coward
    Coat

    Unfortunately...

    typing "Refund" doesn't have the desired effect.

  29. Stevie

    Er

    What kind of on-the-road tech support would call for the instructing of someone to remove the entire root file system?

    Seriously.

    Malicious commands like this, yes. Such things were rare but depressingly not unheard of even in the mainframe days (telling a trainee Univac operator to type a shifted 41 on the production console was one quick way to get him fired, for example), but a legit instruction to destroy a computer that you would send by text message?

    Who would action such a message without verbal confirmation and an official written request?

  30. whoami
    Thumb Down

    Stupid Bug indeed

    <sarcasm>

    Erm Cant you guys see that its a feature, and not a bug, I have an N800, and I know How difficult it is to open the terminal. Now thats what I call usability. I mean dude, you can type the commands from anywhere!! Even the guys @ Cupertino were not smart enough to implement this on the Jesus Phone. Pity they patched it now though.

    </sarcasm>

    But seriously, If this was on WinMo, everyone would go on ranting on how Microsoft's code is the "suxorz"

  31. Anonymous Coward
    Happy

    BOFH stuff

    Funny how the I-used-to-be-an-IT-supporter types discuss the pros and cons of texting bewildered users "rm -r" and "rm -rf" messages like if it was daily routine...

  32. Anonymous Coward
    Anonymous Coward

    Great way to annoy early adopters

    Prima: "hey, i jst gt a G1, supr neat. opn src ftw, scrw ur ifone"

    Secunda: "Yeah, did it reboot yet?"

    Prima (some time later): "er, yeh"

    Secunda: "What, your phone managed to reboot when you read a text message?"

    Prima: "HEY, IT DID IT AGAIN!"

    Secunda: [snigger, repeat until bored/patched]

  33. Anonymous Coward
    Flame

    re: Can anyone please explain how that bug might have been created?

    Easy - they used a common interface to access underlying OS and text messages or maybe same UI with debug switch to disable OS access. The when release time came found it worked OK in debug but not release/ or pressure from boss to get out quick and 100 other things forgotten

    of course you do need to assume they aren't the best coders/lack experience of this type of project - and all sorts of stupid things can happen

    but look on the bright side - if all coders were good, it would be much harder for us that are to shine :-p

  34. Shannon Jacobs
    Dead Vulture

    NOT the world's most stupid bug

    But it would be interesting to have a contest for it. I think the Register needs to be a bit more measured in their hyperbole. I like the style, but sometimes they go off the deep end.

    Having said that, I'll admit that it was pretty egregious. The input buffer is executable by default? Weird.

    Back to the original theme: They are even hyperbolic in their icons. I want to express disapproval, and the tombstone is sort of cute, but I'm not actually so steamed as to erase the bookmark.

  35. Deep Tank

    WHAT???

    How damn funny is that!!! All those developers, testers, groupies and a bug like that got through... My ribs are killing me...

  36. Anonymous Coward
    Paris Hilton

    Reminds me of...

    ...a major commercial radio group whose incoming text messaging system displayed incoming texts on a web page in the studio.

    You guessed it already: it was possible to send html tages on which it would act, with hilarious consequences.. not least sending links to jpgs that would be displayed as inline images. Still it gave the DJs something to look at before playing another Coldplay record.

    Paris F.O.R...

  37. Moss Icely Spaceport
    Happy

    No titles are required this week

    Hahahahahaha @ the early adopters.

    Owned yet again.

  38. Kevin

    @ Jimmy Floyd

    > Can anyone please explain how that bug might have been created?

    > As a programmer, I am at a complete loss to understand how such an error would occur.

    To me it seemed quite simple - it's a linux box so it boots up and starts running startup scripts in /bin/sh. Let's say that shell is attached to the 'tty' (or handset). Normally, that /bin/sh process either exits or transforms into init or something like that. Often, exiting that process reboots the machine because it's the main session (think single user mode, logout, reboot)

    So, you've got /bin/sh running with the tty attached. You spawn the phone interface "/software/google/phone/runme &" popping it into the background and then you're left with the /bin/sh running.

    Every key typed still hits the /bin/sh because it still has the tty. Easily fixed - "exec" the runme process (or equivalent), exit the startup script (assuming that won't reboot the machine), close STDIN, whatever.

    Something like that is probably what happened. Background process which opened the tty, probably during boot that never let go.

    Funniest thing I've seen in ages, though!

  39. Anonymous Coward
    Anonymous Coward

    So Android has remote firmware update?

    I just read it remotely auto updates it's firmware.

    Yuck.

  40. Dan
    Thumb Down

    @MrWeeble

    Nice for when you want to stop messages from a spam service then? Genius...

  41. Anonymous Coward
    Black Helicopters

    Why?

    Why does Google need code that parses your text messages in this way (beyond lifting out numbers in cases they are telephone numbers)? What is it looking for? Is it speaking back to mother? Will you now get a "personal web experience" when your Android account gets paired up with your Google search/mail/apps account?

    Google - they are the new evil.

  42. Anonymous Coward
    Anonymous Coward

    @Er : malicious commands

    In the early days of hacking (think just past 2600 phreaking) there were plenty of wannabees asking for hacking instructions and targets on IRC, and it was standard fare to tell them to target 127.0.0.1, grin.

    Funny that, they always dropped out of the conversation afterwards :-)

    Ah, those were the days..

  43. HFoster
    Jobs Horns

    Contractors?

    Reckon the G1's text message editor was coded by an alias for a Mr S Ballmer?

  44. Anonymous Coward
    Linux

    At least it's only during composition

    As the title says, at least it's only when you compose a text message. Imagine the fun you could have if you could just send a text to an Android phone with the word "reboot" in it.

    I suppose not the daftest bug ever created. It's along similar lines to SQL injection bugs found on web servers. It does beg the question why the Android is parsing what is effectively a text entry field.

    Makes my iPhone seem bug-free...

  45. Anonymous Coward
    Linux

    look in the code

    isn't the OS open source? if so, cant someone who understands such things look at the code & tell us why this 'feature' is in there?

  46. TMS9900
    Linux

    Blimey...

    As a programmer myself, I am at a loss to understand how this bug came to be. How in hell is their software structured?

    So, you have a 'console' right, where you can type commands into the command line interpreter (CLI)?

    The CLI parses your input against a known list of commands and executes the commands as it finds them.

    Why would you ever (as the programmer) want to place the text of a received message through the CLI?

    I can think of only one reason: It would give the network operator a facility to reconfigure your phone via SMS, like the 'network service' texts that one sometimes receives when roaming networks for example.

    Damn. I think I've just answered my own question.

    Oh dear. Nasty bug.

    This would never have happened if the OS had been written in FORTH :-)

  47. Dan Silver badge
    Alert

    @the bug

    More information:

    "It looks like there is a /system/bin/sh process running in the background with

    /dev/console mapped to stdin. That has the effect that everything you type on your

    keyboard is actually being executed as root in the background even though you don't

    see the output."

    http://code.google.com/p/connectbot/issues/detail?id=64

    Which means everything you type is being executed, most of it returns "<command>: not found", but do not under any circumstances send a text message about anything computer related or it'll run with root privileges.

    Ye Gods, give me Symbian or even Windows Mobile any day. Who in their right mind would use one of these shiny new devices from a latecomer like Google or Apple to access a network if they're going to get billed for it?

  48. dreadful scathe
    Joke

    bug?flaw?feature?bugeature?

    is this a bug? surely, in all seriousness, this is a feature. Why else would it execute commands from what should simply be a large-never-executed-block-of-text-to-be-sent-somewhere. Are you suggesting that the programmers *accidently* enabled command execution in a text box? Is that like when shoplifters *accidently* drop things into their pockets in shops ? :) "Sorry, Officer. These big pockets are a design flaw of the coat I'm wearing...and I'm clumsy"

  49. Tim Bates

    Look at all the Linux users...

    @Roger Garner: rm -r will not prompt by default if it wasn't compiled to do so.

    @Jonathan Hammler: Does Android use sudo, or are you a Ubuntu user that thinks ever distro works the same? Google suggests the bug listed runs everything as root anyway.

  50. Andy Worth

    Funny really....

    It's a good job that I don't suffer from the same bug, otherwise I'd kick the bucket anytime I typed DIE int..............*followed by the thud of face hitting keyboard"

  51. Ginger
    Jobs Horns

    Great

    I'm off to my local t-mobile store to try this.

    rm -rf you say?

  52. Anonymous Coward
    Paris Hilton

    The Hypothesis of the Stolen Painting

    "Hey, do you remember that cartoon from the 1990s, the one that was all CGI?"

    "Yeah, wasn't that cool? What was it called?"

    "I think it was... oh, hang on, it was re-something. Re-something."

    (silence)

  53. Necropolis
    Unhappy

    No updates to the UK

    I have just spoken with T-Mobile 'customer services' and while Google and T-Mobile US are sending updates out the UK division have confirmed that there are currently no updates to the phone beyond what it comes out of the box with (RC7).

    But not to worry, apparently if we keep an eye on T-Mobile.co.uk over the coming months there should be some updates!

    Coming months ey? Nice to know they are looking at the ability to push updates and then ignoring them completely...

  54. Anonymous Coward
    Flame

    Maybe the truth is out there...

    Will everyone finally realize this is the NORMAL quality of Google chumps coding.

  55. Paul R
    Paris Hilton

    Hahahahahaha

    hahahahahahahahahahahahahahaha

    (deep breath)

    hahahahahahahahahahahahahahahahahahahaha

    To think, people go on at MS for silly bugs, this is just priceless!

    Even PH wouldn't do something just because you texted her.

  56. Jared Earle
    Thumb Down

    RTFA?

    For all those on about receiving texts with the word reboot in, that's not what happens.

    Pretend you have a root console open. That's what the bug is.

    Everything you type is run, so to get it to reboot, you need to type return-r-e-b-o-o-t-return. Without returns, it's just line noise.

    However, it allows stuff like echo "#!/bin/bash\nreboot\n" > /etc/rc.d/rc.sysinit

  57. Steve
    Gates Halo

    Tenuous link

    This very loosely reminds me the time I used to use personalised auto-replace shortcuts in MS Word. I had a list of commonly-used-but-irritatingly-long work-related phrases for which I had a number of short phrase matches. All well and good until you belatedly realise that you've become reliant upon it, and now habitually type the word 'wanker' when really you wanted your boss's name...And you've just sent an e-mail to said wanker, using OWA, no less, which doesn't even have an auto-correct feature, let alone the same dictionary as the one on my work PC.

  58. Connor Garvey
    Paris Hilton

    Stupid bug

    Stupid bug, but better than the iPhone, which reboots without receiving any user commands.

  59. Anonymous Coward
    Coat

    don't forget the chavs

    yeah

    init 1

    of those cool google phones

  60. Jenova Red

    Maybe I shouldn't be complaining, but...

    ....I can't seem to get mine to reboot itself via that method, and I don't appear to have had any patches or updates since I got it on the 30th October!

    I'm either very lucky, or simply Doing It Wrong. :)

  61. Michael Chester
    Thumb Up

    Not the first Googlebug

    When Chrome first went public, if you typed in %evil into the command line it would crash the entire browser. One of my friends rigged up a page on hi site to see if this could be done just by visiting a page, and it could. So of course he did the responsible thing and put it on an "about Chrome" page in his site, which just displayed "goodbye"

  62. Ed Burnette
    Boffin

    More info on the problem

    If you typed reboot in the middle of a sentence, like this one, it wouldn't reboot. That's because the first word is "If", so it would try to run the "If" command, which isn't found.

    Android only ships with a few Linux commands built-in, which explains why nobody noticed for a couple of weeks after the G1 came out. For example if you typed "make love not war" at the beginning of a line nothing untoward would happen because the make command was not shipped in the image.

    The problem didn't occur on the emulator that everyone had been running for a year before the T-Mobile G1 came out. I'm not sure exactly why, but that's another reason it took a while to discover.

    The fix should be pushed out to all handsets by now. I provide instructions to figure out if you have the fix in my blog (http://blogs.zdnet.com/Burnette/?p=680).

  63. Anonymous Coward
    Anonymous Coward

    I guess Google's hiring process

    has a few cracks in it.

    "Our interview process for technical positions evaluates your core software engineering skills including: coding..."

  64. Thomas
    Thumb Up

    A friend of mine just got a G1...

    ...and I look forward immensely to tormenting him with this.

  65. Jenova Red
    Happy

    Ah, I've done it.

    Seems that merely sending someone an SMS with the only text as "reboot" and the enter key (to send) doesn't work - neither in IM or my text-ed app.

    However, from the "front screen", typing 'reboot' and then enter will at first try and match the letters to a contact in your address list, and on the enter press, actually reboots the device - fab!

    I have no idea why I am so exited at getting a major flaw to work. At least I am safe in the knowledge that dropping the word randomly into my SMS messages or IM messages isn't going to result in sudden death. :)

  66. Ross Fleming

    @Jenova Red

    "Seems that merely sending someone an SMS with the only text as "reboot" and the enter key (to send) doesn't work - neither in IM or my text-ed app."

    Think you need to type "<return>reboot<return>" in a text app.

  67. Aaron

    Re: Tenuous link

    Well, that was stupid, wasn't it?

  68. Kevin

    @TMS9900

    It's not about messages that are received, it's about actual keys typed. There's a shell process still running in the background receiving the keystrokes. It was probably a very simple (in both the "easy" and "stupid" sense) mistake to make. No tricky programming, just forget that you left a shell running during startup or forget to disassociate it from /dev/console.

  69. vincent himpe

    pie .. face

    nough said...

  70. Gary F

    Android Handsets for sale?

    What???

    Are you telling me that android handsets are out?

    I hadn't noticed.

    Seriously, i haven't had a single person show me one or talk about them.

    Zero buzz.

    Listening to the geek community, this was supposed to be more like the second coming of christ than the iPhone.

    Great that the first thing I hear about them since launch is this hideously embarrassing bug.

    Can't help but think that the Register nerd collective would have been much harder on this if either MS or Apple had been responsible.

    Must be gutting for all the haters that their saviour from the iPhone succumbs to such a silly error.

  71. James Anderson
    Happy

    Actualy really easy to see how it got there!

    Tester: The phones gone into a wait state and I have to remove the battery to start testing again.

    Developer: I know I will let you enter commands from the keyboard.

    Tester: But what if i'm in another app!

    Developer: I will scan all input for valid commands.

    Tester: Great.

    Delvelop: I must remember to take that out when we go beta.

  72. natalie

    T9? Cancer?

    "I'm Aquarius on the cusp of Pisces, you?"

    "Cancer. Rrrrr"

    Not *that* improbable really is it?

This topic is closed for new posts.

Other stories you might like